Organized crime is mining sand from rivers and coasts to feed demand worldwide, ruining ecosystems and communities. Can it be stopped? Scientific American reports: Very few people are looking closely at the illegal sand system or calling for changes, however, because sand is a mundane resource. Yet sand mining is the world's largest extraction industry because sand is a main ingredient in concrete, and the global construction industry has been soaring for decades. Every year the world uses up to 50 billion metric tons of sand, according to a United Nations Environment Program report. The only natural resource more widely consumed is water. A 2022 study by researchers at the University of Amsterdam concluded that we are dredging river sand at rates that far outstrip nature's ability to replace it, so much so that the world could run out of construction-grade sand by 2050. The U.N. report confirms that sand mining at current rates is unsustainable.

The greatest demand comes from China, which used more cement in three years (6.6 gigatons from 2011 through 2013) than the U.S. used in the entire 20th century (4.5 gigatons), notes Vince Beiser, author of The World in a Grain. Most sand gets used in the country where it is mined, but with some national supplies dwindling, imports reached $1.9 billion in 2018, according to Harvard's Atlas of Economic Complexity. Companies large and small dredge up sand from waterways and the ocean floor and transport it to wholesalers, construction firms and retailers. Even the legal sand trade is hard to track. Two experts estimate the global market at about $100 billion a year, yet the U.S. Geological Survey Mineral Commodity Summaries indicates the value could be as high as $785 billion.

Sand in riverbeds, lake beds and shorelines is the best for construction, but scarcity opens the market to less suitable sand from beaches and dunes, much of it scraped illegally and cheaply. With a shortage looming and prices rising, sand from Moroccan beaches and dunes is sold inside the country and is also shipped abroad, using organized crime's extensive transport networks, Abderrahmane has found. More than half of Morocco's sand is illegally mined, he says.

An anonymous reader quotes a report from Wired: Stablecoins, cryptocurrencies pegged to a stable value like the US dollar, were created with the promise of bringing the frictionless, border-crossing fluidity of Bitcoin to a form of digital money with far less volatility. That combination has proved to be wildly popular, rocketing the total value of stablecoin transactions since 2022 past even that of Bitcoin itself. It turns out, however, that as stablecoins have become popular among legitimate users over the past two years, they were even more popular among a different kind of user: those exploiting them for billions of dollars of international sanctions evasion and scams.

As part of itsannual crime report, cryptocurrency-tracing firm Chainalysis today released new numbers on the disproportionate use of stablecoins for both of those massive categories of illicit crypto transactions over the last year. By analyzing blockchains, Chainalysis determined that stablecoins were used in fully 70 percent of crypto scam transactions in 2023, 83 percent of crypto payments to sanctioned countries like Iran and Russia, and 84 percent of crypto payments to specifically sanctioned individuals and companies. Those numbers far outstrip stablecoins' growing overall use -- including for legitimate purposes -- which accounted for 59 percent of all cryptocurrency transaction volume in 2023.

In total, Chainalysis measured $40 billion in illicit stablecoin transactions in 2022 and 2023 combined. The largest single category of that stablecoin-enabled crime was sanctions evasion. In fact, across all cryptocurrencies, sanctions evasion accounted for more than half of the $24.2 billion in criminal transactions Chainalysis observed in 2023, with stablecoins representing the vast majority of those transactions. [...] Chainalysis concedes that the analysis in its report excludes some cryptocurrencies like Monero and Zcash that are designed to be harder or impossible to trace with blockchain analysis. It also says it based its numbers on the type of cryptocurrency sent directly to an illicit actor, which may leave out other currencies used in money laundering processes that repeatedly swap one type of cryptocurrency for another to make tracing more difficult. "Whether it's an individual located in Iran or a bad guy trying to launder money -- either way, there's a benefit to the stability of the US dollar that people are looking to obtain," says Andrew Fierman, Chainalysis' head of sanctions strategy. "If you're in a jurisdiction where you don't have access to the US dollar due to sanctions, stablecoins become an interesting play."

Fierman points to Nobitex, the largest cryptocurrency exchange operating in the sanctioned country of Iran, as well as Garantex, a notorious exchange based in Russia that has been specifically sanctioned for its widespread criminal use. According to Chainalysis, "Stablecoin usage on Nobitex outstrips bitcoin by a 9:1 ratio, and on Garantex by a 5:1 ratio," reports Wired. "That's a stark difference from the roughly 1:1 ratio between stablecoins and bitcoins on a few nonsanctioned mainstream exchanges that Chainalysis checked for comparison."

