The New York Times reports on a program to forgive U.S. student loans from private lenders — a kind of private parallel to a federal program which "allows those who were seriously misled by their schools to have their federal student loans eliminated."

The problem? Eight U.S. senators complain the loan discharge process remains "burdensome and confusing" — and most students don't even know it exists. Navient, a large owner of private student loan debt, has created, but not publicized, a program that allows borrowers to apply to have their loans forgiven.... A nonprofit group of lawyers has stepped in ease the process: On Thursday, the Project on Predatory Student Lending, an advocacy group in Boston, published Navient's application form and an instruction guide for borrowers with private loans who are seeking relief on the grounds that their school lied to them...

For nearly a decade, in the early 2000s, Navient — then known as Sallie Mae — struck deals with for-profit schools to issue private loans to their students. Lawsuits from state attorneys general later accused Navient of making those loans knowing that most would never be repaid. Many schools indemnified Navient for the private loans, agreeing to defray the company's loss if the loans defaulted. In 2022, Navient settled with 40 state attorneys general and canceled $1.7 billion in debt on those private loans — but only for borrowers who had already defaulted. Because those debts were unlikely to ever be repaid, the deal cost Navient only $50 million, the company said in regulatory filings. Borrowers who had kept paying their bills... remained stuck.

But a pressure campaign from lawmakers, federal regulators and lawyers representing borrowers prompted the company to create the "school misconduct discharge." Navient began sending a 12-page application form this year to some borrowers who complained about their private loans. The document lists dozens of types of impropriety by schools — such as inflating job placement rates and graduates' earnings, or misrepresenting their educational programs — and asks borrowers to choose which apply to their experience. Applicants are required to submit documentation for their claims...

[Navient's CEO, David Yowan] told investors on a conference call in January that Navient had put $35 million in reserve for losses on school misconduct claims. He cited "new regulatory expectations" as the reason. Navient has not disclosed how much of its $16.6 billion private student loan portfolio consists of loans that could be eligible for the debt cancellation program.

The Japanese government is pushing ahead with a plan to make Japan's publicly funded research output free to read. From a report: In June, the science ministry will assign funding to universities to build the infrastructure needed to make research papers free to read on a national scale. The move follows the ministry's announcement in February that researchers who receive government funding will be required to make their papers freely available to read on the institutional repositories from January 2025. The Japanese plan "is expected to enhance the long-term traceability of research information, facilitate secondary research and promote collaboration," says Kazuki Ide, a health-sciences and public-policy scholar at Osaka University in Suita, Japan, who has written about open access in Japan.

The nation is one of the first Asian countries to make notable advances towards making more research open access (OA) and among the first countries in the world to forge a nationwide plan for OA. The plan follows in the footsteps of the influential Plan S, introduced six years ago by a group of research funders in the United States and Europe known as cOAlition S, to accelerate the move to OA publishing. The United States also implemented an OA mandate in 2022 that requires all research funded by US taxpayers to be freely available from 2026. When the Ministry of Education, Culture, Sports, Science and Technology (MEXT) announced Japan's pivot to OA in February, it also said that it would invest around $63 million to standardize institutional repositories -- websites dedicated to hosting scientific papers, their underlying data and other materials -- ensuring that there will be a mechanism for making research in Japan open.

Vista Equity Partners has written off the entire equity value of its investment in tech learning platform Pluralsight, three years after taking it private for $3.5 billion, Axios reported Friday. From the report: One source says that the Utah-based company's financials have improved, with around 26% EBITDA growth in 2023, but not enough to service nearly $1.3 billion of debt that was issued when interest rates were lower. It's also a company whose future could be dimmed by advances in artificial intelligence, since some of the developer skills it teaches are becoming automated. Vista agreed to buy the company in late 2020 for $20.26 per share, representing a 25% premium to its 30-day trading average, despite a lack of profits.

