Bloomberg reports: After five people were killed in a 2020 arson in Colorado, law enforcement officials failed to turn up any leads through their initial investigative techniques. So they served a warrant to Google for anyone who had searched for the address of the fire, according to a court motion.

Google eventually complied with the data request, helping law enforcement find suspects. Three teenagers who had searched the address were charged with murder. But the technique also drew a challenge from defense lawyers, who are calling reverse keyword search warrants "a digital dragnet of immense proportions." It's the first case to challenge the constitutionality of the method, the attorneys say.

Defense lawyers filed a motion Wednesday to challenge the judge's decision to use evidence from the warrant to charge their client, Gavin Seymour. They're asking the Colorado Supreme Court to review the matter, after the judge earlier denied their motion to suppress the evidence. The keyword search warrant "is profoundly different from traditional search warrants seeking data belonging to a suspect," the defense argued in the court filing. "Instead, the process operates in reverse — search everyone first, and identify suspects later."
One defendant's lawyer points out Google must review the activities of billions of innocent searchers to respond to keyword search warrants, arguing this has "tremendous implications...for everyone in the country who uses Google to run searches."

Though the state of Wyoming is home to one of America's largest wind farms, "Wyoming's legislature is considering a resolution that calls for a phaseout of new electric vehicle sales by 2035," reports Engadget: In the proposed resolution, a group of lawmakers led by Senator Jim Anderson says Wyoming's "proud and valued" oil and gas industry has created "countless" jobs and contributed revenue to the state's coffers. They add that a lack of charging infrastructure within Wyoming would make the widespread use of EVs "impracticable" and that the state would need to build "massive amounts of new power generation" to "sustain the misadventure of electric vehicles." SJ4 calls for residents and businesses to limit the sale and purchase of EVs voluntarily, with the goal of phasing them out entirely by 2035.

If passed, the resolution would be entirely symbolic. In fact, it's more about sending a message to EV advocates than banning the vehicles altogether. To that point, the final section of SJ4 calls for Wyoming's Secretary of State to send President Biden and California Governor Gavin Newsom copies of the resolution. "One might even say tongue-in-cheek, but obviously it's a very serious issue that deserves some public discussion," Senator Boner, one of the bill's co-sponsors, told the Cowboy State Daily. "I'm interested in making sure that the solutions that some folks want to the so-called climate crisis are actually practical in real life. I just don't appreciate when other states try to force technology that isn't ready."

An anonymous reader quotes a report from BleepingComputer: Gen Digital, formerly Symantec Corporation and NortonLifeLock, is sending data breach notifications to customers, informing them that hackers have successfully breached Norton Password Manager accounts in credential-stuffing attacks. According to a letter sample shared with the Office of the Vermont Attorney General, the attacks did not result from a breach on the company but from account compromise on other platforms. "Our own systems were not compromised. However, we strongly believe that an unauthorized third party knows and has utilized your username and password for your account," NortonLifeLock said. "This username and password combination may potentially also be known to others."

More specifically, the notice explains that around December 1, 2022, an attacker used username and password pairs they bought from the dark web to attempt to log in to Norton customer accounts. The firm detected "an unusually large volume" of failed login attempts on December 12, 2022, indicating credential stuffing attacks where threat actors try out credentials in bulk. By December 22, 2022, the company had completed its internal investigation, which revealed that the credential stuffing attacks had successfully compromised an undisclosed number of customer accounts: "In accessing your account with your username and password, the unauthorized third party may have viewed your first name, last name, phone number, and mailing address." For customers utilizing the Norton Password Manager feature, the notice warns that the attackers might have obtained details stored in the private vaults. Depending on what users store in their accounts, this could lead to the compromise of other online accounts, loss of digital assets, exposure of secrets, and more. Norton has reset passwords on impacted accounts and implemented additional measures to counter the malicious attempts. They're recommending customers enable two-factor authentication and take up the offer for a credit monitoring service.

