An anonymous reader quotes a report from Ars Technica: The US Constitution's Fifth Amendment protection against self-incrimination does not prohibit police officers from forcing a suspect to unlock a phone with a thumbprint scan, a federal appeals court ruled yesterday. The ruling does not apply to all cases in which biometrics are used to unlock an electronic device but is a significant decision in an unsettled area of the law. The US Court of Appeals for the 9th Circuit had to grapple with the question of "whether the compelled use of Payne's thumb to unlock his phone was testimonial," the ruling (PDF) in United States v. Jeremy Travis Payne said. "To date, neither the Supreme Court nor any of our sister circuits have addressed whether the compelled use of a biometric to unlock an electronic device is testimonial."

A three-judge panel at the 9th Circuit ruled unanimously against Payne, affirming a US District Court's denial of Payne's motion to suppress evidence. Payne was a California parolee who was arrested by California Highway Patrol (CHP) after a 2021 traffic stop and charged with possession with intent to distribute fentanyl, fluorofentanyl, and cocaine. There was a dispute in District Court over whether a CHP officer "forcibly used Payne's thumb to unlock the phone." But for the purposes of Payne's appeal, the government "accepted the defendant's version of the facts, i.e., 'that defendant's thumbprint was compelled.'" Payne's Fifth Amendment claim "rests entirely on whether the use of his thumb implicitly related certain facts to officers such that he can avail himself of the privilege against self-incrimination," the ruling said. Judges rejected his claim, holding "that the compelled use of Payne's thumb to unlock his phone (which he had already identified for the officers) required no cognitive exertion, placing it firmly in the same category as a blood draw or fingerprint taken at booking." "When Officer Coddington used Payne's thumb to unlock his phone -- which he could have accomplished even if Payne had been unconscious -- he did not intrude on the contents of Payne's mind," the court also said.

An anonymous reader quotes a report from the New York Times: Consumers have grown accustomed to the prospect that their personal data, such as email addresses, social contacts, browsing history and genetic ancestry, are being collected and often resold by the apps and the digital services they use. With the advent of consumer neurotechnologies, the data being collected is becoming ever more intimate. One headband serves as a personal meditation coach by monitoring the user's brain activity. Another purports to help treat anxiety and symptoms of depression. Another reads and interprets brain signals while the user scrolls through dating apps, presumably to provide better matches. ("'Listen to your heart' is not enough," the manufacturer says on its website.) The companies behind such technologies have access to the records of the users' brain activity -- the electrical signals underlying our thoughts, feelings and intentions.

On Wednesday, Governor Jared Polis of Colorado signed a bill that, for the first time in the United States, tries to ensure that such data remains truly private. The new law, which passed by a 61-to-1 vote in the Colorado House and a 34-to-0 vote in the Senate, expands the definition of "sensitive data" in the state's current personal privacy law to include biological and "neural data" generated by the brain, the spinal cord and the network of nerves that relays messages throughout the body. "Everything that we are is within our mind," said Jared Genser, general counsel and co-founder of the Neurorights Foundation, a science group that advocated the bill's passage. "What we think and feel, and the ability to decode that from the human brain, couldn't be any more intrusive or personal to us." "We are really excited to have an actual bill signed into law that will protect people's biological and neurological data," said Representative Cathy Kipp, Democrat of Colorado, who introduced the bill.

A jury found Avraham "Avi" Eisenberg guilty on all three counts of fraud and manipulation in a $110 million crypto trade scheme using the Mango Markets platform. Axios: The case was the first known test for a jury to decide whether existing U.S. laws governing fraud and market manipulation apply to the world of decentralized finance (DeFi). The 28-year-old Eisenberg will be held to account for his actions on Oct. 11, 2022, when a series of trades he made intentionally boosted the price of Mango Markets' native token, MNGO, as well as the price of futures contracts.

He used the inflated futures holdings as collateral to borrow other cryptocurrencies on the platform, then quickly withdrew those assets and walked away from his collateral. Eisenberg never disputed the facts of the strategy but contended that what he did was legal and permitted by the DeFi protocol, a principle in the industry known as "code is law." U.S. laws apply to DeFi: "Avraham Eisenberg ran a con," prosecutors said Wednesday, during closing arguments, continuing its momentum from last week. The word "con" was used at least six more times in those remarks.

