AI

US Police Seldom Disclose Use of AI-Powered Facial Recognition, Investigation Finds (msn.com) 63

An anonymous reader shared this report from the Washington Post: Hundreds of Americans have been arrested after being connected to a crime by facial recognition software, a Washington Post investigation has found, but many never know it because police seldom disclose their use of the controversial technology...

In fact, the records show that officers often obscured their reliance on the software in public-facing reports, saying that they identified suspects "through investigative means" or that a human source such as a witness or police officer made the initial identification... The Coral Springs Police Department in South Florida instructs officers not to reveal the use of facial recognition in written reports, according to operations deputy chief Ryan Gallagher. He said investigative techniques are exempt from Florida's public disclosure laws... The department would disclose the source of the investigative lead if it were asked in a criminal proceeding, Gallagher added....

Prosecutors are required to inform defendants about any information that would help prove their innocence, reduce their sentence or hurt the credibility of a witness testifying against them. When prosecutors fail to disclose such information — known as a "Brady violation" after the 1963 Supreme Court ruling that mandates it — the court can declare a mistrial, overturn a conviction or even sanction the prosecutor. No federal laws regulate facial recognition and courts do not agree whether AI identifications are subject to Brady rules. Some states and cities have begun mandating greater transparency around the technology, but even in these locations, the technology is either not being used that often or it's not being disclosed, according to interviews and public records requests...

Over the past four years, the Miami Police Department ran 2,500 facial recognition searches in investigations that led to at least 186 arrests and more than 50 convictions. Among the arrestees, just 1 in 16 were told about the technology's use — less than 7 percent — according to a review by The Post of public reports and interviews with some arrestees and their lawyers. The police department said that in some of those cases the technology was used for purposes other than identification, such as finding a suspect's social media feeds, but did not indicate in how many of the cases that happened. Carlos J. Martinez, the county's chief public defender, said he had no idea how many of his Miami clients were identified with facial recognition until The Post presented him with a list. "One of the basic tenets of our justice system is due process, is knowing what evidence there is against you and being able to challenge the evidence that's against you," Martinez said. "When that's kept from you, that is an all-powerful government that can trample all over us."

After reviewing The Post's findings, Miami police and local prosecutors announced plans to revise their policies to require clearer disclosure in every case involving facial recognition.

The article points out that Miami's Assistant Police Chief actually told a congressional panel on law enforcement AI use that his department is "the first to be completely transparent about" the use of facial recognition. (When confronted with the Washington Post's findings, he "acknowledged that officers may not have always informed local prosecutors [and] said the department would give prosecutors all information on the use of facial recognition, in past and future cases".

He told the Post that the department would "begin training officers to always disclose the use of facial recognition in incident reports." But he also said they would "leave it up to prosecutors to decide what to disclose to defendants."
United Kingdom

UK Post Office Executive Suspended Over Allegations of Destroying Software Scandal Evidence (computerweekly.com) 72

The British Post Office scandal "was first exposed by Computer Weekly in 2009, revealing the stories of seven subpostmasters and the problems they suffered due to Horizon accounting software," remembers Computer Weekly, "which led to the most widespread miscarriage of justice in British history."

But now the Post Office "is investigating allegations that a senior executive instructed staff to destroy or conceal documents that could be of interest to the Post Office scandal public inquiry," Computer Weekly writes. A company employee acknowleged a report in an internal whistleblower program "regarding destroying or concealing material... allegations that a senior Post Office member of staff had instructed their team to destroy or conceal material of possible interest to the inquiry, and that the same individual had engaged in inappropriate behaviour." The shocking revelation echoes evidence from appeals against wrongful convictions in 2021. During the Court of Appeal trials it was revealed that a senior Post Office executive instructed employees to shred documents that undermined an insistence that its Horizon computer system was robust, amid claims that errors in the system caused unexplained accounting shortfalls.
Twitter

Brazil's Top Court Says X Paid Pending Fines to Wrong Bank (reuters.com) 83

An anonymous reader shared this report from Reuters: Brazil's Supreme Court said on Friday that lawyers representing social media platform X did not pay pending fines to the proper bank, postponing its decision on whether to allow the tech firm to resume services in Brazil.

