A new Salesforce-led study found that LLM-based AI agents struggle with real-world CRM tasks, achieving only 58% success on simple tasks and dropping to 35% on multi-step ones. They also demonstrated poor confidentiality awareness. "Agents demonstrate low confidentiality awareness, which, while improvable through targeted prompting, often negatively impacts task performance," a paper published at the end of last month said. The Register reports: The Salesforce AI Research team argued that existing benchmarks failed to rigorously measure the capabilities or limitations of AI agents, and largely ignored an assessment of their ability to recognize sensitive information and adhere to appropriate data handling protocols.

The research unit's CRMArena-Pro tool is fed a data pipeline of realistic synthetic data to populate a Salesforce organization, which serves as the sandbox environment. The agent takes user queries and decides between an API call or a response to the users to get more clarification or provide answers.

"These findings suggest a significant gap between current LLM capabilities and the multifaceted demands of real-world enterprise scenarios," the paper said. [...] AI agents might well be useful, however, organizations should be wary of banking on any benefits before they are proven.

Pharmaceutical giant Novo Nordisk forfeited patent protection for semaglutide -- the active ingredient in blockbuster diabetes and weight loss drugs Ozempic and Wegovy -- in Canada after failing to pay a $450 maintenance fee in 2019. The company had paid maintenance fees through 2018 but requested a refund for the 2017 fee, apparently seeking more time to decide whether to continue protecting the patent.

When the 2019 fee came due at $450 with late penalties, Novo never paid despite having a one-year grace period. Canadian patent authorities confirmed the patent "cannot be revived" once lapsed. The oversight is particularly costly given Canada represents the world's second-largest semaglutide market, worth billions annually. Generic drugmaker Sandoz plans to launch a competing version in early 2026, while Novo's U.S. patent protection extends until at least 2032.

The state of New York is "asking companies to disclose whether AI is the reason for their layoffs," reports Entrepreneur: The move applies to New York State's existing Worker Adjustment and Retraining Notification (WARN) system and took effect in March, Bloomberg reported. New York is the first state in the U.S. to add the disclosure, which could help regulators understand AI's effects on the labor market.

The change takes the form of a checkbox added to a form employers fill out at least 90 days before a mass layoff or plant closure through the WARN system. Companies have to select whether "technological innovation or automation" is a reason for job cuts. If they choose that option, they are directed to a second menu where they are asked to name the specific technology responsible for layoffs, like AI or robots.

Last week America's financial aid program announced that "the rate of fraud through stolen identities has reached a level that imperils the federal student aid programs."

Or, as the Associated Press suggests: Online classes + AI = financial aid fraud. "In some cases, professors discover almost no one in their class is real..." Fake college enrollments have been surging as crime rings deploy "ghost students" — chatbots that join online classrooms and stay just long enough to collect a financial aid check... Students get locked out of the classes they need to graduate as bots push courses over their enrollment limits.

And victims of identity theft who discover loans fraudulently taken out in their names must go through months of calling colleges, the Federal Student Aid office and loan servicers to try to get the debt erased. [Last week], the U.S. Education Department introduced a temporary rule requiring students to show colleges a government-issued ID to prove their identity... "The rate of fraud through stolen identities has reached a level that imperils the federal student aid program," the department said in its guidance to colleges.

An Associated Press analysis of fraud reports obtained through a public records request shows California colleges in 2024 reported 1.2 million fraudulent applications, which resulted in 223,000 suspected fake enrollments. Other states are affected by the same problem, but with 116 community colleges, California is a particularly large target. Criminals stole at least $11.1 million in federal, state and local financial aid from California community colleges last year that could not be recovered, according to the reports... Scammers frequently use AI chatbots to carry out the fraud, targeting courses that are online and allow students to watch lectures and complete coursework on their own time...

Criminal cases around the country offer a glimpse of the schemes' pervasiveness. In the past year, investigators indicted a man accused of leading a Texas fraud ring that used stolen identities to pursue $1.5 million in student aid. Another person in Texas pleaded guilty to using the names of prison inmates to apply for over $650,000 in student aid at colleges across the South and Southwest. And a person in New York recently pleaded guilty to a $450,000 student aid scam that lasted a decade.
Fortune found one community college that "wound up dropping more than 10,000 enrollments representing thousands of students who were not really students," according to the school's president. The scope of the ghost-student plague is staggering. Jordan Burris, vice president at identity-verification firm Socure and former chief of staff in the White House's Office of the Federal Chief Information Officer, told Fortune more than half the students registering for classes at some schools have been found to be illegitimate. Among Socure's client base, between 20% to 60% of student applicants are ghosts... At one college, more than 400 different financial-aid applications could be tracked back to a handful of recycled phone numbers. "It was a digital poltergeist effectively haunting the school's enrollment system," said Burris.

