Utah's governor has signed two bills that could upend how teens in the state are able to use social media apps. Engadget reports: Under the new laws, companies like Meta, Snap and TikTok would be required to get parents permission before teens could create accounts on their platforms. The laws also require curfew, parental controls and age verification features. The laws could dramatically change how social platforms handle the accounts of their youngest users. In addition to the parental consent and age verification features, the laws also bar companies "from using a design or feature that causes a minor to have an addiction to the company's social media platform." For now, it's not clear how Utah officials intend to enforce the laws or how they will apply to teenagers' existing social media accounts. Both laws are scheduled to take effect next March.

An anonymous reader quotes a report from The Intercept: At a city council meeting in June 2021, Mayor Thomas Kilgore, of Lakeway, Texas, made an announcement that confused his community. "I believe it is my duty to inform you that a surveillance system has been installed in the city of Lakeway," he told the perplexed crowd. Kilgore was referring to a system consisting of eight license plate readers, installed by the private company Flock Safety, that was tracking cars on both private and public roads. Despite being in place for six months, no one had told residents that they were being watched. Kilgore himself had just recently learned of the cameras. "We find ourselves with a surveillance system," he said, "with no information and no policies, procedures, or protections." The deal to install the cameras had not been approved by the city government's executive branch. Instead, the Rough Hollow Homeowners Association, a nongovernment entity, and the Lakeway police chief had signed off on the deal in January 2021, giving police access to residents' footage. By the time of the June city council meeting, the surveillance system had notified the police department over a dozen times. "We thought we were just being a partner with the city," Bill Hayes, the chief operating officer of Legend Communities, which oversees the Rough Hollow Homeowners Association, said at the meeting. "We didn't go out there thinking we were being Big Brother."

Lakeway is just one example of a community that has faced Flock's surveillance without many homeowners' knowledge or approval. Neighbors in Atlanta, Georgia, remained in the dark for a year after cameras were put up. In Lake County, Florida, nearly 100 cameras went up "overnight like mushrooms," according to one county commissioner -- without a single permit. In a statement, Flock Safety brushed off the Lake County incident as an "an honest misunderstanding," but the increasing surveillance of community members' movements across the country is no accident. It's a deliberate marketing strategy. Flock Safety, which began as a startup in 2017 in Atlanta and is now valued at approximately $3.5 billion, has targeted homeowners associations, or HOAs, in partnership with police departments, to become one of the largest surveillance vendors in the nation. There are key strategic reasons that make homeowners associations the ideal customer. HOAs have large budgets -- they collect over $100 billion a year from homeowners -- and it's an opportunity for law enforcement to gain access into gated, private areas, normally out of their reach.

The founder of Terraform Labs, Do Kwon, appears to have been arrested in Montenegro, according to a tweet by the country's minister of interior, Filip Adzic. CoinDesk reports: "Montenegrin police have detained a person suspected of being one of the most wanted fugitives, South Korean citizen Do Kwon, co-founder and CEO of Singapore-based Terraform Labs," Adzic tweeted. Kwon has been the target of several investigations and was even on Interpol's red notice after stablecoin terraUSD (UST) and its $40 billion ecosystem imploded last year, sending shockwaves across the crypto markets. The suspect was detained at the Podgorica airport with falsified documents, Adzic added, saying he was still waiting for official confirmation of identity.

The Korean National Police Agency said that it had confirmed the suspect appeared to be Kwon based on checking age, name, and nationality of his ID card, according to a report by the Yonhap news agency. The unverified account of Adzic is followed by the official account of the prime minister of Montenegro, Dritan Abazovic. The tweet announcing Kwon's arrest was also retweeted by Abazovic's account. Adzic's account has previously been cited in official tweets.

The U.S. Securities and Exchange Commission sued Justin Sun Wednesday on allegations of selling and airdropping unregistered securities, fraud and market manipulation. From a report: The SEC said in a press release it was suing Sun, the Tron Foundation, the BitTorrent Foundation and BitTorrent (now known as Rainberry) over the sale of tronix (TRX) and BitTorrent (BTT) tokens, which it described as unregistered crypto asset securities. The regulator further alleged that the defendants "fraudulently manipulat[ed]" TRX's secondary market through an "extensive wash trading" scheme. The agency is also suing Lindsay Lohan, Jake Paul, Soulja Boy, Lil Yachty, Ne-Yo, Akon and Michele Mason on illegal touting charges for their roles allegedly promoting TRX and BTT without disclosing they were paid to do so. The majority of these celebrities settled the charges.

