The hack of Microsoft's cloud that resulted in the compromise of government emails was an example of a traditional espionage threat, a senior National Security Agency official said. From a report: Speaking at the Aspen Security Forum, Rob Joyce, the director of cybersecurity at the N.S.A., said the United States needed to protect its networks from such espionage, but that adversaries would continue to try to secretly extract information from each other. "It is China doing espionage," Mr. Joyce said. "It is what nation-states do. We have to defend against it, we need to push back against it. But that is something that happens."

The hackers took emails from senior State Department officials including Nicholas Burns, the U.S. ambassador to China. The theft of Mr. Burns's emails was earlier reported by The Wall Street Journal and confirmed by a person familiar with the matter. Daniel J. Kritenbrink, the assistant secretary of state for East Asia, also had his email hacked, a U.S. official said. The emails of Commerce Secretary Gina Raimondo were also obtained in the hack, which was discovered in June by State Department cybersecurity experts scouring user logs for unusual activity. Microsoft later determined that Chinese hackers had obtained access to email accounts a month earlier.

Researchers have warned that leaked information from a ransomware attack on hardware-maker Gigabyte two years ago may contain critical zero-day vulnerabilities that pose a significant risk to the computing world. The vulnerabilities were found in firmware made by AMI for BMCs (baseboard management controllers), which are small computers integrated into server motherboards allowing remote management of multiple computers. These vulnerabilities, which can be exploited by local or remote attackers with access to Redfish remote management interfaces, could lead to unauthorized access, remote code execution, and potential physical damage to servers. Ars Technica reports: Until the vulnerabilities are patched using an update AMI published on Thursday, they provide a means for malicious hackers -- both financially motivated or nation-state sponsored -- to gain superuser status inside some of the most sensitive cloud environments in the world. From there, the attackers could install ransomware and espionage malware that runs at some of the lowest levels inside infected machines. Successful attackers could also cause physical damage to servers or indefinite reboot loops that a victim organization can't interrupt. Eclypsium warned such events could lead to "lights out forever" scenarios.

The researchers went on to note that if they could locate the vulnerabilities and write exploits after analyzing the publicly available source code, there's nothing stopping malicious actors from doing the same. And even without access to the source code, the vulnerabilities could still be identified by decompiling BMC firmware images. There's no indication malicious parties have done so, but there's also no way to know they haven't. The researchers privately notified AMI of the vulnerabilities, and the company created firmware patches, which are available to customers through a restricted support page. AMI has also published an advisory here.

You now have a new way to connect your Windows PC to an Android device to share files: Nearby Share, an app Google released Wednesday and which will be bundled with upcoming PCs. From a report: As the name suggests, Nearby Share allows you to share files back and forth between Android devices and PCs. It's similar to Apple's AirDrop, with the key difference being that Nearby Share connects devices from two different companies, rather than iPhones and Macs. Google released the beta version of Nearby Share earlier this year.

Nearby Share connects your phone to your PC, but it can also be used for you to send files and photos to nearby Android phones that you don't use, as well as to nearby PCs. That makes it handy for simply sharing a photo at a concert, or dropping a file onto a friend's PC without hassle. You'll just need to be within about 16 feet to do so, Google says. Why use Nearby Share? Google's unspoken argument is that it's simpler to do so. There are already numerous ways to view and transfer files and photos from Android phones to PCs, from the tried-and-true sneakerware to uploading and downloading from the cloud, to more modern approaches like Microsoft's Your Phone, now called Phone Link. Device makers like Samsung also have released their own specific versions for Galaxy devices. Google, though, made its mark with Gmail and search, both functions that worked more simply and effectively than other solutions.

Microsoft is expanding its suite of free security tools for customers, the software company said on Wednesday, following criticism that it was charging clients to protect themselves against Microsoft's mistakes. From a report: The move follows a high-level hack that allowed allegedly Chinese spies to steal emails from senior U.S. officials - and complaints from security specialists and lawmakers against paying for tools In a blog post published on Wednesday, Microsoft said the advanced features in Microsoft's auditing suite - which it calls Microsoft Purview - would be available to all customers "over the coming months." Although not enough to prevent hacks on their own, digital auditing tools are critical for helping organizations figure out whether intruders are in their network, how they got in and how to get them out.

