Silicon Valley & Technology

BOSTON — In a scathing indictment of Microsoft corporate security and transparency, a Biden administration-appointed review board issued a report Tuesday saying “a cascade of errors” by the tech giant let state-backed Chinese cyber operators break into email accounts of senior U.S. officials including Commerce Secretary Gina Raimondo.

The Cyber Safety Review Board, created in 2021 by executive order, describes shoddy cybersecurity practices, a lax corporate culture and a lack of sincerity about the company’s knowledge of the targeted breach, which affected multiple U.S. agencies that deal with China.

It concluded that “Microsoft’s security culture was inadequate and requires an overhaul” given the company’s ubiquity and critical role in the global technology ecosystem. Microsoft products “underpin essential services that support national security, the foundations of our economy, and public health and safety.”

The panel said the intrusion, discovered in June by the State Department and dating to May, “was preventable and should never have occurred,” and it blamed its success on “a cascade of avoidable errors.” What’s more, the board said, Microsoft still doesn’t know how the hackers got in.

The panel made sweeping recommendations, including urging Microsoft to put on hold adding features to its cloud computing environment until “substantial security improvements have been made.”

It said Microsoft’s CEO and board should institute “rapid cultural change,” including publicly sharing “a plan with specific timelines to make fundamental, security-focused reforms across the company and its full suite of products.”

In a statement, Microsoft said it appreciated the board’s investigation and would “continue to harden all our systems against attack and implement even more robust sensors and logs to help us detect and repel the cyber-armies of our adversaries.”

In all, the state-backed Chinese hackers broke into the Microsoft Exchange Online email of 22 organizations and more than 500 individuals around the world — including the U.S. ambassador to China, Nicholas Burns — accessing some cloud-based email boxes for at least six weeks and downloading some 60,000 emails from the State Department alone, the 34-page report said. Three think tanks and foreign government entities, including a number of British organizations, were among those compromised, it said.

The board, convened by Homeland Security Secretary Alejandro Mayorkas in August, accused Microsoft of making inaccurate public statements about the incident — including issuing a statement saying it believed it had determined the likely root cause of the intrusion “when, in fact, it still has not.” Microsoft did not update that misleading blog post, published in September, until mid-March, after the board repeatedly asked if it planned to issue a correction, it said.

Separately, the board expressed concern about a separate hack disclosed by the Redmond, Washington, company in January, this one of email accounts — including those of an undisclosed number of senior Microsoft executives and an undisclosed number of Microsoft customers — and attributed to state-backed Russian hackers.

The board lamented “a corporate culture that deprioritized both enterprise security investments and rigorous risk management.”

The Chinese hack was initially disclosed in July by Microsoft in a blog post and carried out by a group the company calls Storm-0558. That same group, the panel noted, has been engaged in similar intrusions — compromising cloud providers or stealing authentication keys so it can break into accounts — since at least 2009, targeting companies including Google, Yahoo, Adobe, Dow Chemical and Morgan Stanley.

Microsoft noted in its statement that the hackers involved are “well-resourced nation state threat actors who operate continuously and without meaningful deterrence.”

The company said that it recognized that recent events “have demonstrated a need to adopt a new culture of engineering security in our own networks,” and added that it had “mobilized our engineering teams to identify and mitigate legacy infrastructure, improve processes, and enforce security benchmarks.”
…

…

WASHINGTON — The United States and Britain on Monday announced a new partnership on the science of artificial intelligence safety, amid growing concerns about upcoming next-generation versions.

Commerce Secretary Gina Raimondo and British Technology Secretary Michelle Donelan signed a memorandum of understanding in Washington to jointly develop advanced AI model testing, following commitments announced at an AI Safety Summit in Bletchley Park in November.

“We all know AI is the defining technology of our generation,” Raimondo said. “This partnership will accelerate both of our institutes work across the full spectrum to address the risks of our national security concerns and the concerns of our broader society.”

Britain and the United States are among countries establishing government-led AI safety institutes.

Britain said in October its institute would examine and test new types of AI, while the United States said in November it was launching its own safety institute to evaluate risks from so-called frontier AI models and is now working with 200 companies and entites.

Under the formal partnership, Britain and the United States plan to perform at least one joint testing exercise on a publicly accessible model and are considering exploring personnel exchanges between the institutes. Both are working to develop similar partnerships with other countries to promote AI safety.

“This is the first agreement of its kind anywhere in the world,” Donelan said. “AI is already an extraordinary force for good in our society and has vast potential to tackle some of the world’s biggest challenges, but only if we are able to grip those risks.”

