An anonymous reader quotes a report from Ars Technica: The Supreme Court is taking up a case on whether Paramount violated the 1988 Video Privacy Protection Act (VPPA) by disclosing a user's viewing history to Facebook. The case, Michael Salazar v. Paramount Global, hinges on the law's definition of the word "consumer." Salazar filed a class action against Paramount in 2022, alleging that it "violated the VPPA by disclosing his personally identifiable information to Facebook without consent," Salazar's petition to the Supreme Court said. Salazar had signed up for an online newsletter through 247Sports.com, a site owned by Paramount, and had to provide his email address in the process. Salazar then used 247Sports.com to view videos while logged in to his Facebook account.

"As a result, Paramount disclosed his personally identifiable information -- including his Facebook ID and which videos he watched—to Facebook," the petition (PDF) said. "The disclosures occurred automatically because of the Facebook Pixel Paramount installed on its website. Facebook and Paramount then used this information to create and display targeted advertising, which increased their revenues." The 1988 law (PDF) defines consumer as "any renter, purchaser, or subscriber of goods or services from a video tape service provider." The phrase "video tape service provider" is defined to include providers of "prerecorded video cassette tapes or similar audio visual materials," and thus arguably applies to more than just sellers of tapes.

The legal question for the Supreme Court "is whether the phrase 'goods or services from a video tape service provider,' as used in the VPPA's definition of 'consumer,' refers to all of a video tape service provider's goods or services or only to its audiovisual goods or services," Salazar's petition said. The Supreme Court granted his petition (PDF) to hear the case in a list of orders released yesterday. [...] SCOTUSblog says that "the case will likely be scheduled for oral argument in the court's 2026-27 term," which begins in October 2026.

Amazon has agreed to pay $309 million and provide additional remedies in a class-action settlement over claims that customers were wrongly denied refunds after returning items. Plaintiffs say (PDF) the deal delivers over $1 billion in total value, including more than $600 million in refunds and operational changes. Reuters reports: Amazon denied any wrongdoing in agreeing to the settlement. "Following an internal review in 2025, we identified a small subset of returns where we issued a refund without the payment completing, or where we could not verify that the correct item had been sent back to us, so no refund had been issued," an Amazon spokesperson said, adding that the company had taken steps to resolve the issue.

The lawsuit, filed in 2023, said Amazon caused "substantial unjustified monetary losses" for consumers who in some instances properly returned an item but were still charged for it. In a court filing, Amazon said customers accepted the terms of the company's return policies, including the possibility they would be recharged for failing to return the product within a specified time frame. The proposed settlement class covers U.S. purchasers of goods on Amazon from September 2017 who allegedly did not receive timely or correct refunds, or who were later charged despite returning items. Class members are expected to recover the full amount of any incorrectly denied refund or retrocharge, plus interest, the plaintiffs told the court.

Longtime Slashdot reader schwit1 shares a report from PCMag: A lawsuit claims that WhatsApp's end-to-end encryption is a sham, and is demanding damages, but the app's parent company, Meta, calls the claims "false and absurd." The lawsuit was filed in a San Francisco US district court on Friday and comes from a group of users based in countries such as Australia, Mexico, and South Africa, according to Bloomberg.

As evidence, the lawsuit cites unnamed "courageous whistleblowers" who allege that WhatsApp and Meta employees can request to view a user's messages through a simple process, thus bypassing the app's end-to-end encryption. "A worker need only send a 'task' (i.e., request via Meta's internal system) to a Meta engineer with an explanation that they need access to WhatsApp messages for their job," the lawsuit claims. "The Meta engineering team will then grant access -- often without any scrutiny at all -- and the worker's workstation will then have a new window or widget available that can pull up any WhatsApp user's messages based on the user's User ID number, which is unique to a user but identical across all Meta products."

