At DOT, Trump likely hopes to see many rules quickly updated to modernize airways and roadways. In a report highlighting the Office of Science and Technology Policy’s biggest “wins” in 2025, the White House credited DOT with “replacing decades-old rules with flexible, innovation-friendly frameworks,” including fast-tracking rules to allow for more automated vehicles on the roads.

Right now, DOT expects that Gemini can be relied on to “handle 80 to 90 percent of the work of writing regulations,” ProPublica reported. Eventually all federal workers who rely on AI tools like Gemini to draft rules “would fall back into merely an oversight role, monitoring ‘AI-to-AI interactions,’” ProPublica reported.

Google silent on AI drafting safety rules

Google did not respond to Ars’ request to comment on this use case for Gemini, which could spread across government under Trump’s direction.

Instead, the tech giant posted a blog on Monday, pitching Gemini for government more broadly, promising federal workers that AI would help with “creative problem-solving to the most critical aspects of their work.”

Google has been competing with AI rivals for government contracts, undercutting OpenAI and Anthropic’s $1 deals by offering a year of access to Gemini for $0.47.

The DOT contract seems important to Google. In a December blog, the company celebrated that DOT was “the first cabinet-level agency to fully transition its workforce away from legacy providers to Google Workspace with Gemini.”

At that time, Google suggested this move would help DOT “ensure the United States has the safest, most efficient, and modern transportation system in the world.”

Immediately, Google encouraged other federal leaders to launch their own efforts using Gemini.

“We are committed to supporting the DOT’s digital transformation and stand ready to help other federal leaders across the government adopt this blueprint for their own mission successes,” Google’s blog said.

DOT did not immediately respond to Ars’ request for comment.

https://arstechnica.com/tech-policy/2026/01/wildly-irresponsible-dots-use-of-ai-to-draft-safety-rules-sparks-concerns/

As the app comes back online, users have also taken note that TikTok is collecting more of their data under US control. As Wired reported, TikTok asked US users to agree to a new terms of service and privacy policy, which allows TikTok to potentially collect “more detailed information about its users, including precise location data.”

“Before this update, the app did not collect the precise, GPS-derived location data of US users,” Wired reported. “Now, if you give TikTok permission to use your phone’s location services, then the app may collect granular information about your exact whereabouts.”

New policies also pushed users to agree to share all their AI interactions, which allows TikTok to store their metadata and trace AI inputs back to specific accounts.

Already seeming more invasive and less reliable, for TikTok users, questions likely remain how much their favorite app might change under new ownership, as the TikTok USDS Joint Venture prepares to retrain the app’s algorithm.

Trump has said that he wants to see the app become “100 percent MAGA,” prompting fears that “For You” pages might soon be flooded with right-wing content or that leftist content like anti-ICE criticism might be suppressed. And The Information reported in July that transferring millions of users over to the US-trained app is expected to cause more “technical issues.”

https://arstechnica.com/tech-policy/2026/01/tiktok-glitches-caused-by-data-center-power-outage-us-joint-venture-says/

The European probe comes after UK media regulator Ofcom opened a formal investigation into Grok, while Malaysia and Indonesia have banned the chatbot altogether.

Following the backlash, xAI restricted the use of Grok to paying subscribers and said it has “implemented technological measures” to limit Grok from generating certain sexualized images.

Musk has also said “anyone using Grok to make illegal content will suffer the same consequences as if they upload illegal content.”

An EU official said that “with the harm that is exposed to individuals that are subject to these images, we have not been convinced so far by what mitigating measures the platform has taken to have that under control.”

The company, which acquired Musk’s social media site X last year, has designed its AI products to have fewer content “guardrails” than competitors such as OpenAI and Google. Musk called its Grok model “maximally truth-seeking.”

The commission fined X €120 million in December last year for breaching its regulations for transparency, providing insufficient access to data and the deceptive design of its blue ticks for verified accounts.

The fine was criticized by Musk and the US government, with the Trump administration claiming the EU was unfairly targeting American groups and infringing freedom of speech principles championed by the Maga movement.

X did not immediately reply to a request for comment.

© 2026 The Financial Times Ltd. All rights reserved. Not to be redistributed, copied, or modified in any way.

https://arstechnica.com/tech-policy/2026/01/eu-launches-formal-investigation-of-xai-over-groks-sexualized-deepfakes/

Researchers on Friday said that Poland’s electric grid was targeted by wiper malware, likely unleashed by Russia state hackers, in an attempt to disrupt electricity delivery operations.

