Long-time Slashdot reader schwit1 shared this report from non-profit libertarian law firm, the Institute for Justice: U.S. District Judge Rita Lin has permanently enjoined the California Bureau of Security and Investigative Services from enforcing its private-investigator licensing requirement against anti-spam entrepreneur Jay Fink. The order declares that forcing Jay to get a license to run his business is so irrational that it violates the Due Process Clause of the Fourteenth Amendment...

Jay's business stems from California's anti-spam act, which allows individuals to sue spammers. But to sue, they have to first compile evidence. To do that, recipients often have to wade through thousands of emails. For more than a decade, Jay has offered a solution: he and his team will scour a client's junk folder and catalog the messages that likely violate the law. But last summer, Jay's job — and Californians' ability to bring spammers to justice — came to a screeching halt when the state told him he was a criminal. A regulator told Jay he needed a license to read through emails that might be used as evidence in a lawsuit. And because Jay didn't have a private investigator license, the state shut him down.
The state of California has since "agreed to jointly petition the court for an order that forever prohibits it from enforcing its licensure law against Jay," according to the article.

Otherwise the anti-spam crusader would've had to endure thousands of hours of private investigator training...

MuckRock is a U.S.-based 501(c)(3) non-profit collaborative news site to "request, analyze and share government documents," according to its web site.

And long-time Slashdot reader schwit1 shared their report about a lecture by Admiral Grace Hopper: In a vault at the National Security Agency lies a historical treasure: two AMPEX 1-inch open reel tapes containing a landmark lecture by Admiral Grace Hopper, a giant in the field of computer science. Titled 'Future Possibilities: Data, Hardware, Software, and People,' this lecture, recorded on August 19, 1982, at the NSA's Fort Meade headquarters, and stored in the video archives of the National Cryptographic School, offers a rare glimpse into the mind of a pioneer who shaped the very fabric of technology. Yet this invaluable artifact remains inaccessible, trapped in an obsolete format that the NSA will not release, stating that the agency is unable to play it back.
"NSA is not required to find or obtain new technology (outdated or current) in order to process a request," states the official response from the agency. But MuckRock adds that on June 25, "responding to a follow-up request, the NSA at least provided an image of the tape labels," leading MuckRock to complain that the NSA "is well-positioned to locate, borrow and use a working VTR machine to access Admiral Hopper's lectures... The NSA, with its history of navigating complex technological landscapes and decrypting matters of national significance, does not typically shy away from a challenge." The challenge of accessing these recordings is not just technical, but touches on broader issues around preserving technological heritage.... It is our shared obligation to safeguard such pivotal elements of our nationâ(TM)s history, ensuring they remain within reach of future generations. While the stewardship of these recordings may extend beyond the NSAâ(TM)s typical purview, they are undeniably a part of Americaâ(TM)s national heritage.

Slashdot reader Kirschey writes: The U.S. Customs and Border Protection determined that the redesigned Apple Watch models do not violate AliveCor's electrocardiogram patents, allowing them to be imported. This decision comes before a consolidated hearing at the Federal Circuit Court regarding the same patents.
From the decision: We find that Apple Inc. ("Apple") has met its burden to show that certain redesigned wearable devices ("articles at issue") do not infringe one or more of claims 12, 13, and 19-23 of U.S. Patent No. 10,638,941 ("the '941 Patent") and claims 1, 3, 5, 8-10, 12, 15, and 16 of U.S. Patent No. 10,595,731 ("the '731 Patent). Thus, CBP's position is that the articles at issue are not subject to the limited exclusion order that the U.S. International Trade Commission ("Commission" or "ITC") issued in Investigation No. 337-TA-1266 ("the underlying investigation" or "the 1266 investigation"), pursuant to Section 337 of the Tariff Act of 1930, as amended, 19 U.S.C. 1337 ("Section 337").