"Once the Meta worker has this access, they can read users' messages by opening the widget; no separate decryption step is required," the 51-page complaint adds. "The WhatsApp messages appear in widgets commingled with widgets containing messages from unencrypted sources. Messages appear almost as soon as they are communicated -- essentially, in real-time. Moreover, access is unlimited in temporal scope, with Meta workers able to access messages from the time users first activated their accounts, including those messages users believe they have deleted." The lawsuit does not provide any technical details to back up the rather sensational claims.
See also: "WhatsApp End-to-End Encryption Allegations Questioned By Some Security Experts, Lawyers."

An anonymous reader quotes a report from The Telegraph: China hacked the mobile phones of senior officials in Downing Street for several years, The Telegraph can disclose. The spying operation is understood to have compromised senior members of the government, exposing their private communications to Beijing. State-sponsored hackers are known to have targeted the phones of some of the closest aides to Boris Johnson, Liz Truss and Rishi Sunak between 2021 and 2024. It is unclear whether the hack included the mobile phones of the prime ministers themselves, but one source with knowledge of the breach said it went "right into the heart of Downing Street."

Intelligence sources in the US indicated that the Chinese espionage operation, known as Salt Typhoon, was ongoing, raising the possibility that Sir Keir Starmer and his senior staff may also have been exposed. MI5 issued an "espionage alert" to Parliament in November about the threat of spying from the Chinese state. [...] The attack raises the possibility that Chinese spies could have read text messages or listened to calls involving senior members of the Government. Even if they were unable to eavesdrop on calls, hackers may have gained access to metadata, revealing who officials were in contact with and how frequently, as well as geolocation data showing their approximate whereabouts.

Skylight, an open-source, TikTok-style video app built on the AT Protocol, surged past 380,000 users after last week's shake-up around TikTok's U.S. ownership and privacy concerns. TechCrunch reports: Launched last year and backed by Mark Cuban and other investors, Skylight's mobile app is built on the AT Protocol, the technology that also powers the decentralized X rival Bluesky, which now has north of 42 million users. Skylight, co-founded by CEO Tori White and CTO Reed Harmeyer, offers a built-in video editor; user profiles; support for likes, commenting, and sharing; and the ability for community curators to create custom feeds for others to follow. The app now has over 150,000 videos uploaded directly to the platform. It can also stream videos from Bluesky because of its AT Protocol integration.

Harmeyer said Saturday that 1.4 million videos were played on the app the day before, up 3x over the past 24 hours. The app had also seen sign-ups increase more than 150%. Other noteworthy stats include over a 50% increase in returning users, over 40% rise in video played on average, and over 100% increase in posts created. This surge was likely triggered by concerns over TikTok's change in ownership and its unfortunately timed technical glitches. [...] Over the weekend, Skylight's CEO, Tori White, said the app added around 20,000 new users and is continuing to grow. So far this January, the app has seen around 95,000 monthly active users. "We've seen what happens when one person dictates what's pushed into people's feeds," White told TechCrunch. "Not only does it harm a creator's connection with their followers, but the entire health of the platform. That's why we built Skylight Social on open standards. We wanted creator and user power to be guaranteed by the technology. Not an empty promise, but an irrevocable right."

California tech executive Gordon Abas Goodarzi has been arrested and charged with murder in the death of his estranged wife, Aryan Papoli, whose body was found last November down an embankment off Highway 138 in San Bernardino County. Authorities initially believed the injuries were consistent with a fall, but the case was later ruled a homicide following a months-long investigation by the San Bernardino County Sheriff's Department. "Arrest records show that Goodarzi is currently in custody without bail and faces a murder charge and that he is set to appear in court Monday," reports SFGATE. From the report: Goodarzi, a California tech executive with ties to BattleBots, is publicly listed as the president and CEO of Magmotor, which describes itself as a "proud" supporter of the combat robot community and claims to support several teams each year. According to his LinkedIn, Goodarzi also previously worked as a research affiliate at UCLA's B. John Garrick Institute for the Risk Sciences since 2023.

