Two U.S. authors have filed a proposed class action lawsuit against OpenAI, claiming that the company infringed their copyrights by using their works without permission to train its generative AI system, ChatGPT. The plaintiffs, Massachusetts-based writers Paul Tremblay and Mona Awad, claim the data used to train ChatGPT included thousands of books, including those from illegal "shadow libraries." Reuters reports: The complaint estimated that OpenAI's training data incorporated over 300,000 books, including from illegal "shadow libraries" that offer copyrighted books without permission. Awad is known for novels including "13 Ways of Looking at a Fat Girl" and "Bunny." Tremblay's novels include "The Cabin at the End of the World," which was adapted in the M. Night Shyamalan film "Knock at the Cabin" released in February.

Tremblay and Awad said ChatGPT could generate "very accurate" summaries of their books, indicating that they appeared in its database. The lawsuit seeks an unspecified amount of money damages on behalf of a nationwide class of copyright owners whose works OpenAI allegedly misused.

Data privacy laws in Colorado and Connecticut will go into effect Saturday. From a report: If companies haven't finished their compliance work to abide by the rules, they could face civil penalties of up to $20,000 per violation in some states. Colorado and Connecticut add to an increasingly complex patchwork of state data privacy laws. California paved the way in 2018 after passing the country's first state-level privacy bill, while Virginia followed this year.

The Colorado and Connecticut laws apply to entities that do business in those states, as well as businesses that process a certain amount of data about in-state customers. Under the new laws, residents of each state will have the right to request businesses delete their personal information, ask for a copy of the information businesses have collected about them, opt out of the sale of their personal data, and more. Both laws also require businesses to request opt-in permission from consumers before letting businesses process their sensitive information -- differing from the opt-out mechanism consumers have in California

Online piracy, now being linked with malware, identity theft, and banking fraud, has prompted a coordinated concerning campaign for tougher legislation beyond copyright laws. The French government, news website TorrentFreak reports, is considering an ambitious approach: integrating state-operated domain blacklists into web browsers. This step is well-intentioned, indicating an evolving strategy in battling piracy.

An anonymous reader quotes a report from The Guardian: Social media firms will be ordered to protect children from encountering dangerous stunts and challenges on their platforms under changes to the online safety bill. The legislation will explicitly refer to content that "encourages, promotes or provides instructions for a challenge or stunt highly likely to result in serious injury" as the type of material that under-18s should be protected from. The bill will also require social media companies to proactively prevent children from seeing the highest risk forms of content, such as material encouraging suicide and self-harm. Tech firms could be required to use age-checking measures to prevent under-18s from seeing such material.

In another change to the legislation, which is expected to become law this year, social media platforms will have to introduce tougher age-checking measures to prevent children from accessing pornography -- bringing them in line with the bill's measures for mainstream sites such as Pornhub. Services that publish or allow pornography on their sites will be required to introduce "highly effective" age-checking measures such as age estimation tools that estimate someone's age from a selfie. Other amendments include requiring the communications watchdog Ofcom to produce guidance for tech firms on protecting women and girls online. Ofcom, which will oversee implementation of the act once it comes into force, will be required to consult with the domestic abuse commissioner and victims commissioner when producing the guidance, in order to ensure it reflects the voices of victims.

The updated bill will also criminalize the sharing of deepfake intimate images in England and Wales. In a further change it will require platforms to ask adult users if they wish to avoid content that promotes self-harm or eating disorders or racist content. Once the law comes into force breaches will carry a punishment of a fine of £18m or up to 10% of global turnover. In the most extreme cases, Ofcom will be able to block platforms.

In a landmark ruling (PDF) on Thursday, the New Jersey Supreme Court sided with Facebook in a major court decision that requires prosecutors to get a wiretap order if they want to eavesdrop on social media accounts without adequate evidence of a crime. New Jersey Monitor reports: In a reversal of lower court decisions, the high court ruled against authorities who argued a warrant is sufficient to obtain nearly real-time release of such communications. That argument is unsupported by federal or state statute, the court said, adding that allowing such releases would effectively neuter New Jersey's wiretap law.