A 2023 red team exercise by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) at an unnamed federal agency exposed critical security failings, including unpatched vulnerabilities, inadequate incident response, and weak credential management, leading to a full domain compromise. According to The Register's Connor Jones, the agency failed to detect or remediate malicious activity for five months. From the report: According to the agency's account of the exercise, the red team was able to gain initial access by exploiting an unpatched vulnerability (CVE-2022-21587 - 9.8) in the target agency's Oracle Solaris enclave, leading to what it said was a full compromise. It's worth noting that CVE-2022-21587, an unauthenticated remote code execution (RCE) bug carrying a near-maximum 9.8 CVSS rating, was added to CISA's known exploited vulnerability (KEV) catalog in February 2023. The initial intrusion by CISA's red team was made on January 25, 2023. "After gaining access, the team promptly informed the organization's trusted agents of the unpatched device, but the organization took over two weeks to apply the available patch," CISA's report reads. "Additionally, the organization did not perform a thorough investigation of the affected servers, which would have turned up IOCs and should have led to a full incident response. About two weeks after the team obtained access, exploit code was released publicly into a popular open source exploitation framework. CISA identified that the vulnerability was exploited by an unknown third party. CISA added this CVE to its Known Exploited Vulnerabilities Catalog on February 2, 2023." [...]

After gaining access to the Solaris enclave, the red team discovered they couldn't pivot into the Windows part of the network because missing credentials blocked their path, despite enjoying months of access to sensitive web apps and databases. Undeterred, CISA managed to make its way into the Windows network after carrying out phishing attacks on unidentified members of the target agency, one of which was successful. It said real adversaries may have instead used prolonged password-praying attacks rather than phishing at this stage, given that several service accounts were identified as having weak passwords. After gaining that access, the red team injected a persistent RAT and later discovered unsecured admin credentials, which essentially meant it was game over for the agency being assessed. "None of the accessed servers had any noticeable additional protections or network access restrictions despite their sensitivity and critical functions in the network," CISA said.

CISA described this as a "full domain compromise" that gave the attackers access to tier zero assets -- the most highly privileged systems. "The team found a password file left from a previous employee on an open, administrative IT share, which contained plaintext usernames and passwords for several privileged service accounts," the report reads. "With the harvested Lightweight Directory Access Protocol (LDAP) information, the team identified one of the accounts had system center operations manager (SCOM) administrator privileges and domain administrator privileges for the parent domain. "They identified another account that also had administrative permissions for most servers in the domain. The passwords for both accounts had not been updated in over eight years and were not enrolled in the organization's identity management (IDM)." From here, the red team realized the victim organization had trust relationships with multiple external FCEB organizations, which CISA's team then pivoted into using the access they already had.

The team "kerberoasted" one partner organization. Kerberoasting is an attack on the Kerberos authentication protocol typically used in Windows networks to authenticate users and devices. However, it wasn't able to move laterally with the account due to low privileges, so it instead used those credentials to exploit a second trusted partner organization. Kerberoasting yielded a more privileged account at the second external org, the password for which was crackable. CISA said that due to network ownership, legal agreements, and/or vendor opacity, these kinds of cross-organizational attacks are rarely tested during assessments. However, SILENTSHIELD assessments are able to be carried out following new-ish powers afforded to CISA by the FY21 National Defense Authorization Act (NDAA), the same powers that also allow CISA's Federal Attack Surface Testing (FAST) pentesting program to operate. It's crucial that these avenues are able to be explored in such exercises because they're routes into systems adversaries will have no reservations about exploring in a real-world scenario. For the first five months of the assessment, the target FCEB agency failed to detect or remediate any of the SILENTSHIELD activity, raising concerns over its ability to spot genuine malicious activity. CISA said the findings demonstrated the need for agencies to apply defense-in-depth principles. The cybersecurity agency recommended network segmentation and a Secure-by-Design commitment.