An anonymous reader quotes a report from Wired: Who owns thedata generated by your car? And who controls access to it? For almost a decade, right-to-repair activists, automakers, parts manufacturers, auto repair shop owners, technicians, and regular people who own cars have fought over those questions. How they are answered could radically change the cost and convenience of owning a modern camera-studded and cloud-enabled car -- and, some say, the future of the increasingly tech-heavy auto industry. Last week, a few trade groups announced they had finally figured it all out. In a letter (PDF) to the US Congress, three industry organizations that together represent the major automakers and thousands of repair shops said they had signed a "memorandum of understanding" on the right to repair. In the agreement, the automakers commit to giving independent car repair shops access to the data, tools, and information necessary to diagnose and repair vehicles -- the data, tools, and information provided to the automakers' own dealership networks. "Competition is alive and well in the auto repair industry," the letter said.

Right-to-repair advocates -- who contend that consumers should be able to fix the products they buy -- aren't so sure. They say the agreement doesn't give car owners full and unfettered control of the streams of data generated by the latest cars' cameras and other sensors, which log data on location, speed, acceleration, and how a vehicle's hardware and software are performing. The advocates worry the new agreement gives automakers and automaker-associated repairers room to squeeze out smaller, independent shops and at-home tinkerers in the future, making it more difficult for car owners to find places to quickly and affordably fix their cars. And they say there are no enforcement mechanisms to guarantee automakers follow through on their promises. Notably, the new agreement didn't include the Auto Care Association, the largest US trade group for independent repair shops and aftermarket parts suppliers. The group's chair, Corey Bartlett, says the agreement doesn't address some of the major barriers facing consumers looking to get a tech-heavy car repaired.

Smaller and especially rural repair shops sometimes can't fix the newest models, because they can't pay for the expensive tools, subscriptions, and training needed, which can cost hundreds of thousands of dollars. As cars get more complex, and move more services into apps and onto the internet, they fear access will shrink. [...] Many repair shops, especially those who opt in and pay to be part of those certified networks, say they have no trouble finding the information they need to fix cars, even before this week's agreement. [...] Other repairers worry that without an industry-wide overhaul that forces automakers to standardize and open up their data, car companies will find ways to limit access to repair information, or push customers towards their own dealership networks to boost profits. They say that if auto owners had clear and direct ownership over the data generated by their vehicles -- without the involvement of automakers' specialized tools or systems -- they could use it themselves to diagnose and repair a car, or authorize the repair shop of their choice to do the work. "My fear, if no one gives some stronger guidelines, is that I know automakers are going to monetize car data in a way that's unaffordable for us to gain access," says Dwayne Myers, co-owner of Dynamic Automotive, an auto repair business with several locations in Maryland.

Qualcomm and Meta will enable the social networking company's new large language model, Llama 2, to run on Qualcomm chips on phones and PCs starting in 2024, the companies announced today. From a report: So far, LLMs have primarily run in large server farms, on Nvidia graphics processors, due to the technology's vast needs for computational power and data, boosting Nvidia stock, which is up more than 220% this year. But the AI boom has largely missed the companies that make leading edge processors for phones and PCs, like Qualcomm. Its stock is up about 10% so far in 2023, trailing the NASDAQ's gain of 36%. The announcement on Tuesday suggests that Qualcomm wants to position its processors as well-suited for A.I. but "on the edge," or on a device, instead of "in the cloud." If large language models can run on phones instead of in large data centers, it could push down the significant cost of running A.I. models, and could lead to better and faster voice assistants and other apps.

Meta Platforms is making its artificial intelligence large language model, Llama 2, available for commercial use through partnerships with major cloud providers including Microsoft. Bloomberg: Meta isn't charging for access or usage of the model it developed, the company said. Instead, by opening up the technology to other companies, Meta says it will benefit from improvements that can be made when more developers use, stress test and identify problems with it. Making the large language model, or LLM, more widely accessible, also establishes Meta alongside other tech giants as having a key contribution to the AI arms race. Meta is spending record amounts on AI infrastructure, and Chief Executive Officer Mark Zuckerberg has said incorporating AI improvements into all the company's products and algorithms is a priority.

Meta took on the cost of training the models. Cloud providers including Microsoft, Amazon and Hugging Face are hosting the tools and providing the computing power to run them. The commercial rollout of Llama 2 is the first project to debut out of the company's generative AI group, a new team assembled in February. To prepare the new model for release, Meta employees and third-parties ran safety tests called "red-teaming exercises." It's a separate model from the one Meta uses for its own products.

