Privacy

DC Court Rules Tracking Phones Without a Warrant Is Unconstitutional (cbsnews.com) 26

An anonymous reader writes: Law enforcement use of one tracking tool, the cell-site simulator, to track a suspect's phone without a warrant violates the Constitution, the D.C. Court of Appeals said Thursday in a landmark ruling for privacy and Fourth Amendment rights as they pertain to policing tactics. The ruling could have broad implications for law enforcement's use of cell-site simulators, which local police and federal agencies can use to mimic a cell phone tower to the phone connect to the device instead of its regular network. In a decision that reversed the decision of the Superior Court of the District of Columbia and overturned the conviction of a robbery and sexual assault suspect, the D.C. Court of Appeals determined the use of the cell-site simulator "to locate a person through his or her cellphone invades the person's actual, legitimate and reasonable expectation of privacy in his or her location information and is a search."
Businesses

Judge Kills FTC Lawsuit Against D-Link for Flimsy Security (dslreports.com) 88

Earlier this year, the Federal Trade Commission filed a complaint against network equipment vendor D-Link saying inadequate security in the company's wireless routers and internet cameras left consumers open to hackers and privacy violations. The FTC, in a complaint filed in the Northern District of California charged that "D-Link failed to take reasonable steps to secure its routers and Internet Protocol (IP) cameras, potentially compromising sensitive consumer information, including live video and audio feeds from D-Link IP cameras." For its part, D-Link Systems said it "is aware of the complaint filed by the FTC." Fast forward nine months, a judge has dismissed the FTC's case, claiming that the FTC failed to provide enough specific examples of harm done to consumers, or specific instances when the routers in question were breached. From a report: "The FTC does not identify a single incident where a consumer's financial, medical or other sensitive personal information has been accessed, exposed or misused in any way, or whose IP camera has been compromised by unauthorized parties, or who has suffered any harm or even simple annoyance and inconvenience from the alleged security flaws in the [D-Link] devices," wrote the Judge. "The absence of any concrete facts makes it just as possible that [D-Link]'s devices are not likely to substantially harm consumers, and the FTC cannot rely on wholly conclusory allegations about potential injury to tilt the balance in its favor."
Businesses

Waymo Wants Uber to Pay $2.6 Billion Over Alleged Trade Secret Theft (reuters.com) 25

Alphabet's Waymo unit is seeking about $2.6 billion from Uber for the alleged theft of one of several trade secrets in a lawsuit over self-driving cars, a lawyer for Uber said on Wednesday. From a report: Uber attorney Bill Carmody disclosed the figure in a hearing in federal court in San Francisco, where both companies are discussing whether a trial in the case will begin next month. Waymo has asserted claims that Uber stole several of its trade secrets. The total amount of Waymo's damages request was not publicly disclosed at the hearing on Wednesday. Waymo claimed in a lawsuit earlier this year that former engineer Anthony Levandowski downloaded more than 14,000 confidential files before leaving to set up a self-driving truck company, which Uber acquired soon after.
Businesses

CEO Catches Stranger After Hours, Prompting Espionage Charges (wsj.com) 228

An anonymous reader shares a report: Samuel Straface thought he was the last one out the door one recent evening at the medical-technology startup he leads in suburban Boston. But as he passed a glass-walled conference room on the second floor, Dr. Straface says he saw a man he didn't recognize, sitting by himself in front of two open laptops and a tablet device. He continued walking a few steps toward the exit, but then, feeling uneasy, he turned back (Editor's note: the submitted link could be paywalled; alternative source). The man was later identified as Dong Liu, a dual citizen of China and Canada. And his after-hours computing at Medrobotics is at the center of an economic-espionage case brought by U.S. prosecutors. Mr. Liu is in federal custody, charged with attempting to steal trade secrets and trying to gain unauthorized access to the company's computer system, prosecutors said. If convicted of both charges, he could face a maximum sentence of 15 years in prison. "Mr. Liu adamantly asserts his innocence and we fully expect he'll be exonerated after a careful review of the evidence," said Robert Goldstein, Mr. Liu's defense attorney. The U.S. attorney's office for the District of Massachusetts declined to comment on the case beyond details in court records. Before his arrest, police said Mr. Liu told them he was there to discuss doing business with the company -- but Dr. Straface says no one had scheduled a meeting with Mr. Liu.
Twitter

