Senator Edward J. Markey (D-Mass.) demanded that Immigration and Customs Enforcement (ICE) confirm or deny the existence of a “domestic terrorists” database that lists US citizens who protest ICE’s immigration crackdown.

ICE “officers and senior Trump administration officials have repeatedly suggested that the Department of Homeland Security (DHS) is building a ‘domestic terrorists’ database comprising information on US citizens protesting ICE’s actions in recent weeks,” Markey wrote in a letter yesterday to Acting ICE Director Todd Lyons. “If such a database exists, it would constitute a grave and unacceptable constitutional violation. I urge you to immediately confirm or deny the existence of such a database, and if it exists, immediately shut it down and delete it.”

Creating a database of peaceful protesters “would constitute a shocking violation of the First Amendment and abuse of power,” and amount to “the kinds of tactics the United States rightly condemns in authoritarian governments such as China and Russia,” Markey said.

Markey’s letter said DHS officials “have repeatedly stated that the agency is engaged in efforts to monitor, catalog, and intimidate individuals engaged in peaceful protests,” and gave several examples. Trump border czar Tom Homan recently told Laura Ingraham on Fox News, “One thing I’m pushing for right now, Laura, we’re going to create a database where those people that are arrested for interference, impeding, and assault, we’re going to make them famous. We’re going to put their face on TV. We’re going to let their employers, and their neighborhoods, and their schools know who these people are.”

Markey’s letter called Homan’s comment “especially alarming given the numerous incidents in which DHS appears to have concluded that protesting ICE itself constitutes grounds for arrest.” Markey pointed to another recent incident in Portland, Maine, in which a masked ICE agent told an observer who was taking video that “we have a nice little database and now you’re considered a domestic terrorist.”

https://arstechnica.com/tech-policy/2026/02/capture-it-all-ice-urged-to-explain-memo-about-collecting-info-on-protesters/

UK probe moves ahead with “urgency”

X said in July 2025 that it was “in the dark” over what specific allegations it faced related to manipulation of the X algorithm and fraudulent data extraction. X said it would not comply with France’s request for access to its recommendation algorithm and real-time data about all user posts.

The Paris prosecutor’s office today said the investigation is taking a “constructive approach” with the goal of ensuring that X complies with French laws “insofar as it operates on national territory.” In addition to Musk and Yaccarino, the prosecutor’s office is seeking interviews with X employees about the allegations and potential compliance measures.

Separately, UK communications regulator Ofcom today provided an update on its investigation into Grok’s generation of sexual deepfakes of real people, including children. Ofcom is “gathering and analyzing evidence to determine whether X has broken the law” and is “progressing the investigation as a matter of urgency,” it said. Ofcom is not currently investigating xAI, the Musk company that develops Grok, but said it “continue[s] to demand answers from xAI about the risks it poses.”

The UK Information Commissioner’s Office (ICO), which regulates data protection, said today it opened a formal investigation into X regarding the “processing of personal data in relation to the Grok artificial intelligence system and its potential to produce harmful sexualized image and video content.”

“We have taken this step following reports that Grok has been used to generate non‑consensual sexual imagery of individuals, including children,” the ICO said. “The reported creation and circulation of such content raises serious concerns under UK data protection law and presents a risk of significant potential harm to the public.”

https://arstechnica.com/tech-policy/2026/02/x-office-raided-in-frances-grok-probe-elon-musk-summoned-for-questioning/

Amid the Trump administration’s attack on universities, Harvard has emerged as a particular target. Early on, the administration put $2.2 billion in research money on hold and shortly thereafter blocked all future funding while demanding intrusive control over Harvard’s hiring and admissions. Unlike many of its peer institutions, Harvard fought back, filing and ultimately winning a lawsuit that restored the cut funds.

Despite Harvard’s victory, the Trump administration continued to push for some sort of formal agreement that would settle the administration’s accusations that Harvard created an environment that allowed antisemitism to flourish. In fact, it had become a running joke among some journalists that The New York Times had devoted a monthly column to reporting that a settlement between the two parties was near.