Meta has filed a legal complaint against a company for allegedly creating tens of thousands of fake Facebook accounts to scrape user data and provide surveillance services for clients. From a report: The firm, Voyager Labs, bills itself as "a world leader in advanced AI-based investigation solutions." What this means in practice is analyzing social media posts en masse in order to make claims about individuals. In 2021, for example, The Guardian reported how Voyager Labs sold its services to the Los Angeles Police Department, with the company claiming to predict which individuals were likely to commit crimes in the future.

Meta announced the legal action in a blog post on January 12th, claiming that Voyager Labs violated its terms of service. According to a legal filing issued on November 11th, Meta alleges that Voyager Labs created over 38,000 fake Facebook user accounts and used its surveillance software to gather data from Facebook and Instagram without authorization. Voyager Labs also collected data from sites including Twitter, YouTube, and Telegram.

All.health, a medical care startup that rose from the ashes of once-hot wearable company Jawbone, is being sued in San Francisco by one of its investors for alleged fraud, misrepresentation and breach of contract. From a report: All.health's co-founders, the former Jawbone Chief Executive Officer Hosain Rahman and Michael Luna, are also named in the complaint. While All.health, Rahman and Luna deny the claims, the dispute is an illustration of the rancor that can envelop fledgling tech companies at a suddenly volatile time for startup funding. Jawbone was a Silicon Valley darling -- most famous for its wireless earpieces -- until the startup dramatically folded in 2017 and sold off its assets. As Jawbone was disintegrating, Rahman salvaged the company's medical device business. The resulting startup, now called All.health, developed wearable monitoring hardware and technology for people with chronic illnesses like diabetes.

In a complaint filed this summer, Polymath Holdings, a Dubai-based investment company and All.health backer, claimed that the startup overpromised, took millions of dollars and under-delivered on a commitment to manufacture thousands of health-monitoring devices. The suit, which was recently largely unredacted by a San Francisco court, alleges that the startup was a "classic 'fake-it-until-you-make it' tale of fraud."

Downing Street has said it is considering a Tory-backed amendment to the online safety bill that would allow for the imposing of jail sentences on social media bosses who are found not to have protected children's safety. The Guardian reports: No 10 said on Thursday it was open to the proposal, which is backed by at least 36 Conservative MPs including the former home secretary Priti Patel and the former work and pensions secretary Iain Duncan Smith. The amendment would give Ofcom, the communications watchdog, the power to prosecute executives at social media companies that are found to have breached the law. If ministers include it in the bill, it will mark the third time the prime minister, Rishi Sunak, has bowed to the demands of his backbenchers, after U-turns on planning and onshore windfarms.

The bill is aimed at cracking down on a range of online content that ministers believe is causing serious harm to users and was informed in part by the testimony of Frances Haugen, a former Facebook employee who accused the company of repeatedly putting profits ahead of user safety. The bill will force companies to remove any content promoting self-harm, depicting sexual violence or facilitating suicide. It will also require companies to impose and enforce strict age limits and to publish assessments of the risks their platforms pose to young people. As it is currently written, the bill gives Ofcom the power to levy fines on companies of up to 10% of their global turnover for breaches in the law. Ofcom will be able to prosecute executives only if they fail to cooperate with an investigation. This has upset many Conservative MPs, however, who believe the regulator should be given tougher powers.

The amendment, which has been signed by 37 MPs overall, would allow Ofcom to prosecute individual executives if they were proved to have connived with or consented to breaking the elements of the bill designed to protect children's safety. Judges would be allowed to impose prison sentences of up to two years. [...] Other changes to the bill, which has its report and third reading stage in the House of Commons next week, include altering earlier plans to tackle content seen by adults that is harmful but falls below the threshold of criminality, such as cyberbullying and sexist and racist material. Tech companies will be required to state clearly in their terms and conditions how they will moderate such content. Users will also be given the option of asking to have such content screened out when they are on social media platforms. A Downing Street spokesperson said on Thursday: "Our aim is to hold to account social media platforms for harmful content, while also ensuring the UK remains a great place to invest and grow a tech business. We are confident we can achieve both of these things. We will carefully consider all the proposed amendments to the online safety bill and set out the position when report stage continues."

