The New York Times points out that so-called "shadow libraries," like Library Genesis, Z-Library or Bibliotik, "are obscure repositories storing millions of titles, in many cases without permission — and are often used as A.I. training data." A.I. companies have acknowledged in research papers that they rely on shadow libraries. OpenAI's GPT-1 was trained on BookCorpus, which has over 7,000 unpublished titles scraped from the self-publishing platform Smashwords. To train GPT-3, OpenAI said that about 16 percent of the data it used came from two "internet-based books corpora" that it called "Books1" and "Books2." According to a lawsuit by the comedian Sarah Silverman and two other authors against OpenAI, Books2 is most likely a "flagrantly illegal" shadow library.

These sites have been under scrutiny for some time. The Authors Guild, which organized the authors' open letter to tech executives, cited studies in 2016 and 2017 that suggested text piracy depressed legitimate book sales by as much as 14 percent.

Efforts to shut down these sites have floundered. Last year, the F.B.I., with help from the Authors Guild, charged two people accused of running Z-Library with copyright infringement, fraud and money laundering. But afterward, some of these sites were moved to the dark web and torrent sites, making it harder to trace them. And because many of these sites are run outside the United States and anonymously, actually punishing the operators is a tall task.

Tech companies are becoming more tight-lipped about the data used to train their systems.

Forbes' senior writer on cybersecurity writes on the "warrantless monitoring of citizens en masse" in the United States.

Here's how county police armed with a "powerful new AI tool" identified the suspicious driving pattern of a grey Chevy owned by David Zayas: Searching through a database of 1.6 billion license plate records collected over the last two years from locations across New York State, the AI determined that Zayas' car was on a journey typical of a drug trafficker. According to a Department of Justice prosecutor filing, it made nine trips from Massachusetts to different parts of New York between October 2020 and August 2021 following routes known to be used by narcotics pushers and for conspicuously short stays. So on March 10 last year, Westchester PD pulled him over and searched his car, finding 112 grams of crack cocaine, a semiautomatic pistol and $34,000 in cash inside, according to court documents. A year later, Zayas pleaded guilty to a drug trafficking charge.

The previously unreported case is a window into the evolution of AI-powered policing, and a harbinger of the constitutional issues that will inevitably accompany it... Westchester PD's license plate surveillance system was built by Rekor, a $125 million market cap AI company trading on the NASDAQ. Local reporting and public government data reviewed by Forbes show Rekor has sold its ALPR tech to at least 23 police departments and local governments across America, from Lauderhill, Florida to San Diego, California. That's not including more than 40 police departments across New York state who can avail themselves of Westchester County PD's system, which runs out of its Real-Time Crime Center... It also runs the Rekor Public Safety Network, an opt-in project that has been aggregating vehicle location data from customers for the last three years, since it launched with information from 30 states that, at the time, were reading 150 million plates per month. That kind of centralized database with cross-state data sharing, has troubled civil rights activists, especially in light of recent revelations that Sacramento County Sheriff's Office was sharing license plate reader data with states that have banned abortion...

The ALPR market is growing thanks to a glut of Rekor rivals, including Flock, Motorola, Genetec, Jenoptik and many others who have contracts across federal and state governments. They're each trying to grab a slice of a market estimated to be worth at least $2.5 billion... In pursuit of that elusive profit, the market is looking beyond law enforcement to retail and fast food. Corporate giants have toyed with the idea of tying license plates to customer identities. McDonalds and White Castle have already begun using ALPR to tailor drive-through experiences, detecting returning customers and using past orders to guide them through the ordering process or offer individualized promotion offers. The latter restaurant chain uses Rekor tech to do that via a partnership with Mastercard.
A senior staff attorney at the ACLU tells Forbes that "The scale of this kind of surveillance is just incredibly massive."

Thanks to long-time Slashdot reader Geek_Cop for sharing the article.

Gizmodo reports: Thousands of top Russian officials and state employees have reportedly been banned from using iPhones and other Apple products over concerns they could serve as surreptitious spying tools for Western intelligence agencies...