Twitter Suspends 300,000 Accounts Tied To Terrorism In 2017 (bloomberg.com) 69

According to a new transparency report, Twitter said it suspended nearly 300,000 accounts globally linked to terrorism in the first half of the year. The company is improving automation tools used to help block accounts that promote terrorism and violence. Bloomberg reports: Of [the nearly 300,000 accounts that were suspended], roughly 95 percent were identified by the company's spam-fighting automation tools. Meanwhile, the social network said government data requests continued to increase, and that it provided authorities with data on roughly 3,900 accounts from January to June. Twitter said about 75 percent of the blocked accounts this year were spotted before a single tweet was sent, and that 935,897 accounts had been suspended since August 2015, with two-thirds of those coming in the past year. American authorities made 2,111 requests from Twitter from January to June, the most of the 83 countries tracked by the company. Twitter supplied information on users in 77 percent of the inquiries. Japan made 1,384 requests and the U.K. issued 606 requests. Turkish authorities continued a trend of aggressively policing Twitter, making 554 requests for account data and issuing court orders to remove 715 pieces of content. Other governments made only 38 total content-removal requests.
Google

Jeweler Forged Judge's Signature To Force Google To Kill Negative Reviews (thedailybeast.com) 52

A sapphire salesman is facing jail time for forging a judge's signature in a case involving Google. Kelly Weill from The Daily Beast reports: Michael Arnstein is the third-generation owner of the Natural Sapphire Company, a Manhattan-based jewelry business. After a falling-out with a former business partner, Arnstein's company amassed dozens of negative reviews, which featured prominently in the Natural Sapphire Company's Google search results. Arnstein sued the former business partner in 2011, accusing him of writing defamatory negative reviews, and a judge ordered the partner to delete 54 of the negative comments. But some negative reviews remained, even after the court order. So Arnstein copied the judge's signature and forged new court orders of his own, demanding that Google scrub negative reviews from his company's search results, Arnstein admitted in a guilty plea on Friday.
Music

Apple's 'Shoddy' Beats Headphones Get Slammed In Lawsuit (theregister.co.uk) 188

A lawsuit (PDF) filed Tuesday in U.S. District Court in Oakland, California, recounts the frustrations of five plaintiffs who found that Apple's Powerbeats 2 and Powerbeats 3 headphones did not perform as advertised. They are also claiming the company is refusing to honor warranty commitments to repair or replace the failed units. The Register reports: The complaint seeks $5,000,000 in damages and class action certification, in order to represent thousands of similarly afflicted Beats customers who are alleged to exist. "In widespread advertising and marketing campaigns, Apple touts that its costly Powerbeats (which retail for $199.95) are 'BUILT TO ENDURE' and are the 'BEST HEADPHONES FOR WORKING OUT,'" the complaint says. "But these costly headphones are neither 'built to endure' nor 'sweat & water resistant,' and certainly do not have a battery that lasts for six or twelve hours. Instead, these shoddy headphones contain a design defect that causes the battery life to diminish and eventually stop retaining a charge."

The complaint attributes the shoddiness of Apple's Powerbeats headphones to cheap components. Citing an estimate in a recent Motley Fool article, the complaint contends that Apple's Beats Solo headphones cost $16.89 to make and retail for $199.95: a markup of more than 1,000 per cent. That figure actually comes from a Medium post by Avery Louie, from hardware prototyping biz Bolt.

Privacy

Trump Administration Sued Over Phone Searches at US Borders (reuters.com) 138

The Trump administration has engaged in an unconstitutional practice of searching without a warrant the phones and laptops of Americans who are stopped at the border, a lawsuit filed on Wednesday alleged. From a report: Ten U.S. citizens and one lawful permanent resident sued the Department of Homeland Security in federal court, saying the searches and prolonged confiscation of their electronic devices violate privacy and free speech protections of the U.S. Constitution. DHS could not be immediately reached for comment. The lawsuit comes as the number of searches of electronic devices has surged in recent years, alarming civil rights advocates.
Businesses

The iPhone Is Guaranteed To Last Only One Year, Apple Argues In Court (vice.com) 435

Reader Jason Koebler writes: Last month, Greg Joswiak, Apple's VP of iOS, iPad, and iPhone Marketing, told Buzzfeed that iPhones are "the highest quality and most durable devices. We do this because it's better for the customer, for the iPhone, and for the planet."
But in a class-action court case over the widespread premature failure of tens of thousands of iPhone 6 and iPhone 6 Plus devices, Apple argues that the company cannot guarantee any iPhone for more than a year. In a motion to dismiss, Apple argued that "to hold Apple's Limited Warranty substantively unconscionable simply because Plaintiffs expect their iPhones to last the length of their cellular service contracts 'would place a burden on [Apple] for which it did not contract.'"

