Oscar winner Robert Downey Jr. has threatened legal action against future studio executives who attempt to recreate his likeness using AI. "I intend to sue all future executives just on spec," Downey said when asked about potential AI recreations of his performances. He dismissed concerns about Marvel Studios using his likeness without permission, citing trust in their leadership. During the interview, he criticized tech executives who position themselves as AI gatekeepers, calling it "a massive fucking error."

French newspaper Le Monde found that the fitness app Strava can easily track confidential movements of foreign leaders, including U.S. President Joe Biden, and presidential rivals Donald Trump and Kamala Harris. The Independent reports: Le Monde found that some U.S. Secret Service agents use the Strava fitness app, including in recent weeks after two assassination attempts on Trump, in a video investigation released in French and in English. Strava is a fitness tracking app primarily used by runners and cyclists to record their activities and share their workouts with a community. Le Monde also found Strava users among the security staff for French President Emmanuel Macron and Russian President Vladimir Putin. In one example, Le Monde traced the Strava movements of Macron's bodyguards to determine that the French leader spent a weekend in the Normandy seaside resort of Honfleur in 2021. The trip was meant to be private and wasn't listed on the president's official agenda.

Le Monde said the whereabouts of Melania Trump and Jill Biden could also be pinpointed by tracking their bodyguards' Strava profiles. In a statement to Le Monde, the U.S. Secret Service said its staff aren't allowed to use personal electronic devices while on duty during protective assignments but "we do not prohibit an employee's personal use of social media off-duty." "Affected personnel has been notified," it said. "We will review this information to determine if any additional training or guidance is required." "We do not assess that there were any impacts to protective operations or threats to any protectees," it added. Locations "are regularly disclosed as part of public schedule releases."

In another example, Le Monde reported that a U.S. Secret Service agent's Strava profile revealed the location of a hotel where Biden subsequently stayed in San Francisco for high-stakes talks with Chinese President Xi Jinping in 2023. A few hours before Biden's arrival, the agent went jogging from the hotel, using Strava which traced his route, the newspaper found. The newspaper's journalists say they identified 26 U.S. agents, 12 members of the French GSPR, the Security Group of the Presidency of the Republic, and six members of the Russian FSO, or Federal Protection Service, all of them in charge of presidential security, who had public accounts on Strava and were therefore communicating their movements online, including during professional trips. Le Monde did not identify the bodyguards by name for security reasons.

Russia has enacted a new law expanding control over cryptocurrency mining, granting multiple federal agencies access to digital currency identifier addresses, among other things. The country is also advancing its regulatory framework and experimenting with crypto in international trade. From a report: Taking effect on Nov. 1, the legislation includes several amendments designed to strengthen oversight and impose limitations on crypto mining activities based on regional needs. The law enables the Russian government to implement mining restrictions by location and define specific procedures and circumstances for banning mining operations. A notable provision in the law gives the government the power to stop digital currency mining pools from functioning in certain areas. Additionally, the government now has the authority to regulate infrastructure providers supporting mining operations.

This legislation also grants multiple federal agencies, beyond the Federal Financial Monitoring Service (Rosfinmonitoring), access to digital currency identifier addresses. This expansion includes federal executive agencies and law enforcement, bolstering their capability to track transactions that may be linked to money laundering or terrorist financing activities. Moreover, the amendments transfer responsibility for the national mining register from the Ministry of Digital Development to the Federal Tax Service, which will now oversee mining registrations for businesses and remove those with repeated infractions. While individual miners can continue without registering if they adhere to specific electricity consumption limits, companies and individual entrepreneurs must comply with new registration requirements.

When it comes to introducing liability for software products, "the EU and U.S. are taking very different approaches," according to Lawfare's cybersecurity newsletter. "While the U.S. kicks the can down the road, the EU is rolling a hand grenade down it to see what happens." Under the status quo, the software industry is extensively protected from liability for defects or issues, and this results in systemic underinvestment in product security. Authorities believe that by making software companies liable for damages when they peddle crapware, those companies will be motivated to improve product security... [T]he EU has chosen to set very stringent standards for product liability, apply them to people rather than companies, and let lawyers sort it all out.

