The governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore "are likely customers of Israeli spyware maker Paragon Solutions," reports TechCrunch, "according to a new technical report by a renowned digital security lab." On Wednesday, The Citizen Lab, a group of academics and security researchers housed at the University of Toronto that has investigated the spyware industry for more than a decade, published a report about the Israeli-founded surveillance startup, identifying the six governments as "suspected Paragon deployments."

At the end of January, WhatsApp notified around 90 users that the company believed were targeted with Paragon spyware, prompting a scandal in Italy, where some of the targets live... Paragon's executive chairman John Fleming told TechCrunch that the company "licenses its technology to a select group of global democracies — principally, the United States and its allies." Israeli news outlets reported in late 2024 that U.S. venture capital AE Industrial Partners had acquired Paragon for at least $500 million upfront....

Among the suspected customer countries, Citizen Lab singled out Canada's Ontario Provincial Police (OPP), which specifically appears to be a Paragon customer given that one of the IP addresses for the suspected Canadian customer is linked directly to the OPP.
In a related development the Guardian reports that a prominent activist in Italy "has warned the international criminal court that his mobile phone was under surveillance" when he was providing them confidential information about torture victims in Libya.

Both articles submitted by long-time Slashdot reader ISayWeOnlyToBePolite.

Hollywood filmmaker Carl Erik Rinsch has been charged with defrauding Netflix of $11 million after allegedly misusing funds intended for an unfinished science fiction series, federal prosecutors said.

Rinsch, 47, was arrested in West Hollywood this week on charges of wire fraud, money laundering and unlawful monetary transactions that could result in decades of imprisonment if convicted. The FBI and Acting U.S. Attorney for the Southern District of New York allege Rinsch diverted funds meant for his series "Conquest" to speculate on cryptocurrency, stay in luxury hotels and purchase high-end items including five Rolls-Royces and a Ferrari.

Netflix had paid Rinsch $44 million between 2018 and 2019 for the science fiction project about an artificial humanlike species. Prosecutors say he then requested an additional $11 million but never completed the production. An arbitrator ruled in Netflix's favor last year, ordering Rinsch to pay the company $11.8 million. Rinsch appeared in federal court with shackles and posted a $100,000 bond.

Apple has been hit with a federal lawsuit claiming that the company's promotion of now-delayed Apple Intelligence features constituted false advertising and unfair competition. From a report: The suit, filed Wednesday in U.S. District Court in San Jose, seeks class action status and unspecified financial damages on behalf of those who purchased Apple Intelligence-capable iPhones and other devices. "Apple's advertisements saturated the internet, television, and other airwaves to cultivate a clear and reasonable consumer expectation that these transformative features would be available upon the iPhone's release," the suit reads.

"This drove unprecedented excitement in the market, even for Apple, as the company knew it would, and as part of Apple's ongoing effort to convince consumers to upgrade at a premium price and to distinguish itself from competitors deemed to be winning the AI-arms race. [...] Contrary to Defendant's claims of advanced AI capabilities, the Products offered a significantly limited or entirely absent version of Apple Intelligence, misleading consumers about its actual utility and performance. Worse yet, Defendant promoted its Products based on these overstated AI capabilities, leading consumers to believe they were purchasing a device with features that did not exist or were materially misrepresented."

The U.S. Treasury Department's sanctions watchdog removed cryptocurrency mixing tool Tornado Cash from its global blacklist on Friday, following a federal appeals court ruling last November that the Office of Foreign Asset Control couldn't sanction its smart contracts. Despite the delisting of over 100 Ethereum addresses from the Specially Designated Nationals list, Treasury Secretary Scott Bessent emphasized continuing concerns about North Korea's digital asset theft operations.

"We remain deeply concerned about the significant state-sponsored hacking and money laundering campaign aimed at stealing, acquiring, and deploying digital assets for the Democratic People's Republic of Korea," Treasury stated. Roman Storm, Tornado Cash co-founder, still faces a July criminal trial for his alleged development role. A Treasury court filing Monday had warned that completely lifting sanctions could have "significantly disruptive consequences for national security."

A United States District Court judge has approved a settlement between HP and customers who sued the company for firmware updates that prevented printers from working with non-HP ink cartridges.

