CNN tells the story of Luisa Neubauer, a 25-year-old woman who took the German government to court last year — and won: On April 29, the country's Supreme Court announced that some provisions of the 2019 climate change act were unconstitutional and "incompatible with fundamental rights," because they lacked a detailed plan for reducing emissions and placed the burden for future climate action on young people. The court ordered the government to come up with new provisions that "specify in greater detail how the reduction targets for greenhouse gas emissions" by the end of next year. The decision made headlines across the world...

"This case changes everything," she said. "It's not nice to have climate action, it's our fundamental right that the government protects us from the climate crisis...."

Climate lawsuits are becoming an increasingly popular and powerful tool for climate change activists. A January report released by the United Nations Environment Programme found that the number of climate litigation cases filed around the world nearly doubled between 2017 and 2020. Crucially, the governments are starting to lose. Neubauer's victory came just months after a court in Paris ruled that France was legally responsible for its failure to meet emission cutting targets. Another similar case involving six young people from Portugal was fast-tracked at the European Court of Human Rights last October...

The cases are most often centered around the idea that future generations have a right to live in a world that is not completely decimated by the climate crisis.
Long-time Slashdot reader AmiMoJo shares an Ars Technica story noting that in addition to the German suit, "A similar lawsuit in the U.S. has been winding its way through the courts." First filed in 2015 on behalf of a group of children and teenagers, the suit accused the U.S. government of violating the plaintiffs' constitutional rights to life, liberty, and property by not taking stronger action on climate change.

NBC News reports more than 440 Americans have now been charged with storming the U.S. Capitol building on January 6th, with charges now filed against people from 44 of America's 50 states. They describe it as "one of the largest criminal investigations in American history." The largest number come from Texas, Pennsylvania, and Florida, in that order. Men outnumber women among those arrested by 7 to 1, with an average age of 39, according to figures compiled by the Program on Extremism at George Washington University in Washington, D.C. A total of 44 are military veterans.
Hundreds of arrests happened because rioters later bragged online: In nearly 90 percent of the cases, charges have been based at least in part on a person's own social media accounts.

A New York man, Robert Chapman, bragged on the dating app Bumble that he'd been in the Capitol during the riot. The person he was seeking to date responded, "We are not a match," and notified the FBI.
In fact, the investigative agency has now received "hundreds of thousands" of tips from the public, and has even posted photos of people who participated in the riots online asking for the public's help to identify them.

But NBC also reports that technology is being used to identify participants:

• "Investigators have also used facial recognition software, comparing images from surveillance cameras and an outpouring of social media and news agency videos against photo databases of the FBI and at least one other federal agency, Customs and Border Protection, according to court documents."

• Investigators "have also subpoenaed records from companies providing cellphone service, allowing agents to tell whether a specific person's phone was inside the Capitol during the siege."

"It never occurred to me that a Facebook-appointed panel could avoid a clear decision about Donald Trump's heinous online behavior," writes a New York Times technology reporter. "But that is what it's done..."

They call the board's decision "kind of perfect, actually, since it forces everyone's hand — from the Facebook chief executive Mark Zuckerberg to our limp legislators in Congress..."

The editor of the conservative National Review adds: If Facebook had set out to demonstrate that it has awesome power over speech in the United States, including speech at the core of the nation's political debate, and is wielding that power arbitrarily, indeed has no idea what its own rules truly are or should be, it wouldn't have handled the question any differently... The oversight board underlines the astonishing fact that in reaching its most momentous free-speech decision ever in this country, in determining whether a former president of the United States can use its platform or not, Facebook made it up on the fly. "In applying this penalty," the board writes of the suspension, "Facebook did not follow a clear, published procedure." This is like the U.S. Supreme Court handing down decisions in the absence of a written Constitution, or a home-plate umpire calling balls and strikes without an agreed-upon strike zone...
John Samples, a member of the Oversight Board, has even said explicitly that their decision was not about former president Trump — but about Facebook itself. The Washington Post reports: Samples said the board found that Facebook enforced a rule that didn't exist at the time. Trump was suspended indefinitely, rather than permanently or for a specific period of time, as defined by the company's own rules. "In a sense we were being tough with them," Samples said.