Speaking of cyber attacks, JPMorgan Chase is targeted by hackers trying to infiltrate its systems 45 billion times a day (Warning: source may be paywalled; alternative source) -- twice the rate at which it was attacked a year earlier -- the bank's head of asset and wealth management has said. FT: Speaking at Davos on Wednesday, Mary Erdoes said the bank spent $15bn on technology every year and employed 62,000 technologists, with many focused solely on combating the rise in cyber crime. "We have more engineers than Google or Amazon. Why? Because we have to," she said. "The fraudsters get smarter, savvier, quicker, more devious, more mischievous."

Western lenders have suffered a surge in cyber attacks in the past two years, which has been partly blamed on Russian hackers acting in response to sanctions placed on the country and its banks following its full-scale invasion of Ukraine. But the use of artificial intelligence by cyber criminals has also increased the number of incidents and level of sophistication of attacks. UPDATE 1/18/24: In a statement provided to Slashdot, a JPMorgan spokesperson said: "The 45 billion per day figure measures numerous activities, not just hacking attempts. As updated by Bloomberg, 'Examples of activity can include user log ins like employee virtual desktops, and scanning activity, which are often highly automated and not targeted.'" Bloomberg and FT have updated their articles accordingly.

E-commerce giant eBay agreed to pay a $3 million penalty for the harassment and stalking of a Massachusetts couple by several of its employees. "The couple, Ina and David Steiner, had been subjected to threats and bizarre deliveries, including live spiders, cockroaches, a funeral wreath and a bloody pig mask in August 2019," reports CBS News. From the report: Thursday's fine comes after several eBay employees ran a harassment and intimidation campaign against the Steiners, who publish a news website focusing on players in the e-commerce industry. "eBay engaged in absolutely horrific, criminal conduct. The company's employees and contractors involved in this campaign put the victims through pure hell, in a petrifying campaign aimed at silencing their reporting and protecting the eBay brand," Levy said. "We left no stone unturned in our mission to hold accountable every individual who turned the victims' world upside-down through a never-ending nightmare of menacing and criminal acts."

The Justice Department criminally charged eBay with two counts of stalking through interstate travel, two counts of stalking through electronic communications services, one count of witness tampering and one count of obstruction of justice. The company agreed to pay $3 million as part of a deferred prosecution agreement. Under the agreement, eBay will be required to retain an independent corporate compliance monitor for three years, officials said, to "ensure that eBay's senior leadership sets a tone that makes compliance with the law paramount, implements safeguards to prevent future criminal activity, and makes clear to every eBay employee that the idea of terrorizing innocent people and obstructing investigations will not be tolerated," Levy said.

Former U.S. Attorney Andrew Lelling said the plan to target the Steiners, which he described as a "campaign of terror," was hatched in April 2019 at eBay. Devin Wenig, eBay's CEO at the time, shared a link to a post Ina Steiner had written about his annual pay. The company's chief communications officer, Steve Wymer, responded: "We are going to crush this lady." About a month later, Wenig texted: "Take her down." Prosecutors said Wymer later texted eBay security director Jim Baugh. "I want to see ashes. As long as it takes. Whatever it takes," Wymer wrote. Investigators said Baugh set up a meeting with security staff and dispatched a team to Boston, about 20 miles from where the Steiners live. "Senior executives at eBay were frustrated with the newsletter's tone and content, and with the comments posted beneath the newsletter's articles," the Department of Justice wrote in its Thursday announcement. Two former eBay security executives were sentenced to prison over the incident.

Zack Whittaker, reporting for TechCrunch: Civil liberties advocates have long argued that "geofence" search warrants are unconstitutional for their ability to ensnare entirely innocent people who were nearby at the time a crime was committed. But errors in the geofence warrant applications that go before a judge can violate the privacy of vastly more people -- in one case almost two miles away.

Attorneys at the ACLU of Northern California found what they called an "alarming error" in a geofence warrant application that "resulted in a warrant stretching nearly two miles across San Francisco." The error, likely caused by a typo, allowed the requesting law enforcement agency to capture information on anyone who entered the stretch of San Francisco erroneously marked on the search warrant.

