General Motors will pay nearly $146 million in penalties to the U.S. government, reports the Associated Press, "because 5.9 million of its older vehicles do not comply with emissions and fuel economy standards." The National Highway Traffic Safety Administration said in a statement Wednesday that certain GM vehicles from the 2012 through 2018 model years did not comply with federal fuel economy requirements. The penalty comes after the Environmental Protection Agency said its testing showed the GM pickup trucks and SUVs emit over 10% more carbon dioxide on average than GM's initial compliance testing claimed.

The EPA says the vehicles will remain on the road and cannot be repaired. The GM vehicles on average consume at least 10% more fuel than the window sticker numbers say, but the company won't be required to reduce the miles per gallon on the stickers, the EPA said... GM said in a statement that it complied with all regulations in pollution and mileage certification of its vehicles. The company said it is not admitting to any wrongdoing nor that it failed to comply with the Clean Air Act...

The enforcement action involves about 4.6 million full-size pickups and SUVs and about 1.3 million midsize SUVs, the EPA said. The affected models include the Chevy Tahoe, Cadillac Escalade and Chevy Silverado. About 40 variations of GM vehicles are covered. GM will be forced to give up credits used to ensure that manufacturers' greenhouse gas emissions are below the fleet standard for emissions that applies for that model year, the EPA said. In a quarterly filing with the Securities and Exchange Commission, GM said it expects the total cost to resolve the matter will be $490 million. Because GM agreed to address the excess emissions, EPA said it was not necessary to make a formal determination regarding the reasons for the excess pollution.
According to the article, David Cooke, senior vehicles analyst for the Union of Concerned Scientists, "said it's possible that GM owners could sue the company because they are getting lower gas mileage than advertised."

The article also notes that in 2014, Hyundai and Kia "entered into a settlement in which they had to pay a $100 million civil penalty to end a two year investigation into overstated gas mileage on window stickers of 1.2 million vehicles."

An anonymous reader shared this report from Business Insider: It's a political tale as old as time: put up a campaign poster in your yard, and thieves come to snatch it. But according to The Wall Street Journal, those fed up with front lawn looting are embracing a modern solution. Apple's geo-tracking AirTag devices are helping owners find their signs — and sometimes, even the people who stole them.

The practice has already led to charges. In one example cited by the outlet, Florida politician John Dittmore decided to hide the coin-sized gadget on one of his posters after waking up to a number of thefts in May... [Two teenagers were charged with criminal mischief and the theft of nine signs.]

In other cited cases, stolen signs don't end up with teens, but in the homes of electoral opponents. After Chris Torre became the victim of poster snatching, AirTags led him to the residence of Renee Rountree, the Journal said. Both were running for a seat on the Isle of Wight County Board of Supervisors in Virginia. Her son-in-law was charged with a misdemeanor for stealing the property, while Rountree faced a misdemeanor for receiving stolen goods. In a December trial, she noted plans to return the signs. Rountree has since been ordered to 250 hours of community service.

"I would like to think that this will have a huge deterrent effect," the trial's judge said in the court's transcript, quoted by WSJ.

Longtime Slashdot reader Artem S. Tashkinov shares a report from The Hacker News: A group of security researchers from the Graz University of Technology have demonstrated a new side-channel attack known as SnailLoad that could be used to remotely infer a user's web activity. "SnailLoad exploits a bottleneck present on all Internet connections," the researchers said in a study released this week. "This bottleneck influences the latency of network packets, allowing an attacker to infer the current network activity on someone else's Internet connection. An attacker can use this information to infer websites a user visits or videos a user watches." A defining characteristic of the approach is that it obviates the need for carrying out an adversary-in-the-middle (AitM) attack or being in physical proximity to the Wi-Fi connection to sniff network traffic. Specifically, it entails tricking a target into loading a harmless asset (e.g., a file, an image, or an ad) from a threat actor-controlled server, which then exploits the victim's network latency as a side channel to determine online activities on the victim system.

To perform such a fingerprinting attack and glean what video or a website a user might be watching or visiting, the attacker conducts a series of latency measurements of the victim's network connection as the content is being downloaded from the server while they are browsing or viewing. It then involves a post-processing phase that employs a convolutional neural network (CNN) trained with traces from an identical network setup to make the inference with an accuracy of up to 98% for videos and 63% for websites. In other words, due to the network bottleneck on the victim's side, the adversary can deduce the transmitted amount of data by measuring the packet round trip time (RTT). The RTT traces are unique per video and can be used to classify the video watched by the victim. The attack is so named because the attacking server transmits the file at a snail's pace in order to monitor the connection latency over an extended period of time.

