Policy

elon-musk’s-x-faces-big-eu-fines-as-paid-checkmarks-are-ruled-deceptive

Elon Musk’s X faces big EU fines as paid checkmarks are ruled deceptive

Blue checkmarks —

Paid “verification” deceives X users and violates Digital Services Act, EU says.

Elon Musk's X account profile displayed on a phone screen

Getty Images | NurPhoto

Elon Musk’s overhaul of the Twitter verification system deceives users and violates the Digital Services Act, the European Commission said today in an announcement of preliminary findings that could lead to a big financial penalty.

The social media platform now called X “designs and operates its interface for the ‘verified accounts’ with the ‘Blue checkmark’ in a way that does not correspond to industry practice and deceives users,” the EU regulator said. “Since anyone can subscribe to obtain such a ‘verified’ status, it negatively affects users’ ability to make free and informed decisions about the authenticity of the accounts and the content they interact with. There is evidence of motivated malicious actors abusing the ‘verified account’ to deceive users.”

Blue checkmarks “used to mean trustworthy sources of information,” Commissioner for Internal Market Thierry Breton said. The EC said it “informed X of its preliminary view that it is in breach of the Digital Services Act (DSA) in areas linked to dark patterns, advertising transparency and data access for researchers.”

X will have an opportunity to respond in writing. If the preliminary finding is upheld, the EC said it would adopt a non-compliance decision that “could entail fines of up to 6 percent of the total worldwide annual turnover of the provider, and order the provider to take measures to address the breach.”

A non-compliance decision may also “trigger an enhanced supervision period to ensure compliance with the measures the provider intends to take to remedy the breach,” and “periodic penalty payments to compel a platform to comply.” X is allowed to “exercise its rights of defense by examining the documents in the Commission’s investigation file and by replying in writing to the Commission’s preliminary findings,” the announcement said.

We contacted X today and will update this article if the company provides a response to the EU findings.

Advertising and data access charges

As for the second alleged violation, the EC said that “X does not comply with the required transparency on advertising, as it does not provide a searchable and reliable advertisement repository, but instead put in place design features and access barriers that make the repository unfit for its transparency purpose towards users. In particular, the design does not allow for the required supervision and research into emerging risks brought about by the distribution of advertising online.”

Thirdly, the commission said it found that “X fails to provide access to its public data to researchers in line with the conditions set out in the DSA. In particular, X prohibits eligible researchers from independently accessing its public data, such as by scraping, as stated in its terms of service. In addition, X’s process to grant eligible researchers access to its application programming interface (API) appears to dissuade researchers from carrying out their research projects or leave them with no other choice than to pay disproportionately high fees.”

In December 2023, the EC announced that Musk’s X platform was subject to the first formal investigation into possible DSA violations. X said at the time that it “remains committed to complying with the Digital Services Act and is cooperating with the regulatory process. It is important that this process remains free of political influence and follows the law.”

With today’s announcement, X is the first company to face preliminary findings of DSA non-compliance.

“The DSA has transparency at its very core, and we are determined to ensure that all platforms, including X, comply with EU legislation,” said EC competition official Margrethe Vestager.

Elon Musk’s X faces big EU fines as paid checkmarks are ruled deceptive Read More »

nearly-all-at&t-subscribers’-call-records-stolen-in-snowflake-cloud-hack

Nearly all AT&T subscribers’ call records stolen in Snowflake cloud hack

AT&T data breach —

Six months of call and text records taken from AT&T workspace on cloud platform.

AT&T logo displayed on a smartphone with a stock exchange index graph in the background.

Getty Images | SOPA Images

AT&T today said a breach on a third-party cloud platform exposed the call and text records of nearly all its cellular customers. The leaked data is said to include phone numbers that AT&T subscribers communicated with, but not names.

An AT&T spokesperson confirmed to Ars that the data was exposed in the recently reported attack on “AI data cloud” provider Snowflake, which also affected Ticketmaster and many other companies. As previously reported, Snowflake was compromised by a group that obtained login credentials through information-stealing malware.

“In April, AT&T learned that customer data was illegally downloaded from our workspace on a third-party cloud platform,” AT&T announced today. AT&T said it is working with law enforcement and “understands that at least one person has been apprehended.”

AT&T said it does not believe the stolen call data has been made publicly available. “The call and text records identify the phone numbers with which an AT&T number interacted during this period, including AT&T landline (home phone) customers. It also included counts of those calls or texts and total call durations for specific days or months,” AT&T said.

Records of “nearly all” AT&T customers

The data does not include the content of calls or text messages, AT&T said.

“Based on our investigation, the compromised data includes files containing AT&T records of calls and texts of nearly all of AT&T’s cellular customers, customers of mobile virtual network operators (MVNOs) using AT&T’s wireless network, as well as AT&T’s landline customers who interacted with those cellular numbers between May 1, 2022 – October 31, 2022. The compromised data also includes records from January 2, 2023, for a very small number of customers,” AT&T said.

The carrier said the breach does not include Social Security numbers, dates of birth, other personally identifiable information, or the time stamps for calls and texts. “While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number,” an AT&T filing with the Securities and Exchange Commission said.

AT&T’s SEC filing said the “records identify the telephone numbers with which an AT&T or MVNO wireless number interacted during these periods, including telephone numbers of AT&T wireline customers and customers of other carriers, counts of those interactions, and aggregate call duration for a day or month. For a subset of records, one or more cell site identification number(s) are also included.”

AT&T said it has “clos[ed] off the point of unlawful access” and is notifying current and former customers of the breach. AT&T’s current and former customers can obtain the data that was compromised, and details on how to make those data requests are available on this page.