"Many private homes were also captured in the massive sweep," wrote Jake Snow, ACLU staff attorney, in a blog post about the findings. It's not known which law enforcement agency requested the nearly two-mile-long geofence warrant, or for how long the warrant was in effect. The attorneys questioned how many other geofence warrant application mistakes had slipped through and resulted in the return of vastly more data in error.

Stephen Harrison, an Englishman living in Thailand who posed as chief executive Steven Reece Lewis for the launch of the HyperVerse crypto scheme, told the Guardian Australia that he was paid to play the role of chief executive but denies having 'pocketed' any of the money lost. He says he received 180,000 Thai baht (about $7,500) over nine months and a free suit, adding that he was "shocked" to learn the company had presented him as having fake credentials to promote the scheme. From the report: He said he felt sorry for those who had lost money in relation to the scheme -- which he said he had no role in -- an amount Chainalysis estimates at US$1.3 billion in 2022 alone. "I am sorry for these people," he said. "Because they believed some idea with me at the forefront and believed in what I said, and God knows what these people have lost. And I do feel bad about this. "I do feel deeply sorry for these people, I really do. You know, it's horrible for them. I just hope that there is some resolution. I know it's hard to get the money back off these people or whatever, but I just hope there can be some justice served in all of this where they can get to the bottom of this." He said he wanted to make clear he had "certainly not pocketed" any of the money lost by investors.

Harrison, who at the time was a freelance television presenter engaged in unpaid football commentary, said he had been approached and offered the HyperVerse work by a friend of a friend. He said he was new to the industry and had been open to picking up more work and experience as a corporate "presenter." "I was told I was acting out a role to represent the business and many people do this," Harrison said. He said he trusted his agent and accepted that. After reading through the scripts he said he was initially suspicious about the company he was hired to represent because he was unfamiliar with the crypto industry, but said he had been reassured by his agent that the company was legitimate. He said he had also done some of his own online research into the organization and found articles about the Australian blockchain entrepreneur and HyperTech chairman Sam Lee. "I went away and I actually looked at the company because I was concerned that it could be a scam," Harrison said. "So I looked online a bit and everything seemed OK, so I rolled with it." The HyperVerse crypto scheme was promoted by Lee and his business partner Ryan Xu, both of which were founders of the collapsed Australian bitcoin company Blockchain Global. "Blockchain Global owes creditors $58 million and its liquidator has referred Xu and Lee to the Australian Securities and Investments Commission for alleged possible breaches of the Corporations Act," reports The Guardian. "Asic has said it does not intend to take action at this time."

Rodney Burton, known as "Bitcoin Rodney," was arrested and charged in the U.S on Monday for his alleged role in promoting the HyperVerse crypto scheme. The IRS alleges Burton was "part of a network that made 'fraudulent' presentations claiming high returns for investors based on crypto-mining operations that did not exist," reports The Guardian.

"The famed and mysterious disappearance of D.B. Cooper has puzzled investigators for over half a century," writes a Seattle TV station. Now new evidence is coming to light in the supposed "skyjacking," after a microscopic piece of metal found on D. B. Cooper's tie could help reveal his true identity. "Considering the totality of all that has been uncovered in the last year with respect to DB Cooper's tie, I can say with a very high degree of certainty that DB Cooper worked for Crucible Steel," said independent investigator Eric Ulis.
"I would not be surprised at all if 2024 was the year we figure out who this guy was," Ulis told another local Seattle news station: This particle is part stainless steel, part titanium... 18 months ago, Ulis used U.S. patents to trace three of these fragments from the same very tie to a specific plant in Pennsylvania, Crucible Steel. "Headquartered in the suburbs of Pittsburgh, a significant subcontractor all throughout the 1960s," said Ulis. "It supplied the lion's share of titanium and stainless steel for Boeing's aircraft...."

Ulis claims evidence points to Cooper having in-depth knowledge of the 727 he hijacked, and of the Seattle area. Workers at Crucible Steel were known to travel and visit their contractor, Boeing. "This is also the time, 1971, when Boeing had this significant downturn, the big depression, with 'The last person leaving Seattle, please turn out the lights' [billboard sign]," said Ulis. "It's reasonable to deduce that D. B. Cooper may well have been part of that downturn."

Ulis admits his findings are not yet concrete. He's not crossing any suspects off the list. However, he believes from what he's seen, all roads lead to titanium research engineer Vince Peterson from Pittsburgh.
It all reminds me of that episode of Prison Break where they suspect one of the prisoners is secretly D.B. Cooper...