An anonymous reader quotes a report from TorrentFreak: With dozens of millions of monthly visits, Animeflix positioned itself as one of the most popular anime piracy portals. The site also has an active Discord community of around 35k members, who actively participate in discussions, art competitions, even a chess tournament. While rightsholders take no offense at these side-projects, the site's core business was streaming pirated videos. That hasn't gone unnoticed; last December Animeflix was listed as one of the shutdown targets of anti-piracy coalition ACE.

Whether these early enforcement efforts were responsible for the site's closure is unclear. In May, rightsholders increased the pressure through the High Court of India, obtaining a broad injunction that effectively suspended Animeflix's main domain name; Animeflix.live. This follow-up action didn't seem to hurt the site too much. It simply moved to new domains, Animeflix.gg and Animeflix.li, informing its users that the old domain name had become "unavailable." Yesterday, the site became unreachable again, initially returning a Cloudflare error message. This time, the domain wasn't the problem but, for reasons unknown, the team decided to shut down the site without prior notice.

"It is with a heavy heart that we announce the closure of Animeflix. After careful consideration, we have decided to shut down our service effective immediately. We deeply appreciate your support and enthusiasm over the years." "Thank you for being a part of our journey. We hope the joy and excitement of anime continue to brighten your days through other wonderful platforms," the Animeflix team adds. The Animeflix team doesn't provide any insight into its reasoning, but it's clear that keeping a site like that online isn't without challenges. And, when a pirate site shuts down, voluntarily or not, copyright issues typically play a role. It's clear that rightsholders were keeping an eye on the site, and were actively seeking out options to take it offline. That might have played a role in the shutdown decision but without more information from the team, we can only speculate.

China has requested significantly more generative AI patents than any other country, the U.N. intellectual property agency (the World Intellectual Property Organization) is reporting. According to WIPO's first-ever report on GenAI patents, China submitted over 38,200 inventions in the past decade, dwarfing the United States' 6,300 filings. South Korea, Japan, and India rounded out the top five. The study tracked approximately 54,000 GenAI-related patent applications from 2014 to 2023, with over a quarter emerging in the last year alone.

Top Eurocops are appealing for help from lawmakers to undermine a privacy-enhancing technology (PET) they say is hampering criminal investigations -- and it's not end-to-end encryption this time. Not exactly. From a report: Europol published a position paper today highlighting its concerns around SMS home routing -- the technology that allows telcos to continue offering their services when customers visit another country. Most modern mobile phone users are tied to a network with roaming arrangements in other countries. EE customers in the UK will connect to either Telefonica or Xfera when they land in Spain, or T-Mobile in Croatia, for example.

While this usually provides a fairly smooth service for most roamers, Europol is now saying something needs to be done about the PETs that are often enabled in these home routing setups. According to the cops, they pointed out that when roaming, a suspect in a criminal case who's using a SIM from another country will have all of their mobile communications processed through their home network. If a crime is committed by a Brit in Germany, for example, then German police couldn't issue a request for unencrypted data as they could with a domestic operator such as Deutsche Telekom.

ZipNada writes: A federal court in Texas has partially blocked the government's ban on noncompete agreements that was set to take effect September 4. An estimated 30 million people, or one in five American workers, are bound by noncompetes. The employment agreements typically prevent workers -- everyone from minimum wage earners to CEOs -- from joining competing businesses or launching ones of their own.

In its complaint, Ryan LLC accused the FTC of overstepping its statutory authority in declaring all noncompetes unfair and anticompetitive. Judge Brown agreed, writing, "The FTC lacks substantive rulemaking authority with respect to unfair methods of competition." Through a statement Wednesday evening, the FTC said its authority is supported by both statute and precedent. "We will keep fighting to free hardworking Americans from unlawful noncompetes, which reduce innovation, inhibit economic growth, trap workers, and undermine Americans' economic liberty," wrote FTC spokesman Douglas Farrar. The FTC has long argued that noncompetes hurt workers.

