×
Privacy

Europol Says Mobile Roaming Tech Making Its Job Too Hard (theregister.com) 33

Top Eurocops are appealing for help from lawmakers to undermine a privacy-enhancing technology (PET) they say is hampering criminal investigations -- and it's not end-to-end encryption this time. Not exactly. From a report: Europol published a position paper today highlighting its concerns around SMS home routing -- the technology that allows telcos to continue offering their services when customers visit another country. Most modern mobile phone users are tied to a network with roaming arrangements in other countries. EE customers in the UK will connect to either Telefonica or Xfera when they land in Spain, or T-Mobile in Croatia, for example.

While this usually provides a fairly smooth service for most roamers, Europol is now saying something needs to be done about the PETs that are often enabled in these home routing setups. According to the cops, they pointed out that when roaming, a suspect in a criminal case who's using a SIM from another country will have all of their mobile communications processed through their home network. If a crime is committed by a Brit in Germany, for example, then German police couldn't issue a request for unencrypted data as they could with a domestic operator such as Deutsche Telekom.

Businesses

Federal Judge Partially Blocks US Ban On Noncompetes (npr.org) 136

ZipNada writes: A federal court in Texas has partially blocked the government's ban on noncompete agreements that was set to take effect September 4. An estimated 30 million people, or one in five American workers, are bound by noncompetes. The employment agreements typically prevent workers -- everyone from minimum wage earners to CEOs -- from joining competing businesses or launching ones of their own.

In its complaint, Ryan LLC accused the FTC of overstepping its statutory authority in declaring all noncompetes unfair and anticompetitive. Judge Brown agreed, writing, "The FTC lacks substantive rulemaking authority with respect to unfair methods of competition." Through a statement Wednesday evening, the FTC said its authority is supported by both statute and precedent. "We will keep fighting to free hardworking Americans from unlawful noncompetes, which reduce innovation, inhibit economic growth, trap workers, and undermine Americans' economic liberty," wrote FTC spokesman Douglas Farrar. The FTC has long argued that noncompetes hurt workers.

Piracy

Sony Music Goes After Piracy Portal 'Hikari-no-Akari' (torrentfreak.com) 15

An anonymous reader quotes a report from TorrentFreak: Hikari-no-Akari, a long-established and popular pirate site that specializes in Japanese music, is being targeted in U.S. federal court by Sony Music. [...] The music download portal, which links to externally hosted files, has been operating for well over a decade and currently draws more than a million monthly visits. In addition to the public-facing part of the site, HnA also has a private forum and Discord channel. [...] Apparently, Sony Music Japan has been keeping an eye on the unauthorized music portal. The company has many of its works shared on the site, including anime theme music, which is popular around the globe.

For example, a few weeks ago, HnA posted "Sayonara, Mata Itsuka!" from the Japanese artist Kenshi Yonezu, which is used as the theme song for the asadora series "The Tiger and Her Wings." Around the same time, PEACEKEEPER, a song by Japanese musician STEREO DIVE FOUNDATION, featured in the third season of the series "That Time I Got Reincarnated as a Slime", was shared on the site. Sony Music Japan is a rightsholder for both these tracks, as well as many others that were posted on the site. The music company presumably tried to contact HnA directly to have these listings removed and reached out to its CDN service Cloudflare too, asking it to take action. [...] They are a prerequisite for obtaining a DMCA subpoena, which Sony Music Japan requested at a California federal court this week.

Sony requested two DMCA subpoenas, both targeted at hikarinoakari.com and hnadownloads.co. The latter domain receives the bulk of its traffic from the first, which isn't a surprise considering the 'hnadownloads' name. Through the subpoena, the music company hopes to obtain additional information on the people behind these sites. That includes, names, IP-addresses, and payment info. Presumably, this will be used for follow-up enforcement actions. It's unclear whether Cloudflare will be able to hand over any usable information and for the moment, HnA remains online. Several of the infringing URLs that were identified by Sony have recently been taken down, including this one. However, others remain readily available. The same applies to private forum threads and Discord postings, of course.