An anonymous reader quotes a report from VICE News: Last week border officials in the Punjab region of India revealed they intercepted 107 drug-carrying drones sent by smuggling gangs last year over the border from Pakistan, the highest number on record. Most were carrying heroin or opium from Pakistan to be dropped and received by collaborators in the Punjab, notorious for having India's worst levels of opiate addiction. Last year the head of a police narcotics unit in Lahore, a city in Pakistan which borders the Punjab, was dismissed after he was suspected of running a drug trafficking gang sending drones over to India. But the use of cheap flying robots instead of humans to smuggle drugs across borders is a worldwide phenomenon. [...]

[D]rones will likely become an everyday part of drug dealing too, according to Peter Warren Singer, author of multiple books on national security and a Fellow at think tank New America, with legit medicines due to be delivered by drone in the U.S. later this year and maybe in the U.K. too. "We are just scraping the surface of what is possible, as drone deliveries become more and more common in the commercial world, it will be the same with delivery of illicit goods. In our book, Burn-In, we explain how a future city will see drones zipping about delivering everything from groceries and burritos to drugs, both prescribed by a doctor or bought off a dealer. Drones have traditionally been used by governments and corporations for what are known as the "3 D's" jobs that are too dull, dirty, or dangerous for humans. For criminals, it is the same, except add in another D: Dependable. A drone doesn't steal the product and can't be arrested or snitch if caught."

Liam O'Shea, senior research fellow for organized crime and policing at defense and security thinktank RUSI, said drones were at the moment of limited value to wholesale traffickers and organized criminal gangs because of their range and the weight they can carry. "It makes sense that smugglers would seek to use drones. They are cheap and easy to acquire. They also lower the risks involved in some transactions, as smugglers do not have to be physically present during transactions. They offer opportunities for smuggling in areas where previous routes were too risky, such as prisons and over securitized borders. "I expect them to be of greater value to smaller players and distributors dealing with smaller quantities. Wholesale drug traffickers will still need to use routes that facilitate smuggling at higher volume or using drones to make multiple trips, which entails risks of detection. That may well change as improvements in technology improve drones' carrying capacity and crime groups are better able to access drones with greater capacity."

A cartel in the embattled central Mexico state of Michoacan set up its own makeshift internet antennas and told locals they had to pay to use its wifi service or they would be killed, according to prosecutors. New submitter awwshit shares a story: Dubbed "narco-antennas" by local media, the cartel's system involved internet antennas set up in various towns built with stolen equipment. The group charged approximately 5,000 people elevated prices between 400 and 500 pesos ($25 and $30) a month, the Michoacan state prosecutor's office told the Associated Press. That meant the group could rake in about $150,000 a month. People were terrorized "to contract the internet services at excessive costs, under the claim that they would be killed if they did not," prosecutors said, though they did not report any such deaths. Local media identified the criminal group as a faction known as Los Viagras. Prosecutors declined to say which cartel was involved because the case was still under investigation, but they confirmed Los Viagras dominates the towns forced to make the wifi payments.

Alexander Martin reports via The Record: The owner of an apartment in Veliky Novgorod in Russia has been arrested for discrediting the country's armed forces after a neighbor alerted the police to the message 'Slava Ukraini' scrolling across their LED curtains. When police went to the scene, they saw the garland which the owner had hung in celebration of the New Year and a "slogan glorifying the Armed Forces of Ukraine," as a spokesperson for the Ministry of Internal Affairs told state-owned news agency TASS. The apartment owner said the garland was supposed to display a "Happy New Year" greeting, TASS reported.

Several other people in Russia described a similar experience on the AlexGyver web forum, linked to a DIY blog popular in the country. They said at the stroke of midnight on New Year's Eve, their LED curtains also began to show the "Glory to Ukraine" message in Ukrainian. It is not clear whether any of these other posters were also arrested. The man in Veliky Novgorod will have to defend his case in court, according to TASS. Police have seized the curtain itself.

An independent investigation into the cause of the message by the AlexGyver forum users found that affected curtains all used the same open-source firmware code. The original code appears to have originated in Ukraine before someone created a fork translated into Russian. According to the Telegram channel for AlexGyver, the code had been added to the original project on October 18, and then in December the people or person running the fork copied and pasted that update into their own version. "Everyone who downloaded and updated the firmware in December received a gift," the Telegram channel wrote. The message was "really encrypted, hidden from the 'reader' of the code, and is displayed on the first day of the year exclusively for residents of Russia by [geographic region]."

