America's Department of Homeland Security "is expected to stop buying access to data showing the movement of phones," reports the U.S. news site NOTUS.

They call the purchasers "a controversial practice that has allowed it to warrantlessly track hundreds of millions of people for years." Since 2018, agencies within the department — including Immigration and Customs Enforcement, U.S. Customs and Border Protection and the U.S. Secret Service — have been buying access to commercially available data that revealed the movement patterns of devices, many inside the United States. Commercially available phone data can be bought and searched without judicial oversight.

Three people familiar with the matter said the Department of Homeland Security isn't expected to buy access to more of this data, nor will the agency make any additional funding available to buy access to this data. The agency "paused" this practice after a 2023 DHS watchdog report [which had recommended they draw up better privacy controls and policies]. However, the department instead appears to be winding down the use of the data...

"The information that is available commercially would kind of knock your socks off," said former top CIA official Michael Morell on a podcast last year. "If we collected it using traditional intelligence methods, it would be top-secret sensitive. And you wouldn't put it in a database, you'd keep it in a safe...." DHS' internal watchdog opened an investigation after a bipartisan outcry from lawmakers and civil society groups about warrantless tracking...
"Meanwhile, U.S. spy agencies are fighting to preserve the same capability as part of the renewal of surveillance authorities," the article adds.

"A bipartisan coalition of lawmakers, led by Democratic Sen. Ron Wyden in the Senate and Republican Rep. Warren Davidson in the House, is pushing to ban U.S. government agencies from buying data on Americans."

In November of 2021 America passed a "Bipartisan Infrastructure Law" which included $7.5 billion for up to 20,000 EV charging spots, or around 5,000 stations, notes the Washington Post (citing an analysis from the EV policy analyst group Atlas Public Policy).

And new stations are now already open in Hawaii, New York, Ohio and Pennsylvania, "and under construction in four other states. Twelve additional states have awarded contracts for constructing the charging stations." A White House spokesperson said America should reach its goal of 500,000 charging stations by 2026.

So why is it that right now — more than two years after the bill's passage — why does the Federal Highway System say the program has so far only delivered seven open charging stations with a total of 38 charging spots? Nick Nigro, founder of Atlas Public Policy, said that some of the delays are to be expected. "State transportation agencies are the recipients of the money," he said. "Nearly all of them had no experience deploying electric vehicle charging stations before this law was enacted." Nigro says that the process — states have to submit plans to the Biden administration for approval, solicit bids on the work, and then award funds — has taken much of the first two years since the funding was approved. "I expect it to go much faster in 2024," he added.

"We are building a national EV charging network from scratch, and we want to get it right," a spokesperson for the Federal Highway Administration said in an email. "After developing program guidance and partnering with states to guide implementation plans, we are hitting our stride as states move quickly to bring National Electric Vehicle Infrastructure stations online...."

Part of the slow rollout is that the new chargers are expected to be held to much higher standards than previous generations of fast chargers. The United States currently has close to 10,000 "fast" charging stations in the country, of which over 2,000 are Tesla Superchargers, according to the Department of Energy. Tesla Superchargers — some of which have been opened to drivers of other vehicles — are the most reliable fast-charging systems in the country. But many non-Tesla fast chargers have a reputation for poor performance and sketchy reliability. EV advocates have criticized Electrify America, the company created by Volkswagen after the company's "Dieselgate" emissions scandal, for spending hundreds of millions of dollars on chargers that don't work well. The company has said they are working to improve reliability. The data analytics company J.D. Power has estimated that only 80 percent of all charging attempts in the country are successful.

Biden administration guidance requires the new publicly funded chargers to be operational 97% of the time, provide 150kW of power at each charger, and be no more than one mile from the interstate, among many other requirements.EV policy experts say those requirements are critical to building a good nationwide charging program — but also slow down the build-out of the chargers. "This funding comes with dozens of rules and requirements," Laska said. "That is the nature of what we're trying to accomplish....

