Wikipedia is taking legal action against the UK's new Online Safety Act regulations it says could threaten the safety of its volunteer editors and their ability to keep harmful content off the site. From a report: The Wikimedia Foundation -- the non-profit which supports the online encyclopaedia -- is seeking a judicial review of rules which could mean Wikipedia is subjected to the toughest duties required of websites under the act.

Lead counsel Phil Bradley-Schmieg said it was "unfortunate that we must now defend the privacy and safety of Wikipedia's volunteer editors from flawed legislation." The government told the BBC it was committed to implementing the act but could not comment on ongoing legal proceedings. It's thought this is the first judicial review to be brought against the new online safety laws - albeit a narrow part of them - but experts say it may not be the last.

"The Online Safety Act is vast in scope and incredibly complex," Ben Packer, a partner at law firm Linklaters, told the BBC. The law would inevitably have impacts on UK citizens' freedom of expression and other human rights, so as more of it comes into force "we can expect that more challenges may be forthcoming," he told the BBC.

Switzerland will hold a national referendum on the introduction of electronic identity cards after opponents of the legislation secured enough signatures to force a public vote. The Federal Chancellery confirmed Wednesday that 55,344 valid signatures were submitted against the Federal Act on Electronic Identity passed last December.

The proposed e-ID would enable citizens to apply online for criminal record extracts, driving licenses, and age verification when purchasing alcohol. This marks the second referendum on e-ID implementation, after voters rejected a previous version in 2021. The government has revised its approach, making the new system free, optional, and fully state-operated rather than privately managed. If approved, the e-ID would come into force no earlier than 2026, though the collection effort suggests privacy concerns remain paramount for many Swiss voters.

"A federal class action lawsuit filed this week in Texas accused Toyota and an affiliated telematics aggregator of unlawfully collecting drivers' information and then selling that data to Progressive," reports Insurance Journal: The lawsuit alleges that Toyota and Connected Analytic Services (CAS) collected vast amounts of vehicle data, including location, speed, direction, braking and swerving/cornering events, and then shared that information with Progressive's Snapshot data sharing program. The class action seeks an award of damages, including actual, nominal, consequential damages, and punitive, and an order prohibiting further collection of drivers' location and vehicle data.
Florida man Philip Siefke had bought a new Toyota RAV4 XLE in 2021 "equipped with a telematics device that can track and collect driving data," according to the article. But when he tried to sign up for insurance from Progressive, "a background pop-up window appeared, notifying Siefke that Progressive was already in possession of his driving data, the lawsuit says. A Progressive customer service representative explained to Siefke over the phone that the carrier had obtained his driving data from tracking technology installed in his RAV4." (Toyota told him later he'd unknowingly signed up for a "trial" of the data sharing, and had failed to opt out.) The lawsuit alleges Toyota never provided Siefke with any sort of notice that the car manufacture would share his driving data with third parties... The lawsuit says class members suffered actual injury from having their driving data collected and sold to third parties including, but not limited to, damage to and diminution in the value of their driving data, violation of their privacy rights, [and] the likelihood of future theft of their driving data.
The telemetry device "can reportedly gather information about location, fuel levels, the odometer, speed, tire pressure, window status, and seatbelt status," notes CarScoop.com. "In January, Texas Attorney General Ken Paxton started an investigation into Toyota, Ford, Hyundai, and FCA..." According to plaintiff Philip Siefke from Eagle Lake, Florida, Toyota, Progressive, and Connected Analytic Services collect data that can contribute to a "potential discount" on the auto insurance of owners. However, it can also cause insurance premiums to be jacked up.
The plaintiff's lawyer issued a press release: Despite Toyota claiming it does not share data without the express consent of customers, Toyota may have unknowingly signed up customers for "trials" of sharing customer driving data without providing any sort of notice to them. Moreover, according to the lawsuit, Toyota represented through its app that it was not collecting customer data even though it was, in fact, gathering and selling customer information. We are actively investigating whether Toyota, CAS, or related entities may have violated state and federal laws by selling this highly sensitive data without adequate disclosure or consent...

If you purchased a Toyota vehicle and have since seen your auto insurance rates increase (or been denied coverage), or have reason to believe your driving data has been sold, please contact us today or visit our website at classactionlawyers.com/toyota-tracking.
On his YouTube channel, consumer protection attorney Steve Lehto shared a related experience he had — before realizing he wasn't alone. "I've heard that story from so many people who said 'Yeah, I I bought a brand new car and the salesman was showing me how to set everything up, and during the setup process he clicked Yes on something.' Who knows what you just clicked on?!"