In separate cases focused on two men under investigation for drug offenses, authorities obtained a communications data warrant to force Facebook to disclose social media postings -- within 15 minutes of their creation -- made by the pair over a 30-day span. The state contended such releases, which Facebook said were as close to real-time as technology allows, could be made without meeting the higher bar for a wiretap order because by the time Facebook provided them, they would already have been transmitted and electronically stored.

But Thursday's decision says allowing such releases would make the state's wiretap statute obsolete because "law enforcement today would never need to apply for a wiretap order to obtain future electronic communications from Facebook users' accounts on an ongoing basis." Authorities must show probable cause to obtain a warrant. To obtain a wiretap order, they must also demonstrate that other investigatory methods would fail -- because they are too dangerous, for example -- according to criminal defense lawyer Brian Neary. Neary argued on behalf of the New Jersey State Bar Association, which joined the case as a friend of the court. "It's great to see the New Jersey Supreme Court make clear that whenever the government seeks ongoing access to our private conversations, it must meet the heightened protections required under state law and the federal and state constitutions," said Jennifer Granick, surveillance and cybersecurity counsel with the American Civil Liberties Union.

An anonymous reader quotes a report from Ars Technica: The Federal Trade Commission is preparing to file a major antitrust lawsuit accusing Amazon of "leverag[ing] its power to reward online merchants that use its logistics services and punish those who don't," Bloomberg reported today. Bloomberg described the forthcoming lawsuit as "the big one," following several earlier lawsuits filed by the FTC under Chair Lina Khan. "In the coming weeks, the agency plans to file a far-reaching antitrust suit focused on Amazon's core online marketplace, according to documents reviewed by Bloomberg and three people familiar with the case," the report said. Khan may try to force Amazon to "restructure" its business. "Based on her public comments, Khan is unlikely to accept compromises from Amazon and could seek to restructure the company -- a dramatic outcome that Amazon would surely appeal," Bloomberg wrote. [...]

Third-party sellers can rely on Amazon for warehousing, shipping, and other services through the Fulfillment by Amazon (FBA) system, but it takes a big cut out of their revenue. A recent Marketplace Pulse study based on profit and loss statements from a sample of sellers found that "Amazon is pocketing more than 50 percent of sellers' revenue -- up from 40 percent five years ago," because "Amazon has increased fulfillment fees and made spending on advertising unavoidable." "According to P&Ls provided by a sample of sellers, a typical Amazon seller pays a 15 percent transaction fee (Amazon calls it a referral fee), 20-35 percent in Fulfillment by Amazon fees (including storage and other fees), and up to 15 percent for advertising and promotions on Amazon. The total fees vary depending on the category, product price, size, weight, and the seller's business model," Marketplace Pulse wrote in February.

According to Bloomberg's article, the "FTC has amassed evidence that the company disadvantages sellers that don't use these services, and the agency is investigating an algorithm that selects merchants for the web store's coveted 'Buy Box,' where consumers can add products to their cart with one click." "The expected allegations are similar to a 2020 report from a US House subcommittee -- which counted Khan as a staff member -- and overlap with a European antitrust case that charged Amazon with rewarding sellers that use its fulfillment services and using merchants' sales data to boost its own retail business," Bloomberg wrote. Amazon agreed to a settlement with the EU in December 2022. The FTC's current investigation began two years before Khan became chair. "Amazon received the initial investigation notice in June 2019, according to documents viewed by Bloomberg. The first request for records followed two months later," the Bloomberg article said. Upon taking charge in 2021, Khan "personally helped draft some lines of questioning for investigators" and took other actions to beef up the probe into Amazon.