In Brazil's Amazon, armed men with a rogue police unit overseeing illegal mining operations intimidated journalists investigating regional violence and trafficking surges. Though Brazil's 2023 deforestation decreased, fires and attacks continued as governments deprioritized crime reduction. Illegal mining finances threats to the climate-critical rainforest, yet improving security was absent from the 2023 UN climate summit agenda. With complex criminal networks forging cross-border alliances and violence escalating, addressing this dilemma is pivotal to safeguarding the Amazon and its Indigenous peoples. Nature: Solutions to these multifaceted issues might not be simple, but practical steps exist. Nations must cooperate to guard against this violence. They must support local communities -- by increasing the state's presence in remote areas and promoting health care, education and sustainable economic development -- and help them to safeguard the rainforest. For example, Indigenous peoples in Peru and Brazil are using drones and GPS devices to monitor their land and detect threats from violent invaders.

Indigenous peoples are the Amazon's best forest guardians, but they need more legally demarcated lands and protective measures, such as funding for Indigenous guards and rapid response and emergency protocols. In 2022, Colombia and Brazil saw the most deaths of environmental and land defenders worldwide. Developing effective strategies to enhance cooperation between law enforcement and local populations must also be a priority. To prevent irreversible damage to the rainforest and the climate, security in the Amazon must be added to the global climate agenda.

Emma Roth reports via The Verge: The 18-year-old Lapsus$ hacker who played a critical role in leaking Grand Theft Auto VI footage has been sentenced to life inside a hospital prison, according to a report from the BBC. A British judge ruled on Thursday that Arion Kurtaj is a high risk to the public because he still wants to commit cybercrimes.

In August, a London jury found that Kurtaj carried out cyberattacks against GTA VI developer Rockstar Games and other companies, including Uber and Nvidia. However, since Kurtaj has autism and was deemed unfit to stand trial, the jury was asked to determine whether he committed the acts in question, not whether he did so with criminal intent. During Thursday's hearing, the court heard Kurtaj "had been violent while in custody with dozens of reports of injury or property damage," the BBC reports. A mental health assessment also found that Kurtaj "continued to express the intent to return to cybercrime as soon as possible." He's required to stay in the hospital prison for life unless doctors determine that he's no longer a danger.

Kurtaj leaked 90 videos of GTA VI gameplay footage last September while out on bail for hacking Nvidia and British telecom provider BT / EE. Although he stayed at a hotel under police protection during this time, Kurtaj still managed to carry out an attack on Rockstar Games by using the room's included Amazon Fire Stick and a "newly purchased smart phone, keyboard and mouse," according to a separate BBC report. Kurtaj was arrested for the final time following the incident. Another 17-year-old involved with Lapsus$ was handed an 18-month community sentence, called a Youth Rehabilitation Order, and a ban from using virtual private networks.

The police will be able to run facial recognition searches on a database containing images of Britain's 50 million driving licence holders under a law change being quietly introduced by the government. From a report: Should the police wish to put a name to an image collected on CCTV, or shared on social media, the legislation would provide them with the powers to search driving licence records for a match. The move, contained in a single clause in a new criminal justice bill, could put every driver in the country in a permanent police lineup, according to privacy campaigners.

Facial recognition searches match the biometric measurements of an identified photograph, such as that contained on driving licences, to those of an image picked up elsewhere. The intention to allow the police or the National Crime Agency (NCA) to exploit the UK's driving licence records is not explicitly referenced in the bill or in its explanatory notes, raising criticism from leading academics that the government is "sneaking it under the radar." Once the criminal justice bill is enacted, the home secretary, James Cleverly, must establish "driver information regulations" to enable the searches, but he will need only to consult police bodies, according to the bill.

According to Axios, the CEO of Warner Bros. Discovery, David Zaslav, met with Paramount Global CEO Bob Bakish to discuss a possible merger. "The combination would create a news and entertainment behemoth that would likely trigger further industry consolidation," reports Axios. From the report: Zaslav also has spoken to Shari Redstone, who owns Paramount's parent company, about a deal. WBD's market value was around $29 billion as of Wednesday, while Paramount's was just over $10 billion, so any merger would not be of equals. The meeting between Zaslav and Bakish, which sources say lasted several hours, took place at Paramount's headquarters in Times Square.

