The flood of lobbying dollars spent by tech companies has increased with market concentration, according to a new study that cites similar patterns in the pharmaceutical and oil industries. Bloomberg: The report suggests that entrenched firms face less competition and don't have to invest as much in innovation, giving them more resources to spend influencing the democratic process. Reed Showalter, an attorney with the anti-monopolist group American Economic Liberties Project who wrote the study, said policy makers and antitrust enforcers should look beyond the impact that mergers have on consumers and consider how market concentration affects the democratic process. "We need to more closely scrutinize various elements of competition policy that have allowed industries to become more concentrated over the last 30 to 40 years," Showalter said in a phone interview Tuesday. "Allowing unchecked concentration is the cause for a lot of the democratic harms that we're also seeing people complain about as big money enters politics. There's no coincidence there."

California has expanded its anti-discrimination lawsuit against Activision Blizzard, adding temporary workers to the female full-time employees of whom it is suing on behalf. The state's Department of Fair Employment & Housing also alleges the game maker has interfered with its investigation. Axios reports: The amended complaint was filed Monday and redefines the "group" it says was wronged by the gaming giant. A copy reviewed by Axios specifically mentions that California's protections against anti-harassment, equal pay and other equal employment opportunity protections "exist for employees and contingent or temporary workers." Throughout the lawsuit, the word "employees" has been changed to "workers" in reference to harassment, sex discrimination regarding pay and other allegations.

The DFEH also says Activision Blizzard has stymied its efforts through NDAs, requiring employees to speak with the company ahead of contacting the DFEH, and its involvement with WilmerHale, a law firm the game maker said will investigate misconduct issues. The suit claims that this "directly interferes" with DFEH's ability to "investigate, prosecute, and remedy workplace discrimination and harassment violations on behalf of employees and contingent or temporary workers." It alleges, in part, that "documents related to investigations and complaints were shredded by human resource personnel" in violation of what it asserts is the game company's legal obligation to retain them pending the investigation. A spokesperson for Activision Blizzard said that the company has "complied with every proper request in support of its review even as we had been implementing reforms to ensure our workplaces are welcoming and safe for every employee."

"With regards to claims that we have destroyed information by shredding documents, those claims are not true. We took appropriate steps to preserve information relevant to the DFEH investigation," the spokesperson added. "We have provided the DFEH with clear evidence that we do not have gender pay or promotion disparities. Our senior leadership is increasingly diverse, with a growing number of women in key leadership roles across the company."

California sued the video game studio last month over allegations of gender discrimination, sexual harassment and potential violations of the state's equal pay law.

An anonymous reader quotes a report from Bloomberg: Google employees have no legal right to protest the company's choice of clients, the internet giant told a judge weighing the U.S. government's allegations that its firings of activists violated the National Labor Relations Act. "Even if Google had, for the sake of argument, terminated the employees for their protest activities -- for protesting their choice of customers -- this would not violate the Act," Google's attorney Al Latham said in his opening statement Tuesday at a labor board trial. National Labor Relations Board prosecutors have accused the Alphabet Inc. unit of violating federal law by illegally firing five employees for their activism. Three of those workers' claims had originally been dismissed under President Donald Trump, because agency prosecutors concluded that their opposition to the company collaborating with immigration enforcement wasn't legally protected, according to their lawyer. But that decision was reversed after President Joe Biden fired and replaced the labor board's general counsel.

Google has been roiled over the past four years by a wave of activism by employees challenging management over issues including treatment of sub-contracted staff, handling of sexual harassment, and a contract with the U.S. Customs and Border Protection agency, which some of the fired workers accessed internal information about and circulated a petition against. Google has denied wrongdoing, saying in a Monday statement that it encourages "open discussion and debate" but terminated staff in response to violations of its data security policies. "Google terminated these employees not because of their protest as such, but because in the pursuit of their protest, they accessed highly confidential information that they had no right to access," its attorney told the judge Tuesday.