An anonymous reader quotes a report from TorrentFreak: Hikari-no-Akari, a long-established and popular pirate site that specializes in Japanese music, is being targeted in U.S. federal court by Sony Music. [...] The music download portal, which links to externally hosted files, has been operating for well over a decade and currently draws more than a million monthly visits. In addition to the public-facing part of the site, HnA also has a private forum and Discord channel. [...] Apparently, Sony Music Japan has been keeping an eye on the unauthorized music portal. The company has many of its works shared on the site, including anime theme music, which is popular around the globe.

For example, a few weeks ago, HnA posted "Sayonara, Mata Itsuka!" from the Japanese artist Kenshi Yonezu, which is used as the theme song for the asadora series "The Tiger and Her Wings." Around the same time, PEACEKEEPER, a song by Japanese musician STEREO DIVE FOUNDATION, featured in the third season of the series "That Time I Got Reincarnated as a Slime", was shared on the site. Sony Music Japan is a rightsholder for both these tracks, as well as many others that were posted on the site. The music company presumably tried to contact HnA directly to have these listings removed and reached out to its CDN service Cloudflare too, asking it to take action. [...] They are a prerequisite for obtaining a DMCA subpoena, which Sony Music Japan requested at a California federal court this week.

Sony requested two DMCA subpoenas, both targeted at hikarinoakari.com and hnadownloads.co. The latter domain receives the bulk of its traffic from the first, which isn't a surprise considering the 'hnadownloads' name. Through the subpoena, the music company hopes to obtain additional information on the people behind these sites. That includes, names, IP-addresses, and payment info. Presumably, this will be used for follow-up enforcement actions. It's unclear whether Cloudflare will be able to hand over any usable information and for the moment, HnA remains online. Several of the infringing URLs that were identified by Sony have recently been taken down, including this one. However, others remain readily available. The same applies to private forum threads and Discord postings, of course.

OpenAI's ChatGPT app for macOS contained a security vulnerability until Friday, potentially exposing users' conversations to unauthorized access, according to a developer's findings. The flaw allowed stored chats to be easily located and read in plain text on users' computers. Pedro Jose Pereira Vieito demonstrated the issue on social media, showing how a separate application could access and display recent ChatGPT conversations.

The FTC has issued warnings to several tech firms, including PC manufacturers ASRock, Gigabyte, and Zotac, regarding potential violations of the Magnuson-Moss Warranty Act. The agency expressed concerns that the companies' warranty and repair policies may be infringing on consumer rights. PCWorld adds: While the specific concerns vary by company, the FTC reminded the three companies that they can't, for example, place stickers on a laptop that caution consumers that opening or repairing the laptop violates warranty policies.

Neither can they state or imply that their products can only be repaired via an authorized service from the company. In the letter sent to Gigabyte (PDF), the FTC said that its staff is "concerned" by the Gigabyte written warranty, which includes the phrase: "If the manufacturing sticker inside the product was removed or damaged, it would no longer be covered by the warranty."

Proton, the privacy-focused technology company, has launched Proton Docs, a new document editing tool that bears a striking resemblance to Google Docs. The service, launched as part of Proton Drive, offers features such as rich text editing, real-time collaboration, and multimedia support.

Brazil's national data protection authority ruled on Tuesday that Meta must stop using data originating in the country to train its artificial intelligence models. The Associated Press reports: Meta's updated privacy policy enables the company to feed people's public posts into its AI systems. That practice will not be permitted in Brazil, however. The decision stems from "the imminent risk of serious and irreparable or difficult-to-repair damage to the fundamental rights of the affected data subjects," the agency said in the nation's official gazette. [...] Hye Jung Han, a Brazil-based researcher for the rights group, said in an email Tuesday that the regulator's action "helps to protect children from worrying that their personal data, shared with friends and family on Meta's platforms, might be used to inflict harm back on them in ways that are impossible to anticipate or guard against."

But the decision regarding Meta will "very likely" encourage other companies to refrain from being transparent in the use of data in the future, said Ronaldo Lemos, of the Institute of Technology and Society of Rio de Janeiro, a think-tank. "Meta was severely punished for being the only one among the Big Tech companies to clearly and in advance notify in its privacy policy that it would use data from its platforms to train artificial intelligence," he said. Compliance must be demonstrated by the company within five working days from the notification of the decision, and the agency established a daily fine of 50,000 reais ($8,820) for failure to do so. In a statement, Meta said the company is "disappointed" by the decision and insists its method "complies with privacy laws and regulations in Brazil."