The scheme has also proved incredibly lucrative. According to a Department of Education advisory, about $90 million in aid was doled out to ineligible students, the DOE analysis revealed, and some $30 million was traced to dead people whose identities were used to enroll in classes. The issue has become so dire that the DOE announced this month it had found nearly 150,000 suspect identities in federal student-aid forms and is now requiring higher-ed institutions to validate the identities of first-time applicants for Free Application for Federal Student Aid (FAFSA) forms...

Maurice Simpkins, president and cofounder of AMSimpkins, says he has identified international fraud rings operating out of Japan, Vietnam, Bangladesh, Pakistan, and Nairobi that have repeatedly targeted U.S. colleges... In the past 18 months, schools blocked thousands of bot applicants because they originated from the same mailing address; had hundreds of similar emails with a single-digit difference, or had phone numbers and email addresses that were created moments before applying for registration.
Fortune shares this story from the higher education VP at IT consulting firm Voyatek. "One of the professors was so excited their class was full, never before being 100% occupied, and thought they might need to open a second section. When we worked with them as the first week of class was ongoing, we found out they were not real people."

Earlier this week looters who stole iPhones "got an unexpected message from Apple," reports the Economic Times.

"Please return to Apple Tower Theatre. This device has been disabled and is being tracked. Local authorities will be alerted."

Stolen phones "were remotely locked and triggered alarms, effectively turning the devices into high-tech bait. Videos circulating online show the phones flashing the message while blaring loudly, making them impossible to ignore." According to LAPD Officer Chris Miller, at least three suspects were apprehended in connection to the Apple Store burglary. One woman was arrested on the spot, while two others were detained for looting.

Meta's standalone AI app is broadcasting users' supposedly private conversations with the chatbot to the public, creating what could amount to a widespread privacy breach. Users appear largely unaware that hitting the app's share button publishes their text exchanges, audio recordings, and images for anyone to see.

The exposed conversations reveal sensitive information: people asking for help with tax evasion, whether family members might face arrest for proximity to white-collar crimes, and requests to write character reference letters that include real names of individuals facing legal troubles. Meta provides no clear indication of privacy settings during posting, and if users log in through Instagram accounts set to public, their AI searches become equally visible.

An anonymous reader quotes a report from TechCrunch: Two European journalists were hacked using government spyware made by Israeli surveillance tech provider Paragon, new research has confirmed. On Thursday, digital rights group The Citizen Lab published a new report detailing the results of a new forensic investigation into the iPhones of Italian journalist Ciro Pellegrino and an unnamed "prominent" European journalist. The researchers said both journalists were hacked by the same Paragon customer, based on evidence found on the two journalists' devices.

Until now, there was no evidence that Pellegrino, who works for online news website Fanpage, had been either targeted or hacked with Paragon spyware. When he was alerted by Apple at the end of April, the notification referred to a mercenary spyware attack, but did not specifically mention Paragon, nor whether his phone had been infected with the spyware. The confirmation of the first-ever known Paragon infections further deepens an ongoing spyware scandal that, for now, appears to be mostly focused on the use of spyware by the Italian government, but could expand to include other countries in Europe.

These new revelations come months after WhatsApp first notified around 90 of its users in over two dozen countries in Europe and beyond, including journalists, that they had been targeted with Paragon spyware, known as Graphite. Among those targeted were several Italians, including Pellegrino's colleague and Fanpage director Francesco Cancellato, as well as nonprofit workers who help rescue migrants at sea. Last week, Italy's parliamentary committee known as COPASIR, which oversees the country's intelligence agencies' activities, published a report (PDF) that said it found no evidence that Cancellato was spied on. The report, which confirmed that Italy's internal and external intelligence agencies AISI and AISE were Paragon customers, made no mention of Pellegrino. The Citizen Lab's new report puts into question COPASIR's conclusions.

During this week's Worldwide Developers Conference, Apple unveiled a secure import/export feature for passkeys that addresses one of their biggest limitations: lack of interoperability across platforms and credential managers. The feature, built in collaboration with the FIDO Alliance, enables encrypted, user-initiated passkey transfers between apps and systems. Ars Technica's Dan Goodin says it "provides the strongest indication yet that passkey developers are making meaningful progress in improving usability." From the report: "People own their credentials and should have the flexibility to manage them where they choose," the narrator of the Apple video says. "This gives people more control over their data and the choice of which credential manager they use." The transfer feature, which will also work with passwords and verification codes, provides an industry-standard means for apps and OSes to more securely sync these credentials.