Generative AI, which can create text, photos and videos in response to open-ended prompts, has spurred excitement as well as fears it could make some jobs obsolete, upend elections and potentially overpower humans and catastrophic effects.

In a joint interview with Reuters Monday, Raimondo and Donelan urgent joint action was needed to address AI risks.

“Time is of the essence because the next set of models are about to be released, which will be much, much more capable,” Donelan said. “We have a focus one the areas that we are dividing and conquering and really specializing.”

Raimondo said she would raise AI issues at a meeting of the U.S.-EU Trade and Technology Council in Belgium Thursday.

The Biden administration plans to soon announce additions to its AI team, Raimondo said. “We are pulling in the full resources of the U.S. government.”

Both countries plan to share key information on capabilities and risks associated with AI models and systems and technical research on AI safety and security.

In October, Biden signed an executive order that aims to reduce the risks of AI. In January, the Commerce Department said it was proposing to require U.S. cloud companies to determine whether foreign entities are accessing U.S. data centers to train AI models.

Britain said in February it would spend more than 100 million pounds ($125.5 million) to launch nine new research hubs and AI train regulators about the technology.

Raimondo said she was especially concerned about the threat of AI applied to bioterrorism or a nuclear war simulation.

“Those are the things where the consequences could be catastrophic and so we really have to have zero tolerance for some of these models being used for that capability,” she said.
…

…

…

New York — Kia is recalling more than 427,000 of its Telluride SUVs due to a defect that may cause the cars to roll away while they’re parked.

According to documents published by the National Highway Traffic Safety Administration, the intermediate shaft and right front driveshaft of certain 2020-2024 Tellurides may not be fully engaged. Over time, this can lead to “unintended vehicle movement” while the cars are in park — increasing potential crash risks.

Kia America decided to recall all 2020-2023 model year and select 2024 model year Tellurides earlier this month, NHTSA documents show. At the time, no injuries or crashes were reported.

Improper assembly is suspected to be the cause of the shaft engagement problem — with the recall covering 2020-2024 Tellurides that were manufactured between Jan. 9, 2019, and Oct. 19, 2023. Kia America estimates that 1% have the defect.

To remedy this issue, recall documents say, dealers will update the affected cars’ electronic parking brake software and replace any damaged intermediate shafts for free. Owners who already incurred repair expenses will also be reimbursed.

In the meantime, drivers of the impacted Tellurides are instructed to manually engage the emergency brake before exiting the vehicle. Drivers can also confirm if their specific vehicle is included in this recall and find more information using the NHTSA site and/or Kia’s recall lookup platform.

Owner notification letters are otherwise set to be mailed out on May 15, with dealer notification beginning a few days prior.

The Associated Press reached out to Irvine, California-based Kia America for further comment Sunday. No comment was received.
…

San Francisco — Google co-founders Larry Page and Sergey Brin loved pulling pranks, so they began rolling out outlandish ideas every April Fool’s Day not long after starting their company more than a quarter century ago. One year, Google posted a job opening for a Copernicus research center on the moon. Another year, the company said it planned to roll out a “scratch and sniff” feature on its search engine.

The jokes were consistently over-the-top, and people learned to laugh them off as another example of Google mischief. That’s why Page and Brin decided to unveil something no one would believe was possible 20 years ago on April Fool’s Day.

It was Gmail, a free service boasting 1 gigabyte of storage per account, an amount that sounds almost pedestrian in an age of 1-terabyte iPhones. But it sounded like a preposterous amount of email capacity back then, enough to store about 13,500 emails before running out of space compared to just 30 to 60 emails in the then-leading webmail services run by Yahoo and Microsoft. That translated into 250 to 500 times more email storage space.

Besides the quantum leap in storage, Gmail also came equipped with Google’s search technology so users could quickly retrieve a tidbit from an old email, photo or other personal information stored on the service. It also automatically threaded together a string of communications about the same topic, so everything flowed together as if it was a single conversation.

“The original pitch we put together was all about the three ‘S’s’ — storage, search and speed,” said former Google executive Marissa Mayer, who helped design Gmail and other company products before later becoming Yahoo’s CEO.

It was such a mind-bending concept that shortly after The Associated Press published a story about Gmail late on the afternoon of April Fool’s 2004, readers began calling and emailing to inform the news agency it had been duped by Google’s pranksters.