Given the government’s loss of leverage, it was no surprise that the latest installment of said column included the detail that the latest negotiations had dropped demands that Harvard pay any money as part of a final agreement. The Trump administration had extracted hundreds of millions of dollars from some other universities and had demanded over a billion dollars from UCLA, so this appeared to be a major concession to Harvard.

Given Trump’s tendency to avoid any appearance of concession, his hostile response to the reports was unsurprising. Several hours after the Times published its article, he took to Truth Social to say the government would now seek $1 billion from Harvard. While he separately called the Times’ coverage “completely wrong” and demanded a correction, Trump also favorably quoted the part of the Times article that noted the government had continued to threaten Harvard’s funding despite having lost in court.

All this will likely give Harvard even more ground to argue that the government is being arbitrary and capricious, should the saga ever end up back in court.

https://arstechnica.com/tech-policy/2026/02/upset-at-reports-that-hed-given-up-trump-now-wants-1b-from-harvard/

Feb 03, 2026 Redazione news In evidenza, News, RSS, Tecnologia 0

---

Microsoft ha comunicato che l’autenticazione NTLM verrà disabilitata di default nelle future versioni, lasciando comunque il protocollo presente nel sistema operativo e riattivabile solo tramite policy quando davvero necessario.

Perché NTLM è un bersaglio: relay, replay e pass-the-hash

Il problema di NTLM non è soltanto la sua età, ma la sua esposizione a classi di attacchi che si innestano bene in ambienti enterprise moderni. Microsoft, e diversi esperti, citano esplicitamente relay, replay e man-in-the-middle come le “famiglie” di tecniche che diventano particolarmente pericolose quando un attore malevolo riesce a posizionarsi “in mezzo” a una conversazione di rete o a sfruttare autenticazioni legacy per muoversi lateralmente. In termini di tassonomie operative, il tema si collega a pattern noti come l’Adversary-in-the-Middle e il pass-the-hash, che continuano a comparire un po’ troppo spesso quando si fa la forensica di un attacco proprio perché “funzionano” quando l’azienda mantiene queste dipendenze.

La roadmap in tre fasi: audit, nuove capability Kerberos, poi blocco di default

Microsoft ha strutturato la transizione in tre fasi per ridurre il rischio senza provocare un blackout improvviso di applicazioni e servizi. La prima fase ruota attorno a capacità di auditing potenziate, già disponibili su Windows 11 24H2 e Windows Server 2025, utili a capire dove e perché NTLM viene ancora usato. La seconda fase, prevista per la seconda metà del 2026, introduce nuove funzionalità pensate per “chiudere” i buchi che oggi portano al fallback su NTLM, tra cui IAKerb e un Local Key Distribution Center (Local KDC). La terza fase è quella decisiva: nelle future release, l’NTLM di rete sarà disabilitato per impostazione predefinita, pur restando riabilitabile tramite policy per scenari legacy inevitabili.

 

“Disabilitato di default” non significa “rimosso”: cosa cambia operativamente

Microsoft sottolinea che non si tratta ancora della rimozione completa del protocollo, ma di una consegna del sistema in uno stato più sicuro “by default”, dove l’OS preferisce alternative moderne e Kerberos-based. Questo permetterà di usare NTLM ancora, ma sarà una scelta chiara dell’utente e non un possibile ripiego automatico in caso di sfruttamento di una vulnerabilità o un derivato di vecchie configurazioni di cui si è persa memoria.

