Thousands of people — included hundreds of men — were accused of witchcraft in Scotland, the Guardian reports, "from allegations of cursing the king's ships, to shape-shifting into animals and birds, or dancing with the devil."

Many were executed. Now, three centuries after the Witchcraft Act was repealed, campaigners are on course to win pardons and official apologies for the estimated 3,837 people — 84% of whom were women — tried as witches, of which two-thirds were executed and burned...

[W]ell-known cases include Lilias Adie, from Torryburn, Fife, who was accused of casting a spell to cause a neighbour's hangover; while Issobell Young, executed at Edinburgh Castle in 1629, was said by a stable boy to have shape-shifted into an owl and accused of having a coven....

The [pro-pardon advocacy site] Witches of Scotland notes that signs associated with witchcraft — broomsticks, cauldrons, black cats and black pointed hats — were also associated with "alewives", the name for women who brewed weak beer to combat poor water quality. The broomstick sign was to let people know beer was on sale, the cauldron to brew it, the cat to keep mice down, and the hat to distinguish them at market. Women were ousted from brewing and replaced by men once it became a profitable industry.
Wikipedia has a page with a list of people executed for witchcraft. Citing modern scholars, it places the total number of people executed for witchcraft in Europe and America between 40,000 and 50,000.

But the Guardian also notes a recent statement from the head of the pro-pardon advocacy group Witches of Scotland. "Per capita, during the period between the 16th and 18th century, we [Scotland] executed five times as many people as elsewhere in Europe, the vast majority of them women."

What could have been a damaging breach in one of Sega's servers appears to have been closed, according to a report by security firm VPN Overview. Engadget reports: The misconfigured Amazon Web Services S3 bucket contained sensitive information which allowed researchers to arbitrarily upload files to a huge swath of Sega-owned domains, as well credentials to abuse a 250,000-user email list. The domains impacted included the official landing pages for major franchises, including Sonic the Hedgehog, Bayonetta and Total War, as well as the Sega.com site itself. VPNO was able to run executable scripts on these sites which, as you can imagine, would have been quite bad if this breach had been discovered by malicious actors instead of researchers.

An improperly stored Mailchimp API key gave VPNO access to the aforementioned email list. The emails themselves were available in plaintext alongside associated IP addresses, and passwords that the researchers were able to un-hash. According to the report, "a malicious user could have distributed ransomware very effectively using SEGA's compromised email and cloud services." So far there's no indication that bad actors made use of this vulnerability before VPNO discovered and helped Sega to fix it.

Privacy groups sounded alarms about the coin-sized location-tracking devices when they were introduced. Now people are concerned those fears are being realized. From a report: On a Sunday night in September, Ashley Estrada was at a friend's home in Los Angeles when she received a strange notification on her iPhone: "AirTag Detected Near You." An AirTag is a 1.26-inch disc with location-tracking capabilities that Apple started selling earlier this year as a way "to keep track of your stuff." Ms. Estrada, 24, didn't own one, nor did the friends she was with. The notification on her phone said the AirTag had first been spotted with her four hours earlier. A map of the AirTag's history showed the zigzag path Ms. Estrada had driven across the city while running errands. "I felt so violated," she said. "I just felt like, who's tracking me? What was their intent with me? It was scary."

Ms. Estrada is not alone in her experience. In recent months, people have posted on TikTok, Reddit and Twitter about finding AirTags on their cars and in their belongings. There is growing concern that the devices may be abetting a new form of stalking, which privacy groups predicted could happen when Apple introduced the devices in April. The New York Times spoke with seven women who believe they were tracked with AirTags, including a 17-year-old whose mother surreptitiously placed one on her car to stay apprised of her whereabouts. Some authorities have began to take a closer look at the threat posed by AirTags. The West Seneca Police Department in New York recently warned its community of the tracking potential of the devices after an AirTag was found on a car bumper. Apple complied with a subpoena for information about the AirTag in the case, which may lead to charges, West Seneca police said. And in Canada, a local police department said that it had investigated five incidents of thieves placing AirTags on "high-end vehicles so they can later locate and steal them." Researchers now believe AirTags, which are equipped with Bluetooth technology, could be revealing a more widespread problem of tech-enabled tracking.

