An anonymous reader quotes a report from TechCrunch: If you recently made a purchase from an overseas online store selling knockoff clothes and goods, there's a chance your credit card number and personal information were exposed. Since January 6, a database containing hundreds of thousands of unencrypted credit card numbers and corresponding cardholders' information was spilling onto the open web. At the time it was pulled offline on Tuesday, the database had about 330,000 credit card numbers, cardholder names, and full billing addresses -- and rising in real-time as customers placed new orders. The data contained all the information that a criminal would need to make fraudulent transactions and purchases using a cardholder's information.

The credit card numbers belong to customers who made purchases through a network of near-identical online stores claiming to sell designer goods and apparel. But the stores had the same security problem in common: Any time a customer made a purchase, their credit card data and billing information was saved in a database, which was left exposed to the internet without a password. Anyone who knew the IP address of the database could access reams of unencrypted financial data. Anurag Sen, a good-faith security researcher, found the exposed credit card records and asked TechCrunch for help in reporting it to its owner. Sen has a respectable track record of scanning the internet looking for exposed servers and inadvertently published data, and reporting it to companies to get their systems secured.

But in this case, Sen wasn't the first person to discover the spilling data. According to a ransom note left behind on the exposed database, someone else had found the spilling data and, instead of trying to identify the owner and responsibly reporting the spill, the unnamed person instead claimed to have taken a copy of the entire database's contents of credit card data and would return it in exchange for a small sum of cryptocurrency. A review of the data by TechCrunch shows most of the credit card numbers are owned by cardholders in the United States. [...] Internet records showed that the database was operated by a customer of Tencent, whose cloud services were used to host the database. TechCrunch contacted Tencent about its customer's database leaking credit card information, and the company responded quickly. The customer's database went offline a short time later. Many of the stores leaking customers' information claim to operate out of Hong Kong and were set up in the past few weeks. Some of the websites include: spraygroundusa.com, ihuahebuy.com, igoodlinks.com, ibuysbuy.com, lichengshop.com, hzoushop.com, goldlyshop.com, haohangshop.com, twinklebubble.store, and spendidbuy.com.

State Sen. Wendy Rogers (R-AZ) has introduced a set of bills aimed at making bitcoin legal tender in Arizona and allowing state agencies to accept bitcoin. Bitcoin Magazine reports: The proposed legislation (PDF) aims to recognize bitcoin as a legal form of currency in Arizona, allowing it to be used to pay for debts, taxes and other financial obligations. This would mean that all transactions that are currently done in U.S. dollars could potentially be done with bitcoin, and individuals and businesses would have the option to use bitcoin as they see fit. Specifically mentioning bitcoin alone, the legal tender bill defines bitcoin as, "the decentralized, peer-to-peer digital currency in which a record of transactions is maintained on the Bitcoin blockchain and new units of currency are generated by the computational solution of mathematical problems and that operates independently of a central bank."

The acceptance bill is more broad, saying that, "A state agency may enter into an agreement with a cryptocurrency issuer to provide a method to accept cryptocurrency as a payment method of fines, civil penalties or other penalties, rent, rates, taxes, fees, charges, revenue, financial obligations and special assessments to pay any amount due to that agency or this state." The report notes that Sen. Rogers introduced the same amendment in January 2022, but it "died by the second reading."

New bills in the state House and Senate would not only pursue collective bargaining rights across companies, as with past measures, but would guarantee a minimum wage, paid sick leave and other benefits. Companies like Uber and Lyft would also have to cover some driver expenses and pour money into the government's unemployment insurance system. Engadget reports: The new legislation wouldn't decide whether drivers are employees or independent contractors. However, Senate bill co-sponsor Jason Lewis told the State House News Service his bill would establish requirements that apply regardless of a driver's status. Previous bills would have tasked workers with negotiating for benefits that are now included, Lewis says.

In a statement, the Service Employees International Union (a bill proponent) says the bill "rewrites the rules" and gives condition drivers have sought for over a decade. The Massachusetts Coalition for Independent Work, an industry-run organization that opposes the legislation, previously claimed that measures granting employee status don't reflect a "vast majority" of drivers that want to remain contractors. The coalition prefers bills that would bring the anti-employee ballot proposal to the legislature as well as create portable benefit accounts.