Originally from Iran, Papoli and Goodarzi settled in Los Angeles County's verdant Rolling Hills community because of its tranquility and natural beauty, Papoli previously wrote. [...] She described her husband, Goodarzi, as a pioneer in the world of renewable energy, developing both electric and hybrid vehicles since the 1980s. According to Papoli, he also worked as the technical director at Hughes Electronics, which developed and manufactured the EV1, an early iteration of the electric car, in the 1990s.

An anonymous reader quotes a report from the BBC: Google has agreed to pay $68 million to settle a lawsuit claiming it secretly listened to people's private conversations through their phones. [...] the lawsuit claimed Google Assistant would sometimes turn on by mistake -- the phone thinking someone had said its activation phrase when they had not -- and recorded conversations intended to be private. They alleged the recordings were then sent to advertisers for the purpose of creating targeted advertising. The proposed settlement was filed on Friday in a California federal court, and requires approval by US District Judge Beth Labson Freeman.

The claim has been brought as a class action lawsuit rather than an individual case -- meaning if it is approved, the money will be paid out across many different claimants. Those eligible for a payout will have owned Google devices dating back to May 2016. But lawyers for the plaintiffs may ask for up to one-third of the settlement -- amounting to about $22 million in legal fees. The tech firm also denied any wrongdoing, as well as claims that it "recorded, disclosed to third parties, or failed to delete, conversations recorded as the result of a Siri activation" without consent.

Friday 72-year-old Richard Stallman made a two-hour-and-20-minutes appearance at the Georgia Institute of Technology, talking about everything from AI and connected cars to smartphones, age verfication laws, and his favorite Linux distro. But early on, Stallman also told the audience how "I despise DRM...I don't want any copy of anything with DRM. Whatever it is, I never want it so badly that I would bow down to DRM." (So he doesn't use Spotify or Netflix...)

This led to an interesting moment when someone asked him later if we have an ethical obligation to avoid piracy.. First Stallman swapped in his preferred phrase, "forbidden sharing"...

"I won't use the word piracy to refer to sharing. Sharing is good and it should be lawful. Those laws are wrong. Copyright as it is now is an injustice."

Stallman said "I don't hesitate to share copies of anything," but added that "I don't have copies of non-free software, because I'm disgusted by it." After a pause, he added this. "Just because there is a law to to give some people unjust power, that doesn't mean breaking that law becomes wrong....

"Dividing people by forbidding them to help each other is nasty."

And later Stallman was asked how he watches movies, if he's opposed to DRM-heavy sites like Netflix, and the DRM in Blu-ray discs? "The only way I can see a movie is if I get a file — you know, like an MP4 file or MKV file. And I would get that, I suppose, by copying from somebody else."

"Sharing is good. Stopping people from sharing is evil."

Adafruit managing director Phillip Torrone (also long-time Slashdot reader ptorrone ) writes: Washington State lawmakers are proposing bills (HB 2320 and HB 2321) that would require 3D printers and CNC machines to block certain designs using software-based "firearms blueprint detection algorithms." In practice, this means scanning every print file, comparing it against a government-maintained database, and preventing "skilled users" from bypassing the system.

Supporters frame this as a response to untraceable "ghost guns," but even federal prosecutors admit the tools involved are ordinary manufacturing equipment. Critics warn the language is overbroad, technically unworkable, hostile to open source, and likely to push printing toward cloud-locked, subscription-based systems—while doing little to stop criminals.

Newsweek reports on how the U.S. Congress is debating "kill switch" technology for vehicles, "which would be able to monitor diver behavior, detect impairment such as intoxication and intervene..."

"While the technology is not yet a legal requirement in cars, Congress passed a law with the Infrastructure Investment and Jobs Act in 2021 that requires the Department of Transportation to create the mandate." Republican Representative Thomas Massie of Kentucky introduced an amendment to a federal spending bill that would reverse the mandating of the technology. On Thursday, 160 Republicans voted in favor, but the legislation failed 164-268, according to the House Clerk's official roll call — with 57 Republicans joining 211 Democrats in voting against it...

