Today ProPublica published "the largest-ever analysis of Google's ad practices on non-English-language websites," saying their report shows Google "is funneling revenue to some of the web's most prolific purveyors of false information in Europe, Latin America and Africa," and "reveals how the tech giant makes disinformation profitable...." The company has publicly committed to fighting disinformation around the world, but a ProPublica analysis, the first ever conducted at this scale, documented how Google's sprawling automated digital ad operation placed ads from major brands on global websites that spread false claims on such topics as vaccines, COVID-19, climate change and elections.... The resulting ad revenue is potentially worth millions of dollars to the people and groups running these and other unreliable sites — while also making money for Google.

Platforms such as Facebook have faced stark criticism for failures to crack down on disinformation spread by people and governments on their platforms around the world. But Google hasn't faced the same scrutiny for how its roughly $200 billion in annual ad sales provides essential funding for non-English-language websites that misinform and harm the public. Google's publicly announced policies bar the placement of ads on content that makes unreliable or harmful claims on a range of issues, including health, climate, elections and democracy. Yet the investigation found Google regularly places ads, including those from major brands, on articles that appear to violate its own policy.

ProPublica's examination showed that ads from Google are more likely to appear on misleading articles and websites that are in languages other than English, and that Google profits from advertising that appears next to false stories on subjects not explicitly addressed in its policy, including crime, politics, and such conspiracy theories as chemtrails. A former Google leader who worked on trust and safety issues acknowledged that the company focuses heavily on English-language enforcement and is weaker across other languages and smaller markets....
The former Google leader suggests Google focuses on English-language problems partly because they're sensitive to bad PR and the posibility of regulatory scrutiny (and because English-language markets have the biggest impact).

Google is spending more money to patrol non-English content, a spokesperson told ProPublica, touting the company's "extensive measures to tackle misinformation... In 2021, we removed ads from more than 1.7 billion publisher pages and 63,000 sites globally. We know that our work is not done, and we will continue to invest in our enforcement systems to better detect unreliable claims and protect users around the world."

But in some cases Google's ads appeared on false online article published years ago, the article points out, "suggesting that the company's failure to block ads on content that appears to violate its rules is a long-standing and ongoing problem... [T]he investigation shows that as one arm of Google helps support fact-checkers, its core ad business provides critical revenue that ensures the publication of falsehoods remains profitable."

Slashdot reader storagedude writes: Ransomware groups have been busy improving their data exfiltration tools, and with good reason: As ransomware decryption fails to work most of the time, victims are more likely to pay a ransom to keep their stolen data from being publicly leaked.

But some security researchers think the trend suggests that ransomware groups may change their tactics entirely and abandon ransomware in favor of a combined approach of data destruction and exfiltration, stealing the data before destroying it and any backups, thus leaving the stolen copy of the data as the only hope for victims to recover their data. After all, if ransomware just destroys data anyway, why waste resources developing it?

"With data exfiltration now the norm among threat actors, developing stable, secure, and fast ransomware to encrypt files is a redundant and costly endeavor compared to corrupting files and using the exfiltrated copies as the means of data recovery," Cyderes researchers wrote after analyzing an attack last month.

"Eliminating the step of encrypting the data makes the process faster and eliminates the risk of not getting the full payout, or that the victim will find other ways to decrypt the data," they added. "Data destruction is rumored to be where ransomware is going to go, but we haven't actually seen it in the wild. During a recent incident response, however, Cyderes and Stairwell discovered signs that threat actors are actively in the process of staging and developing this capability."

That incident – involving BlackCat/ALPHV ransomware – turned up an exfiltration tool with hardcoded sftp credentials that was analyzed by Stairwell's Threat Research Team, which found partially-implemented data destruction functionality.

"The use of data destruction by affiliate-level actors in lieu of RaaS deployment would mark a large shift in the data extortion landscape and would signal the balkanization of financially-motivated intrusion actors currently working under the banners of RaaS affiliate programs," the Stairwell researchers wrote.