Federal labor law prohibits retaliating against employees for collective action related to their working conditions, but the exact scope of that protection has been debated for decades. Biden's appointees have signaled they interpret the scope of what that covers much more broadly than their Trump-era predecessors. Latham said he isn't aware of any case in the labor board's eight decades of existence in which it has held "an employer's choice of customer" to be an issue workers have a right to protest. "What we have here is a protest that does not seek to improve employees' terms and conditions of employment," but rather "a purely political protest that sought to use Google's government contracts, or potential government contracts, as leverage," he said.

The US Patent and Trademark Office has granted a patent to Apple for a dual-display MacBook with a virtual keyboard replacing the traditional keyboard and with the ability to wirelessly charge an iPhone. 9to5Mac reports: As reported by Patently Apple, this patent was submitted three years ago, and only now has Apple won it. With this patent, the company could take a radical path and get rid of a physical keyboard. The interesting thing about this application is that while rumors suggest that Apple will remove the only touchable interface on the MacBook Pro, the Touch Bar, this patent imagines a MacBook with no physical keyboard at all. Patently Apple says this virtual keyboard could be rearranged, swapping the position of the virtual keyboard and trackpad. With a virtual keyboard, Apple could bring gestures from iOS and iPadOS as well, such as pinch, zoom, slide to select, and more. In the patent, Apple says this MacBook includes biometric sensors, which we could interpret as Face ID, fingerprint sensors (aka Touch ID), and a wireless charger, which would be in the left down corner of the notebook.

Disney has filed a motion to have Scarlett Johansson's lawsuit against the company moved to private arbitration, the latest in the ongoing saga of her complaint against the company over Black Widow's streaming release. The Verge reports: Disney's lawyers filed the motion Friday in Los Angeles Superior Court on the grounds that Periwinkle Entertainment, which negotiated her deal, agreed that any claims related to her role in the Marvel film would be handled in confidential arbitration. But the motion also took several swipes at Johansson's complaint that argued Marvel, compelled by its parent company Disney, breached an agreement when Black Widow debuted on Disney Plus through Premier Access the same day that it premiered in theaters. The Hollywood Reporter earlier reported the motion. Johansson's complaint argued that the film's hybrid release cut into her potential earnings, as a simultaneous streaming release hampered the film's box office permanence and therefore impacted her bonuses. At issue is whether the film should have debuted as a theatrical exclusive. But according to Disney's motion, Periwinkle's contract with Marvel "does not mandate theatrical distribution -- let alone require that any such distribution be exclusive."

Furthermore, the motion states, the contract stated that any theatrical obligations would be met with showings on "no less than 1,500 screens." The motion stated the film in fact debuted on more than 9,600 scenes in the US and 30,000-plus screens worldwide. Additionally, Disney's lawyers also took issue with Johansson's claim that she'd lost earnings under the hybrid release model -- though it's still unclear what specifically was promised. Furthermore, the motion states, the contract stated that any theatrical obligations would be met with showings on "no less than 1,500 screens." The motion stated the film in fact debuted on more than 9,600 scenes in the US and 30,000-plus screens worldwide. Additionally, Disney's lawyers also took issue with Johansson's claim that she'd lost earnings under the hybrid release model -- though it's still unclear what specifically was promised.

Disney also provided updated figures on Black Window's performance, showing that it's continued to bring in big figures at both the box office and through early access rentals. As of August 15th, Black Widow has raked in more than $367 million in box office receipts worldwide and more than $125 million in streaming and download receipts, the motion stated, offering seldom-shared figures about the success of a hybrid release in both theaters as well as on a streaming service itself. Accounting for the $55 million the film pulled in on Premier Access and the $80 million in domestic box office receipts during its opening weekend, Black Widow's numbers surpassed the opening weekend figures of other Marvel films released pre-pandemic, the company argued, including Ant-Man and the Wasp and Guardians of the Galaxy. Disney's lawyers revealed in the motion that it served Periwinkle a demand for private arbitration on August 10th, a little over a week after Johansson's initial complaint was filed. The motion stated Periwinkle had yet to respond. Disney also reiterated its previous position that the complaint had "no merit." In a statement cited by The Hollywood Reporter, Johansson's attorney John Berlinski said that Disney "knows that Marvel's promises to give Black Widow a typical theatrical release "like its other films' had everything to do with guaranteeing that Disney wouldn't cannibalize box office receipts in order to boost Disney+ subscriptions. Yet that is exactly what happened -- and we look forward to presenting the overwhelming evidence that proves it."