Senator Joe Manchin, chairman of the Senate Energy and Natural Resources Committee, has introduced a new bill that squashes a small loophole around the Inflation Reduction Act's (IRA) $7,500 EV tax credit. Engadget reports: The new credits are restricted to cars with final assembly in the US, as well as those with a certain amount of North American battery content (an amount that increases every year). But, the U.S. Treasury has delayed its final rules on battery guidance until March, which means EVs with foreign batteries can still receive the full $7,500 in credits until then. Manchin's legislation, dubbed the American Vehicle Security Act (AVSA), would push the battery requirement back to January 1st.

"It is unacceptable that the U.S. Treasury has failed to issue updated guidance for the 30D electric vehicle tax credits and continues to make the full $7,500 credits available without meeting all of the clear requirements included in the Inflation Reduction Act," Manchin wrote a statement. "The Treasury Department failed to meet the statutory deadline of December 31, 2022, to release guidance for the 30D credit and have created an opportunity to circumvent stringent supply chain requirements included in the IRA. The IRA is first-and-foremost an energy security bill, and the EV tax credits were designed to grow domestic manufacturing and reduce our reliance on foreign supply chains for the critical minerals needed to produce EV batteries." Autoblog notes that the AVSA doesn't patch the other IRA loophole, which also allows for the full credit for leased cars built outside of the U.S.

An anonymous reader quotes a report from Reuters: U.S. Senator Josh Hawley, a Republican and China hawk, said on Tuesday that he would introduce a bill to ban the short video app TikTok in the United States. TikTok, whose parent is the Chinese company ByteDance, already faces a ban that would stop federal employees from using or downloading TikTok on government-owned devices. "TikTok is China's backdoor into Americans' lives. It threatens our children's privacy as well as their mental health," he said on Twitter. "Now I will introduce legislation to ban it nationwide." Hawley did not say when the bill would be introduced. "Senator Hawley's call for a total ban of TikTok takes a piecemeal approach to national security and a piecemeal approach to broad industry issues like data security, privacy and online harms," said TikTok spokeswoman Brooke Oberwetter. "We hope that he will focus his energies on efforts to address those issues holistically, rather than pretending that banning a single service would solve any of the problems he's concerned about or make Americans any safer."

The US Justice Department and eight states sued Alphabet's Google, calling for the break up of the search giant's ad-technology business over alleged illegal monopolization of the digital advertising market. From a report: "Google abuses its monopoly power to disadvantage website publishers and advertisers who dare to use competing ad tech products in a search for higher quality, or lower cost, matches," the Justice Department said in the complaint, which was filed in federal court in Virginia. New York, California and Virginia were among the states that signed on to the complaint.

The lawsuit represents the Biden administration's first major case challenging the power of one of the nation's largest tech companies, following through on a probe that began under former President Donald Trump. It also marks one of the few times the Justice Department has called for the breakup of a major company since it dismantled the Bell telecom system in 1982. Google is the dominant player in the $278.6 billion US digital-ad market, controlling most of the technology used to buy, sell and serve online advertising. A resolution in the case could be years away. The lawsuit marks the DOJ's second antitrust suit against Google and the fifth major case in the US challenging the company's business practices.

An anonymous reader quotes a report from the BBC: Japan's prime minister says his country is on the brink of not being able to function as a society because of its falling birth rate. Fumio Kishida said it was a case of "now or never." Japan -- population 125 million -- is estimated to have had fewer than 800,000 births last year. In the 1970s, that figure was more than two million. Japan now has the world's second-highest proportion of people aged 65 and over -- about 28% -- after the tiny state of Monaco, according to World Bank data.

"Japan is standing on the verge of whether we can continue to function as a society," Mr Kishida told lawmakers. "Focusing attention on policies regarding children and child-rearing is an issue that cannot wait and cannot be postponed." He said that he eventually wants the government to double its spending on child-related programs. A new government agency to focus on the issue would be set up in April, he added. However, Japanese governments have tried to promote similar strategies before, without success. In 2020, researchers projected Japan's population to fall from a peak of 128 million in 2017 to less than 53 million by the end of the century. The population is currently just under 125 million, according to official data.