The New York governor, Kathy Hochul, plans to introduce a bill banning smartphones in schools, the latest in a series of legislative moves aimed at online child safety by New York's top official. From a report: "I have seen these addictive algorithms pull in young people, literally capture them and make them prisoners in a space where they are cut off from human connection, social interaction and normal classroom activity," she said. Hochul said she would launch the bill later this year and take it up in New York's next legislative session, which begins in January 2025. If passed, schoolchildren will be allowed to carry simple phones that cannot access the internet but do have the capability to send texts, which has been a sticking point for parents. She did not offer specifics on enforcing the prohibition. "Parents are very anxious about mass shootings in school," she said. "Parents want the ability to have some form of connection in an emergency situation." The smartphone-ban bill will follow two others Hochul is pushing that outline measures to safeguard children's privacy online and limit their access to certain features of social networks.

Exactly one year after the fatal shooting of 19 elementary school students in Texas, their parents filed a lawsuit against the publisher of the videogame Call of Duty, against Meta, and against the manufacturer of the AR-15-style weapon used in the attack, Daniel Defense.

The Washington Post says the lawsuits "may be the first of their kind to connect aggressive firearms marketing tactics on social media and gaming platforms to the actions of a mass shooter." The complaints contend the three companies are responsible for "grooming" a generation of "socially vulnerable" young men radicalized to live out violent video game fantasies in the real world with easily accessible weapons of war...

Several state legislatures, including California and Hawaii, passed consumer safety laws specific to the sale and marketing of firearms that would open the industry to more civil liability. Texas is not one of them. But it's just one vein in the three-pronged legal push by Uvalde families. The lawsuit against Activision and Meta, which is being filed in California, accuses the tech companies of knowingly promoting dangerous weapons to millions of vulnerable young people, particularly young men who are "insecure about their masculinity, often bullied, eager to show strength and assert dominance."

"To put a finer point on it: Defendants are chewing up alienated teenage boys and spitting out mass shooters," the lawsuit states...

The lawsuit alleges that Meta, which owns Instagram, easily allows gun manufacturers like Daniel Defense to circumvent its ban on paid firearm advertisements to reach scores of young people. Under Meta's rules, gunmakers are not allowed to buy advertisements promoting the sale of or use of weapons, ammunition or explosives. But gunmakers are free to post promotional material about weapons from their own account pages on Facebook and Instagram — a freedom the lawsuit alleges Daniel Defense often exploited.

According to the complaint, the Robb school shooter downloaded a version of "Call of Duty: Modern Warfare," in November 2021 that featured on the opening title page the DDM4V7 model rifle [shooter Salvador] Ramos would later purchase. Drawing from the shooter's social media accounts, Koskoff argued he was being bombarded with explicit marketing and combat imagery from the company on Instagram... The complaint cites Meta's practice, first reported by The Washington Post in 2022, of giving gun sellers wide latitude to knowingly break its rules against selling firearms on its websites. The company has allowed buyers and sellers to violate the rule 10 times before they are kicked off, The Post reported.
The article adds that the lawsuit against Meta "echoes some of the complaints by dozens of state attorneys general and school districts that have accused the tech giant of using manipulative practices to hook... while exposing them to harmful content." It also includes a few excerpts from the text of the lawsuit.

• It argues that both Meta and Activision "knowingly exposed the Shooter to the weapon, conditioned him to see it as the solution to his problems, and trained him to use it."

• The lawsuit also compares their practices to another ad campaign accused of marketing harmful products to children: cigarettes. "Over the last 15 years, two of America's largest technology companies — Defendants Activision and Meta — have partnered with the firearms industry in a scheme that makes the Joe Camel campaign look laughably harmless, even quaint."

Meta and Daniel Defense didn't respond to the reporters' requests for comment. But they did quote a statement from Activision expressing sympathy for the communities and families impacted by the "horrendous and heartbreaking" shooting.

Activision also added that "Millions of people around the world enjoy video games without turning to horrific acts."

Microsoft is partnering with tutoring organization Khan Academy to provide a generative AI assistant to all teachers in the U.S. for free. From a report: Khanmigo for Teachers, which helps teachers prepare lessons for class, is free to all educators in the U.S. as of Tuesday. The program can help create lessons, analyze student performance, plan assignments, and provide teachers with opportunities to enhance their own learning.

