 |
|
|
|||||
The website of the Chinese artificial intelligence company DeepSeek, whose chatbot became the most downloaded app in the United States, has computer code that could send some user login information to a Chinese state-owned telecommunications company that has been barred from operating in the United States, security researchers say.The web login page of DeepSeek’s chatbot contains heavily obfuscated computer script that when deciphered shows connections to computer infrastructure owned by China Mobile, a state-owned telecommunications company. The code appears to be part of the account creation and user login process for DeepSeek.In its privacy policy, DeepSeek acknowledged storing data on servers inside the People’s Republic of China. But its chatbot appears more directly tied to the Chinese state than previously known through the link revealed by researchers to China Mobile. The U.S. has claimed there are close ties between China Mobile and the Chinese military as justification for placing limited sanctions on the company. DeepSeek and China Mobile did not respond to emails seeking comment.The growth of Chinese-controlled digital services has become a major topic of concern for U.S. national security officials. Lawmakers in Congress last year on an overwhelmingly bipartisan basis voted to force the Chinese parent company of the popular video-sharing app TikTok to divest or face a nationwide ban though the app has since received a 75-day reprieve from President Donald Trump, who is hoping to work out a sale.The code linking DeepSeek to one of China’s leading mobile phone providers was first discovered by Feroot Security, a Canadian cybersecurity company, which shared its findings with the Associated Press. The AP took Feroot’s findings to a second set of computer experts, who independently confirmed that China Mobile code is present. Neither Feroot nor the other researchers observed data transferred to China Mobile when testing logins in North America, but they could not rule out that data for some users was being transferred to the Chinese telecom.The analysis only applies to the web version of DeepSeek. They did not analyze the mobile version, which remains one of the most downloaded pieces of software on both the Apple and the Google app stores.The U.S. Federal Communications Commission unanimously denied China Mobile authority to operate in the United States in 2019, citing “substantial” national security concerns about links between the company and the Chinese state. In 2021, the Biden administration also issued sanctions limiting the ability of Americans to invest in China Mobile after the Pentagon linked it to the Chinese military.“It’s mind-boggling that we are unknowingly allowing China to survey Americans and we’re doing nothing about it,” said Ivan Tsarynny, CEO of Feroot.“It’s hard to believe that something like this was accidental. There are so many unusual things to this. You know that saying ‘Where there’s smoke, there’s fire’? In this instance, there’s a lot of smoke,” Tsarynny said.Stewart Baker, a Washington, D.C.-based lawyer and consultant who has previously served as a top official at the Department of Homeland Security and the National Security Agency, said DeepSeek “raises all of the TikTok concerns plus you’re talking about information that is highly likely to be of more national security and personal significance than anything people do on TikTok,” one of the world’s most popular social media platforms.Users are increasingly putting sensitive data into generative AI systemseverything from confidential business information to highly personal details about themselves. People are using generative AI systems for spell-checking, research, and even highly personal queries and conversations. The data security risks of such technology are magnified when the platform is owned by a geopolitical adversary and could represent an intelligence goldmine for a country, experts warn.“The implications of this are significantly larger because personal and proprietary information could be exposed. It’s like TikTok but at a much grander scale and with more precision. It’s not just sharing entertainment videos. It’s sharing queries and information that could include highly personal and sensitive business information,” said Tsarynny, of Feroot.Feroot, which specializes in identifying threats on the web, identified computer code that is downloaded and triggered when a user logs into DeepSeek. According to the company’s analysis, the code appears to capture detailed information about the device a user logs in froma process called fingerprinting. Such techniques are widely used by tech companies around the world for security, verification, and ad targeting.The company’s analysis of the code determined that there were links in that code pointing to China Mobile authentication and identity management computer systems, meaning it could be part of the login process for some users accessing DeepSeek.The AP asked two academic cybersecurity expertsJoel Reardon of the University of Calgary and Serge Egelman of the University of California, Berkeleyto verify Feroot’s findings. In their independent analysis of the DeepSeek code, they confirmed there were links between the chatbot’s login system and China Mobile.“It’s clear that China Mobile is somehow involved in registering for DeepSeek,” said Reardon. He didn’t see data being transferred in his testing but concluded that it is likely being activated for some users or in some login methods. Contact the AP’s global investigative team at Investigative@ap.org or https://www.ap.org/tips/. Byron Tau, Associated Press
