The U.K. government has published its final response to a data 'reform' consultation it kicked off last year, laying out how it intends to diverge from EU-based data protection rules. From a report: At first pass, it looks like it has stepped away from some of the more extreme 'reforms' it had been tossing around -- such as removing the right for human review of automated/AI decisions; which the consultation admits was opposed by the "vast majority" of respondents (ergo, the government writes that it "recognises the importance of appropriate safeguards, and will not pursue this proposal"; although it says it's still considering how to amend Article 22 of the U.K. GDPR -- so watch that space).

That said, there are still a lot of potentially wide-ranging amendments being announced in this package -- such as a switch to an opt-out model for most online tracking; which the government is spinning as an end to cookie consent pop-ups but which raises plenty of wider questions -- and changes to the U.K.'s data protection regulator that could still sum to substantial differences for the rights of citizens, businesses and other types of data processors operating in the country. There's plenty more incoming from the U.K. government on the digital policy front too -- such as the sprawling Online Safety Bill, which is currently making its way through parliament, and is set to dramatically ramp up compliance demands for all sorts of businesses. So it pays to keep the wider picture in mind as the government spins its pitch of post-Brexit, rebooted data laws that will give British business a "boost" by cutting EU 'red tape.'

Speaking of TikTok moving US users' data to Oracle, a new report says that ByteDance staff in China accessed US TikTok users' data between September 2021 and January 2022. From the report: For years, TikTok has responded to data privacy concerns by promising that information gathered about users in the United States is stored in the United States, rather than China, where ByteDance, the video platform's parent company, is located. But according to leaked audio from more than 80 internal TikTok meetings, China-based employees of ByteDance have repeatedly accessed nonpublic data about US TikTok users -- exactly the type of behavior that inspired former president Donald Trump to threaten to ban the app in the United States.

The recordings, which were reviewed by BuzzFeed News, contain 14 statements from nine different TikTok employees indicating that engineers in China had access to US data between September 2021 and January 2022, at the very least. Despite a TikTok executive's sworn testimony in an October 2021 Senate hearing that a "world-renowned, US-based security team" decides who gets access to this data, nine statements by eight different employees describe situations where US employees had to turn to their colleagues in China to determine how US user data was flowing. US staff did not have permission or knowledge of how to access the data on their own, according to the tapes.

"Everything is seen in China," said a member of TikTok's Trust and Safety department in a September 2021 meeting. In another September meeting, a director referred to one Beijing-based engineer as a "Master Admin" who "has access to everything." (While many employees introduced themselves by name and title in the recordings, BuzzFeed News is not naming anyone to protect their privacy.) The recordings range from small-group meetings with company leaders and consultants to policy all-hands presentations and are corroborated by screenshots and other documents, providing a vast amount of evidence to corroborate prior reports of China-based employees accessing US user data.

Police forces around the world have increasingly used hacking tools to identify and track protesters, expose political dissidents' secrets, and turn activists' computers and phones into inescapable eavesdropping bugs. Now, new clues in a case in India connect law enforcement to a hacking campaign that used those tools to go an appalling step further: planting false incriminating files on targets' computers that the same police then used as grounds to arrest and jail them. Wired: More than a year ago, forensic analysts revealed that unidentified hackers fabricated evidence on the computers of at least two activists arrested in Pune, India, in 2018, both of whom have languished in jail and, along with 13 others, face terrorism charges. Researchers at security firm SentinelOne and nonprofits Citizen Lab and Amnesty International have since linked that evidence fabrication to a broader hacking operation that targeted hundreds of individuals over nearly a decade, using phishing emails to infect targeted computers with spyware, as well as smartphone hacking tools sold by the Israeli hacking contractor NSO Group. But only now have SentinelOne's researchers revealed ties between the hackers and a government entity: none other than the very same Indian police agency in the city of Pune that arrested multiple activists based on the fabricated evidence.