"Unlike most things in technology and education in the past where this is a 'nice-to-have,' this is a 'must-have' for a lot of teachers," Sal Khan, founder and CEO of Khan Academy, said in a CNBC "Squawk Box" interview last Friday ahead of the deal. Khan Academy has roughly 170 million registered users in over 50 languages around the world, and while its videos are best known, its interactive exercise platform was one which Microsoft-funded artificial intelligence company OpenAI's top executives, Sam Altman and Greg Brockman, zeroed in on early when they were looking for a partner to pilot GPT with that offered socially positive use cases.

An anonymous reader quotes a report from Ars Technica: Within approximately 12 seconds, two highly educated brothers allegedly stole $25 million by tampering with the ethereum blockchain in a never-before-seen cryptocurrency scheme, according to an indictment that the US Department of Justice unsealed Wednesday. In a DOJ press release, US Attorney Damian Williams said the scheme was so sophisticated that it "calls the very integrity of the blockchain into question."

"The brothers, who studied computer science and math at one of the most prestigious universities in the world, allegedly used their specialized skills and education to tamper with and manipulate the protocols relied upon by millions of ethereum users across the globe," Williams said. "And once they put their plan into action, their heist only took 12 seconds to complete." Anton, 24, and James Peraire-Bueno, 28, were arrested Tuesday, charged with conspiracy to commit wire fraud, wire fraud, and conspiracy to commit money laundering. Each brother faces "a maximum penalty of 20 years in prison for each count," the DOJ said. The indictment goes into detail explaining that the scheme allegedly worked by exploiting the ethereum blockchain in the moments after a transaction was conducted but before the transaction was added to the blockchain. To uncover the scheme, the special agent in charge, Thomas Fattorusso of the IRS Criminal Investigation (IRS-CI) New York Field Office, said that investigators "simply followed the money."

"Regardless of the complexity of the case, we continue to lead the effort in financial criminal investigations with cutting-edge technology and good-ol'-fashioned investigative work, on and off the blockchain," Fattorusso said.

According to a new study published in the journal Technology, Mind and Behavior, researchers found that internet use is associated with greater wellbeing in people around the world. "Our analysis is the first to test whether or not internet access, mobile internet access and regular use of the internet relates to wellbeing on a global level," said Prof Andrew Przybylski, of the University of Oxford, who co-authored the work. The Guardian reports: [T]he study describes how Przybylski and Dr Matti Vuorre, of Tilburg University in the Netherlands, analysed data collected through interviews involving about 1,000 people each year from 168 countries as part of the Gallup World Poll. Participants were asked about their internet access and use as well as eight different measures of wellbeing, such as life satisfaction, social life, purpose in life and feelings of community wellbeing.

The team analyzed data from 2006 to 2021, encompassing about 2.4 million participants aged 15 and above. The researchers employed more than 33,000 statistical models, allowing them to explore various possible associations while taking into account factors that could influence them, such as income, education, health problems and relationship status. The results reveal that internet access, mobile internet access and use generally predicted higher measures of the different aspects of wellbeing, with 84.9% of associations between internet connectivity and wellbeing positive, 0.4% negative and 14.7% not statistically significant.

The study was not able to prove cause and effect, but the team found measures of life satisfaction were 8.5% higher for those who had internet access. Nor did the study look at the length of time people spent using the internet or what they used it for, while some factors that could explain associations may not have be considered. Przybylski said it was important that policy on technology was evidence-based and that the impact of any interventions was tracked.