An anonymous reader quotes a report from 9to5Mac: Apple has suffered a setback in its long-running Apple Watch patent infringement battle with medical technology company Masimo. A court has ruled that Apple has indeed infringed one of Masimo's patents in the Apple Watch Series 6 and up. Masimi is seeking a US import on all current Apple Watches. If granted, this would effectively end Apple Watch sales in the US, as the company would not be allowed to bring in the devices from China.

The battle between the two companies has a long history. Back in 2013, Apple reportedly contacted Masimo to discuss a potential collaboration between the two companies. Instead, claims Masimo, Apple used the meetings to identify staff it wanted to poach. Masimo later called the meetings a "targeted effort to obtain information and expertise." Apple did indeed hire a number of Masimo staff, including the company's chief medical officer, ahead of the launch of the Apple Watch. Masimo CEO Joe Kiano later expressed concern that Apple may have been trying to steal the company's blood oxygen sensor technology. The company describes itself as "the inventors of modern pulse oximeters," and its tech is used in many hospitals.

In 2020, the company sued Apple for stealing trade secrets and infringing 10 Masimo patents. The lawsuit asked for an injunction on the sale of the Apple Watch. Apple has consistently denied the claims, and recently hit back with a counterclaim of its own, alleging that Masimo's own W1 Advanced Health Tracking Watch infringes multiple Apple patents. Reuters reports that a US court has ruled against Apple on one of the patent claims.

The U.S. Securities and Exchange Commission (SEC) alleged crypto exchange Gemini and crypto lender Genesis Global Capital sold unregistered securities in a lawsuit filed late Thursday. CoinDesk reports: The investment regulator took aim at Gemini Earn, the troubled yield-bearing product that hundreds of thousands of U.S. investors entrusted with their crypto. Gemini generated yield on billions of dollars in crypto by loaning deposits to Genesis, which loaned them out again. But Genesis' November closing of lending withdrawals left some 340,000 Gemini Earn customers and about $900 million in crypto in limbo, the SEC said. The regulator accused the popular program of being an unregistered security. "Defendants offered and sold the Gemini Earn Agreements through the Gemini Earn Program without registering" with securities regulators, the complaint said. "As a result, investors lacked material information about the Gemini Earn program that would have been relevant to their investment decisions."

JPMorgan Chase is suing the 30-year-old founder of Frank, a buzzy fintech startup it acquired for $175 million, for allegedly lying about its scale and success by creating an enormous list of fake users to entice the financial giant to buy it. Forbes: Frank, founded by former CEO Charlie Javice in 2016, offers software aimed at improving the student loan application process for young Americans seeking financial aid. Her lofty goals to build the startup into "an Amazon for higher education" won support from billionaire Marc Rowan, Frank's lead investor according to Crunchbase, and prominent venture backers including Aleph, Chegg, Reach Capital, Gingerbread Capital and SWAT Equity Partners. The lawsuit, which was filed late last year in U.S. District Court in Delaware, claims that Javice pitched JP Morgan in 2021 on the "lie" that more than 4 million users had signed up to use Frank's tools to apply for federal aid.

When JP Morgan asked for proof during due diligence, Javice allegedly created an enormous roster of "fake customers -- a list of names, addresses, dates of birth, and other personal information for 4.265 million 'students' who did not actually exist." In reality, according to the suit, Frank had fewer than 300,000 customer accounts at that time. [...] Frank's chief growth officer Olivier Amar is also named in the JP Morgan complaint. It alleges that Javice and Amar first asked a top engineer at Frank to create the fake customer list; when he refused, Javice approached "a data science professor at a New York City area college" to help. Using data from some individuals who'd already started using Frank, he created 4.265 million fake customer accounts -- for which Javice paid him $18,000 -- and had it validated by a third-party vendor at her direction, JP Morgan alleges. Amar, meanwhile, spent $105,000 buying a separate data set of 4.5 million students from the firm ASL Marketing, per the complaint.

