×
Bitcoin

SBF Asks For 5-Year Prison Sentence, Calls 100-Year Recommendation 'Grotesque' (arstechnica.com) 189

An anonymous reader quotes a report from Ars Technica: Convicted FTX fraudster Sam Bankman-Fried pleaded for a lenient prison sentence in a court filing yesterday, saying that he isn't motivated by greed and "is already being punished." Bankman-Fried requested a sentence of 63 to 78 months, or 5.25 to 6.5 years. Because of "Sam's charitable works and demonstrated commitment to others, a sentence that returns Sam promptly to a productive role in society would be sufficient, but not greater than necessary, to comply with the purposes of sentencing," the court filing (PDF) said. Bankman-Fried's filing also said that he maintains his innocence and intends to appeal his convictions.

A presentence investigation report (PSR) prepared by a probation officer recommended that Bankman-Fried be sentenced to 100 years in prison, according to the filing. "That recommendation is grotesque," SBF's filing said, arguing that it is based on an erroneously calculated loss of $10 billion. The $10 billion loss asserted in the PSR is "illusory" because the "victims are poised to recover -- were always poised to recover -- a hundred cents on the dollar" in bankruptcy proceedings, SBF's filing said. The filing urged the court to "reject the PSR's barbaric proposal" of 100 years, saying that such sentences should only be for "heinous conduct" like terrorism and child sexual abuse.

The founder and ex-CEO of cryptocurrency exchange FTX, Bankman-Fried was convicted on seven charges with a combined maximum sentence of 110 years after a monthlong trial in US District Court for the Southern District of New York. The charges included wire fraud and conspiracy to commit wire fraud, securities fraud, commodities fraud, and money laundering. US government prosecutors are required to make a sentencing recommendation by March 15, and US District Judge Lewis Kaplan is scheduled to issue a sentence on March 28.

EU

EU Lawmakers Back Draft Rules on Patents for Connected Cars, Telecom Equipment (reuters.com) 3

EU lawmakers on Wednesday approved draft rules governing patents key to technologies for telecom equipment and connected cars in the face of criticism from Nokia, Ericsson and other patent holders. From a report: The draft rules proposed by the European Commission in April last year seek to end costly and lengthy litigation over patents used in technologies for telecom equipment, mobile phones, computers, connected cars and smart devices. The European Parliament will now have to thrash out the details of the proposed rules with EU countries before it can become law. Nokia, Ericsson and Siemens in a letter to EU lawmakers in January, highlighted concerns from the European Patent Office, standard-setting body ETSI and other bodies on the draft rules. Lobbying group IP Europe, which counts Nokia, Ericsson and Qualcomm as its members, reiterated its opposition to the draft rules. "The beneficiaries would not be SMEs as claimed but big tech," IP Europe's managing director Patrick McCutcheon said ahead of the lawmakers' vote.
Government

White House Looks To Curb Foreign Powers' Ability To Buy Americans' Sensitive Personal Data With Executive Order (cnn.com) 117

President Joe Biden will issue an executive order on Wednesday aimed at curbing foreign governments' ability to buy Americans' sensitive personal information such as heath and geolocation data, according to senior US officials. From a report: The move marks a rare policy effort to address a longstanding US national security concern: the ease with which anyone, including a foreign intelligence services, can legally buy Americans' data and then use the information for espionage, hacking and blackmail. The issue, a senior Justice Department official told reporters this week, is a "growing threat to our national security."

The executive order will give the Justice Department the authority to regulate commercial transactions that "pose an unacceptable risk" to national security by, for example, giving a foreign power large-scale access to Americans' personal data, the Justice Department official said. The department will also issue regulations that require better protection of sensitive government information, including geolocation data on US military members, according to US officials. A lot of the online trade in personal information runs through so-called data brokers, which buy information on people's Social Security numbers, names, addresses, income, employment history and criminal background, as well as other items.

