Social Networks

Turkey Blocks Discord (reuters.com) 47

Turkey has blocked access to Discord after the messaging platform refused to share potentially illegal information with authorities. Reuters reports: Justice minister Yilmaz Tunc said an Ankara court decided to block access to Discord from Turkey due to sufficient suspicion that crimes of "child sexual abuse and obscenity" had been committed by some using the platform. The block comes after public outrage in Turkey caused by the murder of two women by a 19-year-old man in Istanbul this month. Content on social media showed Discord users subsequently praising the killing. Transport and infrastructure minister Abdulkadir Uraloglu said the nature of the Discord platform made it difficult for authorities to monitor and intervene when illegal or criminal content is shared.

"Security personnel cannot go through the content. We can only intervene when users complain to us about content shared there," he told reporters in parliament. "Since Discord refuses to share its own information, including IP addresses and content, with our security units, we were forced to block access."
Russia also recently blocked Discord for violating Russian law, after previously fining the company for failing to remove banned content.
Businesses

Bankrupt Fisker Unable To Port EV Data, Risking Multi-Million Dollar Fleet Deal (techcrunch.com) 59

An anonymous reader quotes a report from TechCrunch: Fisker's Chapter 11 bankruptcy has hit a major snag, as the company buying the startup's remaining fleet of electric SUVs says it might not complete the purchase because of a surprising technical issue. The buyer, a New York-area leasing company called American Lease, says in a new filing that Fisker now believes there is no way to transfer the information connected to each SUV to a new server not owned by the bankrupt EV startup. Since American Lease needs that information to operate the vehicles after Fisker is dissolved, the leasing company has filed an emergency objection to the startup's liquidation plan. Fisker was expected to have that plan confirmed in bankruptcy court as early as this Wednesday.

American Lease has already handed over "tens of millions of dollars" after the purchase agreement of the 3,000-plus Ocean SUVs was approved in July. These funds have been crucial because Fisker was using them to pay for the bankruptcy process. Fisker needed that money to keep itself alive long enough to settle its debts and also prepare to liquidate what it says is around $1 billion in assets that were, until recently, under control of an Austrian subsidiary that was going through its own insolvency process. [...] American Lease says in its filing that Fisker first brought up the possibility that it wouldn't be able to transfer the information to a new server on Friday, October 4, at 8 p.m. ET. And it says that this week, Fisker informed American Lease that it won't be possible at all.

"[American Lease] cannot overstate the significance of this unwelcome news, conveyed to it only after it has paid [Fisker] tens of millions of dollars under the Purchase Agreement," the leasing company's lawyers write in the filing. "It is unclear at the present time what, if anything, Debtor representatives have known about the impossibility or impracticability of implementing Porting of the Purchased Vehicles, and when they learned or otherwise knew of that critical information." American Lease is asking to delay Wednesday's hearing and be allowed to perform "expedited and targeted discovery" of Fisker and its representatives to find out more about when Fisker learned of this problem.

The Courts

DOJ Indicates It's Considering Google Breakup Following Monopoly Ruling (cnbc.com) 138

In a new 32-page filing (PDF), the Department of Justice indicated that it was considering a possible breakup of Google as an antitrust remedy for its search and advertising monopoly. The remedies necessary to "prevent and restrain monopoly maintenance could include contract requirements and prohibitions; non-discrimination product requirements; data and interoperability requirements; and structural requirements," the department said in the filing. CNBC reports: The DOJ also said it was "considering behavioral and structural remedies that would prevent Google from using products such as Chrome, Play, and Android to advantage Google search and Google search-related products and features -- including emerging search access points and features, such as artificial intelligence -- over rivals or new entrants."

Additionally, the DOJ suggested limiting or prohibiting default agreements and "other revenue-sharing arrangements related to search and search-related products." That would include Google's search position agreements with Apple's iPhone and Samsung devices -- deals that cost the company billions of dollars a year in payouts. The agency suggested one way to do this is requiring a "choice screen," which could allow users to pick from other search engines. Such remedies would end "Google's control of distribution today" and ensure "Google cannot control the distribution of tomorrow."

