Today the Wall Street Journal reported that restoring net neutrality to America is "on shakier legal footing after a Supreme Court decision on Friday shifted power away from federal agencies." "It's hard to overstate the impact that this ruling could have on the regulatory landscape in the United States going forward," said Leah Malone, a lawyer at Simpson Thacher & Bartlett. "This could really bind U.S. agencies in their efforts to write new rules." Now that [the "Chevron deference"] is gone, the Federal Communications Commission is expected to have a harder time reviving net neutrality — a set of policies barring internet-service providers from assigning priority to certain web traffic...

The Federal Communications Commission reclassified internet providers as public utilities under the Communications Act. There are pending court cases challenging the FCC's reinterpretation of that 1934 law, and the demise of Chevron deference heightens the odds of the agency losing in court, some legal experts said. "Chevron's thumb on the scale in favor of the agencies was crucial to their chances of success," said Geoffrey Manne, president of the International Center for Law and Economics. "Now that that's gone, their claims are significantly weaker."
Other federal agencies could also be affected, according to the article. The ruling could also make it harder for America's Environmental Protection Agency to crack down on power-plant pollution. And the Federal Trade Commission face more trouble in court defending its recent ban on noncompete agreements. Lawyer Daniel Jarcho tells the Journal that the Court's decision "will unquestionably lead to more litigation challenging federal agency actions, and more losses for federal agencies."

Friday a White House press secretary issued a statement calling the court's decision "deeply troubling," and arguing that the court had "decided in the favor of special interests".

This week the Linux Foundation announced a new organization for decentralized systems and technologies, with an aim of "fostering innovation and collaboration" in both their development and deployment.

It will build on existing Linux Foundation blockchain and digital identity projects, according to the announcement, while supporting "a rapidly growing decentralized technology landscape." To foster this broader ecosystem, LF Decentralized Trust will encompass the growing portfolio of Hyperledger projects and host new open source software, communities, standards, and specifications that are critical to the macro shift toward decentralized systems of distributed trust....

LF Decentralized Trust's expanded project and member ecosystem will be both essential to emerging tokenized assets classes and networks, as well as to modernizing the core infrastructure for finance, trade, government, healthcare, and more. LF Decentralized Trust will serve as a neutral home for the open development of a broad range of ledger, identity, security, interoperability, scale, implementation, and related technologies... LF Decentralized Trust will also include new directed funding models that will drive strategic investments by members into individual projects and project resources.

"With LF Decentralized Trust, we're expanding our commitment to open source innovation by embracing a wider array of decentralized technologies," said Jim Zemlin, Executive Director of the Linux Foundation. "This new, elevated foundation will enable the community to build a more robust ecosystem that drives forward transparency, security, and efficiency in global infrastructure."

"After eight years of advancing the development of blockchain, decentralized identity and related technologies via the Hyperledger community, the time has come to broaden our effort and impact," said Daniela Barbosa, General Manager, Blockchain and Identity, the Linux Foundation. "Ledgers and ledger technologies are but one component of the decentralized systems that will underpin a digital-first global economy. LF Decentralized Trust is where we will gather and grow an expanded community and portfolio of technologies to deliver the transparency, reliability, security and efficiency needed to successfully upgrade critical systems around the world."
The announcement includes quotes of support from numerous companies including Oracle, Siemens, Visa, Accenture, Citi, and Hitachi. Some highlights:

• "The formation of the LF Decentralized Trust reflects the growing demand for open source resources that are critical to the management and functionality of decentralized systems." — CEO of Digital Asset

• "The adoption of decentralized infrastructure is at an inflection point, reflecting the increasing demand from both enterprises and consumers for more secure and transparent digital transactions. As the industry leader for onchain data, blockchain abstraction, and interoperability, we're excited to see the formation of the LF Decentralized Trust and to expand our collaboration with leading financial institutions on advancing tokenized assets and the onchain economy at large." — CMO at Chainlink Labs.