Earlier this month, the EU Council issued a directive updating the EU's product liability law to treat software in the same way as any other product. Under this law, consumers can claim compensation for damages caused by defective products without having to prove the vendor was negligent or irresponsible. In addition to personal injury or property damages, for software products, damages may be awarded for the loss or destruction of data. Rather than define a minimum software development standard, the directive sets what we regard as the highest possible bar. Software makers can avoid liability if they prove a defect was not discoverable given the "objective state of scientific and technical knowledge" at the time the product was put on the market.

Although the directive is severe on software makers, its scope is narrow. It applies only to people (not companies), and damages for professional use are explicitly excluded. There is still scope for collective claims such as class actions, however. The directive isn't law itself but sets the legislative direction for EU member states, and they have two years to implement its provisions. The directive commits the European Commission to publicly collating court judgements based on the directive, so it will be easy to see how cases are proceeding.

Major software vendors used by the world's most important enterprises and governments are publishing comically vulnerable code without fear of any blowback whatsoever. So yes, the status quo needs change. Whether it needs a hand grenade lobbed at it is an open question. We'll have our answer soon.

"In the early hours of Thursday, March 23, 2023, residents in the German town of Kronberg were woken from their sleep by several explosions," reports CNN .

"Criminals had blown up an ATM located below a block of flats in the town center..." According to local media reports, witnesses saw people dressed in dark clothing fleeing in a black car towards a nearby highway. During the heist, thieves stole 130,000 euros in cash. They also caused an estimated half a million euros worth of collateral damage, according to a report by Germany's Federal Criminal Police Office, BKA.

Rather than staging dramatic and risky bank robberies, criminal groups in Europe have been targeting ATMs as an easier and more low-key target. In Germany — Europe's largest economy — thieves have been blowing up ATMs at a rate of more than one per day in recent years. In a country where cash is still a prevalent payment method, the thefts can prove incredibly lucrative, with criminals pocketing hundreds of thousands of euros in one attack.

Europol has been cracking down on the robberies, carrying out large cross-border operations aimed at taking down the highly-organized criminal gangs behind them. Earlier this month, authorities from Germany, France and the Netherlands arrested three members of a criminal network who have been carrying out attacks on cash machines using explosives, Europol said in a statement. Since 2022, the detainees are believed to have looted millions of euros and run up a similar amount in property damage, from 2022 to 2024, Europol said...

Unlike its European neighbors, who largely transitioned away from cash payments due to the Covid-19 pandemic, cash still plays a significant role in Germany. One half of all transactions in 2023 were made using banknotes and coins, according to Bundesbank. Germans have a cultural attachment to cash, traditionally viewing it as a safe method of payment. Some say it allows a greater level of privacy, and gives them more control over their expenses.

"Google essentially disappeared us from the internet," says the couple who created price-comparison site Foundem in 2006. Google's search results for "price comparison" and "comparison shopping" buried their site — for more than three years.

Today the BBC looks at their 15-year legal battle, which culminated with a then record €2.4 billion fine (£2 billion or $2.6 billion) for Google, which was deemed to have abused its market dominance. The case has been hailed as a landmark moment in the global regulation of Big Tech. Google spent seven years fighting that verdict, issued in June 2017, but in September this year Europe's top court — the European Court of Justice — rejected its appeals.

Speaking to Radio 4's The Bottom Line in their first interview since that final verdict, Shivaun and Adam explained that at first, they thought their website's faltering start had simply been a mistake. "We initially thought this was collateral damage, that we had been false positive detected as spam," says Shivaun, 55. "We just assumed we had to escalate to the right place and it would be overturned...." The couple sent Google numerous requests to have the restriction lifted but, more than two years later, nothing had changed and they said they received no response. Meanwhile, their website was "ranking completely normally" on other search engines, but that didn't really matter, according to Shivaun, as "everyone's using Google".

