Rei writes: After a Tesla crash in The Woodlands killed two people last Saturday night, news reports were quick to jump to the conclusion that Autopilot (or even FSD) was being used and led to the strange crash, in which investigators reported nobody in the driver's seat, one victim buckled in in the front passenger seat, and the other buckled in behind them. On Twitter, however, Autopilot users were quick to question this account, noting that Autopilot can't be enabled on a road lacking lane lines; the speed and acceleration were far higher than Autopilot allows; and numerous other problems. Now Elon Musk has weighed in with the first official statement since the crash. Responding to a user questioning the reporting, Musk said: "Your research as a private individual is better than professionals @WSJ! Data logs recovered so far show Autopilot was not enabled & this car did not purchase FSD. Moreover, standard Autopilot would require lane lines to turn on, which this street did not have." What actually caused the crash and why nobody was found in the driver's seat remains unclear at this point; analysis of the logs and investigation of the crash site remains ongoing.

An anonymous reader quotes a report from Reuters: Live-streaming service Twitch will ban users for offenses such as hate-group membership or credible threats of mass violence that occur entirely away from the site, in a new approach to moderating the platform, the company said on Wednesday. The Amazon-owned platform, which is popular among video gamers, said under its new rules it would take enforcement actions against offline offenses that posed a "substantial safety risk" to its community.

It said examples of this "severe misconduct" include terrorist activities, child sexual exploitation, violent extremism, credible threats of mass violence, carrying out or deliberately acting as an accomplice to sexual assault and threatening Twitch or its staff. "Taking action against misconduct that occurs entirely off our service is a novel approach for both Twitch and the industry at large, but it's one we believe -- and hear from you -- is crucial to get right," the company said in a blog post. The company said users will be able to report such behaviors but it may also investigate cases proactively, for instance if there is a verified news report that a user has been arrested. Twitch said it would rely more heavily on law enforcement in "off-service" cases and is partnering with an investigative law firm to support its internal team. It declined to name the firm. The new standards will apply even if the target of the offline behaviors is not a Twitch user or if the perpetrator was not a user when they committed the acts. Perpetrators would also be banned from registering a Twitch account, it said.

Twitch said it would take action only when there was evidence, such as screen shots, videos of off-Twitch behavior or police filings, verified by its internal team or third-party investigators. Users who submit a large amount of frivolous reports will face suspension. The company said in cases where the behavior happened in the distant past, users had gone through rehabilitation such as time in a correctional facility, and they no longer presented a danger to the community, it might not take action or might reinstate users on appeal. It said it would share updates with the involved parties but would not share public updates about actions under this policy.

An anonymous reader quotes a report from The Intercept: The popular legal research and data brokerage firm LexisNexis signed a $16.8 million contract to sell information to U.S. Immigration and Customs Enforcement, according to documents shared with The Intercept. The deal is already drawing fire from critics and comes less than two years after the company downplayed its ties to ICE, claiming it was "not working with them to build data infrastructure to assist their efforts." Though LexisNexis is perhaps best known for its role as a powerful scholarly and legal research tool, the company also caters to the immensely lucrative "risk" industry, providing, it says, 10,000 different data points on hundreds of millions of people to companies like financial institutions and insurance companies who want to, say, flag individuals with a history of fraud. LexisNexis Risk Solutions is also marketed to law enforcement agencies, offering "advanced analytics to generate quality investigative leads, produce actionable intelligence and drive informed decisions" -- in other words, to find and arrest people.