The Almighty Buck

Chatbot Lets You Sue Equifax For Up To $25,000 Without a Lawyer (theverge.com) 111

Shannon Liao reports via The Verge: If you're one of the millions affected by the Equifax breach, a chatbot can now help you sue Equifax in small claims court, potentially letting you avoid hiring a lawyer for advice. Even if you want to be part of the class action lawsuit against Equifax, you can still sue Equifax for negligence in small claims court using the DoNotPay bot and demand maximum damages. Maximum damages range between $2,500 in states like Rhode Island and Kentucky to $25,000 in Tennessee. The bot, which launched in all 50 states in July, is mainly known for helping with parking tickets. But with this new update, its creator, Joshua Browder, who was one of the 143 million affected by the breach, is tackling a much bigger target, with larger aspirations to match. He says, "I hope that my product will replace lawyers, and, with enough success, bankrupt Equifax."

Not that the bot helps you do anything you can't already do yourself, which is filling out a bunch of forms -- you still have to serve them yourself. Unfortunately, the chatbot can't show up in court a few weeks later to argue your case for you either. To add to the headache, small claims court rules differ from state to state. For instance, in California, a person needs to demand payment from Equifax or explain why they haven't demanded payment before filing the form.

Google

Google Challenges Record EU Antitrust Fine in Court (reuters.com) 52

Google appealed on Monday against a record 2.4-billion-euro ($2.9 billion) EU antitrust fine, with its chances of success boosted by Intel's partial victory last week against another EU sanction. From a report: The world's most popular Internet search engine, a unit of the U.S. firm Alphabet, launched its appeal two months after it was fined by the European Commission for abusing its dominance in Europe by giving prominent placement in searches to its comparison shopping service and demoting rival offerings.
The Courts

Should British Hacker Lauri Love Be Tried In America? (theguardian.com) 254

A 31-year-old autistic man in the U.K. is suspected of hacking U.S. government computer systems in 2013 -- and he has one final chance to appeal his extradition. An anonymous reader quotes the Guardian Even if Love is guilty, however, there are important legal and moral questions about whether he should be extradited to the US -- a nation that has prosecuted hackers with unrivalled severity, and one where Love could be sentenced to spend the rest of his life in prison... His remaining hope for mercy is a final appeal against extradition in the high court in November. Love's hope is for a full and fair trial in Britain.

Even if he is found guilty in a British court of the most serious crimes in the US government's indictment, his legal team estimate that he faces just a few months in prison. Failure means Love will be flown to a holding facility in New York, placed on suicide watch and probably forced to take antidepressants, prior to a trial. If he refuses to accept a plea deal and is convicted, he will face $9m (£6.8m) in fines and, experts estimate, a prison term of up to 99 years, a punishment illustrative of the US's aggressive sentencing against hackers under the controversial Computer Fraud and Abuse Act.

Naomi Colvin, from the human rights group the Courage Foundation, tells the Guardian that "Lauri's case is critically important in determining the reach of America's unusually harsh punitive sanctions for computer crimes."
The Courts

The Teen Malware Career Of Marcus Hutchins (itwire.com) 48

Slashdot reader troublemaker_23 writes, "A number of security researchers have dismissed an article by reporter Brian Krebs about Marcus Hutchins, the Briton who is awaiting trial in the US on charges of writing and distributing the Kronos banking malware, by pointing out that it has nothing to do with the case." An anonymous reader writes: Krebs investigated dozens of hacker forum pseudonyms, concluding "The clues suggest that Hutchins began developing and selling malware in his mid-teens -- only to later develop a change of heart and earnestly endeavor to leave that part of his life squarely in the rearview mirror." Krebs believes 15-year-old Hutchins registered a domain he'd later advertise as "mainly for blackhats wanting to phish," and in 2010 may have filmed YouTube videos about password-stealing malware. Krebs says the early activities are "fairly small-time -- and hardly rise to the level of coding from scratch a complex banking trojan and selling it to cybercriminals," though he believes Hutchins moved on to advertising exploit kits, password-stealers, and bot rentals.

