An anonymous reader quotes a report from TechCrunch: Michigan-based McLaren Health Care has confirmed that the sensitive personal and health information of 2.2 million patients was compromised during a cyberattack earlier this year. A ransomware gang later took credit for the cyberattack. In a new data breach notice filed with Maine's attorney general, McLaren said hackers were in its systems for three weeks during July 28 through August 23 before the healthcare company noticed a week later on August 31. McLaren said the hackers accessed patient names, their date of birth and Social Security number, and a wealth of medical information, including billing, claims and diagnosis information, prescription and medication details, and information relating to diagnostic results and treatments. Medicare and Medicaid patient information was also taken.

McLaren is a healthcare provider with 13 hospitals across Michigan and about 28,000 total employees. McLaren, whose website touts its cost efficiency measures, made over $6 billion in revenue in 2022. News of the incident broke in October when the Alphv ransomware gang (also known as BlackCat) claimed responsibility for the cyberattack, claiming it took millions of patients' personal information. Days after the cyberattack was disclosed, Michigan attorney general Dana Nessel warned state residents that the breach "could affect large numbers of patients." TechCrunch has seen several screenshots posted by the ransomware gang on its dark web leak site showing access to the company's password manager, internal financial statements, some employee information, and spreadsheets of patient-related personal and health information, including names, addresses, phone numbers, Social Security numbers, and diagnostic information. Alphv/BlackCat claimed in its post that the gang had been in contact with a McLaren representative, without providing evidence of the claim.

Images and information from social media (and other online sources) are being used by AI to create "create convincing and personalized scam calls, texts and emails," writes the Palm Beach Post, citing a warning from Florida's consumer watchdog agency. In an older version of the scam, a caller would greet "Grandma" or "Grandpa" before saying, "It's me — I know I sound funny because I have a cold," and then make an urgent plea for money to get out of a scrap... Using audio and video clips found online, the con artist can clone the voice of a family member to make the call more compelling...

Listen for clues to a con like incorrect or mispronounced names or unfamiliar terms of endearment. The pressure to act quickly and to keep the call a secret are all timeless hallmarks of a scam, the agency notes. Detailed instructions on how to deliver funds in a form that is hard to recover — wired funds, a gift card or pay app — are also indications of a ripoff in the making.
The consumer watchdog agency suggests this precaution. "Encourage family members to set their social media pages to private."

Thanks to long-time Slashdot reader SonicSpike for sharing the article.

Wednesday nearly half of Australia was left without internet or phone service after the country's second largest telecommunications company experienced a service outage affecting 10 million people.

But that's not Optus's only problem, according to this report from the Guardian: Optus has lost a bid in the federal court to keep secret a report on the cause of the 2022 cyber-attack — which resulted in the personal information of about 10 million customers being exposed — after a judge rejected the telco's legal privilege claim. After the hack, the company announced in October last year that it had recruited consultancy firm Deloitte to conduct a forensic assessment of what had led to the cyber-attack. Since then, the company has also faced an investigation by the Office of the Australian Information Commissioner, and a class action case in the federal court. As part of the class action case, law firm Slater and Gordon, acting for the applicants, had sought access to the Deloitte report that was never made public...

It came as the embattled CEO faces pressure over the company's handling of a 14-hour outage on Wednesday, that took phone and internet services offline for 10 million customers, delayed trains, disconnected call centres and hospital phone lines. The company has not announced any independent report into the incident, but it is now subject to two government investigations and a Senate inquiry.

This week the Council of the European Union made an announcement. "With a view to ensuring a trusted and secure digital identity for all Europeans, the Council presidency and European Parliament representatives reached today a provisional agreement on a new framework for a European digital identity (eID)."

The proposed new framework would also require member states "to issue a digital wallet under a notified eID scheme, built on common technical standards, following compulsory certification."

"With the approval of the European digital identity regulation, we are taking a fundamental step so that citizens can have a unique and secure European digital identity," said Nadia Calviao, acting Spanish first vice-president and minister for economy and digitalisation.

From the announcement: The revised regulation constitutes a clear paradigm shift for digital identity in Europe aiming to ensure universal access for people and businesses to secure and trustworthy electronic identification and authentication. Under the new law, member states will offer citizens and businesses digital wallets that will be able to link their national digital identities with proof of other personal attributes (e.g., driving licence, diplomas, bank account). Citizens will be able to prove their identity and share electronic documents from their digital wallets with a click of a button on their mobile phone.

