NEW YORK—The United Automobile Workers (UAW), Communications Workers of America (CWA), and American Federation of Teachers (AFT) filed a lawsuit today against the Departments of State and Homeland Security for their viewpoint-based surveillance and suppression of protected expression online. The complaint asks a federal court to stop this unconstitutional surveillance program, which has silenced and...

An anonymous reader quotes a report from Ars Technica: Record labels Sony, Warner, and Universal yesterday asked the Supreme Court to help it boot pirates off the Internet. Sony and the other labels filed their brief (PDF) in Cox Communications v. Sony Music Entertainment, a case involving the cable Internet service provider that rebuffed labels' demands for mass terminations of broadband subscribers accused of repeat copyright infringement. The Supreme Court's eventual decision in the case may determine whether Internet service providers must terminate the accounts of alleged pirates in order to avoid massive financial liability. Cox has argued (PDF) that copyright-infringement notices -- which are generated by bots and flag users based on their IP addresses -- sent by record labels are unreliable. Cox said ISPs can't verify whether the notices are accurate and that terminating an account would punish every user in a household where only one person may have illegally downloaded copyrighted files. Record labels urged the Supreme Court to reject this argument. "While Cox waxes poetic about the centrality of Internet access to modern life, it neglects to mention that it had no qualms about terminating 619,711 subscribers for nonpayment over the same period that it terminated just 32 for serial copyright abuse," the labels' brief said. "And while Cox stokes fears of innocent grandmothers and hospitals being tossed off the Internet for someone else's infringement, Cox put on zero evidence that any subscriber here fit that bill. By its own admission, the subscribers here were 'habitual offenders' Cox chose to retain because, unlike the vast multitude cut off for late payment, they contributed to Cox's bottom line." Record labels were referring to a portion of Cox's brief that said, "Grandma will be thrown off the Internet because Junior illegally downloaded a few songs on a visit."

Read more of this story at Slashdot.

Christopher Brown reports: LinkedIn Corp. must face three related lawsuits alleging it collected the sensitive information of visitors to several health-related websites without their consent in violation of California privacy laws. The individual plaintiffs in two of the proposed class actions adequately pleaded claims of invasion of privacy under the California Constitution and violations of...

Three House Democrats questioned the Department of Homeland Security on Monday over a reported Immigration and Customs Enforcement contract with a spyware provider that they warn potentially “threatens Americans’ freedom of movement and freedom of speech.”

Their letter follows publication of a notice that ICE had lifted a stop-work order on a $2 million deal with Israeli spyware company Paragon Solutions, a contract that the Biden administration had frozen one year ago pending a review of its compliance with a spyware executive order.

Paragon is the maker of Graphite, and advertises it as having more safeguards than competitors that have received more public and legal scrutiny, such as NSO Group’s Pegasus, a claim researchers have challenged. A report earlier this year found suspected deployments of Graphite in countries across the globe, with targets including journalists and activists. WhatsApp also notified users this year about a Paragon-linked campaign targeting them. The tool can infect phones without its target having to click on any malicious lure, then mine data from them.

“Given the Trump Administration’s disregard for constitutional rights and civil liberties in pursuit of rapid mass deportation, we are seriously concerned that ICE will abuse Graphite software to target immigrants, people of color, and individuals who express opposition to ICE’s repeated attacks on the rule of law,” the three congressional Democrats, two of whom serve as ranking members of House Oversight and Government Reform subcommittees, wrote Monday.

The trio behind the letter are Reps. Summer Lee of Pennsylvania, top Democrat on the Subcommittee on Federal Law Enforcement; Ohio Rep. Shontel Brown, ranking member of the Subcommittee on Cybersecurity, Information Technology and Government Innovation; and Rep. Yassamin Ansari of Arizona.

Their letter pointed to two Supreme Court rulings — Riley v. California from 2014 and Carpenter v. United States from 2018 — that addressed warrantless surveillance of cellular data. “Allowing ICE to utilize spyware raises serious questions about whether ICE will respect Fourth Amendment protections against warrantless search and seizure for people residing in the U.S.,” the lawmakers wrote.

The trio also asked for communications and documents about ICE’s use of spyware, as well as legal discussions about ICE using spyware and its compliance with the 2023 Biden executive order. They also sought a list of data surveillance targets.

