The initiative could help reach people in places lacking access to local news sources.

The chair of the Education and Workforce Committee argued the rule would threaten businesses and is overly protective.

The lawmakers wrote in a letter that data centers are “dramatically increasing” energy demand, leading to higher costs and higher emissions.

The lawsuits allege the California Air Resources Board’s amendments to the program could increase pollution.

Payouts after natural disasters would be conditional on countries’ reforms to better mitigate climate risk.

Fears of rolling blackouts led Ireland’s grid operator to halt new data centers near Dublin until 2028.

Whether you’re a fulfillment center, a manufacturer, or a distributor, speed is king. But getting products out the door quickly requires workers to know where those products are located in their warehouses at all times. That may sound obvious, but lost or misplaced inventory is a major problem in warehouses around the world.

Corvus Robotics is addressing that problem with an inventory management platform that uses autonomous drones to scan the towering rows of pallets that fill most warehouses. The company’s drones can work 24/7, whether warehouse lights are on or off, scanning barcodes alongside human workers to give them an unprecedented view of their products.

“Typically, warehouses will do inventory twice a year — we change that to once a week or faster,” says Corvus co-founder and CTO Mohammed Kabir ’21. “There’s a huge operational efficiency you gain from that.”

Corvus is already helping distributors, logistics providers, manufacturers, and grocers track their inventory. Through that work, the company has helped customers realize huge gains in the efficiency and speed of their warehouses.

The key to Corvus’s success has been building a drone platform that can operate autonomously in tough environments like warehouses, where GPS doesn’t work and Wi-Fi may be weak, by only using cameras and neural networks to navigate. With that capability, the company believes its drones are poised to enable a new level of precision for the way products are produced and stored in warehouses around the world.

A new kind of inventory management solution

Kabir has been working on drones since he was 14.

“I was interested in drones before the drone industry even existed,” Kabir says. “I’d work with people I found on the internet. At the time, it was just a bunch of hobbyists cobbling things together to see if they could work.”

In 2017, the same year Kabir came to MIT, he received a message from his eventual Corvus co-founder Jackie Wu, who was a student at Northwestern University at the time. Wu had seen some of Kabir’s work on drone navigation in GPS-denied environments as part of an open-source drone project. The students decided to see if they could use the work as the foundation for a company.

Kabir started working on spare nights and weekends as he juggled building Corvus’ technology with his coursework in MIT’s Department of Aeronautics and Astronautics. The founders initially tried using off-the-shelf drones and equipping them with sensors and computing power. Eventually they realized they had to design their drones from scratch, because off-the-shelf drones did not provide the kind of low-level control and access they needed to build full-lifecycle autonomy.

Kabir built the first drone prototype in his dorm room in Simmons Hall and took to flying each new iteration in the field out front.

“We’d build these drone prototypes and bring them out to see if they’d even fly, and then we’d go back inside and start building our autonomy systems on top of them,” Kabir recalls.

While working on Corvus, Kabir was also one of the founders of the MIT Driverless program that built North America’s first competition-winning driverless race cars.

“It’s all part of the same autonomy story,” Kabir says. “I’ve always been very interested in building robots that operate without a human touch.”

From the beginning, the founders believed inventory management was a promising application for their drone technology. Eventually they rented a facility in Boston and simulated a warehouse with huge racks and boxes to refine their technology.

By the time Kabir graduated in 2021, Corvus had completed several pilots with customers. One customer was MSI, a building materials company that distributes flooring, countertops, tile, and more. Soon MSI was using Corvus every day across multiple facilities in its nationwide network.

The Corvus One drone, which the company calls the world’s first fully autonomous warehouse inventory management drone, is equipped with 14 cameras and an AI system that allows it to safely navigate to scan barcodes and record the location of each product. In most instances, the collected data are shared with the customer’s warehouse management system (typically the warehouse’s system of record), and any discrepancies identified are automatically categorized with a suggested resolution. Additionally, the Corvus interface allows customers to select no-fly zones, choose flight behaviors, and set automated flight schedules.

“When we started, we didn’t know if lifelong vision-based autonomy in warehouses was even possible,” Kabir says. “It turns out that it’s really hard to make infrastructure-free autonomy work with traditional computer vision techniques. We were the first in the world to ship a learning-based autonomy stack for an indoor aerial robot using machine learning and neural network based approaches. We were using AI before it was cool.”

To set up, Corvus’ team simply installs one or more docks, which act as a charging and data transfer station, on the ends of product racks and completes a rough mapping step using tape measurers. The drones then fill in the fine details on their own. Kabir says it takes about a week to be fully operational in a 1-million-square-foot facility.

“We don’t have to set up any stickers, reflectors, or beacons,” Kabir says. “Our setup is really fast compared to other options in the industry. We call it infrastructure-free autonomy, and it’s a big differentiator for us.”

From forklifts to drones

A lot of inventory management today is done by a person using a forklift or a scissor lift to scan barcodes and make notes on a clipboard. The result is infrequent and inaccurate inventory checks that sometimes require warehouses to shut down operations.

“They’re going up and down on these lifts, and there are all of these manual steps involved,” Kabir says. “You have to manually collect data, then there’s a data entry step, because none of these systems are connected. What we’ve found is many warehouses are driven by bad data, and there’s no way to fix that unless you fix the data you’re collecting in the first place.”

Corvus can bring inventory management systems and processes together. Its drones also operate safely around people and forklifts every day.

“That was a core goal for us,” Kabir says. “When we go into a warehouse, it’s a privilege the customer has given us. We don’t want to disrupt their operations, and we build a system around that idea. You can fly it whenever you need to, and the system will work around your schedule.”

Kabir already believes Corvus offers the most comprehensive inventory management solution available. Moving forward, the company will offer more end-to-end solutions to manage inventory the moment it arrives at warehouses.

“Drones actually only solve a part of the inventory problem,” Kabir says. “Drones fly around to track rack pallet inventory, but a lot of stuff gets lost even before it makes it to the racks. Products arrive, they get taken off a truck, and then they are stacked on the floor, and before they are moved to the racks, items have been lost. They’re mislabelled, they’re misplaced, and they’re just gone. Our vision is to solve that.”

Nature Climate Change, Published online: 20 December 2024; doi:10.1038/s41558-024-02222-9

Vocal communication is essential for information transmission in many species, such as that related to mating opportunities or predator presence. Recent research revealing how phenotypic changes brought about by a changing climate may influence vocal communication raises some serious concerns for conservation management.

Every year, countless emails hit our inboxes telling us that our personal information was accessed, shared, or stolen in a data breach. In many cases, there is little we can do. Most of us can assume that at least our phone numbers, emails, addresses, credit card numbers, and social security numbers are all available somewhere on the internet.

But some of these data breaches are more noteworthy than others, because they include novel information about us, are the result of particularly noteworthy security flaws, or are just so massive they’re impossible to ignore. For that reason, we are introducing the Breachies, a series of tongue-in-cheek “awards” for some of the most egregious data breaches of the year.

If these companies practiced a privacy first approach and focused on data minimization, only collecting and storing what they absolutely need to provide the services they promise, many data breaches would be far less harmful to the victims. But instead, companies gobble up as much as they can, store it for as long as possible, and inevitably at some point someone decides to poke in and steal that data.

Once all that personal data is stolen, it can be used against the breach victims for identity theft, ransomware attacks, and to send unwanted spam. The risk of these attacks isn’t just a minor annoyance: research shows it can cause psychological injury, including anxiety, depression, and PTSD. To avoid these attacks, breach victims must spend time and money to freeze and unfreeze their credit reports, to monitor their credit reports, and to obtain identity theft prevention services.

This year we’ve got some real stinkers, ranging from private health information to—you guessed it—credit cards and social security numbers.