Other members said the board's call should reassure anyone concerned that Facebook wields too much control over online speech. "Anyone who's concerned about Mark Zuckerberg's power and his company's power over our speech online should actually praise this decision," Julie Owono, executive director of Internet Sans Frontières, said at a virtual event hosted by the Stanford Cyber Policy Center. "The board refused to support an arbitrary suspension..."

The flurry of media appearances marked a critical moment in the board's existence, as it tries to prove its legitimacy, define its powers and establish its relationship with Facebook.
NPR notes that former Danish Prime Minister Helle Thorning-Schmidt, a board co-chair, even called Facebook "a bit lazy" for failing to set a specific penalty in the first place... "What we are telling Facebook is that they can't invent penalties as they go along. They have to stick to their own rules," Thorning-Schmidt said in an interview with Axios. The board's criticism didn't stop at Facebook's imposing what it called a "vague, standardless penalty." It slammed the company for trying to outsource its final verdict on Trump. "Facebook has a responsibility to its users and to its community and to the broader public to make its own decisions," Jamal Greene, another board co-chair and constitutional law professor at Columbia, said Thursday during an Aspen Institute event. "The board's job is to make sure that Facebook is doing its job," he said.

Tensions between the board's view of the scope of its role and Facebook's were also evident in the board's revelation that the company wouldn't answer seven of the 46 questions it asked about the Trump case. The questions Facebook refused to answer included how its own design and algorithms might have amplified the reach of Trump's posts and contributed to the Capitol assault. "The ones that the company refused to answer to are precisely related to what happened before Jan. 6," Julie Owono, an oversight board member and executive director of the digital rights group Internet Sans Frontières, said at the Aspen Institute event.

"Our decision says that you cannot make such an important decision, such a serious decision for freedom of expression, freedom of speech, without the adequate context."

schwit1 shares a report from UPI: The State Department announced it has reached a $13 million settlement with U.S. defense contractor Honeywell International over allegations it exported technical data concerning fighter jets and other military vehicles to foreign countries, including China. The settlement resolves 34 charges the State Department leveled against the company for disclosing dozens of engineering prints showing dimensions, geometries and layouts for manufacturing parts for aircraft, gas turbine engines and military electronics.

Honeywell voluntarily informed the department in two disclosures that it had violated arms export control laws by sending the technical drawings to foreign countries, the State Department said in a statement. Honeywell had identified 71-controlled drawings that it had exported to Canada, Ireland, China and Taiwan between July 2011 and October 2015. "The U.S. government reviewed copies of the 71 drawings and determined that exports to and retransfers in the PRC of drawings for certain parts and components for the engine platforms for the F-35 Joint Strike Fighter, B-1B Lancer Long-Range Strategic Bomber and the F-22 Fighter Aircraft harmed U.S. national security," the document said. In a statement emailed to UPI, Honeywell explained it "inadvertently shared" the technology that was assessed as impacting national security during "normal business discussions" but remarked that the schematics were commercially available worldwide. "No detailed manufacturing or engineering expertise was shared," it said.

The company has agreed to pay the fine and have an external compliance officer oversee the consent agreement for at least 18 months as well as conduct an external audit of its compliance program.

Bayer AG lost its fight to topple a European Union ban on controversial insecticides that regulators blame for killing honeybees. Bloomberg reports: The EU Court of Justice dismissed the appeal, finding there were no legal errors in the European Commission's decision to impose restrictions on the substances' use, based on concerns that the chemicals posed "high acute risks for bees" and "the survival and development of colonies in several crops." Bayer and Syngenta AG in 2018 already lost a first round in court after telling judges that the EU ban on three so-called neonicotinoids forced farmers to revert to potentially more harmful chemicals. Bayer appealed one more time.