The new European digital identity wallets will enable all Europeans to access online services with their national digital identification, which will be recognised throughout Europe, without having to use private identification methods or unnecessarily sharing personal data. User control ensures that only information that needs to be shared will be shared...

The revised law clarifies the scope of the qualified web authentication certificates (QWACs), which ensures that users can verify who is behind a website, while preserving the current well-established industry security rules and standards.
"When finalised, the text will be submitted to the member states' representatives (Coreper) for endorsement. Subject to a legal/linguistic review, the revised regulation will then need to be formally adopted by the Parliament and the Council before it can be published in the EU's Official Journal and enter into force."

An anonymous reader shared this report from security research Brian Krebs: In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address. Sixteen months later, Experian clearly has not addressed this gaping lack of security. I know that because my account at Experian was recently hacked, and the only way I could recover access was by recreating the account...

The homepage said I needed to provide a Social Security number and mobile phone number, and that I'd soon receive a link that I should click to verify myself. The site claims that the phone number you provide will be used to help validate your identity. But it appears you could supply any phone number in the United States at this stage in the process, and Experian's website would not balk.
One user said they recreated their account this week — even though the phone number they'd input was a random number. "The only difference: it asked me FIVE questions about my personal history (last time it only asked three) before proclaiming, 'Welcome back, Pete!,' and granting full access," @PeteMayo wrote. "I feel silly saving my password for Experian; may as well just make a new account every time."

And Krebs points out that "Regardless, users can simply skip this step by selecting the option to 'Continue another way.'" Experian then asks for your full name, address, date of birth, Social Security number, email address and chosen password. After that, they require you to successfully answer between three to five multiple-choice security questions whose answers are very often based on public records. When I recreated my account this week, only two of the five questions pertained to my real information, and both of those questions concerned street addresses we've previously lived at — information that is just a Google search away...

Experian will send a message to the old email address tied to the account, saying certain aspects of the user profile have changed. But this message isn't a request seeking verification: It's just a notification from Experian that the account's user data has changed, and the original user is offered zero recourse here other than to a click a link to log in at Experian.com. And of course, a user who receives one of these notices will find that the credentials to their Experian account no longer work. Nor do their PIN or account recovery question, because those have been changed also. Your only option at this point is recreate your account at Experian and steal it back from the ID thieves!
Experian's security measures "are constantly evolving," insisted Experian spokesperson Scott Anderson — though Krebs remains unsatisfied. Anderson said all consumers have the option to activate a multi-factor authentication method that's requested each time they log in to their account. But what good is multi-factor authentication if someone can simply recreate your account with a new phone number and email address?

From AaronSwartzDay.com: Aaron Swartz Day was founded, in 2013, after the death of Aaron Swartz, with these combined goals:

To draw attention to what happened to Aaron, in the hopes of stopping it from happening to anyone else.
- This includes clarifying that, although Aaron was a hacker, he didn't hack MIT.

To provide a yearly showcase of many of the projects that were started by Aaron before his death.
- SecureDrop
- Open Library

To provide a yearly showcase of new projects that were directly inspired by Aaron and his work.
A few Aaron-inspired examples from this year's event include:
- The Pursuance Project (by Barrett Brown & Steve Phillips)
- Open Archive (by Natalie Cadranel)
- Jason Leopold's Freedom of Information Act Request (FOIA) activism (article from 2013)
Happening right now is a livestream from 11 a.m. to 6:30 p.m. PST of "intimate virtual talks," including a special presentation by members of Brazil's Aaron Swartz Institute starting in just a few minutes. You can also playback video for talks that happened earlier today.

Other speakers include:

• Scifi novelist/technology activist Cory Doctorow (11 a.m.)
• Signal user support engineer/project manager Riya Abraham (11:30 a.m.)
• EFF executive director Cindy Cohn (12)
• EFF Certbot director of engineering Alexis Hancock (12:20)
• Internet Archive's Brewster Kahle (12:40)
• Anaconda CEO Peter Wang (1)
• The Freedom of the Press Foundation's Kevin O'Gorman (speaking on SecureDrop at 1:30)

With 1.4 billion people, India is the second most-populous country in the world.