Category:
E-Commerce
The Trump administration said Tuesday that it is pulling almost all U.S. Agency for International Development workers off the job and out of the field worldwide, moving to all but end a six-decade mission to shore up American security by fighting starvation, funding education, and working to end epidemics.The administration notified USAID workers in emails and a notice posted online, the latest in a sudden dismantling of the aid agency by returning political appointees from President Donald Trump’s first term and billionaire Elon Musk’s government-efficiency teams who call much of the spending on programs overseas wasteful.The order takes effect just before midnight Friday and gives direct hires of the agency overseasmany of whom have been frantically packing up households in expectation of the announcement30 days to return home unless they are deemed essential. Contractors not determined to be essential also would be fired, the notice said.The move had been rumored for several days and was the most extreme of several proposals considered for consolidating the agency into the State Department. Other options had included closures of smaller USAID missions and partial closures of larger ones.Thousands of USAID employees already had been laid off and programs worldwide shut down after Trump, a Republican, imposed a sweeping freeze on foreign assistance. Despite outcry from Democratic lawmakers, the aid agency has been a special target as the new administration and Musk’s budget-slashing Department of Government Efficiency look to shrink the federal government.They have ordered a spending stop that has paralyzed U.S.-funded aid and development work around the world, gutted the senior leadership and workforce with furloughs and firings, and closed Washington headquarters to staffers Monday. Lawmakers said the agency’s computer servers were carted away.“Spent the weekend feeding USAID into the wood chipper,” Musk boasted on X.The mass removal of thousands of staffers overseas and in Washington would doom billions of dollars in projects in some 120 countries, including security assistance to partners such as Ukraine as well as development work for clean water, job training and education, including for schoolgirls under Taliban rule in Afghanistan.The U.S. is the world’s largest humanitarian donor by far. It spends less than 1% of its budget on foreign assistance, a smaller share of its budget than some countries.Health programs like those credited with helping end polio and smallpox epidemics and an acclaimed HIV/AIDS program that saved more than 20 million lives in Africa already have stopped. So have monitoring and deployments of rapid-response teams for contagious diseases such as an Ebola outbreak in Uganda.Hundreds of millions of dollars of food and medication already delivered by U.S. companies are sitting in ports because of the administration’s sudden shutdown of the agency.Democratic lawmakers and others say the USAID is enshrined in legislation as an independent agency, and cannot be shut down without congressional approval. Supporters of USAID from both political parties say its work overseas is essential to countering the influence of Russia, China, and other adversaries and rivals abroad, and to cementing alliances and partnerships.The decision to withdraw direct-hire staff and their families earlier than their planned departures will likely cost the government tens of millions of dollars in travel and relocation costs.Staff being placed on leave include both foreign and civil service officers who have legal protection against arbitrary dismissal and being placed on leave without reason.The American Foreign Service Association, the union which represents U.S. diplomats, sent a notice to its members denouncing the decision and saying it was preparing legal action to counter or halt it.Locally employed USAID staff, however, do not have much recourse and were excluded from the federal government’s voluntary buyout offer.USAID staffers and families faced wrenching decisions as the rumored order loomed, including whether to pull children out of school midyear. Some gave away pet cats and dogs, fearing the Trump administration would not give them time to complete the paperwork to bring the animals with them.Tuesday’s notice said it would consider case-by-case exceptions for those needing more time. But with most of the agency’s staff soon off the job, it was unclear who would process such claims or other paperwork needed for the mass removal of thousands of overseas staffers.Musk’s teams had taken USAID’s website offline over the weekend and it came back online Tuesday night, with the notice of recall or termination for global staffers its sole post.The announcement came as Secretary of State Marco Rubio was on a five-nation tour of Central America and met with embassy and USAID staff at two of the region’s largest USAID missions: El Salvador and Guatemala on Monday and Tuesday.Journalists accompanying Rubio were not allowed to witness the so-called “meet and greet” sessions in those two countries, but had been allowed in for a similar event in Panama on Sunday in which Rubio praised employees, particularly locals, for their dedication and service.At a news conference earlier Tuesday, Rubio said he has “long supported foreign aid. I continue to support foreign aid. But foreign aid is not charity.” He noted that every dollar the U.S. spends must advance its national interests.The online notice says those who will be exempted from leave include staffers responsible for “mission-critical functions, core leadership and specially designated programs” and would be informed by Thursday afternoon.