In molte reti, infatti, l’uso di NTLM non è “intenzionale”, ma il risultato di condizioni che impediscono a Kerberos di funzionare come previsto. Microsoft, nella propria serie di hardening su Active Directory, entra nel dettaglio delle cause tipiche: problemi di connettività verso i domain controller, uso di account locali, errori o assenza di Service Principal Name (SPN), accesso alle risorse via indirizzo IP invece che tramite FQDN, oppure applicazioni configurate (o addirittura hardcoded) per chiamare NTLM. Ed è proprio qui che la roadmap prova a intervenire: IAKerb nasce per gestire scenari dove il client non ha una visione completa, mentre LocalKDC mira a ridurre l’uso di NTLM in autenticazioni basate su account locali, storicamente uno dei punti più difficili da eliminare.

Audit potenziato: visibilità prima del blocco

La parte più importante, oggi, è ottenere telemetria affidabile su dove NTLM sta ancora transitando. Microsoft indica esplicitamente che Windows 11 24H2 e Windows Server 2025 offrono auditing più ricco per identificare dipendenze e priorità di remediation, evitando di scoprire “a produzione ferma” che un pezzo di infrastruttura si appoggia ancora al legacy. Nella pratica, la stessa documentazione Microsoft enfatizza la necessità di mappare le dipendenze applicative e validare i workload critici con Kerberos, iniziando a testare configurazioni “NTLM-off” in ambienti non produttivi.

Questo implica un uso approfondito dei log: NTLM va trattato come un “debito tecnico misurabile”, non come un dettaglio di protocollo. Nei suggerimenti sull’hardening dello scenario, Microsoft cita famiglie di eventi utili a capire chi autentica, verso cosa e con quale versione negoziata; nelle build più recenti (24H2/Server 2025) compaiono anche eventi più dettagliati che aiutano a ricostruire il motivo del fallback e, in alcuni casi, il processo coinvolto. L’obiettivo operativo è trasformare l’eliminazione di NTLM in un percorso governato: riduzione progressiva, controllo dell’impatto e blocchi mirati dove non esistono più dipendenze.

NTLMv1: già fuori gioco, ma attenzione ai “derivati” e alle eredità crittografiche

Il percorso di dismissione è iniziato da tempo: NTLMv1 risulta già rimosso in Windows 11 24H2 e Windows Server 2025, ma restano casi in cui sopravvivono elementi di crittografia legacy. Microsoft descrive esplicitamente scenari in cui “rimasugli” di NTLMv1 possono ancora emergere, ad esempio in contesti legati a MS-CHAPv2 in ambienti domain-joined, e introduce chiavi di registro e log dedicati per passare da una modalità di audit a una di enforcement. La timeline pubblica include anche un punto rilevante: a ottobre 2026, in assenza di configurazione esplicita, il default può spostarsi verso una postura più restrittiva per specifici meccanismi collegati a derivati di NTLMv1.

---

---

---

https://www.securityinfo.it/2026/02/03/ntlm-verso-lo-switch-off-microsoft-si-prepara-a-bloccarlo-di-default/?utm_source=rss&utm_medium=rss&utm_campaign=ntlm-verso-lo-switch-off-microsoft-si-prepara-a-bloccarlo-di-default

“I am concerned that border patrol and other federal enforcement agencies now have my license plate and personal information, and that I may be detained or arrested again in the future,” she wrote. “I am concerned about further actions that could be taken against me or my family. I have instructed my family to be cautious and return inside if they see unfamiliar vehicles outside of our home.”

Cleland said she hasn’t performed any observation of federal agents since January 10, but has “continued to engage in peaceful protests” and is “assessing when I will return to active observations.”

We contacted the Department of Homeland Security about Cleland’s declaration and will update this article if we get a response.

Extensive use of facial recognition

Federal agents have made extensive use of facial recognition during President Trump’s immigration crackdown with technology from Clearview AI and a face-scanning app called Mobile Fortify. They use facial recognition technology both to verify citizenship and identify protesters.

“Ms. Cleland was one of at least seven American citizens told by ICE agents this month that they were being recorded with facial recognition technology in and around Minneapolis, according to local activists and videos posted to social media,” The New York Times reported today, adding that none of the people had given consent to be recorded.