“That was part of the charm, making a product that people won’t believe is real. It kind of changed people’s perceptions about the kinds of applications that were possible within a web browser,” former Google engineer Paul Buchheit recalled during a recent AP interview about his efforts to build Gmail.

It took three years to do as part of a project called “Caribou” — a reference to a running gag in the Dilbert comic strip. “There was something sort of absurd about the name Caribou, it just made make me laugh,” said Buchheit, the 23rd employee hired at a company that now employs more than 180,000 people.

The AP knew Google wasn’t joking about Gmail because an AP reporter had been abruptly asked to come down from San Francisco to the company’s Mountain View, California, headquarters to see something that would make the trip worthwhile.

After arriving at a still-developing corporate campus that would soon blossom into what became known as the “Googleplex,” the AP reporter was ushered into a small office where Page was wearing an impish grin while sitting in front of his laptop computer.

Page, then just 31 years old, proceeded to show off Gmail’s sleekly designed inbox and demonstrated how quickly it operated within Microsoft’s now-retired Explorer web browser. And he pointed out there was no delete button featured in the main control window because it wouldn’t be necessary, given Gmail had so much storage and could be so easily searched. “I think people are really going to like this,” Page predicted.

As with so many other things, Page was right. Gmail now has an estimated 1.8 billion active accounts — each one now offering 15 gigabytes of free storage bundled with Google Photos and Google Drive. Even though that’s 15 times more storage than Gmail initially offered, it’s still not enough for many users who rarely see the need to purge their accounts, just as Google hoped.

The digital hoarding of email, photos and other content is why Google, Apple and other companies now make money from selling additional storage capacity in their data centers. (In Google’s case, it charges anywhere from $30 annually for 200 gigabytes of storage to $250 annually for 5 terabytes of storage). Gmail’s existence is also why other free email services and the internal email accounts that employees use on their jobs offer far more storage than was fathomed 20 years ago.

“We were trying to shift the way people had been thinking because people were working in this model of storage scarcity for so long that deleting became a default action,” Buchheit said.

Gmail was a game changer in several other ways while becoming the first building block in the expansion of Google’s internet empire beyond its still-dominant search engine.

After Gmail came Google Maps and Google Docs with word processing and spreadsheet applications. Then came the acquisition of video site YouTube, followed by the introduction of the Chrome browser and the Android operating system that powers most of the world’s smartphones. With Gmail’s explicitly stated intention to scan the content of emails to get a better understanding of users’ interests, Google also left little doubt that digital surveillance in pursuit of selling more ads would be part of its expanding ambitions.

Although it immediately generated a buzz, Gmail started out with a limited scope because Google initially only had enough computing capacity to support a small audience of users.

But that scarcity created an air of exclusivity around Gmail that drove feverish demand for elusive invitations to sign up. At one point, invitations to open a Gmail account were selling for $250 apiece on eBay. “It became a bit like a social currency, where people would go, ‘Hey, I got a Gmail invite, you want one?’” Buchheit said.

Although signing up for Gmail became increasingly easier as more of Google’s network of massive data centers came online, the company didn’t begin accepting all comers to the email service until it opened the floodgates as a Valentine’s Day present to the world in 2007.
…

WASHINGTON — Artificial Intelligence for good is the subject of a new exhibit at the Embassy of Sweden in Washington, showing how Swedish companies and organizations are using AI for a more open society, a healthier world, and a greener planet.

Ambassador Urban Ahlin told an embassy reception that Sweden’s broad collaboration across industry, academia and government makes it a leader in applying AI in public-interest areas, such as clean tech, social sciences, medical research, and greener food supply chains. That includes tracking the mood and health of cows.

Fitbit for cows

It is technology developed by DeLaval, a producer of dairy and farming machinery. The firm’s Market Solution Manager in North America Joaquin Azocar says the small wearable device the size of an earring fits in a cow’s ear and tracks the animal’s movements 24/7, much like a Fitbit.

The ear-mounted tags send out signals to receivers across the farm. DeLaval’s artificial intelligence system analyzes the data and looks for correlations in patterns, trends, and deviations in the animals’ activities, to predict if a cow is sick, in heat, or not eating well.

As a trained veterinarian, Azocar says dairy farmers being alerted sooner to changes in their animals’ behavior means they can provide treatment earlier which translates to less recovery time.

AI helping in childbirth

There are also advances in human health. The developing Pelvic Floor AI project is an AI-based solution to identify high-risk cases of pelvic floor injury and facilitate timely interventions to prevent and limit harm.

