Slashdot Mirror

The Securities and Exchange Commission has asked a federal judge to hold CEO Elon Musk in contempt for breaking terms of a settlement agreement with a tweet. The SEC cited an "inaccurate" February 19 tweet about production. Musk tweeted alongside a photo: "4000 Tesla cars loading in SF for Europe." He replied to the tweet adding: "Tesla made 0 cars in 2011, but will make around 500k in 2019." Fast Company reports: It's that "will make around 500K in 2019" part that angered the SEC, which had this to say in legal papers filed with a Manhattan federal court: "He once again published inaccurate and material information about Tesla to his over 24 million Twitter followers, including members of the press, and made this inaccurate information available to anyone with Internet access." The SEC says the tweet violated an agreement that was part of a settlement Tesla made with the regulator last year. Musk promised to consult with Tesla's board before he made any statements on social media that could affect the stock price of the company. Tesla also agreed to pay $40 million in penalties and Musk agreed to step down as chairman of the board.

An anonymous reader quotes a report from TechCrunch: A group of academics have found three new security flaws in 4G and 5G, which they say can be used to intercept phone calls and track the locations of cell phone users. The findings are said to be the first time vulnerabilities have affected both 4G and the incoming 5G standard, which promises faster speeds and better security, particularly against law enforcement use of cell site simulators, known as "stingrays." But the researchers say that their new attacks can defeat newer protections that were believed to make it more difficult to snoop on phone users. [Rafiul Hussain, one of the co-authors of the paper, along with Ninghui Li and Elisa Bertino at Purdue University, and Mitziu Echeverria and Omar Chowdhury at the University of Iowa are set to reveal their findings at the Network and Distributed System Security Symposium in San Diego on Tuesday.

The paper, seen by TechCrunch prior to the talk, details the attacks: the first is Torpedo, which exploits a weakness in the paging protocol that carriers use to notify a phone before a call or text message comes through. The researchers found that several phone calls placed and cancelled in a short period can trigger a paging message without alerting the target device to an incoming call, which an attacker can use to track a victim's location. Knowing the victim's paging occasion also lets an attacker hijack the paging channel and inject or deny paging messages, by spoofing messages like Amber alerts or blocking messages altogether, the researchers say. Torpedo opens the door to two other attacks: Piercer, which the researchers say allows an attacker to determine an international mobile subscriber identity (IMSI) on the 4G network; and the aptly named IMSI-Cracking attack, which can brute force an IMSI number in both 4G and 5G networks, where IMSI numbers are encrypted. AT&T, Verizon, Sprint and T-Mobile are all affected by Torpedo, "and the attacks can be carried out with radio equipment costing as little as $200," the report adds. One U.S. network is reportedly vulnerable to the Piercer attack, but the researcher wouldn't name which one.

An anonymous reader quotes a report from Gizmodo: Newly unsealed court documents show that Facebook was aware that underage children routinely used their parents' payment information to spend large sums of money on in-game purchases, and the company chose not to fix the problem. For years, it allowed for what it called "friendly fraud" because it feared implementing protections would harm revenue, according to the documents. In 2016, Facebook settled a class-action lawsuit brought by parents of children who were tricked into unwittingly making purchases with real money while playing free video games hosted on the social media platform. Despite its recognition of the problem, internal discussions show that Facebook decided it would be best to fight refund requests and allow the problem to persist. Documents related to the case were placed under seal because Facebook successfully argued that releasing them to the public could harm its business. Reveal, a publication run by the Center for Investigative Reporting, argued that these documents were in the public interest; last week, a judge granted Reveal's request to release the documents. On Thursday night, 135 pages from the court proceedings were unsealed, though Facebook was allowed to maintain some redactions.

The snow-dusted peak of Mount Wilson in California has been home to many famous observatories. Until 1949, its 100-inch (2.5-meter) Hooker telescope was the largest aperture telescope in the world, and in 2004, its CHARA array became the world's largest optical interferometer. Now, two new observatories are being built there that, while not focused on the stars, might prove equally historic. They could house Facebook's first laser communications systems designed to connect to satellites in orbit. IEEE Spectrum reports: Construction permits issued by the County of Los Angeles show that a small company called PointView Tech is building two detached observatories on the mountain peak. PointView is the company that IEEE Spectrum revealed last year to be a previously unknown subsidiary of Facebook working on an experimental satellite called Athena. In April, PointView sought permission from the U.S. Federal Communications Commission to test whether E-band radio signals could "be used for the provision of fixed and mobile broadband access in unserved and underserved areas."

That application was still pending at the FCC before the current U.S. federal government shutdown took effect, but it and other public documents and presentations now strongly suggest that PointView is planning to utilize laser technology, possibly both in Athena and future spacecraft. Facebook has long been interested in free space optical, or laser, communication technology. Lasers are able to support much higher data rates than radio transmitters for a given input power, and their signals are largely immune to interference or hacking, although clouds can be problematic. Although Facebook developed millimeter-wave E-band links for its stratospheric Aquila drones, it was also experimenting with air-to-ground laser communications before it canceled its drone program last June. The laser tests, which used technology supplied by German company Mynaric, succeeded in establishing 10-gigabit-per-second links between a ground station and a light aircraft flying overhead.

A California judge has ruled that American cops can't force people to unlock a mobile phone with their face or finger. The ruling goes further to protect people's private lives from government searches than any before and is being hailed as a potentially landmark decision. From a report: Previously, U.S. judges had ruled that police were allowed to force unlock devices like Apple's iPhone with biometrics, such as fingerprints, faces or irises. That was despite the fact feds weren't permitted to force a suspect to divulge a passcode. But according to a ruling uncovered by Forbes, all logins are equal. The order came from the U.S. District Court for the Northern District of California in the denial of a search warrant for an unspecified property in Oakland. The warrant was filed as part of an investigation into a Facebook extortion crime, in which a victim was asked to pay up or have an "embarassing" video of them publicly released. The cops had some suspects in mind and wanted to raid their property. In doing so, the feds also wanted to open up any phone on the premises via facial recognition, a fingerprint or an iris.

An anonymous reader quotes a report from CNBC: Attorneys in San Francisco representing an Alphabet shareholder are suing the board of directors for allegedly covering up sexual misconduct claims against top executives. The suit comes months after an explosive New York Times report detailed how Google shielded executives accused of sexual misconduct, either by keeping them on staff or allowing them amicable departures. For example, Google reportedly paid Android leader Andy Rubin a $90 million exit package, despite asking for his resignation after finding sexual misconduct claims against him credible.

The new lawsuit, filed in California's San Mateo County, asserts claims for breach of fiduciary duty, abuse of control, unjust enrichment, and waste of corporate assets. The attorneys say the lawsuit is the result of "an extensive original investigation into non-public evidence" and produced copies of internal Google minutes from board of directors meetings. "The Directors' wrongful conduct allowed the illegal conduct to proliferate and continue," the suit reads. "As such, members of Alphabet's Board were knowing and direct enablers of the sexual harassment and discrimination."

The American Civil Liberties Union, along with Privacy International, a similar organization based in the United Kingdom, have now sued 11 federal agencies, demanding records about how those agencies engage in what is often called "lawful hacking." From a report: The activist groups filed Freedom of Information Act requests to the FBI, the Drug Enforcement Agency, and nine others. None responded in a substantive way. "Law enforcement use of hacking presents a unique threat to individual privacy," the ACLU argues in its lawsuit, which was filed Friday in federal court in New York state. "Hacking can be used to obtain volumes of personal information about individuals that would never previously have been available to law enforcement."