Thanks to long-time Slashdot reader sinij for sharing the news.

Did you know there's an initiative to drive Open Source adoption both within the United Nations — and globally? Launched in March, it's the work of the Digital Technology Network (under the UN's chief executive board) which "works to advance open source technologies throughout UN agencies," promoting "collaboration and scalable solutions to support the UN's digital transformation." Fun fact: The first group to endorse the initiative's principles was the Open Source Initiative...

"The Open Source Initiative applauds the United Nations for recognizing the growing importance of Open Source in solving global challenges and building sustainable solutions, and we are honored to be the first to endorse the UN Open Source Principles," said Stefano Maffulli, executive director of OSI.
But that's just the beginining, writes It's FOSS News: As part of the UN Open Source Principles initiative, the UN has invited other organizations to support and officially endorse these principles. To collect responses, they are using CryptPad instead of Google Forms... If you don't know about CryptPad, it is a privacy-focused, open source online collaboration office suite that encrypts all of its content, doesn't log IP addresses, and supports a wide range of collaborative documents and tools for people to use.

While this happened back in late March, we thought it would be a good idea to let people know that a well-known global governing body like the UN was slowly moving towards integrating open source tech into their organization... I sincerely hope the UN continues its push away from proprietary Big Tech solutions in favor of more open, privacy-respecting alternatives, integrating more of their workflow with such tools.
16 groups have already endorsed the UN Open Source Principles (including the GNOME Foundation, the Linux Foundation, and the Eclipse Foundation).

Here's the eight UN Open Source Principles:

1. Open by default: Making Open Source the standard approach for projects
2. Contribute back: Encouraging active participation in the Open Source ecosystem
3. Secure by design: Making security a priority in all software projects
4. Foster inclusive participation and community building: Enabling and facilitating diverse and inclusive contributions
5. Design for reusability: Designing projects to be interoperable across various platforms and ecosystems
6. Provide documentation: Providing thorough documentation for end-users, integrators and developers
7. RISE (recognize, incentivize, support and empower): Empowering individuals and communities to actively participate
8. Sustain and scale: Supporting the development of solutions that meet the evolving needs of the UN system and beyond.

America's federal government "is a veritable cosmos of information, made up of constellations of databases," warns the Atlantic. The FBI "has a facial-recognition apparatus capable of matching people against more than 640 million photos — a database made up of driver's license and passport photos, as well as mug shots. The Homeland Security department holds data "about the movements of every person who travels by air commercially". America's Drug Enforcement Administration "tracks license plates scanned on American roads." And there's also every taxpayer's finance and employment history..." Government agencies including the IRS, the FBI, DHS, and the Department of Defense have all purchased cellphone-location data, and possibly collected them too, via secretive groups such as the National Geospatial-Intelligence Agency. That means the government has at least some ability to map or re-create the past everyday movements of some American citizens.
But now the information at individual agencies "is being pooled together. The question is Why? And what does the administration intend to do with it?" A White House spokesperson confirmed to the Atlantic that data collected by different agencies is now being combined. (They said that "Through data sharing between agencies, departments are collaborating to identify fraud and prevent criminals from exploiting hardworking American taxpayers.") But a March executive explicitly stated an aim "to eliminate the data silos that keep everything separate." The article accuses the administration officials of "not just undoing decades of privacy measures. They appear to be ignoring that they were ever written."

The Atlantic spoke with former government officials "who have spent time in these systems," reporting that "to a person, these experts are alarmed about the possibilities for harm, graft, and abuse... Collecting and then assembling data in the industrial way — just to have them in case they might be useful — would represent a huge and disturbing shift for the government..."

"A fragile combination of decades-old laws, norms, and jungly bureaucracy has so far prevented repositories such as these from assembling into a centralized American surveillance state. But that appears to be changing... DOGE has systematically gained access to sensitive data across the federal government "in ways that people in several agencies have described to us as both dangerous and disturbing."

An anonymous reader quotes a report from the Associated Press: A European Union privacy watchdog fined TikTok 530 million euros ($600 million) on Friday after a four-year investigation found that the video sharing app's data transfers to China put users at risk of spying, in breach of strict EU data privacy rules. Ireland's Data Protection Commission also sanctioned TikTok for not being transparent with users about where their personal data was being sent and ordered the company to comply with the rules within six months.