An anonymous reader shared this report from the Wall Street Journal: Drunken-driving deaths in the U.S. have risen to levels not seen in nearly two decades, federal data show, a major setback to long-running road-safety efforts. At the same time, arrests for driving under the influence have plummeted, as police grapple with challenges like hiring woes and heightened concern around traffic stops... About 13,500 people died in alcohol impairment-related crashes in 2022, according to data released in April by the National Highway Traffic Safety Administration. That is 33% above 2019's toll and on par with 2021's. The last time so many people died as a result of accidents involving intoxicated drivers was in 2006.
That's still down from the early 1980s, when America was seeing over 20,000 drunk-driving deaths a year, according to the article. "By 2010, that number had fallen to around 10,000 thanks to high-profile public-education campaigns by groups like MADD, tougher laws, and aggressive enforcement that included sobriety checkpoints and typically yielded well over a million DUI arrests annually."

But some hope to solve the problem using technology: Many activists and policymakers are banking on the promise of built-in devices to prevent a car from starting if the driver is intoxicated, either by analyzing a driver's exhaled breath or using skin sensors to gauge the blood-alcohol level. NHTSA issued a notice in December that it said lays the groundwork for potential alcohol-impairment detection technology standards in all new cars "when the technology is mature."
And Glenn Davis, who manages Colorado's highway-safety office, "pointed to Colorado's extensive use of ignition interlock systems that require people convicted of DUI to blow into a tube to verify they are sober in order for their car to start. He said the office promotes nondriving options such as Lyft and Uber."

"A former high school athletic director was arrested Thursday morning," reports CBS News, "after allegedly using artificial intelligence to impersonate the school principal in a recording..." One-time Pikesville High School employee Dazhon Darien is facing charges that include theft, stalking, disruption of school operations and retaliation against a witness. Investigators determined he faked principal Eric Eiswert's voice and circulated the audio on social media in January. Darien's nickname, DJ, was among the names mentioned in the audio clips he allegedly faked, according to the Baltimore County State's Attorney's Office.

Baltimore County detectives say Darien created the recording as retaliation against Eiswert, who had launched an investigation into the potential mishandling of school funds, Baltimore County Police Chief Robert McCullough said on Thursday. Eiswert's voice, which police and AI experts believe was simulated, made disparaging comments toward Black students and the surrounding Jewish community. The audio was widely circulated on social media.
The article notes that after the faked recording circulated on social media the principal "was temporarily removed from the school, and waves of hate-filled messages circulated on social media, while the school received numerous phone calls."

The suspect had actually used the school's network multiple times to perform online searches for OpenAI tools, "which police linked to paid OpenAI accounts."

An anonymous reader quotes a report published last week by Physics World: Researchers at the Dutch quantum institute QuTech in Delft have announced plans to build Europe's first 100-quantum bit (qubit) quantum computer. When complete in 2026, the device will be made publicly available, providing scientists with a tool for quantum calculations and simulations. The project is funded by the Dutch umbrella organization Quantum Delta NL via the European OpenSuperQPlus initiative, which has 28 partners from 10 countries. Part of the 10-year, 1 billion-euro European Quantum Flagship program, OpenSuperQPlus aims to build a 100-qubit superconducting quantum processor as a stepping stone to an eventual 1000-qubit European quantum computer.

Quantum Delta NL says the 100-qubit quantum computer will be made publicly available via a cloud platform as an extension of the existing platform Quantum Inspire that first came online in 2020. It currently includes a two-qubit processor of spin qubits in silicon, as well as a five-qubit processor based on superconducting qubits. Quantum Inspire is currently focused on training and education but the upgrade to 100 qubits is expected to allow research into quantum computing. Lead researcher from QuTech Leonardo DiCarlo believes the R&D cycle has "come full circle," where academic research first enabled spin-off companies to grow and now their products are being used to accelerate academic research.

The head of Britain's domestic intelligence agency warned the country's leading research universities on Thursday that foreign states are targeting their institutions and imperilling national security. The Record: "We know that our universities are being actively targeted by hostile actors and need to guard against the threat posed to frontier research in the most sensitive sectors," said the deputy prime minister Oliver Dowden, who also attended the briefing. The threat requires "further measures," said the deputy PM, who announced that the government was launching a consultation with the sector so it could "do more to support our universities and put the right security in place to protect their cutting-edge research."