The payment of the fines, which X lawyers argued that the company had paid correctly, is the only outstanding measure demanded by the court in order to authorize X to operate again in Brazil... Earlier on Friday, X, owned by billionaire Elon Musk, filed a fresh request to have its services restored in Brazil, saying it had paid all pending fines. In response to the request, Supreme Court Justice Alexandre de Moraes requested the payment to be transferred to the right bank. He also determined that once fines are sorted out, Brazil's prosecutor general will give his opinion on the recent requests made by X's legal team in Brazil, which has been seeking to have the platform restored in the country.

Following Moraes' decision on Friday, X lawyers again asked the court for authorization to resume operations in Brazil, denying that the company had paid the fines to the wrong account and saying they do not see the need for the prosecutor general to be consulted before the ban is lifted.

China

U.S. Wiretap Systems Targeted in China-Linked Hack (msn.com) 27

"A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers," reports the Wall Street Journal, "potentially accessing information from systems the federal government uses for court-authorized network wiretapping requests.

"For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data, according to people familiar with the matter, which amounts to a major national security risk." The attackers also had access to other tranches of more generic internet traffic, they said. Verizon Communications, AT&T and Lumen Technologies are among the companies whose networks were breached by the recently discovered intrusion, the people said.

The widespread compromise is considered a potentially catastrophic security breach and was carried out by a sophisticated Chinese hacking group dubbed Salt Typhoon. It appeared to be geared toward intelligence collection, the people said... The surveillance systems believed to be at issue are used to cooperate with requests for domestic information related to criminal and national security investigations. Under federal law, telecommunications and broadband companies must allow authorities to intercept electronic information pursuant to a court order. It couldn't be determined if systems that support foreign intelligence surveillance were also vulnerable in the breach...

The hackers appear to have engaged in a vast collection of internet traffic from internet service providers that count businesses large and small, and millions of Americans, as their customers. Additionally, there are indications that the hacking campaign targeted a small number of service providers outside the U.S., the people said. A person familiar with the attack said the U.S. government considered the intrusions to be historically significant and worrisome... "It will take time to unravel how bad this is, but in the meantime it's the most significant in a long string of wake-up calls that show how the PRC has stepped up their cyber game," said Brandon Wales, former executive director at the Cybersecurity and Infrastructure Security Agency and now a vice president at SentinelOne, referring to the People's Republic of China. "If companies and governments weren't taking this seriously before, they absolutely need to now."

Three weeks ago TechCrunch also reported that the FBI "took control of a botnet made up of hundreds of thousands of internet-connected devices, such as cameras, video recorders, storage devices, and routers, which was run by a Chinese government hacking group, FBI director Christopher Wray and U.S. government agencies revealed Wednesday.
Cellphones

America's FCC Orders T-Mobile To Deliver Better Cybersecurity (csoonline.com) 13

T-Mobile experienced three major data breaches in 2021, 2022, and 2023, according to CSO Online, "which impacted millions of its customers."

After a series of investigations by America's Federal Communications Commission, T-Mobile agreed in court to a number of settlement conditions, including moving toward a "modern zero-trust architecture," designating a Chief Information Security Office, implementing phishing-resistant multifactor authentication, and adopting data minimization, data inventory, and data disposal processes designed to limit its collection and retention of customer information.

Slashdot reader itwbennett writes: According to a consent decree published on Monday by the U.S. Federal Communications Commission, T-Mobile must pay a $15.75 million penalty and invest an equal amount "to strengthen its cybersecurity program, and develop and implement a compliance plan to protect consumers against similar data breaches in the future."

"Implementing these practices will require significant — and long overdue — investments. To do so at T-Mobile's scale will likely require expenditures an order of magnitude greater than the civil penalty here,' the consent decree said.