FBI and FCC comment

The Federal Bureau of Investigation said AT&T and law enforcement agreed to delay public reporting of the incident when the investigation began in April. The FBI provided this statement to Ars:

Shortly after identifying a potential breach to customer data and before making its materiality decision, AT&T contacted the FBI to report the incident. In assessing the nature of the breach, all parties discussed a potential delay to public reporting under Item 1.05(c) of the SEC Rule, due to potential risks to national security and/or public safety. AT&T, FBI, and DOJ worked collaboratively through the first and second delay process, all while sharing key threat intelligence to bolster FBI investigative equities and to assist AT&T’s incident response work.

The FBI declined to provide any information on the person who was apprehended. The Federal Communications Commission said it has “an ongoing investigation into the AT&T breach and we’re coordinating with our law enforcement partners.”

An AT&T spokesperson told Ars that the Snowflake breach is unrelated to another recent leak involving the data of 73 million current and former subscribers.

Nearly all AT&T subscribers’ call records stolen in Snowflake cloud hack Read More »

apple-settles-eu-probe-by-opening-up-its-mobile-payments-system

Apple settles EU probe by opening up its mobile payments system

A small price to pay? —

iPhone users will get more choices to make “touch-and-go” payments in the EU.

Apple settles EU probe by opening up its mobile payments system

In two weeks, iPhone users in the European Union will be able to use any mobile wallet they like to complete “tap and go” payments with the ease of using Apple Pay.

The change comes as part of a settlement with the European Commission (EC), which investigated Apple for potentially shutting out rivals by denying access to the “Near Field Communication” (NFC) technology on its devices that enables the “tap and go” feature. Apple did not develop this technology, which is free for developers, the EC said, and going forward, Apple agreed to not charge developers fees to provide the NFC functionality on its devices.

In a press release, the EC’s executive vice president, Margrethe Vestager, said that Apple’s commitments in the settlement address the commission’s “preliminary concerns that Apple may have illegally restricted competition for mobile wallets on iPhones.”

“From now on, Apple can no longer use its control over the iPhone ecosystem to keep other mobile wallets out of the market,” Vestager said. “Competing wallet developers, as well as consumers, will benefit from these changes, opening up innovation and choice, while keeping payments secure.”

Apple has until July 25 to follow through on three commitments that resolve the EC’s concerns that Apple may have “prevented developers from bringing new and competing mobile wallets to iPhone users.”

Arguably, providing outside developers access to NFC functionality on its devices is the biggest change. Rather than allowing developers to access this functionality through Apple’s hardware, Apple has borrowed a solution prevalent in the Android ecosystem, Vestager said, granting access through a software solution called “Host Card Emulation mode.”

This, Vestager said, provides “an equivalent solution in terms of security and user experience” and paves the way for other wallets to be more easily used on Apple devices.

An Apple spokesperson told CNBC that “Apple is providing developers in the European Economic Area with an option to enable NFC contactless payments and contactless transactions for car keys, closed loop transit, corporate badges, home keys, hotel keys, merchant loyalty/rewards, and event tickets from within their iOS apps using Host Card Emulation based APIs.”

To ensure that Apple Pay is on an equal playing field with other wallets, the EC said that Apple committed to improve contactless payments functionality for rival wallets. That means that “iPhone users will be able to double-click the side button of their iPhones to launch” their preferred wallet and “use Face ID, Touch ID and passcode to verify” their identities when using competing wallets.

Perhaps most critically for users attracted to Apple’s payment options convenience, Apple also agreed to allow rival wallets to be set as the default payment option.

These commitments will remain in force for 10 years, Vestager said.

Apple did not immediately respond to Ars’ request for comment. Apple’s spokesperson confirmed to CNBC that no changes would be made to Apple Pay or Apple Wallet as a result of the settlement.

Apple’s commitments go beyond the DMA

Before accepting Apple’s commitments, the EC spoke to “many banks, app developers, card issuers, and financial associations,” Vestager said, whose feedback helped improve Apple’s commitments.

According to Vestager, Apple’s changes go beyond the requirements of the EU’s strict antitrust law, the Digital Markets Act, which “requires gatekeepers to ensure effective interoperability with hardware and software features that they use within their ecosystems,” including “access to NFC technology for mobile payments.”

Beyond the DMA, Apple agreed to have its compliance with the settlement “ensured by a monitoring trustee,” as well as to provide “a fast dispute resolution mechanism, which will also allow for an independent review of Apple’s implementation.”

Vestager assured all stakeholders in the European Economic Area that these changes will prevent any potential harms caused by Apple seeming to shut other wallets out of its devices, which “may have had a negative impact on innovation.” By settling the yearslong probe, Apple avoided a potentially large fine. In March, the EC fined Apple nearly $2 billion for restricting “alternative and cheaper music subscription services” like Spotify in its app store, and the suspected anticompetitive behavior in Apple’s payments ecosystem seemed just as harmful, the EC found.

“This reduction in choice and innovation is harmful,” Vestager said, confirming that the settlement concluded the EC’s probe into Apple Pay. “It is harmful to consumers and it is illegal under EU competition rules.”

Apple settles EU probe by opening up its mobile payments system Read More »

court-ordered-penalties-for-15-teens-who-created-naked-ai-images-of-classmates

Court ordered penalties for 15 teens who created naked AI images of classmates

Real consequences —

Teens ordered to attend classes on sex education and responsible use of AI.

Court ordered penalties for 15 teens who created naked AI images of classmates

A Spanish youth court has sentenced 15 minors to one year of probation after spreading AI-generated nude images of female classmates in two WhatsApp groups.