An anonymous reader quotes a report from Reuters: Australia's biggest health insurer, said on Wednesday a cyber hack had compromised the data of all of its of its nearly 4 million customers, as it warned of a $16 million to $22.3 million hit to first-half earnings. It said on Wednesday that all personal and significant amounts of health claims data of all its customers were compromised in the breach reported this month, a day after it warned the number of customers affected would grow.

Medibank, which covers one-sixth of Australians, said the estimated cost did not include further potential remediation or regulatory expenses. The company reiterated that its IT systems had not been encrypted by ransomware to date and that it would continue to monitor for any further suspicious activity. "Everywhere we have identified a breach, it is now closed," John Goodall, Medibank's top technology executive, told an analyst call on Wednesday. "Our investigation has now established that this criminal has accessed all our private health insurance customers' personal data and significant amounts of their health claims data," chief executive David Koczkar said in a statement. "I apologize unreservedly to our customers. This is a terrible crime -- this is a crime designed to cause maximum harm to the most vulnerable members of our community."

"A U.S. judge in Texas ruled on Friday that people killed in two Boeing 737 MAX crashes are legally considered 'crime victims,'" reports Reuters, "a designation that will determine what remedies should be imposed." In December, some crash victims' relatives said the U.S. Justice Department violated their legal rights when it struck a January 2021 deferred prosecution agreement with the planemaker over two crashes that killed 346 people. The families argued the government "lied and violated their rights through a secret process" and asked U.S. District Judge Reed O'Connor to rescind Boeing's immunity from criminal prosecution — which was part of the $2.5 billion agreement — and order the planemaker publicly arraigned on felony charges.

O'Connor ruled on Friday that "in sum, but for Boeing's criminal conspiracy to defraud the (Federal Aviation Administration), 346 people would not have lost their lives in the crashes."

Paul Cassell, a lawyer for the families, said the ruling "is a tremendous victory" and "sets the stage for a pivotal hearing, where we will present proposed remedies that will allow criminal prosecution to hold Boeing fully accountable."

Boeing did not immediately comment.

The International Criminal Police Organization (Interpol) has announced the launch of its fully operational metaverse, initially designed for activities such as immersive training courses for forensic investigations. Decrypt reports: Unveiled at the 90th Interpol General Assembly in New Delhi, the INTERPOL Metaverse is described as the "first-ever Metaverse specifically designed for law enforcement worldwide." Among other things, the platform will also help law enforcement across the globe to interact with each other via avatars. "For many, the Metaverse seems to herald an abstract future, but the issues it raises are those that have always motivated INTERPOL -- supporting our member countries to fight crime and making the world, virtual or not, safer for those who inhabit it," Jurgen Stock, Interpol's secretary general said in a statement.

One of the challenges identified by organizations is that something that is considered a crime in the physical world may not necessarily be the same in the virtual world. "By identifying these risks from the outset, we can work with stakeholders to shape the necessary governance frameworks and cut off future criminal markets before they are fully formed," said Madan Oberoi, Interpol's executive director of Technology and Innovation. "Only by having these conversations now can we build an effective response."

In a live demonstration at the event, Interpol experts took to a Metaverse classroom to deliver a training course on travel document verification and passenger screening using the capabilities of the newly-launched platform. Students were then teleported to an airport where they were able to apply their newly-acquired skills at a virtual border point. Additionally, Interpol has created an expert group that will be tasked with ensuring new virtual worlds are "secure by design." The report notes that Interpol has also joined "Defining and Building the Metaverse," a World Economic Forum initiative around metaverse governance.

