An anonymous reader quotes a report from Ars Technica: Earlier this year, we got a look at something unusual: the results of an internal investigation conducted by Harvard Business School that concluded one of its star faculty members had committed research misconduct. Normally, these reports are kept confidential, leaving questions regarding the methods and extent of data manipulations. But in this case, the report became public because the researcher had filed a lawsuit that alleged defamation on the part of the team of data detectives that had first identified potential cases of fabricated data, as well as Harvard Business School itself. Now, the court has ruled (PDF) on motions to dismiss the case. While the suit against Harvard will go on, the court has ruled that evidence-backed conclusions regarding fabricated data cannot constitute defamation -- which is probably a very good thing for science.

The researchers who had been sued, Uri Simonsohn, Leif Nelson, and Joe Simmons, run a blog called Data Colada where, among other things, they note cases of suspicious-looking data in the behavioral sciences. As we detailed in our earlier coverage, they published a series of blog posts describing an apparent case of fabricated data in four different papers published by the high-profile researcher Francesca Gino, a professor at Harvard Business School. The researchers also submitted the evidence to Harvard, which ran its own investigation that included interviewing the researchers involved and examining many of the original data files behind the paper. In the end, Harvard determined that research misconduct had been committed, placed Gino on administrative leave and considered revoking her tenure. Harvard contacted the journals where the papers were published to inform them that the underlying data was unreliable.

Gino then filed suit alleging that Harvard had breached their contract with her, defamed her, and interfered with her relationship with the publisher of her books. She also added defamation accusations against the Data Colada team. Both Harvard and the Data Colada collective filed a motion to have all the actions dismissed, which brings us to this new decision. Harvard got a mixed outcome. This appears to largely be the result that the Harvard Business School adopted a new and temporary policy for addressing research misconduct when the accusations against Gino came in. This, according to the court, leaves questions regarding whether the university had breached its contract with her. However, most of the rest of the suit was dismissed. The judge ruled that the university informing Gino's colleagues that Gino had been placed on administrative leave does not constitute defamation. Nor do the notices requesting retractions sent to the journals where the papers were published. "I find the Retraction Notices amount 'only to a statement of [Harvard Business School]'s evolving, subjective view or interpretation of its investigation into inaccuracies in certain [data] contained in the articles,' rather than defamation," the judge decided.

More critically, the researchers had every allegation against them thrown out. Here, the fact that the accusations involved evidence-based conclusions, and were presented with typical scientific caution, ended up protecting the researchers. The court cites precedent to note that "[s]cientific controversies must be settled by the methods of science rather than by the methods of litigation" and concludes that the material sent to Harvard "constitutes the Data Colada Defendants' subjective interpretation of the facts available to them." Since it had already been determined that Gino was a public figure due to her high-profile academic career, this does not rise to the standard of defamation. And, while the Data Colada team was pretty definitive in determining that data manipulation had taken place, its members were cautious about acknowledging that the evidence they had did not clearly indicate Gino was the one who had performed the manipulation. Finally, it was striking that the researchers had protected themselves by providing links to the data sources they'd used to draw their conclusions. The decision cites a precedent that indicates "by providing hyperlinks to the relevant information, the articles enable readers to review the underlying information for themselves and reach their own conclusions."

A Google executive told colleagues the goal for the company's then-nascent online advertising business in 2009 was to "crush" rival advertising networks, according to evidence prosecutors presented at the tech titan's antitrust trial on Wednesday. From a report: The statements underscored the U.S. Department of Justice's claim that Google has sought to monopolize markets for publisher ad servers and advertiser ad networks, and tried to dominate the market for ad exchanges which sit in the middle. On the third day of the trial, prosecutors began to introduce evidence of how Google employees thought about the company's products at the time when the government alleges it set out to dominate the ad tech market.

