Politico writes: President Joe Biden on Wednesday ordered a sweeping overhaul of the federal government's approach to cybersecurity, from the software that agencies buy to the security measures that they use to block hackers, as his administration continues grappling with vulnerabilities exposed by a massive digital espionage campaign carried out by the Russian government... Biden's order requires agencies to encrypt their data, update plans for securely using cloud hosting services and enabling multi-factor authentication...

It also creates a cyber incident review group, modeled on the National Transportation Safety Board that investigates aviation, railroad and vehicle crashes, to improve the government's response to cyberattacks. And it sets the stage for requiring federal contractors to report data breaches and meet new software security standards.

The directive, which sets deadlines for more than 50 different actions and reports, represents a wide-ranging attempt by the new Biden administration to close glaring cybersecurity gaps that it discovered upon taking office and prevent a repeat of Moscow's SolarWinds espionage operation, which breached nine federal agencies and roughly 100 companies... In addition to requiring agencies to deploy multi-factor authentication, the order requires them to install endpoint detection and response software, which generates warnings when it detects possible hacks. It also calls for agencies to redesign their networks using a philosophy known as zero-trust architecture, which assumes that hackers are inside a network and focuses on preventing them from jumping from one computer to another... Officials say current federal monitoring programs are outdated — they can only spot previously identified malware, and they can't protect increasingly pervasive cloud platforms...

Biden's executive order attempts to prevent another SolarWinds by requiring information technology service providers to meet new security requirements in order to do business with the federal government. These contractors will need to alert the government if they are hacked and share information about the intrusion.
The order "reflects a fundamental shift in our mindset from incident response to prevention, from talking about security to doing security," one senior administration official told reporters. The order notes "persistent and increasingly sophisticated malicious cyber campaigns" that "threaten the public sector, the private sector, and ultimately the American people's security and privacy," calling for "bold changes and significant investments."

But the order also argues that "In the end, the trust we place in our digital infrastructure should be proportional to how trustworthy and transparent that infrastructure is..." warning that "The development of commercial software often lacks transparency, sufficient focus on the ability of the software to resist attack, and adequate controls to prevent tampering by malicious actors." To that end, the order also requires guidelines for a "Software Bill of Materials" or "SBOM," a "formal record containing the details and supply chain relationships of various components used in building software... analogous to a list of ingredients on food packaging." [A]n SBOM allows the builder to make sure those components are up to date and to respond quickly to new vulnerabilities. Buyers can use an SBOM to perform vulnerability or license analysis, both of which can be used to evaluate risk in a product. Those who operate software can use SBOMs to quickly and easily determine whether they are at potential risk of a newly discovered vulnerability. A widely used, machine-readable SBOM format allows for greater benefits through automation and tool integration. The SBOMs gain greater value when collectively stored in a repository that can be easily queried by other applications and systems. Understanding the supply chain of software, obtaining an SBOM, and using it to analyze known vulnerabilities are crucial in managing risk.
ZDNet reports that "the Linux and open-source community are already well on their way to meeting the demands of this new security order," citing security projects in both its Core Infrastructure Initiative (CII) and from the Open Source Security Foundation (OpenSSF).

Delaware State University -- also known as DSU -- "is cancelling more than $700,000 in student loans for recent graduates hit hard by the Covid-19 pandemic," reports CNN: DSU will cancel $730,655 for more than 220 people, the school announced this week...

"Too many graduates across the country will leave their schools burdened by debt, making it difficult for them to rent an apartment, cover moving costs, or otherwise prepare for their new careers or graduate school," said Antonio Boyle, DSU's Vice President for strategic enrollment management. "While we know our efforts won't help with all of their obligations, we all felt it was essential to do our part."

DSU is paying for the expenses through the federal American Rescue Plan for COVID-19 relief, university officials said in the statement Wednesday.
The school says that the average eligible student will qualify for about $3,276 in debt relief, according to a Delaware newspaper. They quote a statement from the School President that "Our students don't just come here for a quality college experience. Most are trying to change the economic trajectory of their lives for themselves, their families, and their communities.

"Our responsibility is to do everything we can to put them on the path."