The Winners

• The Just Stop Using Tracking Tech Award: Kaiser Permanente
• The Most Impactful Data Breach for ‘90s Kids Award: Hot Topic
• The Only Stalkers Allowed Award: mSpy
• The I Didn’t Even Know You Had My Information Award: Evolve Bank
• The We Told You So Award: AU10TIX
• The Why We’re Still Stuck on Unique Passwords Award: Roku
• The Listen, Security Researchers are Trying to Help Award: City of Columbus
• The Have I Been Pwned? Award: Spoutible
• The Reporting’s All Over the Place Award: National Public Data
• The Biggest Health Breach We’ve Ever Seen Award: Change Health
• The There’s No Such Thing As Backdoors for Only “Good Guys” Award: Salt Typhoon
• Breach of the Year (of the Decade?): Snowflake
• Tips to Protect Yourself
• (Dis)Honorable Mentions

The Just Stop Using Tracking Tech Award: Kaiser Permanente

In one of the year's most preventable breaches, the healthcare company Kaiser Permanente exposed 13 million patients’ information via tracking code embedded in its website and app. This tracking code transmitted potentially sensitive medical information to Google, Microsoft, and X (formerly known as Twitter). The exposed information included patients’ names, terms they searched in Kaiser’s Health Encyclopedia, and how they navigated within and interacted with Kaiser’s website or app.

The most troubling aspect of this breach is that medical information was exposed not by a sophisticated hack, but through widely used tracking technologies that Kaiser voluntarily placed on its website. Kaiser has since removed the problematic code, but tracking technologies are rampant across the internet and on other healthcare websites. A 2024 study found tracking technologies sharing information with third parties on 96% of hospital websites. Websites usually use tracking technologies to serve targeted ads. But these same technologies give advertisers, data brokers, and law enforcement easy access to details about your online activity.

While individuals can protect themselves from online tracking by using tools like EFF’s Privacy Badger, we need legislative action to make online privacy the norm for everyone. EFF advocates for a ban on online behavioral advertising to address the primary incentive for companies to use invasive tracking technology. Otherwise, we’ll continue to see companies voluntarily sharing your personal data, then apologizing when thieves inevitably exploit a vulnerability in these tracking systems.

Head back to the table of contents.

The Most Impactful Data Breach for ‘90s Kids Award: Hot Topic

If you were in middle or high school any time in the ‘90s you probably have strong memories of Hot Topic. Baby goths and young punk rockers alike would go to the mall, get an Orange Julius and greasy slice of Sbarro pizza, then walk over to Hot Topic to pick up edgy t-shirts and overpriced bondage pants (all the while debating who was the biggest poser and which bands were sellouts, of course). Because of the fundamental position Hot Topic occupies in our generation’s personal mythology, this data breach hits extra hard.

In November 2024, Have I Been Pwned reported that Hot Topic and its subsidiary Box Lunch suffered a data breach of nearly 57 million data records. A hacker using the alias “Satanic” claimed responsibility and posted a 730 GB database on a hacker forum with a sale price of $20,000. The compromised data about approximately 54 million customers reportedly includes: names, email addresses, physical addresses, phone numbers, purchase history, birth dates, and partial credit card details. Research by Hudson Rock indicates that the data was compromised using info stealer malware installed on a Hot Topic employee’s work computer. “Satanic” claims that the original infection stems from the Snowflake data breach (another Breachie winner); though that hasn’t been confirmed because Hot Topic has still not notified customers, nor responded to our request for comment.

Though data breaches of this scale are common, it still breaks our little goth hearts, and we’d prefer stores did a better job of securing our data. Worse, Hot Topic still hasn’t publicly acknowledged this breach, despite numerous news reports. Perhaps Hot Topic was the real sellout all along. 

Head back to the table of contents.

The Only Stalkers Allowed Award: mSpy

mSpy, a commercially-available mobile stalkerware app owned by Ukrainian-based company Brainstack, was subject to a data breach earlier this year. More than a decade’s worth of information about the app’s customers was stolen, as well as the real names and email addresses of Brainstack employees.

The defining feature of stalkerware apps is their ability to operate covertly and trick users into believing that they are not being monitored. But in reality, applications like mSpy allow whoever planted the stalkerware to remotely view the contents of the victim’s device in real time. These tools are often used to intimidate, harass, and harm victims, including by stalkers and abusive (ex) partners. Given the highly sensitive data collected by companies like mSpy and the harm to targets when their data gets revealed, this data breach is another example of why stalkerware must be stopped. 

Head back to the table of contents.

The I Didn’t Even Know You Had My Information Award: Evolve Bank

Okay, are we the only ones  who hadn’t heard of Evolve Bank? It was reported in May that Evolve Bank experienced a data breach—though it actually happened all the way back in February. You may be thinking, “why does this breach matter if I’ve never heard of Evolve Bank before?” That’s what we thought too!

But here’s the thing: this attack affected a bunch of companies you have heard of, like Affirm (the buy now, pay later service), Wise (the international money transfer service), and Mercury Bank (a fintech company). So, a ton of services use the bank, and you may have used one of those services. It’s been reported that 7.6 million Americans were affected by the breach, with most of the data stolen being customer information, including social security numbers, account numbers, and date of birth.

The small bright side? No customer funds were accessed during the breach. Evolve states that after the breach they are doing some basic things like resetting user passwords and strengthening their security infrastructure. 

Head back to the table of contents.

The We Told You So Award: AU10TIX

AU10TIX is an “identity verification” company used by the likes of TikTok and X to confirm that users are who they claim to be. AU10TIX and companies like it collect and review sensitive private documents such as driver’s license information before users can register for a site or access some content.

Unfortunately, there is growing political interest in mandating identity or age verification before allowing people to access social media or adult material. EFF and others oppose these plans because they threaten both speech and privacy. As we said in 2023, verification mandates would inevitably lead to more data breaches, potentially exposing government IDs as well as information about the sites that a user visits.

Look no further than the AU10TIX breach to see what we mean. According to a report by 404 Media in May, AU10TIX left login credentials exposed online for more than a year, allowing access to very sensitive user data.

404 Media details how a researcher gained access to the company’s logging platform, “which in turn contained links to data related to specific people who had uploaded their identity documents.” This included “the person’s name, date of birth, nationality, identification number, and the type of document uploaded such as a drivers’ license,” as well as images of those identity documents.

The AU10TIX breach did not seem to lead to exposure beyond what the researcher showed was possible. But AU10TIX and other companies must do a better job at locking down user data. More importantly, politicians must not create new privacy dangers by requiring identity and age verification.

If age verification requirements become law, we’ll be handing a lot of our sensitive information over to companies like AU10TIX. This is the first We Told You So Breachie award, but it likely won’t be the last. 

Head back to the table of contents.

The Why We’re Still Stuck on Unique Passwords Award: Roku

In April, Roku announced not yet another new way to display more ads, but a data breach (its second of the year) where 576,000 accounts were compromised using a “credential stuffing attack.” This is a common, relatively easy sort of automated attack where thieves use previously leaked username and password combinations (from a past data breach of an unrelated company) to get into accounts on a different service. So, if say, your username and password was in the Comcast data breach in 2015, and you used the same username and password on Roku, the attacker might have been able to get into your account. Thankfully, less than 400 Roku accounts saw unauthorized purchases, and no payment information was accessed.

But the ease of this sort of data breach is why it’s important to use unique passwords everywhere. A password manager, including one that might be free on your phone or browser, makes this much easier to do. Likewise, credential stuffing illustrates why it’s important to use two-factor authentication. After the Roku breach, the company turned on two-factor authentication for all accounts. This way, even if someone did get access to your account password, they’d need that second code from another device; in Roku’s case, either your phone number or email address.

Head back to the table of contents.

The Listen, Security Researchers are Trying to Help Award: City of Columbus

In August, the security researcher David Ross Jr. (also known as Connor Goodwolf) discovered that a ransomware attack against the City of Columbus, Ohio, was much more serious than city officials initially revealed. After the researcher informed the press and provided proof, the city accused him of violating multiple laws and obtained a gag order against him.

Rather than silencing the researcher, city officials should have celebrated him for helping victims understand the true extent of the breach. EFF and security researchers know the value of this work. And EFF has a team of lawyers who help protect researchers and their work. 