Privacy

OpenAI's ChatGPT Mac App Was Storing Conversations in Plain Text (theverge.com) 15

OpenAI's ChatGPT app for macOS contained a security vulnerability until Friday, potentially exposing users' conversations to unauthorized access, according to a developer's findings. The flaw allowed stored chats to be easily located and read in plain text on users' computers. Pedro Jose Pereira Vieito demonstrated the issue on social media, showing how a separate application could access and display recent ChatGPT conversations.
United States

FTC Warns Three PC Tech Companies of Potential Warranty Violations (pcworld.com) 22

The FTC has issued warnings to several tech firms, including PC manufacturers ASRock, Gigabyte, and Zotac, regarding potential violations of the Magnuson-Moss Warranty Act. The agency expressed concerns that the companies' warranty and repair policies may be infringing on consumer rights. PCWorld adds: While the specific concerns vary by company, the FTC reminded the three companies that they can't, for example, place stickers on a laptop that caution consumers that opening or repairing the laptop violates warranty policies.

Neither can they state or imply that their products can only be repaired via an authorized service from the company. In the letter sent to Gigabyte (PDF), the FTC said that its staff is "concerned" by the Gigabyte written warranty, which includes the phrase: "If the manufacturing sticker inside the product was removed or damaged, it would no longer be covered by the warranty."

AI

Brazil Data Regulator Bans Meta From Mining Data To Train AI Models 13

Brazil's national data protection authority ruled on Tuesday that Meta must stop using data originating in the country to train its artificial intelligence models. The Associated Press reports: Meta's updated privacy policy enables the company to feed people's public posts into its AI systems. That practice will not be permitted in Brazil, however. The decision stems from "the imminent risk of serious and irreparable or difficult-to-repair damage to the fundamental rights of the affected data subjects," the agency said in the nation's official gazette. [...] Hye Jung Han, a Brazil-based researcher for the rights group, said in an email Tuesday that the regulator's action "helps to protect children from worrying that their personal data, shared with friends and family on Meta's platforms, might be used to inflict harm back on them in ways that are impossible to anticipate or guard against."

But the decision regarding Meta will "very likely" encourage other companies to refrain from being transparent in the use of data in the future, said Ronaldo Lemos, of the Institute of Technology and Society of Rio de Janeiro, a think-tank. "Meta was severely punished for being the only one among the Big Tech companies to clearly and in advance notify in its privacy policy that it would use data from its platforms to train artificial intelligence," he said. Compliance must be demonstrated by the company within five working days from the notification of the decision, and the agency established a daily fine of 50,000 reais ($8,820) for failure to do so.
In a statement, Meta said the company is "disappointed" by the decision and insists its method "complies with privacy laws and regulations in Brazil."

"This is a step backwards for innovation, competition in AI development and further delays bringing the benefits of AI to people in Brazil," a spokesperson for the company added.
The Courts

Supreme Court to Hear Case on Texas Law Restricting Access to Porn (nytimes.com) 130

The Supreme Court has agreed to hear a challenge to a Texas law requiring age verification to access online pornography, which opponents argue violates the First Amendment by discouraging adults from viewing such material due to privacy concerns. A federal judge blocked the law citing its chilling effect on free speech, but a divided appeals court upheld it, emphasizing the government's interest in protecting minors; the case will now be reviewed by the Supreme Court. The Texas bill in question, HB 1181, was passed into law last June. The New York Times reports: The Supreme Court agreed on Tuesday to hear a challenge to a Texas law that seeks to limit minors' access to pornography on the internet by requiring age verification measures like the submission of government-issued IDs. A trade group, companies that produce sexual materials and a performer challenged the law, saying that it violates the First Amendment right of adults. The law does not allow companies to retain information their users submit. But the challengers said adults would be wary of supplying personal information for fear of identity theft, tracking and extortion. [...]

In urging the Supreme Court to leave the law in place while it considers whether to hear the case, Ken Paxton, Texas' attorney general, said pornography available on the internet is "orders of magnitude more graphic, violent and degrading than any so-called 'girlie' magazine of yesteryear." He added: "This statute does not prohibit the performance, production or even sale of pornography but, more modestly, simply requires the pornography industry that make billions of dollars from peddling smut to take commercially reasonable steps to ensure that those who access the material are adults. There is nothing unconstitutional about it."