An anonymous reader quotes a report from Ars Technica: JumpCloud, a cloud-based IT management service that lists Cars.com, GoFundMe, and Foursquare among its 5,000 paying customers, experienced a security breach carried out by hackers working for a nation-state, the company said last week. The attack began on June 22 as a spear-phishing campaign, the company revealed last Wednesday. As part of that incident, JumpCloud said, the "sophisticated nation-state sponsored threat actor" gained access to an unspecified part of the JumpCloud internal network. Although investigators at the time found no evidence any customers were affected, the company said it rotated account credentials, rebuilt its systems, and took other defensive measures.

On July 5, investigators discovered the breach involved "unusual activity in the commands framework for a small set of customers." In response, the company's security team performed a forced-rotation of all admin API keys and notified affected customers. As investigators continued their analysis, they found that the breach also involved a "data injection into the commands framework," which the disclosure described as the "attack vector." The disclosure didn't explain the connection between the data injection and the access gained by the spear-phishing attack on June 22. Ars asked JumpCloud PR for details, and employees responded by sending the same disclosure post that omits such details. Investigators also found that the attack was extremely targeted and limited to specific customers, which the company didn't name.

JumpCloud says on its website that it has a global user base of more than 200,000 organizations, with more than 5,000 paying customers. They include Cars.com, GoFundMe, Grab, ClassPass, Uplight, Beyond Finance, and Foursquare. JumpCloud has raised over $400 million from investors, including Sapphire Ventures, General Atlantic, Sands Capital, Atlassian, and CrowdStrike. The company has also published a list of IP addresses, domain names, and cryptographic hashes used by the attacker that other organizations can use to indicate if they were targeted by the same attackers. JumpCloud has yet to name the country of origin or other details about the threat group responsible.

The Verge reports that Sony "has agreed to a 10-year deal for Call of Duty with Microsoft to keep the franchise on PlayStation after the proposed Activision Blizzard acquisition." Microsoft Gaming CEO Phil Spencer says Sony and Microsoft have agreed to a "binding agreement" to keep Call of Duty on PlayStation. This ends a bitter battle between the companies that has been waged both privately and publicly over the past year after Microsoft announced its proposed acquisition of Activision Blizzard in January 2022...

Kari Perez, head of global communications at Xbox, confirmed the 10-year commitment to The Verge. Perez later confirmed to The Verge that the deal is only for Call of Duty, though. That makes the deal similar to a 10-year agreement between Microsoft and Nintendo, but not the various deals Microsoft has struck with Nvidia and other cloud gaming platforms to bring Call of Duty and other Xbox / Activision games to rival services...

Microsoft has always maintained it would keep Call of Duty on PlayStation, arguing it doesn't make financial sense to pull the game from Sony's consoles. Xbox chief Spencer tried to settle the argument in November before appearing in court last month and reiterating, under oath, that Call of Duty would remain on PlayStation 5. All eyes are now on the regulatory situation in the UK, after Microsoft's proposed deal was blocked there earlier this year.
The Financial Times writes that the Sony-Microsoft agreement "signalled a truce between the two gaming giants after a bruising 18-month battle that had seen the Japanese company become the biggest opponent to the acquisition. It follows regulatory breakthroughs for Microsoft on both sides of the Atlantic last week that have left it on brink of clinching victory for a deal that is expected to reshape the gaming industry."

The Verge also shares this interesting detail: Tensions over the fate of Microsoft's Activision Blizzard deal really came to a head when [Sony's] Jim Ryan spoke to Activision CEO Bobby Kotick on February 21st, 2023 — the same day Microsoft, Activision, Sony, and others were meeting with EU regulators. Ryan said to Kotick, "I don't want a new Call of Duty deal. I just want to block your merger." Jim Ryan confirmed the meeting during testimony in the FTC v. Microsoft hearing. "I told him [Bobby Kotick] that I thought the transaction was anti-competitive, I hoped that the regulators would do their job and block it."

Britain's antitrust regulator on Thursday announced an in-depth probe of Adobe's $20 billion bid for cloud-based designer platform Figma, after the Photoshop owner said it would not offer any remedies to ease the regulator's concerns. From a report: The Competition and Markets Authority (CMA) said late last month it had found the deal could lead to less choice for designers of digital apps, websites and other products, and identified concerns in the supply of screen design software, where the companies compete.