An anonymous reader quotes a report from 404 Media: John Binns, a U.S. citizen who has been incarcerated in Turkey, is linked to the massive data breach of metadata belonging to nearly all of AT&T's customers that the telecommunications giant announced on Friday, three sources independently told 404 Media. [...] As 404 Media reported in January, Binns has already been indicted for allegedly breaking into T-Mobile in 2021 and selling stolen data on more than 40 million people. Now, he is allegedly connected to the latest breach against AT&T, which the company said it detected in April.

The AT&T data was lifted from a Snowflake instance, a data warehousing tool, AT&T told 404 Media. Snowflake has been at the center of a series of massive and high profile breaches, including Ticketmaster and Santander. In a blog post published in June which covered a threat actor targeting Snowflake instances, cybersecurity company Mandiant said the threat actor, which it dubs UNC5537, "comprises members based in North America, and collaborates with an additional member in Turkey." In its breach announcement, AT&T said authorities had already apprehended one of the people involved in the breach. Binns was recently arrested and detained in Turkey, The Desk reported in May. That report, which is the last public information about his whereabouts, says he was detained following an extradition request from the U.S. Before he was arrested, Binns told 404 Media in January that he had "reasons to not be concerned" about being extradited.

U.S. phone giant AT&T confirmed Friday it will begin notifying millions of consumers about a fresh data breach that allowed cybercriminals to steal the phone records of "nearly all" of its customers. TechCrunch: In a statement, AT&T said that the stolen data contains phone numbers of both cellular and landline customers, as well as AT&T records of calls and text messages -- such as who contacted who by phone or text -- during a six-month period between May 1, 2022 and October 31, 2022. AT&T said some of the stolen data includes more recent records from January 2, 2023 for a smaller but unspecified number of customers.

The stolen data also includes call records of customers with phone service from other cell carriers that rely on AT&T's network, the company said. [...] In all, the phone giant said it will notify around 110 million AT&T customers of the data breach, company spokesperson Andrea Huguely told TechCrunch.

An anonymous reader quotes a report from TechCrunch: A data breach at the phone surveillance operation mSpy has exposed millions of its customers who bought access to the phone spyware app over the past decade, as well as the Ukrainian company behind it. Unknown attackers stole millions of customer support tickets, including personal information, emails to support, and attachments, including personal documents, from mSpy in May 2024. While hacks of spyware purveyors are becoming increasingly common, they remain notable because of the highly sensitive personal information often included in the data, in this case about the customers who use the service. The hack encompassed customer service records dating back to 2014, which were stolen from the spyware maker's Zendesk-powered customer support system.

mSpy is a phone surveillance app that promotes itself as a way to track children or monitor employees. Like most spyware, it is also widely used to monitor people without their consent. These kinds of apps are also known as "stalkerware" because people in romantic relationships often use them to surveil their partner without consent or permission. The mSpy app allows whoever planted the spyware, typically someone who previously had physical access to a victim's phone, to remotely view the phone's contents in real-time. As is common with phone spyware, mSpy's customer records include emails from people seeking help to surreptitiously track the phones of their partners, relatives, or children, according to TechCrunch's review of the data, which we independently obtained. Some of those emails and messages include requests for customer support from several senior-ranking U.S. military personnel, a serving U.S. federal appeals court judge, a U.S. government department's watchdog, and an Arkansas county sheriff's office seeking a free license to trial the app. Even after amassing several million customer service tickets, the leaked Zendesk data is thought to represent only the portion of mSpy's overall customer base who reached out for customer support. The number of mSpy customers is likely to be far higher. mSpy's owners, a Ukraine-based company called Brainstack, have yet to publicly disclose the breach. You can visit Have I Been Pwned to see if your email address was involved in a breach.

snydeq shares a report from CSO Online, written by Lucian Constantin: A personal GitHub access token with administrative privileges to the official repositories for the Python programming language and the Python Package Index (PyPI) was exposed for over a year. The access token belonged to the Python Software Foundation's director of infrastructure and was accidentally included in a compiled binary file that was published as part of a container image on Docker Hub. [...] The incident shows that scrubbing access tokens from source code only, which some development tools do automatically, is not enough to prevent potential security breaches. Sensitive credentials can also be included in environment variables, configuration files and even binary artifacts as a result of automated build processes and developer mistakes. "Although we encounter many secrets that are leaked in the same manner, this case was exceptional because it is difficult to overestimate the potential consequences if it had fallen into the wrong hands -- one could supposedly inject malicious code into PyPI packages (imagine replacing all Python packages with malicious ones), and even to the Python language itself," researchers from security firm JFrog, who found and reported the token, wrote in a report.

