The Washington Post reports that three of the world's most prominent live-streaming stars "received notifications of copyright infringement after broadcasting TV shows to their millions-strong fanbases on Twitch."

"The days that followed produced copious amounts of Twitch's most common byproduct, online drama, but also focused attention on the murky and legally complicated question of what constitutes fair use of copyright materials such as TV shows and movies...." In 2007 Viacom sued YouTube for copyright infringement. Though the court ultimately ruled in favor of YouTube, the suit paved the way for the "Content ID" system, which automatically identifies copyright content and aggressively polices the platform. While software that can scan Twitch already exists, Twitch has yet to create its own automated system, and it does not appear to be in the process of doing so, according to industry figures with knowledge of Twitch's operations who weren't authorized to speak publicly.

Such an outcome becomes more likely, however, if advertisers start withdrawing from the platform for fear of being associated with risky content, something that's already beginning to happen on Twitch according to Devin Nash, chief marketing officer of content creator-focused talent agency Novo...

The "react content" trend often hinges on broadcasting copyright material, like popular movies or TV shows, a practice which skirts the outer edges of platform rules. Earlier this month, Viacom and the History Channel/A&E (which is owned by Hearst and Disney) issued copyright claims — also known as Digital Millennium Copyright Act (DMCA) takedown requests — to specific streamers.... The DMCA-centric discourse left streamers and viewers on Twitch with ample drama but no clear answer as to whether one of the platform's go-to trends merely faces a few bumps in the road or an asteroid-sized extinction event. "Nothing could happen, or everything could happen," Cassell added. "And it rests on the decisions of a handful of media rights holders...."

Some streamers, such as Piker and Felix "xQc" Lengyel, both of whom started reacting to clips from sites like YouTube long before the current react meta began, argue reaction content should be permitted since Twitch is essentially built on copyright infringement. Streaming a video game is technically a DMCA-able offense. The video game industry, however, has decided to allow the practice because the free publicity and resulting sales tend to outweigh any potential downsides. But television is a different beast, with its economics rooted in broadcast rights rather than individual unit sales....

This awkward and unceasing dance around the topic has been fueled in part by the fact that Twitch is incentivized to maintain its ignorance of copyright infractions taking place on their platform.... But the silence has added stress to streamers whose livelihoods could be impacted by decisions around the current DMCA practices....
The Post also spoke to game/esports/entertainment lawyer David Philip Graham, who believes copyright law itself is due for an overhaul. "Much of our current copyright regime isn't really about authors' rights or promoting the progress of science and useful arts, but about big businesses looking for easier routes to profitability," Graham said.

He proposes shortening copyright term lengths — and also expanding permissions for derivative works.

America's National Labor Relations Board is an independent agency of the federal government that enforces U.S. labor law.

And its prosecutors "plan to formally accuse Amazon.com of illegally firing an activist who was trying to unionize its New York warehouses," as well as other violations of the law, reports Bloomberg — unless Amazon settles the case first.

New York Focus reports that the fired worker had commuted from a homeless shelter to Amazon's fulfillment center on New York's Staten Island — a facility where Amazon has held mandatory anti-union meetings. But it's not the only place there's been tension between Amazon and union organizers: In March, an NLRB investigation into the firing of Queens Amazon warehouse worker and labor leader Jonathan Bailey found that the company illegally interrogated and threatened him. NBC News reported that eight other workers also said "they had been fired, disciplined or retaliated against for protected activity." A month later, the NLRB found that Amazon had illegally retaliated against Emily Cunningham and Maren Costa, who was fired in 2020 for their workplace activism while employed at Amazon's headquarters in Seattle
The Amazon Labor Union (founded by current and former Amazon employees) "has filed a petition to hold an election at four of the e-commerce giant's facilities in Staten Island," Bloomberg reported Friday. And an official for the group told Bloomberg it could galvanize support for a union if they could get the fired worker reinstated. "It would be monumental for him to go back to the same building that he was terminated from and speak his truth and let workers know that it's OK to speak out." Amazon has been grappling with an unprecedented wave of activism and organizing in North America, including walkouts over safety concerns in Staten Island and elsewhere, as well as unionization drives in Alabama, Canada and New York.... In December, Amazon reached a settlement with the labor board requiring the company to inform workers nationwide of their legal rights and to let employees organize on its property during their time off.