Russia's trade minister, according to a Financial Times report, said the new ban will take effect Monday, July 17. The move affects a variety of Apple products from iPhones, iPads, and laptops, and builds off of similar restrictions already put in place by the digital development ministry and state-owned defense conglomerate Rostec. Kremlin officials also advised staff working on Vladimir Putin's 2024 presidential re-election campaign against using a variety of US-developed smartphones over similar espionage conveners earlier this year...

Russian intelligence officials last month accused the US National Security Agency of hacking into thousands of Russian-owned iPhones and targeting the phones of foreign diplomats based in Russia... To be clear, Russian officials still haven't provided any clear evidence proving the alleged US conspiracy. Apple has also publicly denied the claims and recently told the Times it "has never worked with any government to build a backdoor into any Apple product, and never will."
The Financial Times got a skeptical response to that from Dmitry Medvedev, deputy head of Russia's Security Council and one of the country's fiercest hardliners. "When a big tech compan...â.âclaims it does not co-operate with the intelligence community — either it lies shamelessly or it is about to [go bust]."

Thanks to Slashdot reader dovthelachma for sharing the news.

The major gaming platform Roblox has suffered a major data breach, leading to the release of personal information including addresses from those who attended the Roblox Developer Conference between 2017-2020. PCGamer reports: The leak contains almost 4,000 names, phone numbers, email addresses, dates of birth, and physical addresses. Such identifying information is gold dust for bad actors, and raises serious questions about the data security of one of the largest gaming platforms around. The website haveibeenpwned says the original breach date was 18 December 2020, with the information becoming available on 18 July 2023, with a total of 3,943 compromised accounts. The site notes that as well as all the above information, the leak even includes each individual's t-shirt size.

The implications of this for those affected are identity theft and scams, with the quantity of data especially worrying: this is basically all you need to effectively impersonate someone. Beyond the above statement, Roblox has made no further comment, and it's likely that the ramifications of this will continue to unfold for some time, especially if anyone on the list is indeed targeted. Anyone concerned should search on haveibeenpwned and enable two-factor authentication on all accounts (as well as keeping an especially close eye on bank transactions for a while). Troy Hunt, the engineer behind haveibeenpwned, said the leak was posted in 2021 but according to an unnamed source didn't spread outside of niche Roblox communities, while at the time the company did not publicly disclose the leak or alert anyone affected. The leak then appeared on a public forum a few days ago. "Roblox is aware of a third-party security issue where there were indications of unauthorized access to limited personal information of a subset of our creator community," said a Roblox spokesperson to PC Gamer. "We engaged independent experts to support the investigation led by our information security team. Those who are impacted will receive an email communicating the next steps we are taking to support them. We will continue to be vigilant in monitoring and vetting the cyber security posture of Roblox and our third-party vendors."

An anonymous reader quotes a report from Ars Technica: A few months ago, the developers behind the Wii/GameCube emulator Dolphin said they were indefinitely postponing a planned Steam release, after Steam-maker Valve received a request from Nintendo to take down the emulator's "coming soon" page. This week, after consulting with a lawyer, the team says it has decided to abandon its Steam distribution plans altogether. "Valve ultimately runs the store and can set any condition they wish for software to appear on it," the team wrote in a blog post on Thursday. "In the end, Valve is the one running the Steam storefront, and they have the right to allow or disallow anything they want on said storefront for any reason."

The Dolphin team also takes pains to note that this decision was not the result of an official DMCA notice sent by Nintendo. Instead, Valve reached out to Nintendo to ask about the planned Dolphin release, at which point a Nintendo lawyer cited the DMCA in asking Valve to take down the page. At that point, the Dolphin team says, Valve "told us that we had to come to an agreement with Nintendo in order to release on Steam... But given Nintendo's long-held stance on emulation, we find Valve's requirement for us to get approval from Nintendo for a Steam release to be impossible. Unfortunately, that's that." "As for Nintendo, this incident just continues their existing stance towards emulation," the post continues. "We don't think that this incident should change anyone's view of either company."