ICE’s surveillance tactics have long drawn attention, but they’ve gained more attention in the Trump administration, which has sought to vastly expand the agency. ICE has conducted raids that have often swept in U.S. citizens. Other federal contracting records have pointed to ICE’s intentions to develop a 24/7 social media surveillance regime.

DHS and ICE did not immediately answer requests for comment about the Democrats’ letter. ICE has not provided answers about the contract in other media inquiries. 

404 Media is suing for information about the ICE contract.

The post House Dems seek info about ICE spyware contract, wary of potential abuses appeared first on CyberScoop.

Researching a crime on ChatGPT that you just committed may not be the smartest move. Kathryn Skopec reports: A Springfield teen allegedly damaged 17 vehicles in a Missouri State University (MSU) freshman parking lot in late August, with ChatGPT and cell data used in the investigation leading to his arrest. […] The SPD also later...

Federal courts are upgrading their cybersecurity on a number of fronts, but multifactor authentication for the system that gives the public access to court data poses “unique challenges,” the Administrative Office of the United States Courts told Sen. Ron Wyden in a letter this week.

Wyden, D-Ore., wrote a scathing August letter to the Supreme Court in response to the latest major breach of the federal judiciary’s electronic case filing system. The director of the Administrative Office of the United States Courts responded on behalf of the Supreme Court.

It is “simply not the case” that the courts have, in the words of Wyden, “ignored” advice from experts on securing the Case Management/Electronic Case Files (CM/ECF) system, wrote Robert Conrad Jr., director of the office.

“Substantial planning for the modernization effort began in 2022, and we are now approaching the development and implementation phase of the project,” he wrote in the Sept. 30 letter. “We expect implementation will begin in the next two years in a modular and iterative manner.”

In recent years, the office has been testing technical components on its modernization effort, and is centralizing the operation of data standards to enable security, Conrad said.

Wyden took the office to task for not enabling phishing-resistant multifactor authentication (MFA). Conrad wrote that the office was in the process of rolling out MFA to the 5 million users of PACER, the public case data system.

“The Judiciary has unique challenges in implementing MFA due to the significant diversity of users,” he responded. “PACER users range from sophisticated, high-volume data aggregators and well-resourced law firms to journalists and ordinary citizens, to indigent litigants. All PACER users need access to court records, but some do not have traditional forms of MFA they can use. The design and implementation of our MFA implementation requires consideration of these unique needs.”

Wyden also took issue with the lack of public explanations about the series of court breaches. Conrad wrote that the breaches are “sensitive from both a law enforcement and national security perspective,” and need to be kept confidential, but noted that the courts have briefed congressional Judiciary, Appropriations and Intelligence committees on a classified basis.

“Even after back-to-back catastrophic hacks of the federal court system, Chief Justice [John Roberts] continues to stonewall Congress and cover up the judiciary’s gross negligence that has enabled these hacks,” Wyden said in response to the Conrad letter. “It is long past time for the courts to follow the same minimum cybersecurity standards as the executive branch, but since Chief Justice Roberts and the Judicial Conference refuse to set such requirements, Congress must step in and legislate.”

Court Watch was the first to report on the contents of the letter.

The post Federal judiciary touts cybersecurity work in wake of latest major breach appeared first on CyberScoop.

Heerea Rikhraj reports: Health tech company Verily is facing a lawsuit filed by former employee Ryan Sloan alleging that the company wrongly terminated him after he escalated complaints that the team engaged in practices that violated the Health Insurance Portability and Accountability Act (HIPAA). Sloan was employed as the chief commercial officer for Onduo —...

Allison Grande reports: Rural lifestyle retailer Tractor Supply Co. will pay a $1.35 penalty and overhaul its data privacy practices to resolve the California privacy agency’s claims that it failed to properly notify consumers and job applicants of their privacy rights, maintain adequate agreements with service providers and provide consumers with an effective way to...

From the Federal Trade Commission: The Federal Trade Commission is taking action against the operator of the Sendit anonymous messaging app for unlawfully collecting personal data from children, misleading users by sending messages from fake “people,” and tricking consumers into purchasing paid subscriptions by falsely promising to reveal the senders of anonymous messages. A complaint,...

James Reddick reports: Google has agreed to pay out $48 million and the menstrual tracking app Flo Health will pay $8 million to resolve a class-action lawsuit alleging the app illegally shared people’s health data. Google previously reached an agreement with the plaintiffs in July just before the case went to trial but the terms...