An anonymous reader quotes a report from Ars Technica: Dozens of legitimate WordPress add-ons downloaded from their original sources have been found backdoored through a supply chain attack, researchers said. The backdoor has been found on "quite a few" sites running the open source content management system. The backdoor gave the attackers full administrative control of websites that used at least 93 WordPress plugins and themes downloaded from AccessPress Themes. The backdoor was discovered by security researchers from JetPack, the maker of security software owned by Automatic, provider of the WordPress.com hosting service and a major contributor to the development of WordPress. In all, Jetpack found that 40 AccessPress themes and 53 plugins were affected.

In a post published Thursday, Jetpack researcher Harald Eilertsen said timestamps and other evidence suggested the backdoors were introduced intentionally in a coordinated action after the themes and plugins were released. The affected software was available by download directly from the AccessPress Themes site. The same themes and plugins mirrored on WordPress.org, the official developer site for the WordPress project, remained clean. "Users who used software obtained directly from the AccessPress website unknowingly provided attackers with backdoor access, resulting in an unknown number of compromised websites," Ben Martin, a researcher with Web security firm Sucuri, wrote in a separate analysis of the backdoor.

The Jetpack post said evidence indicates that the supply chain attack on AccessPress Themes was performed in September. Martin, however, said evidence suggests the backdoor itself is much older than that. Some of the infected websites had spam payloads dating back nearly three years. He said his best guess is that the people behind the backdoor were selling access to infected sites to people pushing web spam and malware. He wrote, "[...] it seems that the malware that we've found associated with this backdoor is more of the same: spam, and redirects to malware and scam sites." The Jetpack post provides full names and versions of the infected AccessPress software. Anyone running a WordPress site with this company's offerings should carefully inspect their systems to ensure they're not running a backdoored instance. Site owners may also want to consider installing a website firewall, many of which would have prevented the backdoor from working.

On Wednesday, Google announced that it is getting rid of the G Suite legacy free edition, "which allowed those that snuck in before 2012 to get free Google apps services tied to a custom domain rather than Gmail," reports Android Police. Since a lot of people will be left "in the lurch" after the shutdown, attorneys at Chimicles Schwartz Kriner & Donaldson-Smith are opening an investigating into the matter for a potential class-action lawsuit. From the report: No lawsuit has been filed yet; the attorneys involved are just collecting information for a potential lawsuit in the future once all the facts are straight (and Google has had time to reconsider its actions). When we covered the original news of the legacy G Suite shutdown, it seemed unreasonable to us, because customers using those legacy accounts are unable to transfer purchases or things like grandfathered subscription discounts to new accounts. When we asked if moving purchases between accounts might be possible, a Google representative confirmed it wasn't. [...]

That means years of purchases tied to Google Play -- potentially hundreds to thousands of dollars of assets like movie and music purchases for a given customer, across thousands of affected customers -- could be tied to broken accounts because of the transition. Google explicitly confirmed to us that was the case, though customers could elect to keep using their broken suspended account alongside a working one. In essence, everyone that migrated to one of these accounts while they were still offered (from 2006 at least until 2012, so far as I can tell) will have to pay extra money to keep their existing purchases tied to a fully working account, and we think that's pretty ridiculous.

Alphabet's Google asked a federal judge on Friday to dismiss the majority of an antitrust lawsuit filed by Texas and other states that accused the search giant of abusing its dominance of the online advertising market. Reuters reports: Google said in its court filing that the states failed to show that it illegally worked with Facebook, now Meta, to counter "header bidding," a technology that publishers developed to make more money from advertising placed on their websites. Facebook is not a defendant in the lawsuit. The states had also alleged that Google used at least three programs to manipulate ad auctions to coerce advertisers and publishers into using Google's tools. Google responded that the states had a "collection of grievances" but no proof of wrongdoing. On some allegations, Google argued the states waited too long to file its lawsuit.

"They criticize Google for not designing its products to better suit its rivals' needs and for making improvements to those products that leave its competitors too far behind. They see the 'solution' to Google's success as holding Google back," the company said in its filing. Google asked for four of the six counts to be dismissed with prejudice, which means that it could not be brought back to the same court.

Texas Attorney General Ken Paxton said they would press on with the fight. "The company whose motto was once 'Don't Be Evil' now asks the world to examine their egregious monopoly abuses and see no evil, hear no evil, and speak no evil," he said in a statement. The Texas lawsuit had two other claims based on state law and made against Google which were stayed in September. The search giant did not ask for them to be dismissed on Friday but may in the future.