The couple would later discover that their site was not the only one to have been put at a disadvantage by Google — by the time the tech giant was found guilty and fined in 2017 there were around 20 claimants, including Kelkoo, Trivago and Yelp... In its 2017 judgement, the European Commission found that Google had illegally promoted its own comparison shopping service in search results, whilst demoting those of competitors... "I guess it was unfortunate for Google that they did it to us," Shivaun says. "We've both been brought up maybe under the delusion that we can make a difference, and we really don't like bullies."

Even Google's final defeat in the case last month did not spell the end for the couple. They believe Google's conduct remains anti-competitive and the EC is looking into it. In March this year, under its new Digital Markets Act, the commission opened an investigation into Google's parent company, Alphabet, over whether it continues to preference its own goods and services in search results... The Raffs are also pursuing a civil damages claim against Google, which is due to begin in the first half of 2026. But when, or if, a final victory comes for the couple it will likely be a Pyrrhic one — they were forced to close Foundem in 2016.
A spokesperson for Google told the BBC the 2024 judgment from the European Court of Justice only relates to "how we showed product results from 2008-2017. The changes we made in 2017 to comply with the European Commission's Shopping decision have worked successfully for more than seven years, generating billions of clicks for more than 800 comparison shopping services.

"For this reason, we continue to strongly contest the claims made by Foundem and will do so when the case is considered by the courts."

Slashdot reader samleecole writes: Privacy advocates gained access to a powerful tool bought by U.S. law enforcement agencies that can track smartphone locations around the world. Abortion clinics, places of worship, and individual people can all be monitored without a warrant.

An investigation into tracking tool Locate X shows in the starkest terms yet how it and others — based on smartphone location data sold to various U.S. government law enforcement agencies, including state entities — could be used to monitor abortion clinic patients. This comes as more states contemplate stricter or outright bans on abortion...

In 2004 Alaa Abd El Fattah answered questions from Slashdot's readers about organizing the first-ever Linux installfest in Egypt.

In 2014 he was arrested for organizing poltical protests without requesting authorization, according to Wikipedia, and then released on bail — but then sentenced to five years in prison upon retrial. He was released in late March of 2019, but then re-arrested again in September by the National Security Agency, convicted of "spreading fake news" and jailed for five years...

Wikipedia describes Abd El-Fattah as an "Egyptian-British blogger, software developer and a political activist" who has been "active in developing Arabic-language versions of software and platforms." But this week an EFF blog post noticed that his released date had recently passed — and yet he was still in prison: It's been 28 days since September 29, the day that should have seen British-Egyptian blogger, coder, and activist Alaa Abd El Fattah walk free. Egyptian authorities refused to release him at the end of his sentence, in contradiction of the country's own Criminal Procedure Code, which requires that time served in pretrial detention count toward a prison sentence. [Human Rights Watch says Egyptian authorities are refusing to count more than two years of pretrial detention toward his time served. Amnesty International has also called for his release.] In the days since, Alaa's family has been able to secure meetings with high-level British officials, including Foreign Secretary David Lammy, but as of yet, the Egyptian government still has not released Alaa...

Alaa deserves to finally return to his family, now in the UK, and to be reunited with his son, Khaled, who is now a teenager. We urge EFF supporters in the UK to write to their MP to place pressure on the UK's Labour government to use their power to push for Alaa's release.
Last month the EFF wrote:: Over 20 years ago Alaa began using his technical skills to connect coders and technologists in the Middle East to build online communities where people could share opinions and speak freely and privately. The role he played in using technology to amplify the messages of his fellow Egyptians — as well as his own participation in the uprising in Tahrir Square — made him a prominent global voice during the Arab Spring, and a target for the country's successive repressive regimes, which have used antiterrorism laws to silence critics by throwing them in jail and depriving them of due process and other basic human rights.