The federal government agency responsible for granting patents and trademarks has confirmed it inadvertently exposed about 61,000 filers' private addresses in a years-long data spill. From a report:The U.S. Patent and Trademark Office (USPTO) said in a notice sent to affected trademark applicants that their private domicile address -- often their home address -- inadvertently appeared in public records between February 2020 and March 2023. U.S. law requires applicants to include their private address when submitting a trademark application in efforts to crack down on fraudulent trademark filings.

USPTO said the issue was discovered in one of its APIs, which allows apps used by both agency staff and filers to access a system for checking the status of pending and registered trademarks. (An API allows two things on the internet, such as an app and a server, to communicate with each other.) USPTO said that the address data also appeared in bulk datasets that the agency publishes online to aid academic and economic research.

An anonymous reader quotes a report from The Hill: Asked June 26 about allegations of secret UFO retrieval and reverse-engineering programs, Senate Intelligence Committee Vice Chairman Marco Rubio (R-Fla.) made several stunning statements. In an exclusive interview, Rubio told NewsNation Washington correspondent Joe Khalil that multiple individuals with "very high clearances and high positions within our government" "have come forward to share" "first-hand" UFO-related claims "beyond the realm of what [the Senate Intelligence Committee] has ever dealt with."

Rubio's comments provide context for a bipartisan provision adopted unanimously by the Senate Intelligence Committee, which would immediately halt funding for any secret government or contractor efforts to retrieve and reverse-engineer craft of "non-earth" or "exotic" origin. This extraordinary language added to the Senate version of the Intelligence authorization bill mirrors and adds significant credibility to a whistleblower's recent, stunning allegations that a clandestine, decades-long effort to recover, analyze and exploit objects of "non-human" origin has been operating illegally without congressional oversight.

Additionally, the bill instructs individuals with knowledge of such activities to disclose all relevant information and grants legal immunity if the information is reported appropriately within a defined timeframe. Moreover, nearly 20 pages of the legislation appear to directly address recent events by enhancing a raft of legal protections for whistleblowers while also permitting such individuals to contact Congress directly. Researcher and congressional expert Douglas Johnson first reported on and analyzed the remarkable bill language, which, if it passes the House, could become law this calendar year.

An anonymous reader quotes a report from TechCrunch: A hacker has stolen the messages, call logs and locations intercepted by a widely used phone monitoring app called LetMeSpy, according to the company that makes the spyware. The phone monitoring app, which is used to spy on thousands of people using Android phones around the world, said in a notice on its login page that on June 21, "a security incident occurred involving obtaining unauthorized access to the data of website users." "As a result of the attack, the criminals gained access to e-mail addresses, telephone numbers and the content of messages collected on accounts," the notice read.

LetMeSpy is a type of phone monitoring app that is marketed for parental control or employee monitoring. The app is also specifically designed to stay hidden on a phone's home screen, making it difficult to detect and remove. Also known as stalkerware or spouseware, these kinds of phone monitoring apps are often planted by someone -- such as spouses or domestic partners -- with physical access to a person's phone, without their consent or knowledge. Once planted, LetMeSpy silently uploads the phone's text messages, call logs, and precise location data to its servers, allowing the person who planted the app to track the person in real-time.

Polish security research blog Niebezpiecznik first reported the breach. When Niebezpiecznik contacted the spyware maker for comment, the hacker reportedly responded instead, claiming to have seized wide access to the spyware maker's domain. It's not clear who is behind the LetMeSpy hack or their motives. The hacker intimated that they deleted LetMeSpy's databases stored on the server. A copy of the hacked database also appeared online later the same day. TechCrunch reviewed the leaked data, which included years of victims' call logs and text messages dating back to 2013. The database we reviewed contained current records on at least 13,000 compromised devices, though some of the devices shared little to no data with LetMeSpy. (LetMeSpy claims to delete data after two months of account inactivity.)