Gov. Mike Parson this week expressed his opinion the Cole County prosecuting attorney would bring charges in the case of a Post-Dispatch reporter who alerted the state to a significant data vulnerability. From a report: "I don't think that'll be the case," Parson said when asked what he would do if the prosecutor didn't pursue the case. "That's up to the prosecutor; that's his job to do." Parson referenced a state statute on computer tampering, which says a person commits the offense if they "knowingly and without authorization or without reasonable grounds to believe that he has such authorization" modifies or destroys data, discloses or takes data, or accesses a computer network and intentionally examines personal information. "If somebody picks your lock on your house -- for whatever reason, it's not a good lock, it's a cheap lock or whatever problem you might have -- they do not have the right to go into your house and take anything that belongs to you," Parson said.

President Joe Biden has signed into law the National Defense Authorization Act of 2022 which codifies an approach to cybersecurity that depends on the decisions of private-sector entities to protect the bulk of the nation's critical infrastructure. From a report: The NDAA has become the go-to legislative vehicle for efforts to manage the federal government at large, and to regulate the private sector on cybersecurity issues. On the government side, the law requires the Cybersecurity and Infrastructure Security Agency to biennially update an incident response plan and to consult with sector-specific agencies and the private sector in establishing an exercise program to assess its effectiveness. It seeks to "ensure that the National Guard can provide cyber support services to critical infrastructure entities -- including local governments and businesses," according to Sen. Maggie Hassan, D-N.H. It also establishes a grant program at the Homeland Security Department to foster collaboration on cybersecurity technologies between public and private-sector entities in the U.S. and Israel.

Lawmakers also highlighted the inclusion of provisions codifying existing public-private partnerships at CISA which aim to offer continuous monitoring of industrial control systems -- an effort known as the CyberSentry program -- and to develop 'know your customer' guidelines for companies like cloud and other service providers comprising the "internet ecosystem." Such companies are described as the plank bearers of CISA's Joint Cyber Defense Collaborative. But provisions all rely on the voluntary participation by industry, which owns and operates the vast majority of the nation's critical infrastructure. Despite bipartisan calls after massive breaches at SolarWinds, Microsoft Exchange, Colonial Pipeline and other hacks, the NDAA made it through the House without mandatory incident reporting requirements for the private sector.

"T-Mobile had another data breach," writes Slashdot reader motang. "This comes after the massive breach that affected millions of users this past summer." According to Android Police, a small number of accounts had their data viewed by an unknown individual -- including names, addresses, phone numbers, plan rates, and number of lines -- or fell victim to an unauthorized SIM swap, with a third subset of users facing both. From the report: For its part, the company has contacted individuals who were targeted in this breach, alerting them to specify what was or wasn't viewed and highlighting that this hacker stole no payment or password data to its knowledge. However, T-Mobile has yet to report any specifics about how many customers were directly affected. [...] It seems possible that this is another example of poor security practices, though we'll have to wait until T-Mobile delivers more information. The T-Mo Report was first to report the data breach.

An anonymous reader quotes a report from Bloomberg Law: Alphabet CEO Sundar Pichai must face questioning in a California federal court lawsuit over privacy concerns surrounding Google's "incognito" web browsing mode. Lawyers for the consumers who sued want to ask Pichai about user misconceptions of their privacy online while using Google's Chrome browser. Pichai is subject to up to two hours of testimony under an order issued Monday in the U.S. District Court for the Northern District of California.

The lawsuit, filed in June 2020, alleges that Google tracks users even when they're browsing in incognito mode. Google disputes the claims, arguing that its privacy disclosures make clear that the private browsing mode doesn't make user activities "invisible" online. In an earlier order, Judge Lucy Koh also allowed consumers to question Google's chief marketing officer, Lorraine Twohill, about incognito's branding as private. Google has tried to toss the claims from consumers, but so far Koh has let them proceed. The company also argued against questioning Pichai, saying lower-level employees responsible for Chrome and the incognito mode are better suited to answering inquiries about private browsing.

An anonymous reader quotes a report from TorrentFreak: A GitHub user who goes by the name "Widevinedump" has published several repositories that allow people to download HD video from popular streaming platforms, including Disney+, Amazon, and Netflix. The code appears to be the real deal but the 'free' use is fairly limited and may not be very secure either. [...] TorrentFreak spoke to a source who confirmed that these scrips are indeed the real deal. That said, they appear to be relatively old pieces of code that may not be the most secure. Using these tools could get someone banned by a streaming platform, or perhaps worse.