The briefing was delivered by Ken McCallum, the director general of MI5, alongside Dowden and the National Cyber Security Centre's interim chief executive, Felicity Oswald. It was made to the vice-chancellors of the Russell Group, a collective of the country's 24 leading universities. Among the range of measures being considered is having MI5, the domestic security agency, carry out security vetting on key researchers involved in a "small proportion of academic work, with a particular focus on research with potential dual uses in civilian and military life."

Thomas Claburn reports via The Register: Baltimore police have arrested Dazhon Leslie Darien, the former athletic director of Pikesville High School (PHS), for allegedly impersonating the school's principal using AI software to make it seem as if he made racist and antisemitic remarks. Darien, of Baltimore, Maryland, was subsequently charged with witness retaliation, stalking, theft, and disrupting school operations. He was detained late at night trying to board a flight at BWI Thurgood Marshall Airport. Security personnel stopped him because the declared firearm he had with him was improperly packed and an ensuing background check revealed an open warrant for his arrest.

"On January 17, 2024, the Baltimore County Police Department became aware of a voice recording being circulated on social media," said Robert McCullough, Chief of Baltimore County Police, at a streamed press conference today. "It was alleged the voice captured on the audio file belong to Mr Eric Eiswert, the Principal at the Pikesville High School. We now have conclusive evidence that the recording was not authentic. "The Baltimore County Police Department reached that determination after conducting an extensive investigation, which included bringing in a forensic analyst contracted with the FBI to review the recording. The results of the analysis indicated the recording contained traces of AI-generated content." McCullough said a second opinion from a forensic analyst at the University of California, Berkeley, also determined the recording was not authentic. "Based off of those findings and further investigation, it's been determined the recording was generated through the use of artificial intelligence technology," he said.

According to the warrant issued for Darien's arrest, the audio file was shared through social media on January 17 after being sent via email to school teachers. The recording sounded as if Principal Eric Eiswert had made remarks inflammatory enough to prompt a police visit to advise on protective security measures for staff. [...] The clip, according to the warrant, led to the temporary removal of Eiswert from his position and "a wave of hate-filled messages on social media and numerous calls to the school," and significantly disrupted school operations. Police say it led to threats against Eiswert and concerns about his safety. Eiswert told investigators that he believes the audio clip was fake as "he never had the conversations in the recording." And he said he believed Darien was responsible due to his technical familiarity with AI and had a possible motive: Eiswert said there "had been conversations with Darien about his contract not being renewed next semester due to frequent work performance challenges." "It is clear that we are also entering a new deeply concerning frontier as we continue to embrace emerging technology and its potential for innovation and social good," said John Olszewski, Baltimore County Executive, during a press conference. "We must also remain vigilant against those who would have used it for malicious intent. That will require us to be more aware and more discerning about the audio we hear and the images we see. We will need to be careful in our judgment."

AmiMoJo writes: Knowing your ABCs is essential to academic success, but having a last name starting with A, B or C might also help make the grade. An analysis by University of Michigan researchers of more than 30 million grading records from U-M finds students with alphabetically lower-ranked names receive lower grades. This is due to sequential grading biases and the default order of students' submissions in Canvas -- the most widely used online learning management system -- which is based on alphabetical rank of their surnames.

What's more, the researchers found, those alphabetically disadvantaged students receive comments that are notably more negative and less polite, and exhibit lower grading quality measured by post-grade complaints from students.

The US Consumer Financial Protection Bureau (CFPB) has slapped coding boot camp BloomTech -- formerly known as Lambda School -- with several punishments for alleged deceptive business practices. From a report: The business, which claims on its site it will help students land their "dream job" in tech at companies like Amazon, Cisco, and Google, accepted the consent order without admitting or denying any wrongdoing. In an announcement yesterday, the CFPB said it had taken action against BloomTech and its CEO Austen Allred for allegedly not disclosing the true cost of its loans to students and allegedly claiming overoptimistic hiring rates for BloomTech graduates. BloomTech, formerly Lambda School, has operated since 2017 and offers six- to nine-month vocational programs in science and engineering, with a focus on computer technology.