"There's a provable connection between the individuals who arrested these folks and the individuals who planted the evidence," says Juan Andres Guerrero-Saade, a security researcher at SentinelOne who, along with fellow researcher Tom Hegel, will present findings at the Black Hat security conference in August. "This is beyond ethically compromised. It is beyond callous. So we're trying to put as much data forward as we can in the hopes of helping these victims." SentinelOne's new findings that link the Pune City Police to the long-running hacking campaign, which the company has called Modified Elephant, center on two particular targets of the campaign: Rona Wilson and Varvara Rao. Both men are activists and human rights defenders who were jailed in 2018 as part of a group called the Bhima Koregaon 16, named for the village where violence between Hindus and Dalits -- the group once known as "untouchables" -- broke out earlier that year. (One of those 16 defendants, 84-year-old Jesuit priest Stan Swamy, died in jail last year after contracting Covid-19. Rao, who is 81 years old and in poor health, has been released on medical bail, which expires next month. Of the other 14, only one has been granted bail.)

Google has failed to convince a California federal judge to dismiss a privacy lawsuit that alleges the Alphabet Inc unit sells or gives personal information to third parties through its digital advertising system, without informing users. From a report: In a Monday opinion, U.S. District Judge Yvonne Gonzalez Rogers in Oakland said Google account holders have sufficiently alleged most of their claims in the lawsuit over the company's "real-time bidding" process. A Google spokesperson said in a statement Tuesday that privacy and transparency are "core" to its ad services. "We never sell people's personal information, we have strict policies specifically prohibiting personalized ads based on sensitive categories of information, and sensitive user data like health, race, or religion is not shared with our partners," the spokesperson said.

A tracking tool installed on many hospitals' websites has been collecting patients' sensitive health information -- including details about their medical conditions, prescriptions, and doctor's appointments -- and sending it to Facebook. From a report: The Markup tested the websites of Newsweek's top 100 hospitals in America. On 33 of them we found the tracker, called the Meta Pixel, sending Facebook a packet of data whenever a person clicked a button to schedule a doctor's appointment. The data is connected to an IP address -- an identifier that's like a computer's mailing address and can generally be linked to a specific individual or household -- "creating an intimate receipt of the appointment request for Facebook. The Markup found 33 of Newsweek's top 100 hospitals in the country sending sensitive data to Facebook via the pixel. Data accurate as of June 15, 2022. On the website of University Hospitals Cleveland Medical Center, for example, clicking the "Schedule Online" button on a doctor's page prompted the Meta Pixel to send Facebook the text of the button, the doctor's name, and the search term we used to find her: "pregnancy termination." Clicking the "Schedule Online Now" button for a doctor on the website of Froedtert Hospital, in Wisconsin, prompted the Meta Pixel to send Facebook the text of the button, the doctor's name, and the condition we selected from a dropdown menu: "Alzheimer's."

As the Supreme Court's expected decision to overturn Roe v. Wade looms over Washington, Sen. Elizabeth Warren (D-MA) has announced sweeping legislation to ban the sale of location and health data. From a report: Warren's Health and Location Protection Act -- cosponsored by a slate of Democratic senators, including Sens. Bernie Sanders (I-VT) and Ron Wyden (D-OR) -- would bar "data brokers from selling or transferring location data and health data." There are few limitations, making the bill one of the most strident proposals aimed at regulating data sales. "Data brokers profit from the location data of millions of people, posing serious risks to Americans everywhere by selling their most private information," Warren said in a statement on Wednesday. "With this extremist Supreme Court poised to overturn Roe v. Wade and states seeking to criminalize essential health care, it is more crucial than ever for Congress to protect consumers' sensitive data."

NordVPN, one of the most popular VPN providers, is the latest to confirm that it will be removing its servers in India ahead of the nation enacting new strict guidelines later this month. From a report: The Lithuania-based firm, which counts General Catalyst and Novator among its backers and is valued at $1.6 billion, said on Tuesday that it doesn't maintain any logs of its customers' data, strings of information that New Delhi will soon require VPN providers to share. "Moreover, we are committed to protecting the privacy of our customers. Therefore, we are no longer able to keep servers in India," a company spokesperson said.