"We'll be able to crush the other networks and that's our goal," David Rosenblatt, Google's former president of display advertising, said of the company's strategy in late 2008 or early 2009, according to notes shown in court. Google denies the allegations, saying it faces fierce competition from rival digital advertising companies. Rosenblatt came to Google in 2008 when it acquired his former ad tech company, DoubleClick, and left the following year. The notes of his talk showed him discussing the advantages of owning technology on both sides and the middle of the market. "We're both Goldman and NYSE," he said, he said, according to the notes, referring to one of the world's biggest stock exchanges at the time and one of its biggest market makers. "Google has created what's comparable to the NYSE or London Stock Exchange; in other words, we'll do to display what Google did to search," Rosenblatt said.

Bruce66423 shares a report: The European Union's top court ruled against Apple Tuesday in the tech company's protracted legal battle over contested back taxes in Ireland. The ruling means Apple will be forced to pay Ireland up to $14.4 billion in back taxes and represents the latest setback in Europe for the tech giant. Earlier this year, Apple became the first company to be accused of violating the EU's new major tech competition law. The tax case stretches back to 2016, when the European Commission (EC) ordered Apple repay Ireland roughly $14.4 billion of unpaid taxes.

The commission argued that the tech giant had received "illegal" tax benefits from Ireland over the course of two decades. Apple had housed its European headquarters in Ireland and paid a corporate tax rate of less than 1% in some years, which the EC argued gave Apple an unfair advantage over other companies. Apple and Ireland appealed the decision in 2019. The European Court of Justice on Tuesday overturned the lower court decision and upheld the EC's 2016 order. "Today is a big win for European citizens and for tax justice. The Court of Justice confirms ... that Ireland granted Apple unlawful aid which Ireland now has to recover," Margrethe Vestager, the EU competition chief, said in a statement Tuesday.

Europe's top court on Tuesday upheld a 2.4 billion euro ($2.65 billion) fine imposed on Google for abusing its dominant position by favoring its own shopping comparison service. From a report: The fine stems from an antitrust investigation by the European Commission, the executive arm of the European Union, which concluded in 2017. The commission said at the time that Google had favored its own shopping comparison service over those of its rivals. Google appealed the decision with the General Court, the EU's second-highest court, which also upheld the fine. Google then brought the case before the European Court of Justice, the EU's top court.

The ECJ on Tuesday dismissed the appeal and upheld the commission's fine. "We are disappointed with the decision of the Court," a Google spokesperson told CNBC on Tuesday. "This judgment relates to a very specific set of facts. We made changes back in 2017 to comply with the European Commission's decision. Our approach has worked successfully for more than seven years, generating billions of clicks for more than 800 comparison shopping services."

Vanuatu, Fiji, and Samoa have proposed a change to the International Criminal Court (ICC) to recognize ecocide as a crime, allowing for the prosecution of individuals responsible for significant environmental harm. If successful, the change would recognize ecocide as a crime alongside genocide and war crimes. The Guardian reports: Vanuatu, Fiji and Samoa have proposed a formal recognition by the court of the crime of ecocide, defined as "unlawful or wanton acts committed with knowledge that there is a substantial likelihood of severe and either widespread or long-term damage to the environment being caused by those acts." The proposal was tabled before the ICC in New York on Monday afternoon, and will have to be discussed in full at a later date. Holding full discussions on the proposal is a process likely to take some years, and will face fierce opposition, though much of it will be behind the scenes as most countries will not wish to openly speak out against it.

Philippe Sands KC, a prominent international lawyer and professor of law at University College London, acted as a co-chair of the independent expert panel for the legal definition of ecocide, convened by the Stop Ecocide Foundation. He told the Guardian he was "100% certain" that ecocide would eventually be recognized by the court. "The only question is when," he said. "I was skeptical at first, but now I am a true believer. There has already been real change, as some countries have put it in domestic law. I think this is the right idea at the right time." Belgium recently adopted ecocide as a crime, and the EU has changed some of its guidance on international crime to include it as a "qualified" offense. Mexico is also considering such a law. [...]

