An anonymous reader shares a report: Officials inside the Secret Service clashed over whether they needed a warrant to use location data harvested from ordinary apps installed on smartphones, with some arguing that citizens have agreed to be tracked with such data by accepting app terms of service, despite those apps often not saying their data may end up with the authorities, according to hundreds of pages of internal Secret Service emails obtained by 404 Media.

The emails provide deeper insight into the agency's use of Locate X, a powerful surveillance capability that allows law enforcement officials to follow a phone, and person's, precise movements over time at the click of a mouse. In 2023, a government oversight body found that the Secret Service, Customs and Border Protection, and Immigration and Customs Enforcement all used their access to such location data illegally. The Secret Service told 404 Media in an email last week it is no longer using the tool. "If USSS [U.S. Secret Service] is using Locate X, that is most concerning to us," one of the internal emails said. 404 Media obtained them and other documents through a Freedom of Information Act (FOIA) request with the Secret Service.

An anonymous reader quotes a report from The Register: Royal assent was granted to two right to repair bills last week that amend Canada's Copyright Act to allow the circumvention of technological protection measures (TPMs) if this is done for the purposes of "maintaining or repairing a product, including any related diagnosing," and "to make the program or a device in which it is embedded interoperable with any other computer program, device or component." The pair of bills allow device owners to not only repair their own stuff regardless of how a program is written to prevent such non-OEM measures, but said owners can also make their devices work with third-party components without needing to go through the manufacturer to do so.

Bills C-244 (repairability) and C-294 (interoperability) go a long way toward advancing the right to repair in Canada and, as iFixit pointed out, are the first federal laws anywhere that address how TPMs restrict the right to repair -- but they're hardly final. TPMs can take a number of forms, from simple administrative passwords to encryption, registration keys, or even the need for a physical object like a USB dongle to unlock access to copyrighted components of a device's software. Most commercially manufactured devices with proprietary embedded software include some form of TPM, and neither C-244 nor C-294 place any restrictions on the use of such measures by manufacturers. As iFixit points out, neither Copyright Act amendments do anything to expand access to the tools needed to circumvent TPMs. That puts Canadians in a similar position to US repair advocates, who in 2021 saw the US Copyright Office loosen DMCA restrictions to allow limited repairs of some devices despite TPMs, but without allowing access to the tools needed to do so. [...]

Canadian Repair Coalition co-founder Anthony Rosborough said last week that the new repairability and interoperability rules represent considerable progress, but like similar changes in the US, don't actually amount to much without the right to distribute tools. "New regulations are needed that require manufacturers and vendors to ensure that products and devices are designed with accessibility of repairs in mind," Rosborough wrote in an op-ed last week. "Businesses need to be able to carry out their work without the fear of infringing various intellectual property rights."

An anonymous reader quotes a report from NBC News: Former Massachusetts Air National Guard member Jack Teixeira was sentenced Tuesday to 15 years for stealing classified information from the Pentagon and sharing it online, the U.S. Attorney for Massachusetts announced. Teixeira received the sentence before Judge Indira Talwani in U.S. District Court for the District of Massachusetts. In March, the national guardsman pleaded guilty to six counts of willful retention and transmission of national defense information under the Espionage Act. He was arrested by the FBI in North Dighton, Massachusetts, in April 2023 and has been in federal custody since mid-May 2023.

According to court documents, Teixeira transcribed classified documents that he then shared on Discord, a social media platform mostly used by online gamers. He began sharing the documents in or around 2022. A document he was accused of leaking included information about providing equipment to Ukraine, while another included discussions about a foreign adversary's plot to target American forces abroad, prosecutors said. [...] While the documents were discovered online in March 2023, Teixeira had been sharing them online since January of that year, according to prosecutors.

An anonymous reader quotes a report from 404 Media: Flock is one of the largest vendors of automated license plate readers (ALPRs) in the country. The company markets itself as having the goal to fully "eliminate crime" with the use of ALPRs and other connected surveillance cameras, a target experts say is impossible. [...] Flock and automated license plate reader cameras owned by other companies are now in thousands of neighborhoods around the country. Many of these systems talk to each other and plug into other surveillance systems, making it possible to track people all over the country.