A New Jersey court has ruled in favor of Merck in a lawsuit the pharmaceutical company filed against its insurer, Ace American, which declined to cover the losses caused by the NotPetya ransomware attack. From a report: The NotPetya incident, which took place in June 2017 and impacted thousands of companies all over the world, destroyed data on more than 40,000 Merck computers and took the company months to recover. Merck estimated the damage at $1.4 billion, a loss caused by production outage, costs to hire IT experts, and costs of buying new equipment to replace all affected systems. At the time, the company had a $1.75 billion "all-risk" insurance policy, which included coverage for software-related data loss events. However, Ace American refused to cover the losses, citing that the NotPetya attack was part of Russian hostilities against Ukraine and, as a result, was subject to the standard "Acts of War" exclusion clause that is present in most insurance contracts. Merck sued Ace American in November 2019 and argued in court that the attack was not "an official state action," hence the Acts of War clause should not apply.

schwit1 writes: The mandatory smartphone app that athletes will use to report health and travel data when they are in China for the Olympics next month has serious encryption flaws, according to a new report, raising security questions about the systems that Beijing plans to use to track Covid-19 outbreaks.

Portions of the app that will transmit coronavirus test results, travel information and other personal data failed to verify the signature used in encrypted transfers, or didn't encrypt the data at all, according to the report by Citizen Lab, a University of Toronto cybersecurity watchdog. The group also found that the app includes a series of political terms marked for censorship in its code, though it does not appear to actively use the list to filter communications.

And Olympic Athletes will be punished if they engage In Wrong Speak.

An anonymous reader quotes a report from The Verge: Epic Games has filed its opening brief to the Ninth Circuit Court of Appeals, seeking to overturn the previous ruling that Apple's control over the iOS App Store does not qualify as a monopoly. The company first gave notice of it appeal in September, but Thursday's filing is the first time it has laid out its argument at length. "Epic proved at trial that Apple retrains trade...by contractually requiring developers to exclusively use Apple's App Store to distribute apps and Apple's IAP for payments for digital content within apps," the filing reads. "If not overturned, [the district court] decision would upend established principles of antitrust law and...undermine sound antitrust policy."

Epic's first legal challenge to Apple's App Store restrictions came to a finish in September, when a district court ordered Apple to roll back some restrictions on in-app payments, but otherwise cleared the company of antitrust charges. A separate appeal from Apple has been filed to reverse the new in-app payment rules.

In her ruling, Judge Gonzales Rogers was particularly ambiguous on the question of whether Apple held monopoly power over the mobile gaming market. "The evidence does suggest that Apple is near the precipice of substantial market power, or monopoly power, with its considerable market share," she wrote in the decision. "Apple is only saved by the fact that its share is not higher, that competitors from related submarkets are making inroads into the mobile gaming submarket, and, perhaps, because [Epic] did not focus on this topic." In the appeals brief, Epic seems determined to revisit that question, and draw a clearer link between the iPhone's success as a mobile gaming platform and a potential monopoly case against Apple. "The district court's factual findings make clear," the filing alleges, "that Apple's conduct is precisely what the antitrust laws prohibit." In response to the filing, Apple issued the following statement: "In its ruling last year, the district court confirmed that Apple is not a monopolist in any relevant market and that its agreements with app developers are legal under antitrust laws. We are confident that the rulings challenged by Epic will be affirmed on appeal."

The Federal Reserve on Thursday released its long-awaited study of a digital dollar, exploring the pros and cons of the much-debated issue and soliciting public comment. CNBC reports: Billed as "the first step in a public discussion between the Federal Reserve and stakeholders about central bank digital currencies," the 40-page paper (PDF) shies away from any conclusions about a central bank digital currency, or CBDC. The report originally was expected in the summer of 2021 but had been delayed. Instead, it provides an exhaustive look at benefits such as speeding up the electronic payments system at a time when financial transactions around the world already are highly digitized. Some of the downside issues the report discusses are financial stability risks and privacy protection while guarding against fraud and other illegal issues.