Sun, who was named Grenada's ambassador to the World Trade Organization (WTO) last year, tried to artificially inflate TRX's trading volume through the wash trading scheme, the SEC alleged, by having his own employees "engage in more than 600,000 wash trades of TRX between two crypto asset trading platform accounts he controlled." Somewhere between 4.5 million and 7.4 million TRX was traded daily through these wash trades, the agency said.

Top tech companies are mounting a push to limit how US intelligence agencies collect and view texts, emails and other information about their users, especially American citizens. From a report: The companies, including Alphabet's Google, Meta Platforms and Apple, want Congress to limit Section 702 of the Foreign Intelligence Surveillance Act, as they work to renew the law before it expires at the end of the year, according to three people familiar with the discussions. There is a growing bipartisan consensus in Congress to not only renew the law but to make changes in response to a series of reports and internal audits documenting abuses. That's left the tech industry optimistic that broader reforms will get through Congress this time, according to two lobbyists who asked not to be identified relaying internal discussions.

The law, passed by Congress in 2008 in response to revelations of warrantless spying on US citizens by the Bush administration, granted sweeping powers that have been criticized over the years for different reasons. Civil liberties groups think more privacy protections are needed. Former President Donald Trump and his allies claim that spying powers enable intelligence agencies to conspire against conservatives. "Reforms are needed to ensure dragnet surveillance programs operate within constitutional limits and safeguard American users' rights, through appropriate transparency, oversight and accountability," said Matt Schruers, president of the tech trade group Computer & Communications Industry Association, which counts Apple, Google, Meta and Amazon among its members. Intelligence agencies say Section 702 is an essential tool that has generated critical information on the espionage and hacking activities of countries such as China and contributed to the successful drone strike that killed al-Qaeda leader Ayman al-Zawahiri last year.

The Supreme Court will take a break on Wednesday from the unusually political mix of cases it decided to hear during its current term, to consider a case about poop jokes. From a report: Jack Daniel's v. VIP Products asks whether VIP Products, the nation's second-largest maker of dog toys, infringed upon the whiskey maker's trademarked bottle shape and label when it sold dog toys that resemble a bottle of Jack Daniel's. The dog toy, named "Bad Spaniels," juxtaposes imagery drawn from the whiskey maker's trademarks with a gag about a dog dropping âoethe old No. 2 on your Tennessee carpet." Jack Daniel's seeks a court order prohibiting VIP from continuing to sell this toy.

Jack Daniel's is, on the surface, a very silly case, which prompted some very silly attempts by the whiskey maker's lawyers to explain why their client is so offended by this dog toy. Sample quote from their brief: "Jack Daniel's loves dogs and appreciates a good joke as much as anyone. But Jack Daniel's likes its customers even more, and doesn't want them confused or associating its fine whiskey with dog poop." Lurking below the surface, however, are very serious questions about the First Amendment. And about how far courts should go in second-guessing Congress's decisions about how to balance the needs of the marketplace with the demands of free speech. VIP has strong legal arguments that it should prevail in this case, but Jack Daniel's also raises strong claims that the lower courts did too much to undermine federal trademark law.

Google defended its use of "history-off chats" for many internal communications, denying the US government's allegation that it intentionally destroyed evidence needed in an antitrust case. The history-off setting causes messages to be automatically deleted within 24 hours. Ars Technica reports: The US government and 21 states last month asked a court to sanction Google for allegedly using the auto-delete function on chats to destroy evidence and accused Google of falsely telling the government that it suspended its auto-deletion practices on chats subject to a legal hold. Google opposed the motion for sanctions on Friday in a filing (PDF) in US District Court for the District of Columbia. Google said it uses a "tiered approach" for preserving chats. "When there is litigation, Google instructs employees on legal hold not to use messaging apps like Google Chat to discuss the subjects at issue in the litigation and, if they must, to switch their settings to 'history on' for chats regarding the subjects at issue in the litigation, so that any such messages are preserved," the Google filing said.

Google said the government plaintiffs "contend that the Federal Rules specifically mandate that Google should have applied a forced history on setting for all custodians for all chats created while the custodian was on legal hold, regardless of the possible relevance of the message to the litigation." But federal rules only require "reasonable steps to preserve" information, Google pointed out. "Google's vast preservation efforts here -- and specifically its methodology with respect to history-off chats -- were 'reasonable steps' under the Rule," Google argued. Google said the US and state attorneys general "have not been denied access to material information needed to prosecute these cases and they have offered no evidence that Google intentionally destroyed such evidence." Google also argued that the objections came too late, alleging that the government knew before litigation began "that there was a subset of chats not automatically retained." "Plaintiffs' motions are barred at the outset because they were on notice of Google's approach to chats for years, yet did not object until well after the close of discovery. Those tactics should not be countenanced," Google told the court.