The class-action lawsuit, filed in December 2020, alleged HP "wrongfully compels users" to buy only HP ink by issuing updates that block competitors' cartridges. Under the settlement, HP admits no wrongdoing and won't pay monetary damages to affected customers, though it will pay $5,000 each to the three plaintiffs and $725,000 in attorneys' fees.

HP has agreed to allow users of specific printer models impacted by the November 2020 update to decline firmware updates containing "Dynamic Security" features -- HP's term for technology that blocks cartridges using non-HP chips. The settlement applies only to 21 specific printer models, leaving numerous other HP printers subject to Dynamic Security restrictions. HP has previously paid millions in similar cases in Europe, Australia, and California related to printer bricking.

The National Archives has released thousands of pages of declassified records related to the assassination of President John F. Kennedy in 1963. From a report: The records were posted to the National Archives' website, joining recently released records posted in 2023, 2022, 2021 and 2017-2018.

"This release consists of approximately 80,000 pages of previously-classified records that will be published with no redactions," said the announcement from the Office of the Director of National Intelligence. "Additional documents withheld under court seal or for grand jury secrecy, and records subject to section 6103 of the Internal Revenue Code, must be unsealed before release."

President Donald Trump signed an executive order on Jan. 23 directing the release of all remaining records related to the assassination, saying it was in the "public interest" to do so. Tuesday's initial release contained 1,123 records comprising 32,000 pages. A subsequent release on Tuesday night contained 1,059 records comprising 31,400 additional pages.
See Also: U.S. Release of Unredacted JFK Files 'Doxxed' Officials, Including Social Security Numbers.

An anonymous reader quotes a report from Reuters: A federal appeals court in Washington, D.C., on Tuesday affirmed that a work of art generated by artificial intelligence without human input cannot be copyrighted under U.S. law. The U.S. Court of Appeals for the District of Columbia Circuit agreed with the U.S. Copyright Office that an image created by Stephen Thaler's AI system "DABUS" was not entitled to copyright protection, and that only works with human authors can be copyrighted.

Tuesday's decision marks the latest attempt by U.S. officials to grapple with the copyright implications of the fast-growing generative AI industry. The Copyright Office has separately rejected artists' bids for copyrights on images generated by the AI system Midjourney. The artists argued they were entitled to copyrights for images they created with AI assistance -- unlike Thaler, who said that his "sentient" system created the image in his case independently. [...]

U.S. Circuit Judge Patricia Millett wrote for a unanimous three-judge panel on Tuesday that U.S. copyright law "requires all work to be authored in the first instance by a human being." "Because many of the Copyright Act's provisions make sense only if an author is a human being, the best reading of the Copyright Act is that human authorship is required for registration," the appeals court said.

An anonymous reader shares a report: Apple lost an appeal on Tuesday against a regulatory assessment that opens the iPhone maker up to stricter controls in Germany, the Federal Court of Justice ruled on Tuesday, following years of debate over the company's market position. Federal judges backed the German cartel office's 2023 designation of Apple as a "company of paramount cross-market significance for competition".

HR software startup Rippling has sued competitor Deel, alleging that Deel orchestrated corporate espionage by recruiting an employee within Rippling to steal trade secrets, including customer data, sales strategies, and internal records. The lawsuit (PDF) claims the spy shared confidential information with Deel executives and a reporter, leading to legal action under the Racketeer Influenced and Corrupt Organizations (RICO) Act. Deel denies wrongdoing and plans to counter the claims. CNBC reports: The two startups are among the most world's most valuable. Investors valued Rippling at $13.5 billion in a funding round announced last year, while Deel told media outlets in 2023 that it was worth $12 billion. Deel ranked No. 28 on CNBC's 2024 Disruptor 50 list. "Weeks after Rippling is accused of violating sanctions law in Russia and seeding falsehoods about Deel, Rippling is trying to shift the narrative with these sensationalized claims," a Deel spokesperson told CNBC in an email. "We deny all legal wrongdoing and look forward to asserting our counterclaims."

Rippling confirmed its findings earlier this month. The company's general counsel sent a letter to three Deel executives that referred to a new Slack channel, and the Deel spy quickly looked for it. Rippling subsequently served a court order to the spy at its office in Dublin, Ireland requiring him to preserve information on his mobile phone. "Deel's spy lied to the court-appointed solicitor about the location of his phone, and then locked himself in a bathroom -- seemingly in order to delete evidence from his phone -- all while the independent solicitor repeatedly warned him not to delete materials from his device and that his non-compliance was breaching a court order with penal endorsement," Rippling said in Monday's filing. "The spy responded: 'I'm willing to take that risk.' He then fled the premises." "We always prefer to win by building the best products and we don't turn to the legal system lightly," Parker Conrad, Rippling's co-founder and CEO, said in a Monday X post. "But we are taking this extraordinary step to send a clear message that this type of misconduct has no place in our industry."