"This is a step backwards for innovation, competition in AI development and further delays bringing the benefits of AI to people in Brazil," a spokesperson for the company added.

The Supreme Court has agreed to hear a challenge to a Texas law requiring age verification to access online pornography, which opponents argue violates the First Amendment by discouraging adults from viewing such material due to privacy concerns. A federal judge blocked the law citing its chilling effect on free speech, but a divided appeals court upheld it, emphasizing the government's interest in protecting minors; the case will now be reviewed by the Supreme Court. The Texas bill in question, HB 1181, was passed into law last June. The New York Times reports: The Supreme Court agreed on Tuesday to hear a challenge to a Texas law that seeks to limit minors' access to pornography on the internet by requiring age verification measures like the submission of government-issued IDs. A trade group, companies that produce sexual materials and a performer challenged the law, saying that it violates the First Amendment right of adults. The law does not allow companies to retain information their users submit. But the challengers said adults would be wary of supplying personal information for fear of identity theft, tracking and extortion. [...]

In urging the Supreme Court to leave the law in place while it considers whether to hear the case, Ken Paxton, Texas' attorney general, said pornography available on the internet is "orders of magnitude more graphic, violent and degrading than any so-called 'girlie' magazine of yesteryear." He added: "This statute does not prohibit the performance, production or even sale of pornography but, more modestly, simply requires the pornography industry that make billions of dollars from peddling smut to take commercially reasonable steps to ensure that those who access the material are adults. There is nothing unconstitutional about it."

An anonymous reader quotes a report from Ars Technica: Human Rights Watch (HRW) continues to reveal how photos of real children casually posted online years ago are being used to train AI models powering image generators -- even when platforms prohibit scraping and families use strict privacy settings. Last month, HRW researcher Hye Jung Han found 170 photos of Brazilian kids that were linked in LAION-5B, a popular AI dataset built from Common Crawl snapshots of the public web. Now, she has released a second report, flagging 190 photos of children from all of Australia's states and territories, including indigenous children who may be particularly vulnerable to harms. These photos are linked in the dataset "without the knowledge or consent of the children or their families." They span the entirety of childhood, making it possible for AI image generators to generate realistic deepfakes of real Australian children, Han's report said. Perhaps even more concerning, the URLs in the dataset sometimes reveal identifying information about children, including their names and locations where photos were shot, making it easy to track down children whose images might not otherwise be discoverable online. That puts children in danger of privacy and safety risks, Han said, and some parents thinking they've protected their kids' privacy online may not realize that these risks exist.

From a single link to one photo that showed "two boys, ages 3 and 4, grinning from ear to ear as they hold paintbrushes in front of a colorful mural," Han could trace "both children's full names and ages, and the name of the preschool they attend in Perth, in Western Australia." And perhaps most disturbingly, "information about these children does not appear to exist anywhere else on the Internet" -- suggesting that families were particularly cautious in shielding these boys' identities online. Stricter privacy settings were used in another image that Han found linked in the dataset. The photo showed "a close-up of two boys making funny faces, captured from a video posted on YouTube of teenagers celebrating" during the week after their final exams, Han reported. Whoever posted that YouTube video adjusted privacy settings so that it would be "unlisted" and would not appear in searches. Only someone with a link to the video was supposed to have access, but that didn't stop Common Crawl from archiving the image, nor did YouTube policies prohibiting AI scraping or harvesting of identifying information.

Reached for comment, YouTube's spokesperson, Jack Malon, told Ars that YouTube has "been clear that the unauthorized scraping of YouTube content is a violation of our Terms of Service, and we continue to take action against this type of abuse." But Han worries that even if YouTube did join efforts to remove images of children from the dataset, the damage has been done, since AI tools have already trained on them. That's why -- even more than parents need tech companies to up their game blocking AI training -- kids need regulators to intervene and stop training before it happens, Han's report said. Han's report comes a month before Australia is expected to release a reformed draft of the country's Privacy Act. Those reforms include a draft of Australia's first child data protection law, known as the Children's Online Privacy Code, but Han told Ars that even people involved in long-running discussions about reforms aren't "actually sure how much the government is going to announce in August." "Children in Australia are waiting with bated breath to see if the government will adopt protections for them," Han said, emphasizing in her report that "children should not have to live in fear that their photos might be stolen and weaponized against them."