"States are just not operating with the same urgency that some of the rest of us are."
The article notes that private companies are also building charging stations — but the publicly-funded spots would increase America's car-charging capacity by around 50 percent, "a crucial step to alleviating 'range anxiety' and helping Americans shift into battery electric cars.

"States just have to build them first."

The U.S. House has set a strict ban on congressional staffers' use of Microsoft Copilot, the company's AI-based chatbot, Axios reported Friday. From the report: The House last June restricted staffers' use of ChatGPT, allowing limited use of the paid subscription version while banning the free version. The House's Chief Administrative Officer Catherine Szpindor, in guidance to congressional offices obtained by Axios, said Microsoft Copilot is "unauthorized for House use."

"The Microsoft Copilot application has been deemed by the Office of Cybersecurity to be a risk to users due to the threat of leaking House data to non-House approved cloud services," it said. The guidance added that Copilot "will be removed from and blocked on all House Windows devices."

An anonymous reader quotes a report from Ars Technica: NYC's "MyCity" ChatBot was rolled out as a "pilot" program last October. The announcement touted the ChatBot as a way for business owners to "save ... time and money by instantly providing them with actionable and trusted information from more than 2,000 NYC Business web pages and articles on topics such as compliance with codes and regulations, available business incentives, and best practices to avoid violations and fines." But a new report from The Markup and local nonprofit news site The City found the MyCity chatbot giving dangerously wrong information about some pretty basic city policies. To cite just one example, the bot said that NYC buildings "are not required to accept Section 8 vouchers," when an NYC government info page says clearly that Section 8 housing subsidies are one of many lawful sources of income that landlords are required to accept without discrimination. The Markup also received incorrect information in response to chatbot queries regarding worker pay and work hour regulations, as well as industry-specific information like funeral home pricing. Further testing from BlueSky user Kathryn Tewson shows the MyCity chatbot giving some dangerously wrong answers regarding treatment of workplace whistleblowers, as well as some hilariously bad answers regarding the need to pay rent.

MyCity's Microsoft Azure-powered chatbot uses a complex process of statistical associations across millions of tokens to essentially guess at the most likely next word in any given sequence, without any real understanding of the underlying information being conveyed. That can cause problems when a single factual answer to a question might not be reflected precisely in the training data. In fact, The Markup said that at least one of its tests resulted in the correct answer on the same query about accepting Section 8 housing vouchers (even as "ten separate Markup staffers" got the incorrect answer when repeating the same question). The MyCity Chatbot -- which is prominently labeled as a "Beta" product -- does tell users who bother to read the warnings that it "may occasionally produce incorrect, harmful or biased content" and that users should "not rely on its responses as a substitute for professional advice." But the page also states front and center that it is "trained to provide you official NYC Business information" and is being sold as a way "to help business owners navigate government." NYC Office of Technology and Innovation Spokesperson Leslie Brown told The Markup that the bot "has already provided thousands of people with timely, accurate answers" and that "we will continue to focus on upgrading this tool so that we can better support small businesses across the city."

Apple has sued its former employee Andrew Aude for leaking information about more than a half-dozen Apple products and policies, including its then-unannounced Journal app and Vision Pro headset, product development policies, strategies for regulatory compliance, employee headcounts, and more. MacRumors reports: Aude joined Apple as an iOS software engineer in 2016, shortly after graduating college. He worked on optimizing battery performance, making him "privy to information regarding dozens of Apple's most sensitive projects," according to the complaint. In April 2023, for example, Apple alleges that Aude leaked a list of finalized features for the iPhone's Journal app to a journalist at The Wall Street Journal on a phone call. That same month, The Wall Street Journal's Aaron Tilley published a report titled "Apple Plans iPhone Journaling App in Expansion of Health Initiatives."