"It went from me seeing 10 license plate readers to probably seeing 50 or 60 in a few days of driving around," [said Alabama resident and developer Will Freeman]. "I wanted to make a record of these things. I thought, 'Can I make a database of these license plate readers?'" And so he made a map, and called it DeFlock. DeFlock runs on Open Street Map, an open source, editable mapping software. He began posting signs for DeFlock (PDF) to the posts holding up Huntsville's ALPR cameras, and made a post about the project to the Huntsville subreddit, which got good attention from people who lived there. People have been plotting not just Flock ALPRs, but all sorts of ALPRs, all over the world. [...]

When I first talked to Freeman, DeFlock had a few dozen cameras mapped in Huntsville and a handful mapped in Southern California and in the Seattle suburbs. A week later, as I write this, DeFlock has crowdsourced the locations of thousands of cameras in dozens of cities across the United States and the world. He said so far more than 1,700 cameras have been reported in the United States and more than 5,600 have been reported around the world. He has also begun scraping parts of Flock's website to give people a better idea of where to look to map them. For example, Flock says that Colton, California, a city with just over 50,000 people outside of San Bernardino, has 677 cameras.

People who submit cameras to DeFlock have the ability to note the direction that they are pointing in, which can help people understand how these cameras are being positioned and the strategies that companies and police departments are using when deploying them. For example, all of the cameras in downtown Huntsville are pointing away from the downtown core, meaning they are primarily focused on detecting cars that are entering downtown Huntsville from other areas.

With iOS 18.2, Apple will allow you to share the location of a lost AirTag with other people and with more than 15 different airlines. The Verge reports: When using the feature, you can generate a Share Item Location link within the Find My app on an iPhone, iPad, or Mac. Once you share the link with someone, they can click on it to view an interactive map with the location of your lost item. Apple will update the website automatically when the lost item moves, and it will also display a timestamp when it moved last. Apple will turn off the feature once you find your lost item. You can also manually stop sharing the location of an AirTag at any time, or the link will "automatically expire after seven days." [...]

As part of the rollout, Apple is partnering with over 15 airlines, including Delta, United, Virgin Atlantic, Lufthansa, Air Canada, and more. All of these airlines will be able to "privately and securely" accept links to lost items, as "access to each link will be limited to a small number of people, and recipients will be required to authenticate in order to view the link through either their Apple Account or partner email address." This feature will be available to airlines in the "coming months." Additionally, SITA, a baggage tracing solution, will also implement Share Item Location into its luggage tracker.

The FTX estate has filed a lawsuit against Binance and former CEO Changpeng Zhao, seeking to recover $1.76 billion, alleging a "fraudulent" 2021 share deal that involved funding from FTX's insolvent Alameda Research. The suit also accuses Zhao of misleading social media posts that allegedly spurred customer withdrawals and contributed to FTX's collapse. CNBC reports: In a Sunday filing with a Delaware court, FTX cites a 2021 transaction in which Binance, Zhao and others exited their investment in FTX, selling a 20% stake in the platform and a 18.4% stake in its U.S.-based entity West Realm Shires back to the company. The FTX estate alleges that the share repurchase was funded by FTX's Alameda Research division through a combination of the company's and Binance's exchange tokens, as well as Binance's dollar-pegged stablecoin.

"Alameda was insolvent at the time of the share repurchase and could not afford to fund the transaction," the suit claims, labeling the deal agreed with FTX co-founder Sam Bankman-Fried -- who's now serving a 25-year sentence over fraud linked to the downfall of his exchange -- a "constructive fraudulent transfer." Binance denies the allegations, saying in an emailed statement, "The claims are meritless, and we will vigorously defend ourselves."