Germany's cartel office regulator said on Monday it had initiated proceedings against payment company PayPal Europe over the possibility that it hindered competition. Reuters reports: The subject of the proceedings was PayPal's rules for extra charges and the presentation of PayPal in the terms of use for Germany, the watchdog said. The regulator is investigating in particular rules that say merchants may not offer their goods and services at a lower price to customers who choose a cheaper payment method than PayPal.

PayPal demands that sellers do not express a preference for other payment methods or make their use more convenient for customers, according to the antitrust watchdog. "These clauses could restrict competition and constitute a violation of the prohibition of abuse," said cartel office chief Andreas Mundt in a statement. "We will now examine what market power PayPal has and to what extent online merchants are dependent on offering PayPal as a payment method."

An anonymous reader quotes a report from The Guardian: Pakistan's national grid suffered a major breakdown, leaving millions of people without electricity for the second time in three months and highlighting the infrastructural weakness of the heavily indebted nation. The energy minister, Khurram Dastgir, said the outage on Monday was caused by a large voltage surge in the south of the grid, which affected the entire network. Supplies were being partially restored from north to the south, he added, nearly six hours after factories, hospitals and schools reported outages. The grid should be fully functioning by 10pm (1700 GMT), Dastgir said, adding: "We are trying our utmost to achieve restoration before that."

Like much of the national infrastructure, Pakistan's grid needs an upgrade that the government says it can ill afford. Pakistan has enough installed power capacity to meet demand, but it lacks resources to run its oil-and-gas powered plants -- and the sector is so heavily in debt that it cannot afford to invest in infrastructure and power lines. "We have been adding capacity, but we have been doing so without improving transmission infrastructure," Fahad Rauf, the head of research at Karachi-based brokerage Ismail Iqbal Industries, said.

CNN remembers how in 2016 Ruja Ignatova "touted her company, OneCoin, as a lucrative rival to Bitcoin in the growing cryptocurrency market." As OneCoin's co-founder, Ignatova told one audience in 2016 that "In two years, nobody will speak about Bitcoin anymore.

"Sixteen months later, Ignatova boarded a plane in Sofia, Bulgaria, and vanished. She hasn't been seen since." Authorities say OneCoin was a pyramid scheme that defrauded people out of more than $4 billion as Ignatova convinced investors in the US and around the globe to throw fistfuls of cash at her company. Federal prosecutors describe OneCoin as one of the largest international fraud schemes ever perpetrated. She is now one of the FBI's 10 most-wanted fugitives, alongside accused gang leaders and murderers, and is the only woman currently on that list....

Ignatova and her partners "conned unsuspecting victims out of billions of dollars, claiming that OneCoin would be the 'Bitcoin killer,'" US Attorney Damian Williams, New York's top prosecutor, said in a statement last month. "In fact, OneCoins were entirely worthless ... (Their) lies were designed with one goal, to get everyday people all over the world to part with their hard-earned money."
One subheading of CNN's story reads "She knew it was a scam from the start, court documents say." While [co-founder] Greenwood and Ignatova were working on the concept for OneCoin, they referred to it in emails as a "trashy coin," federal officials said in court documents. The documents show Greenwood described their investors as "idiots" and "crazy" in an email to Ignatova's brother, Konstantin Ignatov, who also took part in the scam and assumed OneCoin leadership after his sister vanished, according to prosecutors.... She also proposed an exit strategy should the company fail, saying in a 2014 email to Greenwood that they should "take the money and run and blame somebody else for this...."

Ignatova and her partners promised buyers a fivefold or even tenfold return on their investment, according to court documents. A buying frenzy ensued. Between the fourth quarter of 2014 and the fourth quarter of 2016 alone, investors gave OneCoin more than $4 billion, federal prosecutors said, citing records obtained in the course of their investigation. Some $50 million came from investors in the US, according to court documents. "She timed her scheme perfectly, capitalizing on the frenzied speculation of the early days of cryptocurrency," said Williams, the top federal prosecutor in Manhattan.
The FBI is now offering a $100,000 reward for information leading to her arrest, according to the article, which notes this line appearing at the bottom of her FBI wanted poster.

"Ignatova is believed to travel with armed guards and/or associates. Ignatova may have had plastic surgery or otherwise altered her appearance."

The Washington Post's editorial board recently commented on the problem of America's "dead downtowns. Tourists are back, but office workers are still missing in action.... [R]estaurants, coffee hangouts, stores and transit systems cannot sustain themselves without more people in center cities...."