The duo discussed ways their companies could complement one another. For example, each company's main streaming service -- Paramount+ and Max -- could merge to better rival Netflix and Disney+. It's unclear whether WBD would buy Paramount Global or its parent company, National Amusements Inc. (NAI), but a source familiar with the situation says that both options are on the table. WBD is said to have hired bankers to explore the deal.

The deal could drive substantial synergies. WBD could use its international distribution footprint to boost Paramount's franchises, while Paramount's children's programing assets could be essential to WBD's long-term streaming ambitions. CBS News could be combined with CNN to create a global news powerhouse. CBS' crime dramas, such as "NCIS" and "Criminal Minds," could be combined with Investigation Discovery and TruTV. CBS Sports' footprint could be combined with WBD's. For example, CBS and WBD's Turner Sports currently share TV rights for March Madness.

An anonymous reader quotes a report from TechCrunch: Trevor Milton, the disgraced founder and former CEO of electric truck startup Nikola, was sentenced Monday to four years in prison for securities fraud. The sentence, by Judge Edgardo Ramos in the U.S. District Court in Manhattan, caps a multi-year saga that at one point sent Nikola stock soaring 83% only to come crashing down months later over accusations of fraud and canceled contracts. The sentencing hearing comes after four separate delays, during which Milton has remained free under a $100 million bond.

In his ruling, Ramos said he would impose a sentence of 48 months on each count, served concurrently, and a fine of $1 million. Milton is expected to appeal the sentence, which Ramos acknowledged. Milton sobbed as he pled with Judge Ramos for leniency in a long and often confusing statement ahead of the sentencing. At one point, Milton said he stepped down from the CEO post at Nikola not because of fraud allegations, but to support his wife. "I stepped down because my wife was suffering live threatening sickness," he said in his statement, which reporter Matthew Russell Lee of Inner City Press shared on social media post X. She suffered medical malpractice, someone else's plasma. So I stepped down for that -- not because I was a fraud. The truth matters. I chose my wife over money or power."

During the sentencing hearing, defense attorneys said that Milton wasn't trying to defraud investors or intending to harm anyone. Instead, they argued he simply wanted to be loved and praised like Elon Musk. Prosecutors pushed back and said he lied repeatedly and targeted retail investors. Federal prosecutors recommended an 11-year sentence, but Milton faced a maximum term of 60 years in prison. The government also sought a $5 million fine, forfeiture of a ranch in Utah and an undetermined amount of restitution to investors. Restitution will be determined after Monday's sentencing hearing. Timeline of events:

June, 2016: Nikola Motor Receives Over 7,000 Preorders Worth Over $2.3 Billion For Its Electric Truck
December, 2016: Nikola Motor Company Reveals Hydrogen Fuel Cell Truck With Range of 1,200 Miles
February, 2020: Nikola Motors Unveils Hybrid Fuel-Cell Concept Truck With 600-Mile Range
June, 2020: Nikola Founder Exaggerated the Capability of His Debut Truck
September, 2020: Nikola Motors Accused of Massive Fraud, Ocean of Lies
September, 2020: Nikola Admits Prototype Was Rolling Downhill In Promo Video
September, 2020: Nikola Founder Trevor Milton Steps Down as Chairman in Battle With Short Seller
October, 2020: Nikola Stock Falls 14 Percent After CEO Downplays Badger Truck Plans
November, 2020: Nikola Stock Plunges As Company Cancels Badger Pickup Truck
July, 2021: Nikola Founder Trevor Milton Indicted on Three Counts of Fraud
December, 2021: EV Startup Nikola Agrees To $125 Million Settlement
September, 2022: Nikola Founder Lied To Investors About Tech, Prosecutor Says in Fraud Trial

A new investigation from ProPublica argues that in the U.S., "Hundreds of millions in taxpayer dollars have been spent on what was sold as a revolution in transparency and accountability.

"Instead, police departments routinely refuse to release footage..." The technology represented the largest new investment in policing in a generation. Yet without deeper changes, it was a fix bound to fall far short of those hopes. In every city, the police ostensibly report to mayors and other elected officials. But in practice, they have been given wide latitude to run their departments as they wish and to police — and protect — themselves. And so as policymakers rushed to equip the police with cameras, they often failed to grapple with a fundamental question: Who would control the footage?