Bruce66423 shares a report from the BBC: A hacker who stole two unreleased songs from Ed Sheeran and sold them on the dark web has been jailed for 18 months. Adrian Kwiatkowski traded the music by Sheeran and 12 songs by rapper Lil Uzi Vert in exchange for cryptocurrency. The 23-year-old, from Ipswich, managed to get hold of them after hacking the performers' digital accounts, the Crown Prosecution Service said. Kwiatkowski admitted 19 charges, including copyright infringement and possessing criminal property. He had made 131,000 pounds ($148,000) from the music, City of London Police said.

According to police, seven devices, including a hard drive that contained 1,263 unreleased songs by 89 artists, were seized. A document saved on the hard drive summarised the method he had used to obtain them along with a stash of Bitcoin which was seized. In August, Kwiatkowski pleaded guilty at Ipswich Magistrates Court to three charges of unauthorised access to computer material, 14 charges of selling copyrighted material, one charge of converting criminal property and two charges of possession of criminal property. Chief crown prosecutor Joanne Jakymec said Kwiatkowski had "complete disregard" for the musicians' creativity, hard work and lost earnings. "He selfishly stole their music to make money for himself by selling it on the dark web," she said. "We will be pursuing ill-gotten gains from these proceeds of crime."

"Hackers are on a roll in 2022, stealing over $3 billion in cryptocurrency," writes Slashdot reader quonset (citing figures from blockchain analytics firm Chainalysis). "And the year isn't over yet.

"For comparison, in 2021, only $2.1 billion in crypto currency was stolen during the entire year."

CBS News reports: A big chunk of that $3 billion, around $718 million, was taken this month in 11 different hacks, Chainalysis said in a series of tweets posted Wednesday. ctober is now the biggest month in the biggest year ever for hacking activity, with more than half the month still to go," the company tweeted.

In past years, hackers focused their efforts on attacking crypto exchanges, but those companies have since strengthened their security, Chainalysis said. These days, cybercriminals are targeting "cross-chain bridges," which allow investors to transfer digital assets and data among different blockchains.... Cross-chain bridges remain a major target for hackers, with three bridges breached this month and nearly $600 million stolen, accounting for 82% of losses this month and 64% of losses all year," Chainalysis said....

All told, Chainalysis said there have been 125 hacks so far this year.
"Cryptocurrency is not federally regulated or FDIC insured like a bank account," the article concludes, "which means if an account gets hacked, the government will not work to restore a customer's funds."

Trevor Milton, the founder and former chairman and CEO of electric heavy truck maker Nikola, was found guilty in federal court on Friday of three of four counts of fraud relating to false statements he made to drive up the value of Nikola's stock. CNBC reports: Milton was charged with two counts of securities fraud and two counts of wire fraud, all related to statements he made about Nikola's business while he was chairman and CEO of the company. Jurors found him guilty on one count of securities fraud and both of the wire fraud counts. Milton faced up to 25 years in prison if convicted on all four counts.

The U.S. Attorney's Office in Manhattan had alleged that Milton lied about "nearly all aspects of the business" he founded in 2014 during his time leading the company. Those lies, prosecutors said, were intended to induce investors to bid up the price of Nikola's stock. "On the backs of those innocent investors taken in by his lies, he became a billionaire virtually overnight," Assistant U.S. Attorney Nicolas Roos said in his opening statement in September. Timeline of events:

June, 2016: Nikola Motor Receives Over 7,000 Preorders Worth Over $2.3 Billion For Its Electric Truck
December, 2016: Nikola Motor Company Reveals Hydrogen Fuel Cell Truck With Range of 1,200 Miles
February, 2020: Nikola Motors Unveils Hybrid Fuel-Cell Concept Truck With 600-Mile Range
June, 2020: Nikola Founder Exaggerated the Capability of His Debut Truck
September, 2020: Nikola Motors Accused of Massive Fraud, Ocean of Lies
September, 2020: Nikola Admits Prototype Was Rolling Downhill In Promo Video
September, 2020: Nikola Founder Trevor Milton Steps Down as Chairman in Battle With Short Seller
October, 2020: Nikola Stock Falls 14 Percent After CEO Downplays Badger Truck Plans
November, 2020: Nikola Stock Plunges As Company Cancels Badger Pickup Truck
July, 2021: Nikola Founder Trevor Milton Indicted on Three Counts of Fraud
December, 2021: EV Startup Nikola Agrees To $125 Million Settlement
September, 2022: Nikola Founder Lied To Investors About Tech, Prosecutor Says in Fraud Trial