“Thank you for your service,” the notice concluded. Lee reported from Guatemala City. Elen Knickmeyer and Matthew Lee, Associated Press
Category:
E-Commerce
Over the first 16 days of the Trump administration, Elon Musk and a small team at the “Department of Government Efficiency” has systematically started to dismantle the agencies that keep the country running. DOGE workers have taken multiple actions that experts say are illegal, from accessing private taxpayer data to pushing workers out of their jobs. Musk (and Trump’s) power grab has arguably created a constitutional crisisand seems likely to only get worse. “This is totally outside the bounds of the way the federal government should operate, and is required by law to operate,” says says John Davisson, director of litigation and senior counsel at the nonprofit Electronic Privacy Information Center. So far, no one has stopped Musk. But it’s possible that lawsuits that are now underway could succeed. Musk is behind a push to try to get two million federal workers to quit their jobsincluding air traffic controllers, in an email that went out the day after a plane crash in D.C. killed 67 people. (This happened despite the fact that 90% of airports currently have a shortage of workers.) Only after a second plane crashed in Philadelphia, a day later, were air traffic controllers exempted from the general effort to try to get federal employees to take buyouts. An email sent by DOGE officials claimed that workers who took buyouts would get paid through September if they agreed to quit this month. As of Tuesday, at least 20,000 workers had agreed to leavebut the government doesnt have the funding to pay them, and DOGE doesn’t legally have the authority to make the buyout offer in the first place. Meanwhile, some roles that cover vital day-to-day work will go unfilled. Some agencies, like the Justice Department and FBI, have seen firings that are also likely illegal. Musks team also reportedly accessed classified information at USAID, the international aid agency, without the proper clearance; the security officers who tried to stop them were put on leave. Musk later said that he spent the weekend putting USAID into the wood chipper, and that the humanitarian agency, which has saved millions of lives, was a criminal organization and it was time for it to die. On Friday, USAID announced that its 10,000 employees will be put on administrative leave. DOGE also reportedly accessed private Treasury payment systems that contain Americans personal data, including tax information and social security numbers, despite potential conflicts of interest with his own businesses and the risk that the data could fall into the wrong hands. Another career official was placed on leave for trying to prevent Musk’s teamincluding some college-age programmers with no government experiencefrom seeing the data. That band of personnel is barreling in to agencies across the government, upending security and privacy and confidentiality protections and established procedures, to gain access to databases that in many cases contain vast amounts of sensitive personal information from the general public and from federal employees, says Davisson. And they are doing this to remake the federal government in their preferred manner, regardless of what Congress has ordained. U.S. Sen. Elizabeth Warren speaks to a crowd gathered in front of the U.S. Treasury Department in protest of Elon Musk and the Department of Government Efficiency on February 4, 2025. [Photo: Anna Rose Layden/Getty Images] ‘The approach seems to be to move fast and break things, including the law’ Much of DOGEs work is illegal, experts say. “Basically, the approach seems to be to move fast and break things, including the law,” says Laura Dickinson, a law professor at the George Washington University Law School who focuses on national security and human rights. “A lot of what his team is doing appears to be illegal, and they’re putting the burden of challenging this on people that are harmed.” DOGE is potentially breaking multiple laws. Its access to taxpayer information, for example, “is very likely illegal under the Privacy Act and under aspects of the Internal Revenue Code, which guarantee confidentiality of information,” Dickinson says. “There’s also a case to be made that it could violate the Federal Information Security Modernization Act, which has some cybersecurity protection. The issue here is just that that personal data is very closely regulatedwho can have access to it, for privacy reasons, but also for security reasons. It’s really quite dangerous to kind of change the process for handling that