Krebs also talked to 27-year-old Brendan Johnston, a friend of Hutchins who did time in prison in 2014 for selling Trojans, who "said his old friend sincerely tried to turn things around in late 2012... 'I feel like I know Marcus better than most people do online, and when I heard about the accusations I was completely shocked,. He tried for such a long time to steer me down a straight and narrow path that seeing this tied to him didn't make sense to me at all." Krebs stresses that Hutchins didn't try to hide the fact that he'd written malware, "which in the United States at least is a form of protected speech." And his essay concludes, "Let me be clear: I have no information to support the claim that Hutchins authored or sold the Kronos banking trojan."

Symantec's former cybersecurity czar Tarah Wheeler has now set up a new legal fund after it was discovered that most of the online donations to Hutchins' previous defense fund came from stolen or fake credit card numbers. Hutchins returns to court in October, and the new fund has already received more than $16,000 in donations from more than 200 contributors.
Earth

UN Aviation Agency To Call For Global Drone Registry (reuters.com) 47

An anonymous reader quotes a report from Reuters: The United Nations' aviation agency is backing the creation of a single global drone registry, as part of broader efforts to come up with common rules for flying and tracking unmanned aircraft. While the International Civil Aviation Organization cannot impose regulations on countries, ICAO has proposed formation of the registry during a Montreal symposium this month to make data accessible in real time, said Stephen Creamer, director of ICAO's air navigation bureau. The single registry would eschew multiple databases in favor of a one-stop-shop that would allow law enforcement to remotely identify and track unmanned aircraft, along with their operator and owner. It's not yet clear who would operate such a database, although ICAO could possibly fill that role. The proposal, however, could face push back from users, after hobbyists successfully challenged the creation of a U.S. drone registry by the Federal Aviation Administration in court earlier this year.
EU

Intel's $1.3 Billion Fine In Europe Requires Review, Court Says (nytimes.com) 72

cdreimer writes: According to a report in The New York Times (Warning: source may be paywalled; alternative source), the Court of Justice in the European Union has ordered the lower courts to revisit the $1.3 billion anti-trust fine levied against Intel in 2009, giving hope to Google and other American technology firms to avoid being fined for being dominant in the EU markets. From the report: "The highest court in the European Union ordered on Wednesday that a $1.3 billion antitrust fine doled out against Intel nearly a decade ago be revisited, a ruling that could give hope to Google and other American technology giants facing challenges to their dominance in the region. The decision to send the case back to a lower court for re-examination is a blow to regional competition regulators, whose oversight of digital services has been among the world's most aggressive. It could also embolden American technology companies, which have long complained that antitrust officials in Europe target them unfairly, to challenge rulings and investigations against them. The move by the Court of Justice of the European Union raises the prospect that the 1.06 billion euro fine on Intel in 2009, equivalent to $1.26 billion at current exchange rates, could be reduced or scrapped entirely. The penalty -- at the time the largest of its kind -- was upheld by European courts in 2014 and will most likely be the subject of legal battles for years to come. That record fine was overtaken by a 2.4 billion euro penalty against Google in June. The Silicon Valley giant was accused of using its dominant position in online search to give preferential treatment to its internet shopping service over those of its rivals."
Piracy

Sci-Hub Faces $4.8 Million Piracy Damages and ISP Blocking (torrentfreak.com) 142

The American Chemical Society (ACS), a leading source of academic publications in the field of chemistry, accused Sci-Hub of mass copyright infringement and is demanding $4.8 million in piracy damages. "Sci-Hub was made aware of the legal proceedings but did not appear in court," reports Torrent Freak. "As a result, a default was entered against the site, and a few days ago ACS specified its demands, which include $4.8 million in piracy damages." The complaint comes soon after the pirate site was ordered to pay $15 million in piracy damages to academic publisher Elsevier. From the report: "Here, ACS seeks a judgment against Sci-Hub in the amount of $4,800,000 -- which is based on infringement of a representative sample of publications containing the ACS Copyrighted Works multiplied by the maximum statutory damages of $150,000 for each publication," they write. "Sci-Hub's unabashed flouting of U.S. Copyright laws merits a strong deterrent. This Court has awarded a copyright holder maximum statutory damages where the defendant's actions were "clearly willful' and maximum damages were necessary to 'deter similar actors in the future.'" The publisher notes that the maximum statutory damages are only requested for 32 of its 9,000 registered works. This still adds up to a significant sum of money, of course, but that is needed as a deterrent, ACS claims.