Lambda School -- incubated at Y Combinator -- raised $130 million in venture funding from several investors including Google Ventures. Its original business model involved six-month virtual computer science courses for $30,000, remembers TechCrunch, "with the option of paying for the courses in installments based on a sliding scale that only kicks in after you land a job that makes at least $50,000."

But this week three former students "filed lawsuits against the company in California, claiming misleading financial and educational practices." The suits — which are being brought by the nonprofit National Student Legal Defense Network on behalf of Linh Nguyen, Heather Nye and Jonathan Stickrod — go back to a period of between 2018 and 2020, and they focus on four basic claims.

First, that Lambda School falsified and misrepresented job placement rates. Second, that Lambda School misrepresented the true nature of its financial interest in student success (specifically, there are question marks over how Lambda handles its Income-Share Agreement contracts and whether it benefits from those). Third, that it misrepresented and concealed a regulatory dispute in California that required the school to cease operations. And fourth, that it enrolled and provided educational services and signed Income-Share Agreement contracts in violation of that order...

Some of the issues that are raised in the lawsuits have also been resolved since then. For example, the prominent display of over 80% of students finding jobs can no longer be found on the Lambda site, and in California you no longer get an Income-Share Agreement but a retail installment contract (similar but different). But as is the way of litigation, lawsuits based on past issues from people who were impacted by them when they were still active, are, in many ways, the next logical, unsurprising step.

The New York Times reports on misinformation that's further inflaming the Israeli-Palestinian conflict: In a 28-second video, which was posted to Twitter this week by a spokesman for Prime Minister Benjamin Netanyahu of Israel, Palestinian militants in the Gaza Strip appeared to launch rocket attacks at Israelis from densely populated civilian areas.

At least that is what Mr. Netanyahu's spokesman, Ofir Gendelman, said the video portrayed. But his tweet with the footage, which was shared hundreds of times as the conflict between Palestinians and Israelis escalated, was not from Gaza. It was not even from this week. Instead, the video that he shared, which can be found on many YouTube channels and other video-hosting sites, was from 2018. And according to captions on older versions of the video, it showed militants firing rockets not from Gaza but from Syria or Libya.

The video was just one piece of misinformation that has circulated on Twitter, TikTok, Facebook, WhatsApp and other social media this week about the rising violence between Israelis and Palestinians, as Israeli military ground forces attacked Gaza early on Friday. The false information has included videos, photos and clips of text purported to be from government officials in the region, with posts baselessly claiming early this week that Israeli soldiers had invaded Gaza, or that Palestinian mobs were about to rampage through sleepy Israeli suburbs. The lies have been amplified as they have been shared thousands of times on Twitter and Facebook, spreading to WhatsApp and Telegram groups that have thousands of members, according to an analysis by The New York Times.

The effect of the misinformation is potentially deadly, disinformation experts said, inflaming tensions between Israelis and Palestinians when suspicions and distrust have already run high.

Apple has patented the ability to deliver 3D content to devices like the iPhone, iPad and Macs without requiring 3D glasses. From a report: The company recently filed a patent with the heading of "Split-screen driving of electronic device displays." And the tech it describes means that flat screens on smartphones and tablets will be able to show an image in 3D without the viewer having to wear any glasses or VR headset. The idea is that iPhone and iPad screen will be able to display two different images simultaneously, in a way that will fool your brain into seeing a three-dimensional image.

Yes, there are already devices that do this, but the patent notes that existing methods are "problematic," stating: "it can be difficult to provide this type of content on a multi-function device such as a smartphone or a tablet without generating visible artifacts such as motion blur, luminance offsets, or other effects which can be unpleasant or even dizzying to a viewer." The rest of the patent application goes into a great deal of depth about how Apple plans to resolve these problems, and create a smooth 3D viewing experience on a flat screen without the need for glasses. This is gets hugely technical, but starts from the notion that the screen switches between left and right sides of an image via alternating pixel rows.

The patent is also quite vague about how this will all work on a practical level. It doesn't state, for example, what angle viewers will need to position their iPhone or iPad at to get the effect. But it does show that Apple is serious about developing this tech, and has put some proper thought into it.