A cyberattack, Reuters reported, occurred during the last week of December. The news organization said it was aimed at disrupting communications between renewable installations and the power distribution operators but failed for reasons not explained.

Wipers R Us

On Friday, security firm ESET said the malware responsible was a wiper, a type of malware that permanently erases code and data stored on servers with the goal of destroying operations completely. After studying the tactics, techniques, and procedures (TTPs) used in the attack, company researchers said the wiper was likely the work of a Russian government hacker group tracked under the name Sandworm.

“Based on our analysis of the malware and associated TTPs, we attribute the attack to the Russia-aligned Sandworm APT with medium confidence due to a strong overlap with numerous previous Sandworm wiper activity we analyzed,” said ESET researchers. “We’re not aware of any successful disruption occurring as a result of this attack.”

Sandworm has a long history of destructive attacks waged on behalf of the Kremlin and aimed at adversaries. Most notable was one in Ukraine in December 2015. It left roughly 230,000 people without electricity for about six hours during one of the coldest months of the year. The hackers used general purpose malware known as BlackEnergy to penetrate power companies’ supervisory control and data acquisition systems and, from there, activate legitimate functionality to stop electricity distribution. The incident was the first known malware-facilitated blackout.

https://arstechnica.com/security/2026/01/wiper-malware-targeted-poland-energy-grid-but-failed-to-knock-out-electricity/

The Department of Homeland Security (DHS) has backed down from a fight to unmask the owners of Instagram and Facebook accounts monitoring Immigration and Customs Enforcement (ICE) activity in Pennsylvania.

One of the anonymous account holders, John Doe, sued to block ICE from identifying him and other critics online through summonses to Meta that he claimed infringed on core First Amendment-protected activity.

DHS initially fought Doe’s motion to quash the summonses, arguing that the community watch groups endangered ICE agents by posting “pictures and videos of agents’ faces, license plates, and weapons, among other things.” This was akin to “threatening ICE agents to impede the performance of their duties,” DHS alleged. DHS’s arguments echoed DHS Secretary Kristi Noem, who has claimed that identifying ICE agents is a crime, even though Wired noted that ICE employees often post easily discoverable LinkedIn profiles.

To Doe, the agency seemed intent on testing the waters to see if it could seize authority to unmask all critics online by invoking a customs statute that allows agents to subpoena information on goods entering or leaving the US.

But then, on January 16, DHS abruptly reversed course, withdrawing its summonses from Meta.

A court filing confirmed that DHS dropped its requests for subscriber information last week, after initially demanding Doe’s “postal code, country, all email address(es) on file, date of account creation, registered telephone numbers, IP address at account signup, and logs showing IP address and date stamps for account accesses.”

The filing does not explain why DHS decided to withdraw its requests.

However, previously, DHS requested similar information from Meta about six Instagram community watch groups that shared information about ICE activity in Los Angeles and other locations. DHS withdrew those requests, too, after account holders defended their First Amendment rights and filed motions to quash their summonses, Doe’s court filing said.

https://arstechnica.com/tech-policy/2026/01/instagram-ice-critic-wins-fight-to-stay-anonymous-as-dhs-backs-down/

Protesters disrupted services on Sunday at the Cities Church in St. Paul, chanting “ICE OUT” and “Justice for Renee Good.” The St. Paul Pioneer Press quoted Levy Armstrong as saying, “When you think about the federal government unleashing barbaric ICE agents upon our community and all the harm that they have caused, to have someone serving as a pastor who oversees these ICE agents is almost unfathomable to me.”

The church website lists David Easterwood as one of its pastors. Protesters said this is the same David Easterwood who is listed as a defendant in a lawsuit that Minnesota Attorney General Keith Ellison filed against Noem and other federal officials. The lawsuit lists Easterwood as a defendant “in his official capacity as Acting Director, Saint Paul Field Office, U.S. Immigration and Customs Enforcement.”

Levy Armstrong, who is also a former president of the NAACP’s Minneapolis branch, was arrested yesterday morning. Announcing the arrest, Attorney General Pam Bondi wrote, “WE DO NOT TOLERATE ATTACKS ON PLACES OF WORSHIP.” Bondi alleged that Levy Armstrong “played a key role in organizing the coordinated attack on Cities Church in St. Paul, Minnesota.”