Although the deterrent effect may sound plausible in most cases, another $4.8 million in debt is unlikely to worry Sci-Hub's owner, as she can't pay it off anyway. However, there's also a broad injunction on the table that may be more of a concern. The requested injunction prohibits Sci-Hub's owner to continue her work on the site. In addition, it also bars a wide range of other service providers from assisting others to access it. Specifically, it restrains "any Internet search engines, web hosting and Internet service providers, domain name registrars, and domain name registries, to cease facilitating access to any or all domain names and websites through which Defendant Sci-Hub engages in unlawful access to [ACS's works]."

China

Chinese Man Jailed For Helping Net Users Evade State Blocks (bbc.com) 47

An anonymous reader shares a report: A Chinese man has been given a nine-month jail sentence for helping people evade government controls on where they can go online. Deng Jiewei, from Guangdong, was charged with illegally selling programs known as virtual private networks (VPNs), according to court papers. VPNs are illegal in China because they let people avoid government monitoring of what they are doing. The sentence is part of a larger crackdown on the use of VPNs in China. Deng started selling VPNs in late 2015 and was arrested in August 2016 for selling software which lets users "visit foreign websites that could not be accessed by a mainland IP address," reported the South China Morning Post. The Chinese government operates a massive monitoring system, known as the "great firewall," that watches what people do and say online. It also blocks access to sites, such as Facebook and YouTube, that are popular outside the country.
Communications

European Court Rules Companies Must Tell Employees of Email Checks (reuters.com) 103

Companies must tell employees in advance if their work email accounts are being monitored and such checks must not unduly infringe workers' privacy, the European Court of Human Rights ruled on Tuesday. From a report: In a judgment in the case of a man fired 10 years ago for using a work messaging account to communicate with his family, the judges found that Romanian courts failed to protect Bogdan Barbulescu's private correspondence because his employer had not given him prior notice it was monitoring his communications. Email privacy has become a hotly contested issue as more people use work addresses for personal correspondence even as employers demand the right to monitor email and computer usage to ensure staff use work email appropriately. Courts in general have sided with employers on this issue.
Privacy

US Cops Can't Keep License Plate Data Scans Secret Without Reason, Court Rules (theregister.co.uk) 60

An anonymous reader quotes a report from The Register: Police departments cannot categorically deny access to data collected through automated license plate readers, California's Supreme Court said on Thursday -- a ruling that may help privacy advocates monitor government data practices. The ACLU Foundation of Southern California and the Electronic Frontier Foundation sought to obtain some of this data in 2012 from the Los Angeles Police Department and Sheriff's Department, but the agencies refused, on the basis that investigatory data is exempt from disclosure laws. So the following year, the two advocacy groups sued, hoping to understand more about how this data hoard is handled. The LAPD, according to court documents, collects data from 1.2 million vehicles per week and retains that data for five years. The LASD captures data from 1.7 to 1.8 million vehicles per week, which it retains for two years. The ACLU contends [PDF] that indiscriminate license plate data harvesting presents a risk to civil liberties and privacy. It argues that constant monitoring has the potential to chill rights of free speech and association and that databases of license plate numbers invite institutional abuse, not to mention security risks.
Network

Comcast Sues Vermont To Avoid Building 550 Miles of New Cable Lines (arstechnica.com) 201

An anonymous reader quotes a report from Ars Technica: Comcast has sued the state of Vermont to try to avoid a requirement to build 550 miles of new cable lines. Comcast's lawsuit against the Vermont Public Utility Commission (VPUC) was filed Monday in U.S. District Court in Vermont and challenges several provisions in the cable company's new 11-year permit to offer services in the state. One of the conditions in the permit says that "Comcast shall construct no less than 550 miles of line extensions into un-cabled areas during the [11-year] term." Comcast would rather not do that. The company's court complaint says that Vermont is exceeding its authority under the federal Cable Act while also violating state law and Comcast's constitutional rights: "The VPUC claimed that it could impose the blanket 550-mile line extension mandate on Comcast because it is the 'largest' cable operator in Vermont and can afford it. These discriminatory conditions contravene federal and state law, amount to undue speaker-based burdens on Comcast's protected speech under the First Amendment of the United States Constitution... and deprive Comcast and its subscribers of the benefits of Vermont law enjoyed by other cable operators and their subscribers without a just and rational basis, in violation of the Common Benefits Clause of the Vermont Constitution."

Slashdot Top Deals