Sci-Hub founder Alexandra Elbakyan reports that she has received a worrying email, ostensibly from Apple, revealing that law enforcement has demanded and gained access to her account data. The email indicates an FBI investigation although the precise nature of any inquiry remains unclear. From a report: In a message posted to her personal Twitter account, which is not currently subject to a suspension, Elbakyan draws attention to an email she received to one of her accounts operated by Google. "At first I thought it was spam and was about to delete the email, but it turned out to be about FBI requesting my data from Apple," she writes. As the email reveals, the apparent request to access the data from Elbakyan's account dates back more than two years but due to its nature, Apple has only just been able to reveal its existence to the Sci-Hub founder. What this is about, however, remains unclear but perhaps the more pressing question is whether it is a genuine email from Apple.

An anonymous reader quotes a report from Motherboard: The Pentagon is carrying out warrantless surveillance of Americans, according to a new letter written by Senator Ron Wyden and obtained by Motherboard. Senator Wyden's office asked the Department of Defense (DoD), which includes various military and intelligence agencies such as the National Security Agency (NSA) and the Defense Intelligence Agency (DIA), for detailed information about its data purchasing practices after Motherboard revealed special forces were buying location data. The responses also touched on military or intelligence use of internet browsing and other types of data, and prompted Wyden to demand more answers specifically about warrantless spying on American citizens.

Some of the answers the DoD provided were given in a form that means Wyden's office cannot legally publish specifics on the surveillance; one answer in particular was classified. In the letter Wyden is pushing the DoD to release the information to the public. A Wyden aide told Motherboard that the Senator is unable to make the information public at this time, but believes it would meaningfully inform the debate around how the DoD is interpreting the law and its purchases of data. "I write to urge you to release to the public information about the Department of Defense's (DoD) warrantless surveillance of Americans," the letter, addressed to Secretary of Defense Lloyd J. Austin III, reads. Wyden and his staff with appropriate security clearances are able to review classified responses, a Wyden aide told Motherboard. Wyden's office declined to provide Motherboard with specifics about the classified answer. But a Wyden aide said that the question related to the DoD buying internet metadata.

"Are any DoD components buying and using without a court order internet metadata, including 'netflow' and Domain Name System (DNS) records," the question read, and asked whether those records were about "domestic internet communications (where the sender and recipient are both U.S. IP addresses)" and "internet communications where one side of the communication is a U.S. IP address and the other side is located abroad." Netflow data creates a picture of traffic flow and volume across a network. DNS records relate to when a user looks up a particular domain, and a system then converts that text into the specific IP address for a computer to understand; essentially a form of internet browsing history. Wyden's new letter to Austin urging the DoD to release that answer and others says "Information should only be classified if its unauthorized disclosure would cause damage to national security. The information provided by DoD in response to my questions does not meet that bar."

A few days ago, Disney added a new anti-piracy patent to its arsenal: a blockchain-based distribution system that aims to make it harder for pirates to intercept films being distributed to movie theaters. TorrentFreak reports: The patent in question, titled "Blockchain configuration for secure content delivery," focuses on the distribution of content to movie theaters. This is a vulnerable process where pirates with the right connections can make copies during or after delivery. There are already several security mechanisms in place to prevent leaks from happening. Theaters have to adhere to strict rules, for example, and movies are all watermarked. Nevertheless, Disney believes that this isn't sufficient to stop pirates. "[S]uch security mechanisms are often reactive rather than preventative. For example, watermarking configurations insert a watermark into content to track piracy after the piracy has already occurred. As a result, current configurations do not adequately prevent piracy," the company explains.

Disney argues that by implementing a secure blockchain-based system, the distribution process can be more tightly controlled. Among other things, it will make it impossible for a movie to be played before it arrives at the intended location. "In contrast with previous configurations, the blockchain configuration verifies that the content is received at the intended destination prior to allowing playback of the content at that destination," the patent reads.

The system can also be configured with other anti-piracy features. For example, it can track the number of times a movie is played to prevent bad actors from showing it more often than they should. "Further, the blockchain configuration has an automated auditing mechanism that tracks playback of the content at the destination to ensure that the quantity of playbacks is accurately recorded. Therefore, piracy by the intended recipient, in the form of a greater quantity of actual playbacks than reported playbacks, is prevented.' While Disney regularly refers to movie theaters and projectors, it specifically states that the patent also applies to other 'playback environments.' For example, when Disney content is sent to other streaming providers, which will need the proper credentials to play the content. There are several possible practical implementations but whether Disney has concrete plans to use these in the real world is unknown.