The EU's decision five years earlier imposed limits on the use of three neonics -- clothianidin, imidacloprid and thiametoxam -- saying they were "harmful" to Europe's honeybee population when used to treat flowering plants with nectar that attracts the insects. The court ruled on Thursday the commission "is entitled to consider that a risk to the colonies could not be ruled out" even if there is "scientific uncertainty at this stage as to the rate of mortality of individual bees." EU governments in 2018 voted in favor of widening the ban of neonicotinoids to apply everywhere, except for greenhouses. The commission has described the chemicals as "systemic," causing the entire plant to become toxic to bees.

The Electronic Frontier Foundation (EFF) has filed a lawsuit against the remote testing company Proctorio on behalf of Miami University student Erik Johnson. The Verge reports: The lawsuit is intended to "quash a campaign of harassment designed to undermine important concerns" about the company's remote test-proctoring software, according to the EFF. The lawsuit intends to address the company's behavior toward Johnson in September of last year. After Johnson found out that he'd need to use the software for two of his classes, Johnson dug into the source code of Proctorio's Chrome extension and made a lengthy Twitter thread criticizing its practices -- including links to excerpts of the source code, which he'd posted on Pastebin. Proctorio CEO Mike Olsen sent Johnson a direct message on Twitter requesting that he remove the code from Pastebin, according to screenshots viewed by The Verge. After Johnson refused, Proctorio filed a copyright takedown notice, and three of the tweets were removed. (They were reinstated after TechCrunch reported on the controversy.)

In its lawsuit, the EFF is arguing that Johnson made fair use of Proctorio's code and that the company's takedown "interfered with Johnson's First Amendment right." "Copyright holders should be held liable when they falsely accuse their critics of copyright infringement, especially when the goal is plainly to intimidate and undermine them," said EFF Staff Attorney Cara Gagliano in a statement. "I'm doing this to stand up against student surveillance, as well as abuses of copyright law," Johnson told The Verge. "This isn't the first, and won't be the last time a company abuses copyright law to try and make criticism more difficult. If nobody calls out this abuse of power now, it'll just keep happening."

An anonymous reader shares a report: Three young men got into a car in Walworth County, Wis., in May 2017. They were set on driving at rapid speeds down a long, cornfield-lined road -- and sharing their escapade on social media. As the 17-year-old behind the wheel accelerated to 123 miles per hour, one of the passengers opened Snapchat. His parents say their son wanted to capture the experience using an app feature -- the controversial "speed filter" -- that documents real-life speed, hoping for engagement and attention from followers on the messaging app. It was one of the last things the trio did before the vehicle ran off the road and crashed into a tree, killing all of them. Was Snapchat partially to blame? The boys' parents think so. And, in a surprise decision on Tuesday, a federal appeals court ordered that the parents should have the right to sue Snap.

The ruling, from a three-judge panel of the 9th U.S. Circuit Court of Appeals, has set off intense debate among legal watchers about the future of a decades-old law that has shielded tech companies from civil lawsuits. The boys' parents sued Snap, the maker of Snapchat, after the tragedy. They alleged that the company "knowingly created a dangerous game" through its filter and bore some responsibility. The district court responded how courts usually do when a tech platform is sued in a civil lawsuit: by dismissing the case. The judge cited the sweeping immunity that social media companies enjoy under Section 230 of the Communications Decency Act. The law provides legal immunity to tech companies from libel and other civil suits for what people post on sites, regardless of how harmful it may be. But the appeals court's reversal paves a way around the all-powerful law, saying it doesn't apply because this case is not about what someone posted to Snapchat, but rather the design of the app itself.