Google has asked the U.S. Supreme Court to pause a judge's order requiring major changes to its Play Store after losing an antitrust case to Epic Games. The injunction would force Google to allow rival app stores, external billing links, and broader competition -- changes Google says could harm users and developers. Epic argues they're necessary to break Google's monopoly. Reuters reports: Google said it has urged the U.S. Supreme Court to halt key parts of a judge's order that would force major changes to its app store Play, as it prepares to appeal a decision in a lawsuit brought by "Fortnite" maker Epic Games. Google called the judge's order unprecedented, and said it would cause reputational harm, safety and security risks and put the company at a competitive disadvantage if allowed to take effect, according to a filing, opens new tab provided late on Wednesday by Google, which said it had submitted it to the court. [...] Google in its Supreme Court filing said that the changes will have enormous consequences for more than 100 million U.S. Android users and 500,000 developers. It asked the court to decide by October 17 whether to put the order on hold. Google said it plans to file its appeal to the Supreme Court by October 27, which could allow the justices to take up the case during their nine-month term that begins on October 6. Epic in a statement said Google is relying on what it called "flawed security claims" to justify its control over Android devices. "The court's injunction should go into effect as ordered so consumers and developers can benefit from competition, choices and lower prices," Epic said. The jury, siding with Epic in the trial, found that Google illegally stifled competition. Donato subsequently issued the order directing Google to make changes to its app store.

Read more of this story at Slashdot.

The Supreme Court has temporarily allowed President Trump to fire Rebecca Slaughter, the last Democrat on the FTC. "The court's action is technically temporary, since the justices said they will hear arguments in the case in December, but every indication is that the conservative court majority will use the case to reverse a major Supreme Court precedent that dates back almost a century," reports NPR. From the report: Congress created the FTC and lots of other agencies to be multi-member, bipartisan regulatory agencies. And the Supreme Court in 1935 upheld those statutes ruling ruled against then-President Franklin D. Roosevelt's claim that he could fire FTC commissioners at will. In a unanimous opinion at the time, the court said Congress acted within its powers in declaring that a commissioner could only be fired for misconduct -- not for a policy disagreement. But now, prodded by President Trump, the court's six-member conservative majority seems poised to remake the way independent agencies operate. And if the handwriting on the wall is as clear as it seems to be, the independent agencies won't be independent. Their membership will be subject to the will of the president. The court's action Monday was hardly subtle. While the lower courts had ruled that the president could not fire Slaughter, under the court's 1935 precedent, the conservative Supreme Court majority allowed the president to fire her. Indeed, her name isn't even on the FTC website anymore. And the court so far has allowed Trump to fire other agency board members. In short, the justices are not playing hide-the-ball. And it's a good bet that the court will reverse the 1935 precedent, which until now had been reaffirmed multiple times. The result will be that whereas in the past, these agencies had to be bipartisan, with a minority of opposition party members, now there will be no such requirement. In short, Trump can name all the agency members. And if his successor is a Democrat, he or she can fire all the Republicans.

Read more of this story at Slashdot.

An anonymous reader quotes a report from CalMatters: A California attorney must pay a $10,000 fine for filing a state court appeal full of fake quotations generated by the artificial intelligence tool ChatGPT. The fine appears to be the largest issued over AI fabrications by a California court and came with a blistering opinion (PDF) stating that 21 of 23 quotes from cases cited in the attorney's opening brief were made up. It also noted that numerous out-of-state and federal courts have confronted attorneys for citing fake legal authority. "We therefore publish this opinion as a warning," it continued. "Simply stated, no brief, pleading, motion, or any other paper filed in any court should contain any citations -- whether provided by generative AI or any other source -- that the attorney responsible for submitting the pleading has not personally read and verified." The opinion, issued 10 days ago in California's 2nd District Court of Appeal, is a clear example of why the state's legal authorities are scrambling to regulate the use of AI in the judiciary. The state's Judicial Council two weeks ago issued guidelines requiring judges and court staff to either ban generative AI or adopt a generative AI use policy by Dec. 15. Meanwhile, the California Bar Association is considering whether to strengthen its code of conduct to account for various forms of AI following a request by the California Supreme Court last month. The Los Angeles-area attorney fined last week, Amir Mostafavi, told the court that he did not read text generated by the AI model before submitting the appeal in July 2023, months after OpenAI marketed ChatGPT as capable of passing the bar exam. A three-judge panel fined him for filing a frivolous appeal, violating court rules, citing fake cases, and wasting the court's time and the taxpayers money, according to the opinion. Mostafavi told CalMatters he wrote the appeal and then used ChatGPT to try and improve it. He said that he didn't know it would add case citations or make things up.