Alaa is a symbol for the principle of free speech in a region of the world where speaking out for justice and human rights is dangerous and using the power of technology to build community is criminalized...

An anonymous reader quotes a report from Reuters: Delta Air Lines on Friday sued cybersecurity firm CrowdStrike in a Georgia state court after a global outage in July caused mass flight cancellations, disrupted travel plans of 1.3 million customers and cost the carrier more than $500 million. Delta's lawsuit filed in Fulton County Superior Court called the faulty software update from CrowdStrike "catastrophic" and said the firm "forced untested and faulty updates to its customers, causing more than 8.5 million Microsoft Windows-based computers around the world to crash." [...]

Delta, which has purchased CrowdStrike products since 2022, said the outage forced it to cancel 7,000 flights, impacting 1.3 million passengers over five days. "If CrowdStrike had tested the faulty update on even one computer before deployment, the computer would have crashed," Delta's lawsuit says. "Because the faulty update could not be removed remotely, CrowdStrike crippled Delta's business and created immense delays for Delta customers." Delta said that as part of its IT-planning and infrastructure, it has invested billions of dollars "in licensing and building some of the best technology solutions in the airline industry."

Apple was handed a victory today by a jury in Delware, which ruled that two of Masimo's smartwatches and chargers "willfully violated Apple's patent rights in smartwatch designs," according to Reuters. The reward? $250 in damages. 9to5Mac reports: Apple previously accused Masimo of using litigation to boost the launch of its own smartwatch product. In October 2022, Apple filed two patent infringement lawsuits against Masimo. The first lawsuit accused Masimo of copying the Apple Watch design. The second said that Masimo's technical features infringed on Apple patents covering technology used in the Apple Watch.

Reuters reports: "Apple convinced a federal jury on Friday that health monitoring tech company Masimo's smartwatches infringe two of its design patents. The jury, in Delaware, agreed with Apple that Masimo's W1 and Freedom watches and chargers willfully violated Apple's patent rights in smartwatch designs, awarding the tech giant $250 in damages. Apple's attorneys told the court the 'ultimate purpose' of its lawsuit was to win an injunction against sales of Masimo's smartwatches after an infringement ruling." The jury, however, also determined that Masimo's smartwatches "did not infringe on Apple patents covering smartwatch inventions that the tech giant had accused Masimo of copying." The two companies continue to battle it out over patent infringements regarding the Apple Watch's blood oxygen sensor.

An anonymous reader quotes a report from Ars Technica: Earlier this year, we reported on the video game archivists asking for a legal DMCA exemption to share Internet-accessible emulated versions of their physical game collections with researchers. Today, the US Copyright Office announced once again that it was denying that request, forcing researchers to travel to far-flung collections for access to the often-rare physical copies of the games they're seeking.

In announcing its decision, the Register of Copyrights for the Library of Congress sided with the Entertainment Software Association and others who argued that the proposed remote access could serve as a legal loophole for a free-to-access "online arcade" that could harm the market for classic gaming re-releases. This argument resonated with the Copyright Office despite a VGHF study that found 87 percent of those older game titles are currently out of print. "While proponents are correct that some older games will not have a reissue market, they concede there is a 'healthy' market for other reissued games and that the industry has been making 'greater concerted efforts' to reissue games," the Register writes in her decision. "Further, while the Register appreciates that proponents have suggested broad safeguards that could deter recreational uses of video games in some cases, she believes that such requirements are not specific enough to conclude that they would prevent market harms."

A DMCA exemption for remote sharing already exists for non-video-game computer software that is merely "functional," as the Register notes. But the same fair use arguments that allow for that sharing don't apply to video games because they are "often highly expressive in nature," the Register writes. In an odd footnote, the Register also notes that emulation of classic game consoles, while not infringing in its own right, has been "historically associated with piracy," thus "rais[ing] a potential concern" for any emulated remote access to library game catalogs. That footnote paradoxically cites Video Game History Foundation (VGHF) founder and director Frank Cifaldi's 2016 Game Developers Conference talk on the demonization of emulation and its importance to video game preservation. "The moment I became the Joker is when someone in charge of copyright law watched my GDC talk about how it's wrong to associate emulation with piracy and their takeaway was 'emulation is associated with piracy,'" Cifaldi quipped in a social media post.