But a new article in the Washington Post alleges that India has "set a global standard for online censorship." For years, a committee of executives from U.S. technology companies and Indian officials convened every two weeks in a government office to negotiate what could — and could not — be said on Twitter, Facebook and YouTube. At the "69A meetings," as the secretive gatherings were informally called, officials from India's information, technology, security and intelligence agencies presented social media posts they wanted removed, citing threats to India's sovereignty and national security, executives and officials who were present recalled. The tech representatives sometimes pushed back in the name of free speech...

But two years ago, these interactions took a fateful turn. Where officials had once asked for a handful of tweets to be removed at each meeting, they now insisted that entire accounts be taken down, and numbers were running in the hundreds. Executives who refused the government's demands could now be jailed, their companies expelled from the Indian market. New regulations had been adopted that year to hold tech employees in India criminally liable for failing to comply with takedown requests, a provision that executives referred to as a "hostage provision." After authorities dispatched anti-terrorism police to Twitter's New Delhi office, Twitter whisked its top India executive out of the country, fearing his arrest, former company employees recounted.

Indian officials say they have accomplished something long overdue: strengthening national laws to bring disobedient foreign companies to heel... Digital and human rights advocates warn that India has perfected the use of regulations to stifle online dissent and already inspired governments in countries as varied as Nigeria and Myanmar to craft similar legal frameworks, at times with near-identical language. India's success in taming internet companies has set off "regulatory contagion" across the world, according to Prateek Waghre, a policy director at India's Internet Freedom Foundation...

Despite the huge size of China's market, companies like Twitter and Facebook were forced to steer clear of the country because Beijing's rules would have required them to spy on users. That left India as the largest potential growth market. Silicon Valley companies were already committed to doing business in India before the government began to tighten its regulations, and today say they have little choice but to obey if they want to remain there.
The Post spoke to Rajeev Chandrasekhar, the deputy technology minister in the BJP government who oversees many of the new regulations, who argued "The shift was really simple: We've defined the laws, defined the rules, and we have said there is zero tolerance to any noncompliance with the Indian law...

"You don't like the law? Don't operate in India," Chandrasekhar added. "There is very little wiggle room."

schwit1 shares a report from CNBC: Apple will pay $25 million in back pay and civil penalties to settle a matter over the company's hiring practices under the Immigration and Nationality Act, the Department of Justice announced Thursday. Apple has agreed to pay $6.75 million in civil penalties and establish an $18.25 million fund for back pay to eligible discrimination victims, the DOJ said in a release.

Apple was accused of not advertising positions that it wanted to fill through a federal program called Permanent Labor Certification Program or PERM, which allows U.S. companies to recruit workers who can become permanent U.S. residents after completing a number of requirements. The DOJ said that it believed that Apple followed procedures that were designed to favor current Apple employees holding temporary visas who wanted to become permanent employees. In particular, Apple was accused of not advertising positions on its external website and erecting hurdles such as requiring mailed paper applications, which the DOJ alleges means that some applicants to Apple jobs were not properly considered under federal law.

"These less effective recruitment procedures deterred U.S. applicants from applying and nearly always resulted in zero or very few mailed applications that Apple considered for PERM-related job positions, which allowed Apple to fill the positions with temporary visa holders," according to the settlement agreement between Apple and DOJ. Apple contests the accusation, according to the agreement, and says that it believes it was following the appropriate Department of Labor regulations. Apple also contests that any failures were the result of inadvertent errors and not discrimination, according to the agreement.

An anonymous reader quotes a report from The Record: A federal judge on Tuesday refused to bring back a class action lawsuit alleging four auto manufacturers had violated Washington state's privacy laws by using vehicles' on-board infotainment systems to record and intercept customers' private text messages and mobile phone call logs. The Seattle-based appellate judge ruled that the practice does not meet the threshold for an illegal privacy violation under state law, handing a big win to automakers Honda, Toyota, Volkswagen and General Motors, which are defendants in five related class action suits focused on the issue. One of those cases, against Ford, had been dismissed on appeal previously.

The plaintiffs in the four live cases had appealed a prior judge's dismissal. But the appellate judge ruled Tuesday that the interception and recording of mobile phone activity did not meet the Washington Privacy Act's standard that a plaintiff must prove that "his or her business, his or her person, or his or her reputation" has been threatened. In an example of the issues at stake, plaintiffs in one of the five cases filed suit against Honda in 2021, arguing that beginning in at least 2014 infotainment systems in the company's vehicles began downloading and storing a copy of all text messages on smartphones when they were connected to the system. An Annapolis, Maryland-based company, Berla Corporation, provides the technology to some car manufacturers but does not offer it to the general public, the lawsuit said. Once messages are downloaded, Berla's software makes it impossible for vehicle owners to access their communications and call logs but does provide law enforcement with access, the lawsuit said.