Using the encrypted messaging app Signal, Aude is said to have sent "over 1,400" messages to the same journalist, who Aude referred to as "Homeboy." He is also accused of sending "over 10,000 text messages" to another journalist at the website The Information, and he allegedly traveled "across the continent" to meet with her. Other leaks relate to the Vision Pro and other hardware: "As another example, an October 2020 screenshot on Mr. Aude's Apple-issued work iPhone shows that he disclosed Apple's development of products within the spatial computing space to a non-Apple employee. Mr. Aude made this disclosure even though Apple's development efforts were confidential and not known to the public. Over the following months, Mr. Aude disclosed additional Apple confidential information -- including information concerning unannounced products, and hardware information."

Apple believes that Aude's actions were "extensive and purposeful," with Aude allegedly admitting that he leaked information so he could "kill" products and features with which he took issue. The company alleges that his wrongful disclosures resulted in at least five news articles discussing the company's confidential and proprietary information. Apple says these public revelations impeded its ability to "surprise and delight" with its latest products. Apple said it learned of Aude's wrongful disclosures in late 2023, and the company fired him for his alleged misconduct in December of that year. [...] Apple is seeking both compensatory and punitive damages in an amount to be determined at trial, and it is also seeking other legal remedies. The full complaint can be read here (PDF).

Tobias Mann reports via The Register: Cloud server provider Vultr has rapidly revised its terms-of-service after netizens raised the alarm over broad clauses that demanded the "perpetual, irrevocable, royalty-free" rights to customer "content." The red tape was updated in January, as captured by the Internet Archive, and this month users were asked to agree to the changes by a pop-up that appeared when using their web-based Vultr control panel. That prompted folks to look through the terms, and there they found clauses granting the US outfit a "worldwide license ... to use, reproduce, process, adapt ... modify, prepare derivative works, publish, transmit, and distribute" user content.

It turned out these demands have been in place since before the January update; customers have only just noticed them now. Given Vultr hosts servers and storage in the cloud for its subscribers, some feared the biz was giving itself way too much ownership over their stuff, all in this age of AI training data being put up for sale by platforms. In response to online outcry, largely stemming from Reddit, Vultr in the past few hours rewrote its ToS to delete those asserted content rights. CEO J.J. Kardwell told The Register earlier today it's a case of standard legal boilerplate being taken out of context. The clauses were supposed to apply to customer forum posts, rather than private server content, and while, yes, the terms make more sense with that in mind, one might argue the legalese was overly broad in any case.

"We do not use user data," Kardwell stressed to us. "We never have, and we never will. We take privacy and security very seriously. It's at the core of what we do globally." [...] According to Kardwell, the content clauses are entirely separate to user data deployed in its cloud, and are more aimed at one's use of the Vultr website, emphasizing the last line of the relevant fine print: "... for purposes of providing the services to you." He also pointed out that the wording has been that way for some time, and added the prompt asking users to agree to an updated ToS was actually spurred by unrelated Microsoft licensing changes. In light of the controversy, Vultr vowed to remove the above section to "simplify and further clarify" its ToS, and has indeed done so. In a separate statement, the biz told The Register the removal will be followed by a full review and update to its terms of service. "It's clearly causing confusion for some portion of users. We recognize that the average user doesn't have a law degree," Kardwell added. "We're very focused on being responsive to the community and the concerns people have and we believe the strongest thing we can do to demonstrate that there is no bad intent here is to remove it."

An anonymous reader quotes a report from Ars Technica: The White House has announced the "first government-wide policy (PDF) to mitigate risks of artificial intelligence (AI) and harness its benefits." To coordinate these efforts, every federal agency must appoint a chief AI officer with "significant expertise in AI." Some agencies have already appointed chief AI officers, but any agency that has not must appoint a senior official over the next 60 days. If an official already appointed as a chief AI officer does not have the necessary authority to coordinate AI use in the agency, they must be granted additional authority or else a new chief AI officer must be named.