The House vote signals substantial Republican support for curbing any move toward mandated impaired-driving prevention systems, but not enough to pass such legislation. Critics of the kill switch technology see it as government overreach, while those in favor argue that it could prove to be lifesaving.
Thanks to long-time Slashdot reader SonicSpike for sharing the article.

An anonymous reader quotes a report from TorrentFreak: The High Court in New Delhi, India, has granted another pirate site blocking order in favor of American movie industry giants, including Apple, Warner., Netflix, Disney and Crunchyroll. The injunction targets notorious pirate sites, requesting blockades at Indian ISPs. More crucially, however, globally operating domain registrars, including U.S. companies, are also compelled to take action. However, despite earlier cooperation, most don't seem eager to comply. [...] As reported by Verdictum a few days ago, the High Court in New Delhi issued a new blocking injunction on December 18, targeting more than 150 pirate site domains, including yflix.to, animesuge.bz, bs.to, and many others.

The complaint (PDF) is filed by Warner Bros., Apple, Crunchyroll, Disney, and Netflix, which are all connected to the MPA's anti-piracy arm, ACE. The referenced works include some of the most pirated titles, such as Stranger Things, Squid Game, and Silo. In addition to targeting Indian ISPs, the order also lists various domain name registries and related organizations as defendants. This includes American registrars such as Namecheap and GoDaddy, but also the government of the Kingdom of Tonga, which is linked to .to domains. By requiring domain name registrars to take action, the Indian court orders have a global impact.

In addition to suspending the domain names within three days days, the domain name registrars are given four weeks to disclose the relevant subscriber information connected to these domains. "[The registrars] shall lock and suspend Defendant Nos. 1 to 47 websites within 72 hours of being communicated with a copy of this Order and shall file all the Basic Subscriber Information, including the name, address, contact information, email addresses, bank details, IP logs, and any other relevant information [...] within four weeks of being communicated with a copy of this Order," the High Court wrote. While the "Dynamic+" injunction is designed to be a global kill switch, its effectiveness depends entirely on the cooperation of the domain name registrars. Since most of these are based outside of India, their compliance is not guaranteed.

California became the first U.S. state to join the World Health Organization's Global Outbreak Alert and Response Network (GOARN), one day after the U.S. formally exited the WHO. The Hill reports: This announcement comes just one day after the U.S.'s withdrawal from the WHO became official after nearly 80 years of membership, having been a founding member of the organization. "The Trump administration's withdrawal from WHO is a reckless decision that will hurt all Californians and Americans," [California Governor Gavin Newsom] said in a statement. "California will not bear witness to the chaos this decision will bring. We will continue to foster partnerships across the globe and remain at the forefront of public health preparedness, including through our membership as the only state in WHO's Global Outbreak Alert & Response Network."

The U.S. Department of Justice has opened a criminal investigation into Deel over allegations that it recruited a spy inside rival Rippling, according to documents seen by The Wall Street Journal. From the report: An Ireland-based Rippling employee, Keith O'Brien, alleged in an affidavit filed in April that Deel Chief Executive Alex Bouaziz recruited him and gave him instructions for what information to take from Rippling. O'Brien alleged that other executives were involved in the spying plot, including Bouaziz's father, who is Deel's executive chairman and chief strategy officer.

A spokeswoman for Deel said the company isn't aware of a criminal investigation but is willing to cooperate with authorities. The company has previously said: "We deny all legal wrongdoing and look forward to asserting our counterclaims." Unsealed court documents allege that an entity tied to Deel transferred $6,000 to an account owned by the wife of Chief Operating Officer Dan Westgarth, and that the same amount was forwarded from the account to O'Brien seconds later.

An anonymous reader quotes a report from Wired: When TikTok users in the U.S. opened the app today, they were greeted with a pop-up asking them to agree to the social media platform's new terms of service and privacy policy before they could resume scrolling. These changes are part of TikTok's transition to new ownership. In order to continue operating in the U.S., TikTok was compelled by the U.S. government to transition from Chinese control to a new, American-majority corporate entity. Called TikTok USDS Joint Venture LLC, the new entity is made up of a group of investors that includes the software company Oracle. It's easy to tap "agree" and keep on scrolling through videos on TikTok, so users might not fully understand the extent of changes they are agreeing to with this pop-up.