Getting to the point where the ICC will consider the proposal has taken years. Stop Ecocide International has been campaigning on the issue since 2017, and Vanuatu made the first call for the crime to be recognized by the ICC in 2019. Although it could take as long as a decade from now before anyone is charged with ecocide even if the changes were implemented by the ICC, the proposal tabled on Monday was vital to gaining broader acceptance of the concept, according to [Jojo Mehta, a co-founder of the Stop Ecocide International campaigning group, which is an observer to the ICC]. "There has been growing progress, as people are increasingly aware of the threat of climate [breakdown]," she said. "People are saying that this much harm to the planet is just not acceptable."

An anonymous reader quotes a report from the New York Times: For years, Google has faced complaints about how it dominates the online advertising market. Many of the concerns stem from the internet giant's suite of software known as Google Ad Manager, which websites around the world use to sell ads on their sites. The technology conducts split-second auctions to place ads each time a user loads a page. The dominance of that technology has landed Google in federal court. On Monday, Judge Leonie Brinkema of the U.S. District Court for the Eastern District of Virginia will preside over the start of a trial in which the Department of Justice accuses the company of abusing control of its ad technology and violating antitrust law (Warning: source may be paywalled; alternative source).

It would be Google's second antitrust trial in less than a year. In August, a federal judge ruled in a separate case that Google had illegally maintained a monopoly in online search, a major victory for the Justice Department. The new trial is the latest salvo by federal antitrust regulators against Big Tech, testing a century-old competition law against companies that have reshaped the way people shop, communicate and consume information. Federal regulators have also filed antitrust lawsuits against Apple,Amazon and Meta, which owns Facebook, Instagram and WhatsApp, saying those companies have also abused their power. Google's vice president for regulatory affairs, Lee-Anne Mulholland, said in a blog post on Sunday that the Justice Department was "picking winners and losers in a highly competitive industry."

"With the cost of ads going down and the number of ads sold going up, the market is working," she said. "The DOJ's case risks inefficiencies and higher prices -- the last thing that America's economy or our small businesses need right now."

For the first time, a U.S. court has ordered the exposure of identities behind anime leaker accounts on X following complaints from producers of Jujutsu Kaisen and Demon Slayer. The order was revealed by Japanese anti-piracy organization CODA (Content Overseas Distribution Association). CBR reports: The order to disclose their identities was issued on Aug. 20 and served on Aug. 30, meaning that these Jujutsu Kaisen and Demon Slayer leakers will be forced to out themselves, lest they face further legal troubles. Several CODA member companies, which include Kodansha (Attack on Titan), Toei Animation (One Piece) and more collected evidence on these accounts; CODA's report states that it has also received other inquiries about other anime and is preparing for further action. "We will continue to work with the rights holders of the victims to take strict action based on the information of the account owners that comes to light, and will demand severe punishment for these leak accounts," it concludes.

AT&T has filed a lawsuit against Broadcom, alleging that Broadcom is refusing to honor an extended support agreement for VMware software unless AT&T purchases additional subscriptions it doesn't need. The company warns the consequences could risk massive outages for AT&T's customer support operations and critical federal services, including the U.S. President's office. The Register reports: A complaint [PDF] filed last week in the Supreme Court of New York State explains that AT&T holds perpetual licenses for VMware software and paid for support services under a contract that ends on September 8. The complaint also alleges that AT&T has an option to extend that support deal for two years -- provided it activates the option before the end of the current deal. AT&T's filing claims it exercised that option, but that Broadcom "is refusing to honor" the contract. Broadcom has apparently told AT&T it will continue to provide support if the comms giant "agrees to purchase scores of subscription services and software." AT&T counters that it "does not want or need" those subscriptions, because they:

- Would impose significant additional contractual and technological obligations on AT
- Would require AT&T to invest potentially millions to develop its network to accommodate the new software;
- May violate certain rights of first refusal that AT&T has granted to third parties;
- Would cost AT&T tens of millions more than the price of the support services alone.