A bipartisan group of senators reached a new agreement on legislation that would ban members of Congress, their spouses and dependent children, as well as the president and vice president, from purchasing and selling stocks while in office. According to CNBC, it would also give lawmakers 90 days to sell their stocks. From the report: The proposal is the latest chapter in a yearslong saga in Congress to pass regulations that limit lawmakers' ability to buy and sell stocks, and the first one to get formal consideration by a Senate committee -- in this case the Homeland Security & Governmental Affairs Committee on July 24. Ethics experts say that legislators' access to the kind of information they receive gives them the potential of having an unfair advantage to the investing public.

Sens. Hawley, Jon Ossoff, D-Ga., Jeff Merkley, D-Ore., and Gary Peters, D-Mich., negotiated and announced the new details. If passed, the bill would also prohibit lawmakers' spouses and dependent children from trading stocks, beginning March 2027. Also starting that year, the U.S. president, vice president and all members of Congress would have to divest from any covered investments. The penalty for violating the divestment mandate, as proposed by the senators, would cost a lawmaker the greater amount of either their monthly salary, or 10% of the value of each covered asset in violation.

An anonymous reader shares a report: A CNN investigation found the use of hidden cameras is a persistent problem in the industry. Regulations are sparse, and the punishments for those that commit these crimes are lenient -- video voyeurism is typically charged as a misdemeanor. Meanwhile, the people who are recorded -- often naked or engaging in sexual activities -- say they suffer from long-term trauma and the fear that their images could, at any moment, be disseminated on the internet. An Airbnb spokesperson told CNN that hidden camera complaints are rare, but when they do occur, "we take appropriate, swift action, which can include removing hosts and listings that violate the policy."

At a court-ordered deposition last year, an Airbnb representative was supposed to answer a key question from the attorney suing the company: How many complaints or reports had been made to Airbnb since December 1, 2013, of people who had been recorded by surveillance devices? The Airbnb representative testified that the company generated 35,000 customer support tickets about surveillance devices in the preceding decade. An Airbnb spokesperson told CNN that a single report could create multiple tickets. The company declined to specify how many unique complaints there have been. In the deposition, which has not been previously reported, the company representative sought to downplay the significance of the number of tickets, testifying they could reflect instances such as a malfunctioning doorbell camera or a tablet with recording capabilities left out on a coffee table. The representative did not provide any statistics detailing the number of claims she suggested were innocuous among the 35,000 tickets.

A US District Court judge in San Francisco has largely dismissed a class-action lawsuit against GitHub, Microsoft, and OpenAI, which challenged the legality of using code samples to train GitHub Copilot. The judge ruled that the plaintiffs failed to establish a claim for restitution or unjust enrichment but allowed the claim for breach of open-source license violations to proceed. InfoWorld reports: The lawsuit, first filed in Nov. 2022, claimed that GitHub's training of the Copilot AI on public GitHub code repositories violated the rights of the "vast number of creators" who posted code under open-source licenses on GitHub. The complaint (PDF) alleged that "Copilot ignores, violates, and removes the Licenses offered by thousands -- possibly millions -- of software developers, thereby accomplishing software piracy on an unprecedented scale." [...]

