Russian authorities used Cellebrite phone-cracking technology to break into a device belonging to a prominent domestic human rights activist they arrested and imprisoned, despite the company canceling its contract with the Russian government, according to a report published Thursday.

The University of Toronto’s Citizen Lab reached its conclusions after analyzing a phone belonging to Andrey Pivovarov and examining court documents he provided confirming the usage of Cellebrite’s UFED product.

Pivovarov was arrested in March 2021, sentenced in 2022 and released in 2024 as part of a prisoner exchange. Citizen Lab found evidence that authorities accessed his phone around June 2021 while the phone was in Russian government hands.

Investigators also said it appears Russian authorities might have used information it got from Pivoarov’s phone to surveil other regime opponents, combining information in the court documents with the later targeting of fellow dissident Anastasiya Burakova in a hacking campaign linked to Russia’s Federal Security Service (FSB).

“The historic architecture of Cellebrite forensic systems means that much of the functionality in the UFED product has continued to operate long after updates cease,” Citizen Lab said in its report. “Furthermore, Cellebrite systems have historically featured an offline mode. Consequently, the way Cellebrite’s technology was designed appeared to make it difficult for the company to meaningfully cut off problematic customers.

“While Cellebrite has argued that its cancellations in Russia … went beyond what was legally required, this investigation contributes evidence that the contract cancellation did not immediately block Russia from leveraging Cellebrite’s tools for political persecution,” it continued.

Cellebrite provided a response to Citizen Lab’s report, saying that Cellebrite’s technology would be ineffective in Russia today.

“Any use of legacy Cellebrite hardware in Russia after March 2021 is entirely unauthorized,” Cellebrite spokesperson Victor Cooper told CyberScoop, echoing the Citizen Lab response. “The Cellebrite hardware previously sold, prior to March 2021, would now be incompatible with modern devices and would operate without our technical support, our consent or any legal sanction from Cellebrite. Rapid technology advances render legacy digital forensic hardware and software ineffective within a short period of time. Russia remains permanently on our restricted-customer list.”

The Russian Embassy in Washington, D.C. did not immediately respond to a request for comment.

The post Russia uses Cellebrite to break into human rights activist’s phone, even after cancellation of contract appeared first on CyberScoop.

LastPass says hackers stole customers' personal information, support case records, and sales data by breaching market research partner Klue. The password manager told TechCrunch that its own systems and password vaults were unaffected. However, the hackers used their access to obtain "reams of data about LastPass customers," the report says. From the report: In a blog post that shared information about the incident, LastPass said the hackers took customers' names, phone numbers, email addresses, and physical addresses, as well as customer support case data and sales-related data. It's not yet known what was in the contents of customer support tickets, although they likely contain fragments of potentially private or sensitive information. Customers typically contact customer service when they are having a billing issue or need assistance in gaining access to their accounts. Past incidents involving customer support tickets have included credentials and government-issued identity documents. The last data breach LastPass reported was in 2022, when hackers stole the company's entire store of customer password vaults.

Read more of this story at Slashdot.

Meta has paused its Model Compatibility Initiative that tracked employee mouse movements, clicks, keystrokes, and screen content to train AI agents, after some of its collected data became accessible to more employees than intended. Meta says it has no evidence the information was improperly accessed and will not restart the program until it is confident in its safeguards. Wired reports: Meta rolled out the Model Compatibility Initiative (MCI) tool in April to US employees. The tool "collects computer inputs such as mouse movements, click locations and keystrokes, as well as screen content," according to workers who have been petitioning against it over privacy, security, and personal liberty concerns. When MCI launched, employees couldn't opt out, but that changed to a limited degree after workers protested. Meta executives have repeatedly defended the data-gathering project, saying it was necessary to train AI systems to operate computer software the way humans do and that employees were the best examples for the artificial intelligence to learn from. On Monday, a Meta engineer issued an internal security notice stating that databases filled with information gathered by MCI had been exposed to anyone inside the company. A former employee actively involved in pushing back against MCI describes the lapse as "a mess" -- and one that employees had expected would occur. "When workers raised concerns, leadership doubled down and failed to acknowledge the risks workers raised about the safety and privacy of worker and customer data," the person says. "Leadership has clearly created an authoritarian environment where workers are no longer respected or heard." But after critical comments poured into internal forums on Monday expressing frustration about the security issue, Meta shocked some of its staff by pausing MCI altogether, telling WIRED about the development several hours before announcing it to employees. A few workers told WIRED they were confused in the meantime because the tool was continuing to run on their laptops. Late on Monday, Stephane Kasriel, a Meta vice president overseeing AI research, announced the pause and told staff that the security issue had been discovered on June 18 and addressed within four hours. But the initial fix didn't stick and access to the data had to be further locked down. The issue made "some MCI-derived data" accessible to more people than intended, he wrote, without elaborating.