"Countries of concern, such as China and Russia, are buying Americans' sensitive personal data from data brokers," a separate senior administration official told reporters. In addition to health and location data, the executive order is expected to cover other sensitive information like genomic and financial data. Administration officials told reporters the new executive order would be applied narrowly so as not to hurt business transactions that do not pose a national security risk.
The White House's press release.
Nintendo

Nintendo Suing Makers of Open-Source Switch Emulator Yuzu (polygon.com) 107

Nintendo has filed a 41-page lawsuit against the makers of Yuzu, an open-source Nintendo Switch emulator, accusing them of "facilitating piracy at a colossal scale." Polygon reports: Yuzu is a free emulator that was released in 2018 months after the Nintendo Switch originally launched. The same folks who made Citra, a Nintendo 3DS emulator, made this one. Basically, it's a piece of software that lets people play Nintendo Switch games on Windows PC, Linux, and Android devices. (It also runs on Steam Deck, which Valve showed -- then wiped -- in a Steam Deck video clip.) Emulators aren't necessarily illegal, but pirating games to play on them is. But Nintendo said in its lawsuit that there's no way to legal way to use Yuzu.

Nintendo argued that Yuzu executes codes that "defeat" Nintendo's security measures, including decryption using "an illegally-obtained copy of prod.keys." "In other words, without Yuzu's decryption of Nintendo's encryption, unauthorized copies of games could not be played on PCs or Android devices," Nintendo wrote in the lawsuit. As to the alleged damages created by Yuzu, Nintendo pointed to the release of The Legend of Zelda: Tears of the Kingdom. Tears of the Kingdom leaked almost two weeks earlier than the game's May 12 release date. The pirated version of the game spread quickly; Nintendo said it was downloaded more than 1 million times before Tears of the Kingdom's release date. People used Yuzu to play the game; Nintendo said more than 20% of download links pointed people to Yuzu.

Though Yuzu doesn't give out pirated copies of games, Nintendo repeatedly said that most ROM sites point people toward Yuzu to play whatever games they've downloaded. Nintendo said its "expended significant resources to stop the illegal copying, marketing, sale, and distribution" of its Nintendo Switch games. It says that Yuzu earns the team $30,000 per month on its Patreon from more than 7,000 patrons. Nintendo said the company has earned at least $50,000 in paid Yuzu downloads. Nintendo said that Yuzu's Patreon doubled its paid members in the period between May 1 and May 12, when Tears of the Kingdom was released. Nintendo is asking the court to shut down the emulator, and for damages.

Security

Hackers Backed By Russia and China Are Infecting SOHO Routers Like Yours, FBI Warns (arstechnica.com) 36

An anonymous reader quotes a report from Ars Technica: The FBI and partners from 10 other countries are urging owners of Ubiquiti EdgeRouters to check their gear for signs they've been hacked and are being used to conceal ongoing malicious operations by Russian state hackers. The Ubiquiti EdgeRouters make an ideal hideout for hackers. The inexpensive gear, used in homes and small offices, runs a version of Linux that can host malware that surreptitiously runs behind the scenes. The hackers then use the routers to conduct their malicious activities. Rather than using infrastructure and IP addresses that are known to be hostile, the connections come from benign-appearing devices hosted by addresses with trustworthy reputations, allowing them to receive a green light from security defenses.

"In summary, with root access to compromised Ubiquiti EdgeRouters, APT28 actors have unfettered access to Linux-based operating systems to install tooling and to obfuscate their identity while conducting malicious campaigns," FBI officials wrote in an advisory Tuesday. APT28 -- one of the names used to track a group backed by the Russian General Staff Main Intelligence Directorate known as GRU -- has been doing just for at least the past four years, the FBI has alleged. Earlier this month, the FBI revealed that it had quietly removed Russian malware from routers in US homes and businesses. The operation, which received prior court authorization, went on to add firewall rules that would prevent APT28 -- also tracked under names including Sofacy Group, Forest Blizzard, Pawn Storm, Fancy Bear, and Sednit -- from being able to regain control of the devices.

On Tuesday, FBI officials noted that the operation only removed the malware used by APT28 and temporarily blocked the group using its infrastructure from reinfecting them. The move did nothing to patch any vulnerabilities in the routers or to remove weak or default credentials hackers could exploit to once again use the devices to surreptitiously host their malware. "The US Department of Justice, including the FBI, and international partners recently disrupted a GRU botnet consisting of such routers," they warned. "However, owners of relevant devices should take the remedial actions described below to ensure the long-term success of the disruption effort and to identify and remediate any similar compromises."