Now that it's under U.S.-based ownership, TikTok potentially collects more detailed information about its users, including precise location data. Here are the three biggest changes to TikTok's privacy policy that users should know about. TikTok's change in location tracking is one of the most notable updates in this new privacy policy. Before this update, the app did not collect the precise, GPS-derived location data of U.S. users. Now, if you give TikTok permission to use your phone's location services, then the app may collect granular information about your exact whereabouts. Similar kinds of precise location data is also tracked by other social media apps, like Instagram and X.

[...] Rather than an adjustment, TikTok's policy on AI interactions adds a new topic to the privacy policy document. Now, users' interactions with any of TikTok's AI tools explicitly fall under data that the service may collect and store. This includes any prompts as well as the AI-generated outputs. The metadata attached to your interactions with AI tools may also be automatically logged. [...] This change to TikTok's privacy policy may not be as immediately noticeable to users, but it will likely have an impact on the types of ads you see outside of TikTok. So, rather than just using your collected data to target you while using the app, TikTok may now further leverage that info to serve you more relevant ads wherever you go online. As part of this advertising change, TikTok also now explicitly mentions publishers as one kind of partner the platform works with to get new data.

The White House doubled down after posting a digitally altered photo of Minnesota protester Nekima Levy Armstrong, dismissing it as a "meme" despite objections from her attorney and comparisons to reality-distorting propaganda. "YET AGAIN to the people who feel the need to reflexively defend perpetrators of heinous crimes in our country I share with you this message: Enforcement of the law will continue. The memes will continue. Thank you for your attention to this matter," White House spokesperson Kaelan Dorr wrote in a post on X. The Hill reports: The statement came after Homeland Security Secretary Kristi Noem posted a photo of Armstrong's arrest Thursday showing Armstrong with what appears to be a blank facial expression. However, the White House later posted an altered version of the same photo that shows Armstrong crying.

Armstrong's attorney Jordan Kushner said in an interview with CNN that an agent was recording Armstrong's arrest on their cellphone. "I've never seen anything like it. It's so unprofessional," Kushner said. "He was ordered to do it because the government was looking to make a spectacle of this case. I observed the whole thing. She was dignified, calm, rational the whole time." Kushner went on to call the move to alter the photo "a hallmark of a fascist regime where they actually alter reality."

A Toronto man posed as a pilot for years in order to fool airlines into giving him hundreds of free flights, prosecutors have alleged, in a case that has prompted comparisons to the Hollywood thriller Catch Me If You Can. From a report: Authorities in Hawaii announced this week that Dallas Pokornik, 33, had been charged with wire fraud after he allegedly fooled three major US carriers into giving him free tickets over a span of four years.

Airlines typically offer standby tickets to their own staff and those with rival airlines as a way of ensuring the broader industry can effectively move employees across continents. According to court documents, Pokornik was a flight attendant for a Toronto-based airline from 2017 to 2019, but then used an employee identification from that carrier to obtain tickets, "which he in fact knew to be fraudulent at the time it was so presented."

The only Toronto-based airline, Porter, told reporters it was "unable to verify any information related to this story." On one occasion, Pokornik is alleged to have requested a jumpseat in an aircraft's cockpit, which are normally reserved for off-duty pilots, even though he was not a pilot and did not have an airman's certificate. Federal rules prohibit the cockpit jumpseats from being used for leisure travel.

An anonymous reader quotes a report from the Korea Herald: South Korea will begin enforcing its Artificial Intelligence Act on Thursday, becoming the first country to formally establish safety requirements for high-performance, or so-called frontier, AI systems -- a move that sets the country apart in the global regulatory landscape. According to the Ministry of Science and ICT, the new law is designed primarily to foster growth in the domestic AI sector, while also introducing baseline safeguards to address potential risks posed by increasingly powerful AI technologies. Officials described the inclusion of legal safety obligations for frontier AI as a world-first legislative step.