Turkey criminalized the spread of what authorities describe as false information on digital platforms, giving the government new powers in the months remaining before elections. From a report: The measure, proposed by the governing AK Party and its nationalist ally MHP, is part of a broader "disinformation" law that was adopted by parliament on Thursday. It mandates a jail term of one to three years for users who share online content that contains "false information on the country's security, public order and overall welfare in an attempt to incite panic or fear." Media groups and opposition parties have decried the bill as censorship, seeing it as a move to stifle critics and journalists in the run-up to elections set for next year. "The crime is defined with rather vague and open-ended terms," said Mustafa Kuleli, vice president of the European Federation of Journalists. "It is not clear how prosecutors will take action against those who allegedly spread false information." Other articles in the law range from amendments to issuance of press cards to the procedure of correcting "false" information online.

An anonymous reader quotes a report from The Register: On June 8, 2020, an individual claiming to be billionaire film producer and philanthropist Sidney Kimmel contacted brokerage Charles Schwab by phone and stated that he had uploaded a wire disbursement form using the service's secure email service. The only problem was the call apparently came from prison. Still, the caller made reference to a transfer verification inquiry earlier that day by his wife -- a role said to have been played by a female co-conspirator. The individual allegedly posing as Kimmel had contacted a Schwab customer service representative three days earlier -- on June 5, 2020 -- about opening a checking account, and was told that a form of identification and a utility bill would be required. On June 6, a co-conspirator is alleged to have provided a picture of Kimmel's driver's license and a Los Angeles Water and Power utility bill. According to court documents [PDF] filed by the US Attorney's Office in the Northern District of Georgia, the uploaded documents consisted of a request for funds to be wired to an external bank and a forged letter of authorization -- both of which appeared to be signed by Kimmel.

On June 9, satisfied that Kimmel had been adequately authenticated, the brokerage sent $11 million from Kimmel's Schwab account to a Zions Bank account for Money Metal Exchange, LLC, an Eagle, Idaho-based seller of gold coins and other precious metals. The real Kimmel had no knowledge of the transaction, which resulted in the purchase of 6,106 American Eagle gold coins. The individual who orchestrated the fraudulent purchase of the coins is alleged to have hired a private security firm on June 13, 2020 to transport the coins from Boise, Idaho to Atlanta, Georgia on a chartered plane. An associate of the fraudster allegedly took possession of the coins three days later. All the while the alleged mastermind, Arthur Lee Cofield Jr, was incarcerated in a maximum security prison in Butts County, Georgia, according to the government. Cofield is serving a 14-year sentence for armed robbery and is also under indictment in Fulton County, Georgia for attempted murder.

The day after the coins were purchased, prison staff are said to have searched Cofield's cell and recovered a blue Samsung cellphone hidden under his arm. The prison forensic unit apparently determined that Cofield had been using an account on free voice and messaging service TextNow and matched the phone number with calls made to Money Metals Exchange. On December 8, 2020, a federal grand jury indicted Cofield and two co-conspirators for conspiracy to commit bank fraud and money laundering. Cofield's attorney, Steven Sadow, subsequently sought to suppress the cellphone evidence on Fourth Amendment grounds, arguing that the warrantless search of the device by prison officials was unrelated to the legitimate function of prison security and maintenance. The government said otherwise, insisting that Cofield does not have standing to contest the search, having no "legitimate expectation of privacy in the contents of a contraband cell phone." The judge overseeing the case sided with the government [PDF] and certified the case to proceed to trial.

