The U.S. government is seeking to break up Google's advertising technology business after a judge ruled the company holds an illegal monopoly over ad tools for publishers, marking the second such antitrust case following a similar request to divest Chrome. The Guardian reports: "We have a defendant who has found ways to defy" the law, US government lawyer Julia Tarver Wood told a federal court in Virginia, as she urged the judge to dismiss Google's assurance that it would change its behavior. "Leaving a recidivist monopolist" intact was not appropriate to solve the issue, she added. [...] The US government specifically alleged that Google controls the market for publishing banner ads on websites, including those of many creators and small news providers.

The hearing in a Virginia courtroom was scheduled to plan out the second phase of the trial, set for September, in which the parties will argue over how to fix the ad market to satisfy the judge's ruling. The plaintiffs argued in the first phase of the trial last year that the vast majority of websites use Google ad software products which, combined, leave no way for publishers to escape Google's advertising technology and pricing.

The district court judge Leonie Brinkema agreed with most of that reasoning, ruling last month that Google built an illegal monopoly over ad software and tools used by publishers, but partially dismissed the argument related to tools used by advertisers. The US government said it would use the trial to recommend that Google should spin off its ad publisher and exchange operations, as Google could not be trusted to change its ways. "Behavioral remedies are not sufficient because you can't prevent Google from finding a new way to dominate," Tarver Wood said.

Google countered that it would recommend that it agree to a binding commitment that it would share information with advertisers and publishers on its ad tech platforms. Google lawyer Karen Dunn did, however, acknowledge the "trust issues" raised in the case and said the company would accept monitoring to guarantee any commitments made to satisfy the judge. Google is also arguing that calls for divestment are not appropriate in this case, which Brinkema swiftly refused as an argument. The judge urged both sides to mediate, stressing that coming to a compromise solution would be cost-effective and more efficient than running a weeks-long trial.

An anonymous reader quotes a report from the Associated Press: A European Union privacy watchdog fined TikTok 530 million euros ($600 million) on Friday after a four-year investigation found that the video sharing app's data transfers to China put users at risk of spying, in breach of strict EU data privacy rules. Ireland's Data Protection Commission also sanctioned TikTok for not being transparent with users about where their personal data was being sent and ordered the company to comply with the rules within six months.

The Irish national watchdog serves as TikTok's lead data privacy regulator in the 27-nation EU because the company's European headquarters is based in Dublin. "TikTok failed to verify, guarantee and demonstrate that the personal data of (European) users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU," Deputy Commissioner Graham Doyle said in a statement. The Irish watchdog said its investigation found that TikTok failed to address "potential access by Chinese authorities" to European users' personal data under Chinese laws on anti-terrorism, counterespionage, cybersecurity and national intelligence that were identified as "materially diverging" from EU standards. Grahn said TikTok has "has never received a request for European user data from the Chinese authorities, and has never provided European user data to them."

[...] The investigation, which opened in September 2021, also found that TikTok's privacy policy at the time did not name third countries, including China, where user data was transferred. The watchdog said the policy, which has since been updated, failed to explain that data processing involved "remote access to personal data stored in Singapore and the United States by personnel based in China." TikTok faces further scrutiny from the Irish regulator, which said that the company had provided inaccurate information throughout the inquiry by saying that it didn't store European user data on Chinese servers. It wasn't until April that it informed the regulator that it discovered in February that some data had in fact been stored on Chinese servers. TikTok disagrees with the decision and plans to appeal. The company said the decision focuses on a "select period" ending in May 2023, before it embarked on a data localization project called Project Clover that involved building three data centers in Europe.

"The facts are that Project Clover has some of the most stringent data protections anywhere in the industry, including unprecedented independent oversight by NCC Group, a leading European cybersecurity firm," said Christine Grahn, TikTok's European head of public policy and government relations. "The decision fails to fully consider these considerable data security measures."

A Michigan federal magistrate judge has banned a lawyer from using a cartoon dragon watermark on legal filings, calling the practice "juvenile and impertinent." Judge Ray Kent of the Western District of Michigan issued the order on April 28 after receiving a complaint featuring a purple, suit-wearing dragon on every page.