There is another major issue that raises suspicion. Most of the download tools don't come with the Content Decryption Module (CDM) that's included to download 4K content. To gain access to that, people are required to buy it from the leaker, who writes that people can contact them via email. That said, there is also a free L1 Content Decryption Module posted in the 'LenovoTB-X505X-L1-KEY' repository. A trusted source confirmed to TorrentFreak that this CDM is indeed working. However, as Widevinedump also notes, it may not be active for much longer.

While these leaks are a major blow to the streaming platforms, which do all they can to keep their content secure, the developer has another agenda. In addition to selling CDMs, the code was apparently leaked to "punish" some people on Discord, who we assume shared it privately. "Hi! My name is WVDUMP. I am Leaking the CDM to burn it & punish few idiots that think themselves as dicord lords [sic]," the developer writes. Needless to say, using these tools can lead to all sorts of trouble and is clearly in violation of the DMCA's anti-circumvention provisions. As such, we doubt they will stay on GitHub for much longer.

In a scenario that's part "Robocop" and part "Minority Report," researchers in China have created an AI that can reportedly identify crimes and file charges against criminals. Futurism reports: The AI was developed and tested by the Shanghai Pudong People's Procratorate, the country's largest district public prosecution office, South China Morning Post reports. It can file a charge with more than 97 percent accuracy based on a description of a suspected criminal case. "The system can replace prosecutors in the decision-making process to a certain extent," the researchers said in a paper published in Management Review seen by SCMP.

The team built the machine off of an existing AI tool ominously called System 206. Prosecutors in China were already using the system to help assess evidence and determine whether or not a suspected criminal was dangerous to the public at large. However, it was fairly limited as it could not "participate in the decision-making process of filing charges and [suggesting] sentences," the team said in the paper. That would require the AI to be able to identify and remove irrelevant information in a case, and process human language in its neural network. The new AI developed in Shanghai is able to assess case files in such a manner. In fact, the machine can identify and charge criminals with the district's eight most common crimes: credit card fraud, gambling, reckless driving, intentional assault, obstructing an officer, theft, fraud, and even political dissent.

An anonymous reader shares a report: In an effort to restrict access to pirated ROMs illegally made available for its Switch console, Nintendo has obtained a UK High Court injunction against six internet service providers. Targeted against ROM portals with NSW2U and NSWROM branding, the two-year blocking order requires BT, Virgin, Sky, TalkTalk and others to block the sites after they failed to respond to infringement complaints.

Japan will compensate companies to keep secret patents with potential military applications under proposed legislation, the Nikkei reported on Sunday, without citing sources. Reuters: The patents under review in the proposed economic security legislation will include technology that can help develop nuclear weapons, such as uranium enrichment and cutting-edge innovations like quantum technology, the financial daily said.

If you haven't used your Ubisoft account in a while, there's a chance the game publisher might nuke your account for being inactive -- that's the reality one gamer said he discovered after stepping away from PC gaming for more than a year. From a report: "In 2020, I sold my PC because I was gaming way too much and it went a bit over the healthy way of doing it. I made a choice to work and attend school," a Norwegian gamer named Tor, who wished to be identified only by his first name, told PCWorld. He sold off his Core i7 and GeForce GTX 1080 Ti machine, and began relying on his phone as his only piece of technology.

But by the summer of 2021, Tor decided to get back into gaming, so he purchased a new gaming PC, only to discover he was unable to log into his Ubisoft account. Tor told PCWorld he was able to reset the password, but eventually learned the account had been closed, taking several hundred dollars of purchased games with it. All Ubisoft titles from Tom Clancy's Rainbow Six Siege series to Assassins' Creed and more were gone. But none of the other services he uses had been cut off. Only Ubisoft disappeared, he said. Ubi officials, however, flatly insist whatever happened in Tor's case isn't normal and that it has never deleted any account that hasn't been logged into in less than four years. The company also says any account that has a purchased game tied to it, would also not be up for closure at all. Despite what the company says though, Tor insists his account and games are gone. "Ubisoft told me they can't recover it. It's deleted, permanently locked," he said.