The Irish national watchdog serves as TikTok's lead data privacy regulator in the 27-nation EU because the company's European headquarters is based in Dublin. "TikTok failed to verify, guarantee and demonstrate that the personal data of (European) users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU," Deputy Commissioner Graham Doyle said in a statement. The Irish watchdog said its investigation found that TikTok failed to address "potential access by Chinese authorities" to European users' personal data under Chinese laws on anti-terrorism, counterespionage, cybersecurity and national intelligence that were identified as "materially diverging" from EU standards. Grahn said TikTok has "has never received a request for European user data from the Chinese authorities, and has never provided European user data to them."

[...] The investigation, which opened in September 2021, also found that TikTok's privacy policy at the time did not name third countries, including China, where user data was transferred. The watchdog said the policy, which has since been updated, failed to explain that data processing involved "remote access to personal data stored in Singapore and the United States by personnel based in China." TikTok faces further scrutiny from the Irish regulator, which said that the company had provided inaccurate information throughout the inquiry by saying that it didn't store European user data on Chinese servers. It wasn't until April that it informed the regulator that it discovered in February that some data had in fact been stored on Chinese servers. TikTok disagrees with the decision and plans to appeal. The company said the decision focuses on a "select period" ending in May 2023, before it embarked on a data localization project called Project Clover that involved building three data centers in Europe.

"The facts are that Project Clover has some of the most stringent data protections anywhere in the industry, including unprecedented independent oversight by NCC Group, a leading European cybersecurity firm," said Christine Grahn, TikTok's European head of public policy and government relations. "The decision fails to fully consider these considerable data security measures."

Meta has eliminated key privacy protections for Ray-Ban Meta smart glasses users in a policy update that took effect April 29th. The company now permanently enables Meta AI with camera functionality unless "Hey Meta" voice commands are completely disabled, while simultaneously removing users' ability to opt out of having their voice recordings stored in the cloud.

These recordings are kept for up to a year for Meta's product development, with the company only deleting accidental voice interactions after 90 days. Users can manually delete individual recordings but cannot prevent the initial collection.

Google Play's app marketplace has seen a dramatic 47% drop in available apps -- from 3.4 million to 1.8 million -- since the start of 2024. An analysis by app intelligence provider Appfigures attributes the decline to stricter quality standards, expanded human reviews, and increased enforcement against low-quality and deceptive apps. TechCrunch reports: In July 2024, Google announced it would raise the minimum quality requirements for apps, which may have impacted the number of available Play Store app listings.

Instead of only banning broken apps that crashed, wouldn't install, or run properly, the company said it would begin banning apps that demonstrated "limited functionality and content." That included static apps without app-specific features, such as text-only apps or PDF file apps. It also included apps that provided little content, like those that only offered a single wallpaper. Additionally, Google banned apps that were designed to do nothing or have no function, which may have been tests or other abandoned developer efforts.

Reached for comment, Google confirmed that its new policies were factors here, which also included an expanded set of verification requirements, required app testing for new personal developer accounts, and expanded human reviews to check for apps that try to deceive or defraud users. In addition, the company pointed to other 2024 investments in AI for threat detection, stronger privacy policies, improved developer tools, and more. As a result, Google prevented 2.36 million policy-violating apps from being published on its Play Store and banned more than 158,000 developer accounts that had attempted to publish harmful apps, it said. TechCrunch also notes that a new trader status rule, which went into effect in the EU this February, could be another contributing factor. It requires developers to display their names and addresses in their app listings, and failure to comply would see their apps removed from EU app stores.

An anonymous reader quotes a report from Wired: Automakers are increasingly pushing consumers to accept monthly and annual fees to unlock preinstalled safety and performance features, from hands-free driving systems and heated seats to cameras that can automatically record accident situations. But the additional levels of internet connectivity this subscription model requires can increase drivers' exposure to government surveillance and the likelihood of being caught up in police investigations. A cache of more than two dozen police records recently reviewed by WIRED show US law enforcement agencies regularly trained on how to take advantage of "connected cars," with subscription-based features drastically increasing the amount of data that can be accessed during investigations. The records make clear that law enforcement's knowledge of the surveillance far exceeds that of the public and reveal how corporate policies and technologies -- not the law -- determine driver privacy.

"Each manufacturer has their whole protocol on how the operating system in the vehicle utilizes telematics, mobile Wi-Fi, et cetera," one law enforcement officer noted in a presentation prepared by the California State Highway Patrol (CHP) and reviewed by WIRED. The presentation, while undated, contains statistics on connected cars for the year 2024. "If the vehicle has an active subscription," they add, "it does create more data." The CHP presentation, obtained by government transparency nonprofit Property of the People via a public records request, trains police on how to acquire data based on a variety of hypothetical scenarios, each describing how vehicle data can be acquired based on the year, make, and model of a vehicle. The presentation acknowledges that access to data can ultimately be limited due to choices made by not only vehicle manufacturers but the internet service providers on which connected devices rely.