As the video explains: "This new process is fundamentally different and more secure than traditional credential export methods, which often involve exporting an unencrypted CSV or JSON file, then manually importing it into another app. The transfer process is user initiated, occurs directly between participating credential manager apps and is secured by local authentication like Face ID. This transfer uses a data schema that was built in collaboration with the members of the FIDO Alliance. It standardizes the data format for passkeys, passwords, verification codes, and more data types. The system provides a secure mechanism to move the data between apps. No insecure files are created on disk, eliminating the risk of credential leaks from exported files. It's a modern, secure way to move credentials."

An anonymous reader quotes a report from The Register: The US Cybersecurity and Infrastructure Security Agency has lost another senior leader: executive director Bridget Bean departed on Wednesday. Bean, who served as the de facto agency boss for five months between former CISA director Jen Easterly's departure in January and Madhu Gottumukkala's appointment to the deputy director post last month, said she was "officially retiring from Federal service once again" in a LinkedIn post. "My time at CISA has been truly remarkable," she wrote. "Having had the privilege to serve as the Senior Official Performing the Duties of Director of CISA for 5 months has been a profound honor."

CISA's executive leadership page now lists Gottumukkala as its acting director, and the agency remains without a Senate-confirmed leader. President Trump nominated Sean Plankey to serve as the agency's director, and his nomination is scheduled for consideration (PDF) by the Senate's Homeland Security and Governmental Affairs Committee today. However, his appointment still requires a full Senate vote. Senator Ron Wyden (D-OR) has said he will continue to block Plankey's confirmation until CISA releases an unclassified report on American telecommunications networks' weak security.

At the time of her departure, Bean had spent three and a half years with CISA and more than three decades with the federal government, including a job as the Federal Emergency Management Agency's third-ranking official. Before accepting the executive director post, she was CISA's first chief integration officer. In this position, she "led the integration of the agency's operations and ensured CISA's frontline of regional staff seamlessly supported the critical infrastructure that Americans rely on every hour of every day," according to her bio on the agency's website. [...] Bean's retirement comes during a talent exodus from CISA -- and other federal government agencies -- with some folks getting fired and others taking the Trump administration's buyout offer to resign from public service. As of May 30, the heads of five of CISA's six operational divisions and six of its 10 regional offices had left the agency, and around 1,000 people, nearly one-third of its total staff, have reportedly left CISA since Trump took office.

More than a dozen private browsing apps on Apple and Google's app stores have undisclosed ties to Chinese companies, leaving user data at risk of exposure to the Chinese government, according to a new report from the Tech Transparency Project. From a report: Thirteen virtual private network (VPN) apps on Apple's App Store and 11 apps on Google's Play Store have ties to Chinese companies, the tech watchdog group said in the report released Thursday.

Chinese law requires Chinese companies to share data with the government upon request, creating privacy and security risks for American users. Several of the apps, including two on both app stores and two others on Google Play Store, have ties to Chinese cybersecurity firm Qihoo 360, which has been sanctioned by the U.S. government, according to the report. The Tech Transparency Project previously identified more than 20 VPN apps on Appleâ(TM)s App Store with Chinese ties in an April report. The iPhone maker has since removed three apps linked to Qihoo 360.

Agriculture equipment giant Deere must face a lawsuit by the U.S. Federal Trade Commission accusing the company of forcing farmers to use its authorized dealer network and driving up their costs for parts and repairs, a U.S. judge has ruled. From a report: U.S. District Judge Iain Johnston in the federal court in Rockford, Illinois on Monday ruled for now to reject, opens new tab Deere's effort to end the lawsuit, which was filed at the end of Democratic President Joe Biden's administration in January.

The lawsuit alleges Deere is violating federal antitrust law by controlling too tightly where and how farmers can get their equipment repaired, allowing the Illinois-based company to charge artificially higher prices. The FTC was joined in its lawsuit by Michigan, Wisconsin and three other U.S. states.