The act lays the groundwork for a national-level AI policy framework. It establishes a central decision-making body -- the Presidential Council on National Artificial Intelligence Strategy -- and creates a legal foundation for an AI Safety Institute that will oversee safety and trust-related assessments. The law also outlines wide-ranging support measures, including research and development, data infrastructure, talent training, startup assistance, and help with overseas expansion.

To reduce the initial burden on businesses, the government plans to implement a grace period of at least one year. During this time, it will not carry out fact-finding investigations or impose administrative sanctions. Instead, the focus will be on consultations and education. A dedicated AI Act support desk will help companies determine whether their systems fall within the law's scope and how to respond accordingly. Officials noted that the grace period may be extended depending on how international standards and market conditions evolve. The law applies to three areas only: high-impact AI, safety obligations for high-performance AI and transparency requirements for generative AI.

Enforcement under the Korean law is intentionally light. It does not impose criminal penalties. Instead, it prioritizes corrective orders for noncompliance, with fines -- capped at 30 million won ($20,300) -- issued only if those orders are ignored. This, the government says, reflects a compliance-oriented approach rather than a punitive one. Transparency obligations for generative AI largely align with those in the EU, but Korea applies them more narrowly. Content that could be mistaken for real, such as deepfake images, video or audio, must clearly disclose its AI-generated origin. For other types of AI-generated content, invisible labeling via metadata is allowed. Personal or noncommercial use of generative AI is excluded from regulation. "This is not about boasting that we are the first in the world," said Kim Kyeong-man, deputy minister of the office of artificial intelligence policy at the ICT ministry. "We're approaching this from the most basic level of global consensus."

Korea's approach differs from the EU by defining "high-performance AI" using technical thresholds like cumulative training compute, rather than regulating based on how AI is used. As a result, Korea believes no current models meet the bar for regulation, while the EU is phasing in broader, use-based AI rules over several years.

A federal judge revealed a previously undisclosed ~$800 million, six-year partnership between Epic Games and Google tied to Unreal Engine services and joint marketing. It raises questions about whether the deal influenced Epic's willingness to settle its antitrust case over Android. The Verge reports: [California District Judge James Donato] allowed Epic and Google to keep most of the details of the plan under wraps. But during the hearing, he quizzed witnesses, including Epic CEO Tim Sweeney and economics expert Doug Bernheim, on how it might impact settlement talks -- revealing some hints in the process. "You're going to be helping Google market Android, and they're going to be helping you market Fortnite; that deal doesn't exist today, right?" Donato asked Bernheim, who answered in the affirmative. He also described it as a "new business between Epic and Google."

Sweeney's testimony cracked the mystery a little further. He referred to the agreement as relating to the "metaverse," a term Sweeney has used to refer to Epic's game Fortnite. "Epic's technology is used by many companies in the space Google is operating in to train their products, so the ability for Google to use the Unreal Engine more fullsome... sorry, I'm blowing this confidentiality," Sweeney said. Donato then offered a hard dollar figure on one part of the deal: "An $800 million spend over six years, that's a pretty healthy partnership," he said. We soon learned that refers to Epic spending $800 million to purchase some sort of services from Google: "Every year we've decided against Google, in this year we're deciding to use Google at market rates," he said. Sweeney did throw cold water on the idea that Epic and Google are jointly building a single new product together, though. "This is Google and Epic each separately building product lines," he clarified, when Judge Donato asked what the term sheet referred to with the line "Google and Epic will work together."