On Tuesday Massachusetts voted to become the first state to allow gig-working drivers to join labor unions, reports WBUR: Since these gig workers are classified as independent contractors, federal law allowing employees the right to unionize does not apply to them. With the passage of this ballot initiative, Massachusetts is the first state to give ride-hailing drivers the ability to collectively bargain over working conditions.
Supporters have said the ballot measure "could provide a model for other states to let Uber and Lyft drivers unionize," reports Reuters, "and inspire efforts to organize them around the United States." Roxana Rivera, assistant to the president of 32BJ SEIU, an affiliate of the Service Employees International Union, that had spearheaded a campaign to pass the proposal, said its approval shows that Massachusetts voters want drivers to have a meaningful check against the growing power of app-based companies... The Massachusetts vote was the latest front in a years-long battle in the United States over whether ride-share drivers should be considered to be independent contractors or employees entitled to benefits and wage protections. Studies have shown that using contractors can cost companies as much as 30% less than employees.

Drivers for Uber and Lyft, including approximately 70,000 in Massachusetts, do not have the right to organize under the National Labor Relations Act... Under the Massachusetts measure, drivers can form a union after collecting signatures from at least 25% of active drivers in Massachusetts, and companies can form associations to allow them to jointly negotiate with the union during state-supervised talks.
But the Boston Globe points out that the measure " divided labor advocates in Massachusetts, some of whom worry it would in fact be a step backward in the lengthy fight to boost the rights of gig workers." Those concerns led the state's largest labor organization, the AFL-CIO, to remain neutral. But two unions backing the effort, the SEIU 32BJ and the International Association of Machinists, say allowing drivers to unionize, even if not as full employees, will help provide urgently needed worker protections and better pay and safety standards.

Friday "would have been his 38th birthday," writes the EFF, remembering Aaron Swartz as "a digital rights champion who believed deeply in keeping the internet open..." And they add that today the official web site for Aaron Swartz Day honored his memory with a special podcast "featuring those carrying on the work around issues close to his heart," including an appearance by Brewster Kahle, founder of the Internet Archive.

The first speaker is Ryan Shapiro, FOIA expert and co-founder of the national security transparency non-profit Property of the People. The Aaron Swartz Day site calls him "the researcher who discovered why the FBI had such an interest in Aaron in the years right before the JSTOR fiasco." (That web page calls it an "Al Qaeda phishing expedition that left Aaron with an 'International Terrorism Investigation' code in his FBI database file forever," as reported by Gizmodo.)

Other speakers on the podcast include:

• Nathan Dyer of SecureDrop, Newsroom Support Engineer for the Freedom of the Press Foundation with an update on SecureDrop

• Tracey Jaquith, Founding Coder and TV Architect at the Internet Archive, discussing "Microservices, Monoliths, and Operational Security — The Internet Archive in 2024."

• Tracy Rosenberg, co-founder of the Aaron Swartz Day Police Surveillance Project and Oakland Privacy, with "an update on the latest crop of surveillance battles."

• Ryan Sternlicht, VR developer, educator, researcher, advisor, and maker, on "The Next Layer of Reality: Social Identity and the New Creator Economy."

• Grant Smith Ellis, Chairperson of the Board, MassCann and Legal Intern at the Parabola Center, on "Jury Trials in the Age of Social Media."

• Michael "Mek" Karpeles, Open Library, Internet Archive, on "When it Rains at the Archive, Build an Ark — Book bans, Lawsuits, & Breaches."

The site also seeks to showcase SecureDrop and Open Library, projects started by Aaron before his death, as well as new projects "directly inspired by Aaron and his work."

With the debut of the Pirate Bay TV series in Sweden, international viewers are finding it surprisingly difficult to pirate. TorrentFreak reports: The series premiered at the on-demand platform of the Swedish national broadcaster SVT a few hours ago. International deals haven't been announced, but pirates can generally get access anyway. Soon after the first two episodes of The Pirate Bay series came out, scene release copies started circulating online. As one would expect.

The Scene group OLLONBORRE, which specializes in Swedish content, was the first to pick the show up. Within minutes, the first 1080p WEB-rips were posted on private scene servers and 720p copies followed a few hours later. Interestingly, pirate releases have yet to make their way to The Pirate Bay. We haven't seen any other copies on other public pirate sites either, which is surprising given the topic of the series.

It's common knowledge that The Scene -- a secretive network of release groups -- prefers to keep its releases private. Therefore, it wasn't happy with The Pirate Bay's public nature and rise to prominence in the early 2003s, which is highlighted in the first episodes of the TV series. However, we expected non-scene release groups would be eager to pick up the show. Apparently that's not the case, yet.