Here is how not to deal with a security researcher: In July, Columbus learned it had suffered a ransomware attack. A group called Rhysida took responsibility. The city did not pay the ransom, and the group posted some of the stolen data online. The mayor announced the stolen data was “encrypted or corrupted,” so most of it was unusable. Later, the researcher, David Ross, helped inform local news outlets that in fact the breach did include usable personal information on residents. He also attempted to contact the city. Days later, the city offered free credit monitoring to all of its residents and confirmed that its original announcement was inaccurate.

Unfortunately, the city also filed a lawsuit, and a judge signed a temporary restraining order preventing the researcher from accessing, downloading, or disseminating the data. Later, the researcher agreed to a more limited injunction. The city eventually confirmed that the data of hundreds of thousands of people was stolen in the ransomware attack, including drivers licenses, social security numbers, employee information, and the identities of juvenile victims, undercover police officers, and confidential informants.

Head back to the table of contents.

The Have I Been Pwned? Award: Spoutible

The Spoutible breach has layers—layers of “no way!” that keep revealing more and more amazing little facts the deeper one digs.

It all started with a leaky API. On a per-user basis, it didn’t just return the sort of information you’d expect from a social media platform, but also the user’s email, IP address, and phone number. No way! Why would you do that?

But hold on, it also includes a bcrypt hash of their password. No way! Why would you do that?!

Ah well, at least they offer two-factor authentication (2FA) to protect against password leakages, except… the API was also returning the secret used to generate the 2FA OTP as well. No way! So, if someone had enabled 2FA it was immediately rendered useless by virtue of this field being visible to everyone.

However, the pièce de resistance comes with the next field in the API: the “em_code.” You know how when you do a password reset you get emailed a secret code that proves you control the address and can change the password? That was the code! No way!

-EFF thanks guest author Troy Hunt for this contribution to the Breachies.

Head back to the table of contents.

The Reporting’s All Over the Place Award: National Public Data

In January 2024, there was almost no chance you’d have heard of a company called National Public Data. But starting in April, then ramping up in June, stories revealed a breach affecting the background checking data broker that included names, phone numbers, addresses, and social security numbers of at least 300 million people. By August, the reported number ballooned to 2.9 billion people. In October, National Public Data filed for bankruptcy, leaving behind nothing but a breach notification on its website.

But what exactly was stolen? The evolving news coverage has raised more questions than it has answered. Too bad National Public Data has failed to tell the public more about the data that the company failed to secure.

One analysis found that some of the dataset was inaccurate, with a number of duplicates; also, while there were 137 million email addresses, they weren’t linked to social security numbers. Another analysis had similar results. As for social security numbers, there were likely somewhere around 272 million in the dataset. The data was so jumbled that it had names matched to the wrong email or address, and included a large chunk of people who were deceased. Oh, and that 2.9 billion number? That was the number of rows of data in the dataset, not the number of individuals. That 2.9 billion people number appeared to originate from a complaint filed in Florida.

Phew, time to check in with Count von Count on this one, then.

How many people were truly affected? It’s difficult to say for certain. The only thing we learned for sure is that starting a data broker company appears to be incredibly easy, as NPD was owned by a retired sheriff’s deputy and a small film studio and didn’t seem to be a large operation. While this data broker got caught with more leaks than the Titanic, hundreds of others are still out there collecting and hoarding information, and failing to watch out for the next iceberg.

Head back to the table of contents.

The Biggest Health Breach We’ve Ever Seen Award: Change Health

In February, a ransomware attack on Change Healthcare exposed the private health information of over 100 million people. The company, which processes 40% of all U.S. health insurance claims, was forced offline for nearly a month. As a result, healthcare practices nationwide struggled to stay operational and patients experienced limits on access to care. Meanwhile, the stolen data poses long-term risks for identity theft and insurance fraud for millions of Americans—it includes patients’ personal identifiers, health diagnoses, medications, insurance details, financial information, and government identity documents.

The misuse of medical records can be harder to detect and correct that regular financial fraud or identity theft. The FTC recommends that people at risk of medical identity theft watch out for suspicious medical bills or debt collection notices.

The hack highlights the need for stronger cybersecurity in the healthcare industry, which is increasingly targeted by cyberattacks. The Change Healthcare hackers were able to access a critical system because it lacked two-factor authentication, a basic form of security.

To make matters worse, Change Healthcare’s recent merger with Optum, which antitrust regulators tried and failed to block, even further centralized vast amounts of sensitive information. Many healthcare providers blamed corporate consolidation for the scale of disruption. As the former president of the American Medical Association put it, “When we have one option, then the hackers have one big target… if they bring that down, they can grind U.S. health care to a halt.” Privacy and competition are related values, and data breach and monopoly are connected problems.

Head back to the table of contents.

The There’s No Such Thing As Backdoors for Only “Good Guys” Award: Salt Typhoon

When companies build backdoors into their services to provide law enforcement access to user data, these backdoors can be exploited by thieves, foreign governments, and other adversaries. There are no methods of access that are magically only accessible to “good guys.” No security breach has demonstrated that more clearly than this year’s attack by Salt Typhoon, a Chinese government-backed hacking group.

Internet service providers generally have special systems to provide law enforcement and intelligence agencies access to user data. They do that to comply with laws like CALEA, which require telecom companies to provide a means for “lawful intercepts”—in other words, wiretaps.

The Salt Typhoon group was able to access the powerful tools that in theory have been reserved for U.S. government agencies. The hackers infiltrated the nation’s biggest telecom networks, including Verizon, AT&T, and others, and were able to target their surveillance based on U.S. law enforcement wiretap requests. Breaches elsewhere in the system let them listen in on calls in real time. People under U.S. surveillance were clearly some of the targets, but the hackers also targeted both 2024 presidential campaigns and officials in the State Department. 

While fewer than 150 people have been identified as targets so far, the number of people who were called or texted by those targets run into the “millions,” according to a Senator who has been briefed on the hack. What’s more, the Salt Typhoon hackers still have not been rooted out of the networks they infiltrated.

The idea that only authorized government agencies would use such backdoor access tools has always been flawed. With sophisticated state-sponsored hacking groups operating across the globe, a data breach like Salt Typhoon was only a matter of time. 

Head back to the table of contents.

The Snowballing Breach of the Year Award: Snowflake

Thieves compromised the corporate customer accounts for U.S. cloud analytics provider Snowflake. The corporate customers included AT&T, Ticketmaster, Santander, Neiman Marcus, and many others: 165 in total.

This led to a massive breach of billions of data records for individuals using these companies. A combination of infostealer malware infections on non-Snowflake machines as well as weak security used to protect the affected accounts allowed the hackers to gain access and extort the customers. At the time of the hack, April-July of this year, Snowflake was not requiring two-factor authentication, an account security measure which could have provided protection against the attacks. A number of arrests were made after security researchers uncovered the identities of several of the threat actors.

But what does Snowflake do? According to their website, Snowflake “is a cloud-based data platform that provides data storage, processing, and analytic solutions.” Essentially, they store and index troves of customer data for companies to look at. And the larger the amount of data stored, the bigger the target for malicious actors to use to put leverage on and extort those companies. The problem is the data is on all of us. In the case of Snowflake customer AT&T, this includes billions of call and text logs of its customers, putting individuals’ sensitive data at risk of exposure. A privacy-first approach would employ techniques such as data minimization and either not collect that data in the first place or shorten the retention period that the data is stored. Otherwise it just sits there waiting for the next breach.

Head back to the table of contents.

Tips to Protect Yourself

Data breaches are such a common occurrence that it’s easy to feel like there’s nothing you can do, nor any point in trying. But privacy isn’t dead. While some information about you is almost certainly out there, that’s no reason for despair. In fact, it’s a good reason to take action.