Those actions include:

- Perform a hardware factory reset to remove all malicious files
- Upgrade to the latest firmware version
- Change any default usernames and passwords
- Implement firewall rules to restrict outside access to remote management services

The Courts

Apple Sues To Win Trademarks For Augmented-Reality Software (reuters.com) 28

Apple has filed a lawsuit against the U.S. Patent and Trademark Office for refusing to grant trademarks covering the company's augmented-reality software development tools "Reality Composer" and "Reality Converter." Reuters reports: Apple, whose augmented-reality technology is a centerpiece of its newly released Vision Pro headset, asked the court (PDF) on Friday to reverse the USPTO's decision that the phrases were not distinctive enough to receive federal trademark protection. "Consumers must exercise imagination to understand how the nonsensical phrases 'reality composer' and 'reality converter' -- which sound like science fiction impossibilities -- relate to Apple's products," the complaint said. "They are suggestive, just as Burger King is a fast-food chain, not an actual monarch."

Apple's Reality Composer and Reality Converter allow developers to create and alter 3-D augmented-reality content for Apple apps. The content is compatible with Apple devices including the Vision Pro mixed-reality headset, which the tech giant began selling earlier this month. Turkish visual-effects company ZeroDensity challenged Apple's trademark applications at the USPTO, arguing that the phrases could not receive federal trademarks because they merely describe what the software does. ZeroDensity also said Apple's trademarks would cause confusion with its own "Reality"-related marks.

ZeroDensity, the named defendant in the case, said in a statement on Monday that it was "surprised and concerned by [Apple's] misinterpretation and misrepresentation of our company" and is "resolute in defending our 'Reality' trademarks." A USPTO tribunal agreed with ZeroDensity that Apple's marks were descriptive without addressing whether they would confuse consumers. Apple said in Friday's complaint that its phrases were "made-up terms coined by Apple that do not describe the underlying software development tools." "In contrast, descriptive terms like Raisin Bran or American Airlines straightforwardly describe the goods and services offered under the brand name," Apple said. "As innovative as Apple is, it cannot 'compose' or 'convert' reality." Apple argued that its marks would not cause consumer confusion and accused ZeroDensity of trying to "claim broad rights in the word 'reality,' which no one entity can monopolize."

Privacy

Meta Will Start Collecting 'Anonymized' Data About Quest Headset Usage (arstechnica.com) 31

An anonymous reader quotes a report from Ars Technica: Meta will soon begin "collecting anonymized data" from users of its Quest headsets, a move that could see the company aggregating information about hand, body, and eye tracking; camera information; "information about your physical environment"; and information about "the virtual reality events you attend." In an email sent to Quest users Monday, Meta notes that it currently collects "the data required for your Meta Quest to work properly." Starting with the next software update, though, the company will begin collecting and aggregating "anonymized data about... device usage" from Quest users. That anonymized data will be used "for things like building better experiences and improving Meta Quest products for everyone," the company writes.

A linked help page on data sharing clarifies that Meta can collect anonymized versions of any of the usage data included in the "Supplemental Meta Platforms Technologies Privacy Policy," which was last updated in October. That document lists a host of personal information that Meta can collect from your headset, including:

- "Your audio data, when your microphone preferences are enabled, to animate your avatar's lip and face movement"
- "Certain data" about hand, body, and eye tracking, "such as tracking quality and the amount of time it takes to detect your hands and body"
- Fitness-related information such as the "number of calories you burned, how long you've been physically active, [and] your fitness goals and achievements"
- "Information about your physical environment and its dimensions" such as "the size of walls, surfaces, and objects in your room and the distances between them and your headset"
- "Voice interactions" used when making audio commands or dictations, including audio recordings and transcripts that might include "any background sound that happens when you use those services" (these recordings and transcriptions are deleted "immediately" in most cases, Meta writes)
- Information about "your activity in virtual reality," including "the virtual reality events you attend"

The anonymized collection data is used in part to "analyz[e] device performance and reliability" to "improve the hardware and software that powers your experiences with Meta VR Products." Meta's help page also lists a small subset of "additional data" that headset users can opt out of sharing with Meta. But there's no indication that Quest users can opt out of the new anonymized data collection policies entirely. These policies only seem to apply to users who make use of a Meta account to access their Quest headsets, and those users are also subject to Meta's wider data-collection policies. Those who use a legacy Oculus account are subject to a separate privacy policy that describes a similar but more limited set of data-collection practices.