An anonymous reader quotes a report from TechCrunch: The FBI is warning that hackers are obtaining private user information — including emails and phone numbers — from U.S.-based tech companies by compromising government and police email addresses to submit "emergency" data requests. The FBI's public notice filed this week is a rare admission from the federal government about the threat from fraudulent emergency data requests, a legal process designed to help police and federal authorities obtain information from companies to respond to immediate threats affecting someone's life or property. The abuse of emergency data requests is not new, and has been widely reported in recent years. Now, the FBI warns that it saw an "uptick" around August in criminal posts online advertising access to or conducting fraudulent emergency data requests, and that it was going public for awareness.

"Cyber-criminals are likely gaining access to compromised US and foreign government email addresses and using them to conduct fraudulent emergency data requests to US based companies, exposing the personal information of customers to further use for criminal purposes," reads the FBI's advisory. [...] The FBI said in its advisory that it had seen several public posts made by known cybercriminals over 2023 and 2024, claiming access to email addresses used by U.S. law enforcement and some foreign governments. The FBI says this access was ultimately used to send fraudulent subpoenas and other legal demands to U.S. companies seeking private user data stored on their systems. The advisory said that the cybercriminals were successful in masquerading as law enforcement by using compromised police accounts to send emails to companies requesting user data. In some cases, the requests cited false threats, like claims of human trafficking and, in one case, that an individual would "suffer greatly or die" unless the company in question returns the requested information.

The FBI said the compromised access to law enforcement accounts allowed the hackers to generate legitimate-looking subpoenas that resulted in companies turning over usernames, emails, phone numbers, and other private information about their users. But not all fraudulent attempts to file emergency data requests were successful, the FBI said. The FBI said in its advisory that law enforcement organizations should take steps to improve their cybersecurity posture to prevent intrusions, including stronger passwords and multi-factor authentication. The FBI said that private companies "should apply critical thinking to any emergency data requests received," given that cybercriminals "understand the need for exigency."

The FBI is warning that hackers are obtaining private user information -- including emails and phone numbers -- from U.S.-based tech companies by compromising government and police email addresses to submit "emergency" data requests. From a report: The FBI's public notice filed this week is a rare admission from the federal government about the threat from fraudulent emergency data requests, a legal process designed to help police and federal authorities obtain information from companies to respond to immediate threats affecting someone's life or property.

The abuse of emergency data requests is not new, and has been widely reported in recent years. Now, the FBI warns that it saw an "uptick" around August in criminal posts online advertising access to or conducting fraudulent emergency data requests, and that it was going public for awareness. "Cyber-criminals are likely gaining access to compromised U.S. and foreign government email addresses and using them to conduct fraudulent emergency data requests to U.S. based companies, exposing the personal information of customers to further use for criminal purposes," reads the FBI's advisory.

IBM is facing a new lawsuit alleging that its Weather Channel website shared users' personal data with third-party ad partners without consent, violating the Video Privacy Protection Act (VPPA). The Register reports: In the absence of a comprehensive federal privacy law, the complaint [PDF] claims Big Blue violated America's Video Privacy Protection Act (VPPA), enacted in 1988 in response to the disclosure of Supreme Court nominee Robert Bork's videotape rental records. IBM was sued in 2019 (PDF) by then Los Angeles City Attorney Mike Feuer over similar allegations: That its Weather Channel mobile app collected and shared location data without disclosure. The IT titan settled that claim in 2020. A separate civil action against IBM's Weather Channel was filed in 2020 and settled in 2023 (PDF).

This latest legal salvo against alleged Weather Channel-enabled data collection takes issue with the sensitive information made available through the company's website to third-party ad partners mParticle and AppNexus/Xandr (acquired by Microsoft in 2022). The former provides customer analytics, and the latter is an advertising and marketing platform. The complaint, filed on behalf of California plaintiff Ed Penning, contends that by watching videos on the Weather Channel website, those two marketing firms received Penning's full name, gender, email address, precise geolocation, the name, and the URLs of videos he watched, without his permission or knowledge.