Despite the disappointing result for the Steam release, the Dolphin team is adamant that "we do not believe that Dolphin is in any legal danger." That's despite the emulator's inclusion of the Wii Common Key, which could run afoul of the DMCA's anti-circumvention provisions. The Dolphin Team notes that the Wii Common Key has been freely shared across the Internet since its initial discovery and publication in 2008. And while that key has been in the Dolphin code base since 2009, "no one has really cared," the team writes. [...] With what they believe is a firm legal footing, the team writes that Dolphin development will continue away from Steam, but including a number of UI and quality of life features originally designed for the Steam release. Meanwhile, emulators like RetroArch and the innovative 3dSen continue to be available on Steam, with no immediate sign of a further crackdown from Valve or Nintendo.

The hack of Microsoft's cloud that resulted in the compromise of government emails was an example of a traditional espionage threat, a senior National Security Agency official said. From a report: Speaking at the Aspen Security Forum, Rob Joyce, the director of cybersecurity at the N.S.A., said the United States needed to protect its networks from such espionage, but that adversaries would continue to try to secretly extract information from each other. "It is China doing espionage," Mr. Joyce said. "It is what nation-states do. We have to defend against it, we need to push back against it. But that is something that happens."

The hackers took emails from senior State Department officials including Nicholas Burns, the U.S. ambassador to China. The theft of Mr. Burns's emails was earlier reported by The Wall Street Journal and confirmed by a person familiar with the matter. Daniel J. Kritenbrink, the assistant secretary of state for East Asia, also had his email hacked, a U.S. official said. The emails of Commerce Secretary Gina Raimondo were also obtained in the hack, which was discovered in June by State Department cybersecurity experts scouring user logs for unusual activity. Microsoft later determined that Chinese hackers had obtained access to email accounts a month earlier.

Top AI companies including OpenAI, Alphabet and Meta Platforms have made voluntary commitments to the White House to implement measures such as watermarking AI-generated content to help make the technology safer, the Biden administration said on Friday. From a report: The companies -- which also include Anthropic, Inflection, Amazon.com and OpenAI partner Microsoft -- pledged to thoroughly test systems before releasing them and share information about how to reduce risks and invest in cybersecurity.

The move is seen as a win for the Biden administration's effort to regulate the technology which has experienced a boom in investment and consumer popularity. Since generative AI, which uses data to create new content like ChatGPT's human-sounding prose, became wildly popular this year, lawmakers around the world began considering how to mitigate the dangers of the emerging technology to national security and the economy.

According to a new study from online game development platform School XYZ, the exodus of major international video game publishers from Russia led to a sharp rise in the number of video gamers playing pirates games. TorrentFreak reports: Almost seven out of ten video gamers (69%) said they'd played at least one pirated copy in 2022, and more than half (51%) said that they're now pirating more than they did in 2021. As first reported by the Russian news outlet Vedomosti (paywall), the study was conducted across all regions of Russia and took into account all unlicensed game formats, in most cases downloaded from torrent sites. While over a quarter of respondents (27%) said they'd pirated three PC games in 2022, and 20% confessed to pirating more than 10, other figures from the study are more positive. Of the 31% of gamers who reported pirating nothing in 2022, all said that they were opposed to piracy. Just 7% of gamers admitted to buying no games at all in 2022, meaning that 93% bought at least one piece of legitimate content.

According to Alexander Kuzmenko, the former editor of Russian videogame magazine and gaming website Igromania (Game Mania), it's not just the departure of publishers including Sony, Microsoft, and Nintendo causing problem for gamers. When platforms like Steam and GOG, known for their ease of access, stopped supporting Russian bank cards, barriers appeared in a previously frictionless system. Yegor Tomsky, CEO at Watt Studio, agrees that buying content has become much more difficult. "Players are used to buying games on Steam in one click, and now, to buy a game, you need to perform the same actions as when downloading a pirated version, so everyone chooses to save money," Tomsky says.