"Scammers are leveraging the vulnerabilities in the global supply chain, as well as the public's continuing need for new batteries, to sell a wide variety of counterfeits or unauthorized replicas online," warns America's FBI.

"Do not fall victim to online fraudsters or unauthorized dealers or manufacturers." Counterfeit batteries do not go through the same standardized testing as original equipment manufacturer batteries and can adversely impact the safety and health of the consumer....

Avoid aftermarket batteries when possible because they may be dangerous.... Consumers should avoid all third-party purchases of batteries, as they can appear to be legitimate OEM batteries but are likely counterfeit.... [B]atteries sold at deep discounts or at significantly lower-than-average prices are likely counterfeit.
The FBI warns you should always avoid batteries that:

• are not properly packaged;
• have misprinted or misspelled labels;
• have labels that peel off; or
• do not have official manufacturer batch numbers.

"The FBI's warning is not specific to laptops or smartphones," notes ZDNet, "which makes sense given that batteries are now found in everything from cars, scooters, e-bikes, e-cigarettes and trains to drones and more."

Thanks to Slashdot reader joshuark for sharing the story.

"One of the largest hospital chains in the U.S. was hit with a suspected ransomware cyberattack this week," reports NBC News, "leading to delayed surgeries, hold ups in patient care and rescheduled doctor appointments across the country." CommonSpirit Health, ranked as the fourth-largest health system in the country by Becker's Hospital Review, said Tuesday that it had experienced "an IT security issue" that forced it to take certain systems offline. While CommonSpirit declined to share specifics, a person familiar with its remediation efforts confirmed to NBC News that it had sustained a ransomware attack.

CommonSpirit, which has more than 140 hospitals in the U.S., also declined to share information on how many of its facilities were experiencing delays. Multiple hospitals, however, including CHI Memorial Hospital in Tennessee, some St. Luke's hospitals in Texas, and Virginia Mason Franciscan Health in Seattle all have announced they were affected.

One Texas woman, who spoke to NBC News on the condition of anonymity to protect her family's medical privacy, said that she and her husband had arrived at a CommonSpirit-affiliated hospital on Wednesday for long-scheduled major surgery, only for his doctor to recommend delaying it until the hospital's technical issues were resolved.

The surgeon "told me it could potentially delay post-op care, and he didn't want to risk it," she said.
Wednesday the company confirmed that "We have taken certain systems offline."

"John Galvan was arrested at 18 and spent 35 years in prison for a crime he didn't commit," writes the Innocence Project, a nonprofit specializing in legal exoneration.

"In 2007, John Galvan was about 21 years into a life sentence for a crime he didn't commit when he saw something on the prison television he thought might finally help him prove his innocence and secure his freedom: A re-run of an episode of the Discovery Channel's MythBusters."

At the time of his arrest, they write, Galvan had been handcuffed to a wall for hours, physically beaten, and ultimately "agreed to give a confession that was completely fabricated by the detectives to end the abuse" — that Galvan had started a fire in an apartment building "by throwing a bottle filled with gasoline at the building and then tossing a cigarette into the pool of gasoline on the porch to ignite it." And then 21 years later... In his cell, a 39-year-old John watched as the hosts of MythBusters struggled repeatedly to ignite a pool of gasoline with a lit cigarette, despite fervent attempts. Based on the ignition temperature of gasoline and the temperature range of a lit cigarette, the show's hosts had initially hypothesized that a lit cigarette might be able to ignite spilled gasoline as they had seen on TV and in movies. But after several failed attempts to start a fire, including rolling a lit cigarette directly into a pool of gasoline, the team determined it was highly unlikely that dropping a cigarette into gasoline could cause a fire....