The FBI has shut down the domains of 15 high-profile distributed denial-of-service (DDoS) websites. "Several seizure warrants granted by a California federal judge went into effect Thursday, removing several of these 'border' or 'stresser' sites off the internet 'as part of coordinated law enforcement action taken against illegal DDoS-for-hire services,'" reports TechCrunch. "The orders were granted under federal seizure laws, and the domains were replaced with a federal notice." From the report: Prosecutors have charged three men, Matthew Gatrel and Juan Martinez in California and David Bukoski in Alaska, with operating the sites, according to affidavits filed in three U.S. federal courts, which were unsealed Thursday. The FBI had assistance from the U.K.'s National Crime Agency and the Dutch national police, and the Justice Department named several companies, including Cloudflare, Flashpoint and Google, for providing authorities with additional assistance. In all, several sites were knocked offline -- including downthem.org, netstress.org, quantumstress.net, vbooter.org and defcon.pro and more -- which allowed would-be attackers to sign up to rent time and servers to launch large-scale bandwidth attacks against systems and servers.

An anonymous reader quotes a report from Ars Technica: Earlier this year, a federal judge in Fresno, California, denied prosecutors' efforts to compel Facebook to help it wiretap Messenger voice calls. But the precise legal arguments that the government made, and that the judge ultimately rejected, are still sealed. On Wednesday, the American Civil Liberties Union formally asked the judge to unseal court dockets and related rulings associated with this ongoing case involving alleged MS-13 gang members. ACLU lawyers argue that such a little-charted area of the law must be made public so that tech companies and the public can fully know what's going on.

In their new filing, ACLU lawyers pointed out that "neither the government's legal arguments nor the judge's legal basis for rejecting the government motion has ever been made public." The attorneys continued, citing a "strong public interest in knowing which law has been interpreted" and referencing an op-ed published on Ars on October 2 as an example. The ACLU argued that the case is reminiscent of the so-called "FBI v. Apple" legal showdown -- whose docket and related filings were public -- where the government made novel arguments in an attempt to crack the encryption on a seized iPhone. Those legal questions were never resolved, as the government said the day before a scheduled hearing that it had found a company to assist in its efforts. "Moreover, the sealing of the docket sheet in this case impermissibly prevents the public from knowing anything about the actions of both the judiciary and the executive in navigating a novel legal issue, which has the potential to reoccur in the future," the ACLU's attorneys continued.

"The case involves the executive branch's attempt to force a private corporation to break the encryption and other security mechanisms on a product relied upon by the public to have private conversations. The government is not just seeking information held by a third party; rather, it appears to be attempting to get this Court to force a communications platform to redesign its product to thwart efforts to secure communications between users."

An anonymous reader quotes a report from Ars Technica: Earlier this year, a federal judge in Fresno, California, denied prosecutors' efforts to compel Facebook to help it wiretap Messenger voice calls. But the precise legal arguments that the government made, and that the judge ultimately rejected, are still sealed. On Wednesday, the American Civil Liberties Union formally asked the judge to unseal court dockets and related rulings associated with this ongoing case involving alleged MS-13 gang members. ACLU lawyers argue that such a little-charted area of the law must be made public so that tech companies and the public can fully know what's going on.

In their new filing, ACLU lawyers pointed out that "neither the government's legal arguments nor the judge's legal basis for rejecting the government motion has ever been made public." The attorneys continued, citing a "strong public interest in knowing which law has been interpreted" and referencing an op-ed published on Ars on October 2 as an example. The ACLU argued that the case is reminiscent of the so-called "FBI v. Apple" legal showdown -- whose docket and related filings were public -- where the government made novel arguments in an attempt to crack the encryption on a seized iPhone. Those legal questions were never resolved, as the government said the day before a scheduled hearing that it had found a company to assist in its efforts. "Moreover, the sealing of the docket sheet in this case impermissibly prevents the public from knowing anything about the actions of both the judiciary and the executive in navigating a novel legal issue, which has the potential to reoccur in the future," the ACLU's attorneys continued.

"The case involves the executive branch's attempt to force a private corporation to break the encryption and other security mechanisms on a product relied upon by the public to have private conversations. The government is not just seeking information held by a third party; rather, it appears to be attempting to get this Court to force a communications platform to redesign its product to thwart efforts to secure communications between users."

Two Iranian officials have been indicted by U.S. federal prosecutors for creating and deploying the notorious SamSam ransomware, which exploits a deserialization vulnerability in Java-based servers. TechCrunch reports: Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, were indicted by a federal grand jury in New Jersey on Monday on several counts of computer hacking and fraud charges. The case was unsealed Wednesday, shortly before a press conference announcing the charges by U.S. deputy attorney general Rod Rosenstein. In total, SamSam has generated some $6 million in proceeds to date -- or 1,430 bitcoin at today's value. In a separate announcement, the Treasury said it had imposed sanctions against two bitcoin addresses associated with the ransomware. The department said the two addresses processed more than 7,000 transactions used to collect ransom demands from victims. "The Iranian defendants allegedly used hacking and malware to cause more than $30 million in losses to more than 200 victims," said Rosenstein. "According to the indictment, the hackers infiltrated computer systems in ten states and Canada and then demanded payment. The criminal activity harmed state agencies, city governments, hospitals, and countless innocent victims."

One of the victims was the City of Atlanta, which was knocked offline earlier this year and spent a projected $2.6 million in recovery. "It was later discovered that the city's computers had long been vulnerable to leaked exploits developed by the National Security Agency -- later stolen and leaked online for anyone to use," reports TechCrunch.

In an attempt to catch two cybercriminals, the FBI set up a fake FedEx website and created rigged Word documents, "both of which were designed to reveal the IP address of the fraudsters," reports Motherboard. From the report: The first case centers around Gorbel, a cranes and ergonomic lifting manufacturing company headquartered in Fishers, New York, according to court records. Here, the cybercriminals used a long, potentially confusing and official looking email address to pose as the company's CEO Brian Reh, and emailed the accounts team asking for payment for a new vendor. The fraudsters provided a W9 form of a particular company, and the finance department mailed a check for over $82,000. Gorbel noticed the fraudulent transaction, and brought in the FBI in July. Shortly after, Gorbel received other emails pretending to be Reh, asking for another transfer. This time, the finance department and FBI were ready. The FBI created a fake FedEx website and sent that to the target, in the hope it would capture the hacker's IP address, according to court records. The FBI even concocted a fake "Access Denied, This website does not allow proxy connections" page in order to entice the cybercriminal to connect from an identifiable address.

That FedEx unmasking attempt was not successful, it seems -- the cybercriminal checked the link from six different IP addresses, some including proxies -- and the FBI moved on to use a network investigative technique, or NIT, instead. NIT is an umbrella term the FBI uses for a variety of hacking approaches. The FBI attempted to locate the cybercriminals with a Word document containing an image that would connect to the FBI server and reveal the target's IP address, according to court records. The image was a screenshot of a FedEx tracking portal for a sent payment, the court records add. Motherboard also details the second case that occurred in August 2017, where a business in the Western District of New York received an email claiming to be from Invermar, a Chilean seafood vendor and one of the company's suppliers, according to court records: This email, posing as a known employee of Invermar, asked the victim to send funds to a new bank account. Whereas the legitimate Invermar domain ends with a .cl suffix, the hackers used one ending in .us. The business the hackers targeted apparently didn't notice the different suffix, and over the course of September and October wire transferred around $1.2 million to the cybercriminals, with the victim eventually able to recover $300,000 (the court documents don't specify how exactly, although a charge back seems likely). To determine where this criminal was located, the FBI also decided to deploy a NIT.

"The FBI will provide an email attachment to the victim which will be used to pose as a form to be filled out by the TARGET USER for future payment from the VICTIM," one court record reads. The NIT required the target to exit "protected mode," a setting in Microsoft Word that stops documents from connecting to the internet. The warrant application says the government does not believe it needs a warrant to send a target an embedded image, but out of an abundance of caution, added to the fact that the target will need to deliberately exit protected mode, the FBI applied for one anyway. Both NITs were designed to only obtain a target's IP address and User Agent String, according to the warrant applications. A User Agent String can reveal what operating system a target is using. Although signed by two different FBI Special Agents, both of the NIT warrant applications come out of the Cyber Squad, Buffalo Division, in Rochester, New York.