It explains that the plaintiff's counsel retained a private research firm last year to analyze browser network traffic during video sessions on the Weather Channel website. The research firm is said to have confirmed that the website provided the third-party ad firms with information that could be used to identify people and the videos that they watched. The VPPA prohibits video providers from sharing "personally identifiable information" about clients without their consent. [...] The lawsuit aspires to be certified as a class action. Under the VPPA, a successful claim allows for actual damages (if any) and statutory damages of $2,500 for each violation of the law, as well as attorney's fees.

An anonymous reader quotes a report from 404 Media: If you voted in the U.S. presidential election yesterday in which Donald Trump won comfortably, or a previous election, a website powered by a right-wing group is probably doxing you. VoteRef makes it trivial for anyone to search the name, physical address, age, party affiliation, and whether someone voted that year for people living in most states instantly and for free. This can include ordinary citizens, celebrities, domestic abuse survivors, and many other people. Voting rolls are public records, and ways to more readily access them are not new. But during a time of intense division, political violence, or even the broader threat of data being used to dox or harass anyone, sites like VoteRef turn a vital part of the democratic process -- simply voting -- into a security and privacy threat. [...]

The Voter Reference Foundation, which runs VoteRef, is a right wing organization helmed by a former Trump campaign official, ProPublica previously reported. The goal for that organization was to find irregularities in the number of voters and the number of ballots cast, but state election officials said their findings were "fundamentally incorrect," ProPublica added. In an interview with NPR, the ProPublica reporter said that the Voter Reference Foundation insinuated (falsely) that the 2020 election of Joe Biden was fraudulent in some way. 404 Media has found people on social media using VoteRef's data to spread voting conspiracies too. VoteRef has steadily been adding more states' records to the VoteRef website. At the time of writing, it has records for all states that legally allow publication. Some exceptions include California, Virginia, and Pennsylvania. ProPublica reported that VoteRef removed the Pennsylvania data after being contacted by an attorney for Pennsylvania's Department of State. "Digitizing and aggregating data meaningfully changes the privacy context and the risks to people. Your municipal government storing your marriage certificate and voter information in some basement office filing cabinet is not even remotely the same as a private company digitizing all the data, labeling it, piling it all together, making it searchable," said Justin Sherman, a Duke professor who studies data brokers.

"Policymakers need to get with the times and recognize that data brokers digitizing, aggregating, and selling data based on public records -- which are usually considered 'publicly available information' and exempted from privacy laws -- has fueled decades of stalking and gendered violence, harassment, doxing, and even murder," Sherman said. "Protecting citizens of all political stripes, targets and survivors of gendered violence, public servants who are targets for doxing and death threats, military service members, and everyone in between depends on reframing how we think about public records privacy and the mass aggregation and sale of our data."

An anonymous reader quotes a report from CBC News: The head of a company specializing in cryptocurrency was kidnapped and held for ransom in downtown Toronto during rush hour Wednesday. Police were called about a kidnapping in the area of University Avenue and Richmond Street W. just before 6 p.m., says a spokesperson with the Toronto Police Service. The suspects forced the victim into a vehicle and made a demand for money, the spokesperson said. The man was later located in Centennial Park in Etobicoke uninjured.

CBC Toronto has learned the victim is Dean Skurka, the president and CEO of Toronto-based financial firm WonderFi. He was released after a ransom of $1 million was paid electronically, a source close to the investigation said. Police say the investigation is ongoing and have not released any further details. [...] The alleged kidnapping happened the same day WonderFi released its third quarter earnings results, showing a 153 per cent increase compared to its third quarter in 2023.

An anonymous reader quotes a report from PCMag: Have I Been Pwned has long been one of the most useful ways to learn if your personal information was exposed in a hack. But a new site offers its own powerful tool to help you check if your data has been leaked to cybercriminals. DataBreach.com is the work of a New Jersey company called Atlas Privacy, which helps consumers remove their personal information from data brokers and people search websites. On Wednesday, the company told us it had launched DataBreach.com as an alternative to Have I Been Pwned, which is mainly searchable via the user's email address. DataBreach.com is designed to do that and more. In addition to your email address, the site features an advanced search function to see whether your full name, physical address, phone number, Social Security number, IP address, or username are in Atlas Privacy's extensive library of recorded breaches. More categories will also be added over time.