• "As a founding member of the Hyperledger Foundation, and given our unique position in the financial markets, we recognize the vast potential for open-source innovation and decentralized technologies when it comes to reducing risk, increasing resiliency and improving security. The expansion of Hyperledger Foundation into LF Decentralized Trust represents an exciting opportunity to continue expanding these groundbreaking technologies." — a managing director at DTCC

In November of 2022, "More than 800 people were selected to participate in the Denver Basic Income Project," reports the Colorado Sun, "while they were living on the streets, in shelters, on friends' couches or in vehicles.

One group received $1,000 a month, according to the article, while a second group received $6,500 in the first month, and then $500 for the next 11 months. (And a "control" group received $50 a month.) Amazingly, about 45% of participants in all three groups "were living in a house or apartment that they rented or owned by the study's 10-month check-in point, according to the research." The number of nights spent in shelters among participants in the first and second groups decreased by half. And participants in those two groups reported an increase in full-time work, while the control group reported decreased full-time employment. The project also saved tax dollars, according to the report. Researchers tallied an estimated $589,214 in savings on public services, including ambulance rides, visits to hospital emergency departments, jail stays and shelter nights...

The study, which began in November 2022 with payments to the first group of participants, has been extended for an additional eight months, until September, and organizers are attempting to raise money to extend it further.

Indonesian President Joko Widodo ordered on Friday an audit of government data centres after officials said the bulk of data affected by a recent ransomware cyberattack was not backed up, exposing the country's vulnerability to such attacks. From a report: Last week's cyberattack, the worst in Indonesia in recent years, has disrupted multiple government services including immigration and operations at major airports. The government has said more than 230 public agencies, including ministries, had been affected, but has refused to pay an $8 million ransom demanded to retrieve the encrypted data.

Responding to the cyberattack, Indonesia's state auditor said the president instructed it to examine the country's data centres. The audit would cover "governance and the financial aspect", said Muhammad Yusuf Ateh, who heads Indonesia's Development and Finance Controller, after attending a cabinet meeting led by Widodo on Friday. Hinsa Siburian, an official who chairs Indonesia's cyber security agency known by its acronym BSSN, has said 98% of the government data stored in one of the two compromised data centres had not been backed up.

Russian hackers who broke into Microsoft's systems and spied on staff inboxes earlier this year also stole emails from its customers, the tech giant said on Thursday, around six months after it first disclosed the intrusion. Reuters: The disclosure underscores the breadth of the breach as Microsoft faces increasing regulatory scrutiny over the security of its software and systems against foreign threats. An allegedly Chinese hacking group that separately breached Microsoft last year stole thousands of U.S. government emails. Microsoft said it was also sharing the compromised emails with its customers, but did not say how many customers had been impacted, nor how many emails may have been stolen.

TeamViewer, the company that makes widely used remote access tools for companies, has confirmed an ongoing cyberattack on its corporate network. TechCrunch: In a statement Friday, the company attributed the compromise to government-backed hackers working for Russian intelligence, known as APT29 (and Midnight Blizzard). The Germany-based company said its investigation so far points to an initial intrusion on June 26 "tied to credentials of a standard employee account within our corporate IT environment."

TeamViewer said that the cyberattack "was contained" to its corporate network and that the company keeps its internal network and customer systems separate. The company added that it has "no evidence that the threat actor gained access to our product environment or customer data." Martina Dier, a spokesperson for TeamViewer, declined to answer a series of questions from TechCrunch, including whether the company has the technical ability, such as logs, to determine what, if any, data was accessed or exfiltrated from its network.

The Japanese government plans to create zero-emissions logistics links between major cities, potentially using massive conveyor belts or autonomous electric carts. The initiative aims to shift millions of tons of cargo, reduce greenhouse gas emissions, and alleviate the anticipated 30% shortfall in parcel deliveries by 2030 due to a lack of drivers. New Atlas reports: According to The Japan News, the project has been under discussion since February by an expert panel at the Land, Infrastructure, Transport and Tourism ministry. A draft outline of an interim report was released Friday, revealing plans to complete an initial link between Tokyo and Osaka by 2034. Japan's well-known population collapse issues foretell severe labor squeezes in the coming years, and one specific issue this project aims to curtail is the continuing rise in online shopping, with a forecast decline in the numbers of delivery drivers that can move goods around. The country is expecting some 30% of parcels simply won't make it from A to B by 2030, because there'll be nobody to move them. Hence this wild logistical link, the first iteration of which the team says will move as much small cargo between Tokyo and Osaka as 25,000 trucks.