The show's findings were confirmed in 2007, by experiments conducted by the U.S. Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF), which made more than 2,000 attempts to ignite gasoline with a cigarette under various conditions. The bureau's experiments even included a vacuum that increased the cigarette's temperature to the level it would typically reach when being sucked and spraying a mist of gasoline directly onto the lit cigarette. All of the attempts failed. "Despite what you see in action movies, dropping a lit cigarette on to a trail of gasoline won't ignite it, assuming normal oxygen levels and no unusual circumstances," said Richard Tontarski, a forensic scientist and then chief of the ATF's fire research laboratory.

In 2017, when John finally had his evidentiary hearing on his post-conviction claims, [his attorney Tara] Thompson and his legal team presented multiple alibi witnesses, in addition to seven witnesses who testified to being tortured by the same officers who had coerced his confession, documents showing that police had fabricated probable cause to arrest him, and an arson expert who testified that John's false confession was scientifically impossible.... In 2019, the appellate court granted John post-conviction relief on the grounds of actual innocence — a rarity in Illinois — largely based on the abuse used to coerce a false confession from John.

The court concluded that without John's false confession, which he did not give voluntarily, "the State's case was nonexistent."
Thanks to long-time Slashdot reader Sleeping Kirby for sharing the story!

According to the New York Times, former chief security officer of Uber, Joe Sullivan, has been found guilty of hiding a 2016 data breach from authorities and obstructing an investigation by the FTC into the company's security practices. The breach affected more than 57 million Uber riders and drivers. From the report: Mr. Sullivan was deposed by the F.T.C. as it investigated a 2014 breach of Uber's online systems. Ten days after the deposition, he received an email from a hacker who claimed to have found another security vulnerability in its systems. Mr. Sullivan learned that the hacker and an accomplice had downloaded the personal data of about 600,000 Uber drivers and additional personal information associated with 57 million riders and drivers, according to court testimony and documents. The hackers pressured Uber to pay them at least $100,000. Mr. Sullivan's team referred them to Uber's bug bounty program, a way of paying "white hat" researchers to report security vulnerabilities. The program capped payouts at $10,000, according to court testimony and documents. Mr. Sullivan and his team paid the hackers $100,000 and had them sign a nondisclosure agreement.

During his testimony, one of the hackers, Vasile Mereacre, said he was trying to extort money from Uber. Uber did not publicly disclose the incident or inform the F.T.C. until a new chief executive, Dara Khosrowshahi, joined in the company in 2017. The two hackers pleaded guilty to the hack in October 2019. States typically require companies to disclose breaches if hackers download personal data and a certain number of users are affected. There is no federal law requiring companies or executives to reveal breaches to regulators. Federal prosecutors argued that Mr. Sullivan knew that revealing the new hack would extend the F.T.C. investigation and hurt his reputation and that he concealed the hack from the F.T.C. Mr. Sullivan did not reveal the 2016 hack to Uber's general counsel, according to court testimonies and documents. He did discuss the breach with another Uber lawyer, Craig Clark.

Mr. Sullivan did not reveal the 2016 hack to Uber's general counsel, according to court testimonies and documents. He did discuss the breach with another Uber lawyer, Craig Clark. Like Mr. Sullivan, Mr. Clark was fired by Mr. Khosrowshahi after the new Uber chief executive learned about the details of the breach. Mr. Clark was given immunity by federal prosecutors in exchange for testifying against Mr. Sullivan. Mr. Clark testified that Mr. Sullivan told the Uber security team that they needed to keep the breach secret and that Mr. Sullivan changed the nondisclosure agreement signed by the hackers to make it falsely seem that the hack was white-hat research. Mr. Sullivan said he would discuss the breach with Uber's "A Team" of top executives, according to Mr. Clark's testimony. He shared the matter with only one member of the A Team: then chief executive Travis Kalanick. Mr. Kalanick approved the $100,000 payment to the hackers, according to court documents. The case is "believed to be the first time a company executive faced criminal prosecution over a hack," notes the report.