There are steps you can take right now with all your online accounts to best protect yourself from the the next data breach (and the next, and the next):

• Use unique passwords on all your online accounts. This is made much easier by using a password manager, which can generate and store those passwords for you. When you have a unique password for every website, a data breach of one site won’t cascade to others.
• Use two-factor authentication when a service offers it. Two-factor authentication makes your online accounts more secure by requiring additional proof (“factors”) alongside your password when you log in. While two-factor authentication adds another step to the login process, it’s a great way to help keep out anyone not authorized, even if your password is breached.
• Freeze your credit. Many experts recommend freezing your credit with the major credit bureaus as a way to protect against the sort of identity theft that’s made possible by some data breaches. Freezing your credit prevents someone from opening up a new line of credit in your name without additional information, like a PIN or password, to “unfreeze” the account. This might sound absurd considering they can’t even open bank accounts, but if you have kids, you can freeze their credit too.
• Keep a close eye out for strange medical bills. With the number of health companies breached this year, it’s also a good idea to watch for healthcare fraud. The Federal Trade Commission recommends watching for strange bills, letters from your health insurance company for services you didn’t receive, and letters from debt collectors claiming you owe money. 

Head back to the table of contents.

(Dis)Honorable Mentions

By one report, 2023 saw over 3,000 data breaches. The figure so far this year is looking slightly smaller, with around 2,200 reported through the end of the third quarter. But 2,200 and counting is little comfort.

We did not investigate every one of these 2,000-plus data breaches, but we looked at a lot of them, including the news coverage and the data breach notification letters that many state Attorney General offices host on their websites. We can’t award the coveted Breachie Award to every company that was breached this year. Still, here are some (dis)honorable mentions:

ADT, Advance Auto Parts, AT&T, AT&T (again), Avis, Casio, Cencora, Comcast, Dell, El Salvador, Fidelity, FilterBaby, Fortinet, Framework, Golden Corral, Greylock, Halliburton, HealthEquity, Heritage Foundation, HMG Healthcare, Internet Archive, LA County Department of Mental Health, MediSecure, Mobile Guardian, MoneyGram, muah.ai, Ohio Lottery, Omni Hotels, Oregon Zoo, Orrick, Herrington & Sutcliffe, Panda Restaurants, Panera, Patelco Credit Union, Patriot Mobile, pcTattletale, Perry Johnson & Associates, Roll20, Santander, Spytech, Synnovis, TEG, Ticketmaster, Twilio, USPS, Verizon, VF Corp, WebTPA.

What now? Companies need to do a better job of only collecting the information they need to operate, and if properly securing what they store. Also, the U.S. needs to pass comprehensive privacy protections. At the very least, we need to be able to sue companies when these sorts of breaches happen (and while we’re at it, it’d be nice if we got more than $5.21 checks in the mail). EFF has long advocated for a strong federal privacy law that includes a private right of action.

The IEEE recently announced the winners of their 2025 prestigious medals, technical awards, and fellowships. Four MIT faculty members, one staff member, and five alumni were recognized.

Regina Barzilay, the School of Engineering Distinguished Professor for AI and Health within the Department of Electrical Engineering and Computer Science (EECS) at MIT, received the IEEE Frances E. Allen Medal for “innovative machine learning algorithms that have led to advances in human language technology and demonstrated impact on the field of medicine.” Barzilay focuses on machine learning algorithms for modeling molecular properties in the context of drug design, with the goal of elucidating disease biochemistry and accelerating the development of new therapeutics. In the field of clinical AI, she focuses on algorithms for early cancer diagnostics. She is also the AI faculty lead within the MIT Abdul Latif Jameel Clinic for Machine Learning in Health and an affiliate of the Computer Science and Artificial Intelligence Laboratory, Institute for Medical Engineering and Science, and Koch Institute for Integrative Cancer Research. Barzilay is a member of the National Academy of Engineering, the National Academy of Medicine, and the American Academy of Arts and Sciences. She has earned the MacArthur Fellowship, MIT’s Jamieson Award for excellence in teaching, and the Association for the Advancement of Artificial Intelligence’s $1 million Squirrel AI Award for Artificial Intelligence for the Benefit of Humanity. Barzilay is a fellow of AAAI, ACL, and AIMBE.

James J. Collins, the Termeer Professor of Medical Engineering and Science, professor of biological engineering at MIT, and member of the Harvard-MIT Health Sciences and Technology faculty, earned the 2025 IEEE Medal for Innovations in Healthcare Technology for his work in “synthetic gene circuits and programmable cells, launching the field of synthetic biology, and impacting healthcare applications.” He is a core founding faculty member of the Wyss Institute for Biologically Inspired Engineering at Harvard University and an Institute Member of the Broad Institute of MIT and Harvard. Collins is known as a pioneer in synthetic biology, and currently focuses on employing engineering principles to model, design, and build synthetic gene circuits and programmable cells to create novel classes of diagnostics and therapeutics. His patented technologies have been licensed by over 25 biotech, pharma, and medical device companies, and he has co-founded several companies, including Synlogic, Senti Biosciences, Sherlock Biosciences, Cellarity, and the nonprofit Phare Bio. Collins’ many accolades are the MacArthur “Genius” Award, the Dickson Prize in Medicine, and election to the National Academies of Sciences, Engineering, and Medicine.

Roozbeh Jafari, principal staff member in MIT Lincoln Laboratory's Biotechnology and Human Systems Division, was elected IEEE Fellow for his “contributions to sensors and systems for digital health paradigms.” Jafari seeks to establish impactful and highly collaborative programs between Lincoln Laboratory, MIT campus, and other U.S. academic entities to promote health and wellness for national security and public health. His research interests are wearable-computer design, sensors, systems, and AI for digital health, most recently focusing on digital twins for precision health. He has published more than 200 refereed papers and served as general chair and technical program committee chair for several flagship conferences focused on wearable computers. Jafari has received a National Science Foundation Faculty Early Career Development (CAREER) Award (2012), the IEEE Real-Time and Embedded Technology and Applications Symposium Best Paper Award (2011), the IEEE Andrew P. Sage Best Transactions Paper Award (2014), and the Association for Computing Machinery Transactions on Embedded Computing Systems Best Paper Award (2019), among other honors.

William Oliver, the Henry Ellis Warren (1894) Professor of Electrical Engineering and Computer Science and professor of physics at MIT, was elected an IEEE Fellow for his “contributions to superconductive quantum computing technology and its teaching.” Director of the MIT Center for Quantum Engineering and associate director of the MIT Research Laboratory of Electronics, Oliver leads the Engineering Quantum Systems (EQuS) group at MIT. His research focuses on superconducting qubits, their use in small-scale quantum processors, and the development of cryogenic packaging and control electronics. The EQuS group closely collaborates with the Quantum Information and Integrated Nanosystems Group at Lincoln Laboratory, where Oliver was previously a staff member and a Laboratory Fellow from 2017 to 2023. Through MIT xPRO, Oliver created four online professional development courses addressing the fundamentals and practical realities of quantum computing. He is member of the National Quantum Initiative Advisory Committee and has published more than 130 journal articles and seven book chapters. Inventor or co-inventor on more than 10 patents, he is a fellow of the American Association for the Advancement of Science and the American Physical Society; serves on the U.S. Committee for Superconducting Electronics; and is a lead editor for the IEEE Applied Superconductivity Conference.

Daniela Rus, director of the MIT Computer Science and Artificial Intelligence Laboratory,  MIT Schwarzman College of Computing deputy dean of research, and the Andrew (1956) and Erna Viterbi Professor within the Department of Electrical Engineering and Computer Science, was awarded the IEEE Edison Medal for “sustained leadership and pioneering contributions in modern robotics.” Rus’ research in robotics, artificial intelligence, and data science focuses primarily on developing the science and engineering of autonomy, where she envisions groups of robots interacting with each other and with people to support humans with cognitive and physical tasks. Rus is a Class of 2002 MacArthur Fellow, a fellow of the Association for Computing Machinery, of the Association for the Advancement of Artificial Intelligence and of IEEE, and a member of the National Academy of Engineers and the American Academy of Arts and Sciences.