In an attempt to catch two cybercriminals, the FBI set up a fake FedEx website and created rigged Word documents, "both of which were designed to reveal the IP address of the fraudsters," reports Motherboard. From the report: The first case centers around Gorbel, a cranes and ergonomic lifting manufacturing company headquartered in Fishers, New York, according to court records. Here, the cybercriminals used a long, potentially confusing and official looking email address to pose as the company's CEO Brian Reh, and emailed the accounts team asking for payment for a new vendor. The fraudsters provided a W9 form of a particular company, and the finance department mailed a check for over $82,000. Gorbel noticed the fraudulent transaction, and brought in the FBI in July. Shortly after, Gorbel received other emails pretending to be Reh, asking for another transfer. This time, the finance department and FBI were ready. The FBI created a fake FedEx website and sent that to the target, in the hope it would capture the hacker's IP address, according to court records. The FBI even concocted a fake "Access Denied, This website does not allow proxy connections" page in order to entice the cybercriminal to connect from an identifiable address.

That FedEx unmasking attempt was not successful, it seems -- the cybercriminal checked the link from six different IP addresses, some including proxies -- and the FBI moved on to use a network investigative technique, or NIT, instead. NIT is an umbrella term the FBI uses for a variety of hacking approaches. The FBI attempted to locate the cybercriminals with a Word document containing an image that would connect to the FBI server and reveal the target's IP address, according to court records. The image was a screenshot of a FedEx tracking portal for a sent payment, the court records add. Motherboard also details the second case that occurred in August 2017, where a business in the Western District of New York received an email claiming to be from Invermar, a Chilean seafood vendor and one of the company's suppliers, according to court records: This email, posing as a known employee of Invermar, asked the victim to send funds to a new bank account. Whereas the legitimate Invermar domain ends with a .cl suffix, the hackers used one ending in .us. The business the hackers targeted apparently didn't notice the different suffix, and over the course of September and October wire transferred around $1.2 million to the cybercriminals, with the victim eventually able to recover $300,000 (the court documents don't specify how exactly, although a charge back seems likely). To determine where this criminal was located, the FBI also decided to deploy a NIT.

"The FBI will provide an email attachment to the victim which will be used to pose as a form to be filled out by the TARGET USER for future payment from the VICTIM," one court record reads. The NIT required the target to exit "protected mode," a setting in Microsoft Word that stops documents from connecting to the internet. The warrant application says the government does not believe it needs a warrant to send a target an embedded image, but out of an abundance of caution, added to the fact that the target will need to deliberately exit protected mode, the FBI applied for one anyway. Both NITs were designed to only obtain a target's IP address and User Agent String, according to the warrant applications. A User Agent String can reveal what operating system a target is using. Although signed by two different FBI Special Agents, both of the NIT warrant applications come out of the Cyber Squad, Buffalo Division, in Rochester, New York.

Oregon Senator Ron Wyden has introduced the Consumer Data Protection Act that "would dramatically beef up Federal Trade Commission authority and funding to crack down on privacy violations, let consumers opt out of having their sensitive personal data collected and sold, and impose harsh new penalties on a massive data monetization industry that has for years claims that self-regulation is all that's necessary to protect consumer privacy," reports Motherboard. From the report: Wyden's bill proposes that companies whose revenue exceeds $1 billion per year -- or warehouse data on more than 50 million consumers or consumer devices -- submit "annual data protection reports" to the government detailing all steps taken to protect the security and privacy of consumers' personal information. The proposed legislation would also levy penalties up to 20 years in prison and $5 million in fines for executives who knowingly mislead the FTC in these reports. The FTC's authority over such matters is currently limited -- one of the reasons telecom giants have been eager to move oversight of their industry from the Federal Communications Commission to the FTC. "Today's economy is a giant vacuum for your personal information -- everything you read, everywhere you go, everything you buy and everyone you talk to is sucked up in a corporation's database," Wyden said in a statement. "But individual Americans know far too little about how their data is collected, how it's used and how it's shared."

"It's time for some sunshine on this shadowy network of information sharing," Wyden said. "My bill creates radical transparency for consumers, gives them new tools to control their information and backs it up with tough rules with real teeth to punish companies that abuse Americans' most private information."

An anonymous reader quotes a report from TechCrunch: A U.S. government network was infected with malware thanks to one employee's "extensive history" of watching porn on his work computer, investigators have found. The audit, carried out by the U.S. Department of the Interior's inspector general, found that a U.S. Geological Survey (USGS) network at the EROS Center, a satellite imaging facility in South Dakota, was infected after an unnamed employee visited thousands of porn pages that contained malware, which downloaded to his laptop and "exploited the USGS' network." Investigators found that many of the porn images were "subsequently saved to an unauthorized USB device and personal Android cell phone," which was connected to the employee's government-issued computer. Investigators found that his Android cell phone "was also infected with malware." The findings were made public in a report earlier this month but buried on the U.S. government's oversight website and went largely unreported.

An anonymous reader quotes a report from Motherboard: The Trump FCC has declared towns and cities that vote to build their own broadband networks an "ominous threat to the First Amendment." The claims were made last week during a speech given at the telecom-funded Media Institute by FCC Commissioner Mike O'Rielly. In his speech, O'Rielly insinuated, without evidence, that community owned and operated broadband networks would naturally result in local governments aggressively limiting American free speech rights. "I would be remiss if my address omitted a discussion of a lesser-known, but particularly ominous, threat to the First Amendment in the age of the Internet: state-owned and operated broadband networks," claimed O'Rielly.

In his speech, O'Rielly highlighted efforts by the last FCC, led by former boss Tom Wheeler, to encourage such community-run broadband networks as a creative solution to private sector failure. O'Rielly subsequently tried to claim, without evidence, that encouraging such networks would somehow result in government attempts to censor public opinion. "Municipalities such as Chattanooga, Tennessee, and Wilson, North Carolina, have been notorious for their use of speech codes in the terms of service of state-owned networks, prohibiting users from transmitting content that falls into amorphous categories like 'hateful' or "threatening," O'Rielly claimed. The closest O'Rielly gets to supporting evidence appears to be a 2015 white paper written by Professor Enrique Armijo for the ISP-funded Free State Foundation. That paper similarly alleges that standard telecom sector language intended to police "threatening, abusive or hateful" language somehow implies community-run ISPs are more likely to curtail user speech. But municipal broadband experts say the argument has no basis in fact.

Zorro shares a report from The Mercury News: Not only did Facebook inflate ad-watching metrics by up to 900 percent (Warning: source may be paywalled, alternative source), it knew for more than a year that its average-viewership estimates were wrong and kept quiet about it, a new legal filing claims. A group of small advertisers suing the Menlo Park social media titan alleged in the filing that Facebook "induced" advertisers to buy video ads on its platform because advertisers believed Facebook users were watching video ads for longer than they actually were. That "unethical, unscrupulous" behavior by Facebook constituted fraud because it was "likely to deceive" advertisers, the filing alleged. The latest allegations arose out of a lawsuit that the advertisers filed against Mark Zuckerberg-led Facebook in federal court in 2016 over alleged inflation of ad-watching metrics. "Suggestions that we in any way tried to hide this issue from our partners are false," the company told The Wall Street Journal. "We told our customers about the error when we discovered it -- and updated our help center to explain the issue."

"The plaintiffs are seeking class-action status to bring other advertisers into the legal action, plus unspecified damages," reports The Mercury News. "They also want the court to order a third-party audit of Facebook's video-ad metrics."

Apple has strongly criticized Australia's anti-encryption bill, calling it "dangerously ambiguous" and "alarming to every Australian." From a report: The Australian government's draft law -- known as the Access and Assistance Bill -- would compel tech companies operating in the country, like Apple, to provide "assistance" to law enforcement and intelligence agencies in accessing electronic data. The government claims that encrypted communications are "increasingly being used by terrorist groups and organized criminals to avoid detection and disruption," without citing evidence. But critics say that the bill's "broad authorities that would undermine cybersecurity and human rights, including the right to privacy" by forcing companies to build backdoors and hand over user data -- even when it's encrypted. Now, Apple is the latest company after Google and Facebook joined civil and digital rights groups -- including Amnesty International -- to oppose the bill, amid fears that the government will rush through the bill before the end of the year. In a seven-page letter to the Australian parliament, Apple said that it "would be wrong to weaken security for millions of law-abiding customers in order to investigate the very few who pose a threat." The company adds, "We appreciate the government's outreach to Apple and other companies during the drafting of this bill. While we are pleased that some of the suggestions incorporated improve the legislation, the unfortunate fact is that the draft legislation remains dangerously ambiguous with respect to encryption and security. This is no time to weaken encryption. Rather than serving the interests of Australian law enforcement, it will just weaken the security and privacy of regular customers while pushing criminals further off the grid."