Twitter

Brazil Unblocks X (npr.org) 87

X has been restored in Brazil after being shut down nationwide for over a month. According to court documents released today, X ultimately complied with all of Brazilian Supreme Court Justice Alexandre de Moraes' demands. "They included blocking certain accounts from the platform, paying outstanding fines and naming a legal representative in the country," reports NPR. "Failure to do the latter had triggered the suspension." From the report: Elon Musk's X was blocked blocked on Aug. 30 in the highly online country of 213 million people -- and one of X's biggest markets, with estimates of its user base ranging from 20 to 40 million. De Moraes ordered the shutdown after a monthslong dispute with Musk over free speech, far-right accounts and misinformation. Musk had disparaged de Moraes, calling him an authoritarian and a censor, even though his rulings, including X's suspension, were repeatedly upheld by his peers.

Brazilian law requires foreign companies to have a local legal representative to receive notifications of court decisions and swiftly take any requisite action -- particularly, in X's case, the takedown of accounts. Conceicao was first named X's legal representative in April and resigned four months later. The company named her to the same job on Sep. 20, according to the public filing with the Sao Paulo commercial registry. In an apparent effort to shield Conceicao from potential violations by X -- and risking arrest -- a clause has been written into Conceicao's new representation agreement that she must follow Brazilian law and court decisions, and that any legal responsibility she assumes on X's behalf requires prior instruction from the company in writing, according to the company's filing.

There is nothing illegal or suspect about using a company like BR4Business for legal representation, but it shows that X is doing the bare minimum to operate in the country, said Fabio de Sa e Silva, a lawyer and associate professor of International and Brazilian Studies at the University of Oklahoma. "It doesn't demonstrate an intention to truly engage with the country. Take Meta, for example, and Google. They have an office, a government relations department, precisely to interact with public authorities and discuss Brazil's regulatory policies concerning their businesses," Silva added. [...] "The concern now is what comes next and how X, once back in operation, will manage to meet the demands of the market and local authorities without creating new tensions," he said.

Social Networks

TikTok is 'Digital Nicotine' Meant To Hook Kids, AGs Fume in New Suits (courthousenews.com) 66

The District of Columbia and 13 states sued social media giant TikTok on Tuesday, accusing the company of knowingly creating an addictive product and getting children hooked with "digital nicotine." From a report: D.C. Attorney General Brian Schwalb brought Washington's suit in the Superior Court for the District of Columbia, asserting that the app's design -- including its algorithm, "infinite scroll," push notifications, filters and in-app currency -- boost the company's profits at the expense of children's health. "TikTok's platform, designed to be dangerously addictive, inflicts immense damage on an entire generation of young people," Schwalb said in a statement announcing the suit. "In addition to prioritizing its profits over the health of children, TikTok's unregulated and illegal virtual economy allows the darkest, most depraved corners of society to prey upon vulnerable victims." More than a dozen states brought similar suits against TikTok in their courts Tuesday, including New York, California, Kentucky and New Jersey. Each stems from a national investigation into the company that a bipartisan coalition of attorneys general launched in March 2022.
Nintendo

Nintendo Switch Modder Faces Tech Giant in Court Without Lawyer (ign.com) 59

A Nintendo Switch modder has entered a legal battle against Nintendo without legal representation, Torrent Freak reports. Ryan Daly, alleged owner of Modded Hardware, denied all allegations in a lawsuit filed by Nintendo in July. Nintendo claims Modded Hardware offers hardware and firmware for creating and playing pirated games, as well as providing customers with pirated Nintendo titles.

The company filed suit after Daly allegedly ignored warnings to cease operations in March and May 2024. Daly's court response denies wrongdoing and ownership of the business. His defenses include fair use, invalid copyrights, and unjust enrichment. The Modded Hardware website is now password-protected.
The Courts

US Antitrust Case Against Amazon To Move Forward (reuters.com) 3

An anonymous reader quotes a report from Reuters: The U.S. Federal Trade Commission's case accusing Amazon of stifling competition in online retail will move forward, though some of the states that sued alongside the agency had their claims dismissed, court documents showed. U.S. District Judge John Chun in Seattle unsealed his ruling from Sept. 30, which dismissed some of the claims brought by attorneys general in New Jersey, Pennsylvania, Maryland and Oklahoma. Last year, the FTC alleged Amazon.com, which has 1 billion items in its online superstore, was using an algorithm that pushed up prices U.S. households paid by more than $1 billion. Amazon has said in court papers it stopped using the program in 2019.

The FTC has accused the online retailer of using anti-competitive tactics to maintain dominance among online superstores and marketplaces. Amazon asked Chun to dismiss the case in December, saying the FTC had raised no evidence of harm to consumers. The judge said in his ruling that he cannot consider Amazon's claims that its actions benefited competition at this early stage in the case.