An anonymous reader shares a report: A financially motivated criminal hacking group says it has stolen a confidential database containing millions of records that companies use for screening potential customers for links to sanctions and financial crime. The hackers, which call themselves GhostR, said they stole 5.3 million records from the World-Check screening database in March and are threatening to publish the data online.

World-Check is a screening database used for "know your customer" checks (or KYC), allowing companies to determine if prospective customers are high risk or potential criminals, such as people with links to money laundering or who are under government sanctions.The hackers told TechCrunch that they stole the data from a Singapore-based firm with access to the World-Check database, but did not name the firm. A portion of the stolen data, which the hackers shared with TechCrunch, includes individuals who were sanctioned as recently as this year.

An anonymous reader quotes a report from The Hill: The House on Wednesday approved a bill that would limit how the government can purchase data from third parties — legislation that scored a vote after negotiations with a group of GOP colleagues who briefly tanked a vote on warrantless spy powers. Dubbed the Fourth Amendment is Not For Sale, the legislation passed 219-199. It requires law enforcement and other government entities to get a warrant before buying information from third-party data brokers who purchase information gleaned from apps. [...] Senior administration officials said the measure would blind U.S. intelligence outfits from getting information easily purchased by foreign intelligence operations.

"In practice, these standards make it impossible for the [intelligence community], law enforcement to acquire a whole host of readily available information that they currently rely on," an administration official said. "Covered customer records as defined in the bill is very broad and includes records pertaining to any U.S. person or indeed any foreigner inside the United States. And as a practical matter, there's often no way to establish whether a particular individual was in the U.S. at a particular time a piece of data was created. Unless you did one thing, which is paradoxically to intrude further into their privacy just to figure out whether you could obtain some data." "It can be impossible to know what's in a data set before one actually obtains a data set," the official continued. "So you'd be barred from getting that which you don't even know."

CNBC reports that nine Google workers were arrested on trespassing charges Tuesday night in protest of the company's $1.2 billion contract providing cloud computing services to the Israeli government. The sit-in happened at Google Cloud CEO Thomas Kurian's office in Sunnyvale and the 10th floor commons of Google's New York office. From the report: The arrests, which were livestreamed on Twitch by participants, follow rallies outside Google offices in New York, Sunnyvale and Seattle, which attracted hundreds of attendees, according to workers involved. [...] Protesters in Sunnyvale sat in Kurian's office for more than nine hours until their arrests, writing demands on Kurian's whiteboard and wearing shirts that read "Googler against genocide." In New York, protesters sat in a three-floor common space. Five workers from Sunnyvale and four from New York were arrested.

"On a personal level, I am opposed to Google taking any military contracts -- no matter which government they're with or what exactly the contract is about," Cheyne Anderson, a Google Cloud software engineer based in Washington, told CNBC. "And I hold that opinion because Google is an international company and no matter which military it's with, there are always going to be people on the receiving end... represented in Google's employee base and also our user base." Anderson had flown to Sunnyvale for the protest in Kurian's office and was one of the workers arrested Tuesday. "Google Cloud supports numerous governments around the world in countries where we operate, including the Israeli government, with our generally available cloud computing services," a Google spokesperson told CNBC, adding, "This work is not directed at highly sensitive, classified, or military workloads relevant to weapons or intelligence services."

Pablo Escobar, the name of the late Colombian drug kingpin, can't be registered as a trademark in the European Union after judges said that approving his brother's bid would go against "principles of morality." From a report: The public "associate that name with drug trafficking and narco-terrorism and with the crimes and suffering resulting therefrom, rather than with his possible good deeds in favor of the poor in Colombia," the EU's General Court in Luxembourg said on Wednesday. Trademarking the name is "counter to the fundamental values and moral standards prevailing within Spanish society," the court said.

404 Media: An online service is scraping Discord servers en masse, archiving and tracking users' messages and activity across servers including what voice channels they join, and then selling access to that data for as little as $5. Called Spy Pet, the service's creator says it scrapes more than ten thousand Discord servers, and besides selling access to anyone with cryptocurrency, is also offering the data for training AI models or to assist law enforcement agencies, according to its website.