Read more of this story at Slashdot.

A federal court ruled Monday that the Trump administration’s national voter database violates federal privacy laws, interferes with Americans’ right to vote, and must be dismantled.

In the ruling, Judge Sparkle L. Sooknanan of the District Court of Washington D.C. wrote that records reviewed by the court show federal agencies knew that the SAVE voter database violated federal laws like the Privacy Act, the Social Security Act and the Administrative Procedure Act, but were “scrambling” to comply with President Trump’s executive order to create a system for mass voter verification.

That pressure resulted in agencies “haphazardly” combining and repurposing the personal information of millions of Americans from different government databases, including citizenship data they knew was unreliable.

“The Court therefore sets aside and vacates the 2025 SAVE modified system and the related notices because they were contrary to law, arbitrary and capricious, in excess of statutory authority, and without observance of procedure required by law,” Sooknanan wrote.

The League of Women Voters, its local affiliate groups and the Electronic Privacy Information Center filed the lawsuit last year. They argued the administration violated privacy laws that restrict the government’s ability to collect or combine private data without congressional authorization.

Sooknanan wrote that the SAVE database violates a prohibition in the Social Security Act against the disclosure of Social Security numbers and other related SSA records as well as substantive and procedural protections in the Privacy Act, which prevent the non-consensual disclosure of certain information both by federal agencies and between federal agencies and require notice and comment.

The court also ruled that SAVE violates the Administrative Procedures Act, which governs how the federal government develops regulations and makes official decisions to ensure they’re fair and impartial.

Sooknanan had earlier declined to rule the database illegal under the Administrative Procedures Act, saying the plaintiffs had failed to prove the data would cause  irreparable harm. In her final ruling, she changed course, writing that the states have since run their voter rolls through the federal government’s modified SAVE system, and some voters have been wrongfully identified as non-citizens and had their voter registrations canceled.

“All in all, the federal government has knowingly trampled on the privacy rights of American citizens in a manner that threatens the sacred right to vote,” Sooknanan wrote. “This Court cannot stand idly by while that happens.”

The ruling reinforces longstanding objections from former government officials and privacy experts over the past year, who have said Congress has repeatedly passed privacy laws explicitly to prevent the executive branch from using Americans’ data in ways not proscribed through law. That is what DHS did last year when it took SAVE, a database meant to process government benefits for legal immigrants, and combined it with data from the Social Security Administration and other agencies to create a new massive database of American voters and their citizenship status.

John Davisson, deputy director of enforcement at EPIC, celebrated the decision in a statement, saying the ruling “underscores that government agencies must follow the law, defend privacy and remain accountable to the public they serve.”

 “Today’s decision is a victory for us all. By halting the illegal consolidation of sensitive personal data across federal agencies, the court has safeguarded not only our privacy rights but also the bedrock of our democracy: the right to vote,” said Davisson. 

The post Court rules SAVE database illegal, orders it dismantled appeared first on CyberScoop.

An anonymous reader shared this report from the Associated Press: Officials in Kansas City, Missouri, are preparing to equip cameras on some public buses with facial recognition software capable of identifying passengers who appear on a list of banned riders or missing persons. Supporters and opponents alike view the effort as a major litmus test for tapping the AI-powered software on a U.S. public transportation system, positioning Kansas City as the latest epicenter of a fierce debate over whether the safety benefits of artificial intelligence are worth the privacy costs. "The idea of running face recognition on a camera that is pointed on live spaces in public is a line that until recently has never really been crossed in the last 25 years," said Jay Stanley, senior policy analyst for the Project on Speech, Privacy and Technology at the American Civil Liberties Union. The state of Missouri declined to help fund the project as expected due to concerns with the facial recognition component. Still, the city is pushing ahead with local and federal money, said Tyler Means, chief mobility and strategy officer at the Kansas City Transportation Authority. "Privacy is always a tricky thing," Means said. "We've always had cameras on our buses. It's just new technology. I think in time it'll smooth over and people will realize, 'Well, it didn't really feel any different'...." Images captured by cameras aboard the buses would immediately be checked against any active alerts, generated when a missing person, banned rider or someone on a law enforcement watch list designated by the transportation authority is identified... After the buses return to the depot, the transportation authority would archive the regular video footage on a local server for up to five years. The company partnering with Kansas City to run the cameras "started using live facial recognition years ago to alert nursing homes when residents left the building," according to the article, and then "brought the technology to correctional institutions and schools." But this is its first attempt at bringing its cameras onto public transportation. The article also includes this quote from Will Owen, communications director for the Surveillance Technology Oversight Project. "City residents should not be guinea pigs for transit systems to test Silicon Valley's latest unproven, biased surveillance tech."