Ideal candidates, the White House recommended, might include chief information officers, chief data officers, or chief technology officers, the Office of Management and Budget (OMB) policy said. As chief AI officers, appointees will serve as senior advisers on AI initiatives, monitoring and inventorying all agency uses of AI. They must conduct risk assessments to consider whether any AI uses are impacting "safety, security, civil rights, civil liberties, privacy, democratic values, human rights, equal opportunities, worker well-being, access to critical resources and services, agency trust and credibility, and market competition," OMB said. Perhaps most urgently, by December 1, the officers must correct all non-compliant AI uses in government, unless an extension of up to one year is granted.

The chief AI officers will seemingly enjoy a lot of power and oversight over how the government uses AI. It's up to the chief AI officers to develop a plan to comply with minimum safety standards and to work with chief financial and human resource officers to develop the necessary budgets and workforces to use AI to further each agency's mission and ensure "equitable outcomes," OMB said. [...] Among the chief AI officer's primary responsibilities is determining what AI uses might impact the safety or rights of US citizens. They'll do this by assessing AI impacts, conducting real-world tests, independently evaluating AI, regularly evaluating risks, properly training staff, providing additional human oversight where necessary, and giving public notice of any AI use that could have a "significant impact on rights or safety," OMB said. Chief AI officers will ultimately decide if any AI use is safety- or rights-impacting and must adhere to OMB's minimum standards for responsible AI use. Once a determination is made, the officers will "centrally track" the determinations, informing OMB of any major changes to "conditions or context in which the AI is used." The officers will also regularly convene "a new Chief AI Officer Council to coordinate" efforts and share innovations government-wide. Chief AI officers must consult with the public and maintain options to opt-out of "AI-enabled decisions," OMB said. "However, these chief AI officers also have the power to waive opt-out options "if they can demonstrate that a human alternative would result in a service that is less fair (e.g., produces a disparate impact on protected classes) or if an opt-out would impose undue hardship on the agency."

Crypto entrepreneur Sam Bankman-Fried was sentenced Thursday to 25 years [non-paywalled link] in prison for a massive fraud that unraveled with the collapse of FTX, once one of the world's most popular platforms for exchanging digital currency. From a report: Bankman-Fried, 32, was convicted in November of fraud and conspiracy -- a dramatic fall from a crest of success. U.S. District Judge Lewis A. Kaplan imposed the sentence in the same Manhattan courtroom where, four months ago, Bankman-Fried testified that his intention had been to revolutionize the emerging cryptocurrency market with his innovative and altruistic ideas, not to steal.

Kaplan said the sentence reflected "that there is a risk that this man will be in position to do something very bad in the future. And it's not a trivial risk at all." He added that it was "for the purpose of disabling him to the extent that can appropriately be done for a significant period of time." Prior to sentencing, Bankman-Fried had said, "My useful life is probably over. It's been over for a while now, from before my arrest."

An anonymous reader quotes a report from Techdirt: Nigeria doesn't exactly have a stellar reputation when it comes to respecting the speech rights of its own citizens, nor the rights of platforms that its citizens use. But I will admit that even with that reputation in place, I'm a bit at a loss as to why the country decided to arrest and charge a woman for violating those same laws because she wrote an unkind review of a can of tomato puree on Facebook: "A Nigerian woman who wrote an online review of a can of tomato puree is facing imprisonment after its manufacturer accused her of making a 'malicious allegation' that damaged its business. Chioma Okoli, a 39-year-old entrepreneur from Lagos, is being prosecuted and sued in civil court for allegedly breaching the country's cybercrime laws, in a case that has gripped the West African nation and sparked protests by locals who believe she is being persecuted for exercising her right to free speech."

By now you're wondering what actually happened here. Well, Okoli got on Facebook after having tried a can of Nagiko Tomato Mix, made by local Nigerian company Erisco Foods. Her initial post essentially complained about it being too sugary. So pretty standard fair for a review-type post on Facebook. When she started getting some mixed replies, some of them told her to stop trying to ruin the company and just buy something else, with one such message supposedly coming from a relative of the company's ownership. To that, she replied: "Okoli responded: 'Help me advise your brother to stop ki***ing people with his product, yesterday was my first time of using and it's pure sugar.'"