"The privacy-focused search engine DuckDuckGo continues to grow rapidly, with the company now averaging over 100 million daily search queries and growing by almost 47% in 2021..." reports BleepingComputer: In 2020, DuckDuckGo received 23.6 billion total search queries and achieved a daily average of 79 million search queries by the end of December.

In 2021, DuckDuckGo received 34.6 billion total search queries so far and currently has an average of 100 million search queries per day, showing a 46.4% growth for the year.

While DuckDuckGo's growth is considerable, it still only has 2.53% of the total market share, with Yahoo at 3.3%, Bing at 6.43%, and Google holding a dominant share of 87.33% of search engine traffic in the USA. However, as people continue to become frustrated with how their data is being used by tech giants like Google, Facebook, Microsoft, and Apple, we will likely see more people switch to privacy-focused search engines.
This year DuckDuckGo also released their own email forwarding service, and announced work on the DuckDuckGo Privacy Browser for Desktop — which will be built from scratch and not be based on Chromium.

Politico reports: When Ford announced that starting in 2023 its cars and trucks would come with Google Maps, Assistant and Play Store preinstalled, CEO Jim Farley called the partnership between his iconic U.S. automaker and the search giant a chance to "reinvent" the automobile — making it an office-on-wheels, with more connectivity than any phone or laptop. "We were spending hundreds and hundreds and hundreds of millions every year, keeping up with basically a generic experience that was not competitive to your cellphone," Farley crowed on CNBC, announcing the six-year deal with the tech giant.... But many tech-industry watchdogs looked at the Ford-Google car of the future with different eyes. They fear that tech companies will soon be doing to cars what they did to phones: Tying their exclusive operating systems to specific products to force out competitors and dominate a huge swath of the global economy.

Indeed, the smartphone wars are over, and Google and Apple won. Now they — and Amazon — are battling to control how you operate within your car. All three see autos as the next great opportunity to reach American consumers, who spend more time in the driver's seat than anywhere outside their home or workplace. And automakers, after years of floundering to incorporate cutting-edge technologies into cars on their own, are increasingly eager for Silicon Valley's help — hoping to adopt both its tech and its lucrative business models where consumers pay monthly for ongoing services instead of shelling out for a product just once. Now, having missed the boat as the tech giants cornered the market on smartphones, some policymakers and regulators believe the battle over connected cars represents a chance to block potential monopolies before they form.

State attorneys general who sued Google in 2020 for monopolizing online search highlighted concerns about the company's move into autonomous cars in their federal antitrust complaint. Meanwhile, in Europe, the EU's competition authority has opened a probe into Google's contracts related to connected cars... While Silicon Valley and automakers are thrilled about the future of connected and autonomous cars, regulators and privacy advocates are less so. "These companies have an amount of data on us that they shouldn't have, and they have a history of not using it in responsible ways," said Katharine Trendacosta of the digital civil liberties group Electronic Frontier Foundation. "They have a history of going back on promises they have made about that data."

She cited Google's pledge during the DoubleClick acquisition in 2008 — which it later reneged on — not to combine data from its consumer products with that from its advertising services.
The article quotes Tennessee Attorney General Herbert Slatery III, who last December complained that "When smartphones took off, Google made sure they controlled search on Apple's iPhone. They are doing the same thing on voice and connected cars. It's a similar playbook." And an executive at an automotive supplier that competes with Google tells Politico that Google is already "corralling everything through their system and controls what information is released downstream."

And Jim Heffner, a vice president at Cox Automotive Mobility, adds that "The ride is no longer the point. Data is the cornerstone. ... Apple and Google and others want to be at the epicenter of that."

Slashdot reader dcblogs writes: Criminal background checks that incorrectly identify an applicant as a thief or sex offender happen more often than many expect. This story reviewed more than 75 lawsuits against background checks firms, spoke with plaintiff attorneys and industry experts to paint a picture of an industry that can ruin lives in minutes. Job applicants are labeled thieves and sex offenders by incorrect reports, and job candidates may protest, but it may not do them any good. Employers may drop them as damaged goods before the correction.
From the article: Some of the errors detailed in lawsuits against background check firms are inexplicable and show a lack of basic attention to detail. Common mistakes include mismatched names and addresses. One background check lawsuit alleged that the first name of Ashley was misidentified as Alysha. In another case, two people with the same first and last name were mixed up despite their distinct middle names: Magdalena and Elena... In another lawsuit, an applicant with a middle name of Scot (one T) was confused with someone whose middle name was Scott (two T's). A background check firm told one job applicant that his Social Security number was in the government's "Death Master File...."
"The candidate may protest. But by then, HR has likely dropped the candidate in an effort to fill an open position," the article points out, offering one example where a corrected background check then arrived, but several weeks later. (The man's lawyer believes it's common for employers to then still refuse to consider an applicaton, simply because "first impressions are everything.")