It was developed by a team of gynecologists and women’s health care professionals from Sweden’s Sahlgrenska University Hospital to help the nearly 20% of women who experience injury to their pelvic floor during childbirth.

The exhibition “is a great way to showcase the many ways AI is being adapted and used, in medicine and in many other areas,” said exhibition attendee Jesica Lindgren, general counsel for international consulting firm BlueStar Strategies. “It’s important to know how AI is evolving and affecting our everyday life.”

Green solutions using AI

The exhibition includes examples of what AI can do about climate change, including rising sea levels and declining biodiversity.

AirForestry is developing technology “for precise forestry that will select and harvest trees fully autonomously.” The firm says that “harvesting the right trees in the right place could significantly improve overall carbon sequestration and resilience.”

AI & the defense industry

Outlining the development of artificial intelligence for the defense industry, the exhibit admits that “can be controversial.”

“There are exciting possibilities to use AI to solve problems that cannot be solved using traditional algorithms due to their complexity and limitations in computational power,” the exhibit states. “But it requires thorough consideration of how AI should and shouldn’t be utilized. Proactively engaging in AI research is necessary to understand the technology’s capabilities and limitations and help shape its ethical standards.”

AI and privacy

Exhibition participant Quentin Black is an engineer with Axis Communications, an industry leader in video surveillance. He said the project came out of GDPR, or General Data Protection Regulation; an EU policy that provides privacy to citizens who are out in public whose image could be picked up on video surveillance cameras.

The regulations surrounding privacy are stricter in Europe than they are in the U.S., Black said.

“In the U.S. the public doesn’t really have an expectation of privacy; there’s cameras everywhere. In Europe, it’s different.” That regulation inspired Axis Communications to develop AI that provides privacy, he explained.

Black pointed to a large monitor divided into four windows, to show how AI is being used to set up four different filters to provide privacy.

The Axis Live Privacy Shield remotely monitors activities both indoors and outdoors while safeguarding privacy in real time. The technology is downloadable and free, to provide privacy to people and/or environments, using a variety of filters.

In the monitor on display in the exhibition, Black explained the four quadrants. The upper right window of the monitor displays privacy with a full color block out of all humans, using AI to distinguish the difference between the people and the environment.

The upper left window provides privacy to the person’s head. The bottom left corner provides pixelization, or a mosaic, of the person’s entire/whole body, and the immediate environment surrounding the person. And the bottom right corner shows blockage of the environment, so “an inverse of the personal privacy,” Black explained.

“So, if it was a top secret facility, or you want to see the people walking up to your door without a view of your neighbor’s house, this is where this can this be applied.”

Tip of the iceberg

“I think that AI is on everybody’s thoughts, and what I appreciate about the House of Sweden’s approach in this exhibition is highlighting a thoughtful, scientific, business-oriented and human-oriented perspective on AI in society today,” said Molly Steenson, President and CEO of the American Swedish Institute.

Though AI and machine learning have been around since the 1950s, she says it is only now that we are seeing “the contemporary upswing and acceleration of AI, especially generative AI in things like large language models.”

“So, while large companies and tech companies might want us to speed up and believe that it is only scary or it is only good, I think it’s a lot more nuanced than that,” she said.
…

BEIJING — Chinese leader Xi Jinping told visiting Dutch Prime Minister Mark Rutte on Wednesday that attempts to restrict China’s access to technology will not stop the country’s advance. 

The Netherlands imposed export licensing requirements in 2023 on the sale of machinery that can make advanced processor chips. The move came after the United States blocked Chinese access to advanced chips and the equipment to make them, citing security concerns, and urged its allies to follow suit. 

An online report from state broadcaster CCTV did not mention the chip machinery, but quoted Xi as saying that the creation of scientific and technological barriers and the fragmentation of the industrial and supply chains will lead to division and confrontation. 

“The Chinese people also have the right to legitimate development, and no force can stop the pace of China’s scientific and technological development and progress,” Xi said, according to CCTV. 

Dutch company ASML is the world’s only producer of machines that use extreme ultraviolet lithography to make advanced semiconductors. In 2023, China became ASML’s second-largest market, accounting for 29% of its revenue as Chinese companies bought up equipment before the licensing requirement took effect. 

Rutte, speaking to journalists after his meeting, declined to go into specifics of the talks. 

“What I can tell you is that … when we have to take measures, that they are never aimed at one country specifically, that we always try to make sure that the impact is limited, is not impacting the supply chain, and therefore is not impacting the overall economic relationship,” he said. 