The minors were charged with 20 counts of creating child sex abuse images and 20 counts of offenses against their victims’ moral integrity. In addition to probation, the teens will also be required to attend classes on gender and equality, as well as on the “responsible use of information and communication technologies,” a press release from the Juvenile Court of Badajoz said.

Many of the victims were too ashamed to speak up when the inappropriate fake images began spreading last year. Prior to the sentencing, a mother of one of the victims told The Guardian that girls like her daughter “were completely terrified and had tremendous anxiety attacks because they were suffering this in silence.”

The court confirmed that the teens used artificial intelligence to create images where female classmates “appear naked” by swiping photos from their social media profiles and superimposing their faces on “other naked female bodies.”

Teens using AI to sexualize and harass classmates has become an alarming global trend. Police have probed disturbing cases in both high schools and middle schools in the US, and earlier this year, the European Union proposed expanding its definition of child sex abuse to more effectively “prosecute the production and dissemination of deepfakes and AI-generated material.” Last year, US President Joe Biden issued an executive order urging lawmakers to pass more protections.

In addition to mental health impacts, victims have reported losing trust in classmates who targeted them and wanting to switch schools to avoid further contact with harassers. Others stopped posting photos online and remained fearful that the harmful AI images will resurface.

Minors targeting classmates may not realize exactly how far images can potentially spread when generating fake child sex abuse materials (CSAM); they could even end up on the dark web. An investigation by the United Kingdom-based Internet Watch Foundation (IWF) last year reported that “20,254 AI-generated images were found to have been posted to one dark web CSAM forum in a one-month period,” with more than half determined most likely to be criminal.

IWF warned that it has identified a growing market for AI-generated CSAM and concluded that “most AI CSAM found is now realistic enough to be treated as ‘real’ CSAM.” One “shocked” mother of a female classmate victimized in Spain agreed. She told The Guardian that “if I didn’t know my daughter’s body, I would have thought that image was real.”

More drastic steps to stop deepfakes

While lawmakers struggle to apply existing protections against CSAM to AI-generated images or to update laws to explicitly prosecute the offense, other more drastic solutions to prevent the harmful spread of deepfakes have been proposed.

In an op-ed for The Guardian today, journalist Lucia Osborne-Crowley advocated for laws restricting sites used to both generate and surface deepfake pornography, including regulating this harmful content when it appears on social media sites and search engines. And IWF suggested that, like jurisdictions that restrict sharing bomb-making information, lawmakers could also restrict guides instructing bad actors on how to use AI to generate CSAM.

The Malvaluna Association, which represented families of victims in Spain and broadly advocates for better sex education, told El Diario that beyond more regulations, more education is needed to stop teens motivated to use AI to attack classmates. Because the teens were ordered to attend classes, the association agreed to the sentencing measures.

“Beyond this particular trial, these facts should make us reflect on the need to educate people about equality between men and women,” the Malvaluna Association said. The group urged that today’s kids should not be learning about sex through pornography that “generates more sexism and violence.”

Teens sentenced in Spain were between the ages of 13 and 15. According to the Guardian, Spanish law prevented sentencing of minors under 14, but the youth court “can force them to take part in rehabilitation courses.”

Tech companies could also make it easier to report and remove harmful deepfakes. Ars could not immediately reach Meta for comment on efforts to combat the proliferation of AI-generated CSAM on WhatsApp, the private messaging app that was used to share fake images in Spain.

An FAQ said that “WhatsApp has zero tolerance for child sexual exploitation and abuse, and we ban users when we become aware they are sharing content that exploits or endangers children,” but it does not mention AI.

Court ordered penalties for 15 teens who created naked AI images of classmates Read More »

republicans-angry-that-isps-receiving-us-grants-must-offer-low-cost-plans

Republicans angry that ISPs receiving US grants must offer low-cost plans

Illustration of ones and zeroes overlaid on a US map.

Getty Images | Matt Anderson Photography

Republican lawmakers are fighting a Biden administration attempt to bring cheap broadband service to low-income people, claiming it is an illegal form of rate regulation. GOP leaders of the House Energy and Commerce Committee announced an investigation into the National Telecommunications and Information Administration (NTIA), which is administering the $42.45 billion Broadband Equity, Access, and Deployment (BEAD) program that was approved by Congress in November 2021.

“States have reported that the NTIA is directing them to set rates and conditioning approval of initial proposals on doing so. This undoubtedly constitutes rate regulation by the NTIA,” states a letter to the NTIA from Committee Chair Cathy McMorris Rodgers (R-Wash.), Subcommittee on Communications and Technology Chair Bob Latta (R-Ohio), and Subcommittee on Oversight and Investigations Chair Morgan Griffith (R-Va.).

As evidence, the letter points to a statement by Virginia that described feedback received from the NTIA. The federal agency told Virginia that “the low-cost option must be established in the Initial proposal as an exact price or formula.”

The Republicans said anecdotal evidence suggests “the NTIA may be evaluating initial proposals counter to Congressional intent and in violation of the law.” They asked the agency for all communications about the grants between NTIA officials and state broadband offices.

The US law that ordered NTIA to distribute the money requires that Internet providers receiving federal funds offer at least one “low-cost broadband service option for eligible subscribers.” But the law also says the NTIA may not “regulate the rates charged for broadband service.”

We’re following the law, agency says

An NTIA spokesperson told Ars that the agency is working to implement the law’s requirement that grant recipients offer an affordable service tier to qualifying low-income households. “We’ve received the letter and will respond through the appropriate channels. NTIA is working to implement BEAD in a manner that is faithful to the statute,” the agency said.