Exactly how it'll do this is yet to be nailed down, but individual pallets will carry up to a ton of small cargo items, and they'll move without human interference from one end to the other. One possibility is to use massive conveyor belts to cover the 500-km (310-mile) distance between the two cities, running alongside the highway or potentially through tunnels underneath the road. Alternatively, the infrastructure could simply provide flat lanes or tunnels, and the pallets could be shifted by automated electric carts. A 500-km tunnel, mind you, would be insanely expensive at somewhere around $23 billion before any conveyor belts or autonomous carts are factored in. And one does have to wonder if autonomous electric trucks might be able to do the job without any of the infrastructure requirements [...].

Earlier this week, WikiLeaks co-founder Julian Assange received a donation of 8.07 bitcoin (worth roughly $500,000) from an anonymous bitcoin whale, "helping to cover the cost of a private jet that flew him out of the U.K. and ultimately to freedom in Australia after he reached a plea deal with the U.S. Department of Justice," reports CoinDesk. From the report: Initially, Assange's wife Stella made an "emergency appeal" to raise 520,000 British pounds to pay for the transport, setting up a crowdfunding page that allowed people to donate in fiat currency via credit cards or bank transfer. With that site notably not allowing crypto for donations, the family quickly moved to set up another page to accept bitcoin.

Up to this point, the bitcoin address has received 34 donations totaling just over $500,000. The overwhelming majority, however, came from just that one 8.07 BTC donation. The original fiat site has also received about $500,000 in donations. "Julian's travel to freedom comes at a massive cost: Julian will owe USD 520,000 which he is obligated to pay back to the Australian government for charter Flight VJ199," Stella Assange wrote on X. "He was not permitted to fly commercial airlines or routes to Saipan and onward to Australia. Any contribution big or small is much appreciated." The jet was organized by the Australian government after Assange reached a historic plea deal on Tuesday, where he pleaded guilty to espionage charges in exchange for his freedom.

An anonymous reader quotes a report from Ars Technica: Temu -- the Chinese shopping app that has rapidly grown so popular in the US that even Amazon is reportedly trying to copy it -- is "dangerous malware" that's secretly monetizing a broad swath of unauthorized user data, Arkansas Attorney General Tim Griffin alleged in a lawsuit (PDF) filed Tuesday. Griffin cited research and media reports exposing Temu's allegedly nefarious design, which "purposely" allows Temu to "gain unrestricted access to a user's phone operating system, including, but not limited to, a user's camera, specific location, contacts, text messages, documents, and other applications."

"Temu is designed to make this expansive access undetected, even by sophisticated users," Griffin's complaint said. "Once installed, Temu can recompile itself and change properties, including overriding the data privacy settings users believe they have in place." Griffin fears that Temu is capable of accessing virtually all data on a person's phone, exposing both users and non-users to extreme privacy and security risks. It appears that anyone texting or emailing someone with the shopping app installed risks Temu accessing private data, Griffin's suit claimed, which Temu then allegedly monetizes by selling it to third parties, "profiting at the direct expense" of users' privacy rights. "Compounding" risks is the possibility that Temu's Chinese owners, PDD Holdings, are legally obligated to share data with the Chinese government, the lawsuit said, due to Chinese "laws that mandate secret cooperation with China's intelligence apparatus regardless of any data protection guarantees existing in the United States."