"Each page of plaintiff's complaint appears on an e-filing which is dominated by a large multi-colored cartoon dragon dressed in a suit," Kent wrote. "The Court is not a cartoon." The watermark belongs to Jacob A. Perrone of Dragon Lawyers, who told The New York Times he purchased the image online for $20 because "people like dragons."

Perrone said it plans to continue using the logo in his practice but will tone it down in future court submissions.

An anonymous reader quotes a report from CBS News: The House of Representatives on Thursday voted to block California from implementing plans to block new sales of gas-powered vehicles in a decade. In a 246-164 vote, members approved House Joint Resolution 88, which seeks to withdraw a waiver granted by the Environmental Protection Agency to California during the Biden administration to implement the ban. Thirty-five Democrats joined 211 Republicans in backing the measure. [...] The House also approved two other measures which withdraw waivers on the state's plans to increase sales of zero-emissions trucks in a 231-191 vote, along with the state's latest nitrogen oxide emission standards for engines in a 225-196 vote.

Following Thursday's vote, Newsom's office issued a statement saying the House illegally used the Congressional Review Act (CRA) to repeal the state's Clean Air Act waivers. The governor's office also said the move contradicts the Government Accountability Office and Senate Parliamentarian who have ruled the CRA does not apply to the state's waivers. "Trump Republicans are hellbent on making California smoggy again. Clean air didn't used to be political. In fact, we can thank Ronald Reagan and Richard Nixon for our decades-old authority to clean our air," Newsom said. "The only thing that's changed is that big polluters and the right-wing propaganda machine have succeeded in buying off the Republican Party -- and now the House is using a tactic that the Senate's own parliamentarian has said is lawless. Our vehicles program helps clean the air for all Californians, and we'll continue defending it." Sen. Alex Padilla (D-California) said in a statement: "House Republicans' misguided and cynical attempts to gut the Clean Air Act and undercut California's climate leadership ignores the reality of California's strength as the fourth largest economy in the world...

... If Senate Republicans take up these measures under the Congressional Review Act, they will be going nuclear by overruling the Parliamentarian, all to baselessly attack California."

Meta has eliminated key privacy protections for Ray-Ban Meta smart glasses users in a policy update that took effect April 29th. The company now permanently enables Meta AI with camera functionality unless "Hey Meta" voice commands are completely disabled, while simultaneously removing users' ability to opt out of having their voice recordings stored in the cloud.

These recordings are kept for up to a year for Meta's product development, with the company only deleting accidental voice interactions after 90 days. Users can manually delete individual recordings but cannot prevent the initial collection.

Investigative journalist and cybersecurity expert Brian Krebs reports: A 23-year-old Scottish man thought to be a member of the prolific Scattered Spider cybercrime group was extradited last week from Spain to the United States, where he is facing charges of wire fraud, conspiracy and identity theft. U.S. prosecutors allege Tyler Robert Buchanan and co-conspirators hacked into dozens of companies in the United States and abroad, and that he personally controlled more than $26 million stolen from victims. Scattered Spider is a loosely affiliated criminal hacking group whose members have broken into and stolen data from some of the world's largest technology companies. Buchanan was arrested in Spain last year on a warrant from the FBI, which wanted him in connection with a series of SMS-based phishing attacks in the summer of 2022 that led to intrusions at Twilio, LastPass, DoorDash, Mailchimp, and many other tech firms. The complain against Buchanan is available here (PDF).

An anonymous reader quotes a report from TechCrunch: Apple sent notifications this week to several people who the company believes were targeted with government spyware, according to two of the alleged targets. In the past, Apple has sent similar notifications to targets and victims of spyware, and directed them to contact a nonprofit that specializes in investigating such cyberattacks. Other tech companies, like Google and WhatsApp, have in recent years also periodically sent such notifications to their users. As of Wednesday, only two people appear to have come forward to reveal they were among those who received the notifications from Apple this week.