Google said its November 2019 disclosures in an ESI (Electronically Stored Information) questionnaire "show that the distinction between 'on-the-record' and other chats was apparent to anyone who wanted to pursue the matter from the outset of DOJ's investigation. For instance, the ESI Questionnaire response specifies that chat 'messages are generally retained for a period of 30 days if they have been marked on-the-record, and potentially longer if on-the-record messages are on legal hold.'" Google also said, "it is no secret how Google's Chat product operates" because it's a publicly available product and the Google Chat website explains the history-off feature. The Justice Department's motion last month said things happened very differently. "Google systematically destroyed an entire category of written communications every 24 hours" for nearly four years, the government motion said, continuing [...].

Microsoft has won dismissal of a private consumer antitrust lawsuit over its $69 billion proposed purchase of "Call of Duty" maker Activision Blizzard, but the plaintiffs were given 20 days to refine their legal challenge. From a report: A federal judge in San Francisco ruled that the lawsuit from a group of video game plaintiffs "lacks allegations" supporting their claim that the proposed acquisition would harm market competition. "Plaintiffs' general allegation that the merger may cause 'higher prices, less innovation, less creativity, less consumer choice, decreased output, and other potential anticompetitive effects' is insufficient," wrote U.S. District Judge Jacqueline Corley. "Why? How?" The decision does not affect the U.S. Federal Trade Commission's (FTC) regulatory challenge to the largest-ever gaming industry deal.

Indian authorities severed mobile internet access and text messaging for a second day Sunday across Punjab, a state of about 27 million people, as officials sought to capture a Sikh separatist and braced for potential unrest. The Washington Post reports: The statewide ban -- which crippled most smartphone services except for voice calls and some SMS text messages -- marked one of the broadest shutdowns in recent years in India, a country that has increasingly deployed the law enforcement tactic, which digital rights activists call draconian and ineffective. The Punjab government, led by the opposition Aam Admi Party, initially announced a 24-hour ban starting midday Saturday as its security forces launched a sprawling operation to arrest the fugitive Amritpal Singh, then extended the ban Sunday for another 24 hours.

Singh, a 30-year-old preacher, has been a popular figure within a separatist movement that seeks to establish a sovereign state in Punjab called Khalistan for followers of the Sikh religion. He rocketed to nationwide notoriety in February after his supporters stormed a police station to free one of his jailed supporters. The Khalistan movement is outlawed in India and considered a top national security threat by officials, but the movement has sympathizers across Punjab state, which is majority Sikh, and among members of the large Sikh diaspora who have settled in countries such as Canada and Britain. In a bid to forestall unrest and curtail what it called "fake news," Punjab authorities blocked mobile internet service beginning at noon Saturday, shortly after they failed to apprehend Singh as he drove through central Punjab with a cavalcade of supporters. Officials were probably also motivated by a desire to deprive Singh's supporters of social media, which they briefly used Saturday to seek help and organize their ranks.

Singh was still on the run as of late Sunday, and the 4G blackout remained in effect. Three Punjab residents who spoke to The Washington Post said life had been disrupted since midday Saturday. Only essential text messages, such as confirmation codes for bank transfers, were trickling through. Wired internet services were not affected. "My entire business is dependent on internet," said Mohammad Ibrahim, who accepts QR code-based payments at his two clothing shops in a village outside of Ludhiana and also sells garments online. "Since yesterday, I've felt crippled."

A U.S. and Greek national who worked on Meta's security and trust team while based in Greece was placed under a yearlong wiretap by the Greek national intelligence service and hacked with a powerful cyberespionage tool, according to documents obtained by The New York Times and officials with knowledge of the case. From the report: The disclosure is the first known case of an American citizen being targeted in a European Union country by the advanced snooping technology, the use of which has been the subject of a widening scandal in Greece. It demonstrates that the illicit use of spyware is spreading beyond use by authoritarian governments against opposition figures and journalists, and has begun to creep into European democracies, even ensnaring a foreign national working for a major global corporation.