AI

AI Trains On Kids' Photos Even When Parents Use Strict Privacy Settings 33

An anonymous reader quotes a report from Ars Technica: Human Rights Watch (HRW) continues to reveal how photos of real children casually posted online years ago are being used to train AI models powering image generators -- even when platforms prohibit scraping and families use strict privacy settings. Last month, HRW researcher Hye Jung Han found 170 photos of Brazilian kids that were linked in LAION-5B, a popular AI dataset built from Common Crawl snapshots of the public web. Now, she has released a second report, flagging 190 photos of children from all of Australia's states and territories, including indigenous children who may be particularly vulnerable to harms. These photos are linked in the dataset "without the knowledge or consent of the children or their families." They span the entirety of childhood, making it possible for AI image generators to generate realistic deepfakes of real Australian children, Han's report said. Perhaps even more concerning, the URLs in the dataset sometimes reveal identifying information about children, including their names and locations where photos were shot, making it easy to track down children whose images might not otherwise be discoverable online. That puts children in danger of privacy and safety risks, Han said, and some parents thinking they've protected their kids' privacy online may not realize that these risks exist.

From a single link to one photo that showed "two boys, ages 3 and 4, grinning from ear to ear as they hold paintbrushes in front of a colorful mural," Han could trace "both children's full names and ages, and the name of the preschool they attend in Perth, in Western Australia." And perhaps most disturbingly, "information about these children does not appear to exist anywhere else on the Internet" -- suggesting that families were particularly cautious in shielding these boys' identities online. Stricter privacy settings were used in another image that Han found linked in the dataset. The photo showed "a close-up of two boys making funny faces, captured from a video posted on YouTube of teenagers celebrating" during the week after their final exams, Han reported. Whoever posted that YouTube video adjusted privacy settings so that it would be "unlisted" and would not appear in searches. Only someone with a link to the video was supposed to have access, but that didn't stop Common Crawl from archiving the image, nor did YouTube policies prohibiting AI scraping or harvesting of identifying information.

Reached for comment, YouTube's spokesperson, Jack Malon, told Ars that YouTube has "been clear that the unauthorized scraping of YouTube content is a violation of our Terms of Service, and we continue to take action against this type of abuse." But Han worries that even if YouTube did join efforts to remove images of children from the dataset, the damage has been done, since AI tools have already trained on them. That's why -- even more than parents need tech companies to up their game blocking AI training -- kids need regulators to intervene and stop training before it happens, Han's report said. Han's report comes a month before Australia is expected to release a reformed draft of the country's Privacy Act. Those reforms include a draft of Australia's first child data protection law, known as the Children's Online Privacy Code, but Han told Ars that even people involved in long-running discussions about reforms aren't "actually sure how much the government is going to announce in August." "Children in Australia are waiting with bated breath to see if the government will adopt protections for them," Han said, emphasizing in her report that "children should not have to live in fear that their photos might be stolen and weaponized against them."
Security

10-Year-Old Open Source Flaw Could Affect 'Almost Every Apple Device' (thecyberexpress.com) 23

storagedude shares a report from the Cyber Express: Some of the most widely used web and social media applications could be vulnerable to three newly discovered CocoaPods vulnerabilities -- including potentially millions of Apple devices, according to a report by The Cyber Express, the news service of threat intelligence vendor Cyble Inc. E.V.A Information Security researchers reported three vulnerabilities in the open source CocoaPods dependency manager that could allow malicious actors to take over thousands of unclaimed pods and insert malicious code into many of the most popular iOS and MacOS applications, potentially affecting "almost every Apple device." The researchers found vulnerable code in applications provided by Meta (Facebook, Whatsapp), Apple (Safari, AppleTV, Xcode), and Microsoft (Teams); as well as in TikTok, Snapchat, Amazon, LinkedIn, Netflix, Okta, Yahoo, Zynga, and many more.

