"Like many bad ideas, this one started with Bud Light," reports Slate. As four high school seniors sat around shooting the breeze before graduation, they decided to vandalize their school as a senior prank. Disguised with T-shirts over their faces to evade security cameras, the young men originally set out to spray-paint "Class of 2018," but in a moment one of the men describes to the Washington Post as "a blur," their graffiti fest took a turn toward swastikas, racial slurs attacking the school's principal, and other hateful symbols.

Despite their covered faces, school officials had no problem finding who was responsible: The students' phones had automatically connected with the school's Wi-Fi using their unique logins. Their digital fingerprints tipped off administrators to who was on campus just before midnight, and, as the Post describes, they were held accountable for their crime. But the incident also showcases how little we know about what we're giving away with our digital footprints. These men had clearly given thought about how to stay anonymous -- they knew they needed masks to foil the cameras -- but they didn't think the devices in their pockets could give them away.
The AP adds that the prison sentences for the four teenagers "ranged from eight to 18 weekends behind bars."

"Cheap surveillance software is changing how landlords manage their tenants and what laws police can enforce," reports Slate.

For example, there's a private company contracting with property managers that says they now have 475 security cameras in place and can sometimes scan more than 1.5 million license plates in a week. (According to Clayton Burnett, Watchstore Security's director of "innovation and new technology".) Burnett's company regularly hands over location data to police, he says, as evidence for cases large and small. But that investigative firepower also comes in handy for more routine landlord-tenant affairs. They've investigated tree trimmers charging for a day of work they didn't do and caught people dumping trash on private property. Sometimes, he says, a tenant will claim her car was hit in the building's parking lot and ask for free rent. His company can search for her plate and see that one day, she left the lot with her bumper intact and then came back later with a dent in it. Probably once a week, Burnett says, Watchtower uses it to prove that a tenant has "a buddy crashing on their couch," violating their lease. "Normally, there's some limit to how long they can stay, like five days," he says, "and we can prove they're going over that." One search, and they have proof that that buddy has been coming over every night for a month.

I was wondering how tenants felt about this, and I asked Burnett whether anyone had ever complained about the license plate readers. "No," he said with a laugh. "I'd say they probably don't know about it...."

[A]s the technology has matured, it's gotten in the hands of organizations that, five years ago, would never have been able to consider it. Small-town police departments can suddenly afford to conduct surveillance at a massive scale. Neighborhood homeowners associations and property managers are buying up cameras by the dozen. And in many jurisdictions, cheap automatic license plate reader (ALPR) cameras are creeping into neighborhoods -- with almost nothing restricting how they're used besides the surveiller's own discretion....

If you know that a bald guy in a gray Toyota illegally dumped trash in your lawn, the police won't try to track him down. But if they have the plate, enforcing lower-level crime becomes much easier. Several of the property managers and homeowners associations I spoke to emphasized that this is one of the main benefits of their ALPR systems. Along with burglaries, they're mostly concerned about people breaking into cars to steal personal belongings; police wouldn't investigate that before, but now homeowners associations can do the investigation for them and hand over the evidence. As Burnett put it, "[Police] are not going to be able to investigate [a small crime] unless we hand it to them on a silver platter. Which we've done plenty of times."
The article points out that today's software can detect dents on cars and watch for specific bumper stickers (or Lyft tags) -- and often the software can be retrofitted to existing traffic cameras. A contractor working with police in one Pennsylvania county says they've now "virtually gated" an entire 20,000-person town south of Pittsburgh. "Any way you can come in and out, you're on camera."

A senior investigative researcher at the EFF points out that "Now a cop can look up your license plate and see where you've been for the past two years."

Florida's Department of Highway Safety and Motor Vehicles "made $77 million in 2017 by selling drivers' personal information to more than 30 private companies, including marketing firms, bill collectors, insurance companies and data brokers..." according to local news site.

schwit1 shared this report from WPTV: A Florida woman is blaming the state government for an onslaught of robocalls and direct mail offers â"- accusations that come as the Scripps station WFTS in Tampa uncovered that the DMV makes millions by selling Florida drivers' personal information to outside companies, including marketing firms.