By the way, you can see all of this laid out by Erisco Foods itself on its own Facebook page. The company also claims that she exchanged messages with others talking about how she wanted to trash the product online so that nobody would buy it and that sort of thing. Whatever the truth about that situation is, this all stems from a poor review of a product posted online, which is the kind of speech countries with free speech laws typically protect. In Okoli's case, she was arrested shortly after those posts. [...] Okoli is pregnant and was placed in a cell during her arrest that had water leaking into it, by her account. She was also forced to apologize to Erisco Foods as part of her bond release, which she then publicly stated was done under duress and refused to apologize once out of holding. Okoli is also countersuing both Erisco Foods and the police, arguing for a violation of her speech rights.

An anonymous reader quotes a report from Ars Technica: Oregon Governor Tina Kotek today signed the state's Right to Repair Act, which will push manufacturers to provide more repair options for their products than any other state so far. The law, like those passed in New York, California, and Minnesota, will require many manufacturers to provide the same parts, tools, and documentation to individuals and repair shops that they provide to their own repair teams. But Oregon's bill goes further, preventing companies from implementing schemes that require parts to be verified through encrypted software checks before they will function. Known as parts pairing or serialization, Oregon's bill, SB 1596, is the first in the nation to target that practice. Oregon State Senator Janeen Sollman (D) and Representative Courtney Neron (D) sponsored and pushed the bill in the state senate and legislature.

Oregon's bill isn't stronger in every regard. For one, there is no set number of years for a manufacturer to support a device with repair support. Parts pairing is prohibited only on devices sold in 2025 and later. And there are carve-outs for certain kinds of electronics and devices, including video game consoles, medical devices, HVAC systems, motor vehicles, and -- as with other states -- "electric toothbrushes." "By eliminating manufacturer restrictions, the Right to Repair will make it easier for Oregonians to keep their personal electronics running," said Charlie Fisher, director of Oregon's chapter of the Public Interest Research Group (PIRG), in a statement. "That will conserve precious natural resources and prevent waste. It's a refreshing alternative to a 'throwaway' system that treats everything as disposable."

TikTok is being investigated by the FTC over its data and security practices, "a probe that could lead to a settlement or a lawsuit against the company," reports the Associated Press. From the report: In its investigation, the FTC has been looking into whether TikTok violated a portion of federal law that prohibits "unfair and deceptive" business practices by denying that individuals in China had access to U.S. user data, said the person, who is not authorized to discuss the investigation. The agency also is scrutinizing the company over potential violations of the Children's Online Privacy Protection Act, which requires kid-oriented apps and websites to get parents' consent before collecting personal information of children under 13.

The agency is nearing the conclusion of its investigation and could settle with TikTok in the coming weeks. But there's not a deadline for an agreement, the person said. If the FTC moves forward with a lawsuit instead, it would have to refer the case to the Justice Department, which would have 45 days to decide whether it wants to file a case on the FTC's behalf, make changes or send it back to the agency to pursue on its own.

An anonymous reader quotes a report from TorrentFreak: Brazilian anti-piracy campaign 'Operation 404' has taken down many pirate sites and services over the past five years, but criminal prosecutions have been scarce. This week, anti-piracy group ALIANZA announced a "historic" victory: The operator of pirate IPTV service "Flash IPTV" was sentenced to more than five years in prison, marking the first criminal conviction of this kind in Brazil. [...] The operator of Flash IPTV, who is referred to by the initials A.W.A.P., was found guilty of criminal copyright infringement and sentenced to five years and four months in prison.

Flash IPTV was a relatively large IPTV service with 13,547 active users at its peak. According to local news reports, the service generated $912,000 in revenue over twelve months, before it was taken offline in 2020 as part of the second 'Operation 404' campaign. Speaking with TorrentFreak, ALIANZA says that this is a historic verdict, as it's the first criminal IPTV prosecution linked to 'Operation 404' in Brazil. "We appreciate the commitment of the police and judicial authorities in resolving this important case. The conviction of A.W.A.P. is a milestone that reinforces our commitment to defending the rights of creators and fighting against illegal practices that harm the creative economy," says Victor Roldan, ALIANZA's executive director.