ICE also uses a variety of other technologies, including cell-site simulators (or Stingrays) to track phone locations, and Palantir software to help identify potential deportation targets.

Although Cleland vowed to continue protesting and eventually get back to observing ICE and CBP agents, her declaration said she felt intimidated after the recent incident.

“The interaction with the agents on January 10th made me feel angry and intimidated,” she wrote. “I have been through Legal Observer Training and know my rights. I believe that I did not do anything that warranted being stopped in the way that I was on January 10th.”

https://arstechnica.com/tech-policy/2026/01/ice-protester-says-her-global-entry-was-revoked-after-agent-scanned-her-face/

Carr fires back at California

Carr wrote in his response to Newsom that the FCC Inspector General report “specifically identified the tens of thousands of people that were enrolled AFTER THEY HAD ALREADY DIED.” The Inspector General report wasn’t quite so certain that the number is in the tens of thousands, however.

The report said that “at least 16,774 (and potentially as many as 39,362) deceased individuals were first enrolled and claimed by a provider after they died.” The Inspector General’s office could not determine “whether the remaining 22,588 deceased subscribers were first claimed before or after their deaths as the opt-out states do not report enrollment date information.”

Carr also wrote in his response to Newsom that “payments to providers for people that died or may have died before enrollment went on for over 50 months in cases and for several months on average.” The Inspector General report did say that “providers sought reimbursement for subscribers enrolled after their deaths for 1 to 54 months, with an average of 3.4 months,” but didn’t specify which state or states hit the 54-month mark.

Carr has continued addressing the topic throughout the week. “For the record, my position is that the government should not be spending your money to provide phone and Internet service to dead people. Governor Newsom is taking the opposite position, apparently,” he wrote yesterday.

When asked if the FCC will penalize California, Carr said at yesterday’s press conference yesterday that “we are looking at California and we’re going to make sure that we hold bad actors accountable, and we’re going to look at all the remedies that are on the table.”

Gomez: FCC plan shuts out eligible subscribers

Anna Gomez, the FCC’s one Democrat, said that Carr’s proposed rulemaking “goes well beyond” what’s needed to protect the integrity of Lifeline. “By proposing to use the same cruel and punitive eligibility standards recently imposed for Medicaid coverage, the Commission risks excluding large numbers of eligible households, including seniors, people with disabilities, rural residents, and Tribal communities, from a proven lifeline that millions rely on to stay connected to work, school, health care, and emergency services,” she said.

https://arstechnica.com/tech-policy/2026/01/fcc-chair-fights-calif-governor-over-alleged-lifeline-benefits-for-dead-people/

Cavanagh said that over the past year, Comcast “made the most significant go-to-market shift in our company’s history. We have simplified our broadband offering by moving away from short-term promotions toward a clear, transparent value proposition.” But more changes are needed, he said.

“Looking ahead, 2026 is about building on the changes we made in 2025… This will be the largest broadband investment year in our history, focused squarely on customer experience and simplification, with the goal of migrating the majority of residential broadband customers to our new simplified pricing and packaging by year-end,” Cavanagh said.

Comcast’s domestic broadband revenue was $6.32 billion, down from $6.38 billion a year ago. Cable TV revenue was $6.36 billion, down from $6.74 billion year over year. Mobile revenue rose from $1.19 billion to $1.40 billion year over year, buoyed by 1.5 million new mobile lines added during the full year of 2025.

Comcast said it now has over 9 million total mobile lines and aims to get more of its broadband customers into bundles of Internet and wireless service. Comcast offers consumer mobile service through an agreement with Verizon and struck a deal with T-Mobile to deliver mobile services to business customers this year.

Peacock boosts revenue

As the owner of NBCUniversal, Comcast has a lot more going on than cable and mobile. Strong results in the Peacock streaming service and Universal Studios theme parks helped Comcast meet analysts’ revenue projections and exceed profit estimates. Peacock paid subscribers increased 22 percent year over year to 44 million, and revenue grew 23 percent to 1.6 billion in the quarter, Comcast said.