The simultaneous tapping of the target's phone by the national intelligence service and the way she was hacked indicate that the spy service and whoever implanted the spyware, known as Predator, were working hand in hand. The latest case comes as elections approach in Greece, which has been rocked by a mounting wiretapping and illegal spyware scandal since last year, raising accusations that the government has abused the powers of its spy agency for illicit purposes. The Predator spyware that infected the device is marketed by an Athens-based company and has been exported from Greece with the government's blessing, in possible breach of European Union laws that consider such products potential weapons, The New York Times found in December. The Greek government has denied using Predator and has legislated against the use of spyware, which it has called "illegal."

After almost 17 years online, file-hosting veteran Zippyshare will shut down at the end of the month. TorrentFreak: Founded in 2006, Zippyshare was known for its free, no-nonsense, no-frills approach to storing files online. Having changed very little over the years, Zippyshare's operators say the platform is now a dinosaur that costs too much to run in a world where ad-blocking is widespread. Zippyshare said, "Since 2006 we have been on the market in an unchanged form, that is, as ad financed/free file hosting. However, you have been visiting in less and less over the years, as the arguably very simple formula of the services we offer is slowly running out of steam. I guess all the competing file storage service companies on the market look better, offer better performance and more features. No one needs a dinosaur like us anymore."

A federal judge on Monday will weigh pleas by four major book publishers to stop an online lending library from freely offering digital copies of books, in a case that raises novel questions about digital-library rights and the reach of copyright law that protects the work of writers and publishers. From a report: Nonprofit organization Internet Archive created the digital books, building its collection by scanning physical book copies in its possession. It lends the digital versions to readers worldwide, with more than three million digitized books on offer. Titles range from Stephen King's scary bestseller "It" to Kristin Hannah's historical novel "The Nightingale." The archive expanded its digital lending during the Covid-19 pandemic, temporarily lifting limits on how many people could check out a book at one time. The move helped prompt the publishers' copyright infringement lawsuit in 2020, which is pending before U.S. District Judge John Koeltl in Manhattan.

The plaintiffs are Lagardere SCA's Hachette Book Group, John Wiley and Sons, Bertelsmann SE's Penguin Random House, and HarperCollins Publishers, which like The Wall Street Journal is owned by News Corp. They argue the Internet Archive book platform "constitutes willful digital piracy on an industrial scale" and hurts writers and publishers who rely on consumers buying their products. William Adams, general counsel for HarperCollins Publishers, said the archive's approach has no basis in law. "What they're doing is supplanting what authors and publishers do with libraries and have been doing for a long time," he said. The Internet Archive says its lending practices are a fair and legal use of the books, in the same way that traditional bricks-and-mortar libraries have a right to share their collections with the public.

And starting in 2021 — long before the run on Silicon Valley Bank — the Federal Reserve had "repeatedly warned the bank that it had problems," reports the New York Times: In 2021, a Fed review of the growing bank found serious weaknesses in how it was handling key risks. Supervisors at the Federal Reserve Bank of San Francisco, which oversaw Silicon Valley Bank, issued six citations. Those warnings, known as "matters requiring attention" and "matters requiring immediate attention," flagged that the firm was doing a bad job of ensuring that it would have enough easy-to-tap cash on hand in the event of trouble.

But the bank did not fix its vulnerabilities. By July 2022, Silicon Valley Bank was in a full supervisory review — getting a more careful look — and was ultimately rated deficient for governance and controls. It was placed under a set of restrictions that prevented it from growing through acquisitions. Last autumn, staff members from the San Francisco Fed met with senior leaders at the firm to talk about their ability to gain access to enough cash in a crisis and possible exposure to losses as interest rates rose.

It became clear to the Fed that the firm was using bad models to determine how its business would fare as the central bank raised rates: Its leaders were assuming that higher interest revenue would substantially help their financial situation as rates went up, but that was out of step with reality. y early 2023, Silicon Valley Bank was in what the Fed calls a "horizontal review," an assessment meant to gauge the strength of risk management. That checkup identified additional deficiencies — but at that point, the bank's days were numbered. In early March, it faced a run and failed within a matter of days....

The picture that is emerging is one of a bank whose leaders failed to plan for a realistic future and neglected looming financial and operational problems, even as they were raised by Fed supervisors. For instance, according to a person familiar with the matter, executives at the firm were told of cybersecurity problems both by internal employees and by the Fed — but ignored the concerns.
The Federal Reserve Bank system has 12 distircts, and the one overseeing California had a board of directors which included SVB's CEO Greg Becker, the article points out. "While board members do not play a role in bank supervision, the optics of the situation are bad."