WFTS I-Team Investigator Adam Walser obtained records showing the state sold information on Florida drivers and ID cardholders to more than 30 private companies, including marketing firms, bill collectors, insurance companies and data brokers in the business of reselling information.
They also report that the woman was illiterate, and "had no digital footprint â" until she got an ID." But within days, her legal guardian reports she was "receiving direct mail offers for lawn service, credit cards, cell phones and insurance. She also now receives constant robocalls and salespeople have even started showing up at her door."

And their investigation revealed more damning details. One data broker said their firm "has an agreement with the state to buy driver and ID cardholder data for a penny a record." A promotional video on their web site brags they have "access to 2.5 billion customers and two-thirds of the world's population."

Though it may be possible to opt-out of data collection from individual marketing companies, a spokesperson for the state of Florida "said there's no way for drivers to opt out if they don't want their personal information sold."

Long-time Slashdot reader AmiMoJo quotes the Register: An interior design tools startup called Mosss on Wednesday sued Google to get it to restore its data after someone at the startup accidentally deleted the firm's G Suite account. In a pro se lawsuit [PDF] filed in US District Court in Oakland, California, Mosss, under its previous corporate name, Musey Inc., asked Google to help it restore its data...

Initially, the filing says, the company believed Google would be able to help because a customer service representative said he'd deal with the issue. But the cavalry did not arrive... "All efforts failed and at the end we received a one-line email that stated our data was lost and couldn't be returned to us."

Except perhaps not. According to the complaint, the company was informed – it's not clear whether Google or a third-party advised this – that it could seek a subpoena or file a civil lawsuit to access its data. So that's what it has done.

"Schools in the central German state of Hesse [population: 6 million] have been told it's now illegal to use Microsoft Office 365," reports ZDNet: The state's data-protection commissioner has ruled that using the popular cloud platform's standard configuration exposes personal information about students and teachers "to possible access by US officials".

That might sound like just another instance of European concerns about data privacy or worries about the current US administration's foreign policy. But in fact the ruling by the Hesse Office for Data Protection and Information Freedom is the result of several years of domestic debate about whether German schools and other state institutions should be using Microsoft software at all.

Besides the details that German users provide when they're working with the platform, Microsoft Office 365 also transmits telemetry data back to the US. Last year, investigators in the Netherlands discovered that that data could include anything from standard software diagnostics to user content from inside applications, such as sentences from documents and email subject lines. All of which contravenes the EU's General Data Protection Regulation, or GDPR, the Dutch said...

To allay privacy fears in Germany, Microsoft invested millions in a German cloud service, and in 2017 Hesse authorities said local schools could use Office 365. If German data remained in the country, that was fine, Hesse's data privacy commissioner, Michael Ronellenfitsch, said. But in August 2018 Microsoft decided to shut down the German service. So once again, data from local Office 365 users would be data transmitted over the Atlantic. Several US laws, including 2018's CLOUD Act and 2015's USA Freedom Act, give the US government more rights to ask for data from tech companies.
ZDNet also quotes Austrian digital-rights advocate Max Schrems, who summarizes the dilemma. "If data is sent to Microsoft in the US, it is subject to US mass-surveillance laws. This is illegal under EU law."

An anonymous reader quotes a report from Bloomberg: E-cigarette companies such as Juul must submit applications to U.S. regulators by May 2020 to keep their vaping products on the market, a federal judge ruled Friday. The ruling was the result of a court case brought by anti-tobacco and public-health groups after the FDA had delayed an earlier application deadline. The groups argued that the agency had abdicated its duty to regulate the products, which have been blamed for a rise of youth use of vaping products. A company's e-cigarettes will be able to stay on the market for up to one year while the FDA considers its application, according to the order. In anticipation of having to move more quickly, the FDA issued a guideline last month to help e-cigarette makers craft their applications. "Given the uncertainty in the efficacy of e-cigarettes as smoking cessation devices, the overstated effects that a shorter deadline may have on manufacturers, the industry's recalcitrance, the continued availability of e-cigarettes and their acknowledged appeal to youth, and the clear public health emergency, I find that a deadline is necessary," U.S. District Judge Paul Grimm wrote in his order.

Juul said it was supportive of the application process and had been preparing research on its products and how they're used by smokers. "We're confident in the content and quality of the materials we will submit with our application," said spokeswoman Lindsay Andrews.