According to 9to5Mac, Apple has confirmed that it's already been scanning iCloud Mail for Child Sexual Abuse Material (CSAM), and has been doing so since 2019. It has not, however, been scanning iCloud Photos or iCloud backups, which sent the internet into a frenzy when it announced its intents to begin doing so. From the report: The clarification followed me querying a rather odd statement by the company's anti-fraud chief [Eric Friedman]: that Apple was "the greatest platform for distributing child porn." That immediately raised the question: If the company wasn't scanning iCloud photos, how could it know this? [...] Apple confirmed to me that it has been scanning outgoing and incoming iCloud Mail for CSAM attachments since 2019. Email is not encrypted, so scanning attachments as mail passes through Apple servers would be a trivial task. Apple also indicated that it was doing some limited scanning of other data, but would not tell me what that was, except to suggest that it was on a tiny scale. It did tell me that the "other data" does not include iCloud backups.

Although Friedman's statement sounds definitive -- like it's based on hard data -- it's now looking likely that it wasn't. It's our understanding that the total number of reports Apple makes to CSAM each year is measured in the hundreds, meaning that email scanning would not provide any kind of evidence of a large-scale problem on Apple servers. The explanation probably lays in the fact that other cloud services were scanning photos for CSAM, and Apple wasn't. If other services were disabling accounts for uploading CSAM, and iCloud Photos wasn't (because the company wasn't scanning there), then the logical inference would be that more CSAM exists on Apple's platform than anywhere else. Friedman was probably doing nothing more than reaching that conclusion.

More than a thousand web apps mistakenly exposed 38 million records on the open internet, including data from a number of Covid-19 contact tracing platforms, vaccination sign-ups, job application portals, and employee databases. The data included a range of sensitive information, from people's phone numbers and home addresses to social security numbers and Covid-19 vaccination status. From a report: The incident affected major companies and organizations, including American Airlines, Ford, the transportation and logistics company J.B. Hunt, the Maryland Department of Health, the New York City Municipal Transportation Authority, and New York City public schools. And while the data exposures have since been addressed, they show how one bad configuration setting in a popular platform can have far-reaching consequences.

The exposed data was all stored in Microsoft's Power Apps portal service, a development platform that makes it easy to create web or mobile apps for external use. If you need to spin up a vaccine appointment sign-up site quickly during, say, a pandemic, Power Apps portals can generate both the public-facing site and the data management backend. Beginning in May, researchers from the security firm Upguard began investigating a large number of Power Apps portals that publicly exposed data that should have been private -- including in some Power Apps that Microsoft made for its own purposes. None of the data is known to have been compromised, but the finding is significant still, as it reveals an oversight in the design of Power Apps portals that has since been fixed. In addition to managing internal databases and offering a foundation to develop apps, the Power Apps platform also provides ready-made application programming interfaces to interact with that data. But the Upguard researchers realized that when enabling these APIs, the platform defaulted to making the corresponding data publicly accessible. Enabling privacy settings was a manual process. As a result, many customers misconfigured their apps by leaving the insecure default.

An excerpt from Slate's interview with law professor Michael Heller, who has co-written a book called 'Mine!: How the Hidden Rules of Ownership Control Our Lives': Heller: Just to give you a concrete example, there's a guy named James Beach who was flying from Boston to Denver, and he had actually a little plastic clamp called a Knee Defender, which you can buy online. It's really very effective. You stick it on the seat in front of you, on the little tray table, and it keeps the seat in front of you from leaning back. On this particular flight, the woman in front of him tried to lean back. She couldn't; she realized what was wrong. She asked him to take them off. He didn't comply. She turned around and threw her water at him. The pilot did an emergency landing right away. They were taken off the flight. The plane went on to Denver an hour and 38 minutes late.

But those little Knee Defenders turn out to reveal a tremendous amount about the ownership conflicts that are all through our lives. The woman in front is saying, "That space behind my seat, it's mine, because the little button reclines the seat." And the guy behind, like the kids in the playground, he's saying, "No, it was mine. I had it first, for my laptop," or "I possessed it first with my knees." So that wedge of space is an ownership battle, it turns out, between attachment and possession and first-in-time.