An anonymous reader quotes a report from TechCrunch: A government watchdog has published a scathing rebuke of the Department of the Interior's cybersecurity posture, finding it was able to crack thousands of employee user accounts because the department's security policies allow easily guessable passwords like 'Password1234'. The report by the Office of the Inspector General for the Department of the Interior, tasked with oversight of the U.S. executive agency that manages the country's federal land, national parks and a budget of billions of dollars, said that the department's reliance on passwords as the sole way of protecting some of its most important systems and employees' user accounts has bucked nearly two decades of the government's own cybersecurity guidance of mandating stronger two-factor authentication. It concludes that poor password policies puts the department at risk of a breach that could lead to a "high probability" of massive disruption to its operations.

The inspector general's office said it launched its investigation after a previous test of the agency's cybersecurity defenses found lax password policies and requirements across the Department of the Interior's dozen-plus agencies and bureaus. The aim this time around was to determine if the department's security defenses were enough to block the use of stolen and recovered passwords. [...] To make their point, the watchdog spent less than $15,000 on building a password-cracking rig -- a setup of a high-performance computer or several chained together -- with the computing power designed to take on complex mathematical tasks, like recovering hashed passwords. Within the first 90 minutes, the watchdog was able to recover nearly 14,000 employee passwords, or about 16% of all department accounts, including passwords like 'Polar_bear65' and 'Nationalparks2014!'. The watchdog also recovered hundreds of accounts belonging to senior government employees and other accounts with elevated security privileges for accessing sensitive data and systems. Another 4,200 hashed passwords were cracked over an additional eight weeks of testing. [...]

The watchdog said it curated its own custom wordlist for cracking the department's passwords from dictionaries in multiple languages, as well as U.S. government terminology, pop culture references, and other publicly available lists of hashed passwords collected from past data breaches. By doing so, the watchdog demonstrated that a well-resourced cybercriminal could have cracked the department's passwords at a similar rate, the report said. The watchdog found that close to 5% of all active user account passwords were based on some variation of the word "password" and that the department did not "timely" wind down inactive or unused user accounts, leaving at least 6,000 user accounts vulnerable to compromise. The report also criticized the Department of the Interior for "not consistently" implementing or enforcing two-factor authentication, where users are required to enter a code from a device that they physically own to prevent attackers from logging in using just a stolen password.

Academic researchers have discovered serious vulnerabilities in the core of Threema, an instant messenger that its Switzerland-based developer says provides a level of security and privacy "no other chat service" can offer. From a report: Despite the unusually strong claims and two independent security audits Threema has received, the researchers said the flaws completely undermine assurances of confidentiality and authentication that are the cornerstone of any program sold as providing end-to-end encryption, typically abbreviated as E2EE. Threema has more than 10 million users, which include the Swiss government, the Swiss army, German Chancellor Olaf Scholz, and other politicians in that country. Threema developers advertise it as a more secure alternative to Meta's WhatsApp messenger. It's among the top Android apps for a fee-based category in Switzerland, Germany, Austria, Canada, and Australia. The app uses a custom-designed encryption protocol in contravention of established cryptographic norms.

Researchers from the Zurich-based ETH research university reported on Monday that they found seven vulnerabilities in Threema that seriously call into question the true level of security the app has offered over the years. Two of the vulnerabilities require no special access to a Threema server or app to cryptographically impersonate a user. Three vulnerabilities require an attacker to gain access to a Threema server. The remaining two can be exploited when an attacker gains access to an unlocked phone, such as at a border crossing. "In totality, our attacks seriously undermine Threema's security claims," the researchers wrote. "All the attacks can be mitigated, but in some cases, a major redesign is needed."