The Almighty Buck

Tumblr and Wordpress Are Preparing To Sell User Data To OpenAI and Midjourney, Report Says (404media.co) 42

Tumblr and Wordpress are preparing to sell user data to Midjourney and OpenAI, 404Media reported Tuesday, citing a source with internal knowledge about the deals and internal documents. From the report: The exact types of data from each platform going to each company are not spelled out in documentation we've reviewed, but internal communications reviewed by 404 Media make clear that deals between Automattic, the platforms' parent company, and OpenAI and Midjourney are imminent. The internal documentation details a messy and controversial process within Tumblr itself. One internal post made by Cyle Gage, a product manager at Tumblr, states that a query made to prepare data for OpenAI and Midjourney compiled a huge number of user posts that it wasn't supposed to. It is not clear from Gage's post whether this data has already been sent to OpenAI and Midjourney, or whether Gage was detailing a process for scrubbing the data before it was to be sent.
AI

OpenAI Says New York Times 'Hacked' ChatGPT To Build Copyright Lawsuit (reuters.com) 32

OpenAI has asked a federal judge to dismiss parts of the New York Times' copyright lawsuit against it, arguing that the newspaper "hacked" its chatbot ChatGPT and other AI systems to generate misleading evidence for the case. From a report: OpenAI said in a filing in Manhattan federal court on Monday that the Times caused the technology to reproduce its material through "deceptive prompts that blatantly violate OpenAI's terms of use."

"The allegations in the Times's complaint do not meet its famously rigorous journalistic standards," OpenAI said. "The truth, which will come out in the course of this case, is that the Times paid someone to hack OpenAI's products." OpenAI did not name the "hired gun" who it said the Times used to manipulate its systems and did not accuse the newspaper of breaking any anti-hacking laws.

Encryption

Nevada Sues To Deny Kids Access To Meta's Messenger Encryption (theregister.com) 79

An anonymous reader quotes a report from The Register: A law firm acting on behalf of the Nevada Attorney General Aaron Ford has asked a state court to issue a temporary restraining order (TRO) denying minors access to encrypted communication in Meta's Messenger application. The motion for a TRO follows AG's Ford announcement of civil lawsuits on January 30, 2024 against five social media companies, including Meta [PDF], alleging the companies deceptively marketed their services to young people through algorithms that were designed to promote addiction. Nevada was not a party to the two multi-district lawsuits filed against Meta last October by 42 State Attorney General over claims that the social media company knowingly ignored evidence that its Facebook and Instagram services contribute to the mental harm of children and teens. Meta, which lately has been investing in virtual reality and large language models, is also being sued by hundreds of school districts around the US.

The Nevada court filing to obtain a TRO follows from AG Ford's initial complaint. The legal claim cites a statement from the National Center for Missing and Exploited Children that argues Meta's provision of end-to-end encryption in Messenger "without exceptions for child sexual abuse material placed millions of children in grave danger." The initial complaint's presumably supporting claims, however, have been redacted in the publicly viewable copy of the document. The motion for a TRO, which also contains redactions, contends that Meta -- by encrypting Messenger -- has thwarted state officials from enforcing the Nevada Unfair and Deceptive Trade Practices Act. "With this Motion, the State seeks to enjoin Meta from using end-to-end encryption (also called 'E2EE') on Young Users' Messenger communications within the State of Nevada," the court filing says. "This conduct -- which renders it impossible for anyone other than a private message's sender and recipient to know what information the message contains -- serves as an essential tool of child predators and drastically impedes law enforcement efforts to protect children from heinous online crimes, including human trafficking, predation, and other forms of dangerous exploitation."