HR software provider Rippling has sued competitor Deel for allegedly planting a spy in its Dublin office to steal trade secrets, court documents [PDF] showed on Monday. Rippling claims the employee, identified as D.S., systematically searched internal Slack channels for competitor information, including sales leads and pitch decks.

The company discovered the alleged scheme through a "honeypot" trap -- a specially created Slack channel mentioned in a letter to Deel executives. When served with a court order to surrender his phone, D.S. locked himself in a bathroom before fleeing, according to the lawsuit. "We're all for healthy competition, but we won't tolerate when a competitor breaks the law," said Vanessa Wu, Rippling's general counsel. Both companies operate multibillion-dollar HR platforms, with Rippling valued at $13.5 billion and Deel at over $12 billion.

Slashdot has run nearly a dozen stories about Michael Mann, one of America's most prominent climate scientists and a co-creator of the famous "hockey stick" graph of spiking temperatures. In 2012 Mann sued two bloggers for defamation — and last year Mann finally won more than $1 million, reports the Washington Post. "A jury found that two conservative commentators had defamed him by alleging that he was like a child molester in the way he had 'molested and tortured' climate data."

But "Now, a year after that ruling, the case has taken a turn that leaves Mann in the position of the one who owes money." On Wednesday, a judge sanctioned Mann's legal team for "bad-faith trial misconduct" for overstating how much the scientist lost in potential grant funding as a result of reputational harm. The lawyers had shown jurors a chart that listed one grant amount Mann didn't get at $9.7 million, though in other testimony Mann said it was worth $112,000. And when comparing Mann's grant income before and after the negative commentary, the lawyers cited a disparity of $2.8 million, but an amended calculation pegged it at $2.37 million.


The climate scientist's legal team said it was preparing to fight the setbacks in court. Peter J. Fontaine, one of Mann's attorneys, wrote in an email that Mann "believes that the court committed errors of fact and law and will pursue these matters further." Fontaine emphasized that the original decision — that Mann was defamed by the commentary — still stands. "We have reviewed the recent rulings by the D.C. Superior Court and are pleased to note that the court has upheld the jury's verdict," he said.
Thanks to Slashdot reader UsuallyReasonable for sharing the news.

The Federal Trade Commission asked a judge in Seattle to delay the start of its trial accusing Amazon of duping consumers into signing up for its Prime program, citing resource constraints. CNBC: Attorneys for the FTC made the request during a status hearing on Wednesday before Judge John Chun in the U.S. District Court for the Western District of Washington. Chun had set a Sept. 22 start date for the trial. Jonathan Cohen, an attorney for the FTC, asked Chun for a two-month continuance on the case due to staffing and budgetary shortfalls.

The FTC's request to delay due to staffing constraints comes amid a push by the Trump administration's Department of Government Efficiency to reduce spending. DOGE, which is led by tech baron Elon Musk, has slashed the federal government's workforce by more than 62,000 workers in February alone. "We have lost employees in the agency, in our division and on our case team," Cohen said.

An anonymous reader quotes a report from The Register: New York State has sued Allstate Insurance for operating websites so badly designed they would deliver personal information in plain-text to anyone that went looking for it. The data was lifted from Allstate's National General business unit, which ran a website for consumers who wanted to get a quote for a policy. That task required users to input a name and address, and once that info was entered, the site searched a LexisNexis Risk Solutions database for data on anyone who lived at the address provided. The results of that search would then appear on a screen that included the driver's license number (DLN) for the given name and address, plus "names of any other drivers identified as potentially living at that consumer's address, and the entire DLNs of those other drivers."

Naturally, miscreants used the system to mine for people's personal information for fraud. "National General intentionally built these tools to automatically populate consumers' entire DLNs in plain text -- in other words, fully exposed on the face of the quoting websites -- during the quoting process," the court documents [PDF] state. "Not surprisingly, attackers identified this vulnerability and targeted these quoting tools as an easy way to access the DLNs of many New Yorkers," according to the lawsuit. The digital thieves then used this information to "submit fraudulent claims for pandemic and unemployment benefits," we're told. ... [B]y the time the insurer resolved the mess, crooks had built bots that harvested at least 12,000 individuals' driver's license numbers from the quote-generating site.