Electronic Frontier Foundation

EFF and ACLU Urge Court to Maintain Block on Mississippi's 'Age Verification' Law (eff.org) 108

An anonymous Slashdot reader shared the EFF's "Deeplink" blog post: EFF, along with the ACLU and the ACLU of Mississippi, filed an amicus brief on Thursday asking a federal appellate court to continue to block Mississippi's HB 1126 — a bill that imposes age verification mandates on social media services across the internet. Our friend-of-the-court brief, filed in the U.S. Court of Appeals for the Fifth Circuit, argues that HB 1126 is "an extraordinary censorship law that violates all internet users' First Amendment rights to speak and to access protected speech" online.

HB 1126 forces social media sites to verify the age of every user and requires minors to get explicit parental consent before accessing online spaces. It also pressures them to monitor and censor content on broad, vaguely defined topics — many of which involve constitutionally protected speech. These sweeping provisions create significant barriers to the free and open internet and "force adults and minors alike to sacrifice anonymity, privacy, and security to engage in protected online expression." A federal district court already prevented HB 1126 from going into effect, ruling that it likely violated the First Amendment.

At the heart of our opposition to HB 1126 is its dangerous impact on young people's free expression. Minors enjoy the same First Amendment right as adults to access and engage in protected speech online. "No legal authority permits lawmakers to burden adults' access to political, religious, educational, and artistic speech with restrictive age-verification regimes out of a concern for what minors might see" [argues the brief]. "Nor is there any legal authority that permits lawmakers to block minors categorically from engaging in protected expression on general purpose internet sites like those regulated by HB 1126..."

"The law requires all users to verify their age before accessing social media, which could entirely block access for the millions of U.S. adults who lack government-issued ID..." And it also asks another question. "Would you want everything you do online to be linked to your government-issued ID?"

And the blog post makes one more argument. "in an era where data breaches and identity theft are alarmingly common." So the bill "puts every user's personal data at risk... No one — neither minors nor adults — should have to sacrifice their privacy or anonymity in order to exercise their free speech rights online."
Python

The Treasurer of Python NZ Pleads Guilty To Stealing From the Society (interest.co.nz) 20

Long-time Slashdot reader Bismillah writes: Python New Zealand has gone through some rough times lately, with its then-treasurer stealing money from the society.. Things were looking really serious for a while, with Python NZ looking at being liquidated due to the theft of funds.

However, there is a silver lining to the story, as the free and open source movement rallied behind Python NZ and got them out of a serious pickle.

"Our friends at Linux Australia and at the Python Software Foundation went well above and beyond to support us, and save us," says Tom Eastman president of Python New Zealand, in an article from interest.co.nz.

He also says he hopes the treasure is ordered by the court to pay restitution. (In the article the treasurer confirms that he's pleaded guilty to the theft, which took place between February 2019 and October 2023 — leaving Python NZ owing conference supplies around $55,000.) "We had $26 in the bank accounts," Eastman tells the site.

The group now has new transparency and accountability measures...
AI

US Police Seldom Disclose Use of AI-Powered Facial Recognition, Investigation Finds (msn.com) 63

An anonymous reader shared this report from the Washington Post: Hundreds of Americans have been arrested after being connected to a crime by facial recognition software, a Washington Post investigation has found, but many never know it because police seldom disclose their use of the controversial technology...

In fact, the records show that officers often obscured their reliance on the software in public-facing reports, saying that they identified suspects "through investigative means" or that a human source such as a witness or police officer made the initial identification... The Coral Springs Police Department in South Florida instructs officers not to reveal the use of facial recognition in written reports, according to operations deputy chief Ryan Gallagher. He said investigative techniques are exempt from Florida's public disclosure laws... The department would disclose the source of the investigative lead if it were asked in a criminal proceeding, Gallagher added....

Prosecutors are required to inform defendants about any information that would help prove their innocence, reduce their sentence or hurt the credibility of a witness testifying against them. When prosecutors fail to disclose such information — known as a "Brady violation" after the 1963 Supreme Court ruling that mandates it — the court can declare a mistrial, overturn a conviction or even sanction the prosecutor. No federal laws regulate facial recognition and courts do not agree whether AI identifications are subject to Brady rules. Some states and cities have begun mandating greater transparency around the technology, but even in these locations, the technology is either not being used that often or it's not being disclosed, according to interviews and public records requests...