While Operation 404 resulted in many arrests over the years, follow-up prosecutions have been rare in Brazil. Previously, ALIANZA did score a similar victory in Ecuador, where the operator of the pirate IPTV service IPTVlisto.com was sentenced to a year in prison. Last fall, Brazilian authorities conducted the sixth wave of Operation 404 and more are expected to follow in the future. These enforcement initiatives are broadly praised by rightsholders and the recent conviction will only strengthen their support.

A British court has ruled that Julian Assange can't be extradited to the United States on espionage charges unless U.S. authorities guarantee he won't get the death penalty, giving the WikiLeaks founder a partial victory in his long legal battle over the site's publication of classified American documents. From a report: Two High Court judges said they would grant Assange a new appeal unless U.S. authorities give further assurances within three weeks about what will happen to him. The ruling means the legal saga, which has dragged on for more than a decade, will continue -- and Assange will remain inside London's high-security Belmarsh Prison, where he has spent the last five years. Judges Victoria Sharp and Jeremy Johnson said the U.S. must guarantee that Assange, who is Australian, "is afforded the same First Amendment protections as a United States citizen, and that the death penalty is not imposed."

An anonymous reader quotes a report from Ars Technica: On Monday, Florida became the first state to ban kids under 14 from social media without parental permission. It appears likely that the law -- considered one of the most restrictive in the US -- will face significant legal challenges, however, before taking effect on January 1. Under HB 3, apps like Instagram, Snapchat, or TikTok would need to verify the ages of users, then delete any accounts for users under 14 when parental consent is not granted. Companies that "knowingly or recklessly" fail to block underage users risk fines of up to $10,000 in damages to anyone suing on behalf of child users. They could also be liable for up to $50,000 per violation in civil penalties. [...]

DeSantis' statement noted that "in addition to protecting children from the dangers of social media, HB 3 requires pornographic or sexually explicit websites to use age verification to prevent minors from accessing sites that are inappropriate for children." This suggests that Florida could face a legal challenge from adult sites like Pornhub, which have been suing to block states from requiring an ID to access adult content. Most recently, Pornhub blocked access to its platform in Texas, arguing that such laws "impinge on the rights of adults to access protected speech" and fail "strict scrutiny by employing the least effective and yet also most restrictive means of accomplishing Texas's stated purpose of allegedly protecting minors."

According to the Guardian, [Florida House Speaker Paul Renner, who spearheaded the law] expected that social media companies would "sue the second after" HB 3 was signed. So far, no legal challenges have been raised, but Renner seemingly expects that the law's focus on "addictive features such as notification alerts and autoplay videos, rather than on their content" would ensure that the law defeats any constitutional concerns potentially raised by social media companies. "We're going to beat them, and we're never, ever going to stop," Renner vowed.

Court filings unsealed last week allege Meta created an internal effort to spy on Snapchat in a secret initiative called "Project Ghostbusters." Gizmodo: Meta did so through Onavo, a Virtual Private Network (VPN) service the company offered between 2016 and 2019 that, ultimately, wasn't private at all. "Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them," said Mark Zuckerberg in an email to three Facebook executives in 2016, unsealed in Meta's antitrust case on Saturday. "It seems important to figure out a new way to get reliable analytics about them... You should figure out how to do this."

Thus, Project Ghostbusters was born. It's Meta's in-house wiretapping tool to spy on data analytics from Snapchat starting in 2016, later used on YouTube and Amazon. This involved creating "kits" that can be installed on iOS and Android devices, to intercept traffic for certain apps, according to the filings. This was described as a "man-in-the-middle" approach to get data on Facebook's rivals, but users of Onavo were the "men in the middle."