In a decision first announced on June 24, but only unsealed and made public on July 5, California Northern District judge Jon S. Tigar wrote that "In sum, plaintiff's claims do not support the remedy they seek. Plaintiffs have failed to establish, as a matter of law, that restitution for any unjust enrichment is available as a measure of plaintiffs' damages for their breach of contract claims." Judge Tigar went on to state that "court dismisses plaintiffs' section 1202(b) claim, this time with prejudice. The Court declines to dismiss plaintiffs' claim for breach of contract of open-source license violations against all defendants. Finally, the court dismisses plaintiffs' request for monetary relief in the form of unjust enrichment, as well as plaintiffs' request for punitive damages."

An anonymous reader quotes a report from Ars Technica: Northwest Oregon had never seen anything like it. Over the course of three days in June 2021, Multnomah County -- the state's most populous county, which rests in the swayback along Oregon's northern border -- recorded highs of 108, 112, and 116 degrees Fahrenheit. Temperatures were so hot that the metal on cable cars melted and the asphalt on roadways buckled. Nearly half the homes in the county lacked cooling systems because of Oregon's typically gentle summers, where average highs top out at 81 degrees. Sixty-nine people perished from heat stroke, most of them in their homes. When scientific studies showed that the extreme temperatures were caused by heat domes, which experts say are influenced by climate change, county officials didn't just chalk it up to a random weather occurrence. They started researching the large fossil fuel companies whose emissions are driving the climate crisis -- including ExxonMobil, Shell, and Chevron -- and sued them (PDF).

"This catastrophe was not caused by an act of God," said Jeffrey B. Simon, a lawyer for the county, "but rather by several of the world's largest energy companies playing God with the lives of innocent and vulnerable people by selling as much oil and gas as they could." Now, 11 months after the suit was filed, Multnomah County is preparing to move forward with the case in Oregon state court after a federal judge in June settled (PDF) a monthslong debate over where the suit should be heard. About three dozen lawsuits have been filed by states, counties, and cities seeking damages from oil and gas companies for harms caused by climate change. Legal experts said the Oregon case is one of the first focused on public health costs related to high temperatures during a specific occurrence of the "heat dome effect." Most of the other lawsuits seek damages more generally from such ongoing climate-related impacts as sea level rise, increased precipitation, intensifying extreme weather events, and flooding. [...]

The Multnomah County lawsuit says that Exxon, Shell, Chevron, and others engaged in a range of improper practices, including negligence, creating a public nuisance, fraud, and deceit. The suit alleges that the companies were aware of the harms of fossil fuels and engaged in a "scheme to rapaciously sell fossil fuel products and deceptively promote them as harmless to the environment, while they knew that carbon pollution emitted by their products into the atmosphere would likely cause deadly extreme heat events like that which devastated Multnomah County." "We know that climate-induced weather events like the 2021 Heat Dome harm the residents of Multnomah County and cause real financial costs to our local government," Multnomah County Chair Jessica Vega Pederson said in a statement. "The Court's decision to hear this lawsuit in State Court validates our assertion that the case should be resolved here -- it's an important win for this community." In the suit, officials in Portland's Multnomah County said that they will ultimately incur costs in excess of $1.5 billion to deal with the effects of the 2021 heat dome.

"We allege that this is just like any other kind of public health crisis and mass destruction of property that is caused by corporate wrongdoing," said Simon, partner in the law firm of Simon Greenstone Panatier. "We contend that these companies polluted the atmosphere with carbon from the burning of fossil fuels; that they foresaw that extreme environmental harm would be caused by it; that some of them, we contend, deliberately misled the public about that."

Eton College, Britain's elite boarding school with alumni that includes Princes William and Harry, as well as George Orwell and a long list of others, is banning incoming students from having smartphones. Instead, the school will provide students with a Nokia "brick" phone, which will only be capable of making calls and sending text messages. CBS News reports: Parents of first-year students at Eton -- where tuition exceeds $60,000 per year -- were informed of the changes in a letter, which said that incoming 13-year-old boarders should have their smart devices taken home after their SIM cards are transferred to offline Nokia phones provided by the school, which can only make calls and send simple text messages. Eton's previous rules on smartphones required first-year students to hand over their devices overnight.