Gizmodo reports that Amazon "is thinking about releasing a web browser, a boring-sounding project that could have massive implications." The company has sent a survey to users asking detailed questions, including which features would "convince you to download and try" a "new desktop/laptop browser from Amazon...."

The survey asked a variety of questions. Most telling was the last question: "Imagine that there is a new desktop/laptop browser from Amazon available to do. Select which of the following you would most like to know more about." The survey went on to list topics such as privacy, syncing passwords across devices, and shopping features.... Users were asked to rate the importance of features including text to speech, extensions, the availability to sync data across desktop and mobile devices, and — notably — blocking third party cookies.

Amazon seems to be seriously considering a web browser of its own, and it comes at a time when it would have an unusual impact on the advertising business. The ad industry is bracing for cataclysmic change as Google moves closer to killing third-party cookies in Chrome, the world's most popular web browser, which would kneecap one of the primary ways businesses track consumers for ads.... Part of what makes Amazon so attractive to marketers is the fact that the company sits on a treasure trove of data about what consumers are buying and what their shopping habits are like. If Amazon could match that information with the data collection that comes from a web browser, it could tip the scales of internet advertising in favor of the retail giant.
One thing Amazon asked users is whethered they'd be convinced to download and try a browser if it offered "AI-enabled tab, history, and bookmarks management to automatically sort these into categories for quick search and retrieval."

An anonymous reader quotes a report from Bloomberg: Federal agents have arrested a Peekskill, New York, man they say ran the notorious dark web data-breach site "BreachForums" under the name "Pompompurin." Conor Brian Fitzpatrick was arrested by a team of investigators at his home around 4:30 p.m. Wednesday, an FBI agent said in a sworn statement filed in court the next day. Fitzpatrick is charged with a single count of conspiracy to commit access device fraud.

BreachForums hosted the stolen databases of almost 1,000 companies and websites. The databases often includes personal information, such as names, emails and passwords. The information is offered for sale by users of the site and can be used for fraud. Pompompurin's profile on BreachForums describes him as "Bossman" and pictures the Sanrio Co. cartoon dog whose name he used as an online alias. The profile shows Fitzpatrick's most recent visit to the site was Wednesday at 3:53 p.m., shortly before his arrest. The FBI agent, who led the other agents in the arrest, said Fitzpatrick admitted he had used the alias "Pompompurin" and was the owner and operator of BreachForums.

In November 2021, Pompompurin claimed responsibility for sending out fake emails that originated from an "fbi.gov" email address. Pompompurin claimed responsibility for the breach in an interview with Brian Krebs. Details of the charges, filed in federal court in Alexandria, Virginia, have not been made public. A spokeswoman for the US Attorney in Alexandria didn't return phone and email messages seeking comment. Fitzpatrick was presented in federal court in White Plains, New York, and released on a $300,000 unsecured bond, signed by his parents. Fitzpatrick is required to avoid any contact with co-defendant, co-conspirators and witnesses in the case. He's due to appear in court in Alexandria on March 24.

The Brazilian government is studying whether to regulate Internet platforms with content that earns revenue such as advertising, its secretary for digital policies, Joao Brant, said on Friday. Reuters reports: The idea would be for a regulator to hold such platforms, not consumers, accountable for monetized content, Brant told Reuters. Another goal is "to prevent the networks from being used for the dissemination and promotion of crimes and illegal content" especially after the riots by supporters of former far-right President JairBolsonaro in Brasilia in January, fueled by misinformation about the election he lost in October.

Brant said President Luiz Inacio Lula da Silva's government also intends to make companies responsible for stopping misinformation, hate speech and other crimes on their social media platforms. Platforms would not be held responsible for content individually, but for how diligent they are in protecting the "digital environment," he said in an interview. Brant did not detail what the regulatory body would look like, but said the government wants to regulate monetized content and prevent the platforms from spreading misinformation.

The UK Space Agency said Friday it would back research by Rolls-Royce looking at the use of nuclear power on the moon. CNBC reports: In a statement, the government agency said researchers from Rolls-Royce had been working on a Micro-Reactor program "to develop technology that will provide power needed for humans to live and work on the Moon." The UKSA will now provide [around $3.52 million] of funding for the project, which it said would "deliver an initial demonstration of a UK lunar modular nuclear reactor."

Rolls-Royce is set to work with a range of organizations on the project, including the University of Sheffield's Advanced Manufacturing Research Centre and Nuclear AMRC, and the University of Oxford. "Developing space nuclear power offers a unique chance to support innovative technologies and grow our nuclear, science and space engineering skills base," Paul Bate, chief executive of the UK Space Agency, said. Bate added that Rolls-Royce's research "could lay the groundwork for powering continuous human presence on the Moon, while enhancing the wider UK space sector, creating jobs and generating further investment." According to the UKSA, Rolls-Royce [...] is aiming "to have a reactor ready to send to the Moon by 2029."