New medicines need not be tested in animals to receive U.S. Food and Drug Administration (FDA) approval, according to legislation signed by President Joe Biden in late December 2022. Science Magazine reports: "This is huge," says Tamara Drake, director of research and regulatory policy at the Center for a Humane Economy, a nonprofit animal welfare organization and key driver of the legislation. "It's a win for industry. It's a win for patients in need of cures." In place of the 1938 stipulation that potential drugs be tested for safety and efficacy in animals, the law allows FDA to promote a drug or biologic -- a larger molecule such as an antibody -- to human trials after either animal or nonanimal tests. Drake's group and the nonprofit Animal Wellness Action, among others that pushed for changes, argue that in clearing drugs for human trials the agency should rely more heavily on computer modeling, "organ chips," and other nonanimal methods that have been developed over the past 10 to 15 years.

But pro-research groups are downplaying the law, saying it signals a slow turning of the tide -- not a tsunami that will remake the drug approval process overnight. Jim Newman, communications director at Americans for Medical Progress, which advocates for animal research, argues non-animal technologies are still "in their infancy" and won't be able to replace animal models for "many, many years." FDA still retains tremendous discretion to require animal tests, he notes, and he doesn't expect the agency to change tack anytime soon. In order for a drug to be approved in the United States, FDA typically requires toxicity tests on one rodent species such as a mouse or rat and one nonrodent species such as a monkey or dog. Companies use tens of thousands of animals for such tests each year. Yet more than nine in 10 drugs that enter human clinical trials fail because they are unsafe or ineffective, providing grist to those who argue that animal experiments are a waste of time, money, and lives. [...]

Now, that requirement is gone. In eliminating it, Congress seems to have responded to the emergence of nonanimal methods and growing public sentiment against animal research. Senator Rand Paul (R-KY) and Senator Cory Booker (D-NJ), who both call animal research inefficient and inhumane, introduced the changes, which the Senate passed by unanimous consent in September 2022. In December, Biden signed them into law as part of the Consolidated Appropriations Act, which funds the government through this fiscal year. [...] Still, it remains unclear just how much the new law will change things at FDA. Although the legislation allows the agency to clear a drug for human trials without animal testing, it doesn't require that it do so. What's more, FDA's toxicologists are famously conservative, preferring animal tests in part because they allow examination of a potential drug's toxic effects in every organ after the animal is euthanized.

An anonymous reader quotes a report from Wired: Last month, a young woman went to work at Sarzamineh Shadi, or Land of Happiness, an indoor amusement park east of Iran's capital, Tehran. After a photo of her without a hijab circulated on social media, the amusement park was closed, according to multiple accounts in Iranian media. Prosecutors in Tehran have reportedly opened an investigation. Shuttering a business to force compliance with Iran's strict laws for women's dress is a familiar tactic to Shaparak Shajarizadeh. She stopped wearing a hijab in 2017 because she views it as a symbol of government suppression, and recalls restaurant owners, fearful of authorities, pressuring her to cover her head. But Shajarizadeh, who fled to Canada in 2018 after three arrests for flouting hijab law, worries that women like the amusement park worker may now be targeted with face recognition algorithms as well as by conventional police work.

After Iranian lawmakers suggested last year that face recognition should be used to police hijab law, the head of an Iranian government agency that enforces morality law said in a September interview that the technology would be used "to identify inappropriate and unusual movements," including "failure to observe hijab laws." Individuals could be identified by checking faces against a national identity database to levy fines and make arrests, he said. Two weeks later, a 22-year-old Kurdish woman named Jina Mahsa Amini died after being taken into custody by Iran's morality police for not wearing a hijab tightly enough. Her death sparked historic protests against women's dress rules, resulting in an estimated 19,000 arrests and more than 500 deaths. Shajarizadeh and others monitoring the ongoing outcry have noticed that some people involved in the protests are confronted by police days after an alleged incident -- including women cited for not wearing a hijab. "Many people haven't been arrested in the streets," she says. "They were arrested at their homes one or two days later."