One document notes, for instance, that when a General Motors vehicle is equipped with an active OnStar subscription, it will transmit data -- revealing its location -- roughly twice as often as a Ford vehicle. Different ISPs appear to have not only different capabilities but policies when it comes to responding to government requests for information. Police may be able to rely on AT&T to help identify certain vehicles based on connected devices active in the car but lack the ability to do so when the device relies on a T-Mobile or Verizon network instead. [...] Nearly all subscription-based car features rely on devices that come preinstalled in a vehicle, with a cellular connection necessary only to enable the automaker's recurring-revenue scheme. The ability of car companies to charge users to activate some features is effectively the only reason the car's systems need to communicate with cell towers. The police documents note that companies often hook customers into adopting the services through free trial offers, and in some cases the devices are communicating with cell towers even when users decline to subscribe.

Onchain investigator ZachXBT flagged a suspicious $330.7 million Bitcoin transfer that was quickly laundered into Monero, causing XMR's price to spike by 50%. CoinTelegraph reports: The transaction, reported on April 28, saw funds moved from a potential victim's wallet to the address bc1qcry...vz55g. Following the transfer, the stolen stash was quickly laundered through over six instant exchanges and swapped into privacy-focused cryptocurrency Monero. The large-scale conversion led to a 50% spike in XMR's price with the token reaching an intraday high of $339, according to data from CoinMarketCap.

At the time of writing, XMR has settled slightly but remains up 25% in the past 24 hours, trading at $289. When asked whether North Korea's Lazarus Group was behind the attack, ZachXBT dismissed the theory, stating it was "highly probable it's not," suggesting independent hackers were responsible. "While there are concerns of more criminals moving to privacy coins for anonymity, the vast majority of criminal activity still uses mainstream cryptocurrencies, such as Bitcoin, Ethereum and stablecoins," Chainalysis said. "Cryptocurrency is only useful if you can buy and sell goods and services or cash out into fiat, and that is much more difficult with privacy coins, especially as many mainstream exchanges have offboarded the use of privacy coins, such as Monero."

The sale of bankrupt DNA data bank 23andMe is delayed as the company struggles to secure a lead bidder who can meet regulatory and privacy requirements, pushing the initial auction deadline from Friday to Monday. Seeking Alpha reports: 23andMe Holdings (OTC:MEHCQ), currently in Chapter 11 bankruptcy proceedings, is requiring that any potential bidders for the company's assets "guaranty that they will comply with the Company's privacy policies and applicable law." The genetics company said this is necessary to protect customers' data.

In addition, bidders will need to submit documentation of their intended use of any data, describe the privacy programs and security controls they have in place or would implement, and say whether they would ask for current privacy policies to be amended. 23andMe has also filed a motion asking for the appointment of an independent customer Data representative to review whether a proposed deal is in alignment with the company's privacy policies and data privacy laws.

"4chan, down for more than a week after hackers got in through an insecure script that handled PDFs, is back online," notes BoingBoing. (They add that Thursday saw 4chan's first blog postin years — just the words "Testing testing 123 123...") But 4chan posted a much longer explanation on Friday," confirming their servers were compromised by a malicious PDF upload from "a hacker using a UK IP address," granting access to their databases and administrative dashboard.

The attacker "spent several hours exfiltrating database tables and much of 4chan's source code. When they had finished downloading what they wanted, they began to vandalize 4chan at which point moderators became aware and 4chan's servers were halted, preventing further access." While not all of our servers were breached, the most important one was, and it was due to simply not updating old operating systems and code in a timely fashion. Ultimately this problem was caused by having insufficient skilled man-hours available to update our code and infrastructure, and being starved of money for years by advertisers, payment providers, and service providers who had succumbed to external pressure campaigns. We had begun a process of speccing new servers in late 2023. As many have suspected, until that time 4chan had been running on a set of servers purchased second-hand by moot a few weeks before his final Q&A [in 2015], as prior to then we simply were not in a financial position to consider such a large purchase. Advertisers and payment providers willing to work with 4chan are rare, and are quickly pressured by activists into cancelling their services. Putting together the money for new equipment took nearly a decade...