[...] The complaint also suggests Broadcom's refusal to extend support creates enormous risk for US national security -- some of the ~8,600 servers that host AT&T's ~75,000 VMs "are dedicated to various national security and public safety agencies within the federal government as well as the Office of the President." Other VMs are relied upon by emergency responders, and still more "deliver services to millions of AT&T customers worldwide" according to the suit. Without support from Broadcom, AT&T claims it fears "widespread network outages that could cripple the operations of millions of AT&T customers worldwide" because it may not be able to fix VMware's software.

New Mexico Attorney General Raul Torrez has filed a lawsuit against Snap, accusing Snapchat of fostering and promoting illicit sexual material involving children, facilitating sextortion, and enabling trafficking of children, drugs, and guns. CNBC reports: The suit alleges that Snap "repeatedly made statements to the public regarding the safety and design of its platforms that it knew were untrue," or that were contradicted by the company's own internal findings. "Snap was specifically aware, but failed to warn children and parents, of 'rampant' and 'massive' sextortion on its platform -- a problem so grave that it drives children facing merciless and relentless blackmail demands or disclosure of intimate images to their families and friends to suicide," the suit says.

New Mexico's Department of Justice, which Torrez leads, in recent months conducted an investigation that found that there was a "vast network of dark web sites dedicated to sharing stolen, non-consensual sexual images from Snap" and that there were more than 10,000 records related to SNAP and child sexual abuse material "in the last year alone," the department said. The suit alleges violations of New Mexico's unfair trade practices law.

An anonymous reader quotes a report from 404 Media, written by Jason Koebler: I've been videochatting with Mixael Swan Laufer for about 30 minutes about an exciting discovery when he points out that to date, the best way he's been able to bring attention to his organization is "the old school method of me performing a bunch of federal felonies on stage in front of a bunch of people." I stop him and ask: "In this case, what are the felonies?" "Well, the list is pretty long," he said. Laufer is the chief spokesperson of Four Thieves Vinegar Collective, an anarchist collective that has spent the last few years teaching people how to make DIY versions of expensive pharmaceuticals at a tiny fraction of the cost.

Four Thieves Vinegar Collective call what they do "right to repair for your body." Laufer has become well known for handing out DIY pills and medicines at hacking conferences, which include, for example, courses of the abortion drug misoprostol that can be manufactured for 89 cents (normal cost: $160) and which has become increasingly difficult to obtain in some states following the Supreme Court decision in Dobbs. In our call, Laufer had just explained that Four Thieves' had made some miscalculations as part of its latest project, to create instructions for replicating sofosbuvir (Sovaldi), a miracle drug that cures hepatitis C, which he planned to explain and reveal at the DEF CON hacking conference. Unlike many other drugs that treat viruses, Sovaldi does not suppress hepatitis C, a virus that kills roughly 250,000 people around the world each year. It cures it. [...]

Crucially, unlike other medical freedom organizations, Four Thieves isn't suggesting people treat COVID with Ivermectin, isn't shilling random supplements, and doesn't have any sort of commercial arm at all. Instead, they are helping people to make their own, identical pirated versions of proven and tested pharmaceuticals by taking the precursor ingredients and performing the chemical reactions to make the medication themselves. "We don't invent anything, really," Laufer said. "We take things that are on the shelf and hijack them. We like to take something established, and be like 'This works, but you can't get it.' Well, here's a way to get it." A slide at his talk reads "Isn't this illegal? Yeah. Grow up." Four Thieves has developed a suite of open-source tools to help achieve its goal. The core tool, Chemhacktica, is a software platform that uses machine learning to map chemical pathways for synthesizing desired molecules. It suggests potential chemical reactions, identifies precursor materials, and checks their availability for purchase.

The other is Microlab, an open-source controlled lab reactor built from affordable, off-the-shelf components costing between $300 and $500. It uses Chemhacktica's suggested pathways to create medications, and detailed instructions for building and operating the Microlab are provided. Additionally, the company developed a drag-and-drop recipe system called Apothecarium that generates executable files for the Microlab, offering step-by-step guidance on producing specific medications.