The news is not only a brazen abuse of Discord's platform, but also highlights that Discord messages may be more susceptible to monitoring than ordinary users assume. Typically, a Discord user's activity is spread across disparate servers, with no one entity, except Discord itself, able to see what messages someone has sent across the platform more broadly. With Spy Pet, third-parties including stalkers or potentially police can look up specific users and see what messages they've posted on various servers at once. "Have you ever wondered where your friend hangs out on Discord? Tired of basic search tools like Discord.id? Look no further!" Spy Pet's website reads. It claims to be tracking more than 14,000 servers, 600 million users, and includes a database of more than 3 billion messages.

Pavel Durov, the founder of Telegram messaging app, has accused tech giants Google and Apple of threatening to censor content on smartphones [YouTube link]. In an interview with Tucker Carlson, Durov claimed that these companies told Telegram to comply with their guidelines or face removal from their app stores.

"Those two platforms, they could basically censor everything you can read, access on your smart phone," Durov said. With 900 million active users, Telegram is expected to cross the one billion mark within a year.

The SEC has blocked third-party messaging apps and texts from employees' work phones, "bringing its own practices closer to the standards it's enforcing for the industry," reports Bloomberg. From the report: The SEC's decision to block disappearing-messaging apps will help improve record-keeping and address potential security vulnerabilities at the agency, which saw one of its social-media accounts compromised earlier this year. It follows about $3 billion in fines imposed on financial firms to settle allegations that they failed to keep adequate records of work-related communications on mobile devices and apps such as Signal and Meta's WhatsApp.

The scrutiny prompted Wall Street to overhaul how employees communicate on business matters using mobile phones. Meanwhile, the SEC took a hard look at policies covering its own staff's communications on agency-issued phones. The agency has restricted access to third-party messaging applications, as well as SMS (short message service) and iMessage texts "to lower risk that our systems could be compromised and to enhance recordkeeping," an SEC spokeswoman said in an emailed statement. The process of blocking the apps began in September and has continued over the past several months, she added.

An anonymous reader quotes a report from Wired: Dozens of Google employees began occupying company offices in New York City and Sunnyvale, California, on Tuesday in protest of the company's $1.2 billion contract providing cloud computing services to the Israeli government. The sit-in, organized by the activist group No Tech for Apartheid, is happening at Google Cloud CEO Thomas Kurian's office in Sunnyvale and the 10th floor commons of Google's New York office. The sit-in will be accompanied by outdoor protests at Google offices in New York, Sunnyvale, San Francisco, and Seattle beginning at 2 pm ET and 11 am PT. Tuesday's actions mark an escalation in a series of recent protests organized by tech workers who oppose their employer's relationship with the Israeli government, especially in light of Israel's ongoing assault on Gaza. Since Hamas killed about 1,100 Israelis on October 7, the IDF has killed more than 34,000 Palestinians.

Just over a dozen people gathered outside Google's offices in New York and Sunnyvale on Tuesday. Among those in New York was Google cloud software engineer Eddie Hatfield, who was fired days after disrupting Google Israel's managing director at March's Mind The Tech, a company-sponsored conference focused on the Israeli tech industry, in early March. Several hours into the sit-ins on Tuesday, Google security began to accuse the workers of "trespassing" and disrupting work, prompting several people to leave while others vowed to remain until they were forced out. The 2021 contract, known as Project Nimbus, involves Google and Amazon jointly providing cloud computing infrastructure and services across branches of the Israeli government. Last week, Time reported that Google's work on Project Nimbus involves providing direct services to the Israel Defense Forces. [...]

On March 4, more than600 other Googlers signed a petition opposing the company's sponsorship of the conference. After Hatfield was fired three days later, Google trust-and-safety-policy employee Vidana Abdel Khalek resigned from her position in opposition to Project Nimbus. Then, in late March, more than 300 Apple workers signed an open letter that alleged retaliation against workers who have expressed support for Palestinians, and urged company leadership to show public support for Palestinians. Hasan Ibraheem, a Google software engineer, is participating in the sit-in at his local Google office in New York. "This has really been a culmination of our efforts," he tells WIRED. Since joining No Tech for Apartheid in December, Ibraheem says, he has been participating in weekly "tabling" actions being held at Google office cafes in New York, Sunnyvale, San Francisco, and Mountain View, California. It involves holding a sign that says "Ask me about Project Nimbus" during lunch break, passing out flyers, and answering questions from coworkers. "It's actually shocking how many people at Google don't even know that this contract exists," Ibraheem says. "A lot of people who don't know about it, who then learn about it through us, are reasonably upset that this contract exists. They just didn't know that it existed beforehand."