The free time that 4chan's development team had available to dedicate to 4chan was insufficient to update our software and infrastructure fast enough, and our luck ran out. However, we have not been idle during our nearly two weeks of downtime. The server that was breached has been replaced, with the operating system and code updated to the latest versions. PDF uploads have been temporarily disabled on those boards that supported them, but they will be back in the near future. One slow but much beloved board, /f/ — Flash, will not be returning however, as there is no realistic way to prevent similar exploits using .swf files.

We are bringing on additional volunteer developers to help keep up with the workload, and our team of volunteer janitors & moderators remains united despite the grievous violations some have suffered to their personal privacy.

4chan is back. No other website can replace it, or this community. No matter how hard it is, we are not giving up.

Slashdot reader itwbennett writes: Personal health information on 4.7 million Blue Shield California subscribers was unintentionally shared between Google Analytics and Google Ads between April 2021 and January 2025 due to a misconfiguration error. Security consultant and SANS Institute instructor Brandon Evans points to two lessons to take from this debacle:

- Read the documentation of any third party service you sign up for, to understand the security and privacy controls;
- Know what data is being collected from your organization, and what you don't want shared.

"If there is a concern by the organization that Google Ads would use this information, they should really consider whether or not they should be using a platform like Google Analytics in the first place," Evans says in the article. "Because from a technical perspective, there is nothing stopping Google from sharing the information across its platform...

"Google definitely gives you a great bunch of controls, but technically speaking, that data is within the walls of that organization, and it's impossible to know from the outside how that data is being used."

"A group of researchers says it has identified a hidden reason we use Google for nearly all web searches," reports the Washington Post. "We've never given other options a real shot." Their research experiment suggests that Google is overwhelmingly popular partly because we believe it's the best, whether that's true or not. It's like a preference for your favorite soda. And their research suggested that our mass devotion to googling can be altered with habit-changing techniques, including by bribing people to try search alternatives to see what they are like...

[A] group of academics — from Stanford University, the University of Pennsylvania and MIT — designed a novel experiment to try to figure out what might shake up Google's popularity. They recruited nearly 2,500 participants and remotely monitored their web searches on computers for months. The core of the experiment was paying some participants — most received $10 — to use Bing rather than Google for two weeks. After that period, the money stopped, and the participants had to pick either Bing or Google. The vast majority in the group of people who were paid to use Bing for 14 days chose to go back to Google once the payments stopped, suggesting a strong preference for Google even after trying an alternative. But a healthy number in that group — about 22 percent — chose Bing and were still using it many weeks later.
"I realized Bing was not as bad as I thought it was...." one study participant said — which an assistant professor in business economics and public policy at the University of Pennsylvania says is a nice summation of the study's findings.

"The researchers did not test other search engines," the article notes. But it also points out that more importantly: the research caught the attention of some government officials: Colorado Attorney General Phil Weiser (D), who is leading the group of states that sued Google alongside the Justice Department, said the research helped inspire a demand by the states to fix Google's search monopoly. They asked a judge to require Google to bankroll a consumer information campaign about web search alternatives, including "short-term incentive payments."
On the basis of that, the article suggests "you could soon be paid to try Microsoft Bing or another alternative."

And in the meantime, the reporter writes, "I encourage you to join me in a two-week (unpaid) experiment mirroring the research: Change your standard search engine to something other than Google and see whether you like it. (And drop me a line to let me know how it went.) I'm going with DuckDuckGo, a privacy-focused web search engine that uses Bing's technology."

An anonymous reader quotes a report from Cybernews: Researchers at Cybernews have uncovered a major privacy breach involving WorkComposer, a workplace surveillance app used by over 200,000 people across countless companies. The app, designed to track productivity by logging activity and snapping regular screenshots of employees' screens, left over 21 million images exposed in an unsecured Amazon S3 bucket, broadcasting how workers go about their day frame by frame. The leaked data is extremely sensitive, as millions of screenshots from employees' devices could not only expose full-screen captures of emails, internal chats, and confidential business documents, but also contain login pages, credentials, API keys, and other sensitive information that could be exploited to attack businesses worldwide. After the company was contacted, access to the unsecured database was secured. An official comment has yet to be received.

South Korea's data protection authority said on Thursday that Chinese artificial intelligence startup DeepSeek transferred user information and prompts without permission when the service was still available for download in the country's app market. From a report: The Personal Information Protection Commission said in a statement that Hangzhou DeepSeek Artificial Intelligence Co Ltd did not obtain user consent while transferring personal information to a number of companies in China and the United States at the time of its South Korean launch in January.