Read more of this story at Slashdot.

Mickey Mouse's first movie Steamboat Willie entered the public domain in 2024. Now one of America's largest personal injury firms is suing Disney, reports the Associated Press, "in an effort to get a ruling that would allow it to use Steamboat Willie in advertisements..." [The law firm said] it had reached out to Disney to make sure the entertainment company wouldn't sue them if they used images from the animated film for their TV and online ads. Disney's lawyers responded by saying they didn't offer legal advice to third parties, according to the lawsuit. Morgan & Morgan said it was filing the lawsuit to get a decision because it otherwise feared being sued by Disney for trademark infringement if it used Steamboat Willie. "Without waiver of any of its rights, Disney will not provide such advice in response to your letter," Disney's attorneys wrote in their letter (adding "Very truly yours..."). A local newscast showed a glimpse of the letter, along with a few seconds of the ad (which ends with Minnie Mouse pulling out a cellphone to call for a lawyer...) Attorney John Morgan tells the newscast that Disney's legal team "is playing cute, and so we're just trying to get a yes or no answer.. They wrote us back a bunch of mumbo-jumbo that made no sense, didn't answer the question. We tried it again, they didn't answer the question..." (The newscast adds that the case isn't expected to go to court for at least a year.)

Read more of this story at Slashdot.

Conor Duffy of Robinson + Cole writes: On September 10, 2025, the U.S. Court of Appeals for the Fifth Circuit dismissed an appeal of the federal court ruling vacating key provisions of the HIPAA reproductive health care regulations, which appears to signal the end of the Purl case (previously discussed here) and to confirm the end of provisions...

Suzanne Smalley reports: A California federal judge on Monday rejected a bid by Meta to overturn a jury verdict finding the tech giant liable for using a period tracking tool to illegally obtain sensitive reproductive health data from millions of women. In refusing to overturn the decision or greenlight a new trial, U.S. District Judge...

The Internet Archive has reached a confidential settlement with Universal Music Group and other major labels, "ending a closely watched copyright battle over the nonprofit's effort to digitize and stream historic recordings," reports the San Francisco Chronicle. From the report: The case (PDF), UMG Recordings, Inc. v. Internet Archive, targeted the Archive's Great 78 Project, an initiative to digitize more than 400,000 fragile shellac records from the early 20th century. The collection includes music by artists such as Frank Sinatra, Ella Fitzgerald and Billie Holiday, and has been made available online for free public access. Record labels including Universal, Sony Music Entertainment and Capitol Records had sought $621 million in damages, arguing the Archive's streaming of these recordings constituted copyright infringement. The Internet Archive, based in San Francisco's Richmond District, describes itself as a digital library dedicated to providing "universal access to all knowledge." Its director of library services, Chris Freeland, acknowledged the settlement in a brief statement. "The parties have reached a confidential resolution of all claims and will have no further public comment on this matter," he wrote.

Read more of this story at Slashdot.

Cory Santos reports: A lawsuit in Illinois accuses Home Depot of collecting customer data without consent. The plaintiff, Benjamin Jankowski, filed the class action suit against Home Depot on August 1 in US District Court, alleging violations of the state’s consumer privacy laws. Jankowski, a regular shopper at Home Depot, claims that when checking out...

Hunton Andrews Kurth writes: On September 4, 2025, the Court of Justice of the European Union (“CJEU”) issued a significant decision in the case EDPS v SRB C-413/23 P. The ruling overturned a previous 2023 decision by the General Court of the European Union (“General Court”) regarding how pseudonymized data should be treated under European Union...

Jon Brodkin reports: Verizon lost an attempt to overturn a $46.9 million fine for selling customer location data without its users’ consent. The US Court of Appeals for the 2nd Circuit rejected Verizon’s challenge in a ruling issued today. The Federal Communications Commission fined the three major carriers last year for violations revealed in 2018. The companies sued the FCC...