"A CBDC could fundamentally change the structure of the U.S. financial system, altering the roles and responsibilities of the private sector and the central bank," the report says. One primary difference between the Fed's dollar and other digital transactions is that current digital money is a liability of commercial banks, whereas the CBDC would be a Fed liability. Among other things, that would mean the Fed wouldn't pay interest on money stored with it, though because it is riskless some depositors may prefer to keep their money with the central bank.

The paper lists a checklist of 22 different items for which it is soliciting public feedback. There will be a 120-day comment period. Fed officials say the report is the first step in an extensive process but there is no timetable on when it will be wrapped up. The paper released Thursday notes that the Fed's "initial analysis suggests that a potential U.S. CBDC, if one were created, would best serve the needs of the United States by being privacy-protected, intermediated, widely transferable, and identity-verified." However, the report also states that it "is not intended to advance a specific policy outcome and takes no position on the ultimate desirability of" the digital dollar. The report notes that the speed of the project is not a top priority. Instead, the authors of the report are focused on getting it right. "The introduction of a CBDC would represent a highly significant innovation in American money," the report says. "Accordingly, broad consultation with the general public and key stakeholders is essential. This paper is the first step in such a conversation."

The Fed also said that it will not proceed without a clear mandate from Congress, preferably in the form of "a specific authorizing law."

The FAA has announced that an "estimated 78 percent of the U.S. commercial fleet" have been cleared to land at airports with 5G C-band, even under low-visibility conditions. The Verge reports: The agency's statement comes after a week of controversy surrounding the rollout of AT&T and Verizon's upgraded cellular tech, which saw US airlines warning of "catastrophic disruption" to travel and shipping and some international airlines announcing they'd halt flights to some US airports. At issue are concerns that some radio altimeters won't properly ignore signals from the new 5G transmitters. While there are precautions that should keep this from happening, including creating buffer zones around airports, an incorrect altimeter reading could cause real problems during a low-visibility landing.

Given the high stakes, the FAA has said that only planes with altimeters that it has tested and cleared will be allowed to land in sub-optimal conditions at airports where the new 5G tech has rolled out. [...] On January 16th, the agency announced that it had cleared two altimeters, which it bumped up to five on Wednesday. It said the cleared altimeters were installed in "some" versions of planes like the Boeing 737, 747, and 777. The FAA changed that language on Thursday, saying that the 13 cleared altimeters should cover "all" Boeing 717, 737, 747, 757, 767, 777, 787, MD-10/-11, and Airbus A300, A310, A319, A320, A330, A340, A350, and A380 models. It also notes that "some" Embraer 170 and 190 regional jets are covered.

The FAA is still predicting that some altimeters won't pass the test and will be "too susceptible to 5G interference." Planes equipped with those models won't be allowed to land at airports with the new 5G tech in low-visibility conditions -- which could prevent airlines from scheduling any flights using those planes to airports of concern, given the unpredictability of weather and the disruption such a diversion would cause.

An anonymous reader quotes a report from The Guardian: An initial CIA investigation into the mysterious set of symptoms known as Havana syndrome has found that it is unlikely to be the result of a worldwide campaign of attacks by a foreign power against US diplomats and spies. However, two dozen cases, including some of those originally afflicted in Havana in 2016, could not be explained and would be further studied for evidence of a possible attack, according to a senior CIA official who briefed the US press.

"While we have reached some significant interim findings, we are not done," the CIA director, Williams Burns, said in a statement. "We will continue the mission to investigate these incidents and provide access to world-class care for those who need it." Since the original outbreak of the symptoms, which include hearing strange sounds, dizziness, loss of balance, nausea and memory loss, more than 1,000 cases have been studied around the world. The interim findings of a CIA investigation have found that the majority of cases could probably be attributed to a pre-existing medical condition, or environmental factors, or stress, the senior official said. The defense department and an independent panel of experts are conducting their own investigations which have yet to publish reports. A Havana syndrome victims support group said in a statement: "The decision to release the report now and with this particular set of 'findings' seems a breach of faith, and an undermining of the intent of Congress and the president to stand with us and reach a government-wide consensus as to what is behind this," a Havana syndrome victims group said in a statement.

"This report was neither cleared nor coordinated through the interagency and must stand as the assessment of one agency [CIA] alone."

A cyberattack targeting a contractor working for the International Committee of the Red Cross has spilled confidential data on more than 515,000 "highly vulnerable" people, many of whom have been separated from their families due to conflict, migration and disaster. From a report: The Red Cross did not name the contractor, based in Switzerland, which it uses to store data nor say what led to the security incident, but said that the data comes from at least 60 Red Cross and Red Crescent national societies. In a statement, the international organization pleaded with the attackers not to publicly share or leak the information given the sensitivity of the data.