The article points out that order of magnitude greater than $15.75 million would be $157.5 million...
EU

Meta Faces Data Retention Limits On Its EU Ad Business After Top Court Ruling (techcrunch.com) 35

An anonymous reader quotes a report from TechCrunch: The European Union's top court has sided with a privacy challenge to Meta's data retention policies. It ruled on Friday that social networks, such as Facebook, cannot keep using people's information for ad targeting indefinitely. The judgement could have major implications on the way Meta and other ad-funded social networks operate in the region. Limits on how long personal data can be kept must be applied in order to comply with data minimization principles contained in the bloc's General Data Protection Regulation (GDPR). Breaches of the regime can lead to fines of up to 4% of global annual turnover -- which, in Meta's case, could put it on the hook for billions more in penalties (NB: it is already at the top of the leaderboard of Big Tech GDPR breachers). [...]

The original challenge to Meta's ad business dates back to 2014 but was not fully heard in Austria until 2020, per noyb. The Austrian supreme court then referred several legal questions to the CJEU in 2021. Some were answered via a separate challenge to Meta/Facebook, in a July 2023 CJEU ruling -- which struck down the company's ability to claim a "legitimate interest" to process people's data for ads. The remaining two questions have now been dealt with by the CJEU. And it's more bad news for Meta's surveillance-based ad business. Limits do apply. Summarizing this component of the judgement in a press release, the CJEU wrote: "An online social network such as Facebook cannot use all of the personal data obtained for the purposes of targeted advertising, without restriction as to time and without distinction as to type of data."

The ruling looks important on account of how ads businesses, such as Meta's, function. Crudely put, the more of your data they can grab, the better -- as far as they are concerned. Back in 2022, an internal memo penned by Meta engineers which was obtained by Vice's Motherboard likened its data collection practices to tipping bottles of ink into a vast lake and suggested the company's aggregation of personal data lacked controls and did not lend itself to being able to silo different types of data or apply data retention limits. Although Meta claimed at the time that the document "does not describe our extensive processes and controls to comply with privacy regulations." How exactly the adtech giant will need to amend its data retention practices following the CJEU ruling remains to be seen. But the law is clear that it must have limits. "[Advertising] companies must develop data management protocols to gradually delete unneeded data or stop using them," noyb suggests.
The court also weighed in a second question that concerns sensitive data that has been "manifestly made public" by the data subject, "and whether sensitive characteristics could be used for ad targeting because of that," reports TechCrunch. "The court ruled that it could not, maintaining the GDPR's purpose limitation principle."
Bitcoin

SEC Appeals Decision In Landmark Ripple Case (cnbc.com) 13

On Wednesday, the SEC filed (PDF) to appeal a 2023 court ruling that determined XRP is not considered a security when sold to retail investors on exchanges. The announcement sent the price of XRP tumbling more than 8%. "XRP, which was created by the founders of Ripple, is the native token of the open source XRP Ledger, which Ripple uses in its cross-border payments business," notes CNBC. "It is the fifth-largest coin by market cap, excluding stablecoins Tether (USDT) and USD Coin (USDC)." CNBC reports: Ripple, the largest holder of XRP coins, scored a partial victory last summer after a three-year battle with the SEC. U.S. District Judge Analisa Torres handed down the decision, which was hailed as a landmark win for the crypto industry. Still, while XRP isn't considered a security when sold to retail investors on exchanges, it is considered an unregistered security offering if sold to institutional investors.

Ripple declined to comment but referred to Wednesday evening posts on X by CEO Brad Garlinghouse and chief legal officer Stuart Alderoty. Alderoty said the company is evaluating whether to file a cross appeal, and called the SEC's decision to appeal "disappointing, but not surprising." The SEC, under Chair Gary Gensler, has become notorious for its refusal to provide clear guidance for crypto businesses, instead opting to regulate by enforcement actions. "XRP's status as a non-security is the law of the land today - and that does not change even in the face of this misguided - and infuriating - appeal," Garlinghouse said on X.