The article adds that the U.S. Consumer Financial Protection Bureau is now "threatening enforcement actions in concert with the U.S. Federal Trade Commission and Department of Justice." They've already issued an advisory in November calling out "shoddy name matching procedures" used to link people with criminal and other records, and warned that "Even ostensibly low error rates can harm significant numbers of consumers" — especially since more than 90% of U.S. employers use background check data in their hiring processes.

A Forbes associate editor covering privacy, cybercrime, and security/surveillance reports on a recently-revealed search warrant.

Instead of investigating a photo, it asked Google to provide information on a suspect who allegedly owned graphic illegal cartoons involving children: That kind of content is potentially illegal to own under U.S. law and can be detected by Google's anti-child sexual material (CSAM) systems, a fact not previously discussed in the public domain, the warrant reveals.... Google also uses machine learning tools to look at files and analyze them for any sign they're of abused children....

As per its legal requirements, Google handed information on what it found, as well as the IP addresses used to access the images, to the National Center for Missing and Exploited Children (NCMEC), which then passed on the findings to the DHS Homeland Security Investigations unit. Investigators used the IP addresses provided by Google to identify the suspect as the alleged owner of the cartoons, and searched his Google account, receiving back information on emails to and from the defendant. It appears the suspect may actually be a known artist. As no charges have been filed, Forbes isn't publishing his name, but the man identified in the warrant had won several small Midwest art competitions, and one artwork from the 1990s had been mentioned in a major West Coast newspaper...

Google, meanwhile, has in recent years released transparency reports showing how many times it reports issues to NCMEC. The figures reveal a disturbing trend. In the first six months of 2021, it found more than 3.4 million pieces of potentially illegal content in 410,000 separate reports. That was up from 2.9 million in 365,000 reports in the last six months of 2020, and well over double that from January to June 2020, when 1.5 million pieces of CSAM material were discovered and reported to NCMEC in 180,000 reports...

As Google doesn't end-to-end encrypt its communications tools like Gmail or its file storage tech like Drive, it's still possible for the tech company to scan for illegal content. And as it has no plans to introduce those features, law enforcement can still rely on Google to warn NCMEC when abuse happens on its servers. Whether the majority of users will want Google to scan people's accounts so it can help find child abusers, or have improved privacy with end-to-end encryption instead, the Mountain View, California-based business will have to struggle with that balance in perpetuity. The same goes for any one of its rivals.

The Albanian government has confirmed and apologized this week for a data leak that exposed the personal and salary-related information for 637,138 citizens, more than 22% of the country's entire population. From a report: Details such as names, ID card numbers, salaries, job positions, and employer names were shared over the weekend on WhatsApp as an Excel document. The file included what appeared to be tax and salary information filed by companies with the Albanian government for the month of January 2021, according to local media. In a press conference today, Prime Minister Edi Rama confirmed and apologized for the breach. "According to a preliminary analysis, it looks more like an internal infiltration rather than an outside [...] cyber-attack," Rama told reporters, according to the Associated Press. The leak is now being investigated by the Tirana Prosecutor's Office, a government spokesperson said.

Through public records requests, The Markup found more than 20 public agencies using the sometimes-controversial software. From the report: In 2020, the FDA's Center for Drug Evaluation and Research (CDER) faced a daunting task: It needed to fill more than 900 job vacancies -- and fast. The center, which does things like inspect pharmaceutical manufacturing facilities, was in the process of modernizing the FDA's New Drugs Regulatory Program just as the pandemic started. It faced "a surge in work," along with new constraints that have affected everyone during the pandemic, including travel limitations and lockdowns. So they decided to turn to an artificial intelligence tool to speed up the hiring, according to records obtained by The Markup. The center, along with the Office of Management and the Division of Management Services, the background section of a statement of work said, were developing a "recruitment plan to leverage artificial intelligence (AI) to assist in the time to hire process."