As the Russian economy faces huge difficulties directly linked to the invasion of Ukraine, some fear that game piracy rates are heading towards the 90%+ mark last seen around two decades ago. People everywhere are trying to save money and according to Konstantin Sakhnov, co-founder of Vengeance Games, overseas game publishers may see lost profits reach $200-$300 million. A report from Kommersant published today indicates that local companies are also feeling the pain. According to data published by job search platform HH.ru, during the first half of 2023 the number of vacancies for video game developers in Russia plummeted 38%.

Researchers have warned that leaked information from a ransomware attack on hardware-maker Gigabyte two years ago may contain critical zero-day vulnerabilities that pose a significant risk to the computing world. The vulnerabilities were found in firmware made by AMI for BMCs (baseboard management controllers), which are small computers integrated into server motherboards allowing remote management of multiple computers. These vulnerabilities, which can be exploited by local or remote attackers with access to Redfish remote management interfaces, could lead to unauthorized access, remote code execution, and potential physical damage to servers. Ars Technica reports: Until the vulnerabilities are patched using an update AMI published on Thursday, they provide a means for malicious hackers -- both financially motivated or nation-state sponsored -- to gain superuser status inside some of the most sensitive cloud environments in the world. From there, the attackers could install ransomware and espionage malware that runs at some of the lowest levels inside infected machines. Successful attackers could also cause physical damage to servers or indefinite reboot loops that a victim organization can't interrupt. Eclypsium warned such events could lead to "lights out forever" scenarios.

The researchers went on to note that if they could locate the vulnerabilities and write exploits after analyzing the publicly available source code, there's nothing stopping malicious actors from doing the same. And even without access to the source code, the vulnerabilities could still be identified by decompiling BMC firmware images. There's no indication malicious parties have done so, but there's also no way to know they haven't. The researchers privately notified AMI of the vulnerabilities, and the company created firmware patches, which are available to customers through a restricted support page. AMI has also published an advisory here.

An anonymous reader quotes a report from PBS: An IRS plan to test drive a new electronic free-file tax return system next year has got supporters and critics of the idea mobilizing to sway the public and Congress over whether the government should set up a permanent program to help people file their taxes without needing to pay somebody else to figure out what they owe. On one side, civil society groups this week launched a coalition to promote the move toward a government-run free-file program. On the other, tax preparation firms like Intuit -- the parent company of TurboTax -- and H&R Block have been pouring millions into trying to stop the idea cold. The advocacy groups are exponentially out-monied.

An April AP analysis found that overall, Intuit, H&R Block, and other private companies and advocacy groups for large tax preparation businesses, as well as proponents in favor of electronic free file, have reported spending $39.3 million since 2006 to lobby on "free-file" and other matters. Federal law doesn't require domestic lobbyists to itemize expenses by specific issue, so the sums are not limited to free-file. Intuit spent at least $25.6 million since 2006 on lobbying, H&R Block about $9.6 million and the conservative Americans for Tax Reform roughly $3 million. In contrast, the NAACP has spent $140,000 lobbying on "free-file" since 2006 and Public Citizen has spent $110,000 in the same time frame. "What we have on our side is public opinion," said Igor Volsky, executive director of the liberal Groundwork Action advocacy group. Volsky's organization and leaders from Public Citizen, the Center for the Study of Social Policy, Code for America, the Economic Security Project and others launched the "Coalition for Free and Fair Filing" on Wednesday. The group's mission is to "ensure all U.S. taxpayers can easily file tax returns and get the tax credits they deserve by safeguarding and expanding" the new IRS program. "The overwhelming majority of people demand a free-file option," Volsky said. "Now the question for us is how do you channel that into effective political pressure."

The IRS in May released a report that said most taxpayers are interested in filing their taxes directly to the IRS for free, and concurrently announced plans to launch the pilot program for the 2024 filing season. The goal is to test a direct file system that will help the IRS decide whether to move forward with a more permanent program. That idea has faced the immediate threat of budget cuts from congressional Republicans. Republicans on the House Appropriations Committee in June proposed a budget rider that would prohibit funds to be used for the IRS to create a government-run tax preparation software, unless approved by a group of House and Senate committees. The move "safeguards the IRS from an obvious conflict of interest where the tax collector becomes the tax preparer," the bill's summary states.