Instead, they defaulted to leaving police departments, including New York's, with the power to decide what is recorded, who can see it and when. In turn, departments across the country have routinely delayed releasing footage, released only partial or redacted video or refused to release it at all. They have frequently failed to discipline or fire officers when body cameras document abuse and have kept footage from the agencies charged with investigating police misconduct. Even when departments have stated policies of transparency, they don't always follow them. Three years ago, after George Floyd's killing by Minneapolis police officers and amid a wave of protests against police violence, the New York Police Department said it would publish footage of so-called critical incidents "within 30 days." There have been 380 such incidents since then. The department has released footage within a month just twice.

And the department often does not release video at all. There have been 28 shootings of civilians this year by New York officers (through the first week of December). The department has released footage in just seven of these cases (also through the first week of December) and has not done so in any of the last 16.... For a snapshot of disclosure practices across the country, we conducted a review of civilians killed by police officers in June 2022, roughly a decade after the first body cameras were rolled out. We counted 79 killings in which there was body-worn-camera footage. A year and a half later, the police have released footage in just 33 cases — or about 42%.

The reporting reveals that without further intervention from city, state and federal officials and lawmakers, body cameras may do more to serve police interests than those of the public they are sworn to protect... The pattern has become so common across the country — public talk of transparency followed by a deliberate undermining of the stated goal — that the policing-oversight expert Hans Menos, who led Philadelphia's civilian police-oversight board until 2020, coined a term for it: the "body-cam head fake."
The article includes examples where when footage was ultimately released, it contradicted initial police accounts.

In one instance, past footage of Minneapolis police officer Derek Chauvin "was left in the control of a department where impunity reigned..." the article points out, adding that Minneapolis "fought against releasing the videos, even after Chauvin pleaded guilty in December 2021 to federal civil rights violations."

The Washington Post reports that America's largest pharmacy chains have "handed over Americans' prescription records to police and government investigators without a warrant, a congressional investigation found, raising concerns about threats to medical privacy." Though some of the chains require their lawyers to review law enforcement requests, three of the largest — CVS Health, Kroger and Rite Aid, with a combined 60,000 locations nationwide — said they allow pharmacy staff members to hand over customers' medical records in the store... Pharmacies' records hold some of the most intimate details of their customers' personal lives, including years-old medical conditions and the prescriptions they take for mental health and birth control. Because the chains often share records across all locations, a pharmacy in one state can access a person's medical history from states with more-restrictive laws. Carly Zubrzycki, an associate professor at the University of Connecticut law school, wrote last year that this could link a person's out-of-state medical care via a "digital trail" back to their home state...

In briefings, officials with eight American pharmacy giants — Walgreens Boots Alliance, CVS, Walmart, Rite Aid, Kroger, Cigna, Optum Rx and Amazon Pharmacy — told congressional investigators that they required only a subpoena, not a warrant, to share the records.

A subpoena can be issued by a government agency and, unlike a court order or warrant, does not require a judge's approval. To obtain a warrant, law enforcement must convince a judge that the information is vital to investigate a crime. Officials with CVS, Kroger and Rite Aid said they instruct their pharmacy staff members to process law enforcement requests on the spot, saying the staff members face "extreme pressure to immediately respond," the lawmakers' letter said. The eight pharmacy giants told congressional investigators that they collectively received tens of thousands of legal demands every year, and that most were in connection with civil lawsuits. It's unclear how many were related to law enforcement demands, or how many requests were fulfilled.

Only one of the companies, Amazon, said it notified customers when law enforcement demanded its pharmacy records unless there was a legal prohibition, such as a "gag order," preventing it from doing so, the lawmakers said...

Most investigative requests come with a directive requiring the company to keep them confidential, a CVS spokeswoman said; for those that don't, the company considers "on a case-by-case basis whether it's appropriate to notify the individual."
The article points out that Americans "can request the companies tell them if they've ever disclosed their data...but very few people do.

"CVS, which has more than 40,000 pharmacists and 10,000 stores in the United States, said it received a 'single-digit number' of such consumer requests last year, the letter states."

Earlier this week Google Maps stopped storing user location histories in the cloud. But why did Google make this move? Bloomberg reports that it was "so that the company no longer has access to users' individual location histories, cutting off its ability to respond to law enforcement warrants that ask for data on everyone who was in the vicinity of a crime." The company said Thursday that for users who have it enabled, location data will soon be saved directly on users' devices, blocking Google from being able to see it, and, by extension, blocking law enforcement from being able to demand that information from Google. "Your location information is personal," said Marlo McGriff, director of product for Google Maps, in the blog post. "We're committed to keeping it safe, private and in your control."