Meta's Onavo unit has a history of using invasive techniques to collect data on Facebook's users. Meta acquired Onavo from an Israeli firm over 10 years ago, promising users private networking, as most VPNs do. However, the service was reportedly used to spy on rival social media apps through tens of millions of people who downloaded Onavo. It gave Facebook valuable intel about competitors, and this week's court filings seem to confirm that. A team of senior executives and roughly 41 lawyers worked on Project Ghostbusters, according to court filings. The group was heavily concerned with whether to continue the program in the face of press scrutiny. Facebook ultimately shut down Onavo in 2019 after Apple booted the VPN from its app store.

Portugal's data regulator has ordered Sam Altman's iris-scanning project Worldcoin to stop collecting biometric data for 90 days, it said on Tuesday, in the latest regulatory blow to a venture that has raised privacy concerns in multiple countries. From a report: Worldcoin encourages people to have their faces scanned by its "orb" devices, in exchange for a digital ID and free cryptocurrency. More than 4.5 million people in 120 countries have signed up, according to Worldcoin's website. Portugal's data regulator, the CNPD, said there was a high risk to citizens' data protection rights, which justified urgent intervention to prevent serious harm. More than 300,000 people in Portugal have provided Worldcoin with their biometric data, the CNPD said.

Telegram is offering a new way to earn a premium subscription free of charge: all you have to do is volunteer your phone number to relay one-time passwords (OTP) to other users. This, in fact, sounds like an awful idea -- particularly for a messaging service based around privacy. From a report: X user @AssembleDebug spotted details about the new program on the English-language version of a popular Russian-language Telegram information channel. Sure enough, there's a section in Telegram's terms of service outlining the new "Peer-to-Peer Login" or P2PL program, which is currently only offered on Android and in certain (unspecified) locations. By opting in to the program, you agree to let Telegram use your phone number to send up to 150 texts with OTPs to other users logging in to their accounts. Every month your number is used to send a minimum number of OTPs, you'll get a gift code for a one-month premium subscription. Boy does this sound like a bad idea, starting with the main issue: your phone number is seen by the recipient every time it's used to send an OTP.

A top executive from the crypto exchange Binance has escaped custody in Nigeria after being arrested for allegedly destabilizing the country's national currency. The Associated Press reports: Nadeem Anjarwalla, the regional manager for Binance in Africa, "fled Nigeria using a smuggled passport," the office of Nigeria's National Security Adviser said in a statement, calling for "whatever information that can assist law enforcement agencies to apprehend the suspect." Anjarwalla, who holds dual British and Kenyan citizenship, had been detained in Nigeria along with another colleague since Feb. 26 when they arrived in the country following a crackdown on the crypto platform. Tigran Gambaryan, the colleague who is an American citizen, remains in captivity.

Nigeria is Africa's largest crypto economy in terms of trade volume with many citizens using crypto to hedge their finances against surging inflation and the declining local currency. Binance stopped all trading with the Nigerian naira currency on its platform in early March after authorities accused it of being used for money laundering and terrorism financing -- without providing evidence publicly. It was not clear how Anjarwalla fled custody. The Abuja-based Premium Times newspaper, which broke the news of his escape, reported that he fled from a guest house in the capital city after guards led him to a nearby mosque for prayers. "The personnel responsible for the custody of the suspect have been arrested, and a thorough investigation is ongoing to unravel the circumstances that led to his escape from lawful detention," Zakari Mijinyawa, spokesman for the office of Nigeria's National Security Adviser said in a statement.

Earlier today, the U.S. and U.K. accused hackers linked to the Chinese state of being behind "malicious" cyber campaigns targeting political figures. The U.K. government also blamed China for a 2021 cyberattack that compromised the personal information of millions of U.K. voters. In response, PBS reports that the U.S. and British government announced sanctions against a company and two people linked to the Chinese government. From the report: Officials said those sanctioned are responsible for a hack that may have gained access to information on tens of millions of U.K. voters held by the Electoral Commission, as well as for cyberespionage targeting lawmakers who have been outspoken about the China threat. The Foreign Office said the hack of the election registers "has not had an impact on electoral processes, has not affected the rights or access to the democratic process of any individual, nor has it affected electoral registration." The Electoral Commission said in August that it identified a breach of its system in October 2022, though it added that "hostile actors" had first been able to access its servers since 2021. At the time, the watchdog said the data included the names and addresses of registered voters. But it said that much of the information was already in the public domain.