Tim Hardwick reports via MacRumors: WhatsApp has introduced a new privacy feature that lets you hide your IP address from whoever you call over the encrypted communications platform. As it stands, one-to-one calls over WhatsApp are established as a direct peer-to-peer connection between users. While this ensures the best possible voice quality, it means the connected devices must reveal their IP addresses to each other. According to WhatsApp, the new privacy setting introduced today works differently by relaying all of your calls through WhatsApp's servers to obfuscate your location, rather than connecting you directly to the person you are calling.

Meta engineers elaborated on the feature in a blog post: "Most calling products people use today have peer-to-peer connections between participants. This direct connection allows for faster data transfers and better call quality, but it also means that participants need to know each other's IP addresses so that call data packets can be delivered to the correct device -- meaning that the IP addresses are visible to both callers on a 1:1 call. IP addresses may contain information that some of our most privacy-conscious users are mindful of, such as broad geographical location or internet provider. To address this concern, we introduced a new feature on WhatsApp that allows you to protect your IP address during calls. With this feature enabled, all your calls will be relayed through WhatsApp's servers, ensuring that other parties in the call cannot see your IP address and subsequently deduce your general geographical location." WhatsApp notes that call quality might be reduced as a result of using the new setting. The feature can be enabled under "Advanced" privacy settings in the app.

Jason Koebler reports via 404 Media: Voters in Maine overwhelmingly passed a ballot measure Tuesday that enshrines the right to repair cars, a major win for consumers and a blow to auto manufacturers who have spent millions lobbying against similar legislation and fighting against it in the courts. "Question 4," which enshrines consumers' data access to car diagnostics for the purposes of repair, passed by a margin of 84.3-15.7 in Tuesday's election with 94 percent of the votes tallied. The yes/no question was simple: "Do you want to require vehicle manufacturers to standardize on-board diagnostic systems and provide remote access to those systems and mechanical data to owners and independent repair facilities?" "Maine residents have won the right to control their destiny when it comes to car repairs," Tommy Hickey, director of the Maine Automotive Right to Repair Coalition, told 404 Media. "There's a new technology in cars, they've become computers on wheels, and with this law owners in Maine will be the gatekeepers of that information."

One of the world's largest mobile data brokers, Kochava, has lost its battle to stop the Federal Trade Commission from revealing what the FTC has alleged is a disturbing, widespread pattern of unfair use and sale of sensitive data without consent from hundreds of millions of people. ArsTechnica: US District Judge B. Lynn Winmill recently unsealed a court filing, an amended complaint that perhaps contains the most evidence yet gathered by the FTC in its long-standing mission to crack down on data brokers allegedly "substantially" harming consumers by invading their privacy. The FTC has accused Kochava of violating the FTC Act by amassing and disclosing "a staggering amount of sensitive and identifying information about consumers," alleging that Kochava's database includes products seemingly capable of identifying nearly every person in the United States.

According to the FTC, Kochava's customers, ostensibly advertisers, can access this data to trace individuals' movements -- including to sensitive locations like hospitals, temporary shelters, and places of worship, with a promised accuracy within "a few meters" -- over a day, a week, a month, or a year. Kochava's products can also provide a "360-degree perspective" on individuals, unveiling personally identifying information like their names, home addresses, phone numbers, as well as sensitive information like their race, gender, ethnicity, annual income, political affiliations, or religion, the FTC alleged.

Beyond that, the FTC alleged that Kochava also makes it easy for advertisers to target customers by categories that are "often based on specific sensitive and personal characteristics or attributes identified from its massive collection of data about individual consumers." These "audience segments" allegedly allow advertisers to conduct invasive targeting by grouping people not just by common data points like age or gender, but by "places they have visited," political associations, or even their current circumstances, like whether they're expectant parents. Or advertisers can allegedly combine data points to target highly specific audience segments like "all the pregnant Muslim women in Kochava's database," the FTC alleged, or "parents with different ages of children."