AmiMoJo writes: In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing last week, U.S. federal agents investigating a spectacular $150 million cryptocurrency heist said they had reached the same conclusion.

On March 6, federal prosecutors in northern California said they seized approximately $24 million worth of cryptocurrencies that were clawed back following a $150 million cyberheist on Jan. 30, 2024. The complaint refers to the person robbed only as 'Victim-1,' but according to blockchain security researcher ZachXBT the theft was perpetrated against Chris Larsen, the co-founder of the cryptocurrency platform Ripple.

ZachXBT was the first to report on the heist, of which approximately $24 million was frozen by the feds before it could be withdrawn. This week's action by the government merely allows investigators to officially seize the frozen funds. But there is an important conclusion in this seizure document: It basically says the U.S. Secret Service and the FBI agree with the findings of the LastPass breach story published here in September 2023.

Last week Google urged the U.S. government not to break up the company — but apparently, it didn't work.
In a new filing Friday, America's Justice Department "reiterated its November proposal that Google be forced to sell its Chrome web browser," reports the Washington Post, "to address a federal judge finding the company guilty of being an illegal monopoly in August." The government also kept a proposal that Google be banned from paying other companies to give its search engine preferential placement on their apps and phones. At the same time, the government dropped its demand that Google sell its stakes in AI start-ups after one of the start-ups, Anthropic AI, argued that it needed Google's money to compete in the fast-growing industry.

The government's final proposal "reaffirms that Google must divest the Chrome browser — an important search access point — to provide an opportunity for a new rival to operate a significant gateway to search the internet, free of Google's monopoly control," Justice Department lawyers wrote in the filing... Judge Amit Mehta, of the U.S. District Court for the District of Columbia, who had ruled that Google held an illegal monopoly, will decide on the final remedies in April.
The article quotes a Google spokesperson's response: that the Justice Department's "sweeping" proposals "continue to go miles beyond the court's decision, and would harm America's consumers, economy and national security."

This week the Free Software Foundation "backed a lone developer's brave effort to overturn a pivotal court ruling that threatens to undermine the AGPLv3 — the foundation's GNU Affero General Public License, version 3," reports the Register.

"At stake is the future of not just the AGPLv3, but the FSF's widely used GNU Public License it is largely based on, and the software covered by those agreements." A core tenet of the GPL series is that free software remains free forever, and this is woven into the licenses' fine print. This ongoing legal battle is a matter of whether people can alter those licenses and redistribute code as they see fit in a non-free way, or if they must stick to the terms of an agreement that says the terms cannot be changed... If the Ninth Circuit upholds the [original district court] ruling, it's likely to create a binding precedent that would limit one of the major freedoms that AGPLv3 and other GPL licenses aim to protect — the ability to remove restrictions added to GPL licensed code.
"Neo4j appended an additional nonfree commercial restriction, the Commons Clause, to a verbatim version of the GNU AGPLv3 in a version of its software..." according to an FSF announcement this week. "The FSF's position on such confusing licensing practices has always been clear: the GNU licenses explicitly allow users to remove restrictions incompatible with the four freedoms." (You can read their amicus brief here.)

Thanks to Slashdot reader jms00 for sharing the news.

An anonymous reader quotes a report from Ars Technica: On Thursday, music labels sought to add nearly 500 more sound recordings to a lawsuit accusing the Internet Archive (IA) of mass copyright infringement through its Great 78 Project, which seeks to digitize all 3 million three-minute recordings published on 78 revolutions-per-minute (RPM) records from about 1898 to the 1950s. If the labels' proposed second amended complaint is accepted by the court, damages sought in the case -- which some already feared could financially ruin IA and shut it down for good -- could increase to almost $700 million. (Initially, the labels sought about $400 million in damages.) IA did not respond to Ars' request for comment, but the filing noted that IA has not consented to music labels' motion to amend their complaint. [...]