The vulnerabilities have been patched, yet the researchers still found 685 Pods "that had an explicit dependency using an orphaned Pod; doubtless there are hundreds or thousands more in proprietary codebases." The newly discovered vulnerabilities -- one of which (CVE-2024-38366) received a 10 out of 10 criticality score -- actually date from a May 2014 CocoaPods migration to a new 'Trunk' server, which left 1,866 orphaned pods that owners never reclaimed. While the vulnerabilities have been patched, the work for developers and DevOps teams that used CocoaPods before October 2023 is just getting started. "Developers and DevOps teams that have used CocoaPods in recent years should verify the integrity of open source dependencies used in their application code," the E.V.A researchers said. "The vulnerabilities we discovered could be used to control the dependency manager itself, and any published package." [...] "Dependency managers are an often-overlooked aspect of software supply chain security," the researchers wrote. "Security leaders should explore ways to increase governance and oversight over the use these tools."
"While there is no direct evidence of any of these vulnerabilities being exploited in the wild, evidence of absence is not absence of evidence." the EVA researchers wrote. "Potential code changes could affect millions of Apple devices around the world across iPhone, Mac, AppleTV, and AppleWatch devices."

While no action is required by app developers or users, the EVA researchers recommend several ways to protect against these vulnerabilities. To ensure secure and consistent use of CocoaPods, synchronize the podfile.lock file with all developers, perform CRC validation for internally developed Pods, and conduct thorough security reviews of third-party code and dependencies. Furthermore, regularly review and verify the maintenance status and ownership of CocoaPods dependencies, perform periodic security scans, and be cautious of widely used dependencies as potential attack targets.
Crime

Alzheimer's Scientist Indicted For Allegedly Falsifying Data In $16 Million Scheme (arstechnica.com) 49

"A federal grand jury has indicted an embattled Alzheimer's researcher for allegedly falsifying data to fraudulently obtain $16 million in federal research funding from the National Institutes of Health for the development of a controversial Alzheimer's drug and diagnostic test," writes Beth Mole via Ars Technica. "Wang is charged with one count of major fraud against the United States, two counts of wire fraud, and one count of false statements. If convicted, he faces a maximum penalty of 10 years in prison for the major fraud charge, 20 years in prison for each count of wire fraud, and five years in prison for the count of false statements [...]." From the report: Hoau-Yan Wang, 67, a medical professor at the City University of New York, was a paid collaborator with the Austin, Texas-based pharmaceutical company Cassava Sciences. Wang's research and publications provided scientific underpinnings for Cassava's Alzheimer's treatment, Simufilam, which is now in Phase III trials. Simufilam is a small-molecule drug that Cassava claims can restore the structure and function of a scaffolding protein in the brain of people with Alzheimer's, leading to slowed cognitive decline. But outside researchers have long expressed doubts and concerns about the research.

In 2023, Science magazine obtained a 50-page report from an internal investigation at CUNY that looked into 31 misconduct allegations made against Wang in 2021. According to the report, the investigating committee "found evidence highly suggestive of deliberate scientific misconduct by Wang for 14 of the 31 allegations," the report states. The allegations largely centered around doctored and fabricated images from Western blotting, an analytical technique used to separate and detect proteins. However, the committee couldn't conclusively prove the images were falsified "due to the failure of Dr. Wang to provide underlying, original data or research records and the low quality of the published images that had to be examined in their place." In all, the investigation "revealed long-standing and egregious misconduct in data management and record keeping by Dr. Wang," and concluded that "the integrity of Dr. Wang's work remains highly questionable." The committee also concluded that Cassava's lead scientist on its Alzheimer's disease program, Lindsay Burns, who was a frequent co-author with Wang, also likely bears some responsibility for the misconduct.