Meta enabled E2EE by default for all users of Messenger in December 2023. But according to the motion for a TRO, "Meta's end-to-end-encryption stymies efforts by Nevada law enforcement, causing needless delay and even risking the spoliation of critical pieces of necessary evidence in criminal prosecutions." The injunction, if granted, would require Meta to disable E2EE for all Messenger users under 18 in Nevada. Presumably that would also affect minors using Messenger who are visiting the Silver State.

United States

US Leading Global Alliance To Counter Foreign Government Disinformation (theguardian.com) 122

An anonymous reader quotes a report from The Guardian: A global coalition of democracies is being formed to protect their societies from disinformation campaigns by foreign governments, the US special envoy on the issue has said. James Rubin, the special envoy for non-state propaganda and disinformation efforts at the US state department's global engagement centre (GEC), said the coalition hoped to agree on "definitions for information manipulation versus plain old opinions that other governments are entitled to have even if we disagree with them." The US, UK and Canada have already signed up to a formal framework agreement, and Washington hopes more countries will join.

The GEC focuses solely on disinformation by foreign powers. Apart from trying to develop global strategies, it works to expose specific covert disinformation operations, such as a Russian operation in Africa to discredit US health services. The US, UK and Canada signed the framework to counter foreign state manipulation this month with the aim of addressing disinformation as a national security threat that requires coordinated government and civil society responses. "Now is the time for a collective approach to the foreign information manipulation threat that builds a coalition of like-minded countries committed to strengthening resilience and response to information manipulation," the framework says. It also encourages information-sharing and joint data analysis tools to identify covert foreign disinformation.

A hugely experienced US official and journalist who has worked with diplomats such as Madeleine Albright in the past, Rubin admitted his first year as special envoy had been one of his most intellectually taxing because of the complex definitions surrounding disinformation. In the continuum between hostile opinion and disinformation, he has tried to identify where and how governments can intervene without limiting free speech. The principle on which he has alighted is deception by foreign powers. "In principle every government should be free to convey their views, but they should have to admit who they are," he said an interview. "We want to promote more fact-based information, but at the same time find ways to label those information operations that are generated by the Chinese government or the Kremlin but to which they don't admit. "In the end that is all I know we can do right now without interfering with a free press. We are not asking for such covert disinformation to be taken down but a way to be found for the source to be labelled."

Movies

Open Source Movie Streaming Project 'Movie-Web' Shut Down By Hollywood Complaint (torrentfreak.com) 21

An anonymous reader quotes a report from TorrentFreak: In recent months, Movie-Web has quickly gained popularity among a particular group of movie aficionados. The open source software, which is still available on GitHub, allows anyone to set up a movie search engine capable of streaming content from third-party sources. These external sources tend to have large libraries of pirated entertainment. Movie-web's developers are not oblivious to the legal ramifications but since they don't host any files, they hoped to avoid legal trouble. The software just provides a search engine for third-party content, they argued. [...]

Yesterday, the movie-web.app domain was suddenly taken down. According to a message posted on the official Discord server, this is the result of a "court action" from several movie companies including Warner Bros. Netflix, Paramount, Universal, and Disney. [I]t appears that action was taken against the movie-web.app domain. It seems likely that registrar Namecheap suspended the domain after receiving a legal complaint from the aforementioned Hollywood companies. [Update: After publishing the article we learned that there is a legal action that requires registrars to take action against several 'pirate' domains. We're looking into the matter and will follow this up later.]

Namecheap updated the domain's status to clientHold, which effectively rendered the domain inaccessible. The measure is often used to suspend pirate site domains following copyright holder complaints. The surprise takedown only affects movie-web's publicly hosted 'demo' instance. On Discord, the movie-web team says that it has no plans to bring this website back in any shape or form. "As a team, we always said that if we were taken down, we would go down without a fight and we have decided to stick to that. We have zero interest in getting involved with legal matters, and so we will not be trying to circumvent this takedown in any way," developer 'BinaryOverload' writes.