"BloomTech and its CEO sought to drive students toward income share loans that were marketed as risk-free, but in fact carried significant finance charges and many of the same risks as other credit products," said Rohit Chopra, director of the CFPB. With income share loans or income share agreements, BloomTech allowed students to pay tuition later but in exchange had to pay a percentage of their future income, CFPB claimed. The agency alleged that BloomTech explicitly told students that its income share loans (which cost an average of $4k "finance charge" to use) weren't actually loans at all. The CFPB claimed in the settlement order a "significant majority" of students used these loans to finance their education, and alleged each student could end up paying up to $30k of their income to BloomTech to settle the loans. From the CFPB's press release: BloomTech advertised on its website that 71 to 86 percent of students were placed in jobs within six months of graduation, when its non-public reporting to investors consistently showed placement rates closer to 50 percent. Allred tweeted that the school achieved a 100 percent job-placement rate in one of its cohorts, and later acknowledged in a private message that the sample size was just one student.

Sweden is the newest nation to sign onto NASA's Artemis Accords -- a series of non-binding bilateral arrangements for peaceful and responsible exploration. Space.com reports: During a signing event in Stockholm on Tuesday (April 16), Swedish Minister for Education Mats Persson penned the agreement alongside U.S. Ambassador Erik D. Ramanathan. "By joining the Artemis Accords, Sweden strengthens its strategic space partnership with the U.S. on space covering areas such as Swedish space research and the space industry, which in turn also strengthens Sweden's total defense capability," Persson said in a NASA statement. The event in Stockholm comes just on the heels of Switzerland's signing of the Artemis Accords the day before. Greece and Uruguay were also included in February. Sweden is now the 38th nation to join the accords, which were established in 2020, as the first Artemis moon launch inched closer to reality.

The Accords mirror principles set out in 1967, as part of the Outer Space Treaty to help govern international cooperation space. NASA is using the refreshed agreement as a guideline for the Artemis program, which aims to send astronauts back to the moon for the first time since Apollo 17, in 1972. In the agency's statement, NASA administrator Bill Nelson welcomed Sweden to the expanding space club. "Our nations have worked together to discover new secrets in our solar system, and now, we welcome you to a global coalition that is committed to exploring the heavens openly, transparently, responsibly, and in peace," Nelson said, adding, "the United States and Sweden share the same bedrock principles, and we're excited to expand these principles to the cosmos."

Under a new agreement between the U.S. and Japan, the first non-American on the Moon as part of the Artemis lunar exploration campaign will be a Japanese astronaut. SpaceNews reports: At an event in Washington, NASA Administrator Bill Nelson and Japanese Minister of Education, Culture, Sports, Science and Technology (MEXT) Masahito Moriyama signed an agreement regarding an additional Japanese contribution to Artemis, a pressurized lunar rover called Lunar Cruiser. NASA will deliver the rover to the moon, which the agencies said should take place ahead of the Artemis 7 mission scheduled for no earlier than 2031. NASA will also provide two seats on future Artemis lunar landing missions to astronauts from the Japanese space agency JAXA, the first agency other than NASA to secure spots on landing missions.

The Japanese rover will support extended expeditions from Artemis landing sites that are beyond the range of the Lunar Terrain Vehicle that three American companies are developing for NASA under contracts announced April 3. The rover is designed to accommodate two astronauts for up to 30 days, with an overall lifetime of 10 years. The announcement, though, offered no details about when the Japanese astronauts would fly to the moon. "It depends," Nelson said at an April 10 briefing when asked about schedules, noting that the two countries "announced a shared goal for a Japanese national to land on the moon on a future NASA mission assuming benchmarks are achieved."

"No mission has been currently assigned to a Japanese astronaut," added Lara Kearney, manager of NASA's extravehicular activity and human surface mobility program, at the briefing. The implementing agreement (PDF) said several factors will go into crew assignments, including progress on the pressurized rover, or PR: "The timing of the flight opportunities will be determined by NASA in line with existing flight manifesting and crew assignment processes and will take into account program progress and constraints, MEXT's request for the earliest possible assignment of the Japanese astronauts to lunar surface missions, and major PR milestones such as when the PR is first deployed on the lunar surface." The assumption among many in the industry, though, is that at least one of the astronauts will fly before the rover is delivered, and possibly as soon as the Artemis 4 mission, the second crewed landing, in the late 2020s.