Read more of this story at Slashdot.

Writing on LinkedIn, Edwards said that while he has not agreed with how the investigation into him has been conducted, he has come to accept that his position “has become untenable.”

The Senate Judiciary Committee approved a new bill this week that seeks to prevent unauthorized deepfakes of American artists, performers and public figures. While the bill sailed through a committee voice vote, both Senators and outside groups say they’re worried it could become a tool for the powerful to quash free speech. 

The NO FAKES Act, introduced by Sens. Chris Coons, D-Del., and Marsha Blackburn, R-Tenn., would give Americans near-exclusive rights to their own digital AI replicas, and those rights live on, passing to heirs, executors and estates for at least 70 years after an individual dies.

While living, creators would be able to essentially license their likeness and image to others, over 10-year contracts for adults and 5 years for minors.

It would also permit individuals to sue anyone who uses their AI-generated image without permission, and pay up to $750,000 for violations. Blackburn submitted letters of support for the bill from more than 40 groups, including the Screen Actors Guild – American Federation of Television and Radio Artists, the American Medical Association, Creative Artists Agency, the Broadcasters’ Associations and the Human Artistry Campaign.

“It is imperative that we put this national standard in place for voice and visual likeness protection of creators, to protect from proliferation of harmful AIgenerated deepfakes that are created without their consent,” said Blackburn in a Thursday markup of the bill.

The introduction of consumer-grade AI tools has made it trivial to create convincing deepfakes of real individuals and public figures. The harms are well documented: bad actors have used them to create nonconsensual pornography or sexualized media of people they know, create child sexual assault material (CSAM) , and blackmail or humiliate individuals.

Artists have faced real challenges in the AI era when it comes to controlling their digital likeness. Last year, the Better Business Bureau warned that its Scam Tracker had been flooded with complaints about AI-celebrity endorsement scams. These included  deepfakes of Oprah Winfrey promoting weight loss products, Kim Kardashian pleading for donations to fight California wildfires, and pop star Taylor Swift and celebrity chef Gordon Ramsay endorsing cookware.

In the political arena, candidates now create deepfakes of their political opponents, putting words into their mouths or placing them in embarrassing or humiliating situations. Online, disinformation actors have repeatedly spread AI-generated videos and images of politicians like Donald Trump, Kamala Harris, and even regional or local politicians saying or doing scandalous things.

The bill represents one of the most aggressive attempts by U.S. policymakers to protect the digital commercial rights of artists and public figures. New York, for instance, passed a law this month that requires film and television advertisers to publicize when they’re using deepfakes in ads, but does not create a similar copyright regime for artists’ likeness. A Tennessee law, The ELVIS Act, that prohibits the unauthorized use of an individual’s voice and likeness and creates secondary liability for large platforms that publish or distribute the content.

The NO FAKES Act faces opposition from an alliance of tech business and digital rights groups. They argue the bill  fails to balance the commercial rights of artists to control their own image with longstanding First Amendment constitutional rights to free speech and parody.

Amy Bos, vice president of government affairs at NetChoice, a trade association for online businesses, said that while her group supports legislation that prevents unauthorized AI generated deepfakes, “good intentions do not make good law.”

“As written, this bill creates a dangerous financial incentive for platforms to aggressively over-remove lawful content, burdens creators with an unworkable counter-notification system, and fails to deliver the uniform national standard its sponsors promised,” Bos said in a statement.

Many digital civil groups agree with that view. A broad coalition of policy groups – including the American Civil Liberties Union, the R-Street Foundation, the Center for Democracy and Technology, the Electronic Frontier Foundation and others – wrote to the Senate Judiciary Committee this week to urge members to oppose the bill in its current form.