"The way responsibilities are divided up is going to be impacted by this. What's documented is going to be impacted by this The way bug bounty programs are designed is going to be impacted by this," said Chinmayi Sharma, a scholar in residence at the Robert Strauss Center for International Security and Law and a lecturer at the University of Texas at Austin School of Law.

Incidents of fraud and scams are occurring more often on the popular peer-to-peer payment service Zelle, according to a report issued Monday by the office of Sen. Elizabeth Warren, giving the public its first glimpse into the growing problems at Zelle. From a report: The report also found that the large banks that partly own Zelle have been reluctant to compensate customers who have been victims of fraud or scams. For instance, less than half of the money customers reported being sent via Zelle without authorization was being reimbursed. Warren, D-Massachusetts, a long-time critic of the big banks, requested data on fraud and scams on Zelle from seven banks starting in April. The report cites data from four banks that tallied 192,878 cases worth collectively $213.8 million in 2021 and the first half of 2022 where a customer claimed they had been fraudulently tricked into making a payment. In only roughly 3,500 cases did those banks reimburse the customer, the report found.

Further, in the cases where it's clear funds had been taken out of customers' accounts without authorization, only 47% of those dollars were ever reimbursed. Since being launched in June 2017, Zelle has become a popular way for bank customers to send money to friends and family. Almost $500 billion in funds were sent via Zelle in 2021, according to Early Warning Services, the company that operates Zelle. Zelle is the banking industry's answer to the growing popularity of peer-to-peer payment services like PayPal, Venmo and the Cash App. The service allows a bank customer to instantaneously send money to a person via their email or phone number, and it will go from one bank account to another. More than 1,700 banks and credit unions offer the service. But the service has also grown more popular with scammers and criminals. Once money is sent via Zelle, it requires a bank's intervention to attempt to get that money back.

An anonymous reader quotes a report from Gizmodo: The NYPD says it wants to reimagine its current police communication system and transition to encrypted messages by 2024, according to a recent amNY report confirmed by Gizmodo. While law enforcement has spent years fighting to make encryption less accessible for everyday people, police think they need a little more privacy. Critics worry a turn towards encryption by law enforcement could reduce transparency, hamstring the news media, and potentially jeopardize the safety of protestors looking to stay a step ahead.

According to amNY, the NYPD's new plan would allow law enforcement officers discretion on whether or not to publicly disclose newsworthy incidents. That means the NYPD essentially would get to dictate the truth unchallenged in a number of potentially sensitive local stories. The report suggests police are floating the idea of letting members of the news media monitor certain radio transmissions through an NYPD-controlled mobile app. There's a catch though. According to the report, the app would send radio information with a delay. Users may also have to pay a subscription fee to use the service, the paper said.

The NYPD confirmed its planning a "systems upgrade" in the coming years in an email to Gizmodo. "The NYPD is undergoing a systems upgrade that is underway and that will be complete after 2024," a spokesperson for the Deputy Commissioner of Public Information said. "This infrastructure upgrade allows the NYPD to transmit in either an encrypted or non-encrypted format," the NYPD said. "Some parts of the city have had the necessary equipment installed and the Department will begin testing the technology in these areas later this year. We are currently evaluating encryption best practices and will communicate new policies and procedures as we roll out this upgraded technology." The spokesperson claimed the department intends to listen to and consider the needs of the news media during the transition process. "The entire public safety news coverage system depends on scanners, and if scanners and scanner traffic are no longer available to newsrooms then news reporting about crime, fire -- it's going to be very hit or miss," CaliforniansAware General Counsel Terry Francke told the Reporters Committee in a blog post.

"Cutting off the media from getting emergency transmissions represents the clearest regression of the NYPD policy of transparency in its history," New York Press Photographers Association President Bruce Cotler said in an interview with amNY. "We believe shutting down radio transmissions is a danger to the public and to the right of the public to know about important events."

Gizmodo notes that New York joins a growing list of cities considering encrypting radio communications. "Denver, Baltimore, Virginia Beach, Sioux City, Iowa, and Racine, Wisconsin have all moved to implement the technology in recent years."