In March 2022, five of Wang's articles published in the journal PLOS One were retracted over integrity concerns with images in the papers. Other papers by Wang have also been retracted or had statements of concern attached to them. Further, in September 2022, the Food and Drug Administration conducted an inspection of the analytical work and techniques used by Wang to analyze blood and cerebrospinal fluid from patients in a simufilam trial. The investigation found a slew of egregious problems, which were laid out in a "damning" report (PDF) obtained by Science. In the indictment last week (PDF), federal authorities were explicit about the allegations, claiming that Wang falsified the results of his scientific research to NIH "by, among other things, manipulating data and images of Western blots to artificially add bands [which represent proteins], subtract bands, and change their relative thickness and/or darkness, and then drawing conclusions" based on those false results.

Microsoft

Microsoft Tells Yet More Customers Their Emails Have Been Stolen (theregister.com) 23

Microsoft revealed that the Russian hackers who breached its systems earlier this year stole more emails than initially reported. "We are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor, and we are providing the customers the email correspondence that was accessed by this actor," a Microsoft spokesperson told Bloomberg (paywalled). "This is increased detail for customers who have already been notified and also includes new notifications." The Register reports: We've been aware for some time that the digital Russian break-in at the Windows maker saw Kremlin spies make off with source code, executive emails, and sensitive U.S. government data. Reports last week revealed that the issue was even larger than initially believed and additional customers' data has been stolen. Along with Russia, Microsoft was also compromised by state actors from China not long ago, and that issue similarly led to the theft of emails and other data belonging to senior U.S. government officials.

Both incidents have led experts to call Microsoft a threat to U.S. national security, and president Brad Smith to issue a less-than-reassuring mea culpa to Congress. All the while, the U.S. government has actually invested more in its Microsoft kit. Bloomberg reported that emails being sent to affected Microsoft customers include a link to a secure environment where customers can visit a site to review messages Microsoft identified as having been compromised. But even that might not have been the most security-conscious way to notify folks: Several thought they were being phished.

The Courts

'Roaring Kitty' Is Sued For Alleged GameStop Manipulation (reuters.com) 123

Keith Gill, the investor known as "Roaring Kitty" online, is being used by GameStop investors for helping spur the meme stock mania of 2021. The plaintiffs said they lost money through his "pump-and-dump" scheme, which led to a "short squeeze" that caused losses for hedge funds betting stock prices would fall. Reuters reports: A proposed class action accusing Gill of securities fraud was filed on Friday in the Brooklyn, New York federal court. Investors led by Martin Radev, who lives in the Las Vegas area, said Gill manipulated GameStop securities between May 13 and June 13 by quietly accumulating large quantities of stock and call options, and then dumping some holdings after emerging from a three-year social media hiatus. They said Gill's activities caused GameStop's share price to gyrate wildly, generating "millions of dollars" in profit for him at their expense. "Defendant still enjoys celebrity status and commands a following of millions through his social media accounts," the complaint said. "Accordingly, Defendant was well aware of his ability to manipulate the market for GameStop securities, as well as the benefits he could reap."

He had on May 12 posted a cryptic meme on the social media platform X that was widely seen as a bullish signal for GameStop, whose stock he cheerleaded in 2021. GameStop's share price more than tripled over the next two days, but gave back nearly all the gains by May 24. On June 2, Gill revealed that he owned 5 million GameStop shares and 120,000 call options, and on June 13 revealed he had shed the call options but owned 9 million GameStop shares. Investors said the truth about Gill's investing became known on June 3 when the Wall Street Journal wrote about the timing of his options trades and said the online brokerage E*Trade considered kicking him off its platform.

Government

'Julian Assange Should Not Have Been Prosecuted In the First Place' (theguardian.com) 97

An anonymous reader quotes an op-ed written by Kenneth Roth, former executive director of Human Rights Watch (1993-2022) and a visiting professor at Princeton's School of Public and International Affairs: Julian Assange's lengthy detention has finally ended, but the danger that his prosecution poses to the rights of journalists remains. As is widely known, the U.S. government's pursuit of Assange under the Espionage Act threatens to criminalize common journalistic practices. Sadly, Assange's guilty plea and release from custody have done nothing to ease that threat. That Assange was indicted under the Espionage Act, a U.S. law designed to punish spies and traitors, should not be considered the normal course of business. Barack Obama's justice department never charged Assange because it couldn't distinguish what he had done from ordinary journalism. The espionage charges were filed by the justice department of Donald Trump. Joe Biden could have reverted to the Obama position and withdrawn the charges but never did.