Google continues the rollout of its Privacy Sandbox APIs -- its replacement for tracking cookies for the online advertising industry. From a report: Today, right on schedule and in time for the launch of Chrome 115 into the stable release channel, Google announced that it will now start enabling the relevance and measurement APIs in its browser. This will be a gradual rollout, with Google aiming for a 99% availability by mid-August. At this point, Google doesn't expect to make any major changes to the APIs. This includes virtually all of the core Privacy Sandbox features, including Topics, Protected Audience, Attribution Reporting, Private Aggregation, Shared Storage and Fenced Frames. It's worth noting that for the time being, Privacy Sandbox will run in parallel with third-party cookies in the browser. It won't be until early 2024 that Google will deprecate third-party cookies for 1% of Chrome users. After that, the process will speed up though and Google will deprecate these cookies for all users by the second half of 2024.

A bipartisan pair of senators unveiled a bill Wednesday to ban stock ownership by lawmakers and administration officials. The Hill reports: The bill, introduced by Sens. Kirsten Gillibrand (D-N.Y.) and Josh Hawley (R-Mo.), would establish firmer stock trading bans and disclosure requirements for lawmakers, senior executive branch officials and their spouses and dependents. The bill would ban congressional members, the president, vice president, senior executive branch members, and their spouses and dependents from holding or trading stocks, with no exception to blind trusts. Congressional members who violate this ban would be required to pay at least 10 percent of the banned investments.

The legislation also establishes harsh penalties for executive branch stock trading, requiring executive branch officials to give up profits from covered finance interests to the Department of Treasury, while also facing a fine from the Automatic Special Counsel. Congressional members, senior congressional staff and senior executive branch employees would also be required to report if they, a spouse or a dependent applies for or receives a "benefit of value" from the federal government, including loans, contracts, grants, agreements and payments. If they fail to file, they will face a $500 penalty.

The bill aims to increase transparency, requiring public databases of personal financial disclosures and financial transaction filings required by the STOCK Act, which prohibits members of Congress from using insider information when buying and selling stocks. The penalty for the failing to file STOCK Act transaction reports would also increase from $200 to $500.

An anonymous reader quotes a report from TechCrunch: The Biden administration has launched its long-awaited Internet of Things (IoT) cybersecurity labeling program that aims to protect Americans against the myriad of security risks associated with internet-connected devices. The program, officially named the "U.S. Cyber Trust Mark," aims to help Americans ensure they are buying internet-connected devices that include strong cybersecurity protections against cyberattacks. The Internet of Things, a term encompassing everything from fitness trackers and routers to baby monitors and smart refrigerators, has long been considered a weak cybersecurity link. Many devices ship with easy-to-guess default passwords and offer a lack of security regular updates, putting consumers at risk of being hacked.

The Biden administration says its voluntary Energy Star-influenced labeling system will "raise the bar" for IoT security by enabling Americans to make informed decisions about the security credentials of the internet-connected devices they buy. The U.S. Cyber Trust Mark will take the form of a distinct shield logo, which will appear on products that meet established cybersecurity criteria. This criterion, established by the National Institute of Standards and Technology (NIST), will require, for example, that devices require unique and strong default passwords, protect both stored and transmitted data, offer regular security updates, and ship with incident detection capabilities.

The full list of standards is not yet finalized. The White House said that NIST will immediately start work on defining cybersecurity standards for "higher-risk" consumer-grade routers, devices that attackers frequently target to steal passwords and create botnets that can be used to launch distributed denial-of-service (DDoS) attacks. This work will be completed by the end of 2023, with the aim that the initiative will cover these devices when it launches in 2024. In a call with reporters, the White House confirmed that the Cyber Trust Mark will also include a QR code that will link to a national registry of certified devices and provide up-to-date security information, such as software updating policies, data encryption standards and vulnerability remediation. Amazon and Best Buy are some of the first major U.S. retailers to have signed up for the initiative. Others include Cisco, Google, LG, Qualcomm and Samsung.

The U.S. Department of Energy also said it is working with industry partners to develop cybersecurity labeling requirements for smart meters and power inverters.