Griffin's suit cited an extensive forensic investigation into Temu by Grizzly Research -- which analyzes publicly traded companies to inform investors -- last September. In their report, Grizzly Research alleged that PDD Holdings is a "fraudulent company" and that "Temu is cleverly hidden spyware that poses an urgent security threat to United States national interests." As Griffin sees it, Temu baits users with misleading promises of discounted, quality goods, angling to get access to as much user data as possible by adding addictive features that keep users logged in, like spinning a wheel for deals. Meanwhile hundreds of complaints to the Better Business Bureau showed that Temu's goods are actually low-quality, Griffin alleged, apparently supporting his claim that Temu's end goal isn't to be the world's biggest shopping platform but to steal data. Investigators agreed, the lawsuit said, concluding "we strongly suspect that Temu is already, or intends to, illegally sell stolen data from Western country customers to sustain a business model that is otherwise doomed for failure." Seeking an injunction to stop Temu from allegedly spying on users, Griffin is hoping a jury will find that Temu's alleged practices violated the Arkansas Deceptive Trade Practices Act (ADTPA) and the Arkansas Personal Information Protection Act. If Temu loses, it could be on the hook for $10,000 per violation of the ADTPA and ordered to disgorge profits from data sales and deceptive sales on the app. In a statement to Ars, a Temu spokesperson discredited Grizzly Research's investigation and said that the company was "surprised and disappointed by the Arkansas Attorney General's Office for filing the lawsuit without any independent fact-finding."

"The allegations in the lawsuit are based on misinformation circulated online, primarily from a short-seller, and are totally unfounded," Temu's spokesperson said. "We categorically deny the allegations and will vigorously defend ourselves."

"We understand that as a new company with an innovative supply chain model, some may misunderstand us at first glance and not welcome us. We are committed to the long-term and believe that scrutiny will ultimately benefit our development. We are confident that our actions and contributions to the community will speak for themselves over time." Last year, Temu was the most downloaded app in the U.S. and has only become more popular as reports of security and privacy risks have come out.

Publicly traded crypto exchange Coinbase, in connection with History Associates Incorporated, has filed two civil lawsuits against the Securities and Exchange Commission and Federal Deposit Insurance Corporation for their failure to comply with FOIA requests. From a report: The Freedom of Information Act, or FOIA, grants the full or partial disclosure of previously unreleased information that's controlled by the U.S. government. Generally speaking, agencies have 20 days to respond -- not necessarily satisfy -- these requests. And even when government agencies do furnish documents, they can redact anything that falls under certain exemptions: Information related to national security, internal personnel, trade secrets, law enforcement, or financial institution records.

Late last year, Coinbase hired History Associates Incorporated, a private historical research firm, to submit a FOIA request on its behalf. The San Francisco crypto exchange was seeking copies of "Pause Letters" sent to financial institutions asking them to indefinitely cease all "crypto-related activities," according to the complaint. The letters were described in a report from the FDIC's Office of Inspector General (OIG), but never shared publicly. The OIG said the letters presented a "risk that the FDIC would inadvertently limit financial institution innovation and growth in the crypto space." The FDIC refused to provide History Associates or Coinbase with the letters.

An anonymous reader quotes a report from CNN: Dairy farmers in Denmark face having to pay an annual tax of 672 krone ($96) per cow for the planet-heating emissions they generate. The country's coalition government agreed this week to introduce the world's first carbon emissions tax on agriculture. It will mean new levies on livestock starting in 2030. Denmark is a major dairy and pork exporter, and agriculture is the country's biggest source of emissions. The coalition agreement -- which also entails investing 40 billion krone ($3.7 billion) in measures such as reforestation and establishing wetlands -- is aimed at helping the country meet its climate goals.

"With today's agreement, we are investing billions in the biggest transformation of the Danish landscape in recent times," Foreign Minister Lars Lokke Rasmussen said in a statement Tuesday. "At the same time, we will be the first country in the world with a (carbon) tax on agriculture." The Danish dairy industry broadly welcomed the agreement and its goals, but it has angered some farmers. [...] The tax, expected to be approved by Denmark's parliament later this year, will amount to 300 krone ($43) per tonne (1.1 ton) of CO2-equivalent emissions from livestock from 2030, rising to 750 krone ($107) in 2035. A 60% tax break will apply, meaning that farmers will effectively be charged 120 krone ($17) per tonne of livestock emissions per year from 2030, rising to 300 krone ($43) in 2035.