Five MIT alumni were also recognized.

Steve Mann PhD ’97, a graduate of the Program in Media Arts and Sciences, received the Masaru Ibuka Consumer Technology Award “for contributions to the advancement of wearable computing and high dynamic range imaging.” He founded the MIT Wearable Computing Project and is currently professor of computer engineering at the University of Toronto as well as an IEEE Fellow.

Thomas Louis Marzetta ’72 PhD ’78, a graduate of the Department of Electrical Engineering and Computer Science, received the Eric E. Sumner Award “for originating the Massive MIMO technology in wireless communications.” Marzetta is a distinguished industry professor at New York University’s (NYU) Tandon School of Engineering and is director of NYU Wireless, an academic research center within the department. He is also an IEEE Life Fellow.

Michael Menzel ’81, a graduate of the Department of Physics, was awarded the Simon Ramo Medal “for development of the James Webb Space Telescope [JWST], first deployed to see the earliest galaxies in the universe,” along with Bill Ochs, JWST project manager at NASA, and Scott Willoughby, vice president and program manager for the JWST program at Northrop Grumman. Menzel is a mission systems engineer at NASA and a member of the American Astronomical Society.

Jose Manuel Fonseca Moura ’73, SM ’73, ScD ’75, a graduate of the Department of Electrical Engineering and Computer Science, received the Haraden Pratt Award “for sustained leadership and outstanding contributions to the IEEE in education, technical activities, awards, and global connections.” Currently, Moura is the Philip L. and Marsha Dowd University Professor at Carnegie Mellon University. He is also a member of the U.S. National Academy of Engineers, fellow of the U.S. National Academy of Inventors, a member of the Portugal Academy of Science, an IEEE Fellow, and a fellow of the American Association for the Advancement of Science.

Marc Raibert PhD ’77, a graduate of the former Department of Psychology, now a part of the Department of Brain and Cognitive Sciences, received the Robotics and Automation Award “for pioneering and leading the field of dynamic legged locomotion.” He is founder of Boston Dynamics, an MIT spinoff and robotics company, and The AI Institute, based in Cambridge, Massachusetts, where he also serves as the executive director. Raibert is an IEEE Member.

Senior Holden Mui appreciates the details in mathematics and music. A well-written orchestral piece and a well-designed competitive math problem both require a certain flair and a well-tuned sense of how to keep an audience’s interest.

“People want fresh, new, non-recycled approaches to math and music,” he says. Mui sees his role as a guide of sorts, someone who can take his ideas for a musical composition or a math problem and share them with audiences in an engaging way. His ideas must make the transition from his mind to the page in as precise a way as possible. Details matter.

A double major in math and music from Lisle, Illinois, Mui believes it’s important to invite people into a creative process that allows a kind of conversation to occur between a piece of music he writes and his audience, for example. Or a math problem and the people who try to solve it. “Part of math’s appeal is its ability to reveal deep truths that may be hidden in simple statements,” he argues, “while contemporary classical music should be available for enjoyment by as many people as possible.”

Mui’s first experience at MIT was as a high school student in 2017. He visited as a member of a high school math competition team attending an event hosted and staged by MIT and Harvard University students. The following year, Mui met other students at math camps and began thinking seriously about what was next.

“I chose math as a major because it’s been a passion of mine since high school. My interest grew through competitions and continued to develop it through research,” he says. “I chose MIT because it boasts one of the most rigorous and accomplished mathematics departments in the country.”

Mui is also a math problem writer for the Harvard-MIT Math Tournament (HMMT) and performs with Ribotones, a club that travels to places like retirement homes or public spaces on the Institute’s campus to play music for free.

Mui studies piano with Timothy McFarland, an artist affiliate at MIT, through the MIT Emerson/Harris Fellowship Program, and previously studied with Kate Nir and Matthew Hagle of the Music Institute of Chicago. He started piano at the age of five and cites French composer Maurice Ravel as one of his major musical influences.

As a music student at MIT, Mui is involved in piano performance, chamber music, collaborative piano, the MIT Symphony Orchestra as a violist, conducting, and composition.

He enjoys the incredible variety available within MIT’s music program. “It offers everything from electronic music to world music studies,” he notes, “and has broadened my understanding and appreciation of music’s diversity.”

Collaborating to create

Throughout his academic career, Mui found himself among like-minded students like former Yale University undergraduate Andrew Wu. Together, Mui and Wu won an Emergent Ventures grant. In this collaboration, Mui wrote the music Wu would play. Wu described his experience with one of Mui’s compositions, “Poetry,” as “demanding serious focus and continued re-readings,” yielding nuances even after repeated listens.

Another of Mui’s compositions, “Landscapes,” was performed by MIT’s Symphony Orchestra in October 2024 and offered audiences opportunities to engage with the ideas he explores in his music.

One of the challenges Mui discovered early is that academic composers sometimes create music audiences might struggle to understand. “People often say that music is a universal language, but one of the most valuable insights I’ve gained at MIT is that music isn’t as universally experienced as one might think,” he says. “There are notable differences, for example, between Western music and world music.” 

This, Mui says, broadened his perspective on how to approach music and encouraged him to consider his audience more closely when composing. He treats music as an opportunity to invite people into how he thinks. 

Creative ideas, accessible outcomes

Mui understands the value of sharing his skills and ideas with others, crediting the MIT International Science and Technology Initiatives (MISTI) program with offering multiple opportunities for travel and teaching. “I’ve been on three MISTI trips during IAP [Independent Activities Period] to teach mathematics,” he says. 

Mui says it’s important to be flexible, dynamic, and adaptable in preparation for a fulfilling professional life. Music and math both demand the development of the kinds of soft skills that can help him succeed as a musician, composer, and mathematician.

“Creating math problems is surprisingly similar to writing music,” he argues. “In both cases, the work needs to be complex enough to be interesting without becoming unapproachable.” For Mui, designing original math problems is “like trying to write down an original melody.”

“To write math problems, you have to have seen a lot of math problems before. To write music, you have to know the literature — Bach, Beethoven, Ravel, Ligeti — as diverse a group of personalities as possible.”

A future in the notes and numbers

Mui points to the professional and personal virtues of exploring different fields. “It allows me to build a more diverse network of people with unique perspectives,” he says. “Professionally, having a range of experiences and viewpoints to draw on is invaluable; the broader my knowledge and network, the more insights I can gain to succeed.”

After graduating, Mui plans to pursue doctoral study in mathematics following the completion of a cryptography internship. “The connections I’ve made at MIT, and will continue to make, are valuable because they’ll be useful regardless of the career I choose,” he says. He wants to continue researching math he finds challenging and rewarding. As with his music, he wants to strike a balance between emotion and innovation.

“I think it’s important not to pull all of one’s eggs in one basket,” he says. “One important figure that comes to mind is Isaac Newton, who split his time among three fields: physics, alchemy, and theology.” Mui’s path forward will inevitably include music and math. Whether crafting compositions or designing math problems, Mui seeks to invite others into a world where notes and numbers converge to create meaning, inspire connection, and transform understanding.

Frida Polli, a neuroscientist, entrepreneur, investor, and inventor known for her leading-edge contributions at the crossroads of behavioral science and artificial intelligence, is MIT’s new visiting innovation scholar for the 2024-25 academic year. She is the first visiting innovation scholar to be housed within the MIT Schwarzman College of Computing.

Polli began her career in academic neuroscience with a focus on multimodal brain imaging related to health and disease. She was a fellow at the Psychiatric Neuroimaging Group at Mass General Brigham and Harvard Medical School. She then joined the Department of Brain and Cognitive Sciences at MIT as a postdoc, where she worked with John Gabrieli, the Grover Hermann Professor of Health Sciences and Technology and a professor of brain and cognitive sciences.