NTIA Administrator Alan Davidson tried to deflect Republican criticism of the low-cost requirements at a hearing in May. He said that requiring a low-cost option, as the law demands, is not the same as regulating broadband rates.

“The statute requires that there be a low-cost service option,” Davidson told Latta at the hearing, according to Broadband Breakfast. “We do not believe the states are regulating rates here. We believe that this is a condition to get a federal grant. Nobody’s requiring a service provider to follow these rates, people do not have to participate in the program.”

The NTIA needs to evaluate specific proposals to determine whether plans are low-cost, he said. “You have to be able to understand what is affordable,” Davidson was quoted as saying. “Every state has to submit a low-cost option that we can understand is affordable. When states do that, we will approve their plans.”

Republicans angry that ISPs receiving US grants must offer low-cost plans Read More »

elon-musk-beats-one-lawsuit-seeking-severance-for-laid-off-twitter-employees

Elon Musk beats one lawsuit seeking severance for laid-off Twitter employees

Xed out —

Losing plaintiffs may be able to join one of the other lawsuits against X Corp.

A large X placed on top of the building used by the company formerly known as Twitter.

Enlarge / An X sign at company headquarters in San Francisco.

Getty Images | Bloomberg

A federal judge yesterday granted Elon Musk’s motion to dismiss a class-action complaint alleging that laid-off Twitter employees were wrongfully denied the severance they were entitled to under the Employee Retirement Income Security Act (ERISA).

The employees may be able to latch onto another lawsuit against Twitter that alleges different severance-related violations, but their claim under ERISA was denied by US District Judge Trina Thompson in the Northern District of California.

“Plaintiffs are not without recourse,” Thompson wrote, noting that they may benefit from similar cases ongoing against the Musk-owned firm. “Indeed, there are other cases brought against Twitter for the failure to pay wages or provide employee severance benefits during the same or overlapping period that Plaintiffs allege Defendants denied them and the putative class sufficient severance benefits under the severance plan at issue here.”

The putative class action that was denied yesterday was filed last year by former Twitter employees Courtney McMillian and Ronald Cooper, who were offered one month of severance pay. They claim that the “severance Twitter has offered to date is a fraction of what employees are entitled to as Plan participants,” and they wanted to represent a class defined as all participants in the severance plan who were terminated from Twitter after Musk bought the company in October 2022. They alleged that “terminated employees remain entitled to no less than $500 million.” That would be the total amount allegedly due to thousands of ex-employees laid off after the Musk buyout.

Twitter, now X Corp., claimed that the company did not maintain a severance plan governed by ERISA. Plaintiffs claimed that for several years before the Musk takeover, there was a “formalized policy” and pointed to “documents that provide a uniform and detailed policy framework for the numerous post-termination benefits Twitter provided to employees.” Plaintiffs said employees were promised severance based on the reason of departure, length of tenure, job level, department, issuance of stock units, and other factors.

No discretion

To be governed by ERISA, a severance plan must be an “ongoing administrative program for processing claims and paying benefits.” The Twitter plan doesn’t qualify, Thompson wrote in an order granting Musk’s motion to dismiss.

A severance plan with a single lump sum payment can be governed by ERISA under certain conditions, Thompson wrote. Under a precedent cited by plaintiffs, a severance plan can be covered by ERISA if lump-sum payments are based on a discretionary analysis performed on a case-by-case basis.

“Here, by contrast, Twitter paid and offered to pay severance payments based on basic employment criteria that involved mathematical calculations, which does not involve a ‘case-by-case’ analysis or ‘discretionary application’ of the Twitter severance benefits’ terms,” Thompson wrote. “Twitter’s payments were ‘fixed, due at known times, and [did] not depend on contingencies outside the employee’s control.'”

Thompson found that the relevant severance plan is the one applied after the Musk takeover. She wrote that “the operative complaint’s facts do not show that there was any discretion required in determining which employees were eligible because all employees qualified for the severance plan upon termination due to the acquisition and subsequent merger.”

There was also no discretion in bonuses for laid-off employees “because there was a formula for calculating severance payments that staff could apply before issuing payment.” Thompson dismissed the ERISA claims and said that any attempt to amend those claims “would be futile.”

Other severance lawsuits still alive

Plaintiffs can file an amended complaint but only for non-ERISA claims, such as breach of contract or promissory estoppel. An amended complaint may “state claims based on the deficient severance benefits offered or provided to terminated employees pursuant to the severance plan that applied due to the 2022 and 2023 mass layoffs,” Thompson wrote.

If plaintiffs go that route, “this Court will consider issuing an Order finding this case related to one of the cases currently pending, such as Cornet,” Thompson wrote. If the case is found to be related to Cornet, it could be transferred to the District of Delaware, where Cornet is being heard.

The Cornet v. Twitter lawsuit alleges violations of the Worker Adjustment and Retraining Notification (WARN) Act. The lawsuit says that Twitter did not give all employees the required 60 days’ advance written notice before layoffs and that Twitter did not give payments in lieu of the notice.

Both cases concern Twitter’s allegedly “deficient severance payments following mass layoffs in November 2022, December 2022, February 2023, and September 2023,” Thompson noted.

In addition to alleged WARN Act violations, the Cornet suit claims that Twitter violated promises made during the months before Musk completed the acquisition. As Thompson wrote, the “Cornet plaintiffs assert contract-based claims for severance benefits on behalf of a nationwide putative class of X Corp employees and former employees that had been promised that ‘if there were layoffs, employees would receive benefits and severance at least as favorable as the benefits and severance that Twitter previously provided to employees.'”