The Indian Computer Emergency Response Team, the body appointed by the government to protect India's information infrastructure, unveiled cybersecurity guidelines in late April that will require "virtual private server (VPS) providers, cloud service providers, VPN service providers, virtual asset service providers, virtual asset exchange providers, custodian wallet providers and government organisations" to store customers' names, email addresses, IP addresses, know-your-customer records and financial transactions for a period of five years. The new rules go into effect June 27. NordVPN's decision follows similar directions taken by ExpressVPN and SurfShark, both of which have removed servers in the country. It's unclear how popular VPN services are in India, but on their sites the aforementioned firms say they are used by millions of users worldwide.

Mozilla: Starting today, Firefox is rolling out Total Cookie Protection by default to all Firefox users worldwide, making Firefox the most private and secure major browser available across Windows and Mac. Total Cookie Protection is Firefox's strongest privacy protection to date, confining cookies to the site where they were created, thus preventing tracking companies from using these cookies to track your browsing from site to site. Whether it's applying for a student loan, seeking treatment or advice through a health site, or browsing an online dating app, massive amounts of your personal information is online -- and this data is leaking all over the web.

The hyper-specific-to-you ads you so often see online are made possible by cookies that are used to track your behavior across sites and build an extremely sophisticated profile of who you are. Recent stories (including an excellent Last Week Tonight episode) have shown how robust, yet under-the-radar, the data selling economy is and how easy it is for anyone to buy your data, combine it with more data about you and use it for a variety of purposes, even beyond advertising. It's an alarming reality -- the possibility that your every move online is being watched, tracked and shared -- and one that's antithetical to the open web we at Mozilla have strived to build. That's why we developed Total Cookie Protection to help keep you safe online.

Total Cookie Protection works by creating a separate "cookie jar" for each website you visit. Instead of allowing trackers to link up your behavior on multiple sites, they just get to see behavior on individual sites. Any time a website, or third-party content embedded in a website, deposits a cookie in your browser, that cookie is confined to the cookie jar assigned to only that website. No other websites can reach into the cookie jars that don't belong to them and find out what the other websites' cookies know about you -- giving you freedom from invasive ads and reducing the amount of information companies gather about you. This approach strikes the balance between eliminating the worst privacy properties of third-party cookies -- in particular the ability to track you -- and allowing those cookies to fulfill their less invasive use cases (e.g. to provide accurate analytics). With Total Cookie Protection in Firefox, people can enjoy better privacy and have the great browsing experience they've come to expect.

Liza Vertinsky, Professor of Law, University of Maryland, and Yaniv Heled, Associate Professor of Law, Georgia State University, writing for The Conversation: Every so often stories of genetic theft, or extreme precautions taken to avoid it, make headline news. So it was with a picture of French President Emmanuel Macron and Russian President Vladimir Putin sitting at opposite ends of a very long table after Macron declined to take a Russian PCR COVID-19 test. Many speculated that Macron refused due to security concerns that the Russians would take and use his DNA for nefarious purposes. German Chancellor Olaf Scholz similarly refused to take a Russian PCR COVID-19 test. While these concerns may seem relatively new, pop star celebrity Madonna has been raising alarm bells about the potential for nonconsensual, surreptitious collection and testing of DNA for over a decade. She has hired cleaning crews to sterilize her dressing rooms after concerts and requires her own new toilet seats at each stop of her tours.

At first, Madonna was ridiculed for having DNA paranoia. But as more advanced, faster and cheaper genetic technologies have reached the consumer realm, these concerns seem not only reasonable, but justified. We are law professors who study how emerging technologies like genetic sequencing are regulated. We believe that growing public interest in genetics has increased the likelihood that genetic paparazzi with DNA collection kits may soon become as ubiquitous as ones with cameras. While courts have for the most part managed to evade dealing with the complexities of surreptitious DNA collection and testing of public figures, they won't be able to avoid dealing with it for much longer. And when they do, they are going to run squarely into the limitations of existing legal frameworks when it comes to genetics.

"Paige Thompson worked as a software engineer in Seattle and ran an online community for other programmers," remembers the New York Times. [Alternate URL here and here.]