The Red Cross has disclosed that it was the victim of a cyber attack and has asked the hackers who broke into the IT network of one of its contractors not to leak the personal information of more than 515,000 of "highly vulnerable people." The Record reports: The data was stolen from a Red Cross program called Restoring Family Links, which aims to reunite family members separated by conflict, disaster, or migration. "While we don't know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them," said Robert Mardini, director-general for the International Committee of the Red Cross. "Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world's least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data," Mardini said.

"The people affected include missing people and their families, unaccompanied or separated children, detainees and other people receiving services from the Red Cross and Red Crescent Movement as a result of armed conflict, natural disasters or migration," the organization said in an email.

OpenSubtitles, one of the largest repositories of subtitle files on the internet, has been hacked. TorrentFreak reports: Founded in 2006, the site was reportedly hacked in August 2021 with the attacker obtaining the personal data of nearly seven million subscribers including email and IP addresses, usernames and passwords. The site alerted users yesterday after the hacker leaked the database online.

"In August 2021 we received message on Telegram from a hacker, who showed us proof that he could gain access to the user table of opensubtitles.org, and downloaded a SQL dump from it. He asked for a BTC ransom to not disclose this to public and promise to delete the data," the post reads. "We hardly agreed, because it was not low amount of money. He explained us how he could gain access, and helped us fix the error. On the technical side, he was able to hack the low security password of a SuperAdmin, and gained access to an unsecured script, which was available only for SuperAdmins. This script allowed him to perform SQL injections and extract the data."

Indeed, searches on data breach site Have I Been Pwned reveals that the database is now in the wild, containing all of the data mentioned by OpenSubtitles and more. [...] OpenSubtitles describes the hack as a "hard lesson" and admits failings in its security. The platform has spent time and money securing the site and is requiring members to reset their passwords. However, for those who have had their data breached, it may already be too late to prevent damage. The hacker has already had access to data for several months and now the breach is in the wild, problems could certainly escalate.

New submitter HillNKnowlton22 writes: U.S. federal agencies have been using a 35-year-old American surveillance law to secretly track WhatsApp users with no explanation as to why and without knowing whom they are targeting. In Ohio, a just-unsealed government surveillance application reveals that in November 2021, DEA investigators demanded the Facebook-owned messaging company track seven users based in China and Macau. The application reveals the DEA didn't know the identities of any of the targets, but told WhatsApp to monitor the IP addresses and numbers with which the targeted users were communicating, as well as when and how they were using the app. Such surveillance is done using a technology known as a pen register and under the 1986 Pen Register Act, and doesn't seek any message content, which WhatsApp couldn't provide anyway, as it is end-to-end encrypted.

As Forbes previously reported, over at least the last two years, law enforcement in the U.S. has repeatedly ordered WhatsApp and other tech companies to install these pen registers without showing any probable cause. As in those previous cases, the government order to trace Chinese users came with the statement that the Justice Department only needed to provide three "elements" to justify tracking of WhatsApp users. They include: the identity of the attorney or the law enforcement officer making the application; the identity of the agency making the application; and a certification from the applicant that "the information likely to be obtained is relevant to an ongoing criminal investigation being conducted by that agency." "Other than the three elements described above, federal law does not require that an application for an order authorizing the installation and use of a pen register and a trap and trace device specify any facts," the government wrote in the latest application.

The European Union is interested in building its own recursive DNS service that will be made available to EU institutions and the general public for free. From a report: The proposed service, named DNS4EU, is currently in a project planning phase, and the EU is looking for partners to help build a sprawling infrastructure to serve all its current 27 member states. EU officials said they started looking into an EU-based centrally-managed DNS service after observing consolidation in the DNS market around a small handful of non-EU operators. "The deployment of DNS4EU aims to address such consolidation of DNS resolution in the hands of few companies, which renders the resolution process itself vulnerable in case of significant events affecting one major provider," officials said in the DNS4EU infrastructure project revealed last week. But EU officials said that other factors also played a role in their decision to build DNS4EU, including cybersecurity and data privacy.

