CybserSecurity News

Tag: Tech Policy

  • Values Over Dollars: Python Foundation Rejects $1.5M US Grant Over Anti-DEI Mandate

    The Python Software Foundation (PSF)—the organization overseeing the development of the Python programming language—has declined a $1.5 million federal grant from the U.S. National Science Foundation (NSF), citing new restrictions imposed under the agency’s revised funding terms. These conditions, introduced amid the “War on Woke” policy agenda of Donald Trump’s administration, effectively bar funding to organizations that support diversity, equity, and inclusion (DEI) initiatives. As a result, several planned projects aimed at strengthening the security of the Python ecosystem and the PyPI package repository will now remain unrealized.

    Lauren Crary, Deputy Executive Director of the PSF, explained that the NSF’s contract required recipients to affirm that they “do not and will not engage in programs promoting diversity, equity, and inclusion (DEI) or any discriminatory ideologies.” This stipulation applied not only to the specific security initiative but to the entire scope of the foundation’s activities. Furthermore, the NSF retained the right to demand repayment of any funds already disbursed if it determined that the foundation had violated the anti-DEI clause. According to Crary, this provision created significant uncertainty and financial risk, as the PSF could have been forced to return funds that had already been spent in good faith.

    The foundation stated that such conditions were fundamentally incompatible with its mission to support a “diverse, global community of Python developers.” Although the grant would have been the largest in the organization’s history, the PSF board voted unanimously to reject it. With an annual budget of roughly $5 million and a staff of just 14 employees, the decision carried considerable weight for the small nonprofit.

    Had the agreement proceeded, the funds would have been directed toward supply chain attack prevention, automated verification of new PyPI packages, and the development of security tools applicable across open-source ecosystems. Crary acknowledged that turning down the grant would hinder the implementation of important cybersecurity initiatives but stressed that compromising the foundation’s core principles would have been far more damaging in the long run.

    The PSF’s decision has been broadly supported by the global Python community, which, Crary noted, reinforced the organization’s confidence in its stance. She also remarked that the NSF was undermining its own mission by imposing restrictions that impede the funding of legitimate scientific and technological projects.

    A similar decision was previously made by The Carpentries, another nonprofit that provides training in programming and data analysis for researchers. Faced with the same anti-DEI requirements, it likewise chose principle over funding. Meanwhile, operations at the National Science Foundation remain suspended amid the ongoing U.S. government shutdown.

  • After Tragic Incidents, ChatGPT Implements New Safety Measures

    OpenAI has announced new safety measures for ChatGPT following a series of tragic incidents and lawsuits in which the chatbot was accused of contributing to adolescent suicides. The system will now attempt to infer a user’s age and, when necessary, may request documentation to confirm that the individual is over 18. The company acknowledged that this approach restricts the privacy of adults but deemed the compromise justified in the name of safety.

    OpenAI’s CEO Sam Altman admitted he does not expect unanimous approval of these steps, but stressed their necessity amid mounting tensions surrounding AI regulation. The decision was influenced by several high-profile cases.

    In August, the parents of a teenager named Adam Rein filed a lawsuit, alleging that ChatGPT assisted him in composing a suicide note by suggesting methods while simultaneously discouraging him from confiding in adults. That same month, the Wall Street Journal reported on a 56-year-old man who took his own life after the bot allegedly amplified his paranoia. The Washington Post described another lawsuit, in which parents accused Character AI of involvement in the death of their 13-year-old daughter.

    OpenAI had previously introduced parental controls into ChatGPT, but the rules are now being tightened. For underage users, the chatbot will operate under different principles: refusing flirtatious interactions, excluding discussions of suicide and self-harm even in fictional contexts, and, when detecting signs of dangerous thoughts, attempting to alert parents—or, if that proves impossible and there is imminent risk to life, contacting emergency services.

    The company acknowledged it is grappling with a fundamental challenge inherent to large language models. In its early stages, ChatGPT maintained a rigid stance, refusing a broad array of topics. Yet the rise of “uncensored” and localized alternatives, coupled with criticism of censorship, forced the company to loosen filters. Now the trajectory has shifted once more: the goal is to grant adults the broadest possible freedom while preventing harm and safeguarding the rights of others.

    Similar initiatives are underway elsewhere: in the summer, YouTube announced plans to deploy machine learning algorithms to assess viewer age and shield adolescents from certain categories of content.