It had given Adobe five working days to submit proposals to address its concerns. But on July 7, the U.S. company told the CMA it would not offer any remedies, the CMA said on Thursday. Figma and Adobe both directed Reuters to the companies' response in June, when the regulator had flagged these concerns. "We look forward to establishing these facts in the next phase of the process and successfully completing the transaction," a spokesperson for Adobe added.

Long-time Slashdot reader Ammalgam shares a report from CRM Rank: Salesforce, the leading provider of software for customer relations management, announced that it will implement a price increase for some of its cloud and marketing tools starting in August. The company's decision to raise prices, the first in seven years, was met with a positive market response as its shares surged nearly 4% during early trading on Tuesday.

This move by Salesforce aligns with the current trend among technology companies, including Salesforce itself, to invest in generative artificial intelligence (AI) and incorporate it into their products and services. To enhance its software capabilities, Salesforce has dedicated over $20 billion to research and development efforts over the past seven years. These investments have led to the introduction of new features, particularly generative AI tools, aimed at providing enhanced value to customers. The revised prices will apply to a range of Salesforce products, including Tableau, Sales Cloud, Service Cloud, Marketing Cloud, and Industries. Both new and existing customers will be subject to price adjustments, ensuring consistency across the customer base. Salesforce detailed the new price increases in a statement, saying: "New list pricing will go into effect globally for new customers and existing customers purchasing new clouds in August 2023. The new list prices will be Professional Edition $80 (up $5), Enterprise Edition $165 (up $15) and Unlimited Edition $330 (up $30). These editions will be priced comparably in other currencies. Similar list price increases will go into effect for Industries, Marketing Cloud Engagement and Account Engagement, CRM Analytics and Tableau."

Chinese hackers exploited a flaw in Microsoft's cloud email service to gain access to the email accounts of U.S. government employees, the technology giant has confirmed. From a report: The hacking group, tracked as Storm-0558, compromised approximately 25 email accounts, including government agencies, as well as related consumer accounts linked to individuals associated with these organizations, according to Microsoft. [...]

Microsoft's investigation determined that Storm-0558, a China-based hacking group that the firm describes as a "well-resourced" adversary, gained access to email accounts using Outlook Web Access in Exchange Online (OWA) and Outlook.com by forging authentication tokens to access user accounts.

A California judge is allowing Microsoft to close its acquisition of Activision Blizzard after five days of grueling testimony. From a report: Microsoft still faces an ongoing antitrust case by the Federal Trade Commission, but Judge Jacqueline Scott Corley has listened to arguments from both the FTC and Microsoft and decided to deny the regulator's request for a preliminary injunction. In a ruling submitted today, Judge Corley said the following: Microsoft's acquisition of Activision has been described as the largest in tech history. It deserves scrutiny. That scrutiny has paid off: Microsoft has committed in writing, in public, and in court to keep Call of Duty on PlayStation for 10 years on parity with Xbox. It made an agreement with Nintendo to bring Call of Duty to Switch. And it entered several agreements to for the first time bring Activision's content to several cloud gaming services. This Court's responsibility in this case is narrow. It is to decide if, notwithstanding these current circumstances, the merger should be halted -- perhaps even terminated -- pending resolution of the FTC administrative action. For the reasons explained, the Court finds the FTC has not shown a likelihood it will prevail on its claim this particular vertical merger in this specific industry may substantially lessen competition. To the contrary, the record evidence points to more consumer access to Call of Duty and other Activision content. The motion for a preliminary injunction is therefore DENIED.

Evernote, the note-taking and task management application, is triggering fears of closure after its parent company Bending Spoon laid off most of the company's staff and announced plans to relocate all operations to Europe. Thurrott reports: Most of the company's "operations will be transitioned to Europe," Bending Spoons CEO Luca Ferrari told SFGate, due to the "significant boost in operational efficiency that will come as a consequence of centralizing operations in Europe." As a result, most of Evernote's staff in the San Francisco Bay area and Chile has been laid off and those offices will be closed for good.

Bending Spoons won't confirm how many Evernote employees it laid off, but Ferrari claims all is well. "Our plans for Evernote are as ambitious as ever," he said. "Going forward, a growing, dedicated team based in Europe will continue to assume ownership of the Evernote product. This team will also be in an ideal position to leverage the extensive expertise and strength of the 400-plus workforce at Bending Spoons, many of whom have been working on Evernote full-time since the acquisition." Paul Thurrott notes that Bending Spoons announced plans to acquire Evernote in November 2022. "At the time of the announcement, Mr. Ferrari said that he 'saw the potential' in Evernote, which has struggled in recent years after being a Silicon Valley startup darling a decade or more ago."