"In 2019, she downloaded personal information belonging to more than 100 million Capital One customers, the Justice Department said..." It included 140,000 Social Security numbers and 80,000 bank account numbers (drawn from applications for credit cards). Nearly three years after the disclosure of one of the largest data breaches in the United States, the former Amazon employee accused of stealing customers' personal information from Capital One is standing trial in a case that will test the power of a U.S. anti-hacking law.... She faces 10 counts of computer fraud, wire fraud and identity theft in a federal trial that began Tuesday in Seattle.... Thompson, 36, is accused of violating an anti-hacking law known as the Computer Fraud and Abuse Act, which forbids access to a computer without authorization. Thompson has pleaded not guilty, and her lawyers say her actions — scanning for online vulnerabilities and exploring what they exposed — were those of a "novice white-hat hacker."

Critics of the computer fraud law have argued that it is too broad and allows for prosecutions against people who discover vulnerabilities in online systems or break digital agreements in benign ways, such as using a pseudonym on a social media site that requires users to go by their real names. In recent years, courts have begun to agree. The Supreme Court narrowed the scope of the law last year, ruling that it could not be used to prosecute people who had legitimate access to data but exploited their access improperly. And in April, a federal appeals court ruled that automated data collection from websites, known as web scraping, did not violate the law. Last month, the Justice Department told prosecutors that they should no longer use the law to pursue hackers who engaged in "good-faith security research."

Thompson's trial will raise questions about how far security researchers can go in their pursuit of cybersecurity flaws before their actions break the law. Prosecutors said Thompson had planned to use the information she gathered for identity theft and had taken advantage of her access to corporate servers in a scheme to mine cryptocurrency... The Justice Department has argued that Thompson had no interest in helping Capital One plug the holes in its security and that she cannot be considered a "white hat" hacker. Instead, she chatted with friends online about how she might be able to profit from the breach, according to legal filings.... Some security researchers said Thompson had ventured too far into Capital One's systems to be considered a white-hat hacker.... "Legitimate people will push a door open if it looks ajar," said Chester Wisniewski, a principal research scientist at Sophos, a cybersecurity firm.... But downloading thousands of files and setting up a cryptocurrency mining operation were "intentionally malicious actions that do not happen in the course of testing security," Wisniewski said....

"Thompson scanned tens of millions of AWS customers looking for vulnerabilities," Brown wrote in a legal filing.
The article notes that Capitol One ultimately agreed to pay $80 million in 2020 "to settle claims from federal bank regulators that it lacked the security protocols needed to protect customers' data" and another $190 million to settle a class-action lawsuit representing people whose data was exposed.

Wickr Me, an encrypted messaging app owned by Amazon Web Services, has become a go-to destination for people to exchange images of child sexual abuse, according to court documents, online communities, law enforcement and anti-exploitation activists. From a report: It's not the only tech platform that needs to crack down on such illegal content, according to data gathered by the National Center for Missing & Exploited Children, or NCMEC. But Amazon is doing comparatively little to proactively address the problem, experts and law enforcement officials say, attracting people who want to trade such material because there is less risk of detection than in the brighter corners of the internet.

NBC News reviewed court documents from 72 state and federal child sexual abuse or child pornography prosecutions where the defendant allegedly used Wickr (as it's commonly known) from the last five years in the United States, United Kingdom and Australia, using a combination of private and public legal and news databases and search engines. Nearly every prosecution reviewed has resulted in a conviction aside from those still being adjudicated. Almost none of the criminal complaints reviewed note cooperation from Wickr itself at the time of filing, aside from limited instances where Wickr was legally compelled to provide information via a search warrant. Over 25 percent of the prosecutions stemmed from undercover operations conducted by law enforcement on Wickr and other tech platforms. These court cases only represent a small fraction of the problem, according to two law enforcement officers involved in investigating child exploitation cases, two experts studying child exploitation and two people who have seen firsthand how individuals frequently use Wickr and other platforms for criminal transactions on the dark web.