An anonymous reader quotes a report from Ars Technica: Lawyers representing a Southern California limousine company that sued Uber last month over state unfair competition allegations have now filed a motion for partial summary judgement. If the filing is granted by the judge, the motion would substantially streamline the case and answer the vexing question: are Uber drivers employees or not? The proposed class-action lawsuit, known as Diva Limousine v. Uber, relies on a recently decided California Supreme Court decision that makes it more difficult for companies to unilaterally declare their workers as contractors, which effectively deprives them of benefits that they would otherwise receive as employees.

In the California Supreme Court case, known as Dynamex, that court came up with a three-part test, known as the ABC test, to figure out whether companies can assert contractor status or not: "(A) that the worker is free from the control and direction of the hiring entity in connection with the performance of the work, both under the contract for the performance of the work and in fact, (B) that the worker performs work that is outside the usual course of the hiring entity's business, and (C) that the worker is customarily engaged in an independently established trade, occupation, or business, the worker should be considered an employee and the hiring business an employer under the suffer or permit to work standard in wage orders." "The standard for summary judgement is that there is no triable issue of material facts. That seems to be the case here," says Professor Veena Dubal of the University of California, Hastings, which is just blocks from Uber's headquarters in San Francisco.

"Under Dynamex, workers are likely employees for purposes of minimum wage and overtime if they perform work that is within the usual course of the hiring entity's business. Uber drivers provide rides, and Uber is a transportation company that facilitates the provision of those rides. I have a hard time imagining how Uber can argue that there is a triable issue of fact here, although I am confident that they will argue that they are a software company. They have lost that argument in courts across the world."

An anonymous reader quotes a report from Ars Technica: Lawyers representing a Southern California limousine company that sued Uber last month over state unfair competition allegations have now filed a motion for partial summary judgement. If the filing is granted by the judge, the motion would substantially streamline the case and answer the vexing question: are Uber drivers employees or not? The proposed class-action lawsuit, known as Diva Limousine v. Uber, relies on a recently decided California Supreme Court decision that makes it more difficult for companies to unilaterally declare their workers as contractors, which effectively deprives them of benefits that they would otherwise receive as employees.

In the California Supreme Court case, known as Dynamex, that court came up with a three-part test, known as the ABC test, to figure out whether companies can assert contractor status or not: "(A) that the worker is free from the control and direction of the hiring entity in connection with the performance of the work, both under the contract for the performance of the work and in fact, (B) that the worker performs work that is outside the usual course of the hiring entity's business, and (C) that the worker is customarily engaged in an independently established trade, occupation, or business, the worker should be considered an employee and the hiring business an employer under the suffer or permit to work standard in wage orders." "The standard for summary judgement is that there is no triable issue of material facts. That seems to be the case here," says Professor Veena Dubal of the University of California, Hastings, which is just blocks from Uber's headquarters in San Francisco.

"Under Dynamex, workers are likely employees for purposes of minimum wage and overtime if they perform work that is within the usual course of the hiring entity's business. Uber drivers provide rides, and Uber is a transportation company that facilitates the provision of those rides. I have a hard time imagining how Uber can argue that there is a triable issue of fact here, although I am confident that they will argue that they are a software company. They have lost that argument in courts across the world."

After it was revealed that Vizio was tracking customers' viewing habits and sharing that data with advertisers, a class-action lawsuit was filed against the company. Now, Ars Technica is reporting that "lawyers representing Vizio TV owners have asked a federal judge in Orange County, California to sign off on [the settlement] with the company for $17 million, for an affected class of 16 million people, who must opt-in to get any money." The company "also agrees to delete all data that it collected." From the report: Notice of the lawsuit will be shown directly on the Vizio Smart TVs, three separate times, as well as through paper mailings. When it's all said and done, new court filings submitted on Thursday say each of those 16 million people will get a payout of somewhere between $13 and $31. By contrast, their lawyers will collectively earn a maximum payout of $5.6 million in fees.

Eventually, the company agreed to pay $2.2 million to settle a complaint brought by the Federal Trade Commission. However, this new settlement is related to an entirely separate lawsuit, one that was consolidated in federal court in southern California. This $17 million amount is more than Vizio made by licensing the data collected, according to a source with knowledge of the deal.

After it was revealed that Vizio was tracking customers' viewing habits and sharing that data with advertisers, a class-action lawsuit was filed against the company. Now, Ars Technica is reporting that "lawyers representing Vizio TV owners have asked a federal judge in Orange County, California to sign off on [the settlement] with the company for $17 million, for an affected class of 16 million people, who must opt-in to get any money." The company "also agrees to delete all data that it collected." From the report: Notice of the lawsuit will be shown directly on the Vizio Smart TVs, three separate times, as well as through paper mailings. When it's all said and done, new court filings submitted on Thursday say each of those 16 million people will get a payout of somewhere between $13 and $31. By contrast, their lawyers will collectively earn a maximum payout of $5.6 million in fees.

Eventually, the company agreed to pay $2.2 million to settle a complaint brought by the Federal Trade Commission. However, this new settlement is related to an entirely separate lawsuit, one that was consolidated in federal court in southern California. This $17 million amount is more than Vizio made by licensing the data collected, according to a source with knowledge of the deal.

An anonymous reader quotes a report from Ars Technica: A lone engineer has succeeded in doing what Uber's top lawyers and expert witnesses could not -- overturning most of a foundational patent covering arch-rival Waymo's lidar laser ranging devices. Following a surprise left-field complaint by Eric Swildens, the US Patent and Trademark Office (USPTO) has rejected all but three of 56 claims in Waymo's 936 patent, named for the last three digits of its serial number. The USPTO found that some claims replicated technology described in an earlier patent from lidar vendor Velodyne, while another claim was simply "impossible" and "magic." The 936 patent played a key role in last year's epic intellectual property lawsuit with Uber. In December 2016, a Waymo engineer was inadvertently copied on an email from one of its suppliers to Uber, showing a lidar circuit design that looked almost identical to one shown in the 936 patent.

The patent describes how a laser diode can be configured to emit pulses of laser light using a circuit that includes an inductor and a gallium nitride transistor. That chance discovery helped spark a lawsuit in which Waymo accused Uber of patent infringement and of using lidar secrets supposedly stolen by engineer Anthony Levandowski. In August 2017, Uber agreed to redesign its Fuji lidar not to infringe the 936 patent. Then, in February 2018, Waymo settled the remaining trade secret theft allegations in exchange for Uber equity worth around $245 million and a commitment from Uber not to copy its technology. "This includes an agreement to ensure that any Waymo confidential information is not being incorporated in Uber hardware and software," said a Waymo spokesperson at the time. That redesign now seems to have been unnecessary, says Swildens, the engineer who asked the USPTO to take a closer look at 936. "Waymo's claim that Uber infringed the 936 patent was spurious, as all the claims in the patent that existed at the time of the lawsuit have been found to be invalid," he said. Uber told Ars that despite the ruling, it would not be redesigning its lidars yet again. Swildensj, an employee at a small cloud computing startup, reportedly "spent $6,000 of his own money to launch a formal challenge to 936," reports Ars. "In March, an examiner noted that a re-drawn diagram of Waymo's lidar firing circuit showed current passing along a wire between the circuit and the ground in two directions -- something generally deemed impossible. 'Patent owner's expert testimony is not convincing to show that the path even goes to ground in view of the magic ground wire, which shows current moving in two directions along a single wire,' noted the examiners dryly."