An anonymous reader quotes a report from the Washington Post: If you're printing something on actual paper, there's a good chance it's important, like a tax form or a job contract. But popular printing products and services won't promise not to read it. In fact, they won't even promise not to share it with outside marketing firms. The spread of digital file-sharing -- along with obnoxious business practices by printing manufacturers -- has pushed many U.S. households to give up at-home printers and rely on nearby printing services instead. At the same time, major printer manufacturers have adopted mobile apps and cloud-based storage, creating new opportunities to collect personal data from customers. Whether you're walking to the corner store or sending your files to the cloud, it's tough to figure out whether you're printing in private.

Ideally, printing services should avoid storing the content of your files, or at least delete daily. Print services should also communicate clearly upfront what information they're collecting and why. Some services, like the New York Public Library and PrintWithMe, do both. Others dodged our questions about what data they collect, how long they store it and whom they share it with. Some -- including Canon, FedEx and Staples -- declined to answer basic questions about their privacy practices. Wondering whether your printer app or printing service stores the content of your documents? Here's The Washington Post Help Desk's at-a-glance guide to printer privacy. Here's a summary of each company's privacy policy as it pertains to storing the content of your files:

HP: HP's privacy policy states that it does not store the content of files when using their printers or HP Smart app, providing reassurance that they do not invade privacy by snooping into print jobs.
Canon: Canon's privacy policy indicates that it can collect personal data, including files and content, which may be used for marketing purposes. However, Canon did not disclose whether they store, use, or share the content of printed documents.
FedEx: FedEx's privacy policy states that it collects user-uploaded information, including the contents of documents uploaded for printing services, leaving room for potential advertising or sharing with third parties. Although FedEx prioritizes customer privacy, it did not specify the extent of encryption or whether document content is included.
UPS: While the UPS Store, a subsidiary of UPS, can store the contents of printed documents, it does not use this information for marketing or advertising without user consent. The storage duration is undisclosed, but UPS honors customer requests for data deletion.
Staples: According to Staples' privacy policy, the company can store personal data such as copy/print materials, driver's license numbers, passport numbers, and mail contents. They may also use copy/print materials for advertising. The duration of data storage is not disclosed.
PrintWithMe: PrintWithMe, a company placing printers in shared spaces, temporarily stores printed documents with a third-party cloud provider for 24 hours. CEO Jonathan Treble assures that the data is never used for advertising.
Your local library: The New York Public Library, one of the largest library systems, does not store the contents of printed documents. Their computers only retain file names and delete them at the end of the day. However, privacy policies may vary among different libraries, so it is advisable to inquire beforehand.

We've just had the world's first press conference with AI-enabled, humanoid social robots. Click here to jump straight to Slashdot's transcript of all the robots' answers during the press conference, or watch the 40-minute video here.

It all happened as the United Nations held an "AI for Good" summit in Geneva, where the Guardian reports that the foyer was "humming with robotic voices, the whirring of automated wheels and limbs, and Desdemona, the 'rock star' humanoid, who is chanting 'the singularity will not be centralised' on stage backed by a human band, Jam Galaxy."

But the Associated Press describes how one UN agency had "assembled a group of robots that physically resembled humans at a news conference Friday, inviting reporters to ask them questions in an event meant to spark discussion about the future of artificial intelligence. "The nine robots were seated and posed upright along with some of the people who helped make them at a podium in a Geneva conference center... Among them: Sophia, the first robot innovation ambassador for the U.N. Development Program, or UNDP; Grace, described as a health care robot; and Desdemona, a rock star robot."

"I'm terrified by all of this," said one local newscaster, noting that the robots also said they "had no intention of rebelling against their creators."

But the Associated Press points out an important caveat: While the robots vocalized strong statements - that robots could be more efficient leaders than humans, but wouldn't take anyone's job away or stage a rebellion - organizers didn't specify to what extent the answers were scripted or programmed by people. The summit was meant to showcase "human-machine collaboration," and some of the robots are capable of producing preprogrammed responses, according to their documentation.
Two of the robots seemed to disagree on whether AI-powered robots should submit to stricter regulation. (Although since they're only synthesizing sentences from large-language models, can they really be said to "agree" or "disagree"?)