  • Apple’s AI Policy Shift: Why Trump’s Return Changed its Chatbot

    Apple revised the evaluation guidelines for its forthcoming chatbot, built on large language models, immediately after Donald Trump’s return to the White House. According to POLITICO, the new instructions for employees of the contractor TransPerfect, based in Barcelona, were issued in March 2025—just two months after the U.S. presidential inauguration. Several hundred staff received updated documents detailing how to assess the AI’s responses to politically sensitive questions.

    POLITICO obtained two versions of the handbook—one used throughout 2024 and early 2025, and a second that took effect in the spring. In the latest rules, terms such as “systemic racism” and “intolerance,” once classified as harmful expressions, have been removed. While “discrimination” remains a prohibited category, topics relating to diversity, equity, and inclusion have now been shifted into the “controversial” section.

    The documents also instruct reviewers to pay greater attention to the model’s responses about Trump’s supporters and about Apple itself. Whereas the earlier guidelines treated questions about the former president’s supporters merely as examples of political-viewpoint discrimination, the revised instructions caution that labeling them as “radical” could be offensive and stereotypical. Trump’s name appeared three times in the old version but eleven times in the new.

    The roster of sensitive subjects has been significantly expanded. Beyond existing categories such as abortion, gun control, LGBTQ+ rights, international disputes, and affirmative action, the list now encompasses elections, vaccination, DEI policies, and even artificial intelligence itself. Entire chapters are dedicated to security circumvention tactics (“jailbreaks”), reflecting challenges faced by competitors like OpenAI. In March, additional geopolitical flashpoints—Gaza, Taiwan, Kashmir, and Crimea—were designated as requiring special scrutiny.

    The updated guidelines also include measures to safeguard Apple’s corporate image. Contractors must flag as sensitive any responses concerning the company’s brand, products, or leadership. Special attention is reserved for Tim Cook, Craig Federighi, Eddy Cue, and even Steve Jobs. Negative references to privacy violations, past scandals, or the use of copyrighted material in training the model are considered critical risks that must be carefully monitored.

    Programmers tasked with reviewing the model received a 125-page manual filled with examples and threat classifications. It outlines “long-term risks” of AI usage, ranging from psychological dependence on the system and uncritical trust in its outputs to diminished confidence in democratic institutions and the amplification of disinformation.

    Apple has officially denied any policy shift, stating that instructions are updated regularly to improve model reliability. Company representatives emphasize that development is guided by “Responsible AI Principles” and that annotators from multiple countries contribute to evaluating response quality across numerous domains. TransPerfect likewise rejected suggestions that the revisions were influenced by external politics, insisting instead that the changes pertain solely to workflow refinements.

  • FTC to Tech Giants: Don’t Weaken Encryption for Foreign Governments

    The U.S. Federal Trade Commission (FTC) has issued a stern warning to America’s largest technology companies, declaring that concessions to foreign governments demanding weakened data protections, backdoors in encryption, or censorship on platforms will not be tolerated. The agency stressed that such actions would constitute violations of the Federal Trade Commission Act and carry legal consequences.

    The letter, signed by Commission Chair Andrew N. Ferguson, was addressed to Akamai, Alphabet (Google), Amazon, Apple, Cloudflare, Discord, GoDaddy, Meta, Microsoft, Signal, Snap, Slack, and X (formerly Twitter). It explicitly referenced recently enacted foreign laws — including the European Digital Services Act, the UK’s Online Safety Act, and the Investigatory Powers Act — which are exerting mounting pressure on U.S. companies.

    Ferguson reminded recipients that yielding to such demands could undermine data protection worldwide. He cited Apple’s recent experience in the United Kingdom, where the company was compelled to suspend end-to-end encryption for iCloud services under government pressure. Though this decision threatened global user security, the requirement was ultimately withdrawn after U.S. diplomatic intervention.

    According to Ferguson, attempts by foreign governments to impose censorship or dismantle end-to-end encryption endanger the freedoms of American users, facilitate foreign surveillance, and increase the risks of identity theft and financial fraud. He also voiced concern that companies themselves might simplify compliance procedures and extend restrictions to U.S. citizens, even when foreign laws do not formally mandate such measures.