"Eton routinely reviews our mobile phone and devices policy to balance the benefits and challenges that technology brings to schools," a spokesperson for the school told CBS News on Tuesday, adding that those joining in Year 9, essentially the equivalent of freshman year in high school for American students, "will receive a 'brick' phone for use outside the school day, as well as a school-issued iPad to support academic study." The spokesperson added that "age-appropriate controls remain in place for other year groups." The ban follows a recent guidance issued by the UK government backing school principals who decide to ban smartphones during the school day. The goal is to help minimize disruption and improve classroom behavior.

An anonymous reader quotes a report from The Guardian: A court in south-west Spain has sentenced 15 schoolchildren to a year's probation for creating and spreading AI-generated images of their female peers in a case that prompted a debate on the harmful and abusive uses of deepfake technology. Police began investigating the matter last year after parents in the Extremaduran town of Almendralejo reported that faked naked pictures of their daughters were being circulated on WhatsApp groups. The mother of one of the victims said the dissemination of the pictures on WhatsApp had been going on since July.

"Many girls were completely terrified and had tremendous anxiety attacks because they were suffering this in silence," she told Reuters at the time. "They felt bad and were afraid to tell and be blamed for it." On Tuesday, a youth court in the city of Badajoz said it had convicted the minors of 20 counts of creating child abuse images and 20 counts of offenses against their victims' moral integrity. Each of the defendants was handed a year's probation and ordered to attend classes on gender and equality awareness, and on the "responsible use of technology." [...] Police identified several teenagers aged between 13 and 15 as being responsible for generating and sharing the images. Under Spanish law minors under 14 cannot be charged but their cases are sent to child protection services, which can force them to take part in rehabilitation courses. Further reading: First-Known TikTok Mob Attack Led By Middle Schoolers Tormenting Teachers

A U.S. government agency tasked with supporting the nation's nuclear deterrence capability has bought access to a data tool that claims to cover more than 90 percent of the world's internet traffic, and can in some cases let users trace activity through virtual private networks, according to documents obtained by 404 Media. From the report: The documents provide more insight into the use cases and customers of so-called netflow data, which can show which server communicated with another, information that is ordinarily only available to the server's owner, or the internet service provider (ISP) handling the traffic. Other agencies that have purchased the data include the U.S. Army, NCIS, FBI, IRS, with some government clients saying it would take too long to get data from the NSA, so they bought this tool instead. In this case, the Defense Threat Reduction Agency (DTRA) says it is using the data to perform vulnerability assessments of U.S. and allied systems.

A document written by the DTRA and obtained by 404 Media says the agency "has a requirement to support ongoing assessments of the vulnerability of critical U.S. and allied national/theater mission systems, networks, architectures, infrastructures, and assets." The tool "is capable of following communications between servers, even private servers," which allows the agency to identify infrastructure used by malicious actors, the document continues. That contract was for $490,000 in 2023, according to the document. 404 Media obtained the document and others under a Freedom of Information Act (FOIA) request.

An anonymous reader quotes a report from TechCrunch: As deep-pocketed companies like Amazon, Google and Walmart invest in and experiment with drone delivery, a phenomenon reflective of this modern era has emerged. Drones, carrying snacks and other sundries, are being shot out of the sky. Incidents are still rare. However, a recent arrest in Florida, in which a man allegedly shot down a Walmart drone, raises questions of what the legal ramifications are and whether those consequences could escalate if these events become more common. [...] While consumer drones have been proliferating for well over a decade, the question of legal ramifications hasn't been wholly clear. The Federal Aviation Administration (FAA) gave us a partial answer following a 2016 drone shooting in Arkansas. At the time, the FAA pointed interested parties to 18 U.S.C. 32. The law, titled "Aircraft Sabotage," is focused on the wanton destruction of "any aircraft in the special aircraft jurisdiction of the United States or any civil aircraft used, operated or employed in interstate, overseas, or foreign air commerce."