Since filing for bankruptcy in March, 23andMe has received data deletion requests from 1.9 million users -- around 15% of its customer base. That number was revealed by 23andMe's interim chief executive Joseph Selsavage during a House Oversight Committee hearing, during which lawmakers scrutinized the company's sale following an earlier bankruptcy auction. "The bankruptcy sparked concerns that the data of millions of Americans who used 23andMe could end up in the hands of an unscrupulous buyer, prompting customers to ask the company to delete their data," adds TechCrunch. From the report: Pharmaceutical giant Regeneron won the court-approved auction in May, offering $256 million for 23andMe and its banks of customers' DNA and genetic data. Regeneron said it would use the 23andMe data to aid the discovery of new drugs, and committed to maintain 23andMe's privacy practices. Truly deleting your personal genetic information from the DNA testing company is easier said than done. But if you were a 23andMe customer and are interested, MIT Technology Review outlines that steps you can take.

Disney and NBCUniversal have filed a copyright infringement lawsuit against AI image generator firm Midjourney in U.S. District Court in Los Angeles, marking the first time major Hollywood studios have taken legal action against a generative AI company.

The entertainment giants accuse Midjourney, founded in 2021, of training its software on "countless" copyrighted works without permission and enabling users to create images that "blatantly incorporate and copy" famous characters including Darth Vader, the Minions, Frozen's Elsa, Shrek, and Homer Simpson.

The companies claim they attempted to resolve the matter privately, but Midjourney "continued to release new versions" with "even higher quality infringing images" according to the complaint. Disney's general counsel used the word "piracy," to describe Midjourney's practice, while NBCUniversal's general counsel characterized it as "blatant infringement."

WhatsApp has applied to submit evidence in Apple's legal battle against the UK Home Office over government demands for access to encrypted user data. The messaging platform's boss Will Cathcart told the BBC the case "could set a dangerous precedent" by "emboldening other nations" to seek to break encryption protections.

The confrontation began when Apple received a secret Technical Capability Notice from the Home Office earlier this year demanding the right to access data from its global customers for national security purposes. Apple responded by first pulling its Advanced Data Protection system from the UK, then taking the government to court to overturn the request.

Cathcart said WhatsApp "would challenge any law or government request that seeks to weaken the encryption of our services." US Director of National Intelligence Tulsi Gabbard has called the UK's demands an "egregious violation" of American citizens' privacy rights.

An anonymous reader quotes a report from TorrentFreak: Fresh data released by piracy tracking outfit MUSO shows that pirate sites remain popular. In a report released today, MUSO reveals that there were 216 billion pirate site visits globally in 2024, a slight decrease compared to the 229 billion visits recorded a year earlier. TV piracy remains by far the most popular category, representing over 44.6% of all website visits. This is followed by the publishing category with 30.7%, with film, software and music all at a respectable distance. Pirate site visitors originate from all over the world, but one country stands tall above all the rest: America. The United States remains the top driver of pirate site traffic accounting for more than 12% of all traffic globally, good for 26.7 billion visits in 2024. India has been steadily climbing the ranks for years and currently sits in second place with 17.6 billion annual visits, with Russia, Indonesia, and Vietnam completing the top five. As a country with one of the largest populations worldwide, it's not a complete surprise that the U.S. tops the list. If we counted visits per internet user, Canada and Ukraine would top the list.

While pirate site visits dipped by more than 5% in 2024, one category saw substantial growth. Visits to publishing-related pirate sites increased 4.3% from 63.6 to 66.4 billion. The increase is largely driven by the popularity of manga, which accounts for more than 70% of all publishing piracy. Traditional book piracy, meanwhile, is stuck at 5%. The publishing piracy boom is relatively new. Over the past five years, the category grew by more than 100% while the overall number of global pirate site visits remained relatively flat. Looking at the global demand, we see that the U.S. also leads the charge here, followed by Indonesia and Russia. Notably, Japan, the home of manga, ranks fifth in the publishing category. This stands out because Japan is not listed in the global top 15 in terms of total pirate site visits.

In the other content categories, MUSO's data shows a dip in pirate site visits. The changes are relatively modest for TV (-6.8%) and software (-2.1%) but the same isn't true for the music and film categories. In 2024, there were 18% fewer visits for pirated movies compared to a year earlier. MUSO notes that this is due to a "lighter blockbuster calendar" which reduced piracy peaks. "The drop in demand is as much about what wasn't released as it is about access," the report explains. The music category saw a 19% decline in piracy visits year over year, with a more uplifting explanation for rightsholders. According to MUSO, the drop can be partly attributed to "secure app ecosystems" and the "wide adoption of licensed platforms like Spotify and Apple Music."