The Supreme Court ruled Tuesday that in order to find someone guilty of making a "true threat" courts must first determine that the person recklessly disregarded the fact that their words might be perceived as threats. From a report: Experts fear the decision will create new hurdles for victims of cyberstalking by requiring them to first prove that their stalkers understand the consequences of their actions. "The Supreme Court has just decreed that stalking is free speech protected by the First Amendment if the stalker genuinely believes his actions are non-threatening," tweeted Mary Anne Franks, a professor at George Washington Law School and president of the nonprofit Cyber Civil Rights Initiative. "That is, the more deluded the stalker, the more protected the stalking."

The case, Counterman v. Colorado, concerns a man named Billy Raymond Counterman, who was convicted under a Colorado anti-stalking law, after he sent a barrage of threatening Facebook messages to a woman he'd never met. The Colorado law didn't require the court to consider Counterman's mental state when he sent the messages. It only had to consider his behavior and how it was objectively received, that is, whether he repeatedly contacted, followed, or surveilled his target in a way that would cause a "reasonable person" distress. Counterman was found guilty under that statute, but he appealed his conviction, arguing that his statements were protected by the First Amendment and did not constitute "true threats," a category of speech that falls outside the bounds of the First Amendment, because it wasn't his intention to threaten his target. In its decision, the Supreme Court overwhelmingly sided with Counterman.

Apple has criticised powers in the UK's Online Safety Bill that could be used to force encrypted messaging tools like iMessage, WhatsApp and Signal to scan messages for child abuse material. From a report: Its intervention comes as 80 organisations and tech experts have written to Technology Minister Chloe Smith urging a rethink on the powers. Apple told the BBC the bill should be amended to protect encryption. End-to-end encryption (E2EE) stops anyone but the sender and recipient reading the message. Police, the government and some high-profile child protection charities maintain the tech -- used in apps such as WhatsApp and Apple's iMessage -- prevents law enforcement and the firms themselves from identifying the sharing of child sexual abuse material.

But in a statement Apple said: "End-to-end encryption is a critical capability that protects the privacy of journalists, human rights activists, and diplomats. "It also helps everyday citizens defend themselves from surveillance, identity theft, fraud, and data breaches. The Online Safety Bill poses a serious threat to this protection, and could put UK citizens at greater risk. "Apple urges the government to amend the bill to protect strong end-to-end encryption for the benefit of all."

Investigations triggered by the cracking of encrypted phones three years ago have so far led to more than 6,500 arrests worldwide and the seizure of hundreds of tons of drugs, French, Dutch and European Union prosecutors said Tuesday. From a report: The announcement underscored the staggering scale of criminality -- mainly drugs and arms smuggling and money laundering -- that was uncovered as a result of police and prosecutors effectively listening in to criminals using encrypted EncroChat phones. "It helped to prevent violent attacks, attempted murders, corruption and large-scale drug transports, as well as obtain large-scale information on organised crime," European Union police and judicial cooperation agencies Europol and Eurojust said in a statement.

The French and Dutch investigation gained access to more than 115 million encrypted communications between some 60,000 criminals via servers in the northern French town of Roubaix, prosecutors said at a news conference in the nearby city of Lille. As a result, 6,558 suspects have been arrested worldwide, including 197 "high-value targets." Seized drugs included 30.5 million pills, 103.5 metric tons (114 tons) of cocaine, 163.4 metric tons (180 tons) of cannabis and 3.3 metric tons (3.6 tons) of heroin. The investigations also led to nearly 740 million euros ($809 million) in cash being recovered and assets or bank accounts worth another 154 million euros ($168 million) frozen.

"Smartwatches are being sent to random military members loaded with malware, much like malware distribution via USB drives in the past," writes longtime Slashdot reader frdmfghtr. "Recipients are advised not to turn them on and report the incident to their local security office." Defense News reports: The Department of the Army Criminal Investigation Division, or CID, in an announcement last week warned the watches may contain malware, potentially granting whoever sent the peripherals "access to saved data to include banking information, contacts, and account information such as usernames and passwords."