Fans of Fortnite aren't happy that Apple pulled the game app off the iPhone last year -- and some aren't shy about appealing to the federal judge who has the power to make things right. From a report: "Can we please have Fortnite mobile back?" a voice was heard saying Tuesday as a clerk was testing dial-in access for the public to monitor Epic Games' trial against Apple in federal court in Oakland, California. Yesterday, as the three-week trial opened, there were enough hecklers who'd figured out how to unmute themselves -- against the court's rules -- that the phone system was briefly shut down, prompting some online commentators to refer to the situation as a hijacking. Further reading: The Apple vs. Epic Games trial airs private emails.

Apple's App Store had operating margins of almost 78% in fiscal year 2019, according to testimony from an Epic Games expert witness based on documents obtained from the iPhone maker. From a report: The figure comes from Ned Barnes, a financial and economics researcher, who said he obtained documents "prepared by Apple's Corporate Financial Planning and Analysis group and produced from the files of Apple CEO Tim Cook." Apple is disputing the accuracy of Barnes's calculations -- and urging a judge to restrict public discussion of App Store profit -- as the companies head into a high-stakes trial Monday in Oakland, California. Epic, maker of the blockbuster game Fortnite, is trying to show that the App Store is run like a monopoly with its commission on developers of as much as 30%, while Apple insists it doesn't abuse its market power. Epic is also suing Apple in the U.K. and Australia while Apple faces scrutiny from antitrust regulators in the U.S. and abroad.

The companies are relying heavily on dueling economists as they make their case to U.S. District Judge Yvonne Gonzalez Rogers, who is conducting the three-week trial without a jury. As part of the pretrial information-sharing process, Barnes said that an Apple employee told him that the numbers from the company's internal documents don't show the full picture. Barnes said he then made additional calculations, which resulted in higher margin estimates of 79.6% for both 2018 and 2019. In a statement Saturday, the Cupertino, California-based technology giant said Epic experts' "calculations of the operating margins for the App Store are simply wrong and we look forward to refuting them in court." Barnes said he also obtained documents prepared inside Apple that show profit and loss estimates for fiscal year 2020. He said Apple had been tracking App Store profits for years and that he also obtained such statements for 2013 through 2015.

A U.K. company behind digital addressing system What3Words has sent a legal threat to a security researcher for offering to share an open-source software project with other researchers, which What3Words claims violate its copyright. From a report: Aaron Toponce, a systems administrator at XMission, received a letter on Thursday from London-based law firm JA Kemp representing What3Words, requesting that he delete tweets related to the open-source alternative, WhatFreeWords. The letter also demands that he disclose to the law firm the identity of the person or people with whom he had shared a copy of the software, agree that he would not make any further copies of the software and to delete any copies of the software he had in his possession. The letter gave him until May 7 to agree, after which What3Words would "waive any entitlement it may have to pursue related claims against you," a thinly-veiled threat of legal action. "This is not a battle worth fighting," he said in a tweet.

Toponce told TechCrunch that he has complied with the demands, fearing legal repercussions if he didn't. He has also asked the law firm twice for links to the tweets they want deleting but has not heard back. "Depending on the tweet, I may or may not comply. Depends on its content," he said. U.K.-based What3Words divides the entire world into three-meter squares and labels each with a unique three-word phrase. The idea is that sharing three words is easier to share on the phone in an emergency than having to find and read out their precise geographic coordinates. But security researcher Andrew Tierney recently discovered that What3Words would sometimes have two similarly-named squares less than a mile apart, potentially causing confusion about a person's true whereabouts. In a later write-up, Tierney said What3Words was not adequate for use in safety-critical cases.

Amazon accounts for "roughly half of all online sales," while "more than half of all the stuff sold by Amazon comes from third parties," reports a business columnist for the Los Angeles Times.

But is Amazon legally and financially responsible for the safety of those products? Amazon says no. A trio of state Court of Appeal justices in Los Angeles this week said otherwise.