When I talk to audiences about that conflict, I always poll them, and it's amazing to me that invariably half say the person in front is in the right, and half say the person in back is in the right. What's most amazing is how each side is just amazed that anybody else could have a different view. It feels and looks and seems so obvious, what's mine, the same way it is to toddlers on a playground. But that little conflict on the airplane seat is not just an accident, it turns out. It's deliberately engineered by the airlines so they can sell that same space twice. Most of us are just polite; we try to work it out, and that's true in all of the ownership conflicts we go through throughout our day, throughout our lives, in the Starbucks line, to line up at Disney World.

Anywhere that we're trying to make something mine, our experience is being engineered and designed by some owner to shape our behavior. And on the airplane seat, the design is to get us to fight with each other instead of being mad at the airlines, to not realize that they're selling that same space twice. And what they're using is one of the most advanced tools of ownership design that Jim and I have uncovered in doing this work, which is what we call strategic ambiguity. Ownership is ambiguous a lot more often than people realize. And that ambiguity is really valuable, in this case to the airlines.

Law professor and legal commentator Jonathan H. Adler shares an update about a nonprofit group advocating for accountable government: The Cause of Action Institute sought to obtain the internet browsing histories of several government officials, including the Secretary of Agriculture and Director of the Office of Management and Budget, under the Freedom of Information Act (FOIA). A district court rejected their claim, concluding that browsing histories are not agency records under FOIA. Yesterday a panel of the U.S. Court of Appeals for the D.C. Circuit agreed.

In Cause of Action Institute v. OMB, Judge Rao (joined by Judges Srinivasan and Sentelle) agreed with the district court that federal agencies do not exercise the requisite degree of control over internet browsing histories for the histories to constitute agency records subject to FOIA disclosure. As Judge Rao explained, the "agencies' retention and access policies for browsing histories, along with the fact they did not use any of the officials' browsing histories for any reason, lead to the conclusion that these documents are not agency records."

In a 2015 video, PCMag's lead mobile analyst Sascha Segan showed off "One of the coolest phones at this year's CES."

He's now written an article titled "How I Got Suckered by an (Alleged) $10M Phone Scam. The biggest mobile-phone mystery of the 2010s is finally coming to an ignominious end, as yesterday the U.S. attorney for Utah charged Chad Sayers, founder of entirely notional mobile phone firm Saygus, with conducting a $10 million fraud scheme. Saygus "had" a series of "phones" from 2009-2016 that existed as prototypes that the company took on trade shows and to press tours. There was never any real evidence of production runs. The U.S. Attorney now claims Sayers and associated took $10 million in investor money and lived on it without ever really planning to release a product. (I learned this via David Ruddock....)

The phone kept just...not happening. Sayers' genius was that he produced just enough prototypes to show off and kept them in a constant state of pre-sale... "DEFENDANT failed to disclose that device certification with Verizon expired in 2013 and was never renewed," the Department of Justice notes. A new version of the phone then popped up again in 2015, this one supposedly covered in Kevlar with 320GB of storage. Sayers flogged that prototype until early 2016, at which point he said it was coming "next month."

The Department of Justice says: "Between April 7, 2015 and January 10, 2017, DEFENDANT made at least 26 public statements on Twitter that its phone would be shipping 'this month,' 'this week,' or was otherwise launching, when in fact, it has never launched...."

Sayers kept going on press tours and buying expensive trade-show booths with prototypes of phones that would never hit the market, drumming up enough gullible mainstream press coverage (myself included) to presumably attract a continual stream of investors with his claim of being the next big thing.

"ShotSpotter" is an AI-powered tool that claims it can detect the sound of gunshots. To install it can cost up to $95,000 per square mile — every year — reports the Associated Press.

There's just one problem. "The algorithm that analyzes sounds to distinguish gunshots from other noises has never been peer reviewed by outside academics or experts." "The concern about ShotSpotter being used as direct evidence is that there are simply no studies out there to establish the validity or the reliability of the technology. Nothing," said Tania Brief, a staff attorney at The Innocence Project, a nonprofit that seeks to reverse wrongful convictions.