"As I investigated the 936 patent, it became clear it was invalid due to prior art for multiple reasons," Swildens told Ars. "I only filed the reexamination because I was absolutely sure the patent was invalid."

An anonymous reader quotes a report from Ars Technica: A lone engineer has succeeded in doing what Uber's top lawyers and expert witnesses could not -- overturning most of a foundational patent covering arch-rival Waymo's lidar laser ranging devices. Following a surprise left-field complaint by Eric Swildens, the US Patent and Trademark Office (USPTO) has rejected all but three of 56 claims in Waymo's 936 patent, named for the last three digits of its serial number. The USPTO found that some claims replicated technology described in an earlier patent from lidar vendor Velodyne, while another claim was simply "impossible" and "magic." The 936 patent played a key role in last year's epic intellectual property lawsuit with Uber. In December 2016, a Waymo engineer was inadvertently copied on an email from one of its suppliers to Uber, showing a lidar circuit design that looked almost identical to one shown in the 936 patent.

The patent describes how a laser diode can be configured to emit pulses of laser light using a circuit that includes an inductor and a gallium nitride transistor. That chance discovery helped spark a lawsuit in which Waymo accused Uber of patent infringement and of using lidar secrets supposedly stolen by engineer Anthony Levandowski. In August 2017, Uber agreed to redesign its Fuji lidar not to infringe the 936 patent. Then, in February 2018, Waymo settled the remaining trade secret theft allegations in exchange for Uber equity worth around $245 million and a commitment from Uber not to copy its technology. "This includes an agreement to ensure that any Waymo confidential information is not being incorporated in Uber hardware and software," said a Waymo spokesperson at the time. That redesign now seems to have been unnecessary, says Swildens, the engineer who asked the USPTO to take a closer look at 936. "Waymo's claim that Uber infringed the 936 patent was spurious, as all the claims in the patent that existed at the time of the lawsuit have been found to be invalid," he said. Uber told Ars that despite the ruling, it would not be redesigning its lidars yet again. Swildensj, an employee at a small cloud computing startup, reportedly "spent $6,000 of his own money to launch a formal challenge to 936," reports Ars. "In March, an examiner noted that a re-drawn diagram of Waymo's lidar firing circuit showed current passing along a wire between the circuit and the ground in two directions -- something generally deemed impossible. 'Patent owner's expert testimony is not convincing to show that the path even goes to ground in view of the magic ground wire, which shows current moving in two directions along a single wire,' noted the examiners dryly."

"As I investigated the 936 patent, it became clear it was invalid due to prior art for multiple reasons," Swildens told Ars. "I only filed the reexamination because I was absolutely sure the patent was invalid."

Soon after it was reported that the Securities and Exchange Commission (SEC) sued Elon Musk for making false statements related to his abandoned efforts to take Tesla private, the SEC announced today that Elon Musk has agreed to settle the fraud charges. In a press release, the SEC says "Musk and Tesla have agreed to settle the charges against them without admitting or denying the SEC's allegations." The settlements, which are subject to court approval, require the following:

- Musk will step down as Tesla's Chairman and be replaced by an independent Chairman. Musk will be ineligible to be re-elected Chairman for three years;
- Tesla will appoint a total of two new independent directors to its board;
- Tesla will establish a new committee of independent directors and put in place additional controls and procedures to oversee Musk's communications;
- Musk and Tesla will each pay a separate $20 million penalty. The $40 million in penalties will be distributed to harmed investors under a court-approved process.

Slashdot reader Rei writes: In the wake of initially refusing a settlement offer over the wording, Elon Musk has now settled today with the SEC, concerning his tweets about taking Tesla private. As per the settlement agreement, there is 1) no admission of wrongdoing; 2) Musk and Tesla will each pay a $20 million fine; 3) Musk will remain as CEO of Tesla; 4) Musk will be prohibited from serving as chairman of Tesla for three years; and 5) Tesla must appoint two new members to its board of directors. An additional clause seems apropos: Musk must "comply with all mandatory procedures implemented by Tesla, Inc [...] regarding (i) the oversight of communications relating to the Company made in any format, including, but not limited to, posts on social media..."

Homeland Security's Inspector General has issued a report warning that its airport face scanning system is struggling with "technical and operational challenges." The report says that Customs and Border Protection "could only use the technology with 85 percent of passengers due to staff shortages, network problems and hastened boarding times during flight delays," reports Engadget. "The system did catch 1,300 people overstaying their allowed time in the U.S., but it might have caught more -- and there were problems 'consistently' matching people from specific age groups and countries." From the report: The watchdog also pointed out uncertainty about help from airlines, such as requiring them buy the cameras needed for taking passengers' photos. That represents a "significant point failure" for the face scanning system, the Inspector General said. As a result, the oversight body warned that Homeland Security might not make its target of having the face scanning system completely ready for use in the top 20 US airports by 2021.

A federal appeals court ruled on Tuesday that drivers "seeking to be classified as employees rather than independent contractors must arbitrate their claims individually, and not pursue class-action lawsuits," reports Reuters. Ars Technica explains the significance of this ruling: Employees are guaranteed to earn federal minimum wage and are entitled to overtime pay if they work more than 40 hours per week. Uber employees, in contrast, are paid by the ride and might earn much less than minimum wage if they drive at a slow time of day. California law also gives employees the right to be reimbursed for expenses they incur on the job, which would be significant for Uber drivers who otherwise are responsible for gas, maintenance, insurance, and other expenses of operating an Uber vehicle.

Hence, the question of whether Uber drivers are employees or independent contractors is a big and important one. It's also a question that isn't addressed at all in Tuesday's ruling, as the courts never get to the substance of the plaintiffs' arguments about employment law. Instead, a three-judge panel of the 9th Circuit court ruled that the drivers signed away their rights to sue in court when they signed up to be Uber drivers. Uber's agreement with drivers requires that this kind of dispute be handled by private arbitration rather than by a lawsuit in the public courts. The court cited a Supreme Court ruling handed down in May that held that federal labor law did not preempt arbitration agreements. [...] the decision means that each driver's case must be fought on an individual, case-by-case basis. Class-action lawsuits in the federal courts allow plaintiffs to effectively pool their resources. [...] But under arbitration, each driver's case will be considered individually. Most won't have the resources to afford top-tier legal representation, and drivers won't have the inherent leverage that comes from being able to bargain as a group.

An anonymous reader quotes a report from PBS NewsHour: Sen. Ron Wyden, an Oregon Democrat, said in a Wednesday letter to Senate leaders that his office discovered that "at least one major technology company" has warned an unspecified number of senators and aides that their personal email accounts were "targeted by foreign government hackers." Similar methods were employed by Russian military agents who leaked the contents of private email inboxes to influence the 2016 elections. Wyden did not specify the timing of the notifications, but a Senate staffer said they occurred "in the last few weeks or months." But the senator said the Office of the Sergeant at Arms, which oversees Senate security, informed legislators and staffers that it has no authority to help secure personal, rather than official, accounts. "This must change," Wyden wrote in the letter. "The November election grows ever closer, Russia continues its attacks on our democracy, and the Senate simply does not have the luxury of further delays."

An anonymous reader quotes a report from TechCrunch: Altaba, the holding company of what Verizon left behind after its acquisition of Yahoo, said it has settled three ongoing legal cases relating to Yahoo's previously disclosed data breaches. In a Monday filing with the Securities and Exchange Commission, the former web giant turned investment company said it has agreed to end litigation for $47 million, which the company said will "mark a significant milestone" in cleaning up its remaining liabilities. The deal is subject to court approval, which attorneys for both sides asked the court to approve the deal within 45 days, according to a filing submitted Friday. One of the data breaches occurred in mid-2013, where data on all of the company's three billion users was stolen. The other breach occurred a year later and resulted in 500 million accounts being stolen, including email addresses and passwords.