Total Q4 2025 revenue was $32.31 billion, up 1.2 percent year over year. Net income was $2.17 billion, a 54.6 percent drop compared to a profit of $4.78 billion in Q4 2024. Comcast indicated the drop isn’t as bad as it sounds because it reflects “an unfavorable comparison to the prior year period, which included a $1.9 billion income tax benefit due to an internal corporate reorganization.” Comcast’s stock price was up about 3 percent today but has fallen about 16 percent in the past 12 months.

Comcast is one of the two biggest cable companies in the US alongside Charter, which is scheduled to announce Q4 2025 earnings tomorrow. In Q3 2025, Charter reported a loss of 109,000 Internet customers, a bit more than Comcast’s 104,000-customer loss in the same quarter. Charter, which is seeking regulatory approval to buy cable company Cox, had 27.76 million residential Internet customers and 2.03 million small business Internet customers.

Disclosure: The Advance/Newhouse Partnership, which owns 12 percent of Charter, is part of Advance Publications, which owns Ars Technica parent Condé Nast.

https://arstechnica.com/tech-policy/2026/01/comcast-keeps-losing-customers-despite-price-guarantee-and-unlimited-data/

In a loss, Lynch could owe millions, as each mail order would be considered a violation of the state’s Human Life Protection Act, Paxton alleged, triggering a minimum $100,000 fine per violation. She could also face substantial jail time, the Austin American-Statesman reported, since Texas abortion “providers risk up to 99 years in prison.”

However, Lynch told the Times on Wednesday that the lawsuit will not stop her from shipping pills into Texas. She’s been anticipating this fight since at least the beginning of last year and remains committed to helping pregnant people in states with strict abortion laws get support from a qualified health provider. She fears that otherwise, they’ll feel driven to take riskier steps that could endanger their lives.

“I don’t fear Ken Paxton,” Lynch told the Statesman last January. “I don’t fear getting arrested or anything like that.”

Nurse plans to defend shield laws

This is the third lawsuit Paxton has filed against an out-of-state abortion pill provider, his press release noted. Legal experts who support abortion ban laws, as well as those supporting abortion shield laws, told the NYT they expect the Supreme Court to eventually weigh the arguments on both sides. If that happened, it could impact law enforcement in about a third of states with “near-total” abortion bans, as well as more than 20 states that enacted abortion shield laws.

To Lynch, abortion ban laws have already proven disastrous, doing more harm than good.

The Statesman cited data from the Society of Family Planning (SFP), showing that after the Supreme Court overturned Roe v. Wade in 2022, medication abortion by telehealth became much more popular in the US. In 2022, this type of service accounted for approximately 1 in 25 abortions; by 2024, the numbers had shot to 1 in 5.

“Nearly half of those prescriptions went to patients in states with abortion bans or restrictions on telehealth abortion,” the Statesman reported, and SFP’s data showed that Texas residents, particularly, were turning more to telehealth. In the first half of 2024, 2,800 Texans per month received abortion medication by mail, which was “more than any other abortion-restricted state,” the data showed.

https://arstechnica.com/tech-policy/2026/01/i-dont-fear-ken-paxton-nurse-vows-to-keep-shipping-abortion-pills-to-texas/

Two security professionals who were arrested in 2019 after performing an authorized security assessment of a county courthouse in Iowa will receive $600,000 to settle a lawsuit they brought alleging wrongful arrest and defamation.

The case was brought by Gary DeMercurio and Justin Wynn, two penetration testers who at the time were employed by Colorado-based security firm Coalfire Labs. The men had written authorization from the Iowa Judicial Branch to conduct “red-team” exercises, meaning attempted security breaches that mimic techniques used by criminal hackers or burglars.