Power

Are Corporate Interests Holding Back US Electrical Grid Expansion? (ieee.org) 133

Long-time Slashdot reader BishopBerkeley writes: Though it does not come as much of a surprise, a new study highlighted in IEEE Spectrum delves into how corporate profit motives are preventing the upgrading and the expansion of the U.S. electrical grid. The full report can be downloaded here from the source [the nonprofit economic research group NBER].

Besides opening up the market to competition, utilities don't want to lose control over regional infrastructure, writes IEEE Spectrum. "[I]nterregional lines threaten utility companies' dominance over the nation's power supply. In the power industry, asset ownership provides control over rules that govern energy markets and transmission service and expansion. When upstart entities build power plants and transmission lines, they may be able to dilute utility companies' control over power-industry rules and prevent utilities from dictating decisions about transmission expansion."

The article begins by noting that "The United States is not building enough transmission lines to connect regional power networks. The deficit is driving up electricity prices, reducing grid reliability, and hobbling renewable-energy deployment. " Utilities can stall transmission expansion because out-of-date laws sanction these companies' sweeping control over transmission development... One of the main values of connecting regional networks is that it enablesâ"and is in fact critical forâ"incorporating renewable energy... Plus, adding interregional transmission for renewables can significantly reduce costs for consumers. Such connections allow excess wind and solar power to flow to neighboring regions when weather conditions are favorable and allow the import of energy from elsewhere when renewables are less productive.

Even without renewables, better integrated networks generally lower costs for consumers because they reduce the amount of generation capacity needed overall and decrease energy market prices. Interregional transmission also enhances reliability,particularly during extreme weather...

Addressing the transmission shortage is on the agenda in Washington, but utility companies are lobbying against reforms.

The article points out that now investors and entrepreneurs "are developing long-distance direct-current lines, which are more efficient at moving large amounts of energy over long distances, compared with AC," and also "sidestep the utility-dominated transmission-expansion planning processes."

They're already in use in China, and are also becoming Europe's preferred choice...
Government

The Companies Helping Governments Hack Citizens' Phones: a 'Thriving' Industry (fastcompany.com) 8

Fast Company notes that "the deadly impacts of Pegasus and other cyberweapons — wielded by governments from Spain to Saudi Arabia against human rights defenders, journalists, lawyers and others — is by now well documented. A wave of scrutiny and sanctions have helped expose the secretive, quasi-legal industry behind these tools, and put financial strain on firms like Israel's NSO Group, which builds Pegasus.

"And yet business is booming." New research published this month by Google and Meta suggest that despite new restrictions, the cyberattack market is growing, and growing more dangerous, aiding government violence and repression and eroding democracy around the globe.

"The industry is thriving," says Maddie Stone, a researcher at Google's Threat Analysis Group (TAG) who hunts zero-day exploits, the software bugs that have yet to be fixed and are worth potentially hundreds of millions to spyware sellers. "More companies keep popping up, and their government customers are determined to buy from them, and want these capabilities, and are using them." For the first time, half of known zero-days against Google and Android products now come from private companies, according to a report published this month by Stone's team at Google. Beyond prominent firms like NSO and Candiru, Google's researchers say they are tracking about 40 companies involved in the creation of hacking tools that have been deployed against "high risk individuals."

Of the 72 zero-day exploits Google discovered in the wild between 2014 and last year, 35 were attributed to these and other industry players, as opposed to state-backed actors. "If governments ever had a monopoly on the most sophisticated capabilities, that era is certainly over," reads the report.

The Google findings and a spyware-focused threat report published by Meta a week later reflect an increasingly tough response by Big Tech to an industry that profits from breaking into its systems. The reports also put new pressure on the US and others to take action against the mostly unregulated industry.

"In its report, Google describes a 'rise in turnkey espionage solutions' offered by dozens of shady companies..."

Thanks to Slashdot reader tedlistens for sharing the article.
Crime

Oklahoma Man Hacked US Government Site To Buy Cars At Auction For $1 (nbcnews.com) 38

A U.S. government auction site was breached by an Oklahoma man, reports NBC News. So when it came time to pay up on his winning bids, he "falsified the true auction price to $1," according to the U.S. attorney's office.