An anonymous reader quotes a report from Ars Technica: A Southern California limousine company sued Uber in federal court earlier this week, alleging violations of state unfair-competition laws. While a company suing Uber is not new, the proposed class-action lawsuit appears to rely on a recently decided California Supreme Court decision that makes it more difficult for companies to unilaterally declare their workers as contractors, which effectively deprives them of benefits that they would otherwise receive as employees.

In that case, known as Dynamex, the court came up with a three-part test to figure out whether companies can assert contractor status or not. The new case is called Diva Limousine v. Uber. Some legal experts say that the earlier decision in Dynamex may bolster an argument in this new case around unfair competition that has previously been difficult to win on in federal court. In short, Diva Limousine just might succeed where other federal lawsuits have failed.

An anonymous reader quotes a report from TechCrunch about the little fallout Equifax has faced for one of the worst data breaches in U.S. history: The credit rating giant, one of the largest in the world, was trusted with some of the most sensitive data used by banks and financiers to determine who can be lent money. But the company failed to patch a web server it knew was vulnerable for months, which let hackers crash the servers and steal data on 147 million consumers. Names, addresses, Social Security numbers and more -- and millions more driver license and credit card numbers were stolen in the breach. Millions of British and Canadian nationals were also affected, sparking a global response to the breach. Yet, a year on from following the devastating hack that left the company reeling from a breach of almost every American adult, the company has faced little to no action or repercussions.

"There was a failure of the company, but also of lawmakers," said Mark Warner, a Democratic senator, in a call with TechCrunch. Warner, who serves Virginia, was one of the first lawmakers to file new legislation after the breach. Alongside his Democratic colleague, Sen. Elizabeth Warren, the two senators said their bill, if passed, would hold credit agencies accountable for data breaches. "With Equifax, they knew for months before they reported, so at what point is that violating securities laws by not having that notice?," said Warner. "The message sent to the market is 'if you can endure some media blowback, you can get through this without serious long-term ramifications', and that's totally unacceptable," he said. Earlier this year, the company asked a federal judge to reject claims from dozens of banks and credit unions for costs taken to prevent fraud following the data breach. The claims, if accepted, could force Equifax to shell out tens of millions of dollars -- perhaps more. The hundreds of class action suits filed to date have yet to hit the courts, but historically even the largest class action cases have resulted in single dollar amounts for the individuals affected. And when the credit agent giant isn't fighting the courts, federal regulators have shown little interest in pursuit of legal action. Sen. Elizabeth Warren wrote a letter Thursday to the heads of the Federal Trade Commission (FTC) and Consumer Financial Protection Bureau (CFPB) complaining about their lack of action. "Companies like Equifax do not ask the American people before they collect their most sensitive information," said Warren. "This information can determine their ability to access credit, obtain a job, secure a home loan, purchase a car, and make dozens of other transactions that are critical to their personal financial security. The American people deserve an update on your investigations."

"[O]nly the Securities and Exchange Commission has brought charges -- not for the breach itself, but against three former staffers for allegedly insider trading," TechCrunch points out.

An anonymous reader quotes a report from Ars Technica: In the wake of a Senate committee hearing in which top officials from Facebook and Twitter testified, the Department of Justice issued a statement saying that it would be investigating social media firms. "We listened to today's Senate Select Committee on Intelligence hearing on Foreign Influence Operations' Use of Social Media Platforms closely," Devin O'Malley, a DOJ spokesman, said in a statement released to reporters on Wednesday morning. "The Attorney General has convened a meeting with a number of state attorneys general this month to discuss a growing concern that these companies may be hurting competition and intentionally stifling the free exchange of ideas on their platforms." The DOJ did not further explain by what criteria it would be examining these companies. d Google submitted a written testimony, while Facebook COO Sheryl Sandberg told the committee that the social media company is continuing to fight misinformation, fake news, and foreign interference. Similarly, Twitter CEO Jack Dorsey dismissed any allegations of his company's bias during the testimony.

An anonymous reader quotes a report from Ars Technica: In the wake of a Senate committee hearing in which top officials from Facebook and Twitter testified, the Department of Justice issued a statement saying that it would be investigating social media firms. "We listened to today's Senate Select Committee on Intelligence hearing on Foreign Influence Operations' Use of Social Media Platforms closely," Devin O'Malley, a DOJ spokesman, said in a statement released to reporters on Wednesday morning. "The Attorney General has convened a meeting with a number of state attorneys general this month to discuss a growing concern that these companies may be hurting competition and intentionally stifling the free exchange of ideas on their platforms." The DOJ did not further explain by what criteria it would be examining these companies. d Google submitted a written testimony, while Facebook COO Sheryl Sandberg told the committee that the social media company is continuing to fight misinformation, fake news, and foreign interference. Similarly, Twitter CEO Jack Dorsey dismissed any allegations of his company's bias during the testimony.

Last week, The Associated Press found that many Google services on Android devices and iPhones store your location data even if you've explicitly disabled the location sharing feature. As a result, Google has now been sued by a man in San Diego, who argues that Google is violating the California Invasion of Privacy Act and the state's constitutional right to privacy. Ars Technica reports: The lawsuit seeks class-action status, and it would include both an "Android Class" and "iPhone Class" for the potential millions of people in the United States with such phones who turned off their Location History and nonetheless had it recorded by Google. It will likely take months or longer for the judge to determine whether there is a sufficient class.

Also on August 17, attorneys from the Electronic Privacy Information Center wrote in a sternly worded three-page letter to the FTC that Google's practices are in clear violation of the 2011 settlement with the agency. In that settlement, Google agreed that it would not misrepresent anything related to "(1) the purposes for which it collects and uses covered information, and (2) the extent to which consumers may exercise control over the collection, use, or disclosure of covered information." Until the Associated Press story on August 13, Google's policy simply stated: "You can turn off Location History at any time. With Location History off, the places you go are no longer stored."

Last week, The Associated Press found that many Google services on Android devices and iPhones store your location data even if you've explicitly disabled the location sharing feature. As a result, Google has now been sued by a man in San Diego, who argues that Google is violating the California Invasion of Privacy Act and the state's constitutional right to privacy. Ars Technica reports: The lawsuit seeks class-action status, and it would include both an "Android Class" and "iPhone Class" for the potential millions of people in the United States with such phones who turned off their Location History and nonetheless had it recorded by Google. It will likely take months or longer for the judge to determine whether there is a sufficient class.

Also on August 17, attorneys from the Electronic Privacy Information Center wrote in a sternly worded three-page letter to the FTC that Google's practices are in clear violation of the 2011 settlement with the agency. In that settlement, Google agreed that it would not misrepresent anything related to "(1) the purposes for which it collects and uses covered information, and (2) the extent to which consumers may exercise control over the collection, use, or disclosure of covered information." Until the Associated Press story on August 13, Google's policy simply stated: "You can turn off Location History at any time. With Location History off, the places you go are no longer stored."

On Monday, Senator Mark Warner published 20 proposals on how to regulate big tech platforms. What's interesting is that none of the proposals call for breaking up the pseudo-monopolies. Instead, they aim to start a substantive debate by laying out different paths to address problems posed by the platforms. Gizmodo reports: What may be more important than the individual proposals themselves is that the document is at least trying to organize a holistic way of thinking about the issues now on the table. It breaks down the areas that need addressing into the promotion of disinformation, privacy and consumer protection, and ensuring competition in the marketplace. Just to highlight a few of the good issues on the table, the white paper blessedly brings the conversation back to privacy and data ownership -- something that seems to have been lost as the conversation has turned to content moderation. The easiest recommendation is to implement what it calls "GDPR-like" data protection legislation that would give Americans similar data rights as EU citizens gained in May. The jury is still out on the long-term consequences of those reforms, but they require greater transparency and consent for a company's terms of service, along with many more tools for keeping track of what information a company collects on you.