Although there are other ways women could have been identified, Shajarizadeh and others fear that the pattern indicates face recognition is already in use -- perhaps the first known instance of a government using face recognition to impose dress law on women based on religious belief. Mahsa Alimardani, who researches freedom of expression in Iran at the University of Oxford, has recently heard reports of women in Iran receiving citations in the mail for hijab law violations despite not having had an interaction with a law enforcement officer. Iran's government has spent years building a digital surveillance apparatus, Alimardani says. The country's national identity database, built in 2015, includes biometric data like face scans and is used for national ID cards and to identify people considered dissidents by authorities.

The brother of a former Coinbase product manager was sentenced on Tuesday to 10 months in prison after pleading guilty in what U.S. prosecutors have called the first insider trading case involving cryptocurrency. Reuters reports: Nikhil Wahi admitted to making trades based on confidential information from Coinbase, one of the world's largest cryptocurrency exchanges, when he pleaded guilty in September to a wire fraud conspiracy charge. Prosecutors said Ishan Wahi, the former product manager, shared the information with his brother and their friend Sameer Ramani about new digital assets that Coinbase was planning to let users trade. Ishan Wahi has pleaded not guilty, and Ramani is at large.

Prosecutors said Wahi made nearly $900,000 of profit by illegally trading ahead of 40 different Coinbase announcements. They recommended a 10- to 16-month sentence. At a sentencing hearing in Manhattan federal court, U.S. District Judge Loretta Preska said his crime was "not an isolated error in judgment." "Today's sentence makes clear that the cryptocurrency markets are not lawless," Damian Williams, the top federal prosecutor in Manhattan, said in a statement. Further reading: Coinbase To Cut 20% Jobs, Abandon 'Several' Projects To Weather Downturns in Crypto Market

An investigation recently revealed how images of a minor and a tester on the toilet ended up on social media. iRobot said it had consent to collect this kind of data from inside homes -- but participants say otherwise. From a report: When Greg unboxed a new Roomba robot vacuum cleaner in December 2019, he thought he knew what he was getting into. He would allow the preproduction test version of iRobot's Roomba J series device to roam around his house, let it collect all sorts of data to help improve its artificial intelligence, and provide feedback to iRobot about his user experience. He had done this all before. Outside of his day job as an engineer at a software company, Greg had been beta-testing products for the past decade. He estimates that he's tested over 50 products in that time -- everything from sneakers to smart home cameras.

But what Greg didn't know -- and does not believe he consented to -- was that iRobot would share test users' data in a sprawling, global data supply chain, where everything (and every person) captured by the devices' front-facing cameras could be seen, and perhaps annotated, by low-paid contractors outside the United States who could screenshot and share images at their will. Greg, who asked that we identify him only by his first name because he signed a nondisclosure agreement with iRobot, is not the only test user who feels dismayed and betrayed. Nearly a dozen people who participated in iRobot's data collection efforts between 2019 and 2022 have come forward in the weeks since MIT Technology Review published an investigation into how the company uses images captured from inside real homes to train its artificial intelligence. The participants have shared similar concerns about how iRobot handled their data -- and whether those practices conform with the company's own data protection promises. After all, the agreements go both ways, and whether or not the company legally violated its promises, the participants feel misled.

An anonymous reader quotes a report from Motherboard: A team of security researchers managed to gain "super administrative access" into Reviver, the company behind California's new digital license plates which launched last year. That access allowed them to track the physical GPS location of all Reviver customers and change a section of text at the bottom of the license plate designed for personalized messages to whatever they wished, according to a blog post from the researchers. "An actual attacker could remotely update, track, or delete anyone's REVIVER plate," Sam Curry, a bug bounty hunter, wrote in the blog post. Curry wrote that he and a group of friends started finding vulnerabilities across the automotive industry. That included Reviver.