A US court has ordered the chief executive of collapsed stablecoin operator Terraform Labs to comply with subpoenas from the regulator seeking documents and materials related to the sale of potential unregistered securities. From a report: The US court of appeals in New York on Wednesday upheld the claim from the Securities and Exchange Commission, which is seeking information on Mirror Protocol, a trading network built on the Terra ecosystem that offered customers tokens that closely mirrored the price of some of the US's largest listed companies such as Apple and Amazon.

The regulator's victory marks a further blow to Terraform Labs' head Do Kwon, who is facing several legal cases in the wake of the sudden $40bn collapse of terraUSD, a stablecoin, and its accompanying token luna, which left investors out of pocket. The 30-year-old South Korean was the chief developer of terraUSD, whose collapse last month sent shockwaves through the crypto industry. Mirror Protocol was also developed by Kwon's Terraform Labs with the hope of bridging traditional finance with crypto.

The Biden administration on Thursday pledged to have 500,000 public charging stations for electric vehicles in place by 2030. "The proposed standards, which will be published next week in the Federal Register, dictate that a charging station be located every 50 miles along the interstate and no more than a mile off the highway," reports USA Today. "Stations would be required to maintain a minimum number and type of chargers capable of serving multiple customers." From the report: Stations would be prohibited from requiring drivers to have a membership or be part of a club to use their chargers. Real-time information on pricing and location would have to be available to help motorists using a GPS app better plan their trip. The Federal Highway Administration's proposed standards will apply to federally funded charging stations in all 50 states, the District of Columbia and Puerto Rico. The goal is to ensure a seamless system of charging stations that can be used by motorists no matter what car they drive, where they live or how they pay. [...] The administration is providing more than $5 billion to states over the next five years to build a network of charging stations along the nation's interstates.

An anonymous reader quotes a report from ZDNet: Lead researcher Alyssa Blackburn of Baylor and Rice, along with team-mates Christoph Huber, Yossi Eliaz, Muhammad S. Shamim, David Weisz, Goutham Seshadri, Kevin Kim, Shengqi Hang, and Erez Lieberman Aiden, used a technique called "address linking" to study the Bitcoin transactions in the first two years of its existence: January of 2009 to February of 2011. Their key discovery is that, in those first two years, "most Bitcoin was mined by only sixty-four agents [] collectively accounting for B2,676,800 (PV: $84 billion)." They are referring to the process of minting new coins by solving computer challenges. That number -- 64 people in total -- "is 1000-fold smaller than prior estimates of the size of the early Bitcoin community (75,000)," they observe. Those 64 people include some notable figures that have already become legends, such as Ross Ulbricht, known by the handle Dread Pirate Roberts. Ulbricht is the founder of Silk Road, a black-market operation that used Bitcoin for illicit means -- until it was shut down by the FBI.

For Blackburn and team, the point was to study the effects of people participating in game-theoretic situations as anonymous parties. Surprisingly, they found early insiders like Ulbricht could have exploited the relative paucity of participants by undermining Bitcoin to double-spend coins, but they did not. They acted "altruistically" to maintain the integrity of the system. That's intriguing, but a more pressing discovery is that addresses can be traced and identities can be revealed. To find out who was doing those early transactions, Blackburn and team had to reverse-engineer the entire premise of Bitcoin and of all crypto: anonymity.

As outlined in the original Bitcoin white paper by Satoshi Nakamoto, privacy was to be preserved by two means: anonymous public key use and creating new key pairs for every transaction [...]. Blackburn and team had to trace those key pairs to reveal early Bitcoin's transacting parties. To do so, they developed what they called a novel address-linking scheme. The scheme finds two patterns that point to users: one is the presence of recurring bits of code, and one is duplicate addresses for certain transactions. [...] The consequence of that, they write, is that it is possible to "follow the money" to expose any identity by following a chain of relatedness in a graph of addresses, starting from a known identity [...]. Further, they hypothesize that "many cryptocurrencies may be susceptible to follow-the-money attacks." Blackburn told The New York Times's Siobhan Roberts, "When you are encrypting private data and making it public, you cannot assume that it'll be private forever." As the team concludes in the report, "Drip-by-drip, information leakage erodes the once-impenetrable blocks, carving out a new landscape of socioeconomic data." The new paper, titled "Cooperation among an anonymous group, protected Bitcoin during failures of decentralization," has been posted on the researchers' server (PDF).