Over the past four years, the Miami Police Department ran 2,500 facial recognition searches in investigations that led to at least 186 arrests and more than 50 convictions. Among the arrestees, just 1 in 16 were told about the technology's use — less than 7 percent — according to a review by The Post of public reports and interviews with some arrestees and their lawyers. The police department said that in some of those cases the technology was used for purposes other than identification, such as finding a suspect's social media feeds, but did not indicate in how many of the cases that happened. Carlos J. Martinez, the county's chief public defender, said he had no idea how many of his Miami clients were identified with facial recognition until The Post presented him with a list. "One of the basic tenets of our justice system is due process, is knowing what evidence there is against you and being able to challenge the evidence that's against you," Martinez said. "When that's kept from you, that is an all-powerful government that can trample all over us."

After reviewing The Post's findings, Miami police and local prosecutors announced plans to revise their policies to require clearer disclosure in every case involving facial recognition.

The article points out that Miami's Assistant Police Chief actually told a congressional panel on law enforcement AI use that his department is "the first to be completely transparent about" the use of facial recognition. (When confronted with the Washington Post's findings, he "acknowledged that officers may not have always informed local prosecutors [and] said the department would give prosecutors all information on the use of facial recognition, in past and future cases".

He told the Post that the department would "begin training officers to always disclose the use of facial recognition in incident reports." But he also said they would "leave it up to prosecutors to decide what to disclose to defendants."
United Kingdom

UK Post Office Executive Suspended Over Allegations of Destroying Software Scandal Evidence (computerweekly.com) 72

The British Post Office scandal "was first exposed by Computer Weekly in 2009, revealing the stories of seven subpostmasters and the problems they suffered due to Horizon accounting software," remembers Computer Weekly, "which led to the most widespread miscarriage of justice in British history."

But now the Post Office "is investigating allegations that a senior executive instructed staff to destroy or conceal documents that could be of interest to the Post Office scandal public inquiry," Computer Weekly writes. A company employee acknowleged a report in an internal whistleblower program "regarding destroying or concealing material... allegations that a senior Post Office member of staff had instructed their team to destroy or conceal material of possible interest to the inquiry, and that the same individual had engaged in inappropriate behaviour." The shocking revelation echoes evidence from appeals against wrongful convictions in 2021. During the Court of Appeal trials it was revealed that a senior Post Office executive instructed employees to shred documents that undermined an insistence that its Horizon computer system was robust, amid claims that errors in the system caused unexplained accounting shortfalls.
Twitter

Brazil's Top Court Says X Paid Pending Fines to Wrong Bank (reuters.com) 83

An anonymous reader shared this report from Reuters: Brazil's Supreme Court said on Friday that lawyers representing social media platform X did not pay pending fines to the proper bank, postponing its decision on whether to allow the tech firm to resume services in Brazil.

The payment of the fines, which X lawyers argued that the company had paid correctly, is the only outstanding measure demanded by the court in order to authorize X to operate again in Brazil... Earlier on Friday, X, owned by billionaire Elon Musk, filed a fresh request to have its services restored in Brazil, saying it had paid all pending fines. In response to the request, Supreme Court Justice Alexandre de Moraes requested the payment to be transferred to the right bank. He also determined that once fines are sorted out, Brazil's prosecutor general will give his opinion on the recent requests made by X's legal team in Brazil, which has been seeking to have the platform restored in the country.

Following Moraes' decision on Friday, X lawyers again asked the court for authorization to resume operations in Brazil, denying that the company had paid the fines to the wrong account and saying they do not see the need for the prosecutor general to be consulted before the ban is lifted.

China

U.S. Wiretap Systems Targeted in China-Linked Hack (msn.com) 27

"A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers," reports the Wall Street Journal, "potentially accessing information from systems the federal government uses for court-authorized network wiretapping requests.

"For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data, according to people familiar with the matter, which amounts to a major national security risk." The attackers also had access to other tranches of more generic internet traffic, they said. Verizon Communications, AT&T and Lumen Technologies are among the companies whose networks were breached by the recently discovered intrusion, the people said.