According to the Wall Street Journal, Intel may receive billions in U.S. government funding to build secret facilities that produce microchips for the military. SiliconANGLE reports: The facilities, which have not yet been disclosed, would be designated as a "secure enclave" to reduce the military's dependence on chips imported from East Asia, particularly Taiwan, which is at risk of a future invasion from China. The funding for the new facilities would come from the $52.7 billion allocated under the Chips Act, signed into law by President Biden in August 2022. The Chips Act, which had bipartisan support, promotes chipmaking and scientific research through funding and tax credits. The law is aimed at encouraging domestic manufacturing of semiconductors and helping U.S. companies compete with China in developing cutting-edge technologies.

The new Intel facilities, presuming they go ahead, could reside partly at Intel's Arizona factory complex, according to sources referenced in the Journal report. The exact amount of funding that will be made available is not yet known, but "people familiar with the situation" tell the Journal that they could cost about $3 billion to $4 billion, which would come from the $39 billion set aside in the Chips Act for manufacturing grants. Officials from the Commerce Department, the Office of the Director of National Intelligence and the Defense Department are said to be negotiating the project with Intel but have not yet made a final decision.

The first manufacturing grants under the Chip Act are expected to be announced in the coming weeks. The program was reported to have had more than 500 entities express interest and more than 130 have submitted applications or pre-applications for funding.

Tech groups have called on ministers to clarify the extent of proposed powers that they fear would allow the UK government to intervene and block the rollout of new privacy features for messaging apps. FT: The Investigatory Powers Amendment Bill, which was set out in the King's Speech on Tuesday, would oblige companies to inform the Home Office in advance about any security or privacy features they want to add to their platforms, including encryption. At present, the government has the power to force telecoms companies and messaging platforms to supply data on national security grounds and to help with criminal investigations.

The new legislation was designed to "recalibrate" those powers to respond to risks posed to public safety by multinational tech companies rolling out new services that "preclude lawful access to data," the government said. But Meredith Whittaker, president of private messaging group Signal, urged ministers to provide more clarity on what she described as a "bellicose" proposal amid fears that, if enacted, the new legislation would allow ministers and officials to veto the introduction of new safety features. "We will need to see the details, but what is being described suggests an astonishing level of technically confused government over-reach that will make it nearly impossible for any service, homegrown or foreign, to operate with integrity in the UK," she told the Financial Times.

An anonymous reader quotes a report from 404 Media: Hakan Ayik, an infamous drug trafficker who also popularized the use of certain brands of encrypted phones around the world, was arrested during a series of dramatic raids in Turkey last week. At one point a group of heavily armed Turkish tactical officers in brown and gray camouflage piled outside an apartment and banged on the door repeatedly. They then smashed the door down and moved inside with a riot shield, according to a video tweeted by Turkey's Minister of the Interior. The video then showed a photograph of Ayik, shirtless and on his knees while staring straight ahead, surrounded by multiple officers.

It was a moment that capped off the arrest of Australia's most wanted man, and a sign that Turkey is no longer a safe haven to organized criminals. But it was also something of a closing act on Anom, a brand of encrypted phone that the FBI secretly took over and managed for years after inserting a backdoor into the product, allowing agents to read tens of millions of messages sent across it. Ayik unknowingly helped the FBI gain that piercing insight into organized crime by selling the devices to other criminal associates. Given Ayik's position as a trusted authority on what communications tools drug traffickers should use, one associate even referred to him as the 'encryption king' in an Anom message I've seen. According to the Sydney Morning Herald, Ayik will not be extradited to Australia. Instead, Australian police are encouraging Turkish authorities to investigate and prosecute him as a Turkish citizen.

Jacob Knutson reports via Axios: Sensitive, highly detailed personal data for thousands of active-duty and veteran U.S. military members can be purchased for as little as one cent per name through data broker websites, according to a new study (PDF) published on Monday by Duke University researchers. [...] The data about military personnel purchased as part of the study included full names, physical and email addresses, health and financial information and details about their ethnicity, religious practices and political affiliation. In some cases, the information also included whether the person owned or rented a home, was married or had children. The children's ages and sexes were accessible, too.

The researchers bought data on up to around 45,000 military personnel for between $0.12 to $0.32 per record. They also bought data belonging to 5,000 friends and family members of military personnel. Larger data purchases of over 1.5 million service members were available for as little as $0.01 per record from at least one broker the researchers contacted. The researchers called on Congress to pass a comprehensive privacy law and for regulatory agencies like the Federal Trade Commission to develop rules to govern military personnel data purchases.