In September 2023, Musk’s X Corp. agreed to settlement talks on arbitration claims from about 2,000 employees laid off after the sale. However, the talks didn’t end in a deal, and the severance lawsuits continue.

Elon Musk beats one lawsuit seeking severance for laid-off Twitter employees Read More »

users-must-prove-amazon-ripped-them-off-to-revive-buy-box-rigging-suit

Users must prove Amazon ripped them off to revive Buy Box rigging suit

Better come with receipts —

Users want Amazon held accountable for hiding cheaper items with faster delivery.

Users must prove Amazon ripped them off to revive Buy Box rigging suit

A court has dismissed a proposed class-action lawsuit alleging that Amazon’s Buy Box was rigged to rip off customers seeking the best deals on the platform.

The suit followed 2022 antitrust probes in the European Union and United Kingdom that found that Amazon’s Buy Box hid cheaper items with faster delivery times to preference Fulfilled By Amazon (FBA) sellers since at least 2016.

As a result, Amazon had to change its Buy Box practices and earn back the trust of customers and sellers, the company said in a 2022 blog. Among changes, Amazon agreed to treat all sellers equally when featuring offers in the Buy Box and to promote a second competing offer when a comparable deal is available at either a lower price or with a faster delivery time.

Those steps apparently didn’t satisfy users who sued: Jeffrey Taylor and Robert Selway. They asked courts to find a “reasonable inference of injury” since they were Amazon customers for years while the price rigging occurred. They claimed that “but for Amazon’s deceptive conduct concerning the Buy Box algorithm, Plaintiffs and members of the Class would have purchased the lower priced offers from non-FBA sellers with equivalent or better delivery.”

But this week, a US district judge in Seattle, Marsha Pechman, told users suing that it wasn’t enough to show evidence of Amazon’s proven misconduct. To satisfy a claim under Washington’s Consumer Protection Act (CPA), they needed to provide receipts from transactions showing that Amazon charged them higher prices while cheaper items were available. Instead, their complaint seemingly contradicted their claim, only showing one example of a Buy Box screenshot that Pechman said showed a hand soap that was offered by other sellers for prices significantly higher than Amazon’s featured offer.

“Plaintiffs have not adequately shown that they made any specific transaction with Amazon, let alone one from the Buy Box,” Pechman wrote in her order. And they “do not allege any specific purchases in which they were deceived via the Buy Box, let alone provide receipts.”

This doesn’t necessarily end the fight to hold Amazon accountable, though. The judge granted leave for users to amend their complaint and either provide “information regarding specific orders (i.e., receipts)” or “make allegations regarding discrete transactions with Amazon.”

Now, the Amazon users have 30 days to track down receipts or otherwise show evidence of specific transactions where they were injured, Pechman wrote.

“Without a showing of a specific transaction, Plaintiffs cannot possibly allege that they themselves were overcharged for any particular purchase—which is the injury in dispute,” Pechman wrote.

It will likely be challenging for the Amazon users to establish that they paid higher prices for items purchased on the platform years ago, and Pechman admitted this much in her order.

“The Court recognizes that Plaintiffs may be unable to ultimately prove that they overpaid for specific purchases,” Pechman wrote, but the CPA requires more than a “mere possibility of injury.”

Ars could not immediately reach plaintiffs’ lawyers for comment. Amazon declined to comment.

Users must prove Amazon ripped them off to revive Buy Box rigging suit Read More »

fcc-to-block-phone-company-over-robocalls-pushing-scam-“tax-relief-program”

FCC to block phone company over robocalls pushing scam “Tax Relief Program”

Tax debt scam —

Veriwave Telco “identified one client as the source of all of the calls.”

A smartphone on a wooden table displaying an incoming call from an unknown phone number.

Getty Images | Diy13

The Federal Communications Commission said it is preparing to block a phone company that carried illegal robocalls pushing fake programs that promised to wipe out consumers’ tax debt. Veriwave Telco “has not complied with FCC call blocking rules for providers suspected of carrying illegal traffic” and now has two weeks to contest an order that would require all downstream voice providers to block all of the telco’s call traffic, the FCC announced yesterday.

Robocalls sent in the months before tax filing season “purported to provide information about a ‘National Tax Relief Program’ and, in some instances, also discussed a ‘Tax Dismissal Program,'” the FCC order said. “The [Enforcement] Bureau has found no evidence of the existence of either program. Many of the messages further appealed to recipients with the offer to ‘rapidly clear’ their tax debt.”

Call recipients who listened to the prerecorded message and chose to speak to an operator were then asked to provide private information. Nearly 16 million calls were sent, though it’s unclear how many went through Veriwave.

Veriwave is an “originating provider” that distributes call traffic to other phone companies before calls are delivered to landline and cellphone users. The Industry Traceback Group (ITG), which is run by the USTelecom trade association and coordinates with the FCC, conducted tracebacks on about two dozen calls and determined that Veriwave was the originating provider.

“The ITG notified Veriwave of these calls and provided the Company with supporting data identifying each call,” the FCC said in a previous order. “Veriwave did not contest it had originated the calls and identified one client as the source of all of the calls. Veriwave did not offer evidence of consent for the calls or contest the unlawful nature of the calls. Nor did Veriwave contest that any exceptions to the rules applied.”

No reply

The robocalls began, “I’ve been tasked to personally contact you and make sure that you have been provided the information about the new National Tax Relief Program. This relevant information is extremely important with helping those that owe back taxes to rapidly clear their debt.” The calls then listed eligibility requirements for the nonexistent program and instructed recipients to press 1 to speak to a person.