They argued the current bill creates a “Heckler’s veto” over most online content, allowing artists, public figures and advocacy groups to flood the notification system with takedown requests for content they don’t like. Similar to a law already on the books, the Digital Millenium Copyright Act, virtually all the incentives in the bill push platforms to be overaggressive in taking down content, regardless of whether it violates the law or not.

This approach could end up quashing not just unauthorized ads but also scores of other likely First Amendment protected uses, such as education, humor, satire and parody.

In 2023, a humorous AI-generated image of Pope Francis in a puffy Balenciaga jacket went viral. Under the NO FAKES Act, the coalition says that post would be illegal for anyone to post until nearly 2100.

In the political arena, both Republicans like Trump and Democrats like California Governor Gavin Newsom have used AI deepfakes to skewer their political opposition.

“A law that undermines free expression will struggle to survive constitutional review,” the groups wrote. “In the meantime, it can do lasting damage, both to lawful speech and to the autonomy of the people it claims to protect. We urge the Committee not to advance the NO FAKES Act in its current form, to examine how existing state and federal law already addresses the legitimate harms the bill seeks to address, and to pursue narrowly tailored solutions only where a genuine gap remains. We would welcome the opportunity to assist.”

While the bill passed by voice vote and with broad support, multiple Republican and Democratic members of the committee said they had similar concerns and expressed a desire to continue tweaking the bill further before passage into law.

In the Senate meeting, Coons appeared to dismiss those charges, arguing that changes made to the bill ahead of markup adequately address any First Amendment concerns.

“I want to be clear, NO FAKES includes features that protect free speech,” Coons claimed. “Parody, satire documentaries, biopics, newscasts, they’re all protected and we built in appropriate counter notification processes and exempted research libraries and archives.”

The post Congress tees up No FAKES Act, aiming at AI-generated deepfakes appeared first on CyberScoop.

The nonprofit Human Rights Watch obtained export licensing records covering 2018 through 2023, which show the Bulgarian government allowed the surveillance firm Circles to peddle the tech to law enforcement and intelligence agencies in several countries known for human rights abuses.

Reuters reports a cyber extortion group has claimed responsibility for breaching Novo Nordisk's network, stealing roughly 1.3 terabytes of data, including source code, drug research, clinical-trial records, employee and physician information, production-system details, and internal AI model data. The group says it's exploring selling parts of the data after unsuccessfully demanding $25 million from the company. From the report: FulcrumSec, a cyber extortion group that emerged in October 2025, said in a long message posted to its website that it spent more than two months in Novo Nordisk's networks stealing data. It said that data included company source code, proprietary information on released and unreleased drugs, trial data, employee, doctor and patient data, information related to company processing facilities and internal AI model information. [...] FulcrumSec told Reuters in an email that Novo Nordisk representatives contacted the group on June 3, roughly 48 hours after the group's initial contact to unnamed company executives. The company used a random Proton Mail email address sent to email addresses that FulcrumSec used in its initial outreach, and confirmed it was the company by requesting specific files for verification only the company would know about. The FulcrumSec representative also said that the group would prefer not to sell data, "as open sourcing it is a more effective deterrent for future companies to avoid paying." [...] FulcrumSec said it would not share some of the data it stole, including information on thousands of company employees and physicians, and roughly 11,500 pseudonymized clinical trial patients. The group said it also would withhold data related to operational technology and software used to interact with sensors and machinery at Novo Nordisk production facilities as part of its "harm-reduction strategy." A Novo Nordisk spokesperson said in an email that the company "is aware of claims that data allegedly copied externally without authorization from our systems has been published online. We take this matter seriously and maintain continued operations of our main platforms. We are in contact with the relevant authorities."

Read more of this story at Slashdot.

alternative_right shares a report from The Hill: The FBI released an urgent security warning to the public about a fast-acting scam targeting Microsoft 365 users on Teams, Outlook and OneDrive. The agency warned that the hacking platform Kali365 seeks out OAuth device codes, allowing scammers to sneak past multi-factor authentication codes, and without the need for a password, to access Microsoft accounts. Scammers will send a phishing email impersonating a trusted document-sharing service with a device code and instructions on how to verify, according to the FBI. "Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities," the FBI stated. The platform is sold to scammers with a $250 per month subscription. The FBI, which first detected Kali365 in April, described the hacking platform as an "emerging Phishing-as-a-Service platform." Hackers with limited skills can access advanced phishing tools through the platform, according to NordPass.

Read more of this story at Slashdot.

The ban will apply to all “user-to-user platforms, whose purpose is to enable social interaction and which allow users to post material, alongside algorithms,” according to a press release from the government’s Department for Science, Innovation and Technology.