storagedude shares a report from the Cyber Express: Some of the most widely used web and social media applications could be vulnerable to three newly discovered CocoaPods vulnerabilities -- including potentially millions of Apple devices, according to a report by The Cyber Express, the news service of threat intelligence vendor Cyble Inc. E.V.A Information Security researchers reported three vulnerabilities in the open source CocoaPods dependency manager that could allow malicious actors to take over thousands of unclaimed pods and insert malicious code into many of the most popular iOS and MacOS applications, potentially affecting "almost every Apple device." The researchers found vulnerable code in applications provided by Meta (Facebook, Whatsapp), Apple (Safari, AppleTV, Xcode), and Microsoft (Teams); as well as in TikTok, Snapchat, Amazon, LinkedIn, Netflix, Okta, Yahoo, Zynga, and many more.

The vulnerabilities have been patched, yet the researchers still found 685 Pods "that had an explicit dependency using an orphaned Pod; doubtless there are hundreds or thousands more in proprietary codebases." The newly discovered vulnerabilities -- one of which (CVE-2024-38366) received a 10 out of 10 criticality score -- actually date from a May 2014 CocoaPods migration to a new 'Trunk' server, which left 1,866 orphaned pods that owners never reclaimed. While the vulnerabilities have been patched, the work for developers and DevOps teams that used CocoaPods before October 2023 is just getting started. "Developers and DevOps teams that have used CocoaPods in recent years should verify the integrity of open source dependencies used in their application code," the E.V.A researchers said. "The vulnerabilities we discovered could be used to control the dependency manager itself, and any published package." [...] "Dependency managers are an often-overlooked aspect of software supply chain security," the researchers wrote. "Security leaders should explore ways to increase governance and oversight over the use these tools." "While there is no direct evidence of any of these vulnerabilities being exploited in the wild, evidence of absence is not absence of evidence." the EVA researchers wrote. "Potential code changes could affect millions of Apple devices around the world across iPhone, Mac, AppleTV, and AppleWatch devices."

While no action is required by app developers or users, the EVA researchers recommend several ways to protect against these vulnerabilities. To ensure secure and consistent use of CocoaPods, synchronize the podfile.lock file with all developers, perform CRC validation for internally developed Pods, and conduct thorough security reviews of third-party code and dependencies. Furthermore, regularly review and verify the maintenance status and ownership of CocoaPods dependencies, perform periodic security scans, and be cautious of widely used dependencies as potential attack targets.

"A federal grand jury has indicted an embattled Alzheimer's researcher for allegedly falsifying data to fraudulently obtain $16 million in federal research funding from the National Institutes of Health for the development of a controversial Alzheimer's drug and diagnostic test," writes Beth Mole via Ars Technica. "Wang is charged with one count of major fraud against the United States, two counts of wire fraud, and one count of false statements. If convicted, he faces a maximum penalty of 10 years in prison for the major fraud charge, 20 years in prison for each count of wire fraud, and five years in prison for the count of false statements [...]." From the report: Hoau-Yan Wang, 67, a medical professor at the City University of New York, was a paid collaborator with the Austin, Texas-based pharmaceutical company Cassava Sciences. Wang's research and publications provided scientific underpinnings for Cassava's Alzheimer's treatment, Simufilam, which is now in Phase III trials. Simufilam is a small-molecule drug that Cassava claims can restore the structure and function of a scaffolding protein in the brain of people with Alzheimer's, leading to slowed cognitive decline. But outside researchers have long expressed doubts and concerns about the research.

In 2023, Science magazine obtained a 50-page report from an internal investigation at CUNY that looked into 31 misconduct allegations made against Wang in 2021. According to the report, the investigating committee "found evidence highly suggestive of deliberate scientific misconduct by Wang for 14 of the 31 allegations," the report states. The allegations largely centered around doctored and fabricated images from Western blotting, an analytical technique used to separate and detect proteins. However, the committee couldn't conclusively prove the images were falsified "due to the failure of Dr. Wang to provide underlying, original data or research records and the low quality of the published images that had to be examined in their place." In all, the investigation "revealed long-standing and egregious misconduct in data management and record keeping by Dr. Wang," and concluded that "the integrity of Dr. Wang's work remains highly questionable." The committee also concluded that Cassava's lead scientist on its Alzheimer's disease program, Lindsay Burns, who was a frequent co-author with Wang, also likely bears some responsibility for the misconduct.