He defrauded the government out of more than $150,000 between Jan. 31 and March 21, 2019, the indictment alleges. Included in the $1-buys were a 2010 Ford Escape Hybrid, for which Coker submitted a bid of $8,327; a Ford F550 pickup, with a bid of $9,000; and a Chevrolet C4500 box truck, bid $22,700; the U.S. attorney's office said...

Nineteen items in all were bought through the auctions, according to prosecutors. Coker used eight accounts and pre-paid debit cards with very little balances to make the purchases, the indictment says.

"Coker was indicted on three counts of wire fraud in March 2023 and pleaded guilty to one count Wednesday, according to court records."

Thanks to Slashdot reader Thelasko for sharing the news.
Privacy

License Plate-Scanning Company Violates Privacy of Millions of California Drivers, Argues Class Action (sfgate.com) 49

"If you drive a car in California, you may be in for a payday thanks to a lawsuit alleging privacy violations by a Texas company," report SFGate: The 2021 lawsuit, given class-action status in September, alleges that Digital Recognition Network is breaking a California law meant to regulate the use of automatic license plate readers. DRN, a Fort Worth-based company, uses plate-scanning cameras to create location data for people's vehicles, then sells that data to marketers, car repossessors and insurers.

What's particularly notable about the case is the size of the class. The court has established that if you're a California resident whose license plate data was collected by DRN at least 15 times since June 2017, you're a class member. The plaintiff's legal team estimates that the tally includes about 23 million people, alleging that DRN cameras were mounted to cars on public roads. The case website lets Californians check whether their plates were scanned.

Barring a settlement or delay, the trial to decide whether DRN must pay a penalty to those class members will begin on May 17 in San Diego County Superior Court... The company's cameras scan 220 million plates a month, its website says, and customers can use plate data to "create comprehensive vehicle stories."

A lawyer for the firm representing class members told SFGATE Friday that his team will try to show DRN's business is a "mass surveillance program."
United States

US Court Stalls Energy Dept Demand For Cryptocurrency Mining Data (semafor.com) 103

"Crypto mines will have to start reporting their energy use in the U.S.," wrote the Verge in January, saying America's Energy department would "begin collecting data on crypto mines' electricity use, following criticism from environmental advocates over how energy-hungry those operations are."

But then "constitutional freedoms" group New Civil Liberties Alliance (founded with seed money from the Charles Koch Foundation) objected. And "on behalf of its clients" — the Texas Blockchain Council and Colorado bitcoin mining company Riot Platforms — the group said it "looks forward to derailing the Department of Energy's unlawful data collection effort once and for all."

While America's Energy department said the survey would take 30 minutes to complete, the complaint argued it would take 40 hours. According to the judge, the complaint "alleged three main sources of irreparable injury..."

- Nonrecoverable costs of compliance with the Survey
- A credible threat of prosecution if they do not comply with the Survey
- The disclosure of proprietary information requested by the Survey, thus risking disclosure of sensitive business strategy

But more importantly, the survey was implemented under "emergency" provisions, which the judge said is only appropriate when "public harm is reasonably likely to result if normal clearance procedures are followed."

Or, as Semafor.com puts it, the complaint was "seeking to push off the reporting deadline, on the grounds that the survey was rushed through...without a public comment period." The judge, Alan Albright, granted the request late Friday night, blocking the [Department of Energy's Information Administration] from collecting survey data or requiring bitcoin companies to respond to it, at least until a more comprehensive injunction hearing scheduled for Feb. 28. The ruling also concludes that the plaintiffs are "likely to succeed in showing that the facts alleged by the U.S. Energy Information Administration to support an emergency request fall far short of justifying such an action."
The U.S. Department of Energy is now...
  • Restrained from requiring Plaintiffs or their members to respond to the Survey
  • Restrained from collecting data required by the Survey
  • "...and shall sequester and not share any such data that Defendants have already received from Survey respondents."

Thanks to long-time Slashdot reader schwit1 for sharing the news.