An anonymous reader quotes a report from KrebsOnSecurity: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening. New York City based Sisense has more than 1,000 customers across a range of industry verticals, including financial services, telecommunications, healthcare and higher education. On April 10, Sisense Chief Information Security Officer Sangram Dash told customers the company had been made aware of reports that "certain Sisense company information may have been made available on what we have been advised is a restricted access server (not generally available on the internet.)" In its alert, CISA said it was working with private industry partners to respond to a recent compromise discovered by independent security researchers involving Sisense.

Sisense declined to comment when asked about the veracity of information shared by two trusted sources with close knowledge of the breach investigation. Those sources said the breach appears to have started when the attackers somehow gained access to the company's code repository at Gitlab, and that in that repository was a token or credential that gave the bad guys access to Sisense's Amazon S3 buckets in the cloud. Both sources said the attackers used the S3 access to copy and exfiltrate several terabytes worth of Sisense customer data, which apparently included millions of access tokens, email account passwords, and even SSL certificates.

The incident raises questions about whether Sisense was doing enough to protect sensitive data entrusted to it by customers, such as whether the massive volume of stolen customer data was ever encrypted while at rest in these Amazon cloud servers. It is clear, however, that unknown attackers now have all of the credentials that Sisense customers used in their dashboards. The breach also makes clear that Sisense is somewhat limited in the clean-up actions that it can take on behalf of customers, because access tokens are essentially text files on your computer that allow you to stay logged in for extended periods of time -- sometimes indefinitely. And depending on which service we're talking about, it may be possible for attackers to re-use those access tokens to authenticate as the victim without ever having to present valid credentials. Beyond that, it is largely up to Sisense customers to decide if and when they change passwords to the various third-party services that they've previously entrusted to Sisense. "If they are hosting customer data on a third-party system like Amazon, it better damn well be encrypted," said Nicholas Weaver, a researcher at University of California, Berkeley's International Computer Science Institute (ICSI) and lecturer at UC Davis. "If they are telling people to rest credentials, that means it was not encrypted. So mistake number one is leaving Amazon credentials in your Git archive. Mistake number two is using S3 without using encryption on top of it. The former is bad but forgivable, but the latter given their business is unforgivable."

Amanda Hoover reports via Wired: Students have submitted more than 22 million papers that may have used generative AI in the past year, new data released by plagiarism detection company Turnitin shows. A year ago, Turnitin rolled out an AI writing detection tool that was trained on its trove of papers written by students as well as other AI-generated texts. Since then, more than 200 million papers have been reviewed by the detector, predominantly written by high school and college students. Turnitin found that 11 percent may contain AI-written language in 20 percent of its content, with 3 percent of the total papers reviewed getting flagged for having 80 percent or more AI writing. Turnitin says its detector has a false positive rate of less than 1 percent when analyzing full documents.

Harvard College is reinstating the requirement for standardized testing, reversing course on a pandemic-era policy that made them optional. It follows similar moves from elite universities like Yale, Dartmouth, and MIT. Axios reports: At Harvard, the mandate will be in place for students applying to begin school in fall 2025. Harvard had previously committed to a test-optional policy for applicants through the class of 2030, which would have started in fall 2026. Most students who applied since the pandemic began have submitted test scores despite the test-optional policy, the university said.

Reviewing SAT/ACT scores as part of a student's application packet helps an admissions decision be holistic, the university said in a statement. "Standardized tests are a means for all students, regardless of their background and life experience, to provide information that is predictive of success in college and beyond," Hopi Hoekstra, a Harvard dean, said in the statement. "Indeed, when students have the option of not submitting their test scores, they may choose to withhold information that, when interpreted by the admissions committee in the context of the local norms of their school, could have potentially helped their application."