Computer hardware maker MSI is warning gamers not to visit a website that's impersonating the brand and its graphics card overclocking software, Afterburner, to push malware. From a report: On Thursday, MSI published a press release warning of "a malicious software being disguised as the official MSI Afterburner." "The malicious software is being unlawfully hosted on a suspicious website impersonating as MSI's official website with the domain name https:// afterburner - msi [ . ] space," the company wrote. "MSI has no relation with this website or the aforementioned domain. [...] This webpage is hosting software which may contain virus, trojan, keylogger, or other type of malicious program that have been disguised to look like MSI Afterburner," the company added. "DO NOT DOWNLOAD ANY SOFTWARE FROM THIS WEBSITE."

An anonymous reader quotes a report from Bloomberg: Binance Holdings Ltd. is under investigation by the Justice Department and Internal Revenue Service, ensnaring the world's biggest cryptocurrency exchange in U.S. efforts to root out illicit activity that's thrived in the red-hot but mostly unregulated market. As part of the inquiry, officials who probe money laundering and tax offenses have sought information from individuals with insight into Binance's business, according to people with knowledge of the matter who asked not to be named because the probe is confidential. Led by Changpeng Zhao, a charismatic tech executive who relishes promoting tokens on Twitter and in media interviews, Binance has leap-frogged rivals since he co-founded it in 2017.

The firm, like the industry it operates in, has succeeded largely outside the scope of government oversight. Binance is incorporated in the Cayman Islands and has an office in Singapore but says it lacks a single corporate headquarters. Chainalysis Inc., a blockchain forensics firm whose clients include U.S. federal agencies, concluded last year that among transactions that it examined, more funds tied to criminal activity flowed through Binance than any other crypto exchange. [...] While the Justice Department and IRS probe potential criminal violations, the specifics of what the agencies are examining couldn't be determined, and not all inquiries lead to allegations of wrongdoing. The officials involved include prosecutors within the Justice Department's bank integrity unit, which probes complex cases targeting financial firms, and investigators from the U.S. Attorney's Office in Seattle. The scrutiny by IRS agents goes back months, with their questions signaling that they're reviewing both the conduct of Binance's customers and its employees, another person said.

The U.S. Commodity Futures Trading Commission has also been investigating Binance over whether it permitted Americans to make illegal trades, Bloomberg reported in March. In that case, authorities have been examining whether Binance let investors buy derivatives that are linked to digital tokens. U.S. residents are barred from purchasing such products unless the firms offering them are registered with the CFTC. [...] Along with the CFTC, the Justice Department is likely to examine steps that Binance has taken to keep U.S. residents off its exchange. One person familiar with Binance's operations said that prior to the establishment of Binance.US, Americans were advised to use a virtual proxy network, or VPN, to disguise their locations when seeking to access the exchange. "We take our legal obligations very seriously and engage with regulators and law enforcement in a collaborative fashion," Binance spokeswoman Jessica Jung said in an emailed statement. "We have worked hard to build a robust compliance program that incorporates anti-money laundering principles and tools used by financial institutions to detect and address suspicious activity."

The beauty and misery of private RSS feeds. An anonymous reader shares a report: There's only supposed to be one way to hear exclusive podcast content from sports host Scott Wetzel: by paying $5 a month to subscribe to his Patreon. But the show's also been available on a smaller podcasting app for free. In fact, leaked podcast feeds from dozens of subscription-only shows, including Wetzel's and The Last Podcast On The Left, are available to stream through Castbox, a smaller app for both iOS and Android, just by searching for them.

Two people in the podcast space tell me they've reached out to Castbox multiple times, only for the company to remove a show and then have it pop up again, an infuriating cycle for someone trying to charge for their content. "It's a little bit like playing whack-a-mole with them," says one source, who asked to remain anonymous because of their ongoing work in the space. Podcast subscriptions have existed for years, but they've gained wider attention this past month. Apple, which makes the dominant podcasting app, introduced in-app subscriptions with a button that lets people directly subscribe to a show from the app. Spotify announced its own subscription product, too, but with caveats -- the main one being there's no actual in-app button.