California launched the option to buy digital license plates in October. Reviver is the sole provider of these plates, and says that the plates are legal to drive nationwide, and "legal to purchase in a growing number of states." [...] In the blog post, Curry writes the researchers were interested in Reviver because the license plate's features meant it could be used to track vehicles. After digging around the app and then a Reviver website, the researchers found Reviver assigned different roles to user accounts. Those included "CONSUMER" and "CORPORATE." Eventually, the researchers identified a role called "REVIVER," managed to change their account to it, which in turn granted them access to all sorts of data and capabilities, which included tracking the location of vehicles. "We could take any of the normal API calls (viewing vehicle location, updating vehicle plates, adding new users to accounts) and perform the action using our super administrator account with full authorization," Curry writes. "We could additionally access any dealer (e.g. Mercedes-Benz dealerships will often package REVIVER plates) and update the default image used by the dealer when the newly purchased vehicle still had DEALER tags." Reviver told Motherboard in a statement that it patched the issues identified by the researchers. "We are proud of our team's quick response, which patched our application in under 24 hours and took further measures to prevent this from occurring in the future. Our investigation confirmed that this potential vulnerability has not been misused. Customer information has not been affected, and there is no evidence of ongoing risk related to this report. As part of our commitment to data security and privacy, we also used this opportunity to identify and implement additional safeguards to supplement our existing, significant protections," the statement read.

"Cybersecurity is central to our mission to modernize the driving experience and we will continue to work with industry-leading professionals, tools, and systems to build and monitor our secure platforms for connected vehicles," it added.

Seattle public schools have sued the tech giants behind TikTok, Facebook, Instagram, YouTube and Snapchat, accusing them of creating a "mental health crisis among America's Youth." Engadget reports: The 91-page lawsuit (PDF) filed in a US district court states that tech giants exploit the addictive nature of social media, leading to rising anxiety, depression and thoughts of self-harm. "Defendants' growth is a product of choices they made to design and operate their platforms in ways that exploit the psychology and neurophysiology of their users into spending more and more time on their platforms," the complaint states. "[They] have successfully exploited the vulnerable brains of youth, hooking tens of millions of students across the country into positive feedback loops of excessive use and abuse of Defendants' social media platforms."

Harmful content pushed to users includes extreme diet plants, encouragement of self-harm and more, according to the complaint. That has led to a 30 percent increase between 2009 and 2019 of students who report feeling "so sad or hopeless... for two weeks or more in a row that [they] stopped doing some usual activities." That in turn leads to a drop in performance in their studies, making them "less likely to attend school, more likely to engage in substance use, and to act out, all of which directly affects Seattle Public Schools' ability to fulfill its educational mission." Section 230 of the US Communications Decency Act means that online platforms aren't responsible for content posted by third parties. However, the lawsuit claims that the provision doesn't protect social media companies for recommending, distributing and promoting content "in a way that causes harm."

AmiMoJo writes: Belarusian dictator Alexander Lukashenko has signed a new law that legalizes piracy of movies, music, TV shows and software owned by rightsholders from 'unfriendly countries'. The law also allows goods protected by intellectual property law to be imported from any country without obtaining permission from rightsholders.

Lukashenko's support for Russia's invasion of Ukraine led to new sanctions being imposed by the EU, U.S. and other countries. In common with Russia, Belarus relies on intellectual property owned by foreign rightsholders that are currently unable or unwilling to supply and/or license it. So, to ensure legal access to pirated movies, music, TV shows and software, the government drafted a new law to restrict intellectual property rights.

The American Farm Bureau Federation and machinery manufacturer Deere signed a memorandum of understanding on Sunday that ensures farmers have the right to repair their own farm equipment or go to an independent technician. From a report: As the agriculture sector accelerates its adoption of technology, the reliance on high-tech machinery such as GPS-guided combines and tractors has become more common-place.

But equipment makers such as Deere have generally required customers to use their parts and service divisions for repairs and until recently, only allowed authorized dealers the means and tools to access the complex computerized systems of their tractors and other machinery. The Farm Bureau's memorandum of understanding with Deere "will ensure farmers everywhere are able to repair our own equipment," Farm Bureau president Zippy Duvall said, speaking at the federation's convention in Puerto Rico.