Privacy

Vending Machine Error Reveals Secret Face Image Database of College Students (arstechnica.com) 100

Ashley Belanger reports via Ars Technica: Canada-based University of Waterloo is racing to remove M&M-branded smart vending machines from campus after outraged students discovered the machines were covertly collecting facial-recognition data without their consent. The scandal started when a student using the alias SquidKid47 posted an image on Reddit showing a campus vending machine error message, "Invenda.Vending.FacialRecognitionApp.exe," displayed after the machine failed to launch a facial recognition application that nobody expected to be part of the process of using a vending machine. "Hey, so why do the stupid M&M machines have facial recognition?" SquidKid47 pondered. The Reddit post sparked an investigation from a fourth-year student named River Stanley, who was writing for a university publication called MathNEWS. [...]

MathNEWS' investigation tracked down responses from companies responsible for smart vending machines on the University of Waterloo's campus. Adaria Vending Services told MathNEWS that "what's most important to understand is that the machines do not take or store any photos or images, and an individual person cannot be identified using the technology in the machines. The technology acts as a motion sensor that detects faces, so the machine knows when to activate the purchasing interface -- never taking or storing images of customers." According to Adaria and Invenda, students shouldn't worry about data privacy because the vending machines are "fully compliant" with the world's toughest data privacy law, the European Union's General Data Protection Regulation (GDPR). "These machines are fully GDPR compliant and are in use in many facilities across North America," Adaria's statement said. "At the University of Waterloo, Adaria manages last mile fulfillment services -- we handle restocking and logistics for the snack vending machines. Adaria does not collect any data about its users and does not have any access to identify users of these M&M vending machines." [...]

But University of Waterloo students like Stanley now question Invenda's "commitment to transparency" in North American markets, especially since the company is seemingly openly violating Canadian privacy law, Stanley told CTV News. On Reddit, while some students joked that SquidKid47's face "crashed" the machine, others asked if "any pre-law students wanna start up a class-action lawsuit?" One commenter summed up students' frustration by typing in all caps, "I HATE THESE MACHINES! I HATE THESE MACHINES! I HATE THESE MACHINES!"

Government

Florida Lawmakers Pass Ban On Social Media For Kids (apnews.com) 114

Florida lawmakers passed a bill on Thursday that forces social media companies to keep most minors off their platforms. The Hill reports: The legislation, which passed the state House Thursday after earlier being approved by the Senate, now heads to Gov. Ron DeSantis's (R) desk, though he says he's not quite ready to sign on. DeSantis told reporters Friday that he thinks there needs to be a "proper balance" between government regulations and parental input on the social media issue. "We'll be wrestling with that," he said. The governor said he'll be assessing the final version of the legislation likely through the weekend. "Federal law says 13 and under can't have social media accounts. That's not really enforced," he said.

The lawmakers who championed the proposed social media ban, which would require platforms check the ages of users through a third-party source, argue it will make the online landscape safer for youths. The legislation passed 108-7 in the state House and 23-14 in the Florida Senate within a matter of hours Thursday.

Crime

US Man Accused of Making $1.8 Million From Listening In On Wife's Remote Work Calls (theguardian.com) 107

Kalyeena Makortoff reports via The Guardian: US regulators have accused a man of making $1.8 million by trading on confidential information he overheard while his wife was on a remote call, in a case that could fuel arguments against working from home. The Securities and Exchange Commission (SEC) said it charged Tyler Loudon with insider trading after he "took advantage of his remote working conditions" and profited from private information related to the oil firm BP's plans to buy an Ohio-based travel centre and truck-stop business last year.

The SEC claims that Loudon, who is based in Houston, Texas, listened in on several remote calls held by his wife, a BP merger and acquisitions manager who had been working on the planned deal in a home office 20ft (6 meters) away. The regulator said Loudon went on a buying spree, purchasing more than 46,000 shares in the takeover target, TravelCenters of America, without his wife's knowledge, weeks before the deal was announced on 16 February 2023. TravelCenters's stock soared by nearly 71% after the deal was announced. Loudon then sold off all of his shares, making a $1.8m profit.

Loudon eventually confessed to his wife, and claimed that he had bought the shares because he wanted to make enough money so that she did not have to work long hours anymore. She reported his dealings to her bosses at BP, which later fired her despite having no evidence that she knowingly leaked information to her husband. She eventually moved out of the couple's home and filed for divorce.

Slashdot Top Deals