Atlas Privacy has been offering its paid services to customers, such as police officers and celebrities, to protect bad actors from learning their addresses or phone numbers. In doing so, the company has also amassed over 17.5 billion records from the numerous stolen databases circulating on the internet, including in cybercriminal forums. As a public service, Atlas is now using its growing repository of stolen records to create a breach notification site, free of charge. DataBreach.com builds off Atlas's effort in August to host a site notifying users whether their Social Security number and other personal information were leaked in the National Public Data hack. Importantly, Atlas designed DataBreach.com to prevent it from storing or collecting any sensitive user information typed into the site. Instead, the site will fetch a hash from Atlas' servers, or a fingerprint of the user's personal information -- whether it be an email address, name, or SSN -- and compare it to whatever the user is searching for. "The comparison will be done locally," meaning it'll occur on the user's PC or phone, rather than Atlas's internet server, de Saint Meloir said.

An anonymous reader quotes a report from Reuters: Australia Prime Minister Anthony Albanese said on Thursday the government would legislate for a ban on social media for children under 16, a policy the government says is world-leading. "Social media is doing harm to our kids and I'm calling time on it," Albanese told a news conference. Legislation will be introduced into parliament this year, with the laws coming into effect 12 months after it is ratified by lawmakers, he added. There will be no exemptions for users who have parental consent.

"The onus will be on social media platforms to demonstrate they are taking reasonable steps to prevent access," Albanese said. "The onus won't be on parents or young people." Communications Minister Michelle Rowland said platforms impacted would include Meta Platforms' Instagram and Facebook, as well as Bytedance's TikTok and Elon Musk's X. Alphabet's YouTube would likely also fall within the scope of the legislation, she added.

Intel faces a class-action lawsuit alleging its 13th and 14th generation desktop processors from 2022 and 2023 are defective, causing system instability and frequent crashes. The suit claims that Intel knew of the issue but continued marketing the processors anyway. The Register reports: The plaintiff, Mark Vanvalkenburgh of Orchard Park, New York, purchased an Intel Core i7-13700K from Best Buy in January 2023, according to the complaint [PDF]. "After purchasing the product, Plaintiff learned that the processor was defective, unstable, and crashing at high rates," the complaint claims. "The processor caused issues in his computer, including random screen blackouts and random computer restarts. These issues were not resolved even after he attempted to install a patch issued by Intel for its 13th Generation processors."

The potential class-action lawsuit cites various media reports and social media posts dating back to December 2022 that describe problems with Intel's 13th and 14th generation processors, known as Raptor Lake. These reports document unexplained failures and system instability, as well as a higher-than-expected rate of product returns. "By late 2022 or early 2023, Intel knew of the defect," the complaint says. "Intel's Products undergo pre-release and post-release testing. Through these tests, Intel became aware of the defect in the processors." And because Intel continued making marketing claims touting the speed and performance of its products, with no mention of any defect, the complaint alleges that Intel committed fraud by omission, breached implied warranty, and violated New York General Business Law.

The federal government of Canada has ordered TikTok to shut down its operations in the country, citing national security concerns. However, Canadians will still be able to access the app and use it to create content. "The decision to use a social media application or platform is a personal choice," said Innovation Minister Francois-Philippe Champagne.

"We came to the conclusion that these activities that were conducted in Canada by TikTok and their offices would be injurious to national security. I'm not at liberty to go into much detail, but I know Canadians would understand when you're saying the government of Canada is taking measures to protect national security, that's serious." CBC News reports: Champagne urged Canadians to use TikTok "with eyes wide open." Critics have claimed that TikTok users' data could be obtained by the Chinese government. "Obviously, parents and anyone who wants to use social platform should be mindful of the risk," he said. The decision was made in accordance with the Investment Canada Act, which allows for the review of foreign investments that may harm Canada's national security.