An anonymous reader quotes a report from The Register: A cancer patient whose nude medical photos and records were posted online after they were stolen by a ransomware gang, has sued her healthcare provider for allowing the "preventable" and "seriously damaging" leak. The proposed class-action lawsuit stems from a February intrusion during which malware crew BlackCat (also known as ALPHV) broke into one of the Lehigh Valley Health Network (LVHN) physician's networks, stole images of patients undergoing radiation oncology treatment along with other sensitive health records belonging to more than 75,000 people, and then demanded a ransom payment to decrypt the files and prevent it from posting the health data online. The Pennsylvania health care group, one of the largest in the US state, oversees 13 hospitals, 28 health centers, and dozens of other physicians' clinics, pharmacies, rehab centers, imaging and lab services. LVHN refused to pay the ransom, and earlier this month BlackCat started leaking patient info, including images of at least two breast cancer patients, naked from the waist up.

According to the lawsuit [PDF] filed this week, here's how one of the patients, identified as "Jane Doe" found out about the data breach -- and that LVHN had stored nude images of her on its network in the first place. On March 6, LVHN VP of Compliance Mary Ann LaRock, called Doe and told her that her nude photos had been posted on the hackers' leak site. "Ms. LaRock offered plaintiff an apology, and with a chuckle, two years of credit monitoring," the court documents say. In addition to swiping the very sensitive photos, the crooks also made off with everything needed for identity fraud.

According to the lawsuit, LaRock also told Doe that her physical and email addresses, along with date of birth, social security number, health insurance provider, medical diagnosis and treatment information, and lab results were also likely stolen in the breach. "Given that LVHN is and was storing the sensitive information of plaintiff and the class, including nude photographs of plaintiff receiving sensitive cancer treatment, LVHN knew or should have known of the serious risk and harm that could occur from a data breach," the lawsuit says. It claims LVHN was negligent in its duty to safeguard patients' sensitive information, and seeks class action status for everyone whose data was exposed with monetary damages to be determined. Pennsylvania attorney Patrick Howard, who is representing Doe and the rest of the plaintiffs in the proposed class action, said he expects the number of patients affected by the breach to be in the "hundreds, if not thousands."

New Zealand will ban TikTok on devices with access to the parliamentary network because of cybersecurity concerns, a government official said on Friday. CNBC reports: TikTok will be banned on all devices with access to New Zealand's parliamentary network by the end of March, said Parliamentary Service Chief Executive Rafael Gonzalez-Montero. Gonzalez-Montero, in an email to Reuters, said the decision was taken after advice from cybersecurity experts and discussions within government and with other countries.

"Based on this information the Service has determined that the risks are not acceptable in the current New Zealand Parliamentary environment," he said. Special arrangements can be made for those who require the app to do their jobs, he added.

The FBI and the Department of Justice are investigating the events that led TikTok's Chinese parent company, ByteDance, to use the app to surveil American journalists, including this reporter, Forbes reported, citing sources familiar with the departments' actions. From the report: According to a source in position to know, the DOJ Criminal Division, Fraud Section, working alongside the Office of the U.S. Attorney for the Eastern District of Virginia, has subpoenaed information from ByteDance regarding efforts by its employees to access U.S. journalists' location information or other private user data using the TikTok app. According to two sources, the FBI has been conducting interviews related to the surveillance. ByteDance's use of the app to surveil U.S. citizens was first reported by Forbes in October, and confirmed by an internal company investigation in December.

"We have strongly condemned the actions of the individuals found to have been involved, and they are no longer employed at ByteDance. Our internal investigation is still ongoing, and we will cooperate with any official investigations when brought to us," said ByteDance spokesperson Jennifer Banks. This is the first report of the federal government investigating ByteDance's surveillance practices. It is not clear if the DOJ's subpoena is connected to the FBI's interviews. The DOJ and the FBI are both part of the interagency Committee on Foreign Investment in the United States (CFIUS), which this week demanded that ByteDance divest from TikTok or face a nationwide ban of the app. For the past several years, CFIUS has attempted to negotiate a national security contract with TikTok meant to mitigate concerns that it could be used by the Chinese government to access valuable private information about U.S. citizens or manipulate U.S. civic discourse.