A 2011 study commissioned by the company found that dumpsters, trucks, motorcycles, helicopters, fireworks, construction, trash pickup and church bells have all triggered false positive alerts, mistaking these sounds for gunshots. ShotSpotter CEO Ralph Clark said the company is constantly improving its audio classifications, but the system still logs a small percentage of false positives. In the past, these false alerts — and lack of alerts — have prompted cities from Charlotte, North Carolina, to San Antonio, Texas, to end their ShotSpotter contracts, the AP found.
And the potential for problems isn't just hypothetical. Just ask 65-year-old Michael Williams: Williams was jailed last August, accused of killing a young man from the neighborhood who asked him for a ride during a night of unrest over police brutality in May... "I kept trying to figure out, how can they get away with using the technology like that against me?" said Williams, speaking publicly for the first time about his ordeal. "That's not fair." Williams sat behind bars for nearly a year before a judge dismissed the case against him last month at the request of prosecutors, who said they had insufficient evidence.

Williams' experience highlights the real-world impacts of society's growing reliance on algorithms to help make consequential decisions about many aspects of public life... ShotSpotter evidence has increasingly been admitted in court cases around the country, now totaling some 200. ShotSpotter's website says it's "a leader in precision policing technology solutions" that helps stop gun violence by using "sensors, algorithms and artificial intelligence" to classify 14 million sounds in its proprietary database as gunshots or something else. But an Associated Press investigation, based on a review of thousands of internal documents, emails, presentations and confidential contracts, along with interviews with dozens of public defenders in communities where ShotSpotter has been deployed, has identified a number of serious flaws in using ShotSpotter as evidentiary support for prosecutors. AP's investigation found the system can miss live gunfire right under its microphones, or misclassify the sounds of fireworks or cars backfiring as gunshots.

Forensic reports prepared by ShotSpotter's employees have been used in court to improperly claim that a defendant shot at police, or provide questionable counts of the number of shots allegedly fired by defendants. Judges in a number of cases have thrown out the evidence... The company's methods for identifying gunshots aren't always guided solely by the technology. ShotSpotter employees can, and often do, change the source of sounds picked up by its sensors after listening to audio recordings, introducing the possibility of human bias into the gunshot detection algorithm. Employees can and do modify the location or number of shots fired at the request of police, according to court records. And in the past, city dispatchers or police themselves could also make some of these changes.
Three more eye-popping details from the AP's 4,000-word exposé

• "One study published in April in the peer-reviewed Journal of Urban Health examined ShotSpotter in 68 large, metropolitan counties from 1999 to 2016, the largest review to date. It found that the technology didn't reduce gun violence or increase community safety..."

• "Forensic tools such as DNA and ballistics evidence used by prosecutors have had their methodologies examined in painstaking detail for decades, but ShotSpotter claims its software is proprietary, and won't release its algorithm..."

• "In 2018, it acquired a predictive policing company called HunchLab, which integrates its AI models with ShotSpotter's gunshot detection data to purportedly predict crime before it happens."

"Hackers have drained Japanese cryptocurrency exchange Liquid of $97 million worth of Ethereum and other digital coins," reports Forbes: The company, in a tweet posted late Thursday, announced the compromise and said it is moving assets that were not affected into more secure "cold wallet" storage. The company has also suspended deposits and withdrawals... Liquid did not put a dollar figure on the amount, but blockchain analytics company Elliptic said its analysis estimates the losses at about $97 million...

Of that, $45 million were in Ethereum tokens, which are being converted into Ether, preventing the hacker from having those assets frozen. Other cryptos taken in the heist include Bitcoin, XRP, and stablecoins.

Slashdot reader phalse phace tipped us off to a breaking story. Reuters reports: A California judge on Friday ruled that a 2020 ballot measure that exempted ride-share and food delivery drivers from a state labor law is unconstitutional as it infringed on the legislature's power to set standards at the workplace...which makes the entire ballot measure "unenforceable", Alameda County Superior Court Judge Frank Roesch wrote in the ruling.