One is Ciro Pellegrino, an Italian journalist who works for online news outlet Fanpage. Pellegrino wrote in an article that he received an email and a text message from Apple on Tuesday notifying him that he was targeted with spyware. The message, according to Pellegrino, also said he wasn't the only person targeted. "Today's notification is being sent to affected users in 100 countries," the message read, according to Pellegrino's article. "Did this really happen? Yes, it is not a joke," Pellegrino wrote.

The second person to receive an Apple notification is Eva Vlaardingerbroek, a Dutch right-wing activist, who posted on X on Wednesday. "Apple detected a targeted mercenary spyware attack against your iPhone," the Apple alert said, according to a screenshot shown in a video that Vlaardingerbroek posted on X. "This attack is likely targeting you specifically because of who you are or what you do. Although it's never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning -- please take it seriously." Reacting to the notification, Vlaardingerbroek said that this was an "attempt to intimidate me, an attempt to silence me, obviously."

A newly revealed set of vulnerabilities dubbed AirBorne in Apple's AirPlay SDK could allow attackers on the same Wi-Fi network to hijack tens of millions of third-party devices like smart TVs and speakers. While Apple has patched its own products, many third-party devices remain at risk, with the most severe (though unproven) threat being potential microphone access. 9to5Mac reports: Wired reports that a vulnerability in Apple's software development kit (SDK) means that tens of millions of those devices could be compromised by an attacker: "On Tuesday, researchers from the cybersecurity firm Oligo revealed what they're calling AirBorne, a collection of vulnerabilities affecting AirPlay, Apple's proprietary radio-based protocol for local wireless communication. Bugs in Apple's AirPlay software development kit (SDK) for third-party devices would allow hackers to hijack gadgets like speakers, receivers, set-top boxes, or smart TVs if they're on the same Wi-Fi network as the hacker's machine [...]

Oligo's chief technology officer and cofounder, Gal Elbaz, estimates that potentially vulnerable third-party AirPlay-enabled devices number in the tens of millions. 'Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch -- or they will never be patched,' Elbaz says. 'And it's all because of vulnerabilities in one piece of software that affects everything.'"

For consumers, an attacker would first need to gain access to your home Wi-Fi network. The risk of this depends on the security of your router: millions of wireless routers also have serious security flaws, but access would be limited to the range of your Wi-Fi. AirPlay devices on public networks, like those used everywhere from coffee shops to airports, would allow direct access. The researchers say the worst-case scenario would be an attacker gaining access to the microphones in an AirPlay device, such as those in smart speakers. However, they have not demonstrated this capability, meaning it remains theoretical for now.

An anonymous reader quotes a report from CBS News: New York Gov. Kathy Hochul says a $254 billion state budget deal has been reached, including a "bell-to-bell" school cellphone ban. [...] The distraction-free policy would take effect next school year, making New York the largest state in the country with a "bell-to-bell" cellphone ban. Hochul says the plan will help protect children from addictive technology and improve their mental health. The New York State United Teachers union also came out in support of the ban, saying "we are at a crisis point."

The governor previously outlined the proposal back in January, saying it would ban the use of smartphones and other internet-enabled devices on school grounds during the school day. That includes classroom time, lunch and study hall periods. "A bell-to-bell ban, morning until the day is over, is not going to hurt your kids. It's going to help them emerge with stronger mental health and resiliency," she told CBS News New York at the time.

Hochul said the ban would include smartphones and other personal "smart" devices, like smartwatches. Exemptions could be made if a student requires a device to manage a medical condition or for translation purposes. Cellphones that don't have internet capability and devices that are provided by the school for lesson plans would still be allowed. The proposal would let individual schools come up with their own ways to implement the ban and store the devices, and schools would be able to decide whether to have students leave them in things like pouches, lockers or cubbies. It would also require schools to make sure parents have a way to contact their children during the day, if needed. "Protecting our communities requires more than streets where people feel safe. We need classrooms where young minds can flourish, and that means eliminating once and for all the digital distractions that steal our kids' attention," the governor said, adding, "We protected our kids before from cigarettes, alcohol and drunk driving, and now, we're protecting them from addictive technology designed to hijack their attention."