According to Bloomberg's Mark Gurman, Apple's initial set of AI-related features in iOS 18 "will work entirely on device," and won't connect to cloud services. AppleInsider reports: In practice, these AI features would be able to function without an internet connection or any form of cloud-based processing. AppleInsider has received information from individuals familiar with the matter that suggest the report's claims are accurate. Apple is working on an in-house large language model, or LLM, known internally as "Ajax." While more advanced features will ultimately require an internet connection, basic text analysis and response generation features should be available offline. [...] Apple will reveal its AI plans during WWDC, which starts on June 10.

Richard Currie reports via The Register: A simple misclick at a London law firm led to a surprise divorce for an unsuspecting couple. An employee at Vardags, self-described specialists in high-net-worth marital breakdowns, opened the wrong file when applying for a divorce in His Majesty's Courts and Tribunals Service (HMCTS) online portal. With a click more potent than Cupid's arrow, the solicitor "issued a final order of divorce in proceedings between Mrs Williams, the applicant wife, and Mr Williams," court papers [PDF] say.

The digital slip occurred on October 3, and thanks to the system's "now customary speed," as described by Judge Sir Andrew McFarlane, President of the Family Division, marital bonds were finally and totally severed in a mere 21 minutes, less time than most couples spend arguing over what to watch on Netflix. When Vardags realized the blunder two days later, it scrambled to reverse the order. The application was made "without notice to the Husband's solicitors -- the Wife's solicitors considered at the time that this was the correct approach given that the Final Order itself had been made without notice."

In the ensuing legal melee, Mr Williams, previously unaware of his sudden single status, received a letter sent by HMCTS the same day as the accidental divorce, stating that he was no longer married. But it was not until October 11, a week later, that he was formally informed of his bachelorhood by his ex-wife's solicitors. Meanwhile, his solicitors entered the fray, demanding that the case be brought before the President of the Family Division to sort out this matrimonial muddle.

The United States Senate is poised to vote on legislation this week that, for the next two years at least, could dramatically expand the number of businesses that the US government can force to eavesdrop on Americans without a warrant. From a report: Some of the nation's top legal experts on a controversial US spy program argue that the legislation, known as the Reforming Intelligence and Securing America Act (RISAA), would enhance the US government's spy powers, forcing a variety of new businesses to secretly eavesdrop on Americans' overseas calls, texts, and email messages. Those experts include a handful of attorneys who've had the rare opportunity to appear before the US government's secret surveillance court.

The Section 702 program, authorized under the Foreign Intelligence Surveillance Act, or FISA, was established more than a decade ago to legalize the government's practice of forcing major telecommunications companies to eavesdrop on overseas calls in the wake of the September 11, 2001, terrorist attacks. On the one hand, the government claims that the program is designed to exclusively target foreign citizens who are physically located abroad; on the other, the government has fiercely defended its ability to access wiretaps of Americans' emails and phone conversations, often years after the fact and in cases unrelated to the reasons the wiretaps were ordered in the first place.

The 702 program works by compelling the cooperation of US businesses defined by the government as "electronic communications service providers" -- traditionally phone and email providers such as AT&T and Google. Members of the House Intelligence Committee, whose leaders today largely serve as lobbyists for the US intelligence community in Congress, have been working to expand the definition of that term, enabling the government to force new categories of businesses to eavesdrop on the government's behalf.

The Justice Department is preparing to sue Live Nation as soon as next month [non-paywalled link], an antitrust challenge that could spur major changes at the biggest name in concert promotion and ticketing. WSJ: The agency is preparing to file an antitrust lawsuit against the Ticketmaster parent in the coming weeks that would allege the nation's biggest concert promoter has leveraged its dominance in a way that undermined competition for ticketing live events, according to people familiar with the matter.

The specific claims the department would allege couldn't be learned. The federal government opted out of trying to block Live Nation and Ticketmaster's 2010 tie up. Since then, the company has faced accusations of exorbitant ticket fees, flawed customer service and anticompetitive practices from lawmakers, regulators and state attorneys general. Critics of the merger say it has stifled competition in ticketing and that the company should be broken up. Live Nation's size and power in concert promotion, ticketing and venues are at the heart of a Justice Department investigation that began in 2022. The investigation gained momentum in November 2022 after Ticketmaster crashed during a fan presale to Taylor Swift's "Eras Tour."