The LexisNexis ICE deal appears to be providing a replacement for CLEAR, a risk industry service operated by Thomson Reuters that has been crucial to ICE's deportation efforts. In February, the Washington Post noted that the CLEAR contract was expiring and that it was "unclear whether the Biden administration will renew the deal or award a new contract." LexisNexis's February 25 ICE contract was shared with The Intercept by Mijente, a Latinx advocacy organization that has criticized links between ICE and tech companies it says are profiting from human rights abuses, including LexisNexis and Thomson Reuters. The contract shows LexisNexis will provide Homeland Security investigators access to billions of different records containing personal data aggregated from a wide array of public and private sources, including credit history, bankruptcy records, license plate images, and cellular subscriber information. The company will also provide analytical tools that can help police connect these vast stores of data to the right person. In a statement to The Intercept, a LexisNexis Risk Solutions spokesperson said: "Our tool contains data primarily from public government records. The principal non-public data is authorized by Congress for such uses in the Drivers Privacy Protection Act and Gramm-Leach-Bliley Act statutes." They declined to say exactly what categories of data the company would provide ICE under the new contract, or what policies, if any, will govern how agency agency uses it.

"The cracking of a previously-unbreakable encrypted messaging service popular with criminals involved in drug trafficking and organised crime delivered a major victory for the justice system on Tuesday," writes the Brussels Times, in a story shared by DI4BL0S: The cracking of the expensive messaging app, called "Sky ECC," was what allowed over 1,500 police officers across Belgium to be simultaneously deployed in at least 200 raids, many of which were centred around Antwerp and involved special forces. Investigators succeeded in cracking Sky ECC at the end of last year, according to reporting by De Standaard, and as a result were able to sort through thousands of messages major criminals were sending each other over the course of a month. Information gained from those conversations is what led to Tuesday's historic operation, two years in the making.

Sky ECC became popular with drug criminals after its successor Encrochat was cracked in 2020 by French and Dutch investigators, who were able to intercept over 100 million messages sent via the app. That led to over a hundred suspects being arrested in the Netherlands, uncovering a network of laboratories where crystal meth and other drugs were being produced and allowing police to seize 8,000 kilos of cocaine and almost €20 million....

In a press conference by Belgium's federal public prosector's office on Tuesday afternoon, authorities stated that 17 tonnes of cocaine and €1.2 million were seized, and that 48 suspects were arrested.
Critics of Sky ECC "say more than 90% of its customers are criminals," according to the Brussels Times. Days later America's Justice Department indicted the CEO of Sky Global "for allegedly selling their devices to help international drug traffickers avoid law enforcement," reports Vice. They call it "only the second time the DOJ has filed charges against an encrypted phone company, and signals that the DOJ will continue to prosecute the heads and associates of companies that they say cater deliberately to facilitating criminal acts."

Earlier the Brussels Times had quoted the app's makers statement that they "strongly believe that privacy is a fundamental human right."

The newspaper also reported that Sky ECC calls itself "the world's most secure messaging app" — and "had previously said 'hacking is impossible'" — though in fact investigators have already decrypted almost half a billion messages.

An anonymous reader quotes a report from The Associated Press: German prosecutors said Tuesday that they have taken down what they believe was the biggest illegal marketplace on the darknet and arrested its suspected operator. The site, known as DarkMarket, was shut down on Monday, prosecutors in the southwestern city of Koblenz said. All sorts of drugs, forged money, stolen or forged credit cards, anonymous mobile phone SIM cards and malware were among the things offered for sale there, they added. German investigators were assisted in their months-long probe by U.S. authorities and by Australian, British, Danish, Swiss, Ukrainian and Moldovan police.

The marketplace had nearly 500,000 users and more than 2,400 vendors, prosecutors said. They added that it processed more than 320,000 transactions, and Bitcoin and Monero cryptocurrency to the value of more than 140 million euros ($170 million) were exchanged. The suspected operator, a 34-year-old Australian man, was arrested near the German-Danish border. Prosecutors said a judge has ordered him held in custody pending possible formal charges, and he hasn't given any information to investigators. More than 20 servers in Moldova and Ukraine were seized, German prosecutors said. They hope to find information on those servers about other participants in the marketplace. The move against DarkMarket originated from an investigation of a data processing center installed in a former NATO bunker in southwestern Germany that hosted sites dealing in drugs and other illegal activities.