Laufer told 404 Media: "I am of the firm belief that we are hitting a watershed where economics and morality are coming to a head, like, 'Look: intellectual property law is based off some ideas that came out of 1400s Venice. They're not applicable and they're being abused and people are dying every day because of it, and it's not OK.'"

Further reading: Meet the Anarchists Making Their Own Medicine (Motherboard; 2018)

Daniel Mthimkhulu, former chief "engineer" at South Africa's Passenger Rail Agency (Prasa), was sentenced to 15 years in prison for claiming false engineering degrees and a doctorate. His fraudulent credentials allowed him to rise rapidly within Prasa, contributing to significant financial losses and corruption within the agency. The BBC reports: Once hailed for his successful career, Daniel Mthimkhulu was head of engineering at the Passenger Rail Agency of South Africa (Prasa) for five years -- earning an annual salary of about [$156,000]. On his CV, the 49-year-old claimed to have had several mechanical engineering qualifications, including a degree from South Africa's respected Witwatersrand University as well as a doctorate from a German university. However, the court in Johannesburg heard that he had only completed his high-school education.

Mthimkhulu was arrested in July 2015 shortly after his web of lies began to unravel. He had started working at Prasa 15 years earlier, shooting up the ranks to become chief engineer, thanks to his fake qualifications. The court also heard how he had forged a job offer letter from a German company, which encouraged Prasa to increase his salary so the agency would not lose him. He was also at the forefront of a 600m rand deal to buy dozens of new trains from Spain, but they could not be used in South Africa as they were too high. [...] In an interview from 2019 with local broadcaster eNCA, Mthimkhulu admitted that he did not have a PhD. "I failed to correct the perception that I have it. I just became comfortable with the title. I did not foresee any damages as a result of this," he said.

Internet Archive's "controlled digital lending" system and removal of controls during the pandemic don't qualify as fair use, the Second Circuit affirmed Wednesday. Bloomberg Law: Four major book publishers again thwarted the online repository's defense that its one-to-one lending practices mirrored those of traditional libraries, this time at the US Court of Appeals for the Second Circuit. Copying books in their entirety isn't transformative, and lending them for free competes with the publishers own book and ebook offerings, the unanimous panel said. Internet Archive said in a statement: We are disappointed in today's opinion about the Internet Archive's digital lending of books that are available electronically elsewhere. We are reviewing the court's opinion and will continue to defend the rights of libraries to own, lend, and preserve books. Further reading: Full-text of court opinion [PDF].

During a 2023 deployment, senior enlisted leaders aboard the Navy ship USS Manchester secretly installed a Starlink Wi-Fi network, allowing them exclusive internet access in violation of Navy regulations. "Unauthorized Wi-Fi systems like the one [then-Command Senior Chief Grisel Marrero] set up are a massive no-no for a deployed Navy ship, and Marrero's crime occurred as the ship was deploying to the West Pacific, where such security concerns become even more paramount among heightened tensions with the Chinese," reports Navy Times. From the report: As the ship prepared for a West Pacific deployment in April 2023, the enlisted leader onboard conspired with the ship's chiefs to install the secret, unauthorized network aboard the ship, for use exclusively by them. So while rank-and-file sailors lived without the level of internet connectivity they enjoyed ashore, the chiefs installed a Starlink satellite internet dish on the top of the ship and used a Wi-Fi network they dubbed "STINKY" to check sports scores, text home and stream movies. The enjoyment of those wireless creature comforts by enlisted leaders aboard the ship carried serious repercussions for the security of the ship and its crew. "The danger such systems pose to the crew, the ship and the Navy cannot be understated," the investigation notes.

Led by the senior enlisted leader of the ship's gold crew, then-Command Senior Chief Grisel Marrero, the effort roped in the entire chiefs mess by the time it was uncovered a few months later. Marrero was relieved in late 2023 after repeatedly misleading and lying to her ship's command about the Wi-Fi network, and she was convicted at court-martial this spring in connection to the scheme. She was sentenced to a reduction in rank to E-7 after the trial and did not respond to requests for comment for this report. The Navy has yet to release the entirety of the Manchester investigation file to Navy Times, including supplemental enclosures. Such records generally include statements or interview transcripts with the accused.