An anonymous reader quotes a report from Ars Technica: YouTube videos may be getting a bit more pernicious soon. Google's dominant video platform has spent years removing discriminatory and conspiracy content from its platform in accordance with its usage guidelines, but the site is now reportedly adopting a lighter-touch approach to moderation. A higher bar for content removal will allow more potentially inflammatory content to remain up in the "public interest." [...]

Beginning late last year, YouTube began informing moderators they should err on the side of caution when removing videos that are in the public interest. That includes user uploads that discuss issues like elections, race, gender, sexuality, abortion, immigration, and censorship. Previously, YouTube's policy told moderators to remove videos if one-quarter or more of the content violated policies. Now, the exception cutoff has been increased to half. In addition, staff are now told to bring issues to managers if they are uncertain rather than removing the content themselves. "Recognizing that the definition of 'public interest' is always evolving, we update our guidance for these exceptions to reflect the new types of discussion we see on the platform today," YouTube's Nicole Bell told the New York Times. "Our goal remains the same: to protect free expression on YouTube while mitigating egregious harm."

Most of the videos hosted on YouTube won't be affected by this change, the company says. "These exceptions apply to a small fraction of the videos on YouTube, but are vital for ensuring important content remains available," a YouTube spokesperson tells Ars. "This practice allows us to prevent, for example, an hours-long news podcast from being removed for showing one short clip of violence."

The Associated Press reports that on Friday, U.K. High Court justice Victoria Sharp and fellow judge Jeremy Johnson ruled on the possibility of false information being submitted to the court. Concerns had been raised by lower-court judges about "suspected use by lawyers of generative AI tools to produce written legal arguments or witness statements which are not then checked." In a ruling written by Sharp, the judges said that in a 90 million pound ($120 million) lawsuit over an alleged breach of a financing agreement involving the Qatar National Bank, a lawyer cited 18 cases that did not exist. The client in the case, Hamad Al-Haroun, apologized for unintentionally misleading the court with false information produced by publicly available AI tools, and said he was responsible, rather than his solicitor Abid Hussain. But Sharp said it was "extraordinary that the lawyer was relying on the client for the accuracy of their legal research, rather than the other way around."

In the other incident, a lawyer cited five fake cases in a tenant's housing claim against the London Borough of Haringey. Barrister Sarah Forey denied using AI, but Sharp said she had "not provided to the court a coherent explanation for what happened." The judges referred the lawyers in both cases to their professional regulators, but did not take more serious action.

Sharp said providing false material as if it were genuine could be considered contempt of court or, in the "most egregious cases," perverting the course of justice, which carries a maximum sentence of life in prison.

Last year's Pentagon report reviewing UFO reports "left out the truth behind some of the foundational myths about UFOs," reports the Wall Street Journal.

"The Pentagon itself sometimes deliberately fanned the flames, in what amounted to the U.S. government targeting its own citizens with disinformation." The congressionally ordered probe took investigators back to the 1980s, when an Air Force colonel visited a bar near Area 51, a top-secret site in the Nevada desert. He gave the owner photos of what might be flying saucers. The photos went up on the walls, and into the local lore went the idea that the U.S. military was secretly testing recovered alien technology. But the colonel was on a mission — of disinformation. The photos were doctored, the now-retired officer confessed to the Pentagon investigators in 2023. The whole exercise was a ruse to protect what was really going on at Area 51: The Air Force was using the site to develop top-secret stealth fighters, viewed as a critical edge against the Soviet Union. Military leaders were worried that the programs might get exposed if locals somehow glimpsed a test flight of, say, the F-117 stealth fighter, an aircraft that truly did look out of this world. Better that they believe it came from Andromeda.
That's not the only example. The Journal spoke to Robert Salas, now 84, who in 1967 was a 26-year-old Air Force captain "sitting in a walk-in closet-sized bunker, manning the controls of 10 nuclear missiles in Montana." Suddenly all 10 missiles were disabled after reports of "a glowing reddish-orange oval was hovering over the front gate... The next morning a helicopter was waiting to take Salas back to base. Once there he was ordered: Never discuss the incident."

58 years later, the Journal reports.... The barriers of concrete and steel surrounding America's nuclear missiles were thick enough to give them a chance if hit first by a Soviet strike. But scientists at the time feared the intense storm of electromagnetic waves generated by a nuclear detonation might render the hardware needed to launch a counterstrike unusable. To test this vulnerability, the Air Force developed an exotic electromagnetic generator that simulated this pulse of disruptive energy without the need to detonate a nuclear weapon... But any public leak of the tests at the time would have allowed Russia to know that America's nuclear arsenal could be disabled in a first strike. The witnesses were kept in the dark. To this day Salas believes he was party to an intergalactic intervention to stop nuclear war which the government has tried to hide.
"We were never briefed on the activities that were going on, the Air Force shut us out of any information," Salas tells the Journal.