WhatsApp is rolling out a new "Advanced Chat Privacy" feature that blocks others from exporting chat histories or automatically downloading media. While it doesn't stop screenshots or manual downloads, it marks the first step in WhatsApp's plan to enhance in-chat privacy protections. The Verge reports: By default, WhatsApp saves photos and videos in a chat to your phone's local storage. It also lets you and your recipients export chats (with or without media) to your messages, email, or notes app. The Advanced Chat Privacy setting will prevent this in group and individual chats. [...] WhatsApp says this is its "first version" of the feature, and that it plans to add more protections down the line.

"We think this feature is best used when talking with groups where you may not know everyone closely but are nevertheless sensitive in nature," WhatsApp says in its announcement. WABetaInfo first spotted this feature earlier this month, and now it's rolling out to the latest version of the app. You can turn on the setting by tapping the name of your chat and selecting Advanced Chat Privacy.

An anonymous reader quotes a report from Reuters: A U.S. appeals court on Monday revived a proposed data privacy class action against Shopify, a decision that could make it easier for American courts to assert jurisdiction over internet-based platforms. In a 10-1 decision, the 9th U.S. Circuit Court of Appeals in San Francisco said the Canadian e-commerce company can be sued in California for collecting personal identifying data from people who make purchases on websites of retailers from that state.

Brandon Briskin, a California resident, said Shopify installed tracking software known as cookies on his iPhone without his consent when he bought athletic wear from the retailer I Am Becoming, and used his data to create a profile it could sell to other merchants. Shopify said it should not be sued in California because it operates nationwide and did not aim its conduct toward that state. The Ottawa-based company said Briskin could sue in Delaware, New York or Canada. A lower court judge and a three-judge 9th Circuit panel had agreed the case should be dismissed, but the full appeals court said Shopify "expressly aimed" its conduct toward California.

"Shopify deliberately reached out ... by knowingly installing tracking software onto unsuspecting Californians' phones so that it could later sell the data it obtained, in a manner that was neither random, isolated, or fortuitous," Circuit Judge Kim McLane Wardlaw wrote for the majority. A spokesman for Shopify said the decision "attacks the basics of how the internet works," and drags entrepreneurs who run online businesses into distant courtrooms regardless of where they operate. Shopify's next legal steps are unclear.

An anonymous reader shares a report: In a shocking development, Google won't roll out a new standalone prompt for third-party cookies in Chrome. It's a move that amounts to a U-turn on the Chrome team's earlier updated approach to deprecating third-party cookies, announced in July last year, with the latest development bound to cause ructions across the ad tech ecosystem. "We've made the decision to maintain our current approach to offering users third-party cookie choice in Chrome, and will not be rolling out a new standalone prompt for third-party cookies," wrote Anthony Chavez, vp Privacy Sandbox at Google, in a blog post published earlier today (April 22). "Users can continue to choose the best option for themselves in Chrome's Privacy and Security Settings." However, it's not the end of Privacy Sandbox, according to Google, as certain initiatives incubated within the project are set to continue, such as its IP Protection for Chrome Incognito users, which will be rolled out in Q3.

An anonymous reader quotes a report from 404 Media: A judge in Nevada has ruled that "tower dumps" -- the law enforcement practice of grabbing vast troves of private personal data from cell towers -- is unconstitutional. The judge also ruled that the cops could, this one time, still use the evidence they obtained through this unconstitutional search. Cell towers record the location of phones near them about every seven seconds. When the cops request a tower dump, they ask a telecom for the numbers and personal information of every single phone connected to a tower during a set time period. Depending on the area, these tower dumps can return tens of thousands of numbers. Cops have been able to sift through this data to solve crimes. But tower dumps are also a massive privacy violation that flies in the face of the Fourth Amendment, which protects people from unlawful search and seizure. When the cops get a tower dump they're not just searching and seizing the data of a suspected criminal, they're sifting through the information of everyone who was in the location. The ruling stems from a court case involving Cory Spurlock, a Nevada man charged with drug offenses and a murder-for-hire plot. He was implicated through a cellphone tower dump that law enforcement used to place his device near the scenes of the alleged crimes.

A federal judge ruled that the tower dump constituted an unconstitutional general search under the Fourth Amendment but declined to suppress the evidence, citing officers' good faith in obtaining a warrant. It marks the first time a court in the Ninth Circuit has ruled on the constitutionality of tower dumps, which in Spurlock's case captured location data from over 1,600 users -- many of whom had no way to opt out.