But records released so far show the probe, which wrapped in November, found that the entire chiefs mess knew about the secret system, and those who didn't buy into it were nonetheless culpable for not reporting the misconduct. Those chiefs and senior chiefs who used, paid for, helped hide or knew about the system were given administrative nonjudicial punishment at commodore's mast, according to the investigation. All told, more than 15 Manchester chiefs were in cahoots with Marrero to purchase, install and use the Starlink system aboard the ship. "This agreement was a criminal conspiracy, supported by the overt act of bringing the purchased Starlink onboard USS MANCHESTER," the investigation said. "Any new member of the CPO Mess which then paid into the services joined that conspiracy following the system's operational status."

Records obtained by Navy Times via a Freedom of Information Act request reveal a months-long effort by Marrero to obtain, install and then conceal the chiefs Wi-Fi network from superiors, including the covert installation of a Starlink satellite dish on the outside of the Manchester. When superiors became suspicious about the existence of the network and confronted her about it, Marrero failed to come clean on multiple occasions and provided falsified documents to further mislead Manchester's commanding officer, the investigation states. "The installation and usage of Starlink, without the approval of higher headquarters, poses a serious risk to mission, operational security, and information security," the investigation states.

According to Bloomberg (paywalled), Nvidia has received a subpoena from the U.S. Department of Justice as the regulator seeks evidence that the AI computing company violated antitrust laws. "The antitrust watchdog had previously delivered questionnaires to companies, and is now sending legally binding requests," notes Reuters. "Officials are concerned that the chipmaker is making it harder to switch to other suppliers and penalizes buyers that do not exclusively use its artificial intelligence chips."

The development follows a push by progressive groups last month, who criticized Nvidia's bundling of software and hardware, claiming it stifles innovation and locks in customers. In July, French antitrust regulators announced plans to charge the company for alleged anti-competitive practices.

Developing...

An anonymous reader quotes a report from the Associated Press: The Dutch data protection watchdog on Tuesday issued facial recognition startup Clearview AI with a fine of $33.7 million over its creation of what the agency called an "illegal database" of billion of photos of faces. The Netherlands' Data Protection Agency, or DPA, also warned Dutch companies that using Clearview's services is also banned. The data agency said that New York-based Clearview "has not objected to this decision and is therefore unable to appeal against the fine."

But in a statement emailed to The Associated Press, Clearview's chief legal officer, Jack Mulcaire, said that the decision is "unlawful, devoid of due process and is unenforceable." The Dutch agency said that building the database and insufficiently informing people whose images appear in the database amounted to serious breaches of the European Union's General Data Protection Regulation, or GDPR. "Facial recognition is a highly intrusive technology, that you cannot simply unleash on anyone in the world," DPA chairman Aleid Wolfsen said in a statement. "If there is a photo of you on the Internet -- and doesn't that apply to all of us? -- then you can end up in the database of Clearview and be tracked. This is not a doom scenario from a scary film. Nor is it something that could only be done in China," he said. DPA said that if Clearview doesn't halt the breaches of the regulation, it faces noncompliance penalties of up to $5.6 million on top of the fine. Mulcaire said Clearview doesn't fall under EU data protection regulations. "Clearview AI does not have a place of business in the Netherlands or the EU, it does not have any customers in the Netherlands or the EU, and does not undertake any activities that would otherwise mean it is subject to the GDPR," he said.

Hewlett Packard Enterprise has confirmed it will push ahead with a high court lawsuit against the estate of the deceased tech tycoon Mike Lynch in which it is seeking damages of up to $4 billion. From a report: The US company said in a statement it would follow the legal proceedings "through to their conclusion" despite Lynch's death last month when his yacht sank off the coast of Italy. HPE won a civil claim against Lynch in the English high court in 2022, after accusing him and his former finance director Sushovan Hussain of fraud over its $11 billion takeover of his software company Autonomy in 2011.