On average, Danish dairy cows, which account for much of the cattle population, emit 5.6 tons of CO2-equivalent per year, according to Concito, a green think tank in Denmark. Using the lower tax rate of 120 krone results in a charge of 672 krone per cow, or $96. With the tax break in place, that levy will rise to 1,680 krone per cow in 2035 ($241). In the first two years, the proceeds from the tax will be used to support the agricultural industry's green transition and then reassessed. "The whole purpose of the tax is to get the sector to look for solutions to reduce emissions," Concito's chief economist Torsten Hasforth told CNN. For example, farmers could change the feed they use.

The U.S. government last week announced an unprecedented ban on selling Russian cybersecurity firm Kaspersky's software, citing national security concerns. The move, effective July 20, has left American resellers confused and worried about its impact. Kaspersky can provide updates to existing customers until September 29, after which the software's effectiveness will diminish. From a report: Avi Fleischer, the founder of Technical Difficulties, told TechCrunch that not only does he sell Kaspersky to his customers, he also uses its products on his phone and personal computer. He added that the ban is "annoying, to say the least," because he will now have to find another antivirus company and migrate all his customers to the new product, which will cost him time and money. "It's just a lot of time lost for nothing. And I don't see how I can even really charge end users for this," Fleischer said in a phone call. "It was my suggestion that they use Kaspersky and now Kaspersky is being banned by the United States government. What am I supposed to do?"

The U.S. Supreme Court on Wednesday rejected to impose limits on the way President Joe Biden's administration may communicate with social media platforms, overturning a lower court decision in a case brought by Missouri, Louisiana, and five individuals. In a 6-3 ruling, the court found plaintiffs lacked legal standing to sue, unable to show a "concrete link" between officials' conduct and harm suffered.

The case centered on whether the administration coerced platforms to censor disfavored speech when alerting them to content violating their policies, particularly regarding elections and COVID-19. The administration argued it sought to mitigate online misinformation hazards. Plaintiffs claimed platforms suppressed conservative-leaning speech under government pressure. The Justice Department contended that government officials have long used their platform to express views on public matters.

India is set to embark on an ambitious $168 billion project to link its major rivers, aiming to address water scarcity and boost agriculture in the world's most populous nation. The National River Linking Project, conceived over a century ago, plans to construct 30 canals to transfer an estimated 7 trillion cubic feet of water annually across the country. While government officials tout the project's potential to irrigate farmland and generate hydroelectric power, scientists and environmental experts have raised concerns about its ecological impact. Recent research suggests the project could disrupt monsoon patterns, potentially exacerbating water stress in some regions.

The Biden administration is investigating China Mobile, China Telecom and China Unicom over concerns the firms could exploit access to American data through their U.S. cloud and internet businesses by providing it to Beijing, Reuters reported Tuesday, citing sources familiar with the matter. From the report: The companies still have a small presence in the United States, for example, providing cloud services and routing wholesale U.S. internet traffic. That gives them access to Americans' data even after telecom regulators barred them from providing telephone and retail internet services in the United States.

Reuters found no evidence the companies intentionally provided sensitive U.S. data to the Chinese government or committed any other type of wrongdoing. The investigation is the latest effort by Washington to prevent Beijing from exploiting Chinese firms' access to U.S. data to harm companies, Americans or national security, as part of a deepening tech war between the geopolitical rivals. It shows the administration is trying to shut down all remaining avenues for Chinese companies already targeted by Washington to obtain U.S. data.

An anonymous reader quotes a report from The Guardian: A new law coming into effect in Colorado in July is banning everyday products that intentionally contain toxic "forever chemicals," including clothes, cookware, menstruation products, dental floss and ski wax -- unless they can be made safer. Under the legislation, which takes effect on 1 July, many products using per- and poly-fluoroalkyl substances -- or PFAS chemicals linked to cancer risk, lower fertility and developmental delays -- will be prohibited starting in 2026. By 2028, Colorado will also ban the sale of all PFAS-treated clothes, backpacks and waterproof outdoor apparel. The law will also require companies selling PFAS-coated clothing to attach disclosure labels.