The problem? America "is in the midst of one of the biggest workforce shifts in generations: Many now have experienced what it is like to work from home and have discovered they prefer it."

Their proposed solution? The Post's editorial board is urging cities to adapt to the new reality of workers wanting to work two or three days remotely in part by converting commercial offices to apartments and entertainment venues. The goal is a "24/7" downtown with ample work spaces, apartments, parks and entertainment venues that draw people in during the day and have a core of residents who keep the area vibrant after commuters go home.... Office use isn't going back to pre-pandemic levels. Even Texas cities that did not shut down during the worst of the pandemic are 20 to 30 percent below 2019 office occupancy. New York, Los Angeles and D.C. are still down more than 40 percent. This a classic oversupply problem. Cities have too much office space, especially in the older buildings that companies are fleeing as they seek out new construction with more light and flexible space.

Mayors and city lawmakers have reason to be bold in seizing this opportunity. There's growing interest among developers and investors who want to be a part of the office-to-apartment revolution. They are already eyeing the easiest buildings to convert: The ones with elevators in the middle, windows and light on all sides, and the right length and width. The challenge for city leaders is to generate interest in the buildings that are "maybe" candidates for conversion.
The Post's suggestions include announcing targets for new residents living downtown, and speeding up city approvals like permitting and rezoning. "America's cities are ripe for new skylines and fresh streetscapes. The best leaders will get going soon."

Why hasn't America restored net neutrality protections? "President Biden's nomination to serve on the Federal Communications Commission has been stalled in the Senate for more than a year," complain the editorial boards of two Silicon Valley newspapers: Confirming Gigi Sohn would end the 2-2 deadlock on the FCC that is keeping Biden from fulfilling his campaign promise to restore net neutrality, ensuring that all internet traffic is treated equally. Polls show that 75% of Americans support net neutrality rules. They know that an open internet is essential for innovation and economic growth, for fostering the next generation of entrepreneurs....

[T]elecommunication giants such as AT&T, Verizon and Comcast don't want that to happen. They favor the status quo that allows the internet companies to pick winners and losers by charging content providers higher rates for speedier access to customers. They seek to expand the cable system model and allow kingmakers to rake in billions at the expense of smaller, new startups that struggle to gain a wider audience on their slow-speed offerings. So Republicans and a handful of Democrats are holding up Sohn's confirmation, claiming that her "radical" views disqualify her....

They also object to Sohn's current service as an Electronic Frontier Foundation board member, saying it proves she wouldn't be an unbiased and impartial FCC Commissioner. The San Francisco-based EFF is a leading nonprofit with a mission of defending digital privacy, free speech and innovation....

Enough is enough. Confirm Sohn and allow the FCC to fulfill its mission of promoting connectivity and ensuring a robust and competitive internet market.

IBM, along with 13 of its current and former executives, has been sued by investors who claim the IT giant used mainframe sales to fraudulently prop up newer, more trendy parts of its business. The Register reports: In effect, IBM deceived the market about its progress in developing Watson, cloud technologies, and other new sources of revenue, by deliberately misclassifying the money it was making from mainframe deals, assigning that money instead to other products, it is alleged. The accusations emerged in a lawsuit [PDF] filed late last week against IBM in New York on behalf of the June E Adams Irrevocable Trust. It alleged Big Blue shifted sales by its "near-monopoly" mainframe business to its newer and less popular cloud, analytics, mobile, social, and security products (CAMSS), which bosses promoted as growth opportunities and designated "Strategic Imperatives."

IBM is said to have created the appearance of demand for these Strategic Imperative products by bundling them into three- to five-year mainframe Enterprise License Agreements (ELA) with large banking, healthcare, and insurance company customers. In other words, it is claimed, mainframe sales agreements had Strategic Imperative products tacked on to help boost the sales performance of those newer offerings and give investors the impression customers were clamoring for those technologies from IBM. "Defendants used steep discounting on the mainframe part of the ELA in return for the customer purchasing catalog software (i.e. Strategic Imperative Revenue), unneeded and unused by the customer," the lawsuit stated.