Several US federal agencies today revealed that Chinese-backed threat actors have targeted and compromised major telecommunications companies and network service providers to steal credentials and harvest data. BleepingComputer reports: As the NSA, CISA, and the FBI said in a joint cybersecurity advisory published on Tuesday, Chinese hacking groups have exploited publicly known vulnerabilities to breach anything from unpatched small office/home office (SOHO) routers to medium and even large enterprise networks. Once compromised, the threat actors used the devices as part of their own attack infrastructure as command-and-control servers and proxy systems they could use to breach more networks.

"Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting," the advisory explains. The attackers then stole credentials to access underlying SQL databases and used SQL commands to dump user and admin credentials from critical Remote Authentication Dial-In User Service (RADIUS) servers.

"Armed with valid accounts and credentials from the compromised RADIUS server and the router configurations, the cyber actors returned to the network and used their access and knowledge to successfully authenticate and execute router commands to surreptitiously route, capture, and exfiltrate traffic out of the network to actor-controlled infrastructure," the federal agencies added. The three federal agencies said the following common vulnerabilities and exposures (CVEs) are the network device CVEs most frequently exploited by Chinese-backed state hackers since 2020. "The PRC has been exploiting specific techniques and common vulnerabilities since 2020 to use to their advantage in cyber campaigns," the NSA added. Organizations can protect their networks by applying security patches as soon as possible, disabling unnecessary ports and protocols to shrink their attack surface, and replacing end-of-life network infrastructure that no longer receives security patches.

The agencies "also recommend networks to block lateral movement attempts and enabling robust logging and internet-exposed services to detect attack attempts as soon as possible," adds BleepingComputer.

IRA Financial Trust, a platform that lets users save for retirement in alternative assets like cryptocurrency, is suing the Gemini cryptocurrency exchange over an alleged failure to protect its customers from a heist that resulted in the theft of $36 million in crypto. The financial platform partners with Gemini, owned by the Winklevoss twins, Cameron and Tyler, to allow customers to trade and store cryptocurrency. From a report: In February, IRA was the victim of a major attack that drained the millions in funds customers had stored with Gemini. The company was reportedly swatted, the act of calling the police to report a fake crime at someone's location, when the cyberattack occurred. Police showed up at IRA's South Dakota headquarters after false reports of a robbery, while bad actors made off with millions in crypto. At the time, a source close to Gemini told CoinDesk it wasn't hacked and that it makes various security controls available to its partners. "Gemini knew about the risks attendant to crypto assets," IRA's complaint states. "In fact, it built its public image around purportedly mitigating those risks. But like so much else in the world of crypto, Gemini's image is just that: an image. In reality, Gemini brushes security aside when there is a chance to earn more revenue."

Nintendo described the sentencing of a hacker earlier this year as a "unique opportunity" to send a message to all gamers about video game piracy. Axios reports: A newly released transcript of the Feb. 10 sentencing of Gary Bowser provides rare insight, directly from Nintendo, about the company's grievances. Bowser, a Canadian national, pled guilty last year to U.S. government cybercrime charges over his role as a top member of Team Xecuter. The group sold tech that circumvented copyright protections and enabled the Nintendo Switch and other systems to play pirated games. Authorities estimated the piracy cost Nintendo upward of $65 million over nearly a decade and even compelled the company to spend resources releasing a more secure model of the Switch.

"This is a very significant moment for us," Nintendo lawyer Ajay Singh told the court at the time, as he laid out the company's case against piracy and awaited the sentencing. "It's the purchase of video games that sustains Nintendo and the Nintendo ecosystem, and it is the games that make the people smile," Singh said. "It's for that reason that we do all we can to prevent games on Nintendo systems from being stolen." He noted Nintendo's losses from Team Xecuter's piracy and sounded a note of sympathy for smaller non-Nintendo game makers whose works are also pirated. And he wove in a complaint about cheating, which he said Team Xecuter's hacks enabled. Cheating could scare off honest players and upset families: "Parents should not be forced to explain to their children why people cheat and why sometimes games are not fair, just because one person wants an unfair advantage."