At first glance, the law appears primarily focused on manned aircraft, including a provision that "makes it a Federal offense to commit an act of violence against any person on the aircraft, not simply crew members, if the act is likely to endanger the safety of the aircraft." In responding to the Arkansas drone shooting, however, the FAA asserts that such protections can be interpreted to also include UAVs (unmanned aerial vehicles). The language does, indeed, appear broad enough to cover drones. That means, in turn, that the penalties are potentially as stiff. The subject was revived after a 2020 incident in Minnesota. In that case, the suspect was hit with felony charges relating to criminal damage and discharging a weapon within city limits. Those would likely also be the charges in most scenarios involving property, rather than bodily damage, drone or not. Even with these examples, there is not a rigid rule that predicts if or when prosecutors might also introduce a federal charge like 18 U.S.C. 32.

As the legal blog Above the Law notes, in most cases, the federal government has deferred to state law for enforcement. Meanwhile, in most cases where 18 U.S.C. 32 has been applied, if a human crew/passengers are involved, there could be other potential charges like murder. It certainly can be argued that shooting a large piece of hardware out of the sky in a heavily populated area invites its own potential for bodily harm, though it may not be prosecuted in the same manner. As drone delivery increases in the U.S., however, we may soon have an answer to the role federal legislation like 18 U.S.C. 32 will play in UAV shootings. Adding that into the picture brings penalties, including fines and up to 20 years in prison, potentially compounding those consequences. What is clear, though, is that the consequences can be severe, whether it is invoked.

Anna's Archive, a meta-search engine for pirated books and other sources, faces monetary damages and a permanent injunction at a U.S. court. According to TorrentFreak, the operators of the site "failed to respond to a lawsuit filed by [Online Computer Library Center (OCLC)], after its WorldCat database was scraped and published online." From the report: The site launched in the fall of 2022, just days after Z-Library was targeted in a U.S. criminal crackdown, to ensure continued availability of 'free' books and articles to the broader public. Late last year, Anna's Archive expanded its offering by making information from OCLC's proprietary WorldCat database available online. The site's operators took more than a year to scrape several terabytes of data and published roughly 700 million unique records online, for free.

This 'metadata' heist was a massive breakthrough in the site's quest to archive as much published content as possible. However, OCLC wasn't pleased and responded with a lawsuit (PDF) at an Ohio federal court, accusing the site and its operators of hacking and demanding damages. The non-profit says that it spent more than a million dollars responding to Anna's Archive's alleged hacking efforts. Even then, it couldn't prevent the data from being released through a torrent. "Defendants, through the Anna's Archive domains, have made, and continue to make, all 2.2 TB of WorldCat data available for public download through its torrents," OCLC wrote in the complaint it filed in an Ohio federal court.

In the months that passed since then, the operators of Anna's Archive didn't respond in court. The only named defendant flat-out denied all connections to the site, and OCLC didn't receive any response from any of the official Anna's Archive email addresses that were served. Meanwhile, the pirate library continues to offer the WorldCat data, which is a major problem for the organization. Without the prospect of a two-sided legal battle, OCLC has now moved for a default judgment. [...] In addition to monetary damages, the non-profit also seeks injunctive relief. The motion doesn't specify the requested measures, but the original complaint sought an order that prevents Anna's Archive from scraping WorldCat data going forward. In addition, all previously scraped data should no longer be distributed. Instead, it should be destroyed in full, including all the torrents that are currently being offered.

Andy Maxwell reports via TorrentFreak: On November 4, 2022, the United States Department of Justice and the FBI began seizing Z-Library's domains as part of a major operation to shut down the infamous 'shadow library' platform. A criminal investigation had identified two Russian nationals, Anton Napolsky and Valeriia Ermakova, as the alleged operators of the site. On October 21, 2022, at the U.S. District Court for the Eastern District of New York, Judge Sanket J. Bulsara ordered their arrest. They were detained in Argentina on November 3, 2022. After arriving at the Ambrosio Taravella International Airport, the unsuspecting couple cleared customs and hired a car from a popular rental company. The United States Embassy informed local authorities that the pair were subject to an Interpol Red Notice.