The Dutch leader, who was accompanied by Trade Minister Geoffrey van Leeuwen on the trip, said the top issue for him in their meetings with Xi and Chinese Premier Li Qiang was the war in Ukraine. 

China has taken a neutral position on the war, providing Russia with diplomatic cover and economic support through trade. That stance has angered and frustrated much of Europe, which sees Russia as the aggressor and Ukraine as the victim. 

Rutte said it’s important for China to understand that “this is a direct security threat for us, because if Russia will be successful in Ukraine, it will be a threat to the whole of Europe. It will not end with Ukraine.” 

He added that he had asked China’s leaders “to put their considerable weight — and they can do that as far as I’m concerned in a very discreet way — but as much as possible on Russia to influence the course of events.” 

ASML, the Netherlands’ largest company, recently threatened to leave the country over anti-immigration policies that may impact the company’s ability to hire talent, leaving government officials scrambling to ensure that the firm does not leave. 

Van Leeuwen said this week in an interview with The FD, a Dutch business newspaper, that protecting the interests of ASML is a top priority but acknowledged that national security comes before economic interests. 

Beijing has repeatedly accused the U.S. of trying to hold back China’s economic development by restricting access to technology. In response, Xi has launched a campaign to develop home-grown chips and other high-tech products. 

“China always opposes the U.S. overstretching the concept of national security and making various excuses to coerce other countries into imposing a technological blockade against China,” Foreign Ministry spokesperson Wang Wenbin said in January. 

Rutte said that NATO and its growing ties with Asia did not come up at Wednesday’s talks. He is a leading candidate to be the next head of the alliance, which China has criticized for provoking regional tensions and making diplomatic forays into the Asia-Pacific region.
…

Bangkok — Vietnamese automaker VinFast announced Tuesday that it plans to sell its electric vehicles in Thailand and said it had tied up with auto dealers to open showrooms in the country.

VinFast, which only began exporting its EVs last year, faces stiff competition in Thailand from Chinese automakers like BYD. Tesla also recently entered the fray. All were displaying their latest models at the Bangkok International Motor Show.

The Thai EV market is small but growing fast, buoyed by incentives and subsidies from the government. The country of more than 70 million plans to convert 30% of the 2.5 million vehicles it makes annually into EVs by 2030.

VinFast hopes to start selling both its electric scooters and electric SUVs in the country in the next two months, Vu Dang Yen Hang, chief executive officer of VinFast Thailand, told The Associated Press.

Details about pricing and buying the EVs are likely to be announced later this year.

Thailand accounted for 58% of all EV sales in Southeast Asia in 2022, ahead of both Vietnam and Indonesia, according to market research firm Counterpoint Research. But the EV market remains small, accounting for only 0.5% of EV sales worldwide in 2022.

Thailand is trying to change this with incentives to promote manufacturing and sales of EVs, such as reducing import duties and paying subsidies to make them more price competitive.

VinFast has set a target of selling its cars in 50 markets worldwide by the end of 2024.

Initially it’ll rely on existing charging developers in Thailand, but the long-term plan was to work alongside V-Green, a company that builds EV charging stations and is owned by VinFast’s parent company, said Hang.

“We will be working alongside [V-Green] to build infrastructure for our customers in Thailand who are using our cars,” she said.

V-Green was launched this month and plans to spend $404 million in the next two years to build charging stations for VinFast cars in different countries. Like VinFast, it is a part of the sprawling conglomerate Vingroup, which began as an instant noodle company in Ukraine in the 1990s. It is founded and run by Vietnam’s richest man, Pham Nhat Vuong.

VinFast’s foray into Thailand is part of a global expansion that has included exports of EVs to the United States. The company is building an EV factory in North Carolina, where production is slated to begin later in the year. Another factory is under construction in India, and it plans another in Indonesia.

VinFast has begun shipping EVs made in Vietnam to neighboring Laos to supply vehicles for Green SM, an EV taxi operator that is mostly owned by VinFast’s founder, Vuong.

Last year, the company listed its shares in August on Nasdaq, where they initially soared, pushing its market value briefly above those of General Motors Corp. and Ford Motor Co. But investor enthusiasm has cooled, and the company lost more in than $1.4 billion the first three quarters of 2023.

VinFast has struggled to sell its EVs in the U.S., and its early cars have received bad reviews. But the company maintains that if it can succeed in the crowded and competitive American market, it can succeed anywhere.
…