Her research has won many awards, including a Young Investigator Award from the Brain and Behavior Research Foundation. She authored over 30 peer-reviewed articles, with notable publications in the Proceedings of the National Academy of Sciences, the Journal of Neuroscience, and Brain. She transitioned from academia to entrepreneurship by completing her MBA at the Harvard Business School (HBS) as a Robert Kaplan Life Science Fellow. During this time, she also won the Life Sciences Track and the Audience Choice Award in the 2010 MIT $100K Entrepreneurship competition as a member of Aukera Therapeutics.

After HBS, Polli launched pymetrics, which harnessed advancements in cognitive science and machine learning to develop analytics-driven decision-making and performance enhancement software for the human capital sector. She holds multiple patents for the technology developed at pymetrics, which she co-founded in 2012 and led as CEO until her successful exit in 2022. Pymetrics was a World Economic Forum’s Technology Pioneer and Global Innovator, an Inc. 5000’s Fastest-Growing company, and Forbes Artificial Intelligence 50 company. Polli and pymetrics also played a pivotal role in passing the first-in-the-nation algorithmic bias law — New York’s Automated Employment Decision Tool law — which went into effect in July 2023.

Making her return to MIT as a visiting innovation scholar, Polli is collaborating closely with Sendhil Mullainathan, the Peter de Florez Professor in the departments of Electrical Engineering and Computer Science and Economics, and a principal investigator in the Laboratory for Information and Decision Systems. With Mullainathan, she is working to bring together a broad array of faculty, students, and postdocs across MIT to address concrete problems where humans and algorithms intersect, to develop a new subdomain of computer science specific to behavioral science, and to train the next generation of scientists to be bilingual in these two fields.

“Sometimes you get lucky, and sometimes you get unreasonably lucky. Frida has thrived in each of the facets we’re looking to have impact in — academia, civil society, and the marketplace. She combines a startup mentality with an abiding interest in positive social impact, while capable of ensuring the kind of intellectual rigor MIT demands. It’s an exceptionally rare combination, one we are unreasonably lucky to have,” says Mullainathan.

“People are increasingly interacting with algorithms, often with poor results, because most algorithms are not built with human interplay in mind,” says Polli. “We will focus on designing algorithms that will work synergistically with people. Only such algorithms can help us address large societal challenges in education, health care, poverty, et cetera.”

Polli was recognized as one of Inc.'s Top 100 Female Founders in 2019, followed by being named to Entrepreneur's Top 100 Powerful Women in 2020, and to the 2024 list of 100 Brilliant Women in AI Ethics. Her work has been highlighted by major outlets including The New York Times, The Wall Street Journal, The Financial Times, The Economist, Fortune, Harvard Business Review, Fast Company, Bloomberg, and Inc.

Beyond her role at pymetrics, she founded Alethia AI in 2023, an organization focused on promoting transparency in technology, and in 2024, she launched Rosalind Ventures, dedicated to investing in women founders in science and health care. She is also an advisor at the Buck Institute’s Center for Healthy Aging in Women.

"I'm delighted to welcome Dr. Polli back to MIT. As a bilingual expert in both behavioral science and AI, she is a natural fit for the college. Her entrepreneurial background makes her a terrific inaugural visiting innovation scholar,” says Dan Huttenlocher, dean of the MIT Schwarzman College of Computing and the Henry Ellis Warren Professor of Electrical Engineering and Computer Science.

This post is part two in a series of posts about EFF’s work in Europe. Read about how and why we work in Europe here. 

EFF’s mission is to ensure that technology supports freedom, justice, and innovation for all people of the world. While our work has taken us to far corners of the globe, in recent years we have worked to expand our efforts in Europe, building up a policy team with key expertise in the region, and bringing our experience in advocacy and technology to the European fight for digital rights.

In this blog post series, we will introduce you to the various players involved in that fight, share how we work in Europe, and how what happens in Europe can affect digital rights across the globe. 

EFF’s approach to free speech

The global spread of Internet access and digital services promised a new era of freedom of expression, where everyone could share and access information, speak out and find an audience without relying on gatekeepers and make, tinker with and share creative works.  

Everyone should have the right to express themselves and share ideas freely. Various European countries have experienced totalitarian regimes and extensive censorship in the past century, and as a result, many Europeans still place special emphasis on privacy and freedom of expression. These values are enshrined in the European Convention of Human Rights and the Charter of Fundamental Rights of the European Union – essential legal frameworks for the protection of fundamental rights.  

Today, as so much of our speech is facilitated by online platforms, there is an expectation, that they too respect fundamental rights. Through their terms of services, community guidelines or house rules, platforms get to unilaterally define what speech is permissible on their services. The enforcement of these rules can be arbitrary, untransparent and selective, resulting in the suppression of contentious ideas and minority voices.  

That’s why EFF has been fighting against both government threats to free expression and to hold tech companies accountable for grounding their content moderation practices in robust human rights frameworks. That entails setting out clear rules and standards for internal processes such as notifications and explanations to users when terms of services are enforced or changed. In the European Union, we have worked for decades to ensure that laws governing online platforms respect fundamental rights, advocated against censorship and spoke up on behalf of human rights defenders. 

What’s the Digital Services Act and why do we keep talking about it? 

For the past years, we have been especially busy addressing human rights concerns with the drafting and implementation of the DSA the Digital Services Act (DSA), the new law setting out the rules for online services in the European Union. The DSA covers most online services, ranging from online marketplaces like Amazon, search engines like Google, social networks like Meta and app stores. However, not all of its rules apply to all services – instead, the DSA follows a risk-based approach that puts the most obligations on the largest services that have the highest impact on users. All service providers must ensure that their terms of services respect fundamental rights, that users can get in touch with them easily, and that they report on their content moderation activities. Additional rules apply to online platforms: they must give users detailed information about content moderation decisions and the right to appeal and additional transparency obligations. They also have to provide some basic transparency into the functioning of their recommender systems and are not allowed to target underage users with personalized ads. The most stringent obligations apply to the largest online platforms and search engines, which have more than 45 million users in the EU. These companies, which include X, TikTok, Amazon, Google Search and Play, YouTube, and several porn platforms, must proactively assess and mitigate systemic risks related to the design, functioning and use of their service their services. These include risks to the exercise of fundamental rights, elections, public safety, civic discourse, the protection of minors and public health. This novel approach might have merit but is also cause for concern: Systemic risks are barely defined and could lead to restrictions of lawful speech, and measures to address these risks, for example age verification, have negative consequences themselves, like undermining users’ privacy and access to information.  

The DSA is an important piece of legislation to advance users’ rights and hold companies accountable, but it also comes with significant risks. We are concerned about the DSA’s requirement that service providers proactively share user data with law enforcement authorities and the powers it gives government agencies to request such data. We caution against the misuse of the DSA’s emergency mechanism and the expansion of the DSA’s systemic risks governance approach as a catch-all tool to crack down on undesired but lawful speech. Similarly, the appointment of trusted flaggers could lead to pressure on platforms to over remove content, especially as the DSA does not limit government authorities from becoming trusted flaggers.  

EFF has been advocating for lawmakers to take a measured approach that doesn’t undermine the freedom of expression. Even though we have been successful in avoiding some of the most harmful ideas, concerns remain, especially with regards to the politicization of the enforcement of the DSA and potential over-enforcement. That’s why we will keep a close eye on the enforcement of the DSA, ready to use all means at our disposal to push back against over-enforcement and to defend user rights.  

European laws often implicate users globally. To give non-European users a voice in Brussels, we have been facilitating the DSA Human Rights Alliance. The DSA HR Alliance is formed around the conviction that the DSA must adopt a human rights-based approach to platform governance and consider its global impact. We will continue building on and expanding the Alliance to ensure that the enforcement of the DSA doesn’t lead to unintended negative consequences and respects users’ rights everywhere in the world.

The UK’s Platform Regulation Legislation 

In parallel to the Digital Services Act, the UK has passed its own platform regulation, the Online Safety Act (OSA). Seeking to make the UK “the safest place in the world to be online,” the OSA will lead to a more censored, locked-down internet for British users. The Act empowers the UK government to undermine not just the privacy and security of UK residents, but internet users worldwide. 