"We are persuaded that Amazon's own business practices make it a direct link in the vertical chain of distribution under California's strict liability doctrine," the justices ruled, rejecting Amazon's claim that its site is merely a platform connecting buyers and sellers... "Amazon is the retailer. They're the one selling the product," said Christopher Dolan, a San Francisco lawyer who spearheaded the case against the e-commerce behemoth. "Because of this ruling," he told me, "you can be sure Amazon is rewriting all its rules for third-party sellers, and it's doing it today..."
The case began in 2015 when a California woman named Loomis gave her son a hoverboard for Christmas in 2015 — and less than a week later its lithium-ion batteries exploded while charging: In pursuing his case on Loomis' behalf, Dolan found that the Chinese manufacturer and its U.S. distributor had gone out of business, "leaving only Amazon to be held accountable for the injuries to Ms. Loomis and the damages to her home." Amazon prevailed in the original case. An L.A. judge agreed with the Seattle company that it was merely an "online advertiser" and not responsible for the third-party products it sells. The lawsuit was dismissed in March 2019.

This week's appellate court decision overturns that ruling, holding Amazon accountable for the products it allows third parties to sell on its website.

The appellate justices cited Amazon's "substantial ability to influence the manufacturing or distribution process through its ability to require safety certification, indemnification and insurance before it agrees to list any product...." Product liability experts told me this week's decision makes clear that online merchants are just that — merchants — and can't hide behind their connecting-the-world technology to shield them from responsibility for distributing unsafe goods.

Business Insider reports: Former Netflix vice president of IT Michael Kail was convicted by a federal jury on Friday of 28 counts of fraud and money laundering, the U.S. Department of Justice announced in a press release.

Kail, who was indicted in 2018, used his position to create a "pay-to-play" scheme where he approved contracts with outside tech companies looking to do business with Netflix in exchange for taking bribes and kickbacks, according to evidence presented to the jury, the release said. Kail accepted bribes or kickbacks from nine different companies totaling more than $500,000 as well as stock options, according to the Department of Justice's press release...

Netflix sued Kail after he left the company in 2014 to take a role as Yahoo's CIO, accusing him of fraud and breaching his fiduciary duties.
One FBI agent says that Kail "stole the opportunity to work with an industry pioneer from honest, hardworking, Silicon Valley companies," according to the details in the Department of Justice statement: To facilitate kickback payments, the evidence at trial showed that Kail created and controlled a limited liability corporation called Unix Mercenary, LLC. Established on February 7, 2012, Unix Mercenary had no employees and no business location. Kail was the sole signatory to its bank accounts...

Kail faces a maximum sentence of twenty years in prison and a fine of $250,000, or twice his gross gain or twice the gross loss to Netflix, whichever is greater, for each count of a wire or mail fraud conviction, and ten years in prison and a fine of $250,000 for each count of a money laundering conviction.

Florida is on track to be the first state in America to punish social media companies that ban politicians, reports NBC News, "under a bill approved Thursday by the state's Republican-led Legislature." Gov. Ron DeSantis, a Republican and close Trump ally who called for the bill's passage, is expected to sign the legislation into law, but the proposal appears destined to be challenged in court after a tech industry trade group called it a violation of the First Amendment speech rights of corporations...

Suspensions of up to 14 days would still be allowed, and a service could remove individual posts that violate its terms of service. The state's elections commission would be empowered to fine a social media company $250,000 a day for statewide candidates and $25,000 a day for other candidates if a company's actions are found to violate the law, which also requires the companies to provide information about takedowns and apply rules consistently...

Florida Republican lawmakers have cited tech companies' wide influence over speech as a reason for the increased regulation. "What this bill is about is sending a loud message to Silicon Valley that they are not the absolute arbiters of truth," state Rep. John Snyder, a Republican from the Port St. Lucie area, said Wednesday... The Florida bill may offer Republicans in other states a road map for introducing laws that could eventually force social media companies and U.S. courts to confront questions about free speech on social media, including the questions raised by Thomas.