The top U.S. consumer finance watchdog warned businesses about potential legal problems they could face from using new technology such as artificial intelligence or algorithmic scores to snoop on and evaluate their employees. From a report: The Consumer Financial Protection Bureau on Thursday said "invasive" new tools to monitor workers are governed by a law designed to ensure fairness in credit reporting, giving employees specific rights. Employees have the right to consent to the collection of personal information, to receive detailed information and to dispute inaccurate information, the CFPB said in the newly released guidance.

"Workers shouldn't be subject to unchecked surveillance or have their careers determined by opaque third-party reports without basic protections," CFPB Director Rohit Chopra said. More companies are leaning on AI and other powerful tools throughout the employment process, using software that can, for example, interview candidates and surveillance tools that can look for unsafe behavior. Americans have expressed concerns about Big Brother-style surveillance while they are on the job.

A government-controlled wallet that had been drained of $20 million on Thursday received most of its funds back Friday, adding another layer of mystery to transactions flagged by blockchain analysts as likely being connected to a high-profile theft. From a report: The pseudonymous blockchain sleuth ZachXBT had said in a tweet Thursday that the transfers resembled the playbook of a bad actor. Engaging with several decentralized finance protocols, the wallet had also tapped so-called instant exchanges after funds were moved across a series of transfers that "looked nefarious." About $19.3 million worth of funds had been returned to the wallet early Friday, per on-chain data collected by Arkham Intelligence, including Ethereum and the stablecoin USDC. Still, ZachXBT said in his Telegram community that funds transferred to exchanges had not yet been returned.

UnitedHealth Group said a ransomware attack in February resulted in more than 100 million individuals having their private health information stolen. The U.S. Department of Health and Human Services first reported the figure on Thursday. TechCrunch reports: The ransomware attack and data breach at Change Healthcare stands as the largest known digital theft of U.S. medical records, and one of the biggest data breaches in living history. The ramifications for the millions of Americans whose private medical information was irretrievably stolen are likely to be life lasting. UHG began notifying affected individuals in late July, which continued through October. The stolen data varies by individual, but Change previously confirmed that it includes personal information, such as names and addresses, dates of birth, phone numbers and email addresses, and government identity documents, including Social Security numbers, driver's license numbers, and passport numbers. The stolen health data includes diagnoses, medications, test results, imaging and care and treatment plans, and health insurance information -- as well as financial and banking information found in claims and payment data taken by the criminals.

The cyberattack became public on February 21 when Change Healthcare pulled much of its network offline to contain the intruders, causing immediate outages across the U.S. healthcare sector that relied on Change for handling patient insurance and billing. UHG attributed the cyberattack to ALPHV/BlackCat, a Russian-speaking ransomware and extortion gang, which later took credit for the cyberattack. The ransomware gang's leaders later vanished after absconding with a $22 million ransom paid by the health insurance giant, stiffing the group's contractors who carried out the hacking of Change Healthcare out of their new financial windfall. The contractors took the data they stole from Change Healthcare and formed a new group, which extorted a second ransom from UHG, while publishing a portion of the stolen files online in the process to prove their threat.

There is no evidence that the cybercriminals subsequently deleted the data. Other extortion gangs, including LockBit, have been shown to hoard stolen data, even after the victim pays and the criminals claim to have deleted the data. In paying the ransom, Change obtained a copy of the stolen dataset, allowing the company to identify and notify the affected individuals whose information was found in the data. Efforts by the U.S. government to catch the hackers behind ALPHV/BlackCat, one of the most prolific ransomware gangs today, have so far failed. The gang bounced back following a takedown operation in 2023 to seize the gang's dark web leak site. Months after the Change Healthcare breach, the U.S. State Department upped its reward for information on the whereabouts of the ALPHV/BlackCat cybercriminals to $10 million.