Some sound recording archivists and historians also continue to defend the Great 78 Project as a critical digitization effort at a time when quality of physical 78 RPM records is degrading and the records themselves are becoming obsolete, with very few libraries even maintaining equipment to play back the limited collections that are available in physical archives. They push back on labels' claims that commercially available Spotify streams are comparable to the Great 78 Project's digitized recordings, insisting that sound history can be lost when obscure recordings are controlled by rights holders who don't make them commercially available. [...] David Seubert, who manages sound collections at the University of California, Santa Barbara library, told Ars that he frequently used the project as an archive and not just to listen to the recordings.

For Seubert, the videos that IA records of the 78 RPM albums capture more than audio of a certain era. Researchers like him want to look at the label, check out the copyright information, and note the catalogue numbers, he said. "It has all this information there," Seubert said. "I don't even necessarily need to hear it," he continued, adding, "just seeing the physicality of it, it's like, 'Okay, now I know more about this record.'" [...] Nathan Georgitis, the executive director of the Association for Recorded Sound Collections (ARSC), told Ars that you just don't see 78 RPM records out in the world anymore. Even in record stores selling used vinyl, these recordings will be hidden "in a few boxes under the table behind the tablecloth," Georgitis suggested. And in "many" cases, "the problem for libraries and archives is that those recordings aren't necessarily commercially available for re-release."

That "means that those recordings, those artists, the repertoire, the recorded sound history in itself -- meaning the labels, the producers, the printings -- all of that history kind of gets obscured from view," Georgitis said. Currently, libraries trying to preserve this history must control access to audio collections, Georgitis said. He sees IA's work with the Great 78 Project as a legitimate archive in that, unlike a streaming service, where content may be inconsistently available, IA's "mission is to preserve and provide access to content over time." "That 'over time' part is really the key function, I think, that distinguishes an archive from maybe a streaming service in a way," Georgitis said. "The Internet Archive is not hurting the revenue of the recording industry at all," Seubert suggested. "It has no impact on their revenue." Instead, he suspects that labels' lawsuit is "somehow vindictive," because the labels perhaps "don't like the Internet Archive's way of pushing the envelope on copyright and fair use."

"There are people who, like the founder of the Internet Archive, want to push that envelope, and the media conglomerates want to push back in the other direction," Seubert said.

The spectacular collapse of fintech middleman Synapse has left $200 million in customer money frozen and up to $95 million missing, with no clear answers about where the funds went. After Synapse, a financial technology company connecting other fintechs to banks, filed for bankruptcy in April 2024, customers of apps like Yotta, Juno, and Copper found themselves locked out of their savings.

Founded in 2014 by Sankaet Pathak, Synapse connected consumer-facing fintech platforms with banks holding customer deposits. The disaster unfolded after relationships with regional bank Evolve and unicorn client Mercury deteriorated, triggering a chain reaction through the financial infrastructure. Nearly a year later, Fortune reports that a Department of Justice criminal investigation is underway, while the bankruptcy's court-appointed trustee called the situation an "awful, awful" mess. The debacle, the outlet writes, exposes the risks lurking beneath popular financial apps operating in a regulatory frontier where customer funds travel across an invisible bridge of intermediaries.

A Brazilian judge has ordered Apple to open its iOS platform to alternative app stores within 90 days, according to Valor International. The ruling cited Apple's compliance with similar requirements in the European Union under the Digital Markets Act without showing "significant impact or irreparable harm to its economic model."

The case originated from a 2022 complaint by Mercado Livre. Brazil previously issued a 20-day deadline in November for Apple to permit alternative payment options and sideloading, but that injunction was overturned in December. Apple plans to appeal.

Nintendo has trumpeted its latest legal success in the company's ongoing fight against pirated games as "significant" not only for itself, "but for the entire games industry." From a report: The Mario maker today confirmed it had won a final victory over French file-sharing company Dstorage, which operates the website 1fichier.com, following years of legal wrangling and repeated appeals. Nintendo's victory means European file-sharing companies must now remove illegal copies of games when asked to do so, or be held accountable and cough up potentially sizable fines as punishment.

In 2021, the Judicial Court of Paris ordered Dstorage pay Nintendo $1 million in damages after it was found to be hosting pirate games. Dstorage launched an appeal, which then failed in 2023, and was ordered to pay Nintendo further costs. But the case didn't end there. Dstorage finally took the matter to the highest French judiciary court, where it argued that a specific court order was required before it needed to remove content from its hosting services. This bid has also now failed, ending the long-running matter for good.