If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year. From a report: The agency says that by the summer of 2022, the only way to log in to irs.gov will be through ID.me, an online identity verification service that requires applicants to submit copies of bills and identity documents, as well as a live video feed of their faces via a mobile device. McLean, Va.-based ID.me was originally launched in 2010 with the goal of helping e-commerce sites validate the identities of customers who might be eligible for discounts at various retail establishments, such as veterans, teachers, students, nurses and first responders.

These days, ID.me is perhaps better known as the online identity verification service that many states now use to help staunch the loss of billions of dollars in unemployment insurance and pandemic assistance stolen each year by identity thieves. The privately-held company says it has approximately 64 million users, and gains roughly 145,000 new users each day. Some 27 states already use ID.me to screen for identity thieves applying for benefits in someone else's name, and now the IRS is about to join them. The service requires applicants to supply a great deal more information than typically requested for online verification schemes, such as scans of their driver's license or other government-issued ID, copies of utility or insurance bills, and details about their mobile phone service.

Sweden's Ericsson has filed another set of patent infringement lawsuits against Apple in the latest salvo between the two companies over royalty payment for use of 5G wireless patents in iPhones. From a report: Both companies have already sued each other in the United States as negotiations failed over the renewal of a seven-year licensing contract for telecoms patents first struck in 2015. Ericsson sued first in October, claiming that Apple was trying to improperly cut down the royalty rates. The iPhone maker then filed a lawsuit in December accusing the Swedish company of using "strong-arm tactics" to renew patents. "Ericsson has refused to negotiate fair terms for renewing our patent licensing agreement, and instead has been suing Apple around the world to extort excessive royalties ... we are asking the court to help determine a fair price," an Apple spokesman said on Tuesday. Patent lawsuits are quite common among technology companies because every dollar saved could amount to significant amounts over the duration of the agreement, with companies such as Ericsson charging $2.50 to $5 for every 5G handset.

New submitter sperm shares a report from the BBC: The Beijing Winter Olympics app that all Games attendees must use contains security weaknesses that leave users exposed to data breaches, analysts say. The My2022 app will be used by athletes, audience members and media for daily Covid monitoring. The app will also offer voice chats, file transfers and Olympic news.

But cybersecurity group Citizen Lab says the app fails to provide encryption on many of its files. China has dismissed the concerns. Questions about the app come amid a rise in warnings about visitors' tech security ahead of the Games, which begin on 4 February. People attending the Beijing Olympics should bring burner phones and create email accounts for their time in China, cyber security firm Internet 2.0 said on Tuesday. Several countries have also reportedly told athletes to leave their main devices at home. The report also says that it's found a "censorship keywords" list built into the app, and a feature that allows people to flag other "politically sensitive" expressions.

An anonymous reader quotes a report from The Guardian: The Israeli police allegedly conducted warrantless phone intercepts of Israeli citizens, including politicians and activists, using the NSO group's controversial Pegasus spyware, according to an investigation by the Israeli business media site Calcalist. Among those described as having been targets in the report were local mayors, leaders of political protests against the former prime minister Benjamin Netanyahu, and former government employees.

According to the report, the surveillance was done without the court supervision required for Israeli citizens and without monitoring of how the data was used, a claim denied explicitly by the Israeli police service and a government minister. A separate report in the Israeli daily Haaretz, based on an invoice seen by the paper, suggested the Israeli police was invoiced by NSO group for 2.7m shekels ($862,000) in 2013, apparently for a basic version of the program. While numerous reports have emerged over the misuse of Pegasus, which is designed and sold by Israel's NSO group to foreign governments, the latest claims mark a major departure in suggesting that Israelis were also targeted for interception.

The Guardian understands from sources familiar with NSO's licensing that while that means foreign third-party clients to whom it has sold its software cannot target US and Israeli phone numbers from abroad, an Israeli law enforcement client that purchased the spyware -- for instance the police service -- would be able to target Israeli phones. While the report does not mention its sources, it claims that the order to use the spyware was given by senior officers and carried out by police electronic interception specialists. The claim is highly significant because for the first time it counters assurances given to Israelis that they could not be targeted by Pegasus and would appear to question the understanding that Israelis are protected from warrantless intrusion. The Jerusalem Post adds: "[This] astounding report, if true, would blow gaping holes through a number of NSO, police and potentially state prosecution narratives about the proper balance between collecting evidence and respecting citizens' privacy rights and court protections from unlawful searches and seizures."