Online platforms will be expected to remove content that the UK government views as inappropriate for children. If they don’t, they’ll face heavy penalties. The problem is, in the UK as in the U.S. and elsewhere, people disagree sharply about what type of content is harmful for kids. Putting that decision in the hands of government regulators will lead to politicized censorship decisions.  

The OSA will also lead to harmful age-verification systems. You shouldn’t have to show your ID to get online. Age-gating systems meant to keep out kids invariably lead to adults losing their rights to private speech, and anonymous speech, which is sometimes necessary.  

As Ofcom is starting to release their regulations and guidelines, we’re watching how the regulator plans to avoid these human rights pitfalls, and will continue any fighting insufficient efforts to protect speech and privacy online.  

Media freedom and plurality for everyone 

Another issue that we have been championing is media freedom. Similar to the DSA, the EU recently overhauled its rules for media services: the European Media Freedom Act (EMFA). In this context, we pushed back against rules that would have forced online platforms like YouTube, X, or Instagram to carry any content by media outlets. Intended to bolster media pluralism, making platforms host content by force has severe consequences: Millions of EU users can no longer trust that online platforms will address content violating community standards. Besides, there is no easy way to differentiate between legitimate media providers, and such that are known for spreading disinformation, such as government-affiliated Russia sites active in the EU. Taking away platforms' possibility to restrict or remove such content could undermine rather than foster public discourse.  

The final version of EMFA introduced a number of important safeguards but is still a bad deal for users: We will closely follow its implementation to ensure that the new rules actually foster media freedom and plurality, inspire trust in the media and limit the use of spyware against journalists.  

Exposing censorship and defending those who defend us 

Covering regulation is just a small part of what we do. Over the past years, we have again and again revealed how companies’ broad-stroked content moderation practices censor users in the name of fighting terrorism, and restrict the voices of LGBTQ folks, sex workers, and underrepresented groups.  

Going into 2025, we will continue to shed light on these restrictions of speech and will pay particular attention to the censorship of Palestinian voices, which has been rampant. We will continue collaborating with our allies in the Digital Intimacy Coalition to share how restrictive speech policies often disproportionally affect sex workers. We will also continue to closely analyze the impact of the increasing and changing use of artificial intelligence in content moderation.  

Finally, a crucial part of our work in Europe has been speaking out for those who cannot: human rights defenders facing imprisonment and censorship.  

Much work remains to be done. We have put forward comprehensive policy recommendations to European lawmakers and we will continue fighting for an internet where everyone can make their voice heard. In the next posts in this series, you will learn more about how we work in Europe to ensure that digital markets are fair, offer users choice and respect fundamental rights. 

In the early years of the internet, website administrators had to face off with a burdensome and expensive process to deploy SSL certificates. But today, hundreds of thousands of people have used EFF’s free Certbot tool to spread that sweet HTTPS across the web. Now almost all internet traffic is encrypted, and everyone gets a basic level of security. Small actions mean big change when we act together. Will you support important work like this and give EFF a Year-End Challenge boost?

Give Today

Unlock Bonus Grants Before 2025

Make a donation of ANY SIZE by December 31 and you’ll help us unlock bonus grants! Every supporter gets us closer to a series of seven Year-End Challenge milestones set by EFF’s board of directors. These grants become larger as the number of online rights supporters grows. Everyone counts! See our progress.

🚧 Digital Rights: Under Construction 🚧

Since 1990, EFF has defended your digital privacy and free speech rights in the courts, through activism, and by making open source privacy tools. This team is committed to watching out for the users no matter what directions technological innovation may take us. And that’s funded entirely by donations.

fix_copyright_and_stay_golden.png

Show your support for digital rights with free EFF member gear.

With help from people like you, EFF has been able to help unravel legal and ethical questions surrounding the rise of AI; push the USPTO to withdraw harmful patent proposals; fight for the public's right to access police drone footage; and show why banning TikTok and passing laws like the Kids Online Safety Act (KOSA) will not achieve internet safety.

As technology’s reach continues to expand, so do everyone’s concerns about harmful side effects. That’s where EFF’s ample experience in tech policy, the law, and human rights shines. You can help us.

Donate to defend digital rights today and you’ll help us unlock bonus grants before the year ends.

Join EFF!

Proudly Member-Supported Since 1990

________________________

EFF is a member-supported U.S. 501(c)(3) organization. We’re celebrating ELEVEN YEARS of top ratings from the nonprofit watchdog Charity Navigator! Your donation is tax-deductible as allowed by law.

Crafting a unique and promising research hypothesis is a fundamental skill for any scientist. It can also be time consuming: New PhD candidates might spend the first year of their program trying to decide exactly what to explore in their experiments. What if artificial intelligence could help?

MIT researchers have created a way to autonomously generate and evaluate promising research hypotheses across fields, through human-AI collaboration. In a new paper, they describe how they used this framework to create evidence-driven hypotheses that align with unmet research needs in the field of biologically inspired materials.

Published Wednesday in Advanced Materials, the study was co-authored by Alireza Ghafarollahi, a postdoc in the Laboratory for Atomistic and Molecular Mechanics (LAMM), and Markus Buehler, the Jerry McAfee Professor in Engineering in MIT’s departments of Civil and Environmental Engineering and of Mechanical Engineering and director of LAMM.

The framework, which the researchers call SciAgents, consists of multiple AI agents, each with specific capabilities and access to data, that leverage “graph reasoning” methods, where AI models utilize a knowledge graph that organizes and defines relationships between diverse scientific concepts. The multi-agent approach mimics the way biological systems organize themselves as groups of elementary building blocks. Buehler notes that this “divide and conquer” principle is a prominent paradigm in biology at many levels, from materials to swarms of insects to civilizations — all examples where the total intelligence is much greater than the sum of individuals’ abilities.

“By using multiple AI agents, we’re trying to simulate the process by which communities of scientists make discoveries,” says Buehler. “At MIT, we do that by having a bunch of people with different backgrounds working together and bumping into each other at coffee shops or in MIT’s Infinite Corridor. But that's very coincidental and slow. Our quest is to simulate the process of discovery by exploring whether AI systems can be creative and make discoveries.”

Automating good ideas

As recent developments have demonstrated, large language models (LLMs) have shown an impressive ability to answer questions, summarize information, and execute simple tasks. But they are quite limited when it comes to generating new ideas from scratch. The MIT researchers wanted to design a system that enabled AI models to perform a more sophisticated, multistep process that goes beyond recalling information learned during training, to extrapolate and create new knowledge.

The foundation of their approach is an ontological knowledge graph, which organizes and makes connections between diverse scientific concepts. To make the graphs, the researchers feed a set of scientific papers into a generative AI model. In previous work, Buehler used a field of math known as category theory to help the AI model develop abstractions of scientific concepts as graphs, rooted in defining relationships between components, in a way that could be analyzed by other models through a process called graph reasoning. This focuses AI models on developing a more principled way to understand concepts; it also allows them to generalize better across domains.

“This is really important for us to create science-focused AI models, as scientific theories are typically rooted in generalizable principles rather than just knowledge recall,” Buehler says. “By focusing AI models on ‘thinking’ in such a manner, we can leapfrog beyond conventional methods and explore more creative uses of AI.”

For the most recent paper, the researchers used about 1,000 scientific studies on biological materials, but Buehler says the knowledge graphs could be generated using far more or fewer research papers from any field.

With the graph established, the researchers developed an AI system for scientific discovery, with multiple models specialized to play specific roles in the system. Most of the components were built off of OpenAI’s ChatGPT-4 series models and made use of a technique known as in-context learning, in which prompts provide contextual information about the model’s role in the system while allowing it to learn from data provided.

The individual agents in the framework interact with each other to collectively solve a complex problem that none of them would be able to do alone. The first task they are given is to generate the research hypothesis. The LLM interactions start after a subgraph has been defined from the knowledge graph, which can happen randomly or by manually entering a pair of keywords discussed in the papers.