“If the recipient connected to a live operator, the live operator reportedly asked for personal information, including date of birth and Social Security number,” the FCC said.

The FCC said it reached out to Veriwave “about its robocall mitigation efforts, but the email was returned as undeliverable.” The FCC then sent a formal notice to the company but received no response.

The FCC on April 4 notified all US-based voice providers that they were permitted—but not required—to block calls from Veriwave. Under the FCC’s blocking procedures, yesterday’s order triggered a 14-day period in which Veriwave can respond and “demonstrate compliance” with the rules. After that, all phone companies “immediately downstream from Veriwave will then be required to block and cease accepting all traffic received directly from Veriwave beginning 30 days after release of the Final Determination Order.”

The FCC said the ITG conducted tracebacks of 23 illegal robocalls between November 30, 2023, and January 29, 2024, but the actual number of illegal robocalls is apparently much higher. “YouMail, a software app company, estimates that approximately 15.8 million calls of this nature were transmitted in the three months immediately preceding the start of the 2024 tax filing season,” the FCC said. “The Industry Traceback Group and the FCC traced a number of these calls to Veriwave as the originating provider.”

FCC records show that Veriwave, based in Delaware, testified under penalty of perjury in November 2023 that it completed implementation of the STIR/SHAKEN technology that inhibits robocalls by authenticating Caller ID information.

FCC to block phone company over robocalls pushing scam “Tax Relief Program” Read More »

report:-z-library-admins-on-the-lam-ahead-of-us-extradition;-officials-shocked

Report: Z-Library admins on the lam ahead of US extradition; officials shocked

Report: Z-Library admins on the lam ahead of US extradition; officials shocked

Two Russian citizens arrested for running the pirate e-book site Z-Library have reportedly escaped house arrest in Argentina and vanished after a court approved their extradition to the United States.

Accused by the US of criminal copyright infringement, wire fraud, and money laundering, Anton Napolsky and Valeriia Ermakova were arrested in 2022. Until last May, they were being detained in Argentina while a court mulled the Department of Justice’s extradition request, and the US quickly moved to seize Z-Library domains.

But according to a translated article from a local publication called La Voz, the pair suddenly disappeared after submitting a request “to be considered political refugees” in order to “avoid being sent to the US.” Napolsky and Ermakova had long denied wrongdoing, and apparently they “ran away” after giving up on the legal process. They reportedly even stopped talking to their defense lawyer.

Ars was not immediately able to reach the DOJ or the Patronato del Liberado—the agency in Argentina that confirmed to La Voz that the couple had escaped—to verify the report.

Officials told La Voz that the Patronato del Liberado was charged with monitoring the Z-Library admins’ house arrest and “were surprised to find that there was no trace of them” during a routine check-in last May.

According to La Voz, officials believed at that point that Napolsky and Ermakova were still in Argentina. However, after the courts were informed of their escape, a judge ordered their international arrest, suggesting that the court suspected they may have planned to leave the country. There have been no reports since indicating that the couple has resurfaced. TorrentFreak, which has been closely monitoring the case, opined that “the pair could be anywhere by now.”

Z-Library defends admins

The court process leading up to the extradition order was tense, TorrentFreak reported, with Napolsky and Ermakova partly arguing that extradition was inappropriate because the US had never specified “which copyrighted works had allegedly been infringed.”

The pair succeeded in removing the original judge from the case after proving he was biased to the US. But the replacement judge, Abel Sánchez Torres, ultimately ordered their extradition “on five charges classified as illegal copyright, conspiracy to commit electronic fraud, electronic fraud, and conspiracy to launder money,” La Voz reported. At that point, Sánchez Torres also ordered that Napolsky and Ermakova remain under house arrest.

Ars could not immediately reach the Z-Library team to comment on the admins’ reported escape, but Z-Library has long defended Napolsky and Ermakova as innocent. In a Change.org petition, the Z-Library team wrote that both were “project participants who ensure the operation of the platform” and were “not involved in uploading files” the US considered copyright-infringing, calling their detention “unfair and unacceptable.”

“Their detention occurred without compliance with legal norms and with numerous procedural violations, and the FBI request contained knowingly false data on the existence of a court sanction for arrest,” the Z-Library team wrote, clarifying that “a court sanction for arrest has been issued after the arrest” but not before.

The petition is addressed to US Attorney General Merrick Garland and Argentine officials, requesting access to seized Z-Library domains to be restored. It currently has 146,000 out of 150,000 signatures sought, with Z-Library fans defending the platform as providing critical access for people without financial means to knowledge and diverse educational resources.

“Without a doubt, blocking Z-Library seriously hinders academic activity and impedes scientific development,” the petition said, insisting that the US has ignored that “Z-Library contains many unique books and documents that may become inaccessible to the public. This would be a serious blow to the cultural and scientific heritage of humankind.”

The Z-Library team thinks that the US should be pursuing each copyright infringement case on its site separately, rather than targeting the whole platform for takedown.

“We call for the restoration of Z-Library and for a fair solution that takes into account both the rights of authors and the need for people to have free access to educational resources,” the petition said.

Report: Z-Library admins on the lam ahead of US extradition; officials shocked Read More »

first-known-tiktok-mob-attack-led-by-middle-schoolers-tormenting-teachers

First-known TikTok mob attack led by middle schoolers tormenting teachers

First-known TikTok mob attack led by middle schoolers tormenting teachers

A bunch of eighth graders in a “wealthy Philadelphia suburb” recently targeted teachers with an extreme online harassment campaign that The New York Times reported was “the first known group TikTok attack of its kind by middle schoolers on their teachers in the United States.”