On the competition side of things, the proposal suggests a data-transparency bill that would give users a more granular idea of how their data is being used and how much its worth to an individual platform. One concern it addresses is that platforms expand how they monetize a person's data while the user is often unaware of how much they're actually giving up, value-wise, when they agree to hand over their data in exchange for a particular service. Another benefit would be that regulators would have a better idea of what they're evaluating in antitrust enforcement cases. The proposals relating to disinformation are a little more worrisome. A requirement that platforms "clearly and conspicuously label bots" wouldn't be so bad, but it's a daunting task and opens up the potential for false positives. Likewise, demanding networks identify a user's true identity is unrealistic, and the option of anonymity online should be protected. Axios was first to publish the list of 20 proposals compiled by Warner's staff. Is there a proposal that resonates with you? If not, how would you regulate the Big Tech platforms?

An anonymous reader quotes a report from Ars Technica: Twenty states announced Monday that they plan to ask a federal judge in Seattle to immediately issue a temporary restraining order against Defense Distributed, a Texas-based group that has already begun making 3D-printer gun files available on its DEFCAD website after a recent legal settlement with the US State Department. "After almost 18 months I was skeptical that there was anything else that this administration would do that would truly shock me, but they have," Washington Attorney General Bill Ferguson told reporters assembled in Olympia and by phone. "Frankly, it is terrifying... We think that it is important to put a stop to this right away and make it as difficult as humanly possible to access this information." The new lawsuit, which Ferguson explained will be filed "within hours," comes just one day after Defense Distributed voluntarily agreed to block IP addresses from Pennsylvania after that state's attorney general filed a similar motion in federal court there. "Pennsylvania is still suing and we are still responding," Defense Distributed's founder, Cody Wilson, told Ars. Preemptively on Sunday, Defense Distributed sued the attorney general of New Jersey and the city attorney of Los Angeles to stop those lawsuits, largely on First Amendment grounds.

In this new 20-state initiative, the Washington attorney general argued that the State Department settlement violated the Administrative Procedure Act and also infringed upon states' Tenth Amendment right to regulate firearms within their own states. Ferguson pointed out, for example, people convicted of domestic abuse are flagged when they attempt to legally buy a gun. Allowing anyone to download and manufacture their own gun circumvents that process, he said. But Wilson told Ars it may be too late, as the files went up last Friday evening -- days before he said he would resume publishing them on August 1.

Cyrus Farivar writes via Ars Technica: In a unanimous decision, an appellate court has resoundingly rejected the legal claim that sovereign immunity, as argued by a Native American tribe, can act as a shield for a patent review process. On July 20, the United States Court of Appeals for the Federal Circuit found in a 3-0 decision that the inter partes review (IPR) process (a process that allows anyone to challenge a patent's validity at the United States Patent and Trademark Office) is closer to an "agency enforcement action" -- like a complaint brought by the FTC or the FCC -- than a regular lawsuit.

This case really began in September 2015. That was when Allergan, a pharma company, sued rival Mylan, claiming that Mylan's generics infringed on Allergan's dry eye treatment known as Restasis. Saint Regis Mohawk Tribe was initially filed in the Eastern District of Texas, known as a judicial region that is particularly friendly to entities that are often dubbed patent trolls. By 2016, Mylan initiated the IPR. But Allergan, in an attempt to stave it off, struck a strange deal, transferring ownership of the six Restasis-related patents to the Saint Regis Mohawk Tribe, based in Upstate New York, near the Canadian border. As part of that deal, Allergan paid $13.75 million to the tribe, with a promise of $15 million in annual payments -- if the patents were upheld, that is. The Mohawk Tribe attempted to end the IPR, citing sovereign immunity, which was denied. The tribe struck at least one other similar deal with a firm known as SRC Labs, which sued Amazon and Microsoft.

An anonymous reader quotes a report from Ars Technica: A total of 24 people who pleaded guilty to their involvement in a massive years-long phone scam often involving fake Internal Revenue Service and United States Citizenship and Immigration Services officials have now been given prison sentences from four to 20 years. The indictment was originally filed in October 2016 against 61 people and includes charges of conspiracy to commit identity theft, impersonation of an officer of the United States, wire fraud, and money laundering. If victims didn't pay up, callers threatened arrest, deportation, or heavier fines. There were also related scams involving fake payday loans and bogus U.S. government grants, according to the criminal complaint. The lead defendant was Miteshkumar Patel, who was given 20 years.

An anonymous reader quotes a report from Ars Technica: Nintendo's attitude toward ROM releases -- either original games' files or fan-made edits -- has often erred on the side of litigiousness. But in most cases, the game producer has settled on cease-and-desist orders or DMCA claims to protect its IP. This week saw the company grow bolder with its legal action, as Nintendo of America filed a lawsuit (PDF) on Thursday seeking millions in damages over classic games' files being served via websites. The Arizona suit, as reported by TorrentFreak, alleges "brazen and mass-scale infringement of Nintendo's intellectual property rights" by the sites LoveROMs and LoveRetro. These sites combine ROM downloads and in-browser emulators to deliver one-stop gaming access, and the lawsuit includes screenshots and interface explanations to demonstrate exactly how the sites' users can gain access to "thousands of [Nintendo] video games, related copyrighted works, and images." The biggest amount of money Nintendo is seeking comes from "$150,000 for the infringement of each Nintendo copyrighted work and up to $2,000,000 for the infringement of each Nintendo trademark." The company has also requested full disclosure of the operators' "receipts and disbursements, profit and loss statements, advertising revenue, donations and cryptocurrency revenue, and other financial materials."

LoveROMs has since removed all Nintendo-affiliated links, including ROMs and emulators, and the site announced on its social media channels that "all Nintendo titles have been removed from our site." Meanwhile, LoveRetro.co now redirects visitors to a page that reads: "Loveretro has effectively been shut down until further notice."

schwit1 shares a report from Yahoo News: Megaupload founder Kim Dotcom suffered a major setback in his epic legal battle against online piracy charges Thursday when New Zealand's Court of Appeal ruled he was eligible for extradition to the United States. The German national, who is accused of netting millions from his file sharing Megaupload empire faces charges of racketeering, fraud and money laundering in the U.S., carrying jail terms of up to 20 years. Dotcom had asked the court to overturn two previous rulings that the Internet mogul and his three co-accused be sent to America to face charges. Instead, a panel of three judges backed the FBI-led case, which began with a raid on Dotcom's Auckland mansion in January 2012 and has dragged on for more than six years. His lawyer tweeted he would appeal to the NZ Supreme Court.

An anonymous reader quotes a report from Ars Technica: It's been a few weeks now since a Bay Area startup put a digital license plate on my car. So far, nobody seems to have noticed. I haven't yet been pulled aside by police or civilians asking what it is. At first glance, this electronic device looks exactly like a traditional, stamped metal license plate. The new digital plate has the same scripted CALIFORNIA icon up top and uses the exact same size and font to show the numbers and letters. But in actuality, what I have is an "Rplate," a $700 plate-sized Kindle-like screen on the back of my car -- high-contrast grayscale e-ink and all. The device also contains an RFID and GPS chip that allow me to see where my car is at any given moment, to voluntarily track my trips, and to even optionally display DMV-approved customized messages in a small font below the plate number itself.

Were I an actual paying customer, I'd be paying $7 per month in a service fee, too, mostly to offset the data connection to Verizon. The one-time $700 price tag alone is a bit high for me. To be clear, I have a loaner model, and by the time this story comes out, I'll soon be sending the plate back to the company, Reviver. The model I've been using is one of the first 1,000 such plates that are legally out on California roads right now. Still, after my experience of a few weeks, there's no clear and compelling case to be made as to why most of us non-rich individuals need this fancy plate. Also, there are still unanswered questions about its security and what it means to voluntarily hand over so much personal location data to a single company.

An anonymous reader quotes a report from Ars Technica: On Wednesday, Tesla sued a former employee who worked in its Gigafactory in Nevada, accusing him of stealing trade secrets. The lawsuit appears to be what CEO Elon Musk was referring to recently when he said that production of the Model 3 had been sabotaged. Musk said that there are "more" alleged saboteurs.

According to the civil complaint that was filed in federal court in Nevada, Tesla accused Martin Tripp, who began working in Sparks as a "process technician" in October 2017, of exporting company data: "Tesla has only begun to understand the full scope of Tripp's illegal activity, but he has thus far admitted to writing software that hacked Tesla's manufacturing operating system ("MOS") and to transferring several gigabytes of Tesla data to outside entities. This includes dozens of confidential photographs and a video of Tesla's manufacturing systems."