The 18-count indictment filed under Trump accused Assange of having solicited secret U.S. government information and encouraged Chelsea Manning to provide it. Manning committed a crime when she delivered that information because she was a government employee who had pledged to safeguard confidential information on pain of punishment. But Assange's alleged solicitation of that information, and the steps he was said to have taken to ensure that it could be transferred anonymously, are common procedure for many journalists who report on national security issues. If these practices were to be criminalized, our ability to monitor government conduct would be seriously compromised. To make matters worse, someone accused under the Espionage Act is not allowed to argue to a jury that disclosures were made in the public interest. The unauthorized disclosure of secret information deemed prejudicial to national security is sufficient for conviction regardless of motive.

To justify Espionage Act charges, the Trump-era prosecutors stressed that Assange was accused of not only soliciting and receiving secret government information but also agreeing to help crack a password that would provide access to U.S. government files. That is not ordinary journalistic behavior. An Espionage Act prosecution for computer hacking is very different from a prosecution for merely soliciting and receiving secret information. Even if it would not withdraw the Trump-era charges, Biden's justice department could have limited the harm to journalistic freedom by ensuring that the alleged computer hacking was at the center of Assange's guilty plea. In fact, it was nowhere to be found. The terms for the proceeding were outlined in a 23-page "plea agreement" filed with the U.S. District Court for the Northern Mariana Islands, where Assange appeared by consent. Assange agreed to plead guilty to a single charge of violating the Espionage Act, but under U.S. law, it is not enough to plead in the abstract. A suspect must concede facts that would constitute an offense.
"One effect of the guilty plea is that there will be no legal challenge to the prosecution, and hence no judicial decision on whether this use of the Espionage Act violates the freedom of the media as protected by the first amendment of the U.S. constitution," notes Roth. "That means that just as prosecutors overreached in the case of Assange, they could do so again."

"[M]edia protections are not limited to journalists who are deemed responsible. Nor do we want governments to make judgments about which journalists deserve First Amendment safeguards. That would quickly compromise media freedom for all journalists."

Roth concludes: "Imperfect journalist that he was, Assange should never have been prosecuted under the Espionage Act. It is unfortunate that the Biden administration didn't take available steps to mitigate that harm."
EU

Meta Defends Charging Fee For Privacy Amid Showdown With EU (arstechnica.com) 66

An anonymous reader quotes a report from Ars Technica: Meta continues to hit walls with its heavily scrutinized plan to comply with the European Union's strict online competition law, the Digital Markets Act (DMA), by offering Facebook and Instagram subscriptions as an alternative for privacy-inclined users who want to opt out of ad targeting. Today, the European Commission (EC) announced preliminary findings that Meta's so-called "pay or consent" or "pay or OK" model -- which gives users a choice to either pay for access to its platforms or give consent to collect user data to target ads -- is not compliant with the DMA. According to the EC, Meta's advertising model violates the DMA in two ways. First, it "does not allow users to opt for a service that uses less of their personal data but is otherwise equivalent to the 'personalized ads-based service." And second, it "does not allow users to exercise their right to freely consent to the combination of their personal data," the press release said.

Now, Meta will have a chance to review the EC's evidence and defend its policy, with today's findings kicking off a process that will take months. The EC's investigation is expected to conclude next March. Thierry Breton, the commissioner for the internal market, said in the press release that the preliminary findings represent "another important step" to ensure Meta's full compliance with the DMA. "The DMA is there to give back to the users the power to decide how their data is used and ensure innovative companies can compete on equal footing with tech giants on data access," Breton said. A Meta spokesperson told Ars that Meta plans to fight the findings -- which could trigger fines up to 10 percent of the company's worldwide turnover, as well as fines up to 20 percent for repeat infringement if Meta loses. The EC agreed that more talks were needed, writing in the press release, "the Commission continues its constructive engagement with Meta to identify a satisfactory path towards effective compliance."
Meta continues to claim that its "subscription for no ads" model was "endorsed" by the highest court in Europe, the Court of Justice of the European Union (CJEU), last year.