IBM is also alleged to have shifted revenue from its non-strategic Global Business Services (GBS) segment to Watson, a Strategic Imperative in the CAMSS product set, to convince investors that the company was successfully expanding beyond its legacy business. Last April the plaintiff Trust filed a similar case, which was joined by at least five other law firms representing other IBM shareholders. A month prior, the IBM board had been presented with a demand letter from shareholders to investigate the above allegations. Asked whether any action has been taken as a result of that letter, IBM has yet to respond.

An anonymous reader quotes a report from the Daily Dot: An unsecured server discovered by a security researcher last week contained the identities of hundreds of thousands of individuals from the U.S. government's Terrorist Screening Database and "No Fly List." Located by the Swiss hacker known as maia arson crimew, the server, run by the U.S. national airline CommuteAir, was left exposed on the public internet. It revealed a vast amount of company data, including private information on almost 1,000 CommuteAir employees. Analysis of the server resulted in the discovery of a text file named "NoFly.csv," a reference to the subset of individuals in the Terrorist Screening Database who have been barred from air travel due to having suspected or known ties to terrorist organizations.

The list, according to crimew, appeared to have more than 1.5 million entries in total. The data included names as well as birth dates. It also included multiple aliases, placing the number of unique individuals at far less than 1.5 million. [...] In a statement to the Daily Dot, CommuteAir said that the exposed infrastructure, which it described as a development server, was used for testing purposes. CommuteAir added that the server, which was taken offline prior to publication after being flagged by the Daily Dot, did not expose any customer information based on an initial investigation. CommuteAir also confirmed the legitimacy of the data, stating that it was a version of the "federal no-fly list" from roughly four years prior. [...] The server also held the passport numbers, addresses, and phone numbers of roughly 900 company employees. User credentials to more than 40 Amazon S3 buckets and servers run by CommuteAir were also exposed.

HPE and Oracle have settled their long-running legal case over alleged copyright infringement regarding Solaris software updates for HPE customers, but it looks like the nature of the settlement is going to remain under wraps. The Register reports: The pair this week informed [PDF] the judge overseeing the case that they'd reached a mutual settlement and asked for the case to be dismissed "with prejudice" -- ie, permanently. The settlement agreement is confidential, and its terms won't be made public. The case goes back to at least 2016, when Oracle filed a lawsuit against HPE over the rights to support the Solaris operating system. HPE and a third company, software support outfit Terix, were accused of offering Solaris support for customers while the latter was not an authorized Oracle partner.

Big Red's complaint claimed HPE had falsely represented to customers that it and Terix could lawfully provide Solaris Updates and other support services at a lower cost than Oracle, and that the two had worked together to provide customers with access to such updates. The suit against HPE was thrown out of court in 2019, but revived in 2021 when a judge denied HPE's motion for a summary judgement in the case. Terix settled its case in 2015 for roughly $58 million. Last year, the case went to court and in June a jury found HPE guilty of providing customers with Solaris software updates without Oracle's permission, awarding the latter $30 million for copyright infringement.

But that wasn't the end of the matter, because HPE was back a couple of months later to appeal the verdict, claiming the complaint by Oracle that it had directly infringed copyrights with regard to Solaris were not backed by sufficient evidence. This hinged on HPE claiming that Oracle had failed to prove that any of the patches and updates in question were actually protected by copyright, but also that Oracle could not prove HPE had any control over Terix in its purported infringement activities. Oracle for its part filed a motion asking the court for a permanent injunction against HPE to prevent it copying or distributing the Solaris software, firmware or support materials, except as allowed by Oracle. Now it appears that the two companies have come to some mutually acceptable out-of-court arrangement, as often happens in acrimonious and long-running legal disputes.

An anonymous reader quotes a report from Ars Technica: Over the past few days, dozens of tech companies have filed briefs in support of Google in a Supreme Court case that tests online platforms' liability for recommending content. Obvious stakeholders like Meta and Twitter, alongside popular platforms like Craigslist, Etsy, Wikipedia, Roblox, and Tripadvisor, urged the court to uphold Section 230 immunity in the case or risk muddying the paths users rely on to connect with each other and discover information online. Out of all these briefs, however, Reddit's was perhaps the most persuasive (PDF). The platform argued on behalf of everyday Internet users, whom it claims could be buried in "frivolous" lawsuits for frequenting Reddit, if Section 230 is weakened by the court. Unlike other companies that hire content moderators, the content that Reddit displays is "primarily driven by humans -- not by centralized algorithms." Because of this, Reddit's brief paints a picture of trolls suing not major social media companies, but individuals who get no compensation for their work recommending content in communities. That legal threat extends to both volunteer content moderators, Reddit argued, as well as more casual users who collect Reddit "karma" by upvoting and downvoting posts to help surface the most engaging content in their communities.