The EU Court of Justice ruled in favor of Intel, dismissing the European Commission's appeal and ending a nearly two-decade-long case over allegations that Intel's rebates to computer makers were anticompetitive. Reuters reports: The European Commission had fined Intel for giving rebates to computer makers Dell, Hewlett-Packard and Lenovo for buying most of their chips from Intel, which regulators said was an attempt to block Advanced Micro Devices. Regulators generally oppose rebates offered by dominant companies because they fear they may be anticompetitive, while companies say enforcers must prove discounts have anticompetitive effects before companies are sanctioned.

EU regulators had initially fined Intel 1.06 billion euros ($1.14 billion) but a lower tribunal scrapped that. Intel's case was boosted earlier this year when an adviser to the court said regulators had not properly performed an economic analysis.

Norway plans to enforce a strict minimum social media age of 15 to protect children from harmful content and the influence of algorithms. The Guardian reports: The Scandinavian country already has a minimum age limit of 13 in place. Despite this, more than half of nine-year-olds, 58% of 10-year-olds and 72% of 11-year-olds are on social media, according to research by the Norwegian media authority. The government has pledged to introduce more safeguards to prevent children from getting around the age restrictions -- including amending the Personal Data Act so that social media users must be 15 years old to agree that the platform can handle their personal data, and developing an age verification barrier for social media.

"It sends quite a strong signal," the prime minister told the newspaper VG on Wednesday. "Children must be protected from harmful content on social media. These are big tech giants pitted against small children's brains. We know that this is an uphill battle, because there are strong forces here, but it is also where politics is needed." While he said he understood that social media could offer lonely children a community, self-expression must not be in the power of algorithms. "On the contrary, it can cause you to become single-minded and pacified, because everything happens so fast on this screen," he added. "It is also about giving parents the security to say no," said Kjersti Toppe, the minister for children and families. "We know that many people really want to say no, but don't feel they can."

An anonymous reader quotes a report from SecurityWeek.com: White hat hackers taking part in the Pwn2Own Ireland 2024 contest organized by Trend Micro's Zero Day Initiative (ZDI) have earned half a million dollars on the first day of the event, for exploits targeting NAS devices, cameras, printers and smart speakers. The highest single reward, $100,000, was earned by Sina Kheirkhah of Summoning Team, who chained a total of nine vulnerabilities for an attack that went from a QNAP QHora-322 router to a TrueNAS Mini X storage device. Another exploit chain involving the QNAP QHora-322 and TrueNAS Mini X products was demonstrated by Viettel Cyber Security, but this team earned only $50,000.

A significant reward was also earned by Jack Dates of RET2 Systems, who received $60,000 for hacking a Sonos Era 300 smart speaker. QNAP TS-464 and Synology DiskStation DS1823XS+ NAS device exploits earned $40,000 each for two different teams. Participants also successfully demonstrated exploits against the Lorex 2K WiFi, Ubiquity AI Bullet, and Synology TC500 cameras, and HP Color LaserJet Pro MFP 3301fdw and Canon imageCLASS MF656Cdw printers. These attempts earned the hackers between $11,000 and $30,000. According to ZDI, a total of $516,250 was paid out on the first day of Pwn2Own Ireland for over 50 unique vulnerabilities.

A judge has allowed Saudi dissident Yahya Assiri to sue the kingdom for allegedly targeting his devices with Pegasus spyware and other Israeli-made surveillance tools. Reuters reports: Yahya Assiri, a founder of the opposition National Assembly Party (NAAS) who lives in exile in Britain, alleges his electronic devices were targeted with surveillance software between 2018 and 2020. He is suing Saudi Arabia at London's High Court, saying the country used Pegasus - made by Israeli company NSO Group and sold only to nation states - and other spyware made by lesser-known Israeli firm QuaDream because of his work with dissidents.