The initial draft of state senate bill 81, introduced in 2022, included a full ban on PFAS beginning in 2032. But that measure was written out after facing opposition. Colorado has already passed a measure requiring companies to phase out PFAS in carpets, furniture, cosmetics, juvenile products, some food packaging and those used in oil and gas production. The incoming law's diluted version illustrates the challenges lawmakers have in regulating chemicals that are used to make products waterproof, nonstick or resistant to staining. Manufacturers say the products, at best, will take time to make with a safer replacement -- or at worst, are not yet possible to get made in such fashion. [...]

In Colorado, state senator Lisa Cutter, one of the sponsors of the new law there, has said she still wants a complete ban on PFAS but acknowledges the problems. "As much as I want PFAS to go away forever and forever, there are going to be some difficult pivots," she told the outlet. They include balancing the potential cost to consumers in making products PFAS-free. Cutter told CBS News that it was "really hard" challenging lobbying groups that "spent a lot of money ensuring that these chemicals can continue being put into our products and make profits." Cutter had been accused of stifling innovation and industry. She said she believed companies could be successful while also looking out for the communities they serve. "Certainly, there are cases where it's not plausible right away to gravitate away from them, but we need to be moving in that direction," Cutter said. "Our community shouldn't have to pay the price for their health."

WikiLeaks founder Julian Assange has agreed to a plea deal with the U.S. Justice Department over his alleged role in one of the largest U.S. government breaches of classified material. As a result, he will avoid imprisonment in the United States. CNN reports: Under the terms of the new agreement (PDF), Justice Department prosecutors will seek a 62-month sentence -- which is equal to the amount of time Assange has served in a high-security prison in London while he fought extradition to the US. The plea deal would credit that time served, allowing Assange to immediately return to Australia, his native country. The plea deal must still be approved by a federal judge.

Assange had faced 18 counts from a 2019 indictment for his alleged role in the breach that carried a max of up to 175 years in prison, though he was unlikely to be sentenced to that time in full. Assange was being pursued by US authorities for publishing confidential military records supplied by former Army intelligence analyst Chelsea Manning in 2010 and 2011. US officials alleged that Assange goaded Manning into obtaining thousands of pages of unfiltered US diplomatic cables that potentially endangered confidential sources, Iraq war-related significant activity reports and information related to Guantanamo Bay detainees.

Top officials from the European Union and China agreed to negotiate a planned series of import taxes on Chinese electric vehicles. "The call marks the first time the two sides have agreed to negotiate since the EU threatened China with electric vehicle (EV) tariffs of up to 38%," reports the BBC. From the report: The EU said Chinese EVs were unfairly subsidised by its government. In response, China accused the EU of protectionism and trade rule breaches. An EU spokesperson told the BBC the call between Trade Commissioner Valdis Dombrovskis and his Chinese counterpart Wang Wentao was "candid and constructive." They said the two sides would "continue to engage at all levels in the coming weeks." However, the spokesperson also doubled down on the EU's opposition to how the Chinese EV industry is funded. They said "any negotiated outcome" to the proposed tariffs must address the "injurious subsidisation" of Chinese EVs.

China released a similar statement on Saturday and made clear it still disagreed with the EU. As well as its call with the EU, Mr Wang met German Vice-Chancellor and Federal Minister for Economic Affairs and Climate Action Robert Habeck on Saturday. In a Facebook post about the meeting, China's Ministry of Commerce said it had told Mr Habeck about its "firm opposition" to the tariffs. It repeated its threat to file a lawsuit with the World Trade Organization (WTO) "to firmly defend its legitimate rights and interests."

Germany has also expressed criticism of the tariffs. When the EU first proposed them last week following its investigation of Chinese EVs in the trading bloc, Germany's Transport Minister, Volker Wissing, said the move risked a "trade war" with Beijing. "The European Commission's punitive tariffs hit German companies and their top products," he wrote on X, formerly known as Twitter, at the time. The European car industry has been critical too. Stellantis - which owns Citroen, Peugeot, Vauxhall, Fiat, and several other brands - said it did not support measures that "contribute to the world fragmentation [of trade]."