There were unintentionally humorous moments, starting right from the beginning. Click here to start reading Slashdot's transcript of the robots' answers:

The public cloud services market jumped in value by nearly 23pc last year, reaching $545.8bn in global revenue. SiliconRepublic: A new report by the International Data Corporation (IDC) claims that all sections in this market saw growth last year, with Software-as-a-Service (SaaS) applications retaining the top spot and representing more than 45pc of total revenue last year.

The report found that revenue for foundational cloud services "that support digital-first strategies" grew by nearly of 29pc. The IDC said this increased growth highlights an increasing reliance of enterprises on cloud platforms built around "widely deployed compute services, data/AI services and app framework services." Dave McCarthy, vice president in IDC's worldwide infrastructure practice, said cloud providers are making "significant investments" in high-performance infrastructure, which can help create the "foundation for new AI software that can be quickly deployed at scale." This verdict was shared by Rick Villars, group VP of ICD worldwide research, who said the use of AI is starting to "dominate the long-term investment agendas of businesses and cloud providers."

DigitalOcean, the cloud hosting business, today announced that it's agreed to acquire Paperspace, a New York-based cloud computing and AI development startup, for $111 million in cash. From a report: DigitalOcean CEO Yancey Spruill says that Paperspace's infrastructure and tooling, once integrated with DigitalOcean's products, will enable customers to more easily test, develop and deploy AI applications. As for Paperspace customers, they'll benefit from DigitalOcean's cloud services, he says -- including databases, storage, app hosting, documentation, tutorials and a robust support system. For now, Paperspace will remain a standalone business unit within DigitalOcean, and Paperspace customers won't see immediate changes to their service.

The Fairphone 4 -- a user-repairable smartphone built using ethically sourced materials -- is finally coming to the US, almost two years after it first debuted back in September 2021. The Verge reports: Fairphone is partnering with Murena, a company best known for de-Googling Android phones, to launch the US pilot of the Murena Fairphone 4 -- a variant of the handset that runs on a privacy-oriented Android-based operating system: /e/OS. There are two configurations available: one with 6GB of RAM and 128GB of storage for $599 and another with 8GB of RAM and 256GB of storage for $679. The storage of both models can be expanded via microSD, and the phone features a modular design that can be easily disassembled using a standard Phillips #00 screwdriver to replace broken components. It also has an IP54 rating, meaning the device is protected against dust and water sprays.

The Murena Fairphone 4 will ship to US customers with 5G and dual SIM support, a removable 3905mAh battery, a 48-megapixel main camera, a 48-megapixel ultrawide, and a 25-megapixel selfie camera. The phones will be available to order exclusively from Murena's webstore starting today. The Murena Fairphone 4 also comes with the /e/ operating system preinstalled, which is described as a privacy-focused, Google-free mobile ecosystem for folks who want to avoid handing any data over to the search giant. Instead of the usual Google apps, the Fairphone 4 will come with a range of default Murena Cloud apps for things like email, calendar, and cloud storage as well as a dedicated app store that highlights the privacy ratings of each app to help users monitor how their online activity is being tracked.

The Fairphone comes unlocked, but the press release mentions that T-Mobile and other operators based on T-Mobile's network are the only US carriers recommended to be used with the device. Fairphone is also providing an extended five-year warranty for the hardware, and /e/OS is similarly committed to fixing bugs and supporting security and feature updates for five years. The Murena version is the only Fairphone 4 model being introduced to the US, and there's no mention of the standard Android OS model joining it anytime soon.

The Biden administration is preparing to restrict Chinese companies' access to U.S. cloud-computing services, WSJ reported Tuesday, citing people familiar with the situation, in a move that could further strain relations between the world's economic superpowers. From the report: The new rule, if adopted, would likely require U.S. cloud-service providers such as Amazon.com and Microsoft to seek U.S. government permission before they provide cloud-computing services that use advanced artificial-intelligence chips to Chinese customers, the people said. The Biden administration's move would follow other recent measures as Washington and Beijing wage a high-stakes conflict over access to the supply chain for the world's most advanced technology.

Beijing Monday announced export restrictions on metals used in advanced chip manufacturing, days ahead of a visit to China by Treasury Secretary Janet Yellen. The proposed restriction is seen as a means to close a significant loophole. National-security analysts have warned that Chinese AI companies might have bypassed the current export controls rules by using cloud services. These services allow customers to gain powerful computing capabilities without purchasing advanced equipment -- including chips -- on the control list, such as the A100 chips by American technology company Nvidia.