An anonymous reader quotes a report from Motherboard: A phone-recorded video posted to Reddit shows a wooden desk strewn with various office supplies. On a monitor on the desk, a video begins to play: an Amazon delivery driver, being recorded by a driver-facing camera in their van, leans out of their window to talk to a customer. Though the video is cute, the setup is not: The camera's AI tracks their movements, surrounding them with a bright green box. Below them on the monitor's screen, a yellow line marks the length of the clip sent to the driver's dispatcher. Above them sits a timecode and a speed marker of "0 MPH." The driver opens their door, and moments later, a small French bulldog leaps into the van, tail wagging. The driver is delighted. The person behind the camera laughs a little. [...] The desk set-up looks consistent with that of an Amazon delivery service partner (DSP), the small-business contractors responsible for Amazon's door-to-door deliveries. The DSPs usually operate out of Amazon delivery warehouses, where they are given a desk like the one in the video, in a small area of the warehouse, out of which they select routes, dispatch drivers, and monitor their actions on the road with the help of the cameras.

The video is one of a slew of in-van surveillance videos recently posted to Reddit, a phenomenon which hasn't frequently been seen on the site before. Over the past two weeks, many users in the Amazon delivery service partner drivers subreddit (r/AmazonDSPDrivers) have shared video footage from the cameras, either directly or by recording it on their phone from a monitor within the warehouse. It is clear that many of the videos are not being posted by the subject of the video themselves, and highlights the fact that Amazon drivers, who already have incredibly difficult jobs, are being monitored at all times.

When Motherboard first wrote about the "Biometric Consent" form drivers had to sign that allows them to be monitored while on the job, Amazon insisted that the program was about safety only, and that workers shouldn't be worried about their privacy: "Don't believe the self-interested critics who claim these cameras are intended for anything other than safety," a spokesperson told us at the time. But this video, and a rash of others that have recently become public, shows that access to the camera feeds is being abused. [...] It's not clear why there has been a sudden spate of videos being posted publicly. One current Amazon delivery driver said that the drivers themselves did not have access to the videos -- only Amazon, Netradyne, and the relevant DSPs did.

Norway's data protection regulator has accused Meta of violating user privacy by tracking their activities, threatening to fine the company $100,000 per day if it fails to take corrective action. "It is so clear that this is illegal that we need to intervene now and immediately," said Tobias Judin, head of Norway's privacy commission, Datatilsynet. Engadget reports: The move follows a European court ruling banning Meta from harvesting user data like location, behavior and more for advertising. Datatilsynet has referred its actions to Europe's Data Protection Board, which could widen the fine across Europe. The aim is to put "additional pressure" on Meta, Judin said. (Norway is a member of the European single market, but not technically an EU member.)

Meta told Reuters that it's reviewing Datatilsynet's decision and that the decision wouldn't immediately impact its services. "We continue to constructively engage with the Irish DPC, our lead regulator in the EU, regarding our compliance with its decision," a spokesperson said. "The debate around legal bases has been ongoing for some time and businesses continue to face a lack of regulatory certainty in this area."

Millions of US military emails have been misdirected to Mali through a "typo leak" that has exposed highly sensitive information, including diplomatic documents, tax returns, passwords and the travel details of top officers. Financial Times: Despite repeated warnings over a decade, a steady flow of email traffic continues to the .ML domain, the country identifier for Mali, as a result of people mistyping .MIL, the suffix to all US military email addresses. The problem was first identified almost a decade ago by Johannes Zuurbier, a Dutch internet entrepreneur who has a contract to manage Mali's country domain.

Zuurbier has been collecting misdirected emails since January in an effort to persuade the US to take the issue seriously. He holds close to 117,000 misdirected messages -- almost 1,000 arrived on Wednesday alone. In a letter he sent to the US in early July, Zuurbier wrote: "This risk is real and could be exploited by adversaries of the US."

The Washington Post begins a recent article with the story of an 18-year-old drug dealer with mental health issues named Zachary Burkard, who shot two unarmed 17-year-olds with a "ghost gun" he built from a kit bought online.