State Rep. Carlos Guillermo Smith, an Orlando area Democrat, said if Republicans want to stay on private services, they should follow the rules. "There's already a solution to deplatforming candidates on social media: Stop trafficking in conspiracy theories...."
NetChoice, a trade group for internet companies, argued the bill punishes platforms for removing harmful content, and that it would make it harder to block spam. But they also argued that the freedom of speech clause in the U.S. Constitution "makes clear that government may not regulate the speech of private individuals or businesses.

"This includes government action that compels speech by forcing a private social media platform to carry content that is against its policies or preferences."

Slashdot reader zantafio points out the bill specifies just five major tech companies — Google, Apple, Twitter, Facebook and Amazon.

And that the bill was also amended to specifically exempt Disney, Universal and any theme park owner that operates a search engine or information service.

Indie developer (and Humble Indie Bundle originator) Wolfire Games has filed a proposed class-action lawsuit against Steam creator Valve, saying that the company is wielding Steam's monopoly power over the PC gaming market to extract "an extraordinarily high cut from nearly every sale that passes through its storeâ"30%." Ars Technica reports: The lawsuit, filed in a Washington state federal court, centers on what it considers an illegal tying of the Steam gaming platform (which provides game library management, social networking, achievement tracking, Steam Workshop mods, etc.) and the Steam game store (which processes online payments and delivers a copy of the game). After years of growth, the vast majority of PC gamers are locked into the Steam platform thanks to "immense network effects" and the high switching costs to move to a new PC platform, the suit argues. That makes the platform "a must-have for game publishers," who need access to the players on Steam to succeed. But games that use the Steam platform also have to be sold on the Steam Store, where Valve takes its 30 percent cut of all sales. By leveraging its monopoly platform power into a "gatekeeper role" for the store, Valve "wield[s] extreme power over publishers of PC Desktop Games" that leads to a "small but significant and non-transitory increase in price" for developers compared to a truly competitive market, the suit argues.

The suit includes a laundry list of competitors that have tried to create their own platforms to take on Steam's monopoly, including CD Projekt Red, EA, Microsoft, Amazon, and Epic (not to mention "pure distributors" with platform-free stores like GameStop, Green Man Gaming, Impulse, and Direct2Drive). But the lawsuit argues that Steam's lock-in effects mean none of these stores have been able to make much of a dent in Valve's monopoly position, despite plenty of well-funded attempts. Even the Epic Games Store, which has spent hundreds of millions of dollars securing exclusives and free game giveaways, has a market share of only "a little above 2 percent," according to one cited analysis (in an interview last June, Epic's Tim Sweeney estimated a more robust 15 percent market share for EGS).

"The failure of these companies to meaningfully compete against the Steam Gaming Platform shows it is virtually impossible as an economic matter to compete against the Steam Gaming Platform," the suit argues. "The Steam Gaming Platform has well-cemented dominance in the PC Desktop Gaming Platform Market, and given its unique and strong network effects, that is unlikely to change." The only meaningful way to avoid [Valve's] anticompetitive measures, the suit argues, is "to avoid using the Steam Gaming Platform at all." But Valve's monopoly position means that "there are no economically viable alternatives to the Steam Gaming Platform" for most PC games. While the suit acknowledges a few counterexamples (Riot's League of Legends is cited by name), such titles "typically require a long history of recognition and success before they can attempt to thrive without the Steam Gaming Platform," the suit says.

schwit1 shares a report from Threatpost: Quick-response (QR) codes used by a COVID-19 contact-tracing program were hijacked by a man who simply slapped up scam QR codes on top to redirect users to an anti-vaccination website, according to local police. He now faces two counts of "obstructing operations carried out relative to COVID-19 under the Emergency Management Act," the South Australia Police said in a statement announcing the arrest. His arrest may just be a drop in the bucket: Reports of other anti-vax campaigners doing the same thing abound. Law enforcement added an additional warning to would-be QR code scammers: "Any person found to be tampering or obstructing with business QR codes will likely face arrest and court penalty of up to $10,000." The police said no personal data was breached, but the incident highlights that truly all an attacker needs is a printer and a pack of Avery labels to do real damage.