The widespread compromise is considered a potentially catastrophic security breach and was carried out by a sophisticated Chinese hacking group dubbed Salt Typhoon. It appeared to be geared toward intelligence collection, the people said... The surveillance systems believed to be at issue are used to cooperate with requests for domestic information related to criminal and national security investigations. Under federal law, telecommunications and broadband companies must allow authorities to intercept electronic information pursuant to a court order. It couldn't be determined if systems that support foreign intelligence surveillance were also vulnerable in the breach...

The hackers appear to have engaged in a vast collection of internet traffic from internet service providers that count businesses large and small, and millions of Americans, as their customers. Additionally, there are indications that the hacking campaign targeted a small number of service providers outside the U.S., the people said. A person familiar with the attack said the U.S. government considered the intrusions to be historically significant and worrisome... "It will take time to unravel how bad this is, but in the meantime it's the most significant in a long string of wake-up calls that show how the PRC has stepped up their cyber game," said Brandon Wales, former executive director at the Cybersecurity and Infrastructure Security Agency and now a vice president at SentinelOne, referring to the People's Republic of China. "If companies and governments weren't taking this seriously before, they absolutely need to now."

Three weeks ago TechCrunch also reported that the FBI "took control of a botnet made up of hundreds of thousands of internet-connected devices, such as cameras, video recorders, storage devices, and routers, which was run by a Chinese government hacking group, FBI director Christopher Wray and U.S. government agencies revealed Wednesday.
Cellphones

America's FCC Orders T-Mobile To Deliver Better Cybersecurity (csoonline.com) 13

T-Mobile experienced three major data breaches in 2021, 2022, and 2023, according to CSO Online, "which impacted millions of its customers."

After a series of investigations by America's Federal Communications Commission, T-Mobile agreed in court to a number of settlement conditions, including moving toward a "modern zero-trust architecture," designating a Chief Information Security Office, implementing phishing-resistant multifactor authentication, and adopting data minimization, data inventory, and data disposal processes designed to limit its collection and retention of customer information.

Slashdot reader itwbennett writes: According to a consent decree published on Monday by the U.S. Federal Communications Commission, T-Mobile must pay a $15.75 million penalty and invest an equal amount "to strengthen its cybersecurity program, and develop and implement a compliance plan to protect consumers against similar data breaches in the future."

"Implementing these practices will require significant — and long overdue — investments. To do so at T-Mobile's scale will likely require expenditures an order of magnitude greater than the civil penalty here,' the consent decree said.

The article points out that order of magnitude greater than $15.75 million would be $157.5 million...
EU

Meta Faces Data Retention Limits On Its EU Ad Business After Top Court Ruling (techcrunch.com) 35

An anonymous reader quotes a report from TechCrunch: The European Union's top court has sided with a privacy challenge to Meta's data retention policies. It ruled on Friday that social networks, such as Facebook, cannot keep using people's information for ad targeting indefinitely. The judgement could have major implications on the way Meta and other ad-funded social networks operate in the region. Limits on how long personal data can be kept must be applied in order to comply with data minimization principles contained in the bloc's General Data Protection Regulation (GDPR). Breaches of the regime can lead to fines of up to 4% of global annual turnover -- which, in Meta's case, could put it on the hook for billions more in penalties (NB: it is already at the top of the leaderboard of Big Tech GDPR breachers). [...]

The original challenge to Meta's ad business dates back to 2014 but was not fully heard in Austria until 2020, per noyb. The Austrian supreme court then referred several legal questions to the CJEU in 2021. Some were answered via a separate challenge to Meta/Facebook, in a July 2023 CJEU ruling -- which struck down the company's ability to claim a "legitimate interest" to process people's data for ads. The remaining two questions have now been dealt with by the CJEU. And it's more bad news for Meta's surveillance-based ad business. Limits do apply. Summarizing this component of the judgement in a press release, the CJEU wrote: "An online social network such as Facebook cannot use all of the personal data obtained for the purposes of targeted advertising, without restriction as to time and without distinction as to type of data."