The father of one of those 17-year-olds thinks "They've just made it entirely too easy to get these guns... A child can buy one. There's no background checks. You don't even need a bank account. You can go to 7-Eleven and get a debit card, put money on it and buy a gun." The families of the two teens, with the help of the anti-gun-violence group Everytown for Gun Safety, are now suing the distributor of the parts Burkard used to make his ghost gun, 80P Builder of Florida, and the manufacturer, Polymer80 of Nevada, for gross negligence in providing a teenager with a weapon when he was not legally able to buy a handgun from a federally licensed dealer. The case, those who track the weapons say, demonstrates a frightening phenomenon... Teenagers have discovered the ease with which they can acquire the parts for a ghost gun, and they have been buying, building and shooting the homemade guns with alarming frequency. Everytown for Gun Safety compiled a list of more than 50 incidents involving teens and ghost guns since 2019. Among them:

- In Brooklyn Park, Minn., police arrested two teens with ghost guns in December after authorities said one of them attempted to shoot someone outside their car but instead killed their friend inside it.
- In New Rochelle, N.Y., a 16-year-old created a "ghost gun factory" in his bedroom last year, police said, before killing another 16-year-old...

The Bureau of Alcohol, Tobacco and Firearms (ATF) estimated that Polymer80 was responsible for more than 88 percent of the ghost guns recovered by police between 2017 and 2021, though there are nearly 100 manufacturers selling parts, or full kits, which can be made into unserialized guns, a list compiled by Everytown shows. Teens are hardly the only users. Last year, police departments seized at least 25,785 ghost guns nationwide, the Justice Department said recently, and those are just the weapons submitted by police to ATF for tracing, even though they don't have serial numbers and largely cannot be traced. In 2021, the number of guns recovered was 19,344, meaning seizures rose 33 percent the following year.

ATF has linked ghost guns to 692 homicides and nonfatal shootings through 2021, including mass killings and school shootings...

[This May] in Baltimore, authorities arrested three 14-year-olds after armed robberies and an armed carjacking. Police said one of them had a ghost gun. And in Valdosta, Ga., authorities said, a 16-year-old bought a ghost gun kit online in 2021 and assembled her own Glock-style pistol. One day while some friends were at her house, the teen accidentally shot a 14-year-old in the head, leaving him partially paralyzed, with severe brain damage and permanent physical and cognitive issues, his family's lawyer Melvin Hewitt said.
While some states have passed regulations, last year America's national firearm-regulating agency also declared parts of ghost guns to be firearms, according to the article, in an attempt to close a commonly-cited loophole. The parts makers challenged the new rule in court, lost twice, then won in a conservative federal court in Texas. The U.S. Justice Department may now appeal that decision to the higher Fifth Circuit court, and if it loses there "could appeal to the Supreme Court." Dudley Brown, the president of the National Association for Gun Rights, said he is against all regulation of privately made firearms, calling the practice of building weapons a "long and storied tradition in America."

Bank of America "will pay more than $250 million in refunds and fines," reports the Washington Post, "after federal regulators found the company systematically overcharged customers, withheld promised bonuses and opened accounts without customer approval." The Consumer Financial Protection Bureau [or CFPB] found the bank made "substantial additional revenue" for years by repeatedly charging customers $35 overdraft fees on the same transaction. The bank also denied cash and points bonuses it had pledged to tens of thousands of credit card customers. And starting in 2012, Bank of America employees enrolled customers in credit card accounts without their approval, obtaining credit reports without permission to complete the applications, the bureau said.
The bureau's director emphasized that "These practices are illegal and undermine customer trust," adding that America's CFPB "will be putting an end to these practices across the banking system."

The Post points out that Bank of America will now pay more than $100 million in restitution to customers, a $90 million fine to the CFPB and another $60 million fine to the Office of the Comptroller of the Currency. "Bank of America already has refunded customers denied credit card rewards and bonuses, the consumer bureau said. It will be repaying those it overcharged on fees by depositing funds into their account or sending a check..."