Former CSIS director David Vigneault told CBC News it's "very clear" from the app's design that data gleaned from its users "is available to the government of China" and its large-scale data harvesting goals. "Most people can say, 'Why is it a big deal for a teenager now to have their data [on TikTok]?' Well in five years, in 10 years, that teenager will be a young adult, will be engaged in different activities around the world," he said at the time. "As an individual, I would say that I would absolutely not recommend someone have TikTok."

An anonymous reader quotes a report from The Guardian: The US supreme court grappled on Wednesday with a bid by Meta's Facebook to scuttle a federal securities fraud lawsuit brought by shareholders who accused the social media platform of misleading them about the misuse of user data. The justices heard arguments in Facebook's appeal of a lower court's decision allowing the 2018 class action suit led by Amalgamated Bank to proceed. The suit seeks unspecified monetary damages in part to recoup the lost value of the Facebook stock held by the investors. It is one of two cases coming before them this month -- the other one involving artificial intelligence chipmaker Nvidia on 13 November -- that could lead to rulings making it harder for private litigants to hold companies to account for alleged securities fraud.

At issue is whether Facebook broke the law when it failed to detail the prior data breach in subsequent business-risk disclosures, and instead portrayed the risk of such incidents as purely hypothetical. Facebook argued in a supreme court brief that it was not required to reveal that its warned-of risk had already materialized because "a reasonable investor" would understand risk disclosures to be forward-looking statements. "When we think about these questions, we're not looking only to lies or complete false statements," the liberal justice Elena Kagan told Kannon Shanmugam, the lawyer for Facebook. "We're also looking to misleading statements or misleading omissions." The conservative justice Samuel Alito asked Shanmugam: "Isn't it the case that an evaluation of risks is always forward-looking?" "It is. And that is essentially what underlies our argument here," Shanmugam responded.

The plaintiffs accused Facebook of misleading investors in violation of the Securities Exchange Act, a 1934 federal law that requires publicly traded companies to disclose their business risks. They claimed the company unlawfully withheld information from investors about a 2015 data breach involving British political consulting firm Cambridge Analytica that affected more than 30 million Facebook users. Edward Davila, a US district judge, dismissed the lawsuit but the San Francisco-based ninth US circuit court of appeals revived it. The supreme court's ruling is expected by the end of June.

An anonymous reader quotes a report from TorrentFreak: Rightsholders have asked Google to remove more than 10 billion 'copyright infringing' URLs from its search results. The search engine doesn't celebrate the milestone in any way, but the takedown notices document intriguing shifts in volume over time, as well as shifting takedown interests. [...] The path to 10 billion was turbulent. When Google first made DMCA details public it was processing a few million DMCA takedown requests in a year. That number swiftly increased to hundreds of millions and eventually reached a billion DMCA requests in 2016.

The exponential growth curve eventually flattened out and around 2017, the takedown volume started to decline. The decrease was in part due to various anti-piracy algorithms making pirated content less visible in search results. By downranking pirate sites, infringing content became harder to find. As a result, Google processed fewer takedown notices, a welcome change for both rightsholders and the search engine. Today, Google continues to make pirate sites less visible in search, but the reduction in takedown notices didn't last. On the contrary, over the past several months, Google search processed a record number of DMCA notices.

Last summer, the search giant recorded the 7 billionth takedown request and after that the numbers shot up, adding billions more in the year that followed. The company is now handling removal requests at a rate of roughly 2.5 billion per year; a new record. This represents more than 50 million takedown requests per week and roughly 5,000 every minute. [...] While the 10 billionth reported URL is undoubtedly a milestone, this number is largely driven by a few rightsholders, reporting outfits, and domain names. The aforementioned takedown outfit Link-Busters, for example, accounts for roughly 15% of all reported links, nearly 1.5 billion. Similarly, the ten most prolific rightsholders, including the BPI, HarperCollins, and VIZ Media, are responsible for 40% of all reported links. These ten companies are only a tiny fraction of the 600,000 rightsholders that reported pirated links, however. A small group of domains also receives a disproportionate amount of attention. In total, 5,400,061 domains have been reported, with the top domains having dozens of millions of flagged URLs each. However, most domains have only a few flagged links, some of which are erroneous.