The ruling looks important on account of how ads businesses, such as Meta's, function. Crudely put, the more of your data they can grab, the better -- as far as they are concerned. Back in 2022, an internal memo penned by Meta engineers which was obtained by Vice's Motherboard likened its data collection practices to tipping bottles of ink into a vast lake and suggested the company's aggregation of personal data lacked controls and did not lend itself to being able to silo different types of data or apply data retention limits. Although Meta claimed at the time that the document "does not describe our extensive processes and controls to comply with privacy regulations." How exactly the adtech giant will need to amend its data retention practices following the CJEU ruling remains to be seen. But the law is clear that it must have limits. "[Advertising] companies must develop data management protocols to gradually delete unneeded data or stop using them," noyb suggests.
The court also weighed in a second question that concerns sensitive data that has been "manifestly made public" by the data subject, "and whether sensitive characteristics could be used for ad targeting because of that," reports TechCrunch. "The court ruled that it could not, maintaining the GDPR's purpose limitation principle."
Bitcoin

SEC Appeals Decision In Landmark Ripple Case (cnbc.com) 13

On Wednesday, the SEC filed (PDF) to appeal a 2023 court ruling that determined XRP is not considered a security when sold to retail investors on exchanges. The announcement sent the price of XRP tumbling more than 8%. "XRP, which was created by the founders of Ripple, is the native token of the open source XRP Ledger, which Ripple uses in its cross-border payments business," notes CNBC. "It is the fifth-largest coin by market cap, excluding stablecoins Tether (USDT) and USD Coin (USDC)." CNBC reports: Ripple, the largest holder of XRP coins, scored a partial victory last summer after a three-year battle with the SEC. U.S. District Judge Analisa Torres handed down the decision, which was hailed as a landmark win for the crypto industry. Still, while XRP isn't considered a security when sold to retail investors on exchanges, it is considered an unregistered security offering if sold to institutional investors.

Ripple declined to comment but referred to Wednesday evening posts on X by CEO Brad Garlinghouse and chief legal officer Stuart Alderoty. Alderoty said the company is evaluating whether to file a cross appeal, and called the SEC's decision to appeal "disappointing, but not surprising." The SEC, under Chair Gary Gensler, has become notorious for its refusal to provide clear guidance for crypto businesses, instead opting to regulate by enforcement actions. "XRP's status as a non-security is the law of the land today - and that does not change even in the face of this misguided - and infuriating - appeal," Garlinghouse said on X.

Patents

Cloudflare Defeats Patent Troll (cloudflare.com) 63

Cloudflare has emerged victorious in a patent infringement lawsuit against Sable Networks, securing a $225,000 settlement and forcing the patent holder to dedicate its entire portfolio to the public domain. The case, which began in March 2021 with Sable asserting nearly 100 claims across four patents, concluded after a Texas jury found Cloudflare not guilty of infringement in February 2024.

Sable, described by Cloudflare as a "patent troll," had previously sued several tech companies, including Cisco and Juniper Networks, who settled out of court. Cloudflare's aggressive defense strategy included launching Project Jengo, a crowd-sourced initiative to invalidate Sable's patents. The settlement prevents Sable from asserting these patents against any other company in the future, marking a significant blow to patent trolling practices in the tech industry. In a blog post, Cloudflare adds: While this $225,000 can't fully compensate us for the time, energy and frustration of having to deal with this litigation for nearly three years, it does help to even the score a bit. And we hope that it sends an important message to patent trolls everywhere to beware before taking on Cloudflare.
Biotech

23andMe Is On the Brink. What Happens To All Its DNA Data? (npr.org) 60

The one-and-done nature of 23andMe is "indicative of a core business problem with the once high-flying biotech company that is now teetering on the brink of collapse," reports NPR. As 23andMe struggles for survival, many of its 15 million customers are left wondering what the company plans to do with all the data it has collected since it was founded in 2006. An anonymous reader shares an excerpt from the report: Andy Kill, a spokesperson for 23andMe, would not comment on what the company might do with its trove of genetic data beyond general pronouncements about its commitment to privacy. "For our customers, our focus continues to be on transparency and choice over how they want their data to be managed," he said. When signing up for the service, about 80% of 23andMe's customers have opted in to having their genetic data analyzed for medical research. "This rate has held steady for many years," Kill added. The company has an agreement with pharmaceutical giant GlaxoSmithKline, or GSK, that allows the drugmaker to tap the tech company's customer data to develop new treatments for disease. Anya Prince, a law professor at the University of Iowa's College of Law who focuses on genetic privacy, said those worried about their sensitive DNA information may not realize just how few federal protections exist. For instance, the Health Insurance Portability and Accountability Act, also known as HIPAA, does not apply to 23andMe since it is a company outside of the health care realm. "HIPAA does not protect data that's held by direct-to-consumer companies like 23andMe," she said.