At what point the Russians' phones were tapped is unclear but, under the authority of a Federal Court arrest warrant, Argentinian law enforcement began tracking the couple's movements as they traveled south in their rented Toyota Corolla. [...] [F]ollowing a visit to El Calafate, the pair were arrested by airport security police as they arrived in Rio Gallegos, Santa Cruz. They were later transferred to Cordoba. In January 2023, Judge Miguel Hugo Vaca Narvaja authorized the Russians to be detained under house arrest. Approval from Cordoba prosecutor Maximiliano Hairabedian, who was responsible for the request to extradite Napolsky and Ermakova to the United States, was not obtained. With a federal indictment, alleging criminal copyright infringement, wire fraud, and money laundering offenses, waiting for them in the United States, the priority for Napolsky and Ermakova would soon be their fight against extradition. [...]

Patronato del Liberado (Patronage of the Liberated) is responsible for assisting people who have previously been detained by the authorities with family and social reintegration. It's also tasked with monitoring compliance of those on probation or subject to house arrest. According to unnamed 'judicial sources' cited by La Voz, which receives full credit for a remarkable scoop, when the group conducted a regular visit in May, to verify that Napolsky and Ermakova were in compliance with the rules set by the state, there was no trace of them. Patronato del Liberado raised the alarm and Judge Sanchez Freytes was immediately notified. Counsel for the defense during the extradition hearings said that he hadn't been able to contact the Russians either. The Judge ordered an international arrest warrant although there appeared to be at least some hope the pair hadn't left the country. However, that was many weeks ago and with no obvious news suggesting their recapture, the pair could be anywhere by now.

Boeing agreed on Sunday to plead guilty to conspiring to defraud the government in a case linked to crashes of its 737 Max jets in Indonesia and Ethiopia that killed 346 people -- a stunning turn for the aerospace giant after the Justice Department determined that Boeing failed to live up to terms of a 2021 deal to avoid prosecution. Washington Post adds: Prosecutors alleged that two Boeing pilots concealed key information from the Federal Aviation Administration about a new automated control system on the Max. The system was implicated in both crashes, causing uncontrollable dives. By agreeing to plead guilty to the single felony count just before a midnight deadline Sunday, the company will avoid going to trial in the high-profile case.

The Justice Department filed documents related to the deal in federal court in Texas late Sunday night, setting up a planned hearing where family members -- who have criticized the pending agreement -- will be permitted to speak out. The court subsequently must decide whether to accept the plea agreement. Boeing had already agreed to $2.5 billion in penalties and payouts in 2021. As part of the new deal, the company will pay an additional $487.2 million in penalties, agree to oversight by an independent monitor, spend at least $455 million to strengthen compliance and safety programs and be placed on supervised probation for roughly three years, according to a Justice Department official. The agreement also included one thing crash victims' families long sought: a meeting with Boeing's board of directors.

As Amazon's stock hits a record high (rising 32% just this year), long-time Slashdot reader theodp writes: GeekWire reports that Jeff Bezos keeps selling Amazon stock after announcing his move away from Washington state — and its 7% tax on capital gains of more than $262,000 from the sale of stocks and bonds — to Florida, which does not have a capital gains tax (like WA, FL also does not tax personal income).

Taylor Soper writes, "Bezos saved more than $600 million by moving to Miami and avoiding Washington's capital gains tax, CNBC reported in February, based on his sale of 50 million shares [$8.5 billion] earlier this year. With the sale of 25 million additional shares [$5 billion], revealed this week in a regulatory filing, Bezos will likely have saved close to $1 billion in total so far. It's a giant chunk of change that would have otherwise gone to the state of Washington."