Donato seemed potentially leery of the partnership, asking Bernheim whether it could constitute a "quid pro quo" that reduced Epic's incentive to push for terms that would benefit other developers. Currently, Epic is backing a settlement that would see Google reduce its standard app store fees worldwide and allow alternative app stores to register for easy installation on Android. Sweeney disputed the notion that Epic might be getting paid off to soften its terms, when it's the one paying out. "I don't see anything crooked about Epic paying Google off to encourage much more robust competition than they've allowed in the past," he said. "We view this as a significant transfer of value from Epic to Google." He also says the Epic Games Store won't get any special treatment from Android in the future under this deal. It appears that the settlement arrangement is tied to the business deal. Judge Donato suggested that Epic and Google would only make the deal if the settlement goes through. Sweeney says the specific terms of the deal have not yet been reached, but admitted that he expects them to. He told Judge Donato that yes, he considers the settlement and deal "an important part of Epic's growth plan for the future."

An expanded class-action lawsuit filed last Friday alleges that a member of Nvidia's data strategy team directly contacted Anna's Archive -- the sprawling shadow library hosting millions of pirated books -- to explore "including Anna's Archive in pre-training data for our LLMs."

Internal documents cited in the amended complaint show Nvidia sought information about "high-speed access" to the collection, which Anna's Archive charged tens of thousands of dollars for. According to the lawsuit, Anna's Archive warned Nvidia that its library was illegally acquired and maintained, then asked if the company had internal permission to proceed. The pirate library noted it had previously wasted time on other AI companies that couldn't secure approval. Nvidia management allegedly gave "the green light" within a week.

Anna's Archive promised access to roughly 500 terabytes of data, including millions of books normally only accessible through Internet Archive's controlled digital lending system. The lawsuit also alleges Nvidia downloaded books from LibGen, Sci-Hub, and Z-Library.

alternative_right quotes a report from The Intercept: Federal prosecutors on January 9 charged Aurelio Luis Perez-Lugones, an IT specialist for an unnamed government contractor, with "the offense of unlawful retention of national defense information," according to an FBI affidavit (PDF). The case attracted national attention after federal agents investigating Perez-Lugones searched the home of a Washington Post reporter. But overlooked so far in the media coverage is the fact that a surprising surveillance tool pointed investigators toward Perez-Lugones: an office printer with a photographic memory. News of the investigation broke when the Washington Post reported that investigators seized the work laptop, personal laptop, phone, and smartwatch of journalist Hannah Natanson, who has covered the Trump administration's impact on the federal government and recently wrote about developing more than 1,000 government sources. A Justice Department official told the Post that Perez-Lugones had been messaging Natanson to discuss classified information. The affidavit does not allege that Perez-Lugones disseminated national defense information, only that he unlawfully retained it.

The affidavit provides insight into how Perez-Lugones allegedly attempted to exfiltrate information from a Secure Compartmented Information Facility, or SCIF, and the unexpected way his employer took notice. According to the FBI, Perez-Lugones printed a classified intelligence report, albeit in a roundabout fashion. It's standard for workplace printers to log certain information, such as the names of files they print and the users who printed them. In an apparent attempt to avoid detection, Perez-Lugones, according to the affidavit, took screenshots of classified materials, cropped the screenshots, and pasted them into a Microsoft Word document. By using screenshots instead of text, there would be no record of a classified report printed from the specific workstation. (Depending on the employer's chosen data loss prevention monitoring software, access logs might show a specific user had opened the file and perhaps even tracked whether they took screenshots).

Perez-Lugones allegedly gave the file an innocuous name, "Microsoft Word - Document1," that might not stand out if printer logs were later audited. In this case, however, the affidavit reveals that Perez-Lugones's employer could see not only the typical metadata stored by printers, such as file names, file sizes, and time of printing, but it could also view the actual contents of the printed materials -- in this case, prosecutors say, the screenshots themselves. As the affidavit points out, "Perez-Lugones' employer can retrieve records of print activity on classified systems, including copies of printed documents." [...] Aside from attempting to surreptitiously print a document, Perez-Lugones, investigators say, was also seen allegedly opening a classified document and taking notes, looking "back and forth between the screen corresponding the classified system and the notepad, all the while writing on the notepad." The affidavit doesn't state how this observation was made, but it strongly suggests a video surveillance system was also in play.