Although DNA data has no federal safeguards, some states, like California and Florida, do give consumers rights over their genetic information. "If customers are really worried, they could ask for their samples to be withdrawn from these databases under those laws," said Prince. According to the company, all of its genetic data is anonymized, meaning there is no way for GSK, or any other third party, to connect the sample to a real person. That, however, could make it nearly impossible for a customer to renege on their decision to allow researchers to access their DNA data. "I couldn't go to GSK and say, 'Hey, my sample was given to you -- I want that taken out -- if it was anonymized, right? Because they're not going to re-identify it just to pull it out of the database," Prince said.

Vera Eidelman, a staff attorney with the American Civil Liberties Union who specializes in privacy and technology policy, said the patchwork of state laws governing DNA data makes the generic data of millions potentially vulnerable to being sold off, or even mined by law enforcement. "Having to rely on a private company's terms of service or bottom line to protect that kind of information is troubling -- particularly given the level of interest we've seen from government actors in accessing such information during criminal investigations," Eidelman said. She points to how investigators used a genealogy website to identify the man known as the Golden State Killer, and how police homed in on an Idaho murder suspect by turning to similar databases of genetic profiles. "This has happened without people's knowledge, much less their express consent," Eidelman said.

Neither case relied on 23andMe, and spokesperson Kill said the company does not allow law enforcement to search its database. The company has, however, received subpoenas to access its genetic information. According to 23andMe's transparency report, authorities have sought genetic data on 15 individuals since 2015, but the company has resisted the requests and never produced data for investigators. "We treat law enforcement inquiries, such as a valid subpoena or court order, with the utmost seriousness. We use all legal measures to resist any and all requests in order to protect our customers' privacy," Kill said. [...] In a September filing to financial regulators, [23andMe CEO Anne Wojcicki] wrote: "I remain committed to our customers' privacy and pledge," meaning the company's rules requiring consent for DNA to be used for research would remain in place, as well as allowing customers to delete their data. Wojcicki added that she is no longer considering offers to buy the company after previously saying she was.

The Courts

Judge Blocks California's New AI Law In Case Over Kamala Harris Deepfake (techcrunch.com) 128

An anonymous reader quotes a report from TechCrunch: A federal judge blocked one of California's new AI laws on Wednesday, less than two weeks after it was signed by Governor Gavin Newsom. Shortly after signing AB 2839, Newsom suggested it could be used to force Elon Musk to take down an AI deepfake of Vice President Kamala Harris he had reposted (sparking a petty online battle between the two). However, a California judge just ruled the state can't force people to take down election deepfakes -- not yet, at least. AB 2839 targets the distributors of AI deepfakes on social media, specifically if their post resembles a political candidate and the poster knows it's a fake that may confuse voters. The law is unique because it does not go after the platforms on which AI deepfakes appear, but rather those who spread them. AB 2839 empowers California judges to order the posters of AI deepfakes to take them down or potentially face monetary penalties.

Perhaps unsurprisingly, the original poster of that AI deepfake -- an X user named Christopher Kohls -- filed a lawsuit to block California's new law as unconstitutional just a day after it was signed. Kohls' lawyer wrote in a complaint that the deepfake of Kamala Harris is satire that should be protected by the First Amendment. On Wednesday, United States district judge John Mendez sided with Kohls. Mendez ordered a preliminary injunction to temporarily block California's attorney general from enforcing the new law against Kohls or anyone else, with the exception of audio messages that fall under AB 2839. [...] In essence, he ruled the law is simply too broad as written and could result in serious overstepping by state authorities into what speech is permitted or not.

Microsoft

Rival Browsers Allege Microsoft's Practices on Edge Unfair (usnews.com) 56

Microsoft gives its Edge web browser an unfair advantage and EU antitrust regulators should subject it to tough EU tech rules, three rival browsers and a group of web developers said in a letter to the European Commission. From a report: The move by Vivaldi, Waterfox, Wavebox and the Open Web Advocacy could boost Norwegian browser company Opera which in July took the European Commission to court for exempting Edge from the Digital Markets Act (DMA). [...] "Unfair practices are currently allowed to persist on the Windows' ecosystem with respect to Edge, unmitigated by the choice screens that exist on mobile," they said, pointing to Edge set as the default browser on all Windows computers. "No platform independent browser can aspire to match Edge's unparalleled distribution advantage on Windows. Edge is, moreover, the most important gateway for consumers to download an independent browser on Windows PCs."

Slashdot Top Deals