Saturday night in the Silicon Valley city of San Jose, the assistant police chief tweeted out praise for their recently-upgraded Automatic License Plate Readers: Officers in Air3 [police helicopter], monitoring the ALPR system, got alerted to 3 stolen cars. They directed ground units to the cars. All 3 drivers in custody! No dangerous vehicle pursuits occurred, nor were they needed.

2 drivers tried to run away. But, you can't outrun a helicopter!"
There's photos — one of the vehicles appears to be a U-Haul pickup truck — and the tweet drew exactly one response, from San Jose mayor Matt Mahan: "Nice job...! Appreciate the excellent police work and great to see ALPRs having an impact. Don't steal cars in San Jose!"
Some context: The San Jose Spotlight (a nonprofit local news site) noted that prior to last year license plate readers had been mounted exclusively on police patrol cars (and in use since 2006). But last year the San Jose Police Department launched a new "pilot program" with four cameras mounted at a busy intersection, that "captured nearly 300,000 plate scans in just the last month, according to city data."

By August this had led to plans for 150 more stationary ALPR cameras, a local TV station reported. "Just this week, police said they solved an armed robbery and arrested a suspected shooter thanks to the cameras." During a forum to update the community, San Jose police also mentioned success stories in other cities like Vallejo where they've reported a 100% increase in identifying stolen vehicles. San Jose is now installing hundreds around the city and the first batch is coming in the next two to three months....

The biggest concern among those attending Wednesday's virtual forum was privacy. But the city made it clear the data is only shared with trained police officers and certain city staff, no out-of-state or federal agencies. "Anytime that someone from the San Jose Police Department accesses the ALPR system, they have to input a reason, the specific plates they are looking for and all of that information is logged so that we can keep track of how many times its being used and what its being used for," said Albert Gehami, Digital Privacy Officer for San Jose.
More privacy concerns were raised in September, reports the San Jose Spotlight: The San Jose City Council unanimously approved a policy Tuesday that formally bans the police department from selling any license plate data, using that information for investigating a person's immigration status or for monitoring legally protected activities like protests or rallies.

Even with these new rules, some privacy advocates and community groups are still opposed to the technology. Victor Sin, chair of the Santa Clara Valley Chapter of ACLU of Northern California, expressed doubt that the readers are improving public safety. He made the comments in a letter to the council from himself and leaders of four other community organizations. "Despite claims that (automated license plate reader) systems can reduce crime, researchers have expressed concerns about the rapid acquisition of this technology by law enforcement without evidence of its efficacy," the letter reads. Groups including the Asian Law Alliance and San Jose-Silicon Valley NAACP also said the city should reduce the amount of time it keeps license plate data on file down from one year.....

Mayor Sam Liccardo said he's already convinced the readers are useful, but added the council should try to find a way to measure their effect. "It's probably not a bad idea for us to decide what are the outcomes we're trying to achieve, and if there is some reasonable metric that captures that outcome in a meaningful way," Liccardo said. "Was this used to actually help us arrest anybody, or solve a crime or prevent an accident?"
An EFF position paper argues that "ALPR data is gathered indiscriminately, collecting information on millions of ordinary people." By plotting vehicle times and locations and tracing past movements, police can use stored data to paint a very specific portrait of drivers' lives, determining past patterns of behavior and possibly even predicting future ones — in spite of the fact that the vast majority of people whose license plate data is collected and stored have not even been accused of a crime.... [ALPR technology] allows officers to track everyone..."
Maybe the police officer's tweet was to boost public support for the technology? It's already led to a short report from another local news station: San Jose police recovered three stolen cars using their automated license-plate recognition technology (ALPR) on Saturday, according to officials with the San Jose Police Department.

Officers inside of Air3, one of SJPD's helicopters, spotted three stolen cars using ALPR before directing ground units their way. Police say no pursuits occurred, though two of the drivers tried to run away.