The change comes three months after a Bloomberg Businessweek investigation that found police across the US were increasingly using warrants to obtain location and search data from Google, even for nonviolent cases, and even for people who had nothing to do with the crime. "It's well past time," said Jennifer Lynch, the general counsel at the Electronic Frontier Foundation, a San Francisco-based nonprofit that defends digital civil liberties. "We've been calling on Google to make these changes for years, and I think it's fantastic for Google users, because it means that they can take advantage of features like location history without having to fear that the police will get access to all of that data."

Google said it would roll out the changes gradually through the next year on its own Android and Apple Inc.'s iOS mobile operating systems, and that users will receive a notification when the update comes to their account. The company won't be able to respond to new geofence warrants once the update is complete, including for people who choose to save encrypted backups of their location data to the cloud.
The EFF general counsel also pointed out to Bloomberg that "nobody else has been storing and collecting data in the same way as Google." (Apple, for example, is technically unable to provide the same data to police.)

Bill Toulas reports via BleepingComputer: Miklos Daniel Brody, a cloud engineer, was sentenced to two years in prison and a restitution of $529,000 for wiping the code repositories of his former employer in retaliation for being fired by the company. According to the U.S. Department of Justice (DoJ) announcement, Brody was fired on March 11, 2020, from First Republic Bank (FRB) in San Francisco, where he worked as a cloud engineer. The court documents state that Brody's employment was terminated after he violated company policies by connecting a USB drive containing pornography to company computers.

Following his dismissal, Brody allegedly refused to return his work laptop and instead used his still-valid account to access the bank's computer network and cause damages estimated to be above $220,000. "Among other things, Brody deleted the bank's code repositories, ran a malicious script to delete logs, left taunts within the bank's code for former colleagues, and impersonated other bank employees by opening sessions in their names," describes the U.S. DOJ announcement. "He also emailed himself proprietary bank code that he had worked on as an employee, which was valued at over $5,000."

After the incident, Brody falsely reported to the San Francisco Police Department that the FRB-issued laptop had been stolen from his car. He continued to uphold this story when interviewed by United States Secret Service agents following his arrest in March 2021. Eventually, in April 2023, Brody pleaded guilty to lying about the laptop and to two charges concerning violation of the Computer Fraud and Abuse Act. In addition to the two-year prison term and the payment of the restitution, Brody will serve three years of supervised release.

An anonymous reader quotes a report from Ars Technica: Meta has started enabling end-to-end encryption (E2EE) by default for chats and calls on Messenger and Facebook despite protests from the FBI and other law enforcement agencies that oppose the widespread use of encryption technology. "Today I'm delighted to announce that we are rolling out default end-to-end encryption for personal messages and calls on Messenger and Facebook," Meta VP of Messenger Loredana Crisan wrote yesterday. In April, a consortium of 15 law enforcement agencies from around the world, including the FBI and ICE Homeland Security Investigations, urged Meta to cancel its plan to expand the use of end-to-end encryption. The consortium complained that terrorists, sex traffickers, child abusers, and other criminals will use encrypted messages to evade law enforcement.

Meta held firm, telling Ars in April that "we don't think people want us reading their private messages" and that the plan to make end-to-end encryption the default in Facebook Messenger would be completed before the end of 2023. Meta also plans default end-to-end encryption for Instagram messages but has previously said that may not happen this year. Meta said it is using "the Signal Protocol, and our own novel Labyrinth Protocol," and the company published two technical papers that describe its implementation (PDF). "Since 2016, Messenger has had the option for people to turn on end-to-end encryption, but we're now changing personal chats and calls across Messenger to be end-to-end encrypted by default. This has taken years to deliver because we've taken our time to get this right," Crisan wrote yesterday. Meta said it will take months to implement across its entire user base. A post written by two Meta software engineers said the company "designed a server-based solution where encrypted messages can be stored on Meta's servers while only being readable using encryption keys under the user's control."

"Product features in an E2EE setting typically need to be designed to function in a device-to-device manner, without ever relying on a third party having access to message content," they wrote. "This was a significant effort for Messenger, as much of its functionality has historically relied on server-side processing, with certain features difficult or impossible to exactly match with message content being limited to the devices."

The company says it had "to redesign the entire system so that it would work without Meta's servers seeing the message content."