The judge overseeing the high-stakes trial between Epic Games and Apple hinted at a compromise that turns on the iPhone maker allowing developers to inform users through their mobile apps that they can buy virtual goods on the web at a cheaper cost. From a report: U.S. District Judge Yvonne Gonzalez Rogers appeared to be looking for middle ground while hearing from economists called by both companies as expert witnesses in a case that threatens to upend the multibillion-dollar marketplace for apps that run on mobile phones around the world.

The judge questioned Apple's App Store rule that blocks developers from including a link or other information in their apps to steer users away from the store to buy virtual goods elsewhere online at a discounted rate. The anti-steering policy is at the heart of Epic's argument that Apple maintains a near-monopoly and juices profits by barring developers from offering alternative payment options in their apps. "What's so bad about it anyway, for consumers to have choice?" Gonzalez Rogers asked Richard Schmalensee, an economist and Massachusetts Institute of Technology professor, who was testifying Wednesday as an expert witness for Apple in the second week of trial in Oakland, California.

Her question drew pushback from Schmalensee, who noted that the U.S. Supreme Court, in a 2018 ruling, threw out a lawsuit that accused American Express of thwarting competition by prohibiting merchants from steering customers to cards with lower fees. "If the app vendor can say, if you press this button you can buy this for less, that means the App Store can't collect its commission," Schmalensee said. That amounts to "undercutting" Apple's App Store sales, he said. Gonzalez Rogers said she didn't think the situations were "factually the same."

The Senate Homeland Security and Governmental Affairs Committee unanimously passed a bill that would ban U.S. federal workers from downloading the popular app TikTok onto U.S. government devices, Senator Josh Hawley, a bill sponsor, said in a press statement on Wednesday. Reuters reports: The U.S. Senate unanimously approved a similar measure in August 2020. Representative Ken Buck has introduced a similar bill in the House. The app, which is popular with teens eager to show off dance moves, has come under fire in the United States because of concerns over its Chinese owner, ByteDance. TikTok has sought to distance itself from Beijing with mixed success. Hawley called the company "an immediate security threat." "This should not be a partisan issue and I'm glad to see my colleagues in the Senate act together to address Beijing's covert data collection campaign," Hawley said in a statement after the vote.

An anonymous reader quotes a report from ZDNet: The Auditor-General of Western Australia on Wednesday tabled a report into the computer systems used at 50 local government entities, revealing 328 control weakness across the group. It was Auditor-General Caroline Spencer's intention to list the entities, but given the nature of her findings, all case studies included in Local Government General Computer Controls [PDF] omit entity, and system, names.

The report states that none of the 11 entities that the Auditor-General performed capability maturity assessments on met minimum targets. For the remaining 39, general computer controls audits were conducted. The audit probed information security, business continuity, management of IT risks, IT operations, change control, and physical security. Of the 328 control weaknesses, 33 rated as significant and 236 as moderate. Like last year, nearly half of all issues were about information security. The capability assessment results, meanwhile, showed that none of the 11 audited entities met the auditor's expectations across the six control categories, with 79% of the audit results below the minimum benchmark. [...] The report provided six recommendations, one for each of the security types audited. These included implementing appropriate frameworks and management structures, identifying IT risks, and patching.

An Australian computer scientist who alleges he created bitcoin has launched a London High Court lawsuit against 16 software developers in an effort to secure bitcoin worth around 4 billion pounds ($5.7 billion) he says he owns. From a report: In a case that was promptly labelled "bogus" by one defendant, Craig Wright is demanding that developers allow him to retrieve around 111,000 bitcoin held at two digital addresses that he does not have private keys for. In his second London lawsuit in three weeks, Wright alleges he lost the encrypted keys when his home computer network was hacked in February 2020. Police are investigating.

Wright, who is bringing the case through his Seychelles-based Tulip Trading firm, concedes he is a controversial figure since alleging in 2016 that he wrote the bitcoin white paper -- which first outlined the technology behind the digital assets -- under the pseudonym Satoshi Nakamoto in 2008. The claim is hotly disputed. The Australian, who is autistic and lives in Britain with his wife and two of his three children, alleges in his latest lawsuit that developers have breached their duties to act in the best interests of the rightful owner of globally-traded assets.

