Consumer protection

Coinbase privacy appeal rejected by US Supreme Court

The US Supreme Court has declined to hear an appeal from a Coinbase user, effectively allowing the Internal Revenue Service (IRS) to access user data without new restrictions.

The decision ends James Harper’s legal battle over the IRS’s broad request for user data, which he claimed violated constitutional privacy rights.

Harper’s challenge stemmed from a 2016 IRS summons demanding data from over 14,000 Coinbase users suspected of underreporting crypto income. Lower courts rejected his claims, citing the third-party doctrine that removes privacy rights for data shared with external platforms.

By refusing to take up the case, the Supreme Court leaves intact the precedent set by lower courts. The ruling confirms that centralised exchange users like those on Coinbase lack Fourth Amendment protection over government access to their financial data.

Experts warn the ruling could have broader implications beyond crypto. The outcome may reinforce the government’s ability to obtain user data from financial and technology platforms, potentially expanding surveillance powers across the digital economy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Meta’s Facebook uses phone photos for AI if users allow it

Meta has introduced a new feature that allows Facebook to access and analyse users’ photos stored on their phones, provided they give explicit permission.

The move is part of a broader push to improve the company’s AI tools, especially after the underwhelming reception of its Llama 4 model. Users who opt in will be agreeing to Meta’s AI Terms of Service, which grants the platform the right to retain and use personal media for content suggestions.

The new feature, currently being tested in the US and Canada, is designed to offer Facebook users creative ideas for Stories by processing their photos and videos through cloud infrastructure.

When enabled, users may receive suggestions such as collages or travel highlights based on when and where images were captured, as well as who or what appears in them. However, participation is strictly optional and can be turned off at any time.

Facebook clarifies that the media analysed under the feature is not used to train AI models in the current test. Still, the system does upload selected media to Meta’s servers on an ongoing basis, raising privacy concerns.

The option to activate these suggestions can be found in the Facebook app’s settings, where users are asked whether they want camera roll data to inform sharing ideas.

Meta has been actively promoting its AI ambitions, with CEO Mark Zuckerberg pushing for the development of ‘superintelligence’. The company recently launched Meta Superintelligence Labs to lead these efforts.

Despite facing stiff competition from OpenAI, DeepSeek and Google, Meta appears determined to deepen its use of personal data to boost its AI capabilities.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Lung cancer caught early thanks to AI

A 69-year-old woman from Surrey has credited AI with saving her life after it detected lung cancer that human radiologists initially missed.

The software flagged a concerning anomaly in a chest X-ray that had been given the all-clear, prompting urgent follow-up and surgery.

NHS hospitals increasingly use AI tools like Annalise.ai, which analyses scans and prioritises urgent cases for radiologists.

Dianne Covey, whose tumour was caught at stage one, avoided chemotherapy or radiotherapy and has since made a full recovery.

With investments exceeding £36 million, the UK government and NHS are rapidly deploying AI to improve cancer diagnosis rates and reduce waiting times. AI has now been trialled or implemented across more than 45 NHS trusts and is also used for skin and prostate cancer detection.

Doctors and technologists say AI is not replacing medical professionals but enhancing their capabilities by highlighting critical cases and improving speed.

Experts warn that outdated machines, biassed training data and over-reliance on consumer AI tools remain risks to patient outcomes.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Balancing security and usability in digital authentication

A report by the FIDO Alliance revealed that 53% of consumers observed an increase in suspicious messages in 2024, with SMS, emails, and phone calls being the primary vectors.

As digital scams and AI-driven fraud rise, businesses face growing pressure to strengthen authentication methods without compromising user experience.

No clear standard has emerged despite the range of available authentication options—including passkeys, one-time passwords (OTP), multi-factor authentication (MFA), and biometric systems.

Industry experts warn that focusing solely on advanced tools can lead to overlooking basic user needs. Minor authentication hurdles such as CAPTCHA errors have led to customer drop-offs and failed transactions.

Organisations are exploring risk-based, adaptive authentication models that adjust security levels based on user behaviour and context. The systems could eventually replace static logins with continuous, behind-the-scenes verification.

AI complicates the landscape further. As autonomous assistants handle tasks like booking tickets or making purchases, distinguishing legitimate user activity from malicious bots becomes increasingly tricky.

With no universal solution, experts say businesses must offer a flexible range of secure options tailored to user preferences. The challenge remains to find the right balance between security and usability in an evolving threat environment.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Ransomware victims still paying, Sophos finds

Nearly half of ransomware victims paid the attackers last year, according to Sophos. In its 2025 survey of 3,400 IT pros, 49% admitted to making payments—just below last year’s record.

Ransom amounts dropped significantly, with median payments falling 50% and demand amounts down a third. Yet backup usage also hit a six-year low, used by just 54% of firms for recovery.

Attackers often exploited known vulnerabilities (32%) or unknown security gaps (40%), highlighting persistent weaknesses. Sophos noted many companies now accept ransomware as a business risk.

CISA warned that CVE-2024-54085 in AMI MegaRAC firmware is under active exploitation elsewhere. The bug allows attackers to bypass authenticating remotely.

Varonis flagged abuse of Microsoft’s Direct Send email feature in a phishing campaign affecting over 70 organisations. Disabling it is advised if not essential.

Rapid7 also found critical vulnerabilities in Brother printers. One flaw rated CVSS 9.8, allows password theft and cannot be patched—users must change defaults.

Finally, Google will roll out new Gemini AI features to Android users starting on July 7, even for those with app activity disabled.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cybercrime surge hits airlines across North America

According to the FBI and cybersecurity experts, a well-known cybercrime group has launched fresh attacks on the airline industry, successfully breaching the networks of several airlines in the US and Canada.