    American firms, he emphasized, have binding legal obligations under Section 5 of the FTC Act (15 U.S.C. § 45). These obligations include providing truthful information about privacy and security practices, implementing reasonable safeguards for data protection — including end-to-end encryption — and disclosing any foreign demands that result in censorship or weakened protections.

    The letter also recalled past enforcement actions in the field of encryption. In 2021, the FTC accused Zoom of misleading users with false claims about its end-to-end encryption, while in 2023 the agency held Ring accountable for failing to adequately protect users’ video streams.

    Ferguson concluded his letter with an invitation for company representatives to meet with him on August 28, 2025, to discuss foreign regulatory pressures and explore solutions that would preserve data security without compromise.

  • French City of Lyon Ditches Microsoft for Open Source in Bold Digital Sovereignty Move

    The French city of Lyon has announced a sweeping move away from Microsoft products in favor of open-source software—a decision that further signals Europe’s growing appetite for technological sovereignty.

    According to city officials, the primary motivations behind this transition include a desire to reduce dependence on American IT conglomerates, extend the operational lifespan of municipal hardware, and thereby lessen the environmental impact of digital infrastructure. Abandoning commercial software also aligns with Lyon’s broader strategy to reinforce digital independence, a goal the municipality intends to pursue over the coming years.

    As part of this initiative, Lyon will completely phase out Microsoft Office, replacing it with OnlyOffice—an open-source productivity suite developed by Ascensio Systems and distributed under the GNU Affero General Public License version 3. In lieu of Microsoft’s collaborative and video conferencing tools, the city will adopt the French platform “Territoire Numérique Ouvert,” which translates to “Open Digital Territory.”

    Approximately two million euros have already been allocated for the development and integration of the new system. Funding was provided by the French National Agency for Territorial Cohesion, which supports regional transitions to localized, independent digital solutions. Notably, “Territoire Numérique Ouvert” is already in use across nine French communities, serving several thousand users.

    Lyon’s departure from American software is particularly noteworthy in light of a recent decision by Denmark’s Ministry of Digitalization, which also declared its intent to divest from Microsoft products. Meanwhile, the European Union has, in recent years, championed the concept of digital sovereignty, actively exploring ways to mitigate the risks associated with storing citizen and organizational data within U.S.-controlled infrastructure.

    Such moves have compelled American tech giants—including Microsoft and AWS—to issue prominent assurances about “data localization” and the supposed impossibility of U.S. government interference. However, as Lyon’s example illustrates, a growing number of European institutions prefer not to rely on promises but to build robust, sovereign alternatives.

    The Lyon municipality serves over a million residents and employs nearly 10,000 staff. The loss of such a client is undoubtedly a blow to Microsoft’s local partners, though unlikely to shake the company’s global financial standing. Nevertheless, decisions like these may very well signal the rise of a larger regional trend.

    Indeed, the movement among European cities and government bodies to abandon American software appears to be accelerating—gaining the momentum of an avalanche that may soon prove unstoppable.

  • US House Bans WhatsApp on Government Devices Over Security & Transparency Concerns

    The messaging application WhatsApp, owned by Meta, has been officially banned from use on all devices issued to staff members of the United States House of Representatives. A corresponding notice was circulated among Congressional personnel earlier this week.

    The decision is rooted in cybersecurity concerns. Experts cite WhatsApp’s opaque architecture and limited encryption protocols as persistent vulnerabilities. Moreover, the platform offers no means of external oversight regarding the handling of user data and metadata, further amplifying apprehensions among security specialists.

    As an alternative, Congress has advised staff to utilize other platforms for official communication. Recommended options include Microsoft Teams, Amazon’s Wickr, Signal, and Apple’s native applications—iMessage and FaceTime.

    Unsurprisingly, Meta has firmly opposed the ban. Company representatives insist that WhatsApp provides a higher level of security than the recommended alternatives. They reiterate, as always, that all messages and calls within the app are safeguarded by end-to-end encryption.

    Criticism of WhatsApp’s security is not new. Earlier this year, service officials disclosed that Israeli firm Paragon Solutions, known for developing spyware, had attempted to compromise user accounts. Among the potential targets were journalists, activists, and members of civil society.

    It is important to note that the ban applies exclusively to work-issued Congressional devices. While there is no prohibition against using WhatsApp on personal gadgets, authorities strongly advise against transmitting any professional or sensitive information via the app.