In this case, the QR codes were being used by the South Australian government's official CovidSafe app to access a device's camera, scan the code and collect real-time location data to be used for contact tracing in case of a COVID-19 outbreak, ABC News Australia reported. That's a lot of personal data linked to a single QR code just waiting to be stolen. "In this instance, people who scanned the illegitimate QR code were redirected to a website distributing misinformation from the anti-vaxxer community," Bill Harrod, vice president of public sector at Ivanti, told Threatpost. "While this is concerning, the outcome could have been far more perilous."

Plans for 3D-printed, self-assembled "ghost guns" can be posted online without U.S. State Department approval, a federal appeals court ruled Tuesday. From a report: A divided panel of the 9th U.S. Circuit Court of Appeals in San Francisco reinstated a Trump administration order that permitted removal of the guns from the State Department's Munitions List. Listed weapons need State Department approval for export. In 2015, federal courts applied the requirement to weapons posted online and intended for production on 3D printers, the San Francisco Chronicle reported. However, three years later the State Department under then-President Donald Trump settled a lawsuit by a 3D gun company and ordered their removal.

California, 21 other states and the District of Columbia sued and a federal judge in Seattle issued an injunction last year, saying that posting the designs without restrictions could put unregistered weapons into the hands of terrorists. In overturning the injunction, the appellate panel found 2-1 that a 1989 federal law prohibits courts from overruling the State Department's decision to add or remove a weapon from the Munitions List, the Chronicle reported.

Epic Games is holding back Fortnite from being available on Microsoft's Xbox Cloud Gaming (xCloud) service, according to a new deposition made public as part of the Epic case against Apple. From a report: The Fortnite developer views Microsoft's xCloud service as competition to its PC offerings, and the company is deliberately not offering Fortnite on xCloud as a result. Joe Kreiner, Epic's vice president of business development, was questioned over why Fortnite isn't available on xCloud, and confirmed it was a deliberate choice. "We viewed Microsoft's efforts with xCloud to be competitive with our PC offerings," says Kreiner in the deposition. The court document makes it appear like Kreiner may go on to explain why, but the next part of the questioning has been redacted.

An anonymous reader quotes a report from Wired: For a decade, Bitcoin Fog has offered to obscure the source and destination of its customers' cryptocurrency, making it one of the most venerable institutions in the dark web economy. Now the IRS says it has finally identified the Russian-Swedish administrator behind that long-running anonymizing system and charged him with laundering hundreds of millions of dollars worth of bitcoins, much of which was sent to or from dark web drug markets. What gave him away? The trail of his own decade-old digital transactions.

US authorities on Tuesday arrested Roman Sterlingov in Los Angeles, according to court records, and charged him with laundering more than 1.2 million bitcoins -- worth $336 million at the times of the payments -- over the 10 years that he allegedly ran Bitcoin Fog. According to the IRS criminal investigations division, Sterlingov, a citizen of Russia and Sweden, allowed users to blend their transactions with those of others to prevent anyone examining the Bitcoin blockchain from tracing any individual's payments. He took commissions on those transactions of 2 to 2.5 percent. In total, the IRS calculates, Sterlingov allegedly took home roughly $8 million worth of bitcoin through the service, based on exchange rates at the times of each transaction. That's before factoring in Bitcoin's massive appreciation over the past decade. Ironically, it appears that the 2011 transactions Sterlingov allegedly used to set up Bitcoin Fog's server hosting are what put the IRS on his trail. Of the $336 million the complaint accuses Bitcoin Fog of laundering, at least $78 million passed through the service to various narcotics-selling dark web markets like the Silk Road, Agora, and AlphaBay over the years that followed. The IRS also appears to have used undercover agents in 2019 to transact with Bitcoin Fog, in one case sending messages to Bitcoin Fog's administrator that explicitly stated that they hoped to launder proceeds from selling ecstasy. Bitcoin Fog completed that user's transactions without a response.