In March 2022, five of Wang's articles published in the journal PLOS One were retracted over integrity concerns with images in the papers. Other papers by Wang have also been retracted or had statements of concern attached to them. Further, in September 2022, the Food and Drug Administration conducted an inspection of the analytical work and techniques used by Wang to analyze blood and cerebrospinal fluid from patients in a simufilam trial. The investigation found a slew of egregious problems, which were laid out in a "damning" report (PDF) obtained by Science. In the indictment last week (PDF), federal authorities were explicit about the allegations, claiming that Wang falsified the results of his scientific research to NIH "by, among other things, manipulating data and images of Western blots to artificially add bands [which represent proteins], subtract bands, and change their relative thickness and/or darkness, and then drawing conclusions" based on those false results.

Microsoft revealed that the Russian hackers who breached its systems earlier this year stole more emails than initially reported. "We are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor, and we are providing the customers the email correspondence that was accessed by this actor," a Microsoft spokesperson told Bloomberg (paywalled). "This is increased detail for customers who have already been notified and also includes new notifications." The Register reports: We've been aware for some time that the digital Russian break-in at the Windows maker saw Kremlin spies make off with source code, executive emails, and sensitive U.S. government data. Reports last week revealed that the issue was even larger than initially believed and additional customers' data has been stolen. Along with Russia, Microsoft was also compromised by state actors from China not long ago, and that issue similarly led to the theft of emails and other data belonging to senior U.S. government officials.

Both incidents have led experts to call Microsoft a threat to U.S. national security, and president Brad Smith to issue a less-than-reassuring mea culpa to Congress. All the while, the U.S. government has actually invested more in its Microsoft kit. Bloomberg reported that emails being sent to affected Microsoft customers include a link to a secure environment where customers can visit a site to review messages Microsoft identified as having been compromised. But even that might not have been the most security-conscious way to notify folks: Several thought they were being phished.

Keith Gill, the investor known as "Roaring Kitty" online, is being used by GameStop investors for helping spur the meme stock mania of 2021. The plaintiffs said they lost money through his "pump-and-dump" scheme, which led to a "short squeeze" that caused losses for hedge funds betting stock prices would fall. Reuters reports: A proposed class action accusing Gill of securities fraud was filed on Friday in the Brooklyn, New York federal court. Investors led by Martin Radev, who lives in the Las Vegas area, said Gill manipulated GameStop securities between May 13 and June 13 by quietly accumulating large quantities of stock and call options, and then dumping some holdings after emerging from a three-year social media hiatus. They said Gill's activities caused GameStop's share price to gyrate wildly, generating "millions of dollars" in profit for him at their expense. "Defendant still enjoys celebrity status and commands a following of millions through his social media accounts," the complaint said. "Accordingly, Defendant was well aware of his ability to manipulate the market for GameStop securities, as well as the benefits he could reap."

He had on May 12 posted a cryptic meme on the social media platform X that was widely seen as a bullish signal for GameStop, whose stock he cheerleaded in 2021. GameStop's share price more than tripled over the next two days, but gave back nearly all the gains by May 24. On June 2, Gill revealed that he owned 5 million GameStop shares and 120,000 call options, and on June 13 revealed he had shed the call options but owned 9 million GameStop shares. Investors said the truth about Gill's investing became known on June 3 when the Wall Street Journal wrote about the timing of his options trades and said the online brokerage E*Trade considered kicking him off its platform.

An anonymous reader quotes an op-ed written by Kenneth Roth, former executive director of Human Rights Watch (1993-2022) and a visiting professor at Princeton's School of Public and International Affairs: Julian Assange's lengthy detention has finally ended, but the danger that his prosecution poses to the rights of journalists remains. As is widely known, the U.S. government's pursuit of Assange under the Espionage Act threatens to criminalize common journalistic practices. Sadly, Assange's guilty plea and release from custody have done nothing to ease that threat. That Assange was indicted under the Espionage Act, a U.S. law designed to punish spies and traitors, should not be considered the normal course of business. Barack Obama's justice department never charged Assange because it couldn't distinguish what he had done from ordinary journalism. The espionage charges were filed by the justice department of Donald Trump. Joe Biden could have reverted to the Obama position and withdrawn the charges but never did.