A ruling on damages is expected soon, although the judge presiding over the case, Mr Justice Hildyard, wrote in 2022 that he expected final damages to be "substantially less than is claimed." Lynch, 59, who was cleared in a separate criminal fraud trial over the Autonomy deal in the US in June, and his 18-year-old daughter Hannah, were among seven people who died after the Bayesian superyacht sank off the coast of Sicily last month.

A former executive of smartphone startup OSOM Products has filed a lawsuit alleging the company's founder misused funds for personal expenses, including two Lamborghinis and a lavish lifestyle. Mary Ross, OSOM's ex-Chief Privacy Officer, is seeking access to company records in a Delaware court filing.

OSOM, founded in 2020 by former Essential employees, launched two products: the Solana-backed Saga smartphone and a privacy cable. Android founder Andy Rubin founded Essential, which sought to compete with Apple and Android-makers on a smartphone, but later shutdown after not find many takers for its phone. The lawsuit claims OSOM founder Jason Keats used company money for racing hobbies, first-class travel, and mortgage payments.

Slashdot covered shrinkwrap licenses on software back in 2000 and 2002. But now ewhac (Slashdot reader #5,844) writes: The user Wraithe on the Mastodon network is reporting that a bottle of Vital Proteins(TM) collagen peptides purchased at Costco came with a shrinkwrap contract. Collagen peptides are often used as an anti-aging nutritional supplement. The top of the Vital Proteins bottle has a pull-to-open seal. Printed on the seal is the following: "Read This: By opening and using this product, you agree to be bound by our Terms and Conditions, fully set forth at vitalproteins.com/tc, which includes a mandatory arbitration agreement. If you do not agree to be bound, please return this product immediately."

So-called "shrinkwrap contracts" have been the subject of controversy and derision for decades since their first widespread appearance in the 1970's, attempting to alter the terms of sale after the fact, impose unethical and onerous restrictions on the purchaser, and absolving the vendor of all liability. Most such contracts appear on items involving copyrighted works (computer software, or any item containing computer software). The alleged "validity" of such contracts supposedly proceeds from the (alleged) need that the item requires a copyright license from the vendor to use (because the right to use/read/listen/view/execute is somehow not concomitant with purchase), and that the shrinkwrap contract furnishes such license.

The application of such a contract to a good where copyright has no scope, however, is something new. The alleged contract itself governs consumers' use of, "the VitalProteins.com website and any other applications, content, products, and services (collectively, the "Service")...," contains the usual we're-not-responsible-for-anything indemnification paragraph, and unilaterally removes your right to seek redress in court of law and imposes binding arbitration involving any disputes that may arise between the consumer and the company. Indeed, the arbitration clause is the first numbered section in the alleged contract.
The same contract has been spotted by numerous others — including someone who posted about it on Reddit two years ago. ("When I opened it, encountered a vacuum seal with the following 'READ THIS: by opening and using this product, you agree to...'") But the same verbiage still appears in online listings today for the product from Albertsons, Walgreens, and CVS.

Shrinkwrap contracts. They're not just for software any more...

Casey Newton, former senior editor at the Verge, weighs in on Platformer about the arrest of Telegram CEO Pavel Durov.

"Fending off onerous speech regulations and overzealous prosecutors requires that platform builders act responsibly. Telegram never even pretended to." Officially, Telegram's terms of service prohibit users from posting illegal pornographic content or promotions of violence on public channels. But as the Stanford Internet Observatory noted last year in an analysis of how CSAM spreads online, these terms implicitly permit users who share CSAM in private channels as much as they want to. "There's illegal content on Telegram. How do I take it down?" asks a question on Telegram's FAQ page. The company declares that it will not intervene in any circumstances: "All Telegram chats and group chats are private amongst their participants," it states. "We do not process any requests related to them...."