The city of Washington D.C. is planning to give residents Apple AirTags to help officers track down stolen vehicles. PCMag reports: "Last week, we introduced legislation to address recent crime trends; this week, we are equipping residents with technology that will allow MPD to address these crimes, recover vehicles, and hold people accountable," D.C. Mayor Muriel Bowser said in a statement. "We have had success with similar programs where we make it easier for the community and MPD to work together -- from our Private Security Camera Incentive Program to the wheel lock distribution program -- and we will continue to use all the tools we have, and add new tools, to keep our city safe."

At launch, the AirTags will be available to residents in specific areas of the city that have recently seen the largest increase in vehicle thefts. To obtain the tags, residents will have to attend one of three scheduled distribution events next week where officers will install the device on the resident's cars and help them set up the tracking tag on their mobile devices. The program is currently available for residents who live in Police Service Areas 106, 501, 502, 603, 605, and 606. Check where you live on the MPD's website.

Blake Montgomery reports via The Guardian: Rather than remove copyrighted material from ChatGPT's training dataset, the chatbot's creator is offering to cover its clients' legal costs for copyright infringement suits. OpenAI CEO Sam Altman said on Monday: "We can defend our customers and pay the costs incurred if you face legal claims around copyright infringement and this applies both to ChatGPT Enterprise and the API." The compensation offer, which OpenAI is calling Copyright Shield, applies to users of the business tier, ChatGPT Enterprise, and to developers using ChatGPT's application programming interface. Users of the free version of ChatGPT or ChatGPT+ were not included. [...] Getty Images, Shutterstock and Adobe have extended similar financial liability protection for their image-making software. The announcement was made at the company's first-ever developer conference today, where Altman said there are now 100 million weekly ChatGPT users. The company also announced a platform for making custom versions of ChatGPT for specific use cases -- no coding required.

China's presence is growing in cybersecurity technology, with companies such as Huawei and Tencent accounting for six of the top 10 global patent holdings in the sector as of August. From a report: Chinese companies have made headway in technological fields that affect economic security, according to industry insiders, as they focus on fostering their own tech amid the growing standoff between the U.S. and China. The rankings, compiled by Nikkei in cooperation with U.S. information services provider LexisNexis, are based on patents registered in 95 countries and regions, including Japan, the U.S., China and the European Union. Patent registrations were screened for the cybersecurity field using such factors as the international patent classification, with filings of the same patent in multiple countries counted as a single patent.

As of August, IBM led the rankings with 6,363 patents. Huawei Technologies came in second with 5,735 patents and Tencent Holdings placed third with 4,803. Other Chinese companies in the top 10 included financial services provider Ant Group in sixth with 3,922 patents, followed by power transmission company State Grid Corp. of China with 3,696, Alibaba Group Holding with 3,122 and sovereign wealth fund China Investment with 3,042. Patent applications filed by Chinese companies have increased since around 2018, when the U.S. began to impose full-scale export controls on Chinese high-tech companies. Compared with 10 years ago, IBM's patent holdings increased by a factor of 1.5. In contrast, holdings for Huawei and Tencent were 2.3 times and 13 times higher, respectively.

Epic Games, the maker of the popular game "Fortnite," has launched a battle against Google in federal court in a closely watched antitrust showdown that could reshape how smartphone users get Android apps and pay for in-app content. From a report: Epic's lawsuit in the US District Court in California's Northern District targets the Google Play Store, focusing on Google's fees for in-app subscriptions and one-off transactions, along with other terms that app developers such as Epic say helped Google maintain an illegal monopoly in app distribution.

The legal battle follows a years-long debate about whether app store operators such as Google and Apple foster an open, competitive app ecosystem. The two companies argue their app stores help unlock billions in revenue for small businesses, while ensuring that Android and iOS users benefit from security oversight that the technology giants provide. The jury may hear high-profile witnesses testify from both sides, including Google CEO Sundar Pichai and Epic CEO Tim Sweeney.

The court fight traces back to 2020, when Epic launched Project Liberty, a plan to circumvent Apple and Google's app store terms. That move by Epic forced a confrontation with the tech giants. Epic updated the Fortnite app to encourage players to pay for in-app content directly through Epic's own website -- rather than through Apple and Google's in-app payment systems. That gambit triggered a violation of the app stores' developer terms. The move also prompted both app stores to remove the Fortnite app from their platforms.