"Section 230 of the Communications Decency Act famously protects Internet platforms from liability, yet what's missing from the discussion is that it crucially protects Internet users -- everyday people -- when they participate in moderation like removing unwanted content from their communities, or users upvoting and downvoting posts," a Reddit spokesperson told Ars. Reddit argues in the brief that such frivolous lawsuits have been lobbed against Reddit users and the company in the past, and Section 230 protections historically have consistently allowed Reddit users to "quickly and inexpensively" avoid litigation. [...]

The Supreme Court will have to weigh whether Reddit's arguments are valid. To help make its case defending Section 230 immunity protections for recommending content, Reddit received special permission from the Supreme Court to include anonymous comments from Reddit mods in its brief. This, Reddit's spokesperson notes, is "a significant departure from normal Supreme Court procedure." The Electronic Frontier Foundation, a nonprofit defending online privacy, championed the court's decision to allow moderators to contribute comments anonymously. "We're happy the Supreme Court recognized the First Amendment rights of Reddit moderators to speak to the court about their concerns," EFF's senior staff attorney, Sophia Cope, told Ars. "It is quite understandable why those individuals may be hesitant to identify themselves should they be subject to liability in the future for moderating others' speech on Reddit."

"Reddit users that interact with third-party content -- including 'hosting' content on a sub-Reddit that they manage, or moderating that content -- could definitely be open to legal exposure if the Court carves out "recommending' from Section 230's protections, or otherwise narrows Section 230's reach," Cope told Ars.

The nation's second-largest wireless carrier on Thursday disclosed that a "bad actor" took advantage of one of its application programming interfaces to gain data on "approximately 37 million current postpaid and prepaid customer accounts." CNET reports: In an 8K filing with the US Securities and Exchange Commission, the carrier says that it was able to trace and stop the "malicious activity" within a day of learning about it. T-Mobile also says that the API that was used does not allow for access to "any customer payment card information, Social Security numbers/tax IDs, driver's license or other government ID numbers, passwords/PINs or other financial account information." According to the filing, the carrier believes that the breach first occurred "on or around" Nov. 25, 2022. The carrier didn't learn that a "bad actor" was getting data from its systems until Jan. 5.

The company's API, however, did reveal other user information, including names, billing addresses, email addresses, phone numbers and birth dates of its customers, their T-Mobile account numbers, and information on which plan features they have with the carrier and the number of lines on their accounts. The company said in the SEC filing that it has "begun notifying customers whose information may have been obtained by the bad actor in accordance with applicable state and federal requirements." In 2021, T-Mobile suffered a data breach that exposed data of roughly 76.6 million people. "T-Mobile agreed to a $500 million settlement in the case in July, with $350 million going to settle customer claims from a class action lawsuit and $150 million going to upgrade its data protection system," adds CNET.

Hundreds of federal, state and local U.S. law-enforcement agencies have access without court oversight to a database of more than 150 million money transfers between people in the U.S. and in more than 20 countries, according to internal program documents and an investigation by Sen. Ron Wyden. WSJ: The database, housed at a little-known nonprofit called the Transaction Record Analysis Center, or TRAC, was set up by the Arizona state attorney general's office in 2014 as part of a settlement reached with Western Union to combat cross-border trafficking of drugs and people from Mexico. It has since expanded to allow officials of more than 600 law-enforcement entities -- from federal agencies such as the Federal Bureau of Investigation, the Drug Enforcement Administration, and Immigration and Customs Enforcement to small-town police departments in nearly every state -- to monitor the flow of funds through money services between the U.S. and countries around the world.

TRAC's data includes the full names of the sender and recipient as well as the transaction amount. Rich Lebel, TRAC's director, said the program has directly resulted in hundreds of leads and busts involving drug cartels and other criminals seeking to launder money, and has revealed patterns of money flow that help law-enforcement agencies get a broader grasp on smuggling networks. "It's a law-enforcement investigative tool," Mr. Lebel said. "We don't broadcast it to the world, but we don't run from or hide from it either." Mr. Wyden, an Oregon Democrat, said TRAC allows the government to "serve itself an all-you-can-eat buffet of Americans' personal financial data while bypassing the normal protections for Americans' privacy."