Patents

Cloudflare Defeats Patent Troll (cloudflare.com) 63

Cloudflare has emerged victorious in a patent infringement lawsuit against Sable Networks, securing a $225,000 settlement and forcing the patent holder to dedicate its entire portfolio to the public domain. The case, which began in March 2021 with Sable asserting nearly 100 claims across four patents, concluded after a Texas jury found Cloudflare not guilty of infringement in February 2024.

Sable, described by Cloudflare as a "patent troll," had previously sued several tech companies, including Cisco and Juniper Networks, who settled out of court. Cloudflare's aggressive defense strategy included launching Project Jengo, a crowd-sourced initiative to invalidate Sable's patents. The settlement prevents Sable from asserting these patents against any other company in the future, marking a significant blow to patent trolling practices in the tech industry. In a blog post, Cloudflare adds: While this $225,000 can't fully compensate us for the time, energy and frustration of having to deal with this litigation for nearly three years, it does help to even the score a bit. And we hope that it sends an important message to patent trolls everywhere to beware before taking on Cloudflare.
Biotech

23andMe Is On the Brink. What Happens To All Its DNA Data? (npr.org) 60

The one-and-done nature of 23andMe is "indicative of a core business problem with the once high-flying biotech company that is now teetering on the brink of collapse," reports NPR. As 23andMe struggles for survival, many of its 15 million customers are left wondering what the company plans to do with all the data it has collected since it was founded in 2006. An anonymous reader shares an excerpt from the report: Andy Kill, a spokesperson for 23andMe, would not comment on what the company might do with its trove of genetic data beyond general pronouncements about its commitment to privacy. "For our customers, our focus continues to be on transparency and choice over how they want their data to be managed," he said. When signing up for the service, about 80% of 23andMe's customers have opted in to having their genetic data analyzed for medical research. "This rate has held steady for many years," Kill added. The company has an agreement with pharmaceutical giant GlaxoSmithKline, or GSK, that allows the drugmaker to tap the tech company's customer data to develop new treatments for disease. Anya Prince, a law professor at the University of Iowa's College of Law who focuses on genetic privacy, said those worried about their sensitive DNA information may not realize just how few federal protections exist. For instance, the Health Insurance Portability and Accountability Act, also known as HIPAA, does not apply to 23andMe since it is a company outside of the health care realm. "HIPAA does not protect data that's held by direct-to-consumer companies like 23andMe," she said.

Although DNA data has no federal safeguards, some states, like California and Florida, do give consumers rights over their genetic information. "If customers are really worried, they could ask for their samples to be withdrawn from these databases under those laws," said Prince. According to the company, all of its genetic data is anonymized, meaning there is no way for GSK, or any other third party, to connect the sample to a real person. That, however, could make it nearly impossible for a customer to renege on their decision to allow researchers to access their DNA data. "I couldn't go to GSK and say, 'Hey, my sample was given to you -- I want that taken out -- if it was anonymized, right? Because they're not going to re-identify it just to pull it out of the database," Prince said.

Vera Eidelman, a staff attorney with the American Civil Liberties Union who specializes in privacy and technology policy, said the patchwork of state laws governing DNA data makes the generic data of millions potentially vulnerable to being sold off, or even mined by law enforcement. "Having to rely on a private company's terms of service or bottom line to protect that kind of information is troubling -- particularly given the level of interest we've seen from government actors in accessing such information during criminal investigations," Eidelman said. She points to how investigators used a genealogy website to identify the man known as the Golden State Killer, and how police homed in on an Idaho murder suspect by turning to similar databases of genetic profiles. "This has happened without people's knowledge, much less their express consent," Eidelman said.