The agency ultimately chose to use HireVue, an online platform that allows employers to review asynchronously recorded video interviews and have recruits play video games as part of their application process. Over the years the platform has also offered a variety of AI features to automatically score candidates. HireVue, controversially, used to offer facial analysis to predict whether an applicant would be a good fit for an open job. In recent years, research has shown that facial recognition software is racially biased. In 2019, the company's continued use of the technique led one member of its scientific advisory board to resign. It has since stopped using facial recognition. The Markup used GovSpend, a database of procurement records for U.S. agencies at the state, local, and federal levels, to identify agencies that use HireVue. We also searched for agencies using Teramind and ActivTrak, both another kind of controversial software that allows employers to remotely monitor their workers' browsing activities through screenshots and logs. The Markup contacted and filed public records requests with those 24 agencies to understand how they were using the software. Eleven public agencies, including the FDA, replied to The Markup with documents or confirmations that they had bought HireVue at some point since 2017. Of the six public agencies that replied to The Markup's questions confirming that they actually used the software, all but one -- Lake Travis Independent School District in Texas -- confirmed they did not make use of the AI scoring features of the software. Documents and responses from 13 agencies confirmed that they purchased Teramind or ActivTrak at some point during the same time frame.

A new policing system is being developed that will send autonomous drones equipped with shot-locating technology to the source of gunshots. "By analyzing the live video from its onboard camera, police officers can then gain a better sense of the situation they're heading into," reports New Atlas. From the report: Already in use in over 120 cities in the US, South Africa and the Caribbean, the American ShotSpotter system utilizes a network of microphones within a neighborhood to detect "loud, impulsive sounds." Whenever such a sound is detected, its geographical originating point can be triangulated by analyzing the millisecond differences in the times at which it was picked up by the different microphones -- the closer a mic was to the gun, the earlier it will have detected the sound of that gun firing. That said, a combination of AI software and human staff (at a control center) is used to determine if the sound is indeed gunfire.

In the existing version of the system, police are quickly dispatched to the location. If they're using ground transportation, however, it may take a while for them to get there. And even if the police department has a helicopter, performing pre-flight checks, etc will still take some time -- assuming the aircraft isn't already in the air on patrol, that is. With these potential limitations in mind, Israeli drone manufacturer Airobotics has teamed up with ShotSpotter to add autonomous drones to the mix. In the new version of the setup, police will still be dispatched, but so will the closest system-specific drone. That aircraft will be in the air within seconds, immediately flying to the source of the gunshots. By analyzing the live video from its onboard camera, police officers can then gain a better sense of the situation they're heading into.

Long-time Slashdot reader bird writes: Without admitting wrong-doing, would-be electric truck maker Nikola has agreed to a $125,000,000 settlement to settle charges that it defrauded investors with false claims about their EV vehicle technology. You may recall the video of a supposedly electric-powered truck that was later admitted to be powered not by a motor but rather by gravity? Nikola. The Seattle Times provides additional details about the settlement: Nikola violated the antifraud and disclosure control provisions of the federal securities laws, the Securities and Exchange Commission said Tuesday. In July the founder and one-time chair of Nikola, Trevor Milton, was freed on $100 million bail after pleading not guilty to charges alleging he lied about the company. The U.S. Attorney's Office in Manhattan, New York, charged Milton, 39, with two counts of securities fraud and wire fraud. He resigned as chairman in September. The SEC said in its order that Milton embarked on a public-relations campaign aimed at inflating and maintaining Nikola's stock price before the company had produced a vehicle. The SEC also found that Milton misled investors about Nikola's technological advancements, in-house production capabilities, hydrogen production, truck reservations and orders, and financial outlook. In addition, it found that Nikola misled investors by misrepresenting or omitting information about the refueling time of its prototype vehicles, as well as the economic risks and benefits associated with a potential partnership with General Motors.

Nikola, based in Phoenix, didn't admit or deny the SEC's findings. The company did agree to cease and desist from future violations and to the $125 million penalty. Nikola also agreed to continue cooperating with the SEC's ongoing investigation. The order also establishes a fund to return penalty proceeds to investors who were affected. "We are pleased to bring this chapter to a close as the company has now resolved all government investigations," Nikola said in a statement. We will continue to execute on our strategy and vision to deliver on our business plan."