data. There could be greater exposure to hackers and others.” In the case of USAID, because it was established by Congress, Musk and Trump don’t get to choose whether or not it survives. Theres no current authority for this president, or any president, to abolish USAID, says David Super, a law professor at Georgetown University with expertise in administrative and constitutional law. So hes flatly disregarding a binding statute of Congress. The administration has folded USAID into the State Department, something that it also doesn’t have the authority to do. Now Musk’s team is also targeting the Department of Education, which Trump reportedly wants to shut down via executive order. The DOGE team also showed up at the headquarters of the National Oceanic and Atmospheric Administration (NOAA) on Tuesday, reportedly accessing computer systems with more confidential information. Project 2025 called for the agency to be “broken up and downsized.” Like USAID, the president doesn’t have the legal authority to close either department. DOGE also doesnt have the authority to tell employees to quit. Federal law does allow for buyouts, but only if an agency decides that it wants to staff to leave early and submits a plan to the Office of Personnel Management and gets the plan aproved. DOGE has created something entirely different, without any legal authority, in which they are effectively promising federal employees that they will be paid for doing no work between now and the end of September, Super says. Making such a promise is illegal, and they also have no authority to keep the promise even if they wanted to. (Unions representing federal workers have warned that the buyout offers are scams, and that workers are unlikely to actually get paid.) Lawsuits are underway Because the work is illegal, lawsuits are part of the answer. Federal employee unions sued the Trump administration on Tuesday for allowing DOGE access to sensitive data. The largest union also sued over the buyout offers, saying that the policy is “pretext for removing and replacing government workers on an ideological basis.” Public Citizen, an advocacy group, is suing over DOGE’s violation of the Federal Advisory Committee Act, a law that requires public meetings and more transparency over what the government does. More lawsuits will come. USAID workers could sue, and so could recipients of funding from USAID, including contractors who work for the agency. Anyone who’s affected, including citizens, could potentially sue. “For example, if there is someone who is signed up to get extension courses from the Agriculture Department and those courses are cut off because of the illegal change in the job responsibilities of the people who were supposed to teach that course, people could absolutely sue,” says Super. It’s possible that some court cases could move quickly, in the same way that a court almost immediately blocked the Trump administration’s attempt to freeze all federal funding. “That doesn’t mean that there won’t be serious harm,” Super says. “We’ve heard of AIDS treatment programs overseas and other things that desperately need continuity that have been shut down. All the people whose lives have been upendedpeople who are wondering how they’re going to make their mortgage, having taken jobs with the federal government often for less than the private sector would offer, expecting the job security that federal law provides themnow seeing their lives upset.” Still, he says “lawsuits can stop these things quite quickly.” Though this also requires the Trump administration obeying the rulings of the court. Congress also needs to act, says Maria McFarland Sanchez-Moreno, CEO of RepresentUS, a nonprofit that fights corruption. “It’s urgent that Congress do its job,” she says. “They are responsible for exercising oversight over the executive branch.” Although several Congresspeople have spoken upSenator Brian Schatz, for example, vowed to put a blanket hold on nominees for the State Department to protest what’s happening to USAIDthe majority still haven’t. “Nobody should be silent in the face of this,” Sanchez-Moreno says. “And frankly, this should not be a partisan issue. This is about very traditional, historically conservative values of rule of law and preventing corruption and abuse of authority and respecting the constitution.” In her past work in international human rights, she says she saw firsthand how important it was to act. “These sorts of issues are easier to address earlier than laterI say that having worked on autocracy and corruption in many parts of the world,” she says. “Once you have attacks on the rule of law, if it’s not protected in a pretty strong way, it can be harder to recover it.” Everything DOGE has done follows the playbook that Musk has taken at his own companies, where he’s skirted labor laws and ignored safety regulations. In some cases, he’s gotten away with it. The stakes are obviously higher now. “This is a fast-rolling catastrophe,” says Davisson. “It is happening right now and demands an immediate response. I think all of our business in Congress should be put to the side and stalled wherever possible until this gross criminality and illegality is corrected and the DOGE is forced out of these systems.”
Category:
E-Commerce
All news |
||||||||||||||||||
|
||||||||||||||||||