The 18-count indictment filed under Trump accused Assange of having solicited secret U.S. government information and encouraged Chelsea Manning to provide it. Manning committed a crime when she delivered that information because she was a government employee who had pledged to safeguard confidential information on pain of punishment. But Assange's alleged solicitation of that information, and the steps he was said to have taken to ensure that it could be transferred anonymously, are common procedure for many journalists who report on national security issues. If these practices were to be criminalized, our ability to monitor government conduct would be seriously compromised. To make matters worse, someone accused under the Espionage Act is not allowed to argue to a jury that disclosures were made in the public interest. The unauthorized disclosure of secret information deemed prejudicial to national security is sufficient for conviction regardless of motive.

To justify Espionage Act charges, the Trump-era prosecutors stressed that Assange was accused of not only soliciting and receiving secret government information but also agreeing to help crack a password that would provide access to U.S. government files. That is not ordinary journalistic behavior. An Espionage Act prosecution for computer hacking is very different from a prosecution for merely soliciting and receiving secret information. Even if it would not withdraw the Trump-era charges, Biden's justice department could have limited the harm to journalistic freedom by ensuring that the alleged computer hacking was at the center of Assange's guilty plea. In fact, it was nowhere to be found. The terms for the proceeding were outlined in a 23-page "plea agreement" filed with the U.S. District Court for the Northern Mariana Islands, where Assange appeared by consent. Assange agreed to plead guilty to a single charge of violating the Espionage Act, but under U.S. law, it is not enough to plead in the abstract. A suspect must concede facts that would constitute an offense. "One effect of the guilty plea is that there will be no legal challenge to the prosecution, and hence no judicial decision on whether this use of the Espionage Act violates the freedom of the media as protected by the first amendment of the U.S. constitution," notes Roth. "That means that just as prosecutors overreached in the case of Assange, they could do so again."

"[M]edia protections are not limited to journalists who are deemed responsible. Nor do we want governments to make judgments about which journalists deserve First Amendment safeguards. That would quickly compromise media freedom for all journalists."

Roth concludes: "Imperfect journalist that he was, Assange should never have been prosecuted under the Espionage Act. It is unfortunate that the Biden administration didn't take available steps to mitigate that harm."

An anonymous reader quotes a report from Ars Technica: Meta continues to hit walls with its heavily scrutinized plan to comply with the European Union's strict online competition law, the Digital Markets Act (DMA), by offering Facebook and Instagram subscriptions as an alternative for privacy-inclined users who want to opt out of ad targeting. Today, the European Commission (EC) announced preliminary findings that Meta's so-called "pay or consent" or "pay or OK" model -- which gives users a choice to either pay for access to its platforms or give consent to collect user data to target ads -- is not compliant with the DMA. According to the EC, Meta's advertising model violates the DMA in two ways. First, it "does not allow users to opt for a service that uses less of their personal data but is otherwise equivalent to the 'personalized ads-based service." And second, it "does not allow users to exercise their right to freely consent to the combination of their personal data," the press release said.

Now, Meta will have a chance to review the EC's evidence and defend its policy, with today's findings kicking off a process that will take months. The EC's investigation is expected to conclude next March. Thierry Breton, the commissioner for the internal market, said in the press release that the preliminary findings represent "another important step" to ensure Meta's full compliance with the DMA. "The DMA is there to give back to the users the power to decide how their data is used and ensure innovative companies can compete on equal footing with tech giants on data access," Breton said. A Meta spokesperson told Ars that Meta plans to fight the findings -- which could trigger fines up to 10 percent of the company's worldwide turnover, as well as fines up to 20 percent for repeat infringement if Meta loses. The EC agreed that more talks were needed, writing in the press release, "the Commission continues its constructive engagement with Meta to identify a satisfactory path towards effective compliance." Meta continues to claim that its "subscription for no ads" model was "endorsed" by the highest court in Europe, the Court of Justice of the European Union (CJEU), last year.

"Subscription for no ads follows the direction of the highest court in Europe and complies with the DMA," Meta's spokesperson said. "We look forward to further constructive dialogue with the European Commission to bring this investigation to a close."

Meta rolled out its ad-free subscription service option last November. "Depending on where you purchase it will cost $10.5/month on the web or $13.75/month on iOS and Android," said the company in a blog post. "Regardless of where you purchase, the subscription will apply to all linked Facebook and Instagram accounts in a user's Accounts Center. As is the case for many online subscriptions, the iOS and Android pricing take into account the fees that Apple and Google charge through respective purchasing policies."