America's National Labor Relations Board "has filed a complaint against Amazon..." reports the Verge, "that alleges the company 'unlawfully disciplined and terminated an employee' after they assisted in organizing walkouts last May in protest of Amazon's new return-to-work [three days per week] directives, issued early last year." [T]housands of Amazon employees signed petitions against the new mandate and staged a walkout several months later. Despite the protests and pushback, according to a report by Insider, in a meeting in early August 2023, Jassy reaffirmed the company's commitment to employees returning to the office for the majority of the week.

The NLRB complaint alleges Amazon "interrogated" employees about the walkout using its internal Chime system. The employee was first put on a performance improvement plan by Amazon following their organizing efforts for the walkout and later "offered a severance payment of nine weeks' salary if the employee signed a severance agreement and global release in exchange for their resignation." According to the NLRB's lawyers, all of that was because the employee engaged in organizing, and the retaliation was intended to discourage "...protected, concerted activities...."

The NLRB's general counsel is seeking several different forms of remediation from Amazon, including reimbursement for the employee's "financial harms and search-for-work and work related expenses," a letter of apology, and a "Notice to Employees" that must be physically posted at the company's facilities across the country, distributed electronically, and read by an Amazon rep at a recorded videoconference.
Amazon says their actions were entirely unrelated to the workers activism against their return-to-work policies. An Amazon spokesperson told the Verge that instead, the employee "consistently underperformed over a period of nearly a year and repeatedly failed to deliver on projects she was assigned. Despite extensive support and coaching, the former employee was unable to improve her performance and chose to leave the company."

Automated license plate readers "pose risks to public safety," argues the EFF, "that may outweigh the crimes they are attempting to address in the first place." When law enforcement uses automated license plate readers (ALPRs) to document the comings and goings of every driver on the road, regardless of a nexus to a crime, it results in gargantuan databases of sensitive information, and few agencies are equipped, staffed, or trained to harden their systems against quickly evolving cybersecurity threats. The Cybersecurity and Infrastructure Security Agency (CISA), a component of the U.S. Department of Homeland Security, released an advisory last week that should be a wake up call to the thousands of local government agencies around the country that use ALPRs to surveil the travel patterns of their residents by scanning their license plates and "fingerprinting" their vehicles. The bulletin outlines seven vulnerabilities in Motorola Solutions' Vigilant ALPRs, including missing encryption and insufficiently protected credentials...

Unlike location data a person shares with, say, GPS-based navigation app Waze, ALPRs collect and store this information without consent and there is very little a person can do to have this information purged from these systems... Because drivers don't have control over ALPR data, the onus for protecting the data lies with the police and sheriffs who operate the surveillance and the vendors that provide the technology. It's a general tenet of cybersecurity that you should not collect and retain more personal data than you are capable of protecting. Perhaps ironically, a Motorola Solutions cybersecurity specialist wrote an article in Police Chief magazine this month that public safety agencies "are often challenged when it comes to recruiting and retaining experienced cybersecurity personnel," even though "the potential for harm from external factors is substantial." That partially explains why, more than 125 law enforcement agencies reported a data breach or cyberattacks between 2012 and 2020, according to research by former EFF intern Madison Vialpando. The Motorola Solutions article claims that ransomware attacks "targeting U.S. public safety organizations increased by 142 percent" in 2023.

Yet, the temptation to "collect it all" continues to overshadow the responsibility to "protect it all." What makes the latest CISA disclosure even more outrageous is it is at least the third time in the last decade that major security vulnerabilities have been found in ALPRs... If there's one positive thing we can say about the latest Vigilant vulnerability disclosures, it's that for once a government agency identified and reported the vulnerabilities before they could do damage... The Michigan Cyber Command center found a total of seven vulnerabilities in Vigilant devices; two of which were medium severity and 5 of which were high severity vulnerabilities...

But a data breach isn't the only way that ALPR data can be leaked or abused. In 2022, an officer in the Kechi (Kansas) Police Department accessed ALPR data shared with his department by the Wichita Police Department to stalk his wife.
The article concludes that public safety agencies should "collect only the data they need for actual criminal investigations.

"They must never store more data than they adequately protect within their limited resources-or they must keep the public safe from data breaches by not collecting the data at all."