Neither case relied on 23andMe, and spokesperson Kill said the company does not allow law enforcement to search its database. The company has, however, received subpoenas to access its genetic information. According to 23andMe's transparency report, authorities have sought genetic data on 15 individuals since 2015, but the company has resisted the requests and never produced data for investigators. "We treat law enforcement inquiries, such as a valid subpoena or court order, with the utmost seriousness. We use all legal measures to resist any and all requests in order to protect our customers' privacy," Kill said. [...] In a September filing to financial regulators, [23andMe CEO Anne Wojcicki] wrote: "I remain committed to our customers' privacy and pledge," meaning the company's rules requiring consent for DNA to be used for research would remain in place, as well as allowing customers to delete their data. Wojcicki added that she is no longer considering offers to buy the company after previously saying she was.

The Courts

Judge Blocks California's New AI Law In Case Over Kamala Harris Deepfake (techcrunch.com) 128

An anonymous reader quotes a report from TechCrunch: A federal judge blocked one of California's new AI laws on Wednesday, less than two weeks after it was signed by Governor Gavin Newsom. Shortly after signing AB 2839, Newsom suggested it could be used to force Elon Musk to take down an AI deepfake of Vice President Kamala Harris he had reposted (sparking a petty online battle between the two). However, a California judge just ruled the state can't force people to take down election deepfakes -- not yet, at least. AB 2839 targets the distributors of AI deepfakes on social media, specifically if their post resembles a political candidate and the poster knows it's a fake that may confuse voters. The law is unique because it does not go after the platforms on which AI deepfakes appear, but rather those who spread them. AB 2839 empowers California judges to order the posters of AI deepfakes to take them down or potentially face monetary penalties.

Perhaps unsurprisingly, the original poster of that AI deepfake -- an X user named Christopher Kohls -- filed a lawsuit to block California's new law as unconstitutional just a day after it was signed. Kohls' lawyer wrote in a complaint that the deepfake of Kamala Harris is satire that should be protected by the First Amendment. On Wednesday, United States district judge John Mendez sided with Kohls. Mendez ordered a preliminary injunction to temporarily block California's attorney general from enforcing the new law against Kohls or anyone else, with the exception of audio messages that fall under AB 2839. [...] In essence, he ruled the law is simply too broad as written and could result in serious overstepping by state authorities into what speech is permitted or not.

Microsoft

Rival Browsers Allege Microsoft's Practices on Edge Unfair (usnews.com) 56

Microsoft gives its Edge web browser an unfair advantage and EU antitrust regulators should subject it to tough EU tech rules, three rival browsers and a group of web developers said in a letter to the European Commission. From a report: The move by Vivaldi, Waterfox, Wavebox and the Open Web Advocacy could boost Norwegian browser company Opera which in July took the European Commission to court for exempting Edge from the Digital Markets Act (DMA). [...] "Unfair practices are currently allowed to persist on the Windows' ecosystem with respect to Edge, unmitigated by the choice screens that exist on mobile," they said, pointing to Edge set as the default browser on all Windows computers. "No platform independent browser can aspire to match Edge's unparalleled distribution advantage on Windows. Edge is, moreover, the most important gateway for consumers to download an independent browser on Windows PCs."
The Courts

NSO Should Lose Spyware Case for Discovery Violations, Meta Says (bloomberglaw.com) 10

WhatsApp and its parent Meta asked a judge to award them a total win against spyware maker NSO Group as punishment for discovery violations in a years-long case accusing the Israeli company of violating anti-hacking laws. From a report: NSO Group violated the Federal Rules of Civil Procedure, repeatedly ignoring the court's orders and its discovery obligations, according to a motion for sanctions filed Wednesday in the US District Court for the Northern District of California. "NSO's discovery violations were willful, and unfairly skew the record on virtually every key issue in the case, from the merits, to jurisdiction, to damages, making a full and fair trial on the facts impossible," they said. Judge Phyllis J. Hamilton should award the companies judgment as a matter of law or, "if the court finds that the limited discovery produced in this case does not suffice," enter default judgment against NSO, WhatsApp and Meta wrote.