In Washington, the Treasury Department said it sanctioned Wuhan Xiaoruizhi Science and Technology Company Ltd., which it calls a Chinese Ministry of State Security front company that has "served as cover for multiple malicious cyberoperations." It named two Chinese nationals, Zhao Guangzong and Ni Gaobin, affiliated with the Wuhan company, for cyberoperations that targeted U.S. critical infrastructure sectors, "directly endangering U.S. national security." Separately, British cybersecurity officials said that Chinese government-affiliated hackers "conducted reconnaissance activity" against British parliamentarians who are critical of Beijing in 2021. They said no parliamentary accounts were successfully compromised.

Three lawmakers, including former Conservative Party leader Iain Duncan Smith, told reporters Monday they have been "subjected to harassment, impersonation and attempted hacking from China for some time." Duncan Smith said in one example, hackers impersonating him used fake email addresses to write to his contacts. The politicians are members of the Inter-Parliamentary Alliance on China, an international pressure group focused on countering Beijing's growing influence and calling out alleged rights abuses by the Chinese government.

A SWAT team in St. Louis County mistakenly raided the home of Brittany Shamily and her family, based on the inaccurate tracking of stolen AirPods by the "FindMy" app. The family is suing for damages stemming from embarrassment, unreasonable use of force, loss of liberty, and other factors. The Riverfront Times reports: Around 6:30 p.m. on May 26, Brittany Shamily was at home with her children, including an infant, when police used a battering ram to bust in her front door. "What the hell is going on?" she screamed, terrified for herself and her family. "I got a three-month-old baby!" Body camera footage from the scene shows Shamily come to the front door, her hands up, her face a mix of fright and utter confusion at the heavily armed folly making its way from her front porch into her foyer. "Oh my god," she says. The SWAT team was looking for guns and other material related to a carjacking that had occurred that morning. Their search didn't turn up any of that -- though it has led to a lawsuit, filed Friday, that may lead to a better public understanding of how county police decide whether to deploy a SWAT team or serve a search warrant in a less menacing manner. Because in this case, the police clearly made the wrong call.

The carjacking that led to the raid happened about 12 hours prior, 16 miles away, in south county. Around 6 a.m., two brothers were leaving the Waffle House on Telegraph Road near Jefferson Barracks when a group of six people pulled up outside the restaurant and carjacked them. Two of the carjackers took off in the brothers' Dodge Charger while the other four fled the scene in their own vehicles. St. Louis County Police were summoned to the scene. As part of their investigation, a friend of the carjacked brothers told police that his AirPods were in the stolen car and that he could track them using the "FindMy" application, a feature that lets users locate one Apple device using another. Police did just that and, according to the lawsuit, the app showed the AirPods to be at Shamily's house.

There was just one problem. "FindMy is not that accurate," says the family's lawyer, Bevis Schock. "I actually went to my house with my co-counsel and played around with it for an hour. It's just not that good." Yet based on the "FindMy" result, an officer signed an application for a search warrant saying he had reason to believe that "firearms, ammunition, holsters" and other "firearm-related material" were inside. That evening, police showed up in full combat gear carrying a battering ram. [...] While the family was detained outside, the SWAT team "ransacked" their house, the lawsuit says. One SWAT team member punched a basketball-sized hole in the drywall. Another broke through a drop ceiling. They turned over drawers and left what had been an orderly house in disarray. After this had gone on for more than half an hour, the AirPods were located -- on the street outside the family's home. Unfortunately, this isn't the first time something like this has happened. In January 2022, SWAT teams in Denver raided an elderly woman's home after the "FindMy" app falsely pinged her home as the location of a stolen iPhone. The woman was recently awarded $3.76 million in compensation and damages.