An anonymous reader quotes a report from ZDNet: Today, open-source software powers the world. It didn't have to be that way. The Open Invention Network's (OIN) origins are rooted in a turbulent era for open source. In the mid-2000s, Linux faced existential threats from copyright and patent litigation. Besides, the infamous SCO lawsuit and Microsoft's claims that Linux infringed on hundreds of its patents cast a shadow over the ecosystem. Business leaders became worried. While SCO's attacks petered out, patent trolls -- formally known as Patent Assertion Entities (PAEs) -- were increasing their attacks. So, open-source friendly industry giants, including IBM, Novell, Philips, Red Hat, and Sony, formed the Open Invention Network (OIN) to create a bulwark against patent threats targeting Linux and open-source technologies. Founded in 2005, the Open Invention Network (OIN) has evolved into a global community comprising over 4,000 participants, ranging from startups to multinational corporations, collectively holding more than three million patents and patent applications.

At the heart of OIN's legal strategy is a royalty-free cross-license agreement. Members agree not to assert their patents against the Linux System, creating a powerful network effect that shields open-source projects from litigation. As OIN CEO Keith Bergelt explained, this model enables "broad-based participation by ensuring patent risk mitigation in key open-source technologies, thereby facilitating open-source adoption." This approach worked then, and it continues to work today. [...] Over the years, OIN's mission has expanded beyond Linux to cover a range of open-source technologies. Its Linux System Definition, which determines the scope of patent cross-licensing, has grown from a few core packages to over 4,500 software components and platforms, including Android, Apache, Kubernetes, and ChromeOS. This expansion has been critical, as open source has become foundational across industries such as finance, automotive, telecommunications, and artificial intelligence.

The Karnataka High Court on Tuesday directed India's government to block Switzerland-based email service Proton Mail, citing national security concerns and law enforcement challenges. Justice M Nagaprasanna ordered authorities to initiate proceedings under Section 69A of the Information Technology Act to ban the service, while mandating immediate blocking of "offending URLs" until final decisions are made.

The ruling followed a petition from M Moser Design Associates India, which claimed its female employees were targeted with obscene emails containing "AI-generated deepfake images" sent via Proton Mail. Petitioners argued Proton Mail operates servers outside India, making it inaccessible to law enforcement. The court noted several bomb threats to Indian schools were sent using the service, which has already been banned in Russia and Saudi Arabia. Additional Solicitor General Aravind Kamath, representing the government, said authorities would comply with the court's direction.

A former Disney employee who hacked into the company's servers to alter its restaurant menus, including falsifying allergen information and printing profane language, has been sentenced to three years in prison. From a report: Michael Scheuer, a Florida resident, was sentenced last week in federal court and ordered to pay nearly $690,000 in restitution, with most of that going to Disney. He pled guilty in January to one count of computer fraud and one count of aggravated identity theft.

"Scheuer remains remorseful and apologetic to his former co-workers. We are grateful that the judge heard all of our arguments and mitigation when fashioning a sentence that was half of what the government was seeking," said David Haas, Scheuer's lawyer, in a statement to CNN.

Scheuer worked as a menu production manager for Disney and was fired last June for misconduct, according to the original complaint. He had access to, and also used, secure internal servers for creating and publishing menus for all of Disney's restaurants as part of his job at the company.

An anonymous reader quotes a report from Wired: Automakers are increasingly pushing consumers to accept monthly and annual fees to unlock preinstalled safety and performance features, from hands-free driving systems and heated seats to cameras that can automatically record accident situations. But the additional levels of internet connectivity this subscription model requires can increase drivers' exposure to government surveillance and the likelihood of being caught up in police investigations. A cache of more than two dozen police records recently reviewed by WIRED show US law enforcement agencies regularly trained on how to take advantage of "connected cars," with subscription-based features drastically increasing the amount of data that can be accessed during investigations. The records make clear that law enforcement's knowledge of the surveillance far exceeds that of the public and reveal how corporate policies and technologies -- not the law -- determine driver privacy.