Multiple arrests

Noem said Levy Armstrong “is being charged with a federal crime under 18 USC 241,” which prohibits “conspir[ing] to injure, oppress, threaten, or intimidate any person in any State, Territory, Commonwealth, Possession, or District in the free exercise or enjoyment of any right or privilege secured to him by the Constitution or laws of the United States.”

“Religious freedom is the bedrock of the United States—there is no first amendment right to obstruct someone from practicing their religion,” Noem wrote.

St. Paul School Board member Chauntyll Allen was also arrested. Attorneys for the Cities Church issued statements supporting the arrests and saying they “are exploring all legal options to protect the church and prevent further invasions.”

A federal magistrate judge initially ruled that Levy Armstrong and Allen could be released, but they were still being held last night after the government “made a motion to stay the release for further review, claiming they might be flight risks,” the Pioneer Press wrote.

https://arstechnica.com/tech-policy/2026/01/white-house-posts-altered-arrest-photo-to-make-it-appear-ice-critic-was-sobbing/

The TikTok deal is done, and Donald Trump is claiming a win, although it remains unclear if the joint venture he arranged with ByteDance and the Chinese government actually resolves Congress’ national security concerns.

In a press release Thursday, TikTok announced the “TikTok USDS Joint Venture LLC,” an entity established to keep TikTok operating in the US.

Giving Americans majority ownership, ByteDance retains 19.9 percent of the joint venture, the release said, which has been valued at $14 billion. Three managing investors—Silver Lake, Oracle, and MGX—each hold 15 percent, while other investors, including Dell Technologies CEO Michael Dell’s investment firm, Dell Family Office, hold smaller, undisclosed stakes.

Americans will also have majority control over the joint venture’s seven-member board. TikTok CEO Shou Chew holds ByteDance’s only seat. Finalizing the deal was a “great move,” Chew told TikTok employees in an internal memo, The New York Times reported.

Two former TikTok employees will lead the joint venture. Adam Presser, who previously served as TikTok’s global head of Operations and Trust & Safety, has been named CEO. And Kim Farrell, TikTok’s former global head of Business Operations Protection, will serve as chief security officer.

Trump has claimed the deal meets requirements for “qualified divestiture” to avoid a TikTok ban otherwise required under the Protecting Americans from Foreign Adversary Controlled Applications Act. However, questions remain, as lawmakers have not yet analyzed the terms of the deal to determine whether that’s true.

The law requires the divestment “to end any ‘operational relationship’ between ByteDance and TikTok in the United States,” critics told the NYT. That could be a problem, since TikTok’s release makes it clear that ByteDance will maintain some control over the TikTok US app’s operations.

For example, while the US owners will retrain the algorithm and manage data security, ByteDance owns the algorithm and “will manage global product interoperability and certain commercial activities, including e-commerce, advertising, and marketing.” The Trump administration seemingly agreed to these terms to ensure that the US TikTok isn’t cut off from the rest of the world on the app.

https://arstechnica.com/tech-policy/2026/01/tiktok-finalizes-trump-deal-that-allows-bytedance-to-maintain-some-control/

But “such cannot be the case,” Goldberg argued.

Faced with “the implicit threat that Grok would keep the images of St. Clair online and, possibly, create more of them,” St. Clair had little choice but to interact with Grok, Goldberg argued. And that prompting should not gut protections under New York law that St. Clair seeks to claim in her lawsuit, Goldberg argued, asking the court to void St. Clair’s xAI contract and reject xAI’s motion to switch venues.

Should St. Clair win her fight to keep the lawsuit in New York, the case could help set precedent for perhaps millions of other victims who may be contemplating legal action but fear facing xAI in Musk’s chosen court.

“It would be unjust to expect St. Clair to litigate in a state so far from her residence, and it may be so that trial in Texas will be so difficult and inconvenient that St. Clair effectively will be deprived of her day in court,” Goldberg argued.

Grok may continue harming kids

The estimated volume of sexualized images reported this week is alarming because it suggests that Grok, at the peak of the scandal, may have been generating more child sexual abuse material (CSAM) than X finds on its platform each month.

In 2024, X Safety reported 686,176 instances of CSAM to the National Center for Missing and Exploited Children, which, on average, is about 57,000 CSAM reports each month. If the CCDH’s estimate of 23,000 Grok outputs that sexualize children over an 11-day span is accurate, then an average monthly total may have exceeded 62,000 if Grok was left unchecked.