Internal records, including TRAC meeting minutes and copies of 140 subpoenas from the Arizona attorney general, were obtained by the American Civil Liberties Union and reviewed by The Wall Street Journal. They show that any authorized law-enforcement agency can query the data without a warrant to examine the transactions of people inside the U.S. for evidence of money laundering and other crimes. One slideshow prepared by a TRAC investigator showed how the program's data could be used to scan for categories such as "Middle Eastern/Arabic names" in bulk transaction records.

Department of Justice: A complaint was unsealed this morning in federal court in Brooklyn charging Anatoly Legkodymov, a Russian national and senior executive of Bitzlato Ltd. (Bitzlato), a Hong Kong-registered cryptocurrency exchange, with conducting a money transmitting business that transported and transmitted illicit funds and that failed to meet U.S. regulatory safeguards, including anti-money laundering requirements. Legkodymov was arrested last night in Miami and is scheduled to be arraigned this afternoon in the U.S. District Court for the Southern District of Florida. French authorities and the U.S. Department of the Treasury's Financial Crimes Enforcement Network (FinCEN) are taking concurrent enforcement actions.

According to court documents, Legkodymov is a senior executive and the majority shareholder of Bitzlato Ltd. (Bitzlato), a Hong Kong-registered cryptocurrency exchange that operates globally. Bitzlato has marketed itself as requiring minimal identification from its users, specifying that "neither selfies nor passports [are] required." On occasions when Bitzlato did direct users to submit identifying information, it repeatedly allowed them to provide information belonging to "straw man" registrants. As a result of these deficient know-your-customer (KYC) procedures, Bitzlato allegedly became a haven for criminal proceeds and funds intended for use in criminal activity. Bitzlato's largest counterparty in cryptocurrency transactions was Hydra Market, an anonymous, illicit online marketplace for narcotics, stolen financial information, fraudulent identification documents, and money laundering services that was the largest and longest running darknet market in the world. Hydra Market users exchanged more than $700 million in cryptocurrency with Bitzlato, either directly or through intermediaries, until Hydra Market was shuttered by U.S. and German law enforcement in April 2022. Bitzlato also received more than $15 million in ransomware proceeds.

An anonymous reader quotes a report from TorrentFreak: GitHub has taken down a popular Pirate Bay proxy information portal from Github.io. The developer platform took action in response to a takedown request sent by City of London Police's Intellectual Property Crime Unit (PIPCU). The takedown notice concludes that the site, which did not link to any infringing content directly, is illegal. [...] "This site is in breach of UK law, namely Copyright, Design & Patents Act 1988, Offences under the Fraud Act 2006 and Conspiracy to Defraud," PIPCU writes. "Suspension of the domain(s) is intended to prevent further crime. Where possible we request that domain suspension(s) are made within 48 hours of receipt of this Alert," the notice adds. This takedown request was honored by GitHub, meaning that people who try to access the domain now get a 404 error instead.

While GitHub's swift response is understandable, it's worth pointing out how these blocking efforts are evolving and expanding, far beyond blocking the original Pirate Bay site. The Proxy Bay doesn't link to infringing content directly. The site links to other proxy sites which serve up the Pirate Bay homepage. From there, users may search for or browse torrent links that, once loaded, can download infringing content. Does this mean that simply linking to The Pirate Bay can be considered a crime in itself? If that's the case, other sites such as Wikipedia and Bing are in trouble too.

A more reasonable middle ground would be to consider the intent of a site. The Proxy Bay was launched to facilitate access to The Pirate Bay, which makes court orders less effective. In 2015 UK ISPs began blocking proxy and proxy indexing sites, so that explains why thepirateproxybay.com and others are regularly blocked. Whether this constitutes criminal activity is ultimately for the court to decide, not the police. In this regard, it's worth noting that City of London Police previously arrested the alleged operator of a range of torrent site proxies. The then 20-year-old defendant, who also developed censorship circumvention tool Immunicity, was threatened with a hefty prison sentence but the court disagreed and dismissed the case.