The social media platforms first filed their complaint in October 2019, accusing NSO of using WhatsApp to install NSO spyware on the phones of about 1,400 WhatsApp users.
The move follows Apple asking a court last month to dismiss its three-year-old hacking lawsuit against spyware pioneer NSO Group, arguing that it might never be able to get the most critical files about NSO's Pegasus surveillance tool and that its own disclosures could aid NSO and its increasing number of rivals.
The Courts

WP Engine Sues WordPress for Libel, Extortion 49

WP Engine, a major web hosting provider, has filed a federal lawsuit against WordPress [PDF] co-founder Matt Mullenweg and Automattic, alleging libel and attempted extortion. The suit stems from a public dispute over WordPress trademark usage and open-source licensing.

WP Engine, which hosts over 200,000 websites, accuses Mullenweg and Automattic of "abuse of power, extortion, and greed." The conflict escalated after Mullenweg called WP Engine a "cancer to WordPress" on his blog, prompting a cease-and-desist letter. Automattic subsequently demanded 8% of WP Engine's monthly revenue as royalties for alleged trademark infringement. The lawsuit includes 11 complaints, ranging from slander to violations of the Computer Fraud and Abuse Act.
The Courts

Meta Hit With New Author Copyright Lawsuit Over AI Training (reuters.com) 47

Novelist Christopher Farnsworth has filed a class-action lawsuit (PDF) against Meta, accusing the company of using his and other authors' pirated books to train its Llama AI model. Farnsworth seeks damages and an order to stop the alleged copyright infringement, joining a growing group of creators suing tech companies over unauthorized AI training. Reuters reports: Farnsworth said in the lawsuit on Tuesday that Meta fed Llama, which powers its AI chatbots, thousands of pirated books to teach it how to respond to human prompts. Other authors including Ta-Nehisi Coates, former Arkansas governor Mike Huckabee and comedian Sarah Silverman have brought similar class-action claims against Meta in the same court over its alleged use of their books in AI training. [...] Several groups of copyright owners including writers, visual artists and music publishers have sued major tech companies over the unauthorized use of their work to train generative AI systems. The companies have argued that their AI training is protected by the copyright doctrine of fair use and that the lawsuits threaten the burgeoning AI industry.
The Courts

Court Blocks Uber Crash Lawsuit After Couple's Daughter Agreed To Uber Eats TOS (npr.org) 122

An anonymous reader quotes a report from NPR: A New Jersey appeals court says a couple cannot sue Uber over a life-altering car accident because of the app's terms and conditions, even though they say it was their daughter who agreed to those terms while placing an Uber Eats order. John and Georgia McGinty -- a Mercer County couple both in their 50s -- filed a lawsuit against the ride-hailing company in February 2023, nearly a year after suffering "serious physical, psychological, and financial damages" when the Uber they were riding in crashed into another car, according to court filings. "There are physical scars, mental scars, and I don't think that they will ever really be able to go back to their full capacity that they were at before," says their attorney, Mike Shapiro.

Uber responded by filing a motion to dismiss the complaint and compel arbitration, which would require the parties to resolve their differences outside court instead -- ostensibly benefiting the company by lowering legal costs and keeping proceedings private. Uber argued that Georgia McGinty, a longtime customer of Uber Rides and Uber Eats, had agreed to arbitrate any disputes with the company when she signed off on the language in the app's terms of use on three occasions over the years. The McGintys fought back, saying it was actually their daughter -- who was and remains a minor -- who had most recently agreed to the terms when she used Georgia's phone to order food on their behalf. A lower court initially sided with the couple, denying Uber's motion to compel arbitration in November 2023. Uber appealed the decision, and late last month, the appeals court ruled in its favor.