Earlier this month, Roger Eastman, a judge in the High Court, gave Assiri permission to serve his lawsuit on the Saudi government, a step that required the court to find Assiri has an arguable case. The decision announced on Monday to allow the case to be served on Saudi Arabia in Riyadh was made on Oct. 11. Assiri said in a statement: "I am fully aware that the authorities will want to target me. However, it is outrageous for them also to target individuals such as the victims of rights abuses and their families in Saudi Arabia simply because these people have been in contact with me."

A civil liberties group has filed a lawsuit in Virginia arguing that the widespread use of Flock's automated license plate readers violates the Fourth Amendment's protections against warrantless searches. 404 Media reports: "The City of Norfolk, Virginia, has installed a network of cameras that make it functionally impossible for people to drive anywhere without having their movements tracked, photographed, and stored in an AI-assisted database that enables the warrantless surveillance of their every move. This civil rights lawsuit seeks to end this dragnet surveillance program," the lawsuit notes (PDF). "In Norfolk, no one can escape the government's 172 unblinking eyes," it continues, referring to the 172 Flock cameras currently operational in Norfolk. The Fourth Amendment protects against unreasonable searches and seizures and has been ruled in many cases to protect against warrantless government surveillance, and the lawsuit specifically says Norfolk's installation violates that. [...]

The lawsuit in Norfolk is being filed by the Institute for Justice, a civil liberties organization that has filed a series of privacy and government overreach lawsuits over the last few years. Two Virginia residents, Lee Schmidt and Crystal Arrington, are listed as plaintiffs in the case. Schmidt is a Navy veteran who alleges in the lawsuit that the cops can easily infer where he is going based on Flock data. "Just outside his neighborhood, there are four Flock Cameras. Lee drives by these cameras (and others he sees around town) nearly every day, and the Norfolk Police Department [NPD] can use the information they record to build a picture of his daily habits and routines," the lawsuit reads. "If the Flock Cameras record Lee going straight through the intersection outside his neighborhood, for example, the NPD can infer that he is going to his daughter's school. If the cameras capture him turning right, the NPD can infer that he is going to the shooting range. If the cameras capture him turning left, the NPD can infer that he is going to the grocery store. The Flock Cameras capture the start of nearly every trip Lee makes in his car, so he effectively cannot leave his neighborhood without the NPD knowing about it." Arrington is a healthcare worker who makes home visits to clients in Norfolk. The lawsuit alleges that it would be trivial for the government to identify her clients. "Fourth Amendment case law overwhelmingly shows that license plate readers do not constitute a warrantless search because they take photos of cars in public and cannot continuously track the movements of any individual," a Flock spokesperson said. "Appellate and federal district courts in at least fourteen states have upheld the use of evidence from license plate readers as Constitutional without requiring a warrant, as well as the 9th and 11th circuits. Since the Bell case, four judges in Virginia have ruled the opposite way -- that ALPR evidence is admissible in court without a warrant."

Democratic senators Elizabeth Warren, Ron Wyden, Richard Blumenthal and Representative Katie Porter are demanding the Justice Department prosecute tax preparation companies for allegedly sharing sensitive taxpayer data with Meta and Google through tracking pixels. The lawmakers' call follows a Treasury Inspector General audit confirming their earlier investigation into TaxSlayer, H&R Block, and Tax Act. The audit found multiple companies failed to properly obtain consent before sharing tax return information via advertising tools. Violations could result in one-year prison terms and $1,000 fines per incident, potentially reaching billions in penalties given the scale of affected users.

In a letter shared with The Verge, the lawmakers said: "Accountability for these tax preparation companies -- who disclosed millions of taxpayers' tax return data, meaning they could potentially face billions of dollars in criminal liability -- is essential for protecting the rule of law and the privacy of taxpayers," the letter reads. "We urge you to follow the facts and the conclusions of TIGTA and the IRS and to take appropriate action against any companies or individuals that have violated the law."