The objective of such exercises is to test the resilience of existing defenses using the types of real-world attacks the defenses are designed to repel. The rules of engagement for this exercise explicitly permitted “physical attacks,” including “lockpicking,” against judicial branch buildings so long as they didn’t cause significant damage.

A chilling message

The event galvanized security and law enforcement professionals. Despite the legitimacy of the work and the legal contract that authorized it, DeMercurio and Wynn were arrested on charges of felony third-degree burglary and spent 20 hours in jail, until they were released on $100,000 bail ($50,000 for each). The charges were later reduced to misdemeanor trespassing charges, but even then, Chad Leonard, sheriff of Dallas County, where the courthouse was located, continued to allege publicly that the men had acted illegally and should be prosecuted.

Reputational hits from these sorts of events can be fatal to a security professional’s career. And of course, the prospect of being jailed for performing authorized security assessment is enough to get the attention of any penetration tester, not to mention the customers that hire them.

“This incident didn’t make anyone safer,” Wynn said in a statement. “It sent a chilling message to security professionals nationwide that helping [a] government identify real vulnerabilities can lead to arrest, prosecution, and public disgrace. That undermines public safety, not enhances it.”

DeMercurio and Wynn’s engagement at the Dallas County Courthouse on September 11, 2019, had been routine. A little after midnight, after finding a side door to the courthouse unlocked, the men closed it and let it lock. They then slipped a makeshift tool through a crack in the door and tripped the locking mechanism. After gaining entry, the pentesters tripped an alarm alerting authorities.

https://arstechnica.com/security/2026/01/county-pays-600000-to-pentesters-it-arrested-for-assessing-courthouse-security/

Rising costs of climate change

Last year, the nonprofit Climate Central launched an online database to track the most costly weather- and climate-related disasters across the country. The effort was led by the same lead scientist who tracked those costs for the National Oceanic and Atmospheric Administration—until the Trump administration axed the project in May.

In 2025, the US experienced 23 such disasters with costs totaling at least $1 billion, for a total of $115 billion, Climate Central concluded. From 1980 through 2025, the US has experienced 426 billion-dollar weather and climate disasters, for a total of more than $3.1 trillion in damages.

Meanwhile, home insurance rates are rising, and insurance companies are increasingly backing out of areas with high risks from hurricanes or wildfires. Researchers have also documented how climate change causes premature deaths and increasing health care costs as it fuels disease and other health problems.

Illinois is struggling with worsening flooding, heat waves, and air pollution—including from Canadian wildfires. All bring heavy costs.

State Sen. Graciela Guzmán, a Chicago Democrat who will introduce the superfund legislation in Illinois’ Senate, said the bill is a practical step to bring funding to local schools, families, and governments already struggling with these consequences.

“This bill is about setting a fairer standard for who pays when climate damage hits our towns and neighborhoods,” Guzmán wrote in an email.

Ramirez’s basement, in her home on the Southeast Side of Chicago, was flooded on and off with sewage water for a week last summer when her sewer line broke during a rainstorm that caused severe flash flooding throughout the city. Her home insurance wouldn’t cover the thousands of dollars it took to repair it, she said. She sees it as an example of what the effort to “make polluters pay” could address.

“This superfund climate bill would create revenue to fix the infrastructure and be able to combat all this bad stuff that’s happening,” she added.

In the past two years, Americans experienced a slew of devastating disasters, from Hurricanes Helene and Milton to the Los Angeles wildfires and Texas floods. Hundreds of thousands are reportedly still without power after a punishing winter storm made worse by global warming.

All of that contributes to growing momentum to make polluters pay, said DiPaola, of Fossil Free Media.

“People were looking at their insurance bills, they were looking at their utility bills, they were seeing the costs of climate damage and also everyday climate costs just really rising,” DiPaola said. “They wanted some accountability.”

This story originally appeared on Inside Climate News.

https://arstechnica.com/tech-policy/2026/01/states-want-to-charge-fossil-fuel-companies-for-climate-change-superfunds/