According to documents filed Monday, T-Mobile and Sprint have formally asked the FCC to approve their proposed merger. Axios reports: In their filing, the companies said that the deal would "generate substantial public interest benefits for the customers of T-Mobile and Sprint and for U.S. wireless customers as a whole, and do not give rise to any competitive harms." "The merger unlocks the door to new broadband choices and capabilities for consumers across the country while accelerating the arrival of transformative 5G services that will produce innovation, jobs, and economic growth for our country," the companies said. Basically, the two companies have to prove to the FCC that the deal benefits consumers, and avoid antitrust concerns currently being investigated by the Department of Justice.

A proposed class-action lawsuit alleging Facebook's ad placement tools facilitate discrimination against older job-seekers has been expanded to identify additional companies. "When Facebook's own algorithm disproportionately directs ads to younger workers at the exclusion of older workers, Facebook and the advertisers who are using Facebook as an agent to send their advertisements are engaging in disparate treatment," a communications union alleged in the amended complaint, citing a legal test for employment discrimination, filed Tuesday in San Francisco federal court. The union added claims under California's fair employment and unfair competition statutes to the lawsuit, which was initially filed in December. Chicago Tribune reports: The Communications Workers of America is suing on behalf of union members and other job seekers who allegedly missed out on employment opportunities because companies used Facebook's ad tools to target people of other ages. The original filing named defendants are Amazon.com Inc., Cox Media Group, Cox Communications Inc. and T-Mobile, as well as what the union estimates to be hundreds of employers and employment agencies who used Facebook's tools to filter out older job hunters when seeking to fill positions. The amended filing adds Ikea, Enterprise Rent-A-Car and the University of Maryland Medical System to its list of companies who allegedly used Facebook's tools to filter by age. Those three entities, as well as Facebook, aren't named defendants in the lawsuit.

The union alleged in its amended lawsuit that Facebook also uses age-filtering in ads intended to find its own new employees. In January, the union filed an Equal Employment Opportunity Commission complaint about the alleged practice, according to a copy obtained by Bloomberg News. The CWA says it has filed similar claims against dozens of companies, and that the agency has asked those employers, and Facebook, to respond to the allegations. An EEOC spokeswoman declined to confirm or deny the existence of any complaints.

The investigative news "I-Team" of a local TV station in Washington D.C. drove around with "a leading mobile security expert" -- and discovered dozens of StingRay devices mimicking cellphone towers to track phone and intercept calls in Maryland, Northern Virginia, and Washington, D.C. An anonymous reader quotes their report: The I-Team found them in high-profile areas like outside the Trump International Hotel on Pennsylvania Avenue and while driving across the 14th Street bridge into Crystal City... The I-Team's test phones detected 40 potential locations where the spy devices could be operating, while driving around for just a few hours. "I suppose if you spent more time you'd find even more," said D.C. Councilwoman Mary Cheh. "I have bad news for the public: Our privacy isn't what it once was..."

The good news is about half the devices the I-Team found were likely law enforcement investigating crimes or our government using the devices defensively to identify certain cellphone numbers as they approach important locations, said Aaron Turner, a leading mobile security expert... The I-Team got picked up [by StingRay devices] twice off of International Drive, right near the Chinese and Israeli embassies, then got another two hits along Massachusetts Avenue near Romania and Turkey... The phones appeared to remain connected to a fake tower the longest, right near the Russian Embassy.
StringRay devices are also being used in at least 25 states by police departments, according to the ACLU. The devices were authorized by the FCC back in 2011 for "federal, state, local public safety and law enforcement officials only" (and requiring coordination with the FBI).

But back in April the Associated Press reported that "For the first time, the U.S. government has publicly acknowledged the existence in Washington of what appear to be rogue devices that foreign spies and criminals could be using to track individual cellphones and intercept calls and messages... More sophisticated versions can eavesdrop on calls by forcing phones to step down to older, unencrypted 2G wireless technology. Some attempt to plant malware."

"I asked Apple to give me all the data it's collected on me since I first became a customer in 2010," writes the security editor for ZDNet, "with the purchase of my first iPhone." That was nearly a decade ago. As most tech companies have grown in size, they began collecting more and more data on users and customers -- even on non-users and non-customers... Apple took a little over a week to send me all the data it's collected on me, amounting to almost two dozen Excel spreadsheets at just 5MB in total -- roughly the equivalent of a high-quality photo snapped on my iPhone. Facebook, Google, and Twitter all took a few minutes to an hour to send me all the data they store on me -- ranging from a few hundred megabytes to a couple of gigabytes in size...

The zip file contained mostly Excel spreadsheets, packed with information that Apple stores about me. None of the files contained content information -- like text messages and photos -- but they do contain metadata, like when and who I messaged or called on FaceTime. Apple says that any data information it collects on you is yours to have if you want it, but as of yet, it doesn't turn over your content which is largely stored on your slew of Apple devices. That's set to change later this year... And, of the data it collects to power Siri, Maps, and News, it does so anonymously -- Apple can't attribute that data to the device owner... One spreadsheet -- handily -- contained explanations for all the data fields, which we've uploaded here...

[T]here's really not much to it. As insightful as it was, Apple's treasure trove of my personal data is a drop in the ocean to what social networks or search giants have on me, because Apple is primarily a hardware maker and not ad-driven, like Facebook and Google, which use your data to pitch you ads.
CNET explains how to request your own data from Apple.

Reader schwit1 writes: The alleged owners of Mugshots.com have been charged and arrested. These four men Sahar Sarid, Kishore Vidya Bhavnanie, Thomas Keesee, and David Usdan only removed a person's mugshot from the site if this individual paid a "de-publishing" fee, according to the California Attorney General on Wednesday. That's apparently considered extortion. On top of that, they also face charges of money laundering, and identity theft.

If you read a lot of articles about crime, then you're probably already familiar with the site (which is still up as of Friday afternoon). They take mugshots, slap the url multiple times on the image, and post it on the site alongside an excerpt from a news outlet that covered the person's arrest. According to the AG's office, the owners would only remove the mugshots if the person paid a fee, even if the charges were dismissed. This happened even if the suspect was only arrested because of "mistaken identity or law enforcement error." You can read the affidavit here.

First Google banned ads from payday lenders in 2016, now it will no longer allow ads from bail-bond companies. Ars Technica reports: In a blog post, the company suggested that such ads constitute a "deceptive or harmful product," citing a 2016 study concluding that minority and low-income communities are typically most affected by such services. "For-profit bail-bond providers make most of their revenue from communities of color and low-income neighborhoods when they are at their most vulnerable, including through opaque financing offers that can keep people in debt for months or years," Google wrote. Also in 2016, another study found that "there are 646,000 people locked up in more than 3,000 local jails throughout the U.S.," simply for their inability to pay a bond, which is what drives many people to the services of a bondsman. The change will take effect in July 2018.

An anonymous reader quotes a report from Motherboard: A new update rolling out for Gmail offers a "self destruct" feature that allows users to send messages that expire after a set amount of time. While this may sound great for personal use, activists fear that government organizations will use the feature to delete public records to hide them from reporters and others interested in government transparency. Normally, government emails are available to journalists, researchers, and citizens using Freedom of Information Act requests (and its state-level analogues.) The self destruct feature was announced on April 25 as part of Google's new confidential mode for G Suite. In addition to self destruct, confidential mode allows users to delete messages after they have been sent and places restrictions on how recipients can interact with received emails. "As more local and state governments and their various agencies seek to use Gmail, there is the potential that state public records laws will be circumvented by emails that 'disappear' after a period of time," the National Freedom of Information Coalition wrote in a letter to Google CEO Sundar Pichai. "The public's fundamental right to transparency and openness by their governments will be compromised. We urge you take steps to assure the 'self-destruct' feature be disabled on government Gmail accounts and on emails directed to a government entity."