But it's not just secrecy. Some military men were told directly that they were working on alien technology, according to Pentagon investigator Sean Kirkpatrick: A former Air Force officer was visibly terrified when he told Kirkpatrick's investigators that he had been briefed on a secret alien project decades earlier, and was warned that if he ever repeated the secret he could be jailed or executed. The claim would be repeated to investigators by other men who had never spoken of the matter, even with their spouses.

It turned out the witnesses had been victims of a bizarre hazing ritual. For decades, certain new commanders of the Air Force's most classified programs, as part of their induction briefings, would be handed a piece of paper with a photo of what looked like a flying saucer. The craft was described as an antigravity maneuvering vehicle. The officers were told that the program they were joining, dubbed Yankee Blue, was part of an effort to reverse-engineer the technology on the craft. They were told never to mention it again. Many never learned it was fake. Kirkpatrick found the practice had begun decades before, and appeared to continue still... Investigators are still trying to determine why officers had misled subordinates, whether as some type of loyalty test, a more deliberate attempt to deceive or something else. After that 2023 discovery, Kirkpatrick's deputy briefed President Joe Biden's director of national intelligence, Avril Haines, who was stunned... "We are talking about hundreds and hundreds of people. These men signed NDAs. They thought it was real."
The article also notes that reports of Unidentified Aerial Phenomenon "skyrocketed" after May of 2023 — but that "Many pilot accounts of floating orbs were actually reflections of the sun from Starlink satellites, investigators found."

An anonymous reader shared this report from The New York Times: Russian counterintelligence agents are analyzing data from the popular Chinese messaging and social media app WeChat to monitor people who might be in contact with Chinese spies, according to a Russian intelligence document obtained by The New York Times. The disclosure highlights the rising level of concern about Chinese influence in Russia as the two countries deepen their relationship. As Russia has become isolated from the West over its war in Ukraine, it has become increasingly reliant on Chinese money, companies and technology. But it has also faced what the document describes as increased Chinese espionage efforts.

The document indicates that the Russian domestic security agency, known as the F.S.B., pulls purloined data into an analytical tool known as "Skopishche" (a Russian word for a mob of people). Information from WeChat is among the data being analyzed, according to the document... One Western intelligence agency told The Times that the information in the document was consistent with what it knew about "Russian penetration of Chinese communications...." By design, [WeChat] does not use end-to-end encryption to protect user data. That is because the Chinese government exercises strict control over the app and relies on its weak security to monitor and censor speech. Foreign intelligence agencies can exploit that weakness, too...

WeChat was briefly banned in Russia in 2017, but access was restored after Tencent took steps to comply with laws requiring foreign digital platforms above a certain size to register as "organizers of information dissemination." The Times confirmed that WeChat is currently licensed by the government to operate in Russia. That license would require Tencent to store user data on Russian servers and to provide access to security agencies upon request.

An anonymous reader shared this report from SFGate about a lawsuit alleging a "warrantless drone surveillance program" that's "trampling residents' right to privacy": Sonoma County has been accused of deploying hundreds of drone flights over residents in a "runaway spying operation"... according to a lawsuit filed Wednesday by the American Civil Liberties Union. The North Bay county of Sonoma initially started the 6-year-old drone program to track illegal cannabis cultivation, but the lawsuit alleges that officials have since turned it into a widespread program to catch unrelated code violations at residential properties and levy millions of dollars in fines. The program has captured 5,600 images during more than 700 flights, the lawsuit said...

Matt Cagle, a senior staff attorney with the ACLU Foundation of Northern California, said in a Wednesday news release that the county "has hidden these unlawful searches from the people they have spied on, the community, and the media...." The lawsuit says the county employees used the drones to spy on private homes without first receiving a warrant, including photographing private areas like hot tubs and outdoor baths, and through curtainless windows.
One plaintiff "said the county secretly used the drone program to photograph her Sonoma County horse stable and issue code violations," according to the article. She only discovered the use of the drones after a county employee mentioned they had photos of her property, according to the lawsuit. She then filed a public records request for the images, which left her "stunned" after seeing that the county employees were monitoring her private property including photographing her outdoor bathtub and shower, the lawsuit said.