Telegram can look at the contents of private messages, making it vulnerable to law enforcement requests for that data. Anticipating these requests, Telegram created a kind of jurisdictional obstacle course for law enforcement that (it says) none of them have successfully navigated so far. From the FAQ again:

To protect the data that is not covered by end-to-end encryption, Telegram uses a distributed infrastructure. Cloud chat data is stored in multiple data centers around the globe that are controlled by different legal entities spread across different jurisdictions. The relevant decryption keys are split into parts and are never kept in the same place as the data they protect. As a result, several court orders from different jurisdictions are required to force us to give up any data. [...] To this day, we have disclosed 0 bytes of user data to third parties, including governments.

As a result, investigation after investigation finds that Telegram is a significant vector for the spread of CSAM.... The company's refusal to answer almost any law enforcement request, no matter how dire, has enabled some truly vile behavior. "Telegram is another level," Brian Fishman, Meta's former anti-terrorism chief, wrote in a post on Threads. "It has been the key hub for ISIS for a decade. It tolerates CSAM. Its ignored reasonable [law enforcement] engagement for YEARS. It's not 'light' content moderation; it's a different approach entirely.
The article asks whether France's action "will embolden countries around the world to prosecute platform CEOs criminally for failing to turn over user data." On the other hand, Telegram really does seem to be actively enabling a staggering amount of abuse. And while it's disturbing to see state power used indiscriminately to snoop on private conversations, it's equally disturbing to see a private company declare itself to be above the law.

Given its behavior, a legal intervention into Telegram's business practices was inevitable. But the end of private conversation, and end-to-end encryption, need not be.

An anonymous reader quotes a report from Ars Technica, written by Dan Goodin: A judge in Ohio has issued a temporary restraining order against a security researcher who presented evidence that a recent ransomware attack on the city of Columbus scooped up reams of sensitive personal information, contradicting claims made by city officials. The order, issued by a judge in Ohio's Franklin County, came after the city of Columbus fell victim to a ransomware attack on July 18 that siphoned 6.5 terabytes of the city's data. A ransomware group known as Rhysida took credit for the attack and offered to auction off the data with a starting bid of about $1.7 million in bitcoin. On August 8, after the auction failed to find a bidder, Rhysida released what it said was about 45 percent of the stolen data on the group's dark web site, which is accessible to anyone with a TOR browser.

Columbus Mayor Andrew Ginther said on August 13 that a "breakthrough" in the city's forensic investigation of the breach found that the sensitive files Rhysida obtained were either encrypted or corrupted, making them "unusable" to the thieves. Ginther went on to say the data's lack of integrity was likely the reason the ransomware group had been unable to auction off the data. Shortly after Ginther made his remarks, security researcher David Leroy Ross contacted local news outlets and presented evidence that showed the data Rhysida published was fully intact and contained highly sensitive information regarding city employees and residents. Ross, who uses the alias Connor Goodwolf, presented screenshots and other data that showed the files Rhysida had posted included names from domestic violence cases and Social Security numbers for police officers and crime victims. Some of the data spanned years.

On Thursday, the city of Columbus sued Ross (PDF) for alleged damages for criminal acts, invasion of privacy, negligence, and civil conversion. The lawsuit claimed that downloading documents from a dark web site run by ransomware attackers amounted to him "interacting" with them and required special expertise and tools. The suit went on to challenge Ross alerting reporters to the information, which ii claimed would not be easily obtained by others. "Only individuals willing to navigate and interact with the criminal element on the dark web, who also have the computer expertise and tools necessary to download data from the dark web, would be able to do so," city attorneys wrote. "The dark web-posted data is not readily available for public consumption. Defendant is making it so." The same day, a Franklin County judge granted the city's motion for a temporary restraining order (PDF) against Ross. It bars the researcher "from accessing, and/or downloading, and/or disseminating" any city files that were posted to the dark web. The motion was made and granted "ex parte," meaning in secret before Ross was informed of it or had an opportunity to present his case.