"Each manufacturer has their whole protocol on how the operating system in the vehicle utilizes telematics, mobile Wi-Fi, et cetera," one law enforcement officer noted in a presentation prepared by the California State Highway Patrol (CHP) and reviewed by WIRED. The presentation, while undated, contains statistics on connected cars for the year 2024. "If the vehicle has an active subscription," they add, "it does create more data." The CHP presentation, obtained by government transparency nonprofit Property of the People via a public records request, trains police on how to acquire data based on a variety of hypothetical scenarios, each describing how vehicle data can be acquired based on the year, make, and model of a vehicle. The presentation acknowledges that access to data can ultimately be limited due to choices made by not only vehicle manufacturers but the internet service providers on which connected devices rely.

One document notes, for instance, that when a General Motors vehicle is equipped with an active OnStar subscription, it will transmit data -- revealing its location -- roughly twice as often as a Ford vehicle. Different ISPs appear to have not only different capabilities but policies when it comes to responding to government requests for information. Police may be able to rely on AT&T to help identify certain vehicles based on connected devices active in the car but lack the ability to do so when the device relies on a T-Mobile or Verizon network instead. [...] Nearly all subscription-based car features rely on devices that come preinstalled in a vehicle, with a cellular connection necessary only to enable the automaker's recurring-revenue scheme. The ability of car companies to charge users to activate some features is effectively the only reason the car's systems need to communicate with cell towers. The police documents note that companies often hook customers into adopting the services through free trial offers, and in some cases the devices are communicating with cell towers even when users decline to subscribe.

An anonymous reader quotes a report from Milwaukee Journal Sentinel: Milwaukee police are mulling a trade: 2.5 million mugshots for free use of facial recognition technology. Officials from the Milwaukee Police Department say swapping the photos with the software firm Biometrica will lead to quicker arrests and solving of crimes. But that benefit is unpersuasive for those who say the trade is startling, due to the concerns of the surveillance of city residents and possible federal agency access. "We recognize the very delicate balance between advancement in technology and ensuring we as a department do not violate the rights of all of those in this diverse community," Milwaukee Police Chief of Staff Heather Hough said during an April 17 meeting.

For the first time, Milwaukee police officials detailed their plans to use the facial recognition technology during a meeting of the city's Fire and Police Commission, the oversight body for those departments. In the past, the department relied on facial recognition technology belonging to neighboring police agencies. In an April 24 email, Hough said the department has not entered into an agreement with any facial recognition and the department intends to continue engaging the public before doing so. The department will discuss it at a future meeting of the city's Public Safety and Health Committee next, she said. "While we would like to acquire the technology to assist in solving cases, being transparent with the community that we serve far outweighs the urgency to acquire," she said in an email.

Officials said the technology alone could not be used as probable cause to arrest someone and the only authorized uses would be when there's basis to believe criminal activity has happened or could happen, or a threat to public safety is imminent. Hough said the department intended to craft a policy that would ensure no one is arrested solely based on facial recognition matches. That reassurance and others from police officials came as activists, residents and some public officials voiced concern.

The sale of bankrupt DNA data bank 23andMe is delayed as the company struggles to secure a lead bidder who can meet regulatory and privacy requirements, pushing the initial auction deadline from Friday to Monday. Seeking Alpha reports: 23andMe Holdings (OTC:MEHCQ), currently in Chapter 11 bankruptcy proceedings, is requiring that any potential bidders for the company's assets "guaranty that they will comply with the Company's privacy policies and applicable law." The genetics company said this is necessary to protect customers' data.

In addition, bidders will need to submit documentation of their intended use of any data, describe the privacy programs and security controls they have in place or would implement, and say whether they would ask for current privacy policies to be amended. 23andMe has also filed a motion asking for the appointment of an independent customer Data representative to review whether a proposed deal is in alignment with the company's privacy policies and data privacy laws.