An anonymous reader quotes a report from TechCrunch: Dubbed the Facial Recognition Act, the bill would compel law enforcement to obtain a judge-authorized warrant before using facial recognition. By adding the warrant requirement, law enforcement would first have to show a court it has probable cause that a person has committed a serious crime, rather than allowing largely unrestricted use of facial recognition under the existing legal regime. The bill also puts other limits on what law enforcement can use facial recognition for, such as immigration enforcement or peaceful protests, or using a facial recognition match as the sole basis for establishing probable cause for someone's arrest.

If passed, the bill would also require law enforcement to annually test and audit their facial recognition systems, and provide detailed reports of how facial recognition systems are used in prosecutions. It would also require police departments and agencies to purge databases of photos of children who were subsequently released without charge, whose charges were dismissed or were acquitted. [...] The bill has so far received glowing support from privacy advocates, rights groups and law enforcement-adjacent groups and organizations alike. Woodrow Hartzog, a law professor at Boston University, praised the bill for strengthening baseline rules and protections across the U.S. "without preempting more stringent limitations elsewhere."

A former National Security Agency employee was arrested on Wednesday for spying on the U.S. government on behalf of a foreign government. Nextgov reports: Jareh Sebastian Dalke, 30, was arrested in Denver, Colorado after allegedly committing three separate violations of the Espionage Act. Law enforcement allege that the violations were committed between August and September of 2022, after he worked as a information systems security designer at the agency earlier that summer. Dalke allegedly used an encrypted email account to leak sensitive and classified documents he obtained while working at the NSA to an individual who claimed to have worked for a foreign government.

The individual who received the documents was later revealed to be an undercover FBI agent. Dalke was arrested in September upon arriving at the location where he and the undercover agent agreed to exchange documentation for $85,000 in compensation. "Dalke told that individual that he had taken highly sensitive information relating to foreign targeting of U.S. systems, and information on U.S. cyber operations, among other topics," the press release from the Department of Justice reads. "To prove he had access to sensitive information, Dalke transmitted excerpts of three classified documents to the undercover FBI agent. Each excerpt contained classification markings." "Should Dalke be found guilty, his sentence could include the dealth penalty or any term of years up to life imprisonment," notes the report.

Oracle has paid $23 million to the US Securities and Exchange Commission to settle corruption charges that subsidiaries in Turkey, United Arab Emirates and India used "slush funds" to bribe foreign officials to win business. The Register reports: The SEC said on Tuesday that Big Red violated provisions of the Foreign Corrupt Practices Act (FCPA) during a three-year period between 2016 and 2019. The cash that was apparently surreptitiously set aside was also spent on paying for foreign officials to attend technology conferences, which breaks Oracle's own internal policies and procedures. And the SEC said that in some instances, it found Oracle staff at the Turkish subsidiary had spent the funds on taking officials' families with them on International conferences or side trips to California.

"The creation of off-books slush funds inherently gives rise to the risk those funds will be used improperly, which is exactly what happened here at Oracle's Turkey, UAE, and India subsidiaries," said Charles Cain, FCPA unit chief at the SEC. "This matter highlights the critical need for effective internal accounting controls throughout the entirety of a company's operations," he added. Oracle, without admitting or denying the findings of the SEC's investigation, has agreed to "cease and desist from committing violations" of the anti-bribery, books and records, and internal accounting controls of the FCPA, said the Commission.

Interpol has issued a red notice for Do Kwon, requesting law enforcement agencies worldwide to search and arrest the Terraform Labs founder whose blockchain startup collapsed earlier this year. From a report: The collapse of Terra cryptocurrency (Luna) and the so-called stablecoin TerraUSD (UST) wiped out investors' $40 billion, prompting an uproar that caused the prosecutors to launch investigations into Kwon and his colleagues. He faces charges in South Korea, the prosecutors said Monday.