An anonymous reader quotes a report from The Register: A dozen Wi-Fi design and implementation flaws make it possible for miscreants to steal transmitted data and bypass firewalls to attack devices on home networks, according to security researcher Mathy Vanhoef. On Tuesday, Vanhoef, a postdoctoral researcher in computer security at New York University Abu Dhabi, released a paper titled, "Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation" [PDF]. Scheduled to be presented later this year at the Usenix Security conference, the paper describes a set of wireless networking vulnerabilities, including three Wi-Fi design flaws and nine implementation flaws. Vanhoef, who in 2017 along with co-author Frank Piessens identified key reinstallation attacks (KRACKs) on the WPA2 protocol (used to secure Wi-Fi communication), has dubbed his latest research project FragAttacks, which stands for fragmentation and aggregation attacks.

The dozen vulnerabilities affect all Wi-Fi security protocols since the wireless networking technology debuted in 1997, from WEP up through WPA3. [...] In total, 75 devices -- network card and operating system combinations (Windows, Linux, Android, macOS, and iOS) -- were tested and all were affected by one or more of the attacks. NetBSD and OpenBSD were not affected because they don't support the reception of A-MSDUs (aggregate MAC service data units). [...]

Patches for many affected devices and software have already been deployed, thanks to a nine-month-long coordinated responsible disclosure overseen by the Wi-Fi Alliance and the Industry Consortium for Advancement of Security on the Internet (ICASI). Linux patches have been applied and the kernel mailing list note mentions that Intel has addressed the flaws in a recent firmware update without mentioning it. Microsoft released its patches on March 9, 2021 when disclosure was delayed tho Redmond had already committed to publication. Vanhoef advises checking with the vendor(s) of Wi-Fi devices about whether the FragAttacks have been addressed. "[F]or some devices the impact is minor, while for others it's disastrous," he said.

The Biden administration gave approval Tuesday to the nation's first commercial-scale offshore wind farm, which is scheduled to begin construction this summer. The New York Times reports: he Vineyard Wind project calls for up to 84 turbines to be installed in the Atlantic Ocean about 12 nautical miles off the coast of Martha's Vineyard, Mass. Together, they could generate about 800 megawatts of electricity, enough to power about 400,000 homes. The administration estimates that the work will create about 3,600 jobs. The project would dwarf the scale of the country's two existing wind farms, off the coasts of Virginia and Rhode Island. Together, they produce just 42 megawatts of electricity. In addition to Vineyard Wind, a dozen other offshore wind projects along the East Coast are now under federal review. The Interior Department has estimated that by the end of the decade, some 2,000 turbines could be churning in the wind along the coast from Massachusetts to North Carolina.

Electricity generated by the Vineyard Wind turbines will travel via cables buried six feet below the ocean floor to Cape Cod, where they would connect to a substation and feed into the New England grid. The company said that it expects to begin delivering wind-powered electricity in 2023. The Biden administration said that it intended to fast-track permits for other projects off the Atlantic Coast and that it would offer $3 billion in federal loan guarantees for offshore wind projects and invest in upgrades to ports across the United States to support wind turbine construction. [...] The administration has pledged to build 30,000 megawatts of offshore wind in the United States by 2030. It's a target the White House has said would spark $12 billion in capital investments annually, supporting 77,000 direct and indirect jobs by the end of the decade. If Mr. Biden's offshore wind targets are met, it could avoid 78 million metric tons of carbon dioxide emissions, while creating new jobs and even new industries along the way, the administration said.

An anonymous reader quotes a report from Motor1: Roads are lined with unattractive billboards many of us ignore on our daily commutes, but Ford's new tech will make sure we don't miss them anymore. The system works by scanning the billboards, interpreting the information on the sign, and delivering the most useful bits right into the vehicle's display. It sounds invasive and distracting, with a side of Orwellian creepiness tossed on top for good measure. For now, though, this is just a patent application and may never see implementation, but it's not difficult to see how this could be useful to automakers and advertisers. Ford's application says the tech could display an advertiser's products or services, directions to the store, or the phone number.