Most remarkable, however, is the IRS's account of tracking down Sterlingov using the very same sort of blockchain analysis that his own service was meant to defeat. The complaint outlines how Sterlingov allegedly paid for the server hosting of Bitcoin Fog at one point in 2011 using the now-defunct digital currency Liberty Reserve. It goes on to show the blockchain evidence that identifies Sterlingov's purchase of that Liberty Reserve currency with bitcoins: He first exchanged euros for the bitcoins on the early cryptocurrency exchange Mt. Gox, then moved those bitcoins through several subsequent addresses, and finally traded them on another currency exchange for the Liberty Reserve funds he'd use to set up Bitcoin Fog's domain. Based on tracing those financial transactions, the IRS says, it then identified Mt. Gox accounts that used Sterlingov's home address and phone number, and even a Google account that included a Russian-language document on its Google Drive offering instructions for how to obscure Bitcoin payments. That document described exactly the steps Sterlingov allegedly took to buy the Liberty Reserve funds he'd used.

An anonymous reader quotes a report from Gizmodo: A Maryland defense attorney has decided to challenge the conviction of one of his clients after it was recently discovered that the phone cracking product used in the case, produced by digital forensics firm Cellebrite, has severe cybersecurity flaws that could make it vulnerable to hacking. Ramon Rozas, who has practiced law for 25 years, told Gizmodo that he was compelled to pursue a new trial after reading a widely shared blog post written by the CEO of the encryption chat app Signal, Moxie Marlinspike. It was just about a week ago that Marlinspike brutally dunked on Cellebrite -- writing, in a searing takedown, that the company's products lacked basic "industry-standard exploit mitigation defenses," and that security holes in its software could easily be exploited to manipulate data during cell phone extraction.

Given the fact that Cellebrite's extraction software is used by law enforcement agencies the world over, questions have naturally emerged about the integrity of investigations that used the tech to secure convictions. For Rozas, the concerns center around the fact that "Cellebrite evidence was heavily relied upon" to convict his client, who was charged in relation to an armed robbery. The prosecution's argument essentially turned on that data, which was extracted from the suspect's phone using the company's tools. In a motion recently filed, Rozas argued that because "severe defects" have since been uncovered about the technology, a "new trial should be ordered so that the defense can examine the report produced by the Cellebrite device in light of this new evidence, and examine the Cellebrite device itself." "I think it's going to take a while to figure out what the exact legal ramifications of this are," says Megan Graham, a Clinical Supervising Attorney at the Samuelson Law, Technology & Public Policy Clinic with Berkeley Law School. "I don't know how likely it is that cases would be thrown out," she said, adding that a person who has already been convicted would likely have to "show that someone else identified this vulnerability and exploited it at the time" -- not an especially easy task.

"Going forward, I think it's just hard to tell," Graham said. "We now know that this vulnerability exists, and it creates concerns about the security of Cellebrite devices and the integrity of evidence." But there's a lot that we don't know, she emphasized. Among Graham's concerns, she said that "we don't know if the vulnerability is being exploited," and that makes it difficult to discern when it could become an issue in past cases. "I think there will be cases where defense attorneys are able to get judges engaged [on this issue]. They will present the security concerns, worries about manipulated evidence, and it might be persuasive. I think there will be a wide array of responses when it comes to how this plays out in cases," she said.

ADT, a home security company in the United States with over 6 million customers, is suing Amazon's Ring, alleging that the DIY home security company is copying ADT's logo and profiting from customer trust associated with it. From a report: ADT has asked a federal judge in Florida to order Ring to stop using its blue, octagonal signs and to pay unspecified compensation to the security company. In the complaint, ADT said it asked Ring to stop copying its blue octagon logo in 2016, after which the Amazon-owned company removed the blue color from its sign, but kept the octagon shape. In late March, upon releasing a new outdoor siren, Ring added the blue back to its advertising materials. ADT also said in the complaint that it owns 12 trademarks for the shape, color and look of its blue, octagonal sign.