A more innocuous tactic may also be to blame: so-called brushing, used in e-commerce to boost a seller's ratings through fake orders and reviews. The CID, an independent federal law enforcement agency consisting of thousands of personnel, did not say exactly how many smartwatches were so far distributed.

Pirate ebook repository Z-Library has released a dedicated desktop application that should make it easier to access the site going forward. The service is at the center of a criminal crackdown and has lost hundreds of domain names, which in part triggered the development of this new software. TorrentFreak reports: Over the past few months, Z-Library users accessed the site through a dedicated URL, which redirected them to a 'personal' domain that provided access to the library. This worked well but the entire operation could easily be wiped out by yet another round of domain seizures. The new desktop launcher, which is available on the Windows, Mac, and Linux platforms, will automatically redirect users to the right place, without being tied to a single domain name. The new desktop launcher, which is available on the Windows, Mac, and Linux platforms, will automatically redirect users to the right place, without being tied to a single domain name.

In addition to simplifying access, the new Z-Library launcher software is able to connect over the Tor network. This can help to evade blocking efforts while adding an extra privacy layer. The software may trigger a warning noting that it's from an unverified developer. According to Z-Library, this is a standard notice but, aside from the copyright infringement angle, people should always treat third-party applications with caution.

In a memo to House staffers this morning, the chamber's Chief Administrative Officer Catherine L. Szpindor said it is placing new guardrails around use of ChatGPT by congressional offices. Axios reports: Szpindor wrote that offices are "only authorized" to use the paid ChatGPT Plus. Unlike the free service, she said, the $20-per-month subscription version "incorporates important privacy features that are necessary to protect House data." She said in addition to other versions of ChatGPT, no other large language models are authorized for use. Szpindor also laid out an array of regulations on how to use the tool.

Offices are allowed to use the tool for "research and evaluation only" and can experiment on how it can improve their operations, but are "not authorized to incorporate it into regular workflow." Offices should only input "non-sensitive" data, she added, instructing staffers not to "paste into the chat bot any blocks of text that have not already been made public." She instructed offices to enable privacy settings, which are disabled by default, to "ensure that your history is not preserved and your interactions are not incorporated back into the large language model."

An anonymous reader quotes a report from Gizmodo: One of the cybercriminals behind 2020's major Twitter hack was sentenced to five years in U.S. federal prison on Friday. Joseph O'Connor (AKA "PlugwalkJoe"), a 24-year-old British citizen, previously pleaded guilty to seven charges associated with the digital attack. He was arrested in Spain in 2021 and extradited to the U.S. in April of this year. In addition to the five years of jail time, O'Connor was also sentenced to three additional years under supervised release and ordered to pay back more than $790,000 in illicitly obtained funds, according to a news release from the U.S. Attorney's Office of the Southern District of New York. Previously, Graham Ivan Clark, another one of the hackers involved who was 17 at the time of the attack, pleaded guilty to related charges and was sentenced to three years in prison.

With all charges combined, O'Connor faced a maximum of 77 years in prison, per a Reuters report, while prosecutors called for a seven-year sentence. Ultimately, he will likely only serve about half of his five years, after having already spent nearly 2.5 years in pre-trial custody, Judge Jed S. Rakoff said during the Friday hearing, according to TechCrunch. Along with his fellow hackers, O'Connor "used his sophisticated technological abilities for malicious purposes -- conducting a complex SIM swap attack to steal large amounts of cryptocurrency, hacking Twitter, conducting computer intrusions to take over social media accounts, and even cyberstalking two victims, including a minor victim," according to a previous statement given by prosecuting U.S. Attorney Damian Williams. [...]