The U.S. Departments of Justice and Homeland Security seized multiple internet domains this week, accusing them of being used to publishing thousands of AI or digitally-altered images and videos of nude women.

The domains, CFAKE.com and SOCFAKE.com, specialized in digital forgeries that “were made to appear to be sexual images of famous women, including politicians, first ladies of multiple countries, royalty, journalists, television presenters, athletes, entertainers, and others” either nude or engaged in sexual activity,” according to a Department of Justice release.

In addition to creating sexual images and videos of women without their consent, the service allowed people to browse by topics, including “rape,” “forced,” and “degradation.”

That description comes from a Department of Justice release describing the contents of its probable cause affidavit and search warrants. CyberScoop has not viewed the court documents.  

The sites were seized under the TAKE IT DOWN Act, a law passed last year giving federal authorities the ability to criminally prosecute those who create and distribute deepfake porn. The law was a rare moment of bipartisan agreement in Washington D.C., gaining support from both Democrats and Republicans who said their constituents were demanding tougher laws to curb the use of AI to create nonconsensual deepfake porn.

The operation marks one of the largest seizures since the law went into effect. The details of the operation disclosed by the government show how creators of deepfake porn rely on a web of international assets and infrastructure to evade law enforcement.

Robert Fraiser, U.S. Attorney for the District of New Jersey, said U.S. authorities worked in coordination with law enforcement agencies in France and Italy. According to U.S. officials, they were first notified about the website by Italian Polizia de Stato, while a parallel investigation run by the Paris Public Prosecutor’s Office in France resulted in the arrest of a suspect connected with the site, along with seized cryptocurrency funds.

“These seizures stopped a website that trafficked in humiliation, exploitation, and the violation of personal privacy on a massive scale,” said Frazer in a statement. “For the victims whose images were distributed without their consent, the harm is not virtual — it is deeply personal and often enduring.”

According to the Paris Prosecutor’s Office, Cyrille B., a 47-year-old French national was arrested and accused of being an administrator for CFAKE. A search of his home in Nice found computer equipment related to the site and a little more than $48,000 in Ethereum cryptocurrency that they said came from the site’s advertising.

The French investigation identified 300,000 images, 7,000 videos depicting 14,000 individuals from different countries. The site had approximately 200,000 user accounts, 4 million views per month and uploaded 50 pieces of new content every day.

The suspect had no prior criminal record, and will go to trial on July 7. The charges carry potential penalties of up to seven years in prison and €500,000.

U.S. Immigration and Customs Enforcement’s Homeland Security Investigation division is leading the federal investigation, in conjunction with the U.S. Attorney’s office for New Jersey.

The post US, France, and Italian authorities shut down massive deepfake porn site appeared first on CyberScoop.

About 7 million customers of the genetics testing company had their data stolen by hackers starting in April 2023, and many had their information posted on the dark web.

It is the first lapse of the spy program, known as Section 702 of the Foreign Intelligence Surveillance Act (FISA), since it was passed into law in 2008.

Meta said Monday that it caught a spearphishing campaign linked to spyware maker NSO Group despite a court injunction, prompting the tech giant to file a contempt-of-court complaint.

The company won a civil case last year against NSO Group barring it from targeting WhatsApp users and securing $168 million in damages, although NSO Group has been appealing the ruling.

But Meta says NSO Group, makers of the Pegasus spyware, isn’t honoring the permanent injunction.

“We successfully disrupted NSO-linked social engineering attempts, after investigating user reports,” it said in a blog post. “They tried to trick people into clicking on malicious links to drive them to external websites outside of WhatsApp, similar to previously reported 1-click phishing campaigns linked to NSO. We also caught them creating test accounts and groups on WhatsApp, which we took down.”

Meta said the campaign resembled spyware infections that hit journalists and activists in Jordan from 2019 to 2023.

NSO Group didn’t respond to requests for comment about Meta’s accusations.

One top researcher who tracks spyware said NSO Group’s actions are an argument for keeping them on the U.S. sanctions “entity” list that the company has fought to be removed from since its designation in 2021.

“NSO’s own actions make the strongest argument for why they should stay on the Entity list,” John Scott-Railton, senior researcher at the University of Toronto’s Citizen Lab, wrote on social media. “And reaffirm that the decision to put them there was the right one.”

Meta made the same argument.