NCMEC did not immediately respond to Ars’ request to comment on how the estimated volume of Grok’s CSAM compares to X’s average CSAM reporting. But NCMEC previously told Ars that “whether an image is real or computer-generated, the harm is real, and the material is illegal.” That suggests Grok could remain a thorn in NCMEC’s side, as the CCDH has warned that even when X removes harmful Grok posts, “images could still be accessed via separate URLs,” suggesting that Grok’s CSAM and other harmful outputs could continue spreading. The CCDH also found instances of alleged CSAM that X had not removed as of January 15.

https://arstechnica.com/tech-policy/2026/01/asking-grok-to-delete-fake-nudes-may-force-victims-to-sue-in-musks-chosen-court/

The state complaint details how its investigators were easily able to set up fake Facebook and Instagram accounts posing as underage girls, and how these accounts were soon sent explicit messages and shown algorithmically amplified pornographic content. In another test case cited in the complaint, investigators created a fake account as a mother looking to traffic her young daughter. According to the complaint, Meta did not flag suggestive remarks that other users commented on her posts, nor did it shut down some of the accounts that were reported to be in violation of Meta’s policies.

Meta spokesperson Aaron Simpson told WIRED via email that the company has, for over a decade, listened to parents, experts, and law enforcement, and has conducted in-depth research, to “understand the issues that matter the most,” and to “use these insights to make meaningful changes—like introducing Teen Accounts with built-in protections and providing parents with tools to manage their teens’ experiences.”

“While New Mexico makes sensationalist, irrelevant and distracting arguments, we’re focused on demonstrating our longstanding commitment to supporting young people,” Simpson said. “We’re proud of the progress we’ve made, and we’re always working to do better.”

In its motions ahead of the New Mexico trial, Meta asked that the court exclude any references to a public advisory published by Vivek Murthy, the former US surgeon general, about social media and youth mental health. It also asked the court to exclude an op-ed article by Murthy and Murthy’s calls for social media to come with a warning label. Meta argues that the former surgeon general’s statements treat social media companies as a monolith and are “irrelevant, inadmissible hearsay, and unduly prejudicial.”

Meta has also insisted that the state of New Mexico should not be able to admit in court any third-party surveys—or Meta’s own internal surveys—that purport to show a high amount of inappropriate content on Meta’s platforms, because the surveys are, in legal terms, hearsay.

https://arstechnica.com/tech-policy/2026/01/meta-wants-to-block-data-about-social-media-use-mental-health-in-child-safety-trial/

The Post asked for an expedited briefing and hearing schedule. Porter ordered the government to file a reply by January 28 and scheduled oral arguments for February 6.

Post: “Government refused” to stop search

FBI agents reportedly seized Natanson’s phone, a 1TB portable hard drive, a device for recording interviews, a Garmin watch, a personal laptop, and a laptop issued by The Washington Post. Natanson has said she’s built up a contact list of 1,100 current and former government employees and communicates with them in encrypted Signal chats.

“The day the FBI raided Natanson’s residence, undersigned counsel reached out to the government to advise that the seized items contain materials protected by the First Amendment and the attorney-client privileges,” attorneys for The Washington Post and Natanson told the court. “Undersigned counsel asked the government to refrain from reviewing the documents pending judicial resolution of the dispute, but the government refused.”

The filing said that unless a standstill order is issued, “the government will commence an unrestrained search of a journalist’s work product that violates the First Amendment and the attorney-client privilege, ignores federal statutory safeguards for journalists, and threatens the trust and confidentiality of sources.”

The six devices seized from Natanson “contain essentially her entire professional universe: more than 30,000 Post emails from the last year alone, confidential information from and about sources (including her sources and her colleagues’ sources), recordings of interviews, notes on story concepts and ideas, drafts of potential stories, communications with colleagues about sources and stories, and The Post’s content management system that houses all articles in progress,” the Post said. “The devices also housed Natanson’s encrypted Signal messaging platform that she used to communicate with her more than 1,100 sources. Without her devices, she ‘literally cannot contact’ these sources.”

https://arstechnica.com/tech-policy/2026/01/judge-orders-stop-to-fbi-search-of-devices-seized-from-washington-post-reporter/