At the hearing, U.S. District Judge Robert Lasnik noted that TV and movies glorify hackers as "sticking it to the man," suggesting that "big companies are reaping tremendous profits and it's good for the little guy to have this." "What do you think?" Lasnik asked Nintendo's lawyer at one point. "What else can we do to convince people that there's no glory in this hacking/piracy?" "There would be a large benefit to further education of the public," Singh replied. In brief remarks directly to Lasnik, Bowser said longer prison time wouldn't scare off hackers. "There's so much money to be made from piracy that it's insignificant," he said.

Texas Attorney General Ken Paxton said Monday he is investigating Twitter over its reporting of how many accounts on the platform are from bots and fake users, saying the company may be misrepresenting the number to inflate its value and raise its revenue. The Texas Tribune reports: Twitter has claimed in its financial regulatory filings that less than 5% of its daily active users are spam accounts. But Paxton on Monday alleged that spam accounts could make up as much as 20% of users or more. "Bot accounts can not only reduce the quality of users' experience on the platform but may also inflate the value of the company and the costs of doing business with it, thus directly harming Texas consumers and businesses," Paxton said.

False reporting of fake users could be considered "false, misleading, or deceptive" under the Texas Deceptive Trade Practices Act, he said. Paxton sent Twitter a civil investigative demand, requiring the social media company to turn over documents related to how it calculates and manages its user data.

An anonymous reader quotes a report from the Associated Press: President Joe Biden ordered emergency measures Monday to boost crucial supplies to U.S. solar manufacturers and declared a two-year tariff exemption on solar panels from Southeast Asia as he attempted to jumpstart progress toward his climate change-fighting goals. His invoking of the Defense Production Act and other executive actions comes amid complaints by industry groups that the solar sector is being slowed by supply chain problems due to a Commerce Department inquiry into possible trade violations involving Chinese products. The Commerce Department announced in March that it was scrutinizing imports of solar panels from Thailand, Vietnam, Malaysia and Cambodia, concerned that products from those countries are skirting U.S. anti-dumping rules that limit imports from China.

White House officials said Biden's actions aim to increase domestic production of solar panel parts, building installation materials, high-efficiency heat pumps and other components including cells used for clean-energy generated fuels. They called the tariff suspension affecting imports from Thailand, Vietnam, Malaysia and Cambodia a bridge measure while other efforts increase domestic solar power production -- even as the administration remains supportive of U.S. trade laws and the Commerce Department investigation. [...]

The use of executive action comes as the Biden administration's clean energy tax cuts, and other major proposals meant to encourage domestic green energy production, have stalled in Congress. The Defense Production Act lets the federal government direct manufacturing production for national defense and has become a tool used more commonly by presidents in recent years. The Trump administration used it to produce medical equipment and supplies during the early stages of the coronavirus pandemic. Biden invoked its authority in April to boost production of lithium and other minerals used to power electric vehicles.

Several readers have shared the following report: Messaging apps that offer end-to-end encryption can claim that they're protecting their users by saying that they've thrown away the key -- metaphorical and literal -- and can't undo what's been scrambled in transmission. Telegram, however, claims it protects every user whether they use E2EE or not, saying that government data requests have to pass an especially high muster before they would comply and that they have never acceded to such request. Not so, a report claims. Der Spiegel reports from sources that Telegram has fulfilled a number data requests from Germany's Federal Criminal Police Office involving terror and child abuse suspects. Still more data requests for other criminal cases have been more or less ignored. [...] The German government has been pressuring Dubai-based Telegram to cooperate with its investigations into right-wing extremist groups who have been using the messaging platform to spread their cause and coordinate action. Telegram has ramped up its own enforcement actions recently, but its user and group bans have been as comprehensive as lawmakers have been looking for.