It's not a stretch to imagine a future where you're driving down the road, and your car sees a sign for your favorite restaurant, prompting you to place an order because the vehicle knows Thursday is take-out night. Cars are only getting infused with more technology designed to assist people in their day-to-day lives, and this would be another avenue to do just that, creating a tailored driving experience. It could also force advertisers to pay Ford to access to its fleet of billboard-scanning-equipped cars, expanding revenue streams beyond the car itself. In a comment to Motor1, Ford says the company submits "patents on new inventions as a normal course of business, but they aren't necessarily an indication of new business or product plans."

Apple is facing a London lawsuit over claims it overcharged nearly 20 million U.K. customers for App Store purchases, yet another legal headache for the tech giant fighting lawsuits across the world. Bloomberg reports: Apple's 30% fee is "excessive" and "unlawful" the claimants said in a press release Tuesday. The claim, filed at London's Competition Appeal Tribunal on Monday, calls for the U.S. firm to compensate U.K. iPhone and iPad users for years of alleged overcharging. They estimate that Apple could face paying out in excess of 1.5 billion pounds ($2.1 billion). "Apple is abusing its dominance in the app store market, which in turn impacts U.K. consumers," Rachael Kent, the lead claimant in the case and a professor at King's College London. She teaches the ways in which consumers interact and depend upon digital platforms.

The legal challenges come as Apple faces a backlash -- with billions of dollars in revenue on the line -- from global regulators and some developers who say its fees and other policies are unjust and self-serving. Last month, the European Commission sent a statement of objections to the firm, laying out how it thinks Apple abused its power as the "gatekeeper" for music-streaming apps on its store. The suit alleges that Apple deliberately shuts out potential competition and forces ordinary users to use its own payment processing system, generating unlawfully excessive levels of profit for the company. The claimants say any U.K. user of an iPhone or iPad who purchased paid apps, subscriptions or made other in-app purchases since October 2015 is entitled to compensation. "We believe this lawsuit is meritless and welcome the opportunity to discuss with the court our unwavering commitment to consumers and the many benefits the App Store has delivered to the U.K.'s innovation economy," Apple said in an emailed statement. "The commission charged by the App Store is very much in the mainstream of those charged by all other digital marketplaces," Apple said. "In fact, 84% of apps on the App Store are free and developers pay Apple nothing. And for the vast majority of developers who do pay Apple a commission because they are selling a digital good or service, they are eligible for a commission rate of 15%."

Southern California has adopted a new air pollution rule aimed at slashing noxious emissions from warehouse trucks that move goods sold by Amazon and other e-commerce retailers. Ars Technica reports: Diesel pollution from heavy trucks causes everything from asthma to heart attacks, and even Parkinson's disease. Previously, such pollution tended to be concentrated around shipping ports and highways, but the growth of e-commerce has created a new source that is affecting neighborhoods farther inland. There are nearly 34,000 warehouses enclosing 1.17 billion square feet of space in the Los Angeles region alone. The rule, which was adopted late last week by a 9-4 vote of the South Coast Air Quality Management District (AQMD), would cover around 3,300 warehouses that are larger than 100,000 square feet. The rule seeks to reduce the amount of diesel particulate matter and nitrogen oxides produced by trucks serving these facilities. The district covers more than 17 million people, or nearly half the state's population.

The way the South Coast AQMD is approaching warehouse-related pollution is novel. Rather than attempting to control traffic flow to and from the facilities, the regulator will require warehouse owners to take various steps to reduce pollution in the area. That could include buying electric or fuel-cell trucks, adding solar panels to the building roofs, or installing air filters at nearby homes, hospitals, and schools. Each of these measures is assigned a point value, and warehouse operators must achieve a certain total to offset the emissions from their truck traffic. If they cannot meet the goal through mitigation measures, they can pay a fee instead. South Coast AQMD is phasing in compliance depending on the size of the facility. Warehouses that are over 250,000 square feet must meet their goals by June 30, 2022. Warehouses over 150,000 square feet must comply by the same day the following year, and those over 100,000 square feet get until June 30, 2024. Amazon's typical warehouses, for example, range in size from 600,000 to 1 million square feet. [...] The new rule is expected to save 150 to 300 lives and prevent 2,500 to 5,800 asthma attacks between 2022 and 2031. Overall, the public health benefits could be as large as $2.7 billion over the same timeframe.