"We hold that the arbitration provision contained in the agreement under review, which Georgia or her minor daughter, while using her cell phone agreed to, is valid and enforceable," the three-judge panel wrote in September. "We, therefore, reverse the portion of the order denying arbitration of the claims against Uber." Shapiro told NPR that the couple "100%" wants to keep pursuing their case and are mulling their options, including asking the trial court to reconsider it or potentially trying to bring it to the New Jersey Supreme Court. "Uber has just been extremely underhanded in their willingness to open the same cabinets that they're forcing the McGintys to open up and have to peek around in," Shapiro says. "It's unfortunate that that's the way that they're carrying on their business, because this is truly something that subjects millions and millions of Americans and people all over the world to a waiver of their hard-fought rights."
"While the plaintiffs continue to tell the press that it was their daughter who ordered Uber Eats and accepted the Terms of Use, it's worth noting that in court they could only 'surmise' that that was the case but could not recall whether 'their daughter ordered food independently or if Georgia assisted,'" Uber said in a statement.

The report cites another recent case where Disney "tried to block a man's wrongful death lawsuit on behalf of his wife -- who died following an allergic reaction after eating at a Disney World restaurant -- because he had signed up for a trial of Disney+." After negative media coverage, the company backtracked on its push for arbitration.
Iphone

The Feds Still Can't Get Into Eric Adams' Phone (theverge.com) 112

The Verge's Gaby Del Valle reports: New York City Mayor Eric Adams, who was indicted last week on charges including fraud, bribery, and soliciting donations from foreign nationals, told federal investigators he forgot his phone password before handing it over, according to charging documents. That was almost a year ago, and investigators still can't get into the phone, prosecutors said Wednesday.

During a federal court hearing, prosecutor Hagan Scotten said the FBI's inability to get into Adams' phone is a "significant wild card," according to a report from the New York Post. The FBI issued a search warrant for Adams' devices in November 2023. Adams initially handed over two phones but didn't have his personal device on him. The indictment does not mention what type of device Adams uses. When Adams turned in his personal cellphone the following day, charging documents say, he said he had changed the password a day prior -- after learning about the investigation -- and couldn't remember it. Adams told investigators he changed the password "to prevent members of his staff from inadvertently or intentionally deleting the contents of his phone," the indictment alleges.
The FBI just needs the right tools. When investigators failed to break into the Trump rally shooter's phone in July, they sent the device to the FBI lab in Quantico, Virginia, where agents used an unreleased tool from the Israeli company Cellebrite to crack it in less than an hour.
The Courts

eBay Wins Dismissal of US Lawsuit Over Alleged Sale of Harmful Products (reuters.com) 35

An anonymous reader quotes a report from Reuters: A federal judge dismissed a U.S. Department of Justice lawsuit accusing eBay of violating environmental laws by allowing the sale of hundreds of thousands of harmful products on its platform, including pesticides and devices to evade motor vehicle pollution controls. U.S. District Judge Orelia Merchant in Brooklyn ruled on Monday that Section 230 of the federal Communications Decency Act, which protects online platforms from liability over user content, shielded eBay from liability in the civil lawsuit.

The judge said eBay's administrative and technical support to sellers "does not materially contribute to the products' alleged unlawfulness" and does not make the San Jose, California, company a "publisher or speaker" on sellers' behalf. Merchant also said eBay was not a "seller" of some of the challenged products, because it did not physically possess them or hold title. She rejected the government's argument that eBay was a seller because it exchanged the products for money.
The U.S. government argued eBay violated the Clean Air Act by allowing the sale of harmful products, including more than 343,000 aftermarket "defeat" devices that help vehicles generate more power and get better fuel economy by evading emissions controls. The company also was accused of allowing sales of 23,000 unregistered, misbranded or restricted-use pesticides, as well as distributing more than 5,600 paint and coating removal products that contained methylene chloride, a chemical linked to brain and liver cancer and non-Hodgkin lymphoma.
Social Networks

Russia Is Banning Discord (pcgamer.com) 133

Russian authorities are considering a ban on Discord, citing unspecified legal violations. According to the Russian daily newspaper Kommersant, the ban may happen "in the coming days." PC Gamer reports: The opening salvo has already been fired. The Russian state media regulator Roskomnadzor has issued five separate rulings relating to Discord since September 20, which can all now be used as justification for an upcoming ban. Say what you will about authoritarian regimes, but they love their bureaucracy. Kommersant quotes an anonymous official source as saying the ban is being considered for violations of Russian law: needless to say, these violations have not been detailed, nor are likely to be.