But how widespread is hte problem? Hundreds of thousands of customers were harmed over several years, the consumer agency said. Bank of America is the second largest U.S. bank, with 68 million residential and small business customers... In extra fees alone, the bank charged customers "tens of millions of dollars" between March 2020 and November 2021, federal regulators found. The regulator said Bank of America in that period hit customers with a $35 fee if they had insufficient funds to cover a charge. If the customer still lacked funds when the merchant resubmitted the transaction, the company assessed another $35 penalty... And bank employees opened credit card accounts for customers without their knowledge in a bid to meet individual sales goals, the CFPB said...

[T]he practice has given the banking industry a major black eye in recent years. Wells Fargo reached a $3.7 billion settlement with federal regulators in December over a range of violations, including opening millions of fake accounts. The CFPB fined U.S. Bank $37.5 million last summer over its own sham accounts scandal.

This is not Bank of America's first brush with federal regulators over its treatment of customers. The CFPB ordered the company to pay $727 million in 2014 over illegal credit card practices. The company paid another $225 million last year in fines over mishandling state unemployment benefits during the pandemic and a separate $10 million civil penalty over unlawful garnishments.
"The company did not admit or deny wrongdoing in its settlement with the agency..." notes the article. But a statement from the chairman of the U.S. Senate Banking Committee said Bank of America "has clearly broken the law in yet another case of Wall Street banks taking Americans' money to pad their already-massive profits...

"This kind of abuse is why we will continue to hold the big banks accountable, and it's why we need the Consumer Financial Protection Bureau — so consumers can keep their hard-earned money."

"While some states have taken steps to protect cell phone information, Massachusetts could become the first state to outright ban the sale of location data from cell phones," reports WBUR: Data brokers are able to buy and sell cell phone location data to anyone with a credit card without many restrictions. "There's very little in terms of law that prevents companies from doing this, as long as they at least include somewhere in their privacy policies that this is something that they're doing," said Andrew Sellars, a Boston University law professor and director of the Technology Law Clinic. Sellars said that there have been recent updates to operating systems that can alert users when their data is being tracked or obscure the specificity of the users' location, but overall there's little protection for buying and selling location data.

Can law enforcement agencies buy cell phone data? Yes. Sellars says that under the current law, law enforcement can circumvent obtaining a warrant to get data by buying data directly from brokers. "The Electronic Privacy Information Center has done some studies on this recently and shown that there's been a growing market of consumer location data that's handled by data brokers being bought by law enforcement at all different levels: federal, state, and local law enforcement," said Sellars...

The bill provides a defined scope of purpose in which companies can collect and use a customer's location data. Under the legislation, companies would only be allowed to use location data to provide a product or service that a consumer wants. "For example, if you are ordering food on a food app and it's using your location to know where to deliver the food, that would be a permissible use," said Sellars. "But aside from that, you are essentially prohibited from doing anything else with the data."
Earlier this week WBUR noted that the Massachusetts bill is "pending" before a state-government committee, "which has not scheduled a hearing on it."

Long-time Slashdot reader schwit1 shared this report from Reason.com: When people search for Jeffery Battle in Bing, they get the following (at least sometimes; this is the output of a search that I ran Tuesday):

Jeffrey Battle, also known as The Aerospace Professor, is the President and CEO of Battle Enterprises, LLC, and its subsidiary The Aerospace Professor Company... Battle was sentenced to eighteen years in prison after pleading guilty to seditious conspiracy and levying war against the United States...

But it turns out that this combines facts about two separate people with similar names: (1) Jeffery Battle, who is indeed apparently a veteran, businessman, and adjunct professor, and (2) Jeffrey Leon Battle, who was convicted of trying to join the Taliban shortly after 9/11. The two have nothing in common other than their similar names. The Aerospace Professor did not plead guilty to seditious conspiracy....

[T]o my knowledge, this connection was entirely made up out of whole cloth by Bing's summarization feature (which is apparently based on ChatGPT); I know of no other site that actually makes any such connection (which I stress again is an entirely factually unfounded connection).

Battle is now suing Microsoft for libel over this...