The hackers, identified as ‘Scattered Spider’, are known for aggressive extortion tactics and are now shifting their focus to aviation instead of insurance or retail, their previous targets.

Airline security teams remain on high alert despite no flights or operations being disrupted. Hawaiian Airlines and Canada’s WestJet have acknowledged recent cyber incidents, while sources suggest more affected companies may step forward soon.

Both airlines reported no impact on day-to-day services, likely due to solid internal defences and continuity planning.

The attackers often exploit help desks by impersonating employees or customers to access corporate systems. Experts warn that airline call centres are especially vulnerable, given their importance to customer support.

Cybersecurity firms, including Mandiant, are now supporting the response and advising firms to reinforce these high-risk entry points.

Scattered Spider has previously breached major casinos, insurance, and retail companies. The FBI confirmed it is working with aviation partners to contain the threat and assist victims.

Industry leaders remain alert, noting that airlines, IT contractors, and vendors across the aviation sector are at risk from the escalating threat.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hacktivist attacks surge in Iran–Israel tensions

The Iran–Israel conflict has now expanded into cyberspace, with rival hacker groups launching waves of politically driven attacks.

Following Israel’s military operation against Iran, pro-Israeli hackers known as ‘Predatory Sparrow‘ struck Iran’s Sepah Bank, deleting data and causing significant service disruption.

A day later, the same group targeted Nobitex, Iran’s largest crypto exchange, stealing and destroying over $90 million in assets.

Cyber attacks intensified in the days before and after Israeli strikes. According to NSFOCUS, cyberattacks on Iran peaked three days before the military operation, suggesting pre-attack reconnaissance.

In retaliation, pro-Iranian hackers escalated attacks on Israel on 16 June, focusing on government systems, aerospace, and education.

While attacks on Iran have been fewer, Israeli systems have faced over 1,300 attacks in 2025 alone, with 37% of all global hacktivist activity aimed at Israel since the conflict began.

However, analysts note these attacks have been high in volume but limited in impact. Their malware tactics involve evading antivirus software, deleting data, and turning off recovery systems.

NSFOCUS warns that geopolitical tensions are turning hacktivist groups into informal cyber proxies. Though not formally state-backed, these loosely organised actors align closely with national interests.

As traditional defences lag, cybersecurity experts argue that national infrastructure must adopt more strategic, coordinated defence measures instead of fragmented responses, especially during crises and conflicts.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Google Doppl, the new AI app, turns outfit photos into try-on videos

Google has unveiled Doppl, a new AI-powered app that lets users create short videos of themselves wearing any outfit they choose.

Instead of relying on imagination or guesswork, Doppl allows people to upload full-body photos and apply outfits seen on social media, thrift shops, or friends, creating animated try-ons that bring static images to life.

The app builds on Google’s earlier virtual try-on tools integrated with its Shopping Graph. Doppl pushes things further by transforming still photos into motion videos, showing how clothes flow and fit in movement.

Users can upload their full-body image or choose an AI model to preview outfits. However, Google warns that the fit and details might not always be accurate at an early stage.

Doppl is currently only available in the US for Android and iOS users aged 18 or older. While Google encourages sharing videos with friends and followers, the tool raises concerns about misuse, such as generating content using photos of others.

Google’s policy requires disclosure if someone impersonates another person, but the company admits that some abuse may occur. To address the issue, Doppl content will include invisible watermarks for tracking.

In its privacy notice, Google confirmed that user uploads and generated videos will be used to improve AI technologies and services. However, data will be anonymised and separated from user accounts before any human review is allowed.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK bank limits crypto transactions amid consumer risks

Barclays Bank has announced it will block all cryptocurrency transactions made using its bank cards, including Barclaycard credit cards, starting 27 June 2025.

The decision reflects growing concerns about digital currencies’ risks to consumers, particularly the high volatility that can lead to debt. The bank’s statement cited the lack of consumer protections as a key factor.

Cryptocurrencies aren’t covered by the Financial Ombudsman or Compensation Scheme, leaving customers few options if transactions fail. Barclays warned that price falls could prevent some customers from repaying debts incurred from crypto purchases.

The cautious stance mirrors broader trends among UK banks and regulators. The Financial Conduct Authority has repeatedly highlighted the dangers of unregulated crypto markets. Barclays encouraged customers to educate themselves via the FCA’s resources.

Meanwhile, the Bank of England plans to introduce stricter rules limiting banks’ crypto exposure by 2026, aiming to safeguard financial stability.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Hawaiian Airlines confirms flights are safe despite cyberattack

Hawaiian Airlines has reported a cyberattack that affected parts of its IT infrastructure, though the carrier confirmed all flights remain unaffected and are operating as scheduled.

Now part of the Alaska Air Group, the airline stated it is actively working with authorities and cybersecurity experts to investigate and resolve the incident.

In a statement, the airline stressed that the safety and security of passengers and staff remain its highest priority. It has taken steps to protect its systems, restoring affected services while continuing full operations. No disruption to passenger travel has been reported.

The exact nature of the attack has not been disclosed, and no group has claimed responsibility so far. The Federal Aviation Administration (FAA) confirmed it monitors the situation closely and remains in contact with the airline. It added that there has been no impact on flight safety.

Cyberattacks in aviation are becoming increasingly common due to the sector’s heavy reliance on complex digital systems. Earlier incidents this year included cyberattacks on WestJet and Japan Airlines, which caused operational disruptions but did not compromise passenger data.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!