"Subscription for no ads follows the direction of the highest court in Europe and complies with the DMA," Meta's spokesperson said. "We look forward to further constructive dialogue with the European Commission to bring this investigation to a close."

Meta rolled out its ad-free subscription service option last November. "Depending on where you purchase it will cost $10.5/month on the web or $13.75/month on iOS and Android," said the company in a blog post. "Regardless of where you purchase, the subscription will apply to all linked Facebook and Instagram accounts in a user's Accounts Center. As is the case for many online subscriptions, the iOS and Android pricing take into account the fees that Apple and Google charge through respective purchasing policies."
The Courts

Supreme Court Orders New Look At Social Media Laws in Texas and Florida (cbsnews.com) 75

The Supreme Court on Monday ordered lower courts to take another look at a pair of laws from Florida and Texas that imposed restrictions on how social media companies can moderate the content posted to their platforms. From a report: Justice Elena Kagan delivered the court's opinion, which tossed out lower court rulings and sent the two cases back for additional proceedings. The court said neither lower court conducted the proper analysis of the First Amendment challenges to the laws regulating major social media platforms.

"[T]he question in such a case is whether a law's unconstitutional applications are substantial compared to its constitutional ones. To make that judgment, a court must determine a law's full set of applications, evaluate which are constitutional and which are not, and compare the one to the other," Kagan wrote. "Neither court performed that necessary inquiry."

Transportation

Boeing Fraud Violated Fatal MAX Crash Settlement, Says Justice Department, Seeking Guilty Plea on Criminal Charges (yahoo.com) 123

America's Justice Department "is pushing for Boeing to plead guilty to a criminal charge," reports Reuters, "after finding the planemaker violated a settlement over fatal 737 MAX crashes in 2018 and 2019 that killed 346 people, two people familiar with the matter said on Sunday." Boeing previously paid $2.5 billion as part of the deal with prosecutors that granted the company immunity from criminal prosecution over a fraud conspiracy charge related to the 737 MAX's flawed design. Boeing had to abide by the terms of the deferred prosecution agreement for a three-year period that ended on Jan. 7. Prosecutors would then have been poised to ask a judge to dismiss the fraud conspiracy charge. But in May, the Justice Department found Boeing breached the agreement, exposing the company to prosecution.
A guilty plea could "carry implications for Boeing's ability to enter into government contracts," the article points out, "such as those with the U.S. military that make up a significant portion of its revenue..." The proposal would require Boeing to plead guilty to conspiring to defraud the U.S. Federal Aviation Administration in connection with the fatal crashes, the sources said. The proposed agreement also includes a $487.2 million financial penalty, only half of which Boeing would be required to pay, they added. That is because prosecutors are giving the company credit for a payment it made as part of the previous settlement related to the fatal crashes of the Lion Air and Ethiopian Airlines flights. Boeing could also likely be forced to pay restitution under the proposal's terms, the amount of which will be at a judge's discretion, the sources said.

The offer also contemplates subjecting Boeing to three years of probation, the people said. The plea deal would also require Boeing's board to meet with victims' relatives and impose an independent monitor to audit the company's safety and compliance practices for three years, they said.

"Should Boeing refuse to plead guilty, prosecutors plan to take the company to trial, they said..." the article points out.

"Justice Department officials revealed their decision to victims' family members during a call earlier on Sunday."
United States

Will a US Supreme Court Ruling Put Net Neutrality at Risk? (msn.com) 192

Today the Wall Street Journal reported that restoring net neutrality to America is "on shakier legal footing after a Supreme Court decision on Friday shifted power away from federal agencies." "It's hard to overstate the impact that this ruling could have on the regulatory landscape in the United States going forward," said Leah Malone, a lawyer at Simpson Thacher & Bartlett. "This could really bind U.S. agencies in their efforts to write new rules." Now that [the "Chevron deference"] is gone, the Federal Communications Commission is expected to have a harder time reviving net neutrality — a set of policies barring internet-service providers from assigning priority to certain web traffic...