Gig economy companies including Uber, Lyft, Doordash and Instacart were pushing to keep drivers' independent contractor status, albeit with additional benefits.

For the first time, Google has published the number of geofence warrants it's historically received from U.S. authorities, providing a rare glimpse into how frequently these controversial warrants are issued. ZDNet's Zack Whittaker reports: The figures, published Thursday, reveal that Google has received thousands of geofence warrants each quarter since 2018, and at times accounted for about one-quarter of all U.S. warrants that Google receives. The data shows that the vast majority of geofence warrants are obtained by local and state authorities, with federal law enforcement accounting for just 4% of all geofence warrants served on the technology giant. According to the data, Google received 982 geofence warrants in 2018, 8,396 in 2019 and 11,554 in 2020. But the figures only provide a small glimpse into the volume of warrants received and did not break down how often it pushes back on overly broad requests.

Geofence warrants are also known as "reverse-location" warrants, since they seek to identify people of interest who were in the near vicinity at the time a crime was committed. Police do this by asking a court to order Google, which stores vast amounts of location data to drive its advertising business, to turn over details of who was in a geographic area, such as a radius of a few hundred feet at a certain point in time, to help identify potential suspects. Google has long shied away from providing these figures, in part because geofence warrants are largely thought to be unique to Google. Law enforcement has long known that Google stores vast troves of location data on its users in a database called Sensorvault, first revealed by The New York Times in 2019. Google spokesperson Alex Krasov said in a statement: "We vigorously protect the privacy of our users while supporting the important work of law enforcement. We developed a process specifically for these requests that is designed to honor our legal obligations while narrowing the scope of data disclosed."

An explanation for Apple's controversial decision to begin scanning iPhones for CSAM has been found in a 2020 statement by Apple's anti-fraud chief. Eric Friedman stated, in so many words, that "we are the greatest platform for distributing child porn." The revelation does, however, raise the question: How could Apple have known this if it wasn't scanning iCloud accounts...? 9to5Mac reports: The iMessage thread was spotted by the Verge as it works its way through the internal emails, messages, and other materials handed over by Apple as part of the discovery process in the Epic Games lawsuit. Ironically, Friedman actually suggests that Facebook does a better job of detecting it than Apple did: "The spotlight at Facebook etc. is all on trust and safety (fake accounts, etc). In privacy, they suck. Our priorities are the inverse. Which is why we are the greatest platform for distributing child porn, etc."

A fellow exec queries this, asking whether it can really be true: "Really? I mean, is there a lot of this in our ecosystem? I thought there were even more opportunities for bad actors on other file sharing systems." Friedman responds with the single word, "Yes." The document is unsurprisingly labeled "Highly confidential -- attorneys' eyes only."

The stunning revelation may well be explained by the fact that iCloud photo storage is on by default, even if it's just the paltry 5GB the company gives everyone as standard. This means the service may be the most-used cloud service for photos -- in contrast to competing ones where users have to opt in. Apple has said that it has been looking at the CSAM problem for some time, and was trying to figure out a privacy-protecting way to detect it. It may well be this specific conversation that led the company to prioritize these efforts.

An anonymous reader quotes a report from Restore Privacy: A well-known threat actor with a long list of previous breaches is selling private data that was allegedly collected from 70 million AT&T customers. We analyzed the data and found it to include social security numbers, date of birth, and other private information. The hacker is asking $1 million for the entire database (direct sell) and has provided RestorePrivacy with exclusive information for this report. The threat actor goes by the name of ShinyHunters and was also behind other previous exploits that affected Microsoft, Tokopedia, Pixlr, Mashable, Minted, and more. The hacker posted the leak on an underground hacking forum earlier today, along with a sample of the data that we analyzed. AT&T has initially denied the breach in a statement to RestorePrivacy. The hacker has responded by saying, "they will keep denying until I leak everything." "Based on our investigation yesterday, the information that appeared in an internet chat room does not appear to have come from our systems," AT&T said in a statement. When pressed harder and asked specifically if there was no AT&T breach, the company said: "Based on our investigation, no, we don't believe this was a breach of AT&T systems."