“When a malicious company on the US government’s Entity List continues to defy US courts, existing restrictions must remain firmly in place,” it said in its blog post. “Easing them would undermine US national security and put American companies and billions of people worldwide who depend on secure communications at risk.”

Lawmakers have sought information on the federal government’s prospective use of NSO Group tech and other kinds of spyware, despite a blacklist, given close ties between the company’s new executive chairman and President Donald Trump.

The post Meta accuses NSO Group of defying spyware injunction, files contempt of court complaint appeared first on CyberScoop.

Last Thursday, Wired reported that Meta had quietly embedded an unreleased facial recognition system called NameTag into software installed on millions of phones. In a follow-up report, Wired says the tech giant has now removed the face-recognition-related code, while saying "no final decision" has been made about whether the feature will launch. From the report: On Thursday, WIRED reported that Meta had quietly integrated substantial portions of the NameTag system into the Meta AI app. Though never publicly enabled, the feature was designed to convert faces captured by the glasses into unique biometric signatures, commonly known as faceprints, and compare them against a database of faceprints stored on the user's device. WIRED also found that faces the system failed to recognize were cropped, indexed, and stored locally for future processing. NameTag first surfaced in February, when The New York Times, citing internal Meta documents, reported that the company was developing face recognition for its smart glasses and weighing a launch as soon as this year. One memo reportedly described releasing it during a "dynamic political environment," when privacy and civil liberties advocates would be distracted. Last week, WIRED reported that much of NameTag's machinery was already built into the Meta AI app, downloaded by millions of users, as early as January, even as Meta publicly said it had made no final decision about face recognition. After WIRED's report, Stone dismissed the findings, writing that the company couldn't answer questions about how the system would work because "the feature does not exist." Andrew Bosworth, Meta's chief technology officer, called the reporting "incredibly misleading" and "absolutely dishonest." [...] The newly released version of Meta AI removes nearly all traces of the feature Meta said did not yet exist. Gone is the face-recognition software itself, along with the code that ran the NameTag recognition process and the "Person recognized" alert the app would have shown if someone were identified. The update also strips out a folder where the app would have stored the cropped images and biometric signatures of faces it captured but could not identify. [...] A few fragments of the NameTag system remain in the version of latest Meta AI, including an internal debug menu label and a dormant link meant to open a recognized person's profile. The leftover code points to parts of the system that are no longer there.

Read more of this story at Slashdot.

The companies “must activate built-in features or implement technical solutions on smartphones and tablets to detect and block nude images for children,” according to a press release from the Home Office. Prime Minister Keir Starmer announced the measure in a speech at London Tech Week Monday.

"When Hugo Parra was arrested last year on felony charges, his pleas of innocence fell on deaf ears," reports the Times of San Diego: San Diego police had a description of the Alfa Romeo car he was riding in [but no license plate number] and a witness who identified him during a curbside lineup as the man who brandished a handgun in Golden Hill. They had also checked the city's automatic license plate camera system, run by the private company Flock, and got a "hit," substantiating the claim. The problem, says attorney Alex Coolman, was that Parra was five miles away from Golden Hill at the time of the crime, and the so-called hit from the license plate reader was captured before any police pursuit began. "This Flock hit was obviously the wrong car, as it could not have been in both places simultaneously," said Coolman, who represents Parra and the driver, 23-year-old Ariel Beltran. Despite the signs pointing to it being a different Alfa Romeo, police arrested Beltran and Parra... [An officer had informed dispatch that one of the men "matched the victim's description, other than having a different-colored hooded sweatshirt."] Parra spent nearly one month behind bars, missing Thanksgiving and other special events with his family, before the assault with a firearm and evasion charges were dropped. Parras says he was incarcerated with actual murderers, according to the article, and Parra and Beltran are now preparing to sue the city, seeking $1.5 million each in damages for civil rights violations and negligence. Their claim notes they'd driven past several other Flock cameras which officers could've used to corroborate their story (not to mention location data on their cell phones). Meanwhile, the article also notes that last month the Institute for Justice "identified at least 17 cases in the United States of officers allegedly using Automated License Plate Reader technology to keep tabs on partners, exes, and strangers who had caught their eye..."

Read more of this story at Slashdot.

Twitter, renamed X in 2023, filed a petition saying that the settlement terms are unfair because the order was issued against a company that “no longer exists,” the workers responsible for the scheme no longer work for X and the firm has since established a “world class” privacy and data protection program.

The Trump administration had backed the FCC’s position and, apart from Justice Clarence Thomas, the high court agreed.