The Federal Communications Commission reclassified internet providers as public utilities under the Communications Act. There are pending court cases challenging the FCC's reinterpretation of that 1934 law, and the demise of Chevron deference heightens the odds of the agency losing in court, some legal experts said. "Chevron's thumb on the scale in favor of the agencies was crucial to their chances of success," said Geoffrey Manne, president of the International Center for Law and Economics. "Now that that's gone, their claims are significantly weaker."

Other federal agencies could also be affected, according to the article. The ruling could also make it harder for America's Environmental Protection Agency to crack down on power-plant pollution. And the Federal Trade Commission face more trouble in court defending its recent ban on noncompete agreements. Lawyer Daniel Jarcho tells the Journal that the Court's decision "will unquestionably lead to more litigation challenging federal agency actions, and more losses for federal agencies."

Friday a White House press secretary issued a statement calling the court's decision "deeply troubling," and arguing that the court had "decided in the favor of special interests".
The Almighty Buck

Colorado's Universal Basic Income Experiment Gets Surprising Results (coloradosun.com) 370

In November of 2022, "More than 800 people were selected to participate in the Denver Basic Income Project," reports the Colorado Sun, "while they were living on the streets, in shelters, on friends' couches or in vehicles.

One group received $1,000 a month, according to the article, while a second group received $6,500 in the first month, and then $500 for the next 11 months. (And a "control" group received $50 a month.) Amazingly, about 45% of participants in all three groups "were living in a house or apartment that they rented or owned by the study's 10-month check-in point, according to the research." The number of nights spent in shelters among participants in the first and second groups decreased by half. And participants in those two groups reported an increase in full-time work, while the control group reported decreased full-time employment. The project also saved tax dollars, according to the report. Researchers tallied an estimated $589,214 in savings on public services, including ambulance rides, visits to hospital emergency departments, jail stays and shelter nights...

The study, which began in November 2022 with payments to the first group of participants, has been extended for an additional eight months, until September, and organizers are attempting to raise money to extend it further.

The Courts

Lawsuit Claims Microsoft Tracked Sex Toy Shoppers With 'Recording In Real Time' Software (404media.co) 36

Samantha Cole reports via 404 Media: A woman is suing Microsoft and two major U.S. sex toy retailers with claims that their websites are tracking users without their consent, despite promising they wouldn't do that. In a complaint (PDF) filed on June 25 in the Northern District of California, San Francisco resident Stella Tatola claims that Babeland and Good Vibrations -- both owned by Barnaby Ltd., LLC -- allowed Microsoft to see what visitors to their websites searched for and bought.

"Unbeknownst to Plaintiff and other Barnaby website users, and constituting the ultimate violation of privacy, Barnaby allows an undisclosed third-party, Microsoft, to intercept, read, and utilize for commercial gain consumers' private information about their sexual practices and preferences, gleaned from their activity on Barnaby's websites," the complaint states. "This information includes but is not limited to product searches and purchase initiations, as well as the consumer's unique Microsoft identifier." The complaint claims that Good Vibrations and Babeland sites have installed trackers using Microsoft's Clarity software, which does "recording in real time," and tracks users' mouse movements, clicks or taps, scrolls, and site navigation. Microsoft says on the Clarity site that it "processes a massive amount of anonymous data around user behavior to gain insights and improve machine learning models that power many of our products and services."

"By allowing undisclosed third party Microsoft to eavesdrop and intercept users' PPSI in such a manner -- including their sexual orientation, preferences, and desires, among other highly sensitive, protected information -- Barnaby violates its Privacy Policies, which state it will never share such information with third parties," the complaint states. The complaint includes screenshots of code from the sexual health sites that claims to show them using Machine Unique Identifier ("MUID") cookies that "identifies unique web browsers visiting Microsoft sites," according to Microsoft, and are used for "advertising, site analytics, and other operational purposes." The complaint claims that this violates the California Invasion of Privacy Act, the Federal Wiretap Act, and Californians' reasonable expectation of privacy.

Slashdot Top Deals