"Given this information did not come from us, we can't speculate on where it came from or whether it is valid," they added. The hacker says they're willing to reach "an agreement" with AT&T to remove the data from sale.

The possible breach of AT&T follows a T-Mobile hack from earlier this week, which impacts 40 million records of former and prospective customers.

China has passed a personal data protection law, state media Xinhua reports. TechCrunch: The law, called the Personal Information Protection Law (PIPL), is set to take effect on November 1. It was proposed last year -- signalling an intent by China's communist leaders to crack down on unscrupulous data collection in the commercial sphere by putting legal restrictions on user data collection. The new law requires app makers to offer users options over how their information is or isn't used, such as the ability not to be targeted for marketing purposes or to have marketing based on personal characteristics, according to Xinhua.

It also places requirements on data processors to obtain consent from individuals in order to be able to process sensitive types of data such as biometrics, medical and health data, financial information and location data. While apps that illegally process user data risk having their service suspended or terminated. Any Western companies doing business in China which involves processing citizens' personal data must grapple with the law's extraterritorial jurisdiction -- meaning foreign companies will face regulatory requirements such as the need to assign local representatives and report to supervisory agencies in China.

A fugitive who Justice Department officials say had scammed more than 20 people out of hundreds of thousands of dollars was sentenced to four years in prison on Friday, after being on the run for almost 15 years. From a report: Austrian authorities were able to identify Randy Levine, 54, of Boca Raton, Florida, due to a facial recognition system according to the DOJ, after he tried to use an alias to open a bank account, leading to his arrest in June 2020. Levine fled the US in 2005, after authorities seized his passport as part of an investigation into an alleged scam he had been running, the DOJ said in a release. According to Levine's plea agreement, which he signed in May, he would offer to set up gambling accounts for people if they sent him money. To help sell the idea that he really could help people make bets, Levine reportedly played a recording of casino sounds while he was on calls with victims (which he made using a Las Vegas phone number). Levine came under investigation by the FBI, but was able to get a replacement for the passport that law enforcement officials seized, by claiming the passport had simply been lost. He eventually ended up in Poland, where he was arrested in 2008. There was, however, a legal battle over whether he could be extradited to the US, which continued until late 2011. By the time Polish courts had decided that he could be extradited, Levine had already slipped away.

TikTok's plans to collect biometric identifiers from its users has prompted concern among U.S. lawmakers, who are demanding the company reveal exactly what information it collects and what it plans to do with that data. From a report: In a letter sent earlier this month addressed to TikTok CEO Shou Zi Chew, Sens. Amy Klobuchar (D-MN) and John Thune, (R-SD) say they are "alarmed" by the recent change to TikTok's privacy policy, which allows the company to "automatically collect biometric data, including certain physical and behavioral characteristics from video content posted by its users."

TechCrunch first reported details of the new privacy policy back in June, when TikTok said it will seek "required permissions" to collect "faceprints and voiceprints" where required by law, but failed to elaborate on whether it's considering federal law, states laws, or both (only a handful of U.S. states have biometric privacy laws, including Illinois, Washington, California, Texas and New York). Klobuchar and Thune's letter asks TikTok to explicitly explain what constitutes a "faceprint" and "voiceprint," as well as to explain how this data will be used and how long it will be retained. The senators also quizzed TikTok on whether any data is gathered for users under the age of 18; whether it makes any inferences about its users based on the biometric data it collects; and to provide a list of all third parties that have access to the data.

More than 90 policy and rights groups around the world published an open letter on Thursday urging Apple to abandon plans for scanning children's messages for nudity and the phones of adults for images of child sex abuse. From a report: "Though these capabilities are intended to protect children and to reduce the spread of child sexual abuse material, we are concerned that they will be used to censor protected speech, threaten the privacy and security of people around the world, and have disastrous consequences for many children," the groups wrote in the letter, which was first reported by Reuters. The largest campaign to date over an encryption issue at a single company was organized by the U.S.-based nonprofit Center for Democracy & Technology (CDT). Some overseas signatories in particular are worried about the impact of the changes in nations with different legal systems, including some already hosting heated fights over encryption and privacy.