According to The Times, the Great Valley Middle School students created at least 22 fake accounts impersonating about 20 teachers in offensive ways. The fake accounts portrayed long-time, dedicated teachers sharing “pedophilia innuendo, racist memes,” and homophobic posts, as well as posts fabricating “sexual hookups among teachers.”

The Pennsylvania middle school’s principal, Edward Souders, told parents in an email that the number of students creating the fake accounts was likely “small,” but that hundreds of students piled on, leaving comments and following the fake accounts. Other students responsibly rushed to report the misconduct, though, Souders said.

“I applaud the vast number of our students who have had the courage to come forward and report this behavior,” Souders said, urging parents to “please take the time to engage your child in a conversation about the responsible use of social media and encourage them to report any instances of online impersonation or cyberbullying.”

Some students claimed that the group attack was a joke that went too far. Certain accounts impersonating teachers made benign posts, The Times reported, but other accounts risked harming respected teachers’ reputations. When creating fake accounts, students sometimes used family photos that teachers had brought into their classrooms or scoured the Internet for photos shared online.

Following The Times’ reporting, the superintendent of the Great Valley School District (GVSD), Daniel Goffredo, posted a message to the community describing the impact on teachers as “profound.” One teacher told The Times that she felt “kicked in the stomach” by the students’ “savage” behavior, while another accused students of slander and character assassination. Both were portrayed in fake posts with pedophilia innuendo.

“I implore you also to use the summer to have conversations with your children about the responsible use of technology, especially social media,” Goffredo said. “What seemingly feels like a joke has deep and long-lasting impacts, not just for the targeted person but for the students themselves. Our best defense is a collaborative one.”

Goffredo confirmed that the school district had explored legal responses to the group attack. But ultimately the district found that they were “limited” because “courts generally protect students’ rights to off-campus free speech, including parodying or disparaging educators online—unless the students’ posts threaten others or disrupt school,” The Times reported.

Instead, the middle school “briefly suspended several students,” teachers told The Times, and held an eighth-grade assembly raising awareness of harms of cyberbullying, inviting parents to join.

Becky Pringle, the president of the National Education Association—which is the largest US teachers’ union—told The Times that teachers have never dealt with such harassment on this scale. Typically, The Times reported, students would target a single educator at a time. Pringle said teachers risk online harassment being increasingly normalized. That “could push educators to question” leaving the profession, Pringle said, at a time when the US Department of Education is already combating a teacher shortage.

While Goffredo said teachers had few options to fight back, he also told parents in an email that the district is “committed to working with law enforcement to support teachers who may pursue legal action.”

“I reiterate my disappointment and sadness that our students’ behavior has caused such duress for our staff,” Goffredo’s message to the community said. “Seeing GVSD in such a prominent place in the news for behavior like this is also disheartening.”

First-known TikTok mob attack led by middle schoolers tormenting teachers Read More »

boeing-to-plead-guilty-to-conspiracy-to-defraud-faa-aircraft-evaluation-group

Boeing to plead guilty to conspiracy to defraud FAA Aircraft Evaluation Group

Boeing guilty plea —

Families say deal with US “fails to hold Boeing accountable” for 346 crash deaths.

An American Airlines plane just before making a landing with a body of water in the background

Enlarge / An American Airlines Boeing 737 MAX 8 aircraft approaches San Diego International Airport for a landing on June 28, 2024.

Getty Images | Kevin Carter

Boeing has agreed to plead guilty to a criminal charge and pay $243.6 million for violating a 2021 agreement that was spurred by two fatal crashes. The US government notified a judge of Boeing’s plea agreement in a July 7 filing in US District Court for the Northern District of Texas.

“The parties have agreed that Boeing will plead guilty to the most serious readily provable offense,” the Department of Justice said. If accepted by the court, the deal would allow Boeing to avoid a trial.

Families of victims said in a filing yesterday that they will urge the court to reject the deal at a plea hearing. “The families intend to argue that the plea deal with Boeing unfairly makes concessions to Boeing that other criminal defendants would never receive and fails to hold Boeing accountable for the deaths of 346 persons,” their lawyers wrote.

The deal stems from Boeing 737 Max crashes in 2018 and 2019 in Indonesia and Ethiopia. After the crashes, Boeing was charged with conspiracy to defraud the Federal Aviation Administration in connection with the agency’s evaluation of the 737 Max.

Conspiracy to defraud FAA

“Boeing will plead guilty to the offense charged in the pending one-count Criminal Information, conspiracy to defraud the United States, specifically, the lawful function of the Federal Aviation Administration Aircraft Evaluation Group,” the US government filing said.

In January 2021, Boeing signed a deferred prosecution agreement and agreed to pay $2.5 billion in penalties and compensation to airline customers and the victims’ families. In May 2024, the Justice Department said it determined that Boeing violated the deferred prosecution agreement “by failing to design, implement, and enforce a compliance and ethics program to prevent and detect violations of the US fraud laws throughout its operations.”

The DOJ determined that Boeing violated the 2021 agreement several months after the January 2024 incident in which a 737 Max 9 used by Alaska Airlines made an emergency landing because a door plug blew off during a flight. Boeing initially said it believed that it honored the terms of the agreement but ultimately agreed to plead guilty to the charge for conspiracy to defraud the FAA.

“The parties have agreed in principle to the material terms of a plea agreement that would, among other things, hold Boeing accountable for its material misstatements to the Federal Aviation Administration, require Boeing to pay the statutory maximum fine, require Boeing to invest at least $455 million in its compliance and safety programs, impose an independent compliance monitor, and allow the Court to determine the restitution amount for the families in its discretion, consistent with applicable law,” the DOJ court filing said.