Russian users have also complained about periodic outages on Discord over September, with many resorting to VPNs, and both the web and mobile versions of the platform affected. Should the ban become a reality, the big losers will be Russian players and developers, with no obvious domestic replacement. "The problem is that for Russian developers, communication with the community, including the international one, and technical support are implemented through Discord," said Vasily Ovchinnikov, head of Russia's Organization for the Development of the Video Game Industry. Today, a Moscow court fined Discord 3.5 million roubles ($37,675) for, apparently, failing to restrict access to banned information.

Crime

Google Wins Lawsuit Against Scammers Who 'Weaponized' DMCA Takedowns (torrentfreak.com) 63

Google has obtained (PDF) a default judgment against two men who abused its DMCA takedown system to falsely target 117,000 URLs of competitors' online stores. With none of the defendants showing up in court, a California federal court sided with the search engine. Through an injunction, the men are now prohibited from sending false takedown notices and creating new Google accounts. TorrentFreak reports: Last November, Google decided to take action against the rampant DMCA abuse. In a lawsuit filed at a federal court in California, it accused Nguyen Van Duc and Pham Van Thien of sending over 100,000 fraudulent takedown requests. Many of these notices were allegedly filed against third-party T-shirt shops. [...] Following the complaint, the defendants, who are believed to reside in Vietnam, were summoned via their Gmail accounts and SMS. However, the pair remained quiet and didn't respond in court. Without the defendants representing themselves, Google requested a default judgment. According to the tech giant, it's clear that the duo violated the DMCA with their false takedown notices. In addition, they committed contract breach under California law.

Google said that, absent a default judgment, the defendants would continue to harm consumers and third-party businesses. These actions, in turn, will damage Google's reputation as a search engine. In July, U.S. Magistrate Judge Sallie Kim recommended granting Google's motion for default judgment. The recommendation included an injunction that prevents the two men from abusing Google's services going forward. However, the District Judge had the final say. Last Friday, U.S. District Court Judge Edward Davila adopted the recommendations, issuing a default judgment in favor of Google. The order confirms that defendants Nguyen Van Duc and Pham Van Thien violated the DMCA with their false takedown notices. In addition, they committed contract breach under California law.

In typical copyrights-related verdicts, most attention is paid to the monetary damages, but not here. While Google could have requested millions of dollars in compensation, it didn't request a penny. Google's primary goal was to put an end to the abusive behavior, not to seek financial compensation. Therefore, the company asked for an injunction to prohibit the defendants from sending false takedowns going forward. This includes a ban on registering any new Google accounts. The request ticked all the boxes and, without a word from the defendants, Judge Davila granted the default judgment as well as the associated injunction.

Google

Epic Games Sues Google and Samsung Over App Store Restrictions 45

Epic Games filed a new antitrust lawsuit against Google and Samsung, alleging they conspired to undermine third-party app stores. The suit focuses on Samsung's "Auto Blocker" feature, now enabled by default on new phones, which restricts app installations to "authorized sources" - primarily Google and Samsung's stores.

Epic claims Auto Blocker creates significant barriers for rival stores, requiring users to navigate a complex process to install third-party apps. The company argues this feature does not actually assess app safety, but is designed to stifle competition. Epic CEO Tim Sweeney stated the lawsuit aims to benefit all developers, not secure special privileges for Epic. The company seeks either default deactivation of Auto Blocker or creation of a fair whitelisting process for legitimate apps. This legal action follows Epic's December victory against Google in a separate antitrust case. Epic recently launched its own mobile app store, which it claims faces unfair obstacles due to Auto Blocker.

Slashdot Top Deals