An investigation by the New York State Department of Financial Services determined that the breach was made possible because Twitter "lacked adequate cybersecurity protections," according to an October 2020 report. O'Connor and co were able to gain access to the social platform's internal systems through a simple scheme of calling Twitter employees posing as the company IT department. They were able to trick four Twitter workers into providing their login credentials. The FBI launched its own investigation, which found that O'Connor and his co-conspirators had managed to transfer account ownership to unauthorized users -- sometimes themselves, and sometimes to others willing to pay for the accounts. O'Connor himself paid $10,000 to take over one specific, unnamed account, according to a Department of Justice press statement from May. In addition to the Twitter hack, O'Connor also pleaded guilty to stealing nearly $800,000 from a crypto company by SIM swapping at least three executives' phone numbers. He further admitted to blackmailing an unnamed public figure via Snapchat and swatting a 16-year-old girl.

A "last-minute" government amendment to a bill is an effort to "muzzle" critics of the Data Protection Commission (DPC) and will make the commission's decision-making "even more opaque," a civil liberties group has claimed. From a report: The Irish Council for Civil Liberties has urged all parties in the Dail to challenge the proposed amendment to the Courts and Civil Law (Miscellaneous Provisions) Bill 2022 when it comes up for final debate on Wednesday. The amendment provides that the Commission may direct information deemed by it to be confidential not be disclosed. Failure to comply with a non-disclosure notice issued by the commission will be an offence liable on summary conviction to a $5,450 fine. Dr Johnny Ryan of the ICCL said the amendment "will gag people from speaking about how the DPC handles their complaint and from speaking about how big tech firms or public bodies are misusing their data."

The US Supreme Court refused to revive a lawsuit by music website Genius Media accusing Alphabet's Google of stealing millions of song lyrics. From a report: The justices left in place a ruling that tossed out the suit, which accused Google of violating a contract with Genius by using its song lyrics in search results without attribution. It's the latest victory at the Supreme Court for Google, which earlier this year won a battle over whether its video-streaming platform YouTube can be held liable for hosting terrorist videos.

There are deep disagreements over how copyright laws apply to online speech and aggregation. The lower court said Genius does not own any of the copyrights to its lyrics -- instead, those are held by the songwriters and publishers. Genius claimed that Google violated its contract by scraping lyrics and boosting them in Google Search results without any attribution. Genius, which claimed the saga caused millions of dollars in losses for the website, initially sued Google in 2019. In order to drum up attention and prove its case, Genius said it used a secret code spelling out the word "red-handed" to prove Google was stealing its lyrics. "We appreciate the court's decision, agreeing with the Solicitor General and multiple lower courts that Genius' claims have no merit," Google spokesman Jose Castaneda said Monday. "We license lyrics on Google Search from third parties, and we do not crawl or scrape websites to source lyrics."

Australia's prime minister, Anthony Albanese, has told residents they should turn their smartphones off and on again once a day as a cybersecurity measure -- and tech experts agree. From a report: Albanese said the country needed to be proactive to thwart cyber risks, as he announced the appointment of Australia's inaugural national cybersecurity coordinator. "We need to mobilise the private sector, we need to mobilise, as well, consumers," the prime minister said on Friday. "We all have a responsibility. Simple things, turn your phone off every night for five minutes. For people watching this, do that every 24 hours, do it while you're brushing your teeth or whatever you're doing." The Australian government's advice is not new. In 2020, the United State's National Security Agency issued best-practice guidelines for mobile device security, which included rebooting smartphones once a week to prevent hacking.

An anonymous reader shares news from Bakersfield, California: Four men were arrested in the shooting death of a 61-year-old Bakersfield woman who died after police said she confronted suspects who reportedly stole her car, according to a news release issued Wednesday. Victoria Anne Marie Hampton tracked her reportedly stolen car with an Apple air tag on March 19 without telling law enforcement, according to the Bakersfield Police Department.

The coroner reported she was shot at 6:32 p.m.
Two of the four suspects were 19 years old, one was 18, and one was 23.