Boeing will agree to a fine of $243.6 million, which will be doubled to $487.2 million, and is “the maximum criminal fine for the charged offense,” the DOJ said. But “the new plea agreement will recommend that when imposing the sentence, the Court credit the $243.6 million criminal monetary penalty Boeing previously paid pursuant to the [deferred prosecution agreement], with the net result being that Boeing will have to pay another $243.6 million fine.”

Boeing hasn’t agreed on further restitution to victims’ families, but the court could order an additional payment. Boeing agreed to be subject to an independent compliance monitor for three years.

Victims’ families oppose plea deal

Families of the victims of Lion Air Flight 610 and Ethiopian Airlines Flight 302 crashes “have expressed their intention to oppose this (or any) plea agreement,” the DOJ noted. The government said it “conferred with the families, airline customers, and their representatives” and “formulated the plea offer based in part on the feedback” it received.

The DOJ court filing said Boeing will not receive immunity for any other “conduct that may be the subject of any ongoing or future Government investigation of the Company.”

There could also be prosecutions of individuals at Boeing. “DOJ is resolving only with the company—and providing no immunity to any individual employees, including corporate executives, for any conduct,” the agency said in a statement quoted by CNN.

Under the plea agreement, restitution for families would be determined by the court. “The plea agreement will allow the Court to determine the restitution amount for the families in its discretion, consistent with applicable legal principles… Boeing will retain the right to appeal any restitution order it believes was not legally imposed,” the government said.

Because families intend to oppose the plea agreement, the government said it will “meet and confer with all stakeholders on a briefing schedule.” A lawyer for victims’ families asked “that the Court schedule a plea hearing no sooner than late July to allow adequate time for the families to make travel arrangements to attend in person,” the DOJ said.

“This sweetheart deal fails to recognize that because of Boeing’s conspiracy, 346 people died. Through crafty lawyering between Boeing and DOJ, the deadly consequences of Boeing’s crime are being hidden,” Paul Cassell, a lawyer for the families, said.

Boeing did not comment on the specifics of the plea deal. “We can confirm that we have reached an agreement in principle on terms of a resolution with the Justice Department, subject to the memorialization and approval of specific terms,” the company said in a statement provided to Ars.

Boeing to plead guilty to conspiracy to defraud FAA Aircraft Evaluation Group Read More »

elon-musk-denies-tweets-misled-twitter-investors-ahead-of-purchase

Elon Musk denies tweets misled Twitter investors ahead of purchase

Elon Musk denies tweets misled Twitter investors ahead of purchase

Just before the Fourth of July holiday, Elon Musk moved to dismiss a lawsuit alleging that he intentionally misled Twitter investors in 2022 by failing to disclose his growing stake in Twitter while tweeting about potentially starting his own social network in the weeks ahead of announcing his plan to buy Twitter.

Allegedly, Musk devised this fraudulent scheme to reduce the Twitter purchase price by $200 million, a proposed class action filed by an Oklahoma Firefighters pension fund on behalf of all Twitter investors allegedly harmed claimed. But in another court filing this week, Musk insisted that “all indications”—including those referenced in the firefighters’ complaint—”point to mistake,” not fraud.

According to Musk, evidence showed that he simply misunderstood the Securities Exchange Act when he delayed filing a Rule 13 disclosure of his nearly 10 percent ownership stake in Twitter in March 2022. Musk argued that he believed he was required to disclose this stake at the end of the year, rather than within 10 days after the month in which he amassed a 5 percent stake. He said that previously he’d only filed Rule 13 disclosures as the owner of a company—not as someone suddenly acquiring 5 percent stake.

Musk claimed that as soon as his understanding of the law was corrected—on April 1, when he’d already missed the deadline by about seven days—he promptly stopped trading and filed the disclosure on the next trading day.

“Such prompt and corrective disclosure—within seven trading days of the purported deadline—is not the stuff of a fraudulent scheme to manipulate the market,” Musk’s court filing said.

As Musk sees it, the firefighters’ suit “makes no sense” because it basically alleged that Musk always intended to disclose the supposedly fraudulent scheme, which in the context of his extraordinary wealth, barely saved him any meaningful amount of money when purchasing Twitter.

The idea that Musk “engaged in intentional securities fraud in order to save $200 million is illogical in light of Musk’s eventual $44 billion purchase of Twitter,” Musk’s court filing said. “It defies logic that Musk would commit fraud to save less than 0.5 percent of Twitter’s total purchase price, and 0.1 percent of his net worth, all while knowing that there would be ‘an inevitable day of reckoning’ when he would disclose the truth—which was always his intent.”

It’s much more likely, Musk argued, that “Musk’s acknowledgement of his tardiness is that he was expressly acknowledging a mistake, not publicly conceding a purportedly days-old fraudulent scheme.”

Arguing that all firefighters showed was “enough to adequately plead a material omission and misstatement”—which he said would not be an actionable claim under the Securities Exchange Act—Musk has asked for the lawsuit to be dismissed with prejudice. At most, Musk is guilty of neglect, his court filing said, not deception. Allegedly Musk never “had any intention of avoiding reporting requirements,” his court filing said.

The firefighters pension fund has until August 12 to defend its claims and keep the suit alive, Musk’s court filing noted. In their complaint, the fighterfighteres had asked the court to award damages covering losses, plus interest, for all Twitter shareholders determined to be “cheated out of the true value of their securities” by Musk’s alleged scheme.

Ars could not immediately reach lawyers for Musk or the firefighters pension fund for comment.

Elon Musk denies tweets misled Twitter investors ahead of purchase Read More »