In the framework, a language model the researchers named the “Ontologist” is tasked with defining scientific terms in the papers and examining the connections between them, fleshing out the knowledge graph. A model named “Scientist 1” then crafts a research proposal based on factors like its ability to uncover unexpected properties and novelty. The proposal includes a discussion of potential findings, the impact of the research, and a guess at the underlying mechanisms of action. A “Scientist 2” model expands on the idea, suggesting specific experimental and simulation approaches and making other improvements. Finally, a “Critic” model highlights its strengths and weaknesses and suggests further improvements.

“It’s about building a team of experts that are not all thinking the same way,” Buehler says. “They have to think differently and have different capabilities. The Critic agent is deliberately programmed to critique the others, so you don't have everybody agreeing and saying it’s a great idea. You have an agent saying, ‘There’s a weakness here, can you explain it better?’ That makes the output much different from single models.”

Other agents in the system are able to search existing literature, which provides the system with a way to not only assess feasibility but also create and assess the novelty of each idea.

Making the system stronger

To validate their approach, Buehler and Ghafarollahi built a knowledge graph based on the words “silk” and “energy intensive.” Using the framework, the “Scientist 1” model proposed integrating silk with dandelion-based pigments to create biomaterials with enhanced optical and mechanical properties. The model predicted the material would be significantly stronger than traditional silk materials and require less energy to process.

Scientist 2 then made suggestions, such as using specific molecular dynamic simulation tools to explore how the proposed materials would interact, adding that a good application for the material would be a bioinspired adhesive. The Critic model then highlighted several strengths of the proposed material and areas for improvement, such as its scalability, long-term stability, and the environmental impacts of solvent use. To address those concerns, the Critic suggested conducting pilot studies for process validation and performing rigorous analyses of material durability.

The researchers also conducted other experiments with randomly chosen keywords, which produced various original hypotheses about more efficient biomimetic microfluidic chips, enhancing the mechanical properties of collagen-based scaffolds, and the interaction between graphene and amyloid fibrils to create bioelectronic devices.

“The system was able to come up with these new, rigorous ideas based on the path from the knowledge graph,” Ghafarollahi says. “In terms of novelty and applicability, the materials seemed robust and novel. In future work, we’re going to generate thousands, or tens of thousands, of new research ideas, and then we can categorize them, try to understand better how these materials are generated and how they could be improved further.”

Going forward, the researchers hope to incorporate new tools for retrieving information and running simulations into their frameworks. They can also easily swap out the foundation models in their frameworks for more advanced models, allowing the system to adapt with the latest innovations in AI.

“Because of the way these agents interact, an improvement in one model, even if it’s slight, has a huge impact on the overall behaviors and output of the system,” Buehler says.

Since releasing a preprint with open-source details of their approach, the researchers have been contacted by hundreds of people interested in using the frameworks in diverse scientific fields and even areas like finance and cybersecurity.

“There’s a lot of stuff you can do without having to go to the lab,” Buehler says. “You want to basically go to the lab at the very end of the process. The lab is expensive and takes a long time, so you want a system that can drill very deep into the best ideas, formulating the best hypotheses and accurately predicting emergent behaviors. Our vision is to make this easy to use, so you can use an app to bring in other ideas or drag in datasets to really challenge the model to make new discoveries.”

Some people just can’t take a hint. Today’s perfect example is a group of independent movie distributors that have repeatedly tried, and failed, to force Reddit to give up the IP addresses of several users who posted about downloading movies. 

The distributors claim they need this information to support their copyright claims against internet service provider Frontier Communications, because it might be evidence that Frontier wasn’t enforcing its repeat infringer policy and therefore couldn’t claim safe harbor protections under the Digital Millennium. Copyright Act. Courts have repeatedly refused to enforce these subpoenas, recognizing the distributors couldn’t pass the test the First Amendment requires prior to unmasking anonymous speakers.  

Here's the twist: after the magistrate judge in this case applied this standard and quashed the subpoena, the movie distributors sought review from the district court judge assigned to the case. The second judge also denied discovery as unduly burdensome but, in a hearing on the matter, also said there was no First Amendment issue because the users were talking about copyright infringement. In their subsequent appeal to the Ninth Circuit, the distributors invite the appellate court to endorse the judge’s statement. 

As we explain in an amicus brief supporting Reddit, the court should refuse that invitation. Discussions about illegal activity clearly are protected speech. Indeed, the Supreme Court recently affirmed that even “advocacy of illegal acts” is “within the First Amendment’s core.” In fact, protecting such speech is a central purpose of the First Amendment because it ensures that people can robustly debate civil and criminal laws and advocate for change. 

There is no reason to imagine that this bedrock principle doesn’t apply just because the speech concerns copyright infringement – —especially where the speakers aren’t even defendants in the case, but independent third parties. And unmasking Does in copyright cases carries particular risks given the long history of copyright claims being used as an excuse to take down lawful as well as infringing content online. 

We’re glad to see Reddit fighting back against these improper subpoenas, and proud to stand with the company as it stands up for its users. 

It turns out that all cluster mailboxes in the Denver area have the same master key. So if someone robs a postal carrier, they can open any mailbox.

I get that a single master key makes the whole system easier, but it’s very fragile security.

As the UK’s Prime Minister Keir Starmer and Foreign Secretary David Lammy have failed to secure the release of British-Egyptian blogger, coder, and activist Alaa Abd El-Fattah, UK politicians call for tougher measures to secure Alaa’s immediate return to the UK.

During a debate on detained British nationals abroad in early December, chairwoman of the Commons Foreign Affairs Committee Emily Thornberry asked the House of Commons why the UK has continued to organize industry delegations to Cairo while “the Egyptian government have one of our citizens—Alaa Abd El-Fattah—wrongfully held in prison without consular access.”

In the same debate, Labour MP John McDonnell urged the introduction of a “moratorium on any new trade agreements with Egypt until Alaa is free,” which was supported by other politicians. Liberal Democrat MP Calum Miller also highlighted words from Alaa, who told his mother during a recent prison visit that he had “hope in David Lammy, but I just can’t believe nothing is happening...Now I think either I will die in here, or if my mother dies I will hold him to account.”

Alaa’s mother, mathematician Laila Soueif, has been on hunger strike for 79 days while she and the rest of his family have worked to engage the British government in securing Alaa’s release. On December 12, she also started protesting daily outside the Foreign Office and has since been joined by numerous MPs.

Support for Alaa has come from many directions. On December 6, 12 Nobel laureates wrote to Keir Starmer urging him to secure Alaa’s immediate release “Not only because Alaa is a British citizen, but to reanimate the commitment to intellectual sanctuary that made Britain a home for bold thinkers and visionaries for centuries.” The pressure on Labour’s senior politicians has continued throughout the month, with more than 100 MPs and peers writing to David Lammy on December 15 demanding Alaa’ be freed.   

Alaa should have been released on September 29, after serving his five-year sentence for sharing a Facebook post about a death in police custody, but Egyptian authorities have continued his imprisonment in contravention of the country’s own Criminal Procedure Code. British consular officials are prevented from visiting him in prison because the Egyptian government refuses to recognise Alaa’s British citizenship.

David Lammy met with Alaa’s family in November and promised to take action. But the UK’s Prime Minister failed to raise the case at the G20 Summit in Brazil when he met with Egypt’s President El-Sisi. 

If you’re based in the UK, here are some actions you can take to support the calls for Alaa’s release:

1. Write to your MP (external link): https://freealaa.net/message-mp 
2. Join Laila Soueif outside the Foreign Office daily between 10-11am
3. Share Alaa’s plight on social media using the hashtag #freealaa

The UK Prime Minister and Foreign Secretary’s inaction is unacceptable. Every second counts, and time is running out. The government must do everything it can to ensure Alaa’s immediate and unconditional release.

The state’s high court ruled that Montana officials violated the constitutional rights to a healthy environment by expanding fossil fuel production.

The president strengthened America’s commitment to slashing climate pollution under the Paris Agreement knowing that it could be abandoned when President-elect Donald Trump takes office next month.