"Both local police and the FBI are seeking information about individuals who were 'actively instigating violence' in Washington, DC, on January 6," writes Ars Technica.

Then they speculate on which tools will be used to find them: While media organizations took thousands of photos police can use, they also have more advanced technologies at their disposal to identify participants, following what several other agencies have done in recent months... In November, The Washington Post reported that investigators from 14 local and federal agencies in the DC area have used a powerful facial recognition system more than 12,000 times since 2019.

Neither would an agency need actual photos or footage to track down any mob participant who was carrying a mobile phone. Law enforcement agencies have also developed a habit in recent years of using so-called geofence warrants to compel companies such as Google to provide lists of all mobile devices that appeared within a certain geographic area during a given time frame...

With all of that said, however, the DC Metropolitan Police and the FBI will probably need to look no further than a cursory Google search to identify many of the leaders of Wednesday's insurrection, as many of them took to social media both before and after the event to brag about it in detail. In short: you don't need fancy facial recognition tools to identify people who livestream their crimes.
Friday the Washington Post also cited "the countless hours of video — much of it taken by the rioters themselves and uploaded to social media" as a useful input for facial recognition software.

But in addition, they note that "The Capitol, more than most buildings, has a vast cellular and wireless data infrastructure of its own to make communications efficient in a building made largely of stone and that extends deep underground and has pockets of shielded areas. Such infrastructure, such as individual cell towers, can turn any connected phone into its own tracking device.

"Phone records make determining the owners of these devices trivially easy..."

In recent years, investigators have realized that automobiles -- particularly newer models -- can be treasure troves of digital evidence. Their onboard computers generate and store data that can be used to reconstruct where a vehicle has been and what its passengers were doing. From a report: They reveal everything from location, speed and acceleration to when doors were opened and closed, whether texts and calls were made while the cellphone was plugged into the infotainment system, as well as voice commands and web histories. But that boon for forensic investigators creates fear for privacy activists, who warn that the lack of information security baked into vehicles' computers poses a risk to consumers and who call for safeguards to be put in place. "I hear a lot of analogies of cars being smartphones on wheels. But that's vastly reductive," said Andrea Amico, founder of Privacy4Cars, which makes a free app that helps people delete their data from automobiles and makes its money by offering the service to rental companies and dealerships. "If you think about the amount of sensors in a car, the smartphone is a toy. A car has GPS, an accelerometer, a camera. A car will know how much you weigh. Most people don't realize this is happening."

Law enforcement agencies have been focusing their investigative efforts on two main information sources: the telematics system -- which is like the "black box" -- and the infotainment system. The telematics system stores a vehicle's turn-by-turn navigation, speed, acceleration and deceleration information, as well as more granular clues, such as when and where the lights were switched on, the doors were opened, seat belts were put on and airbags were deployed. The infotainment system records recent destinations, call logs, contact lists, text messages, emails, pictures, videos, web histories, voice commands and social media feeds. It can also keep track of the phones that have been connected to the vehicle via USB cable or Bluetooth, as well as all the apps installed on the device. Together, the data allows investigators to reconstruct a vehicle's journey and paint a picture of driver and passenger behavior. In a criminal case, the sequence of doors opening and seat belts being inserted could help show that a suspect had an accomplice.

Last Thursday, Israeli phone-hacking firm Cellebrite said in a blog post that it can now break into Signal, an encrypted app considered safe from external snooping. Haaretz reports: Cellebrite's flagship product is the UFED (Universal Forensic Extraction Device), a system that allows authorities to unlock and access the data of any phone in their possession. Another product it offers is the Physical Analyzer, which helps organize and process data lifted from the phone. Last Thursday, the company announced that the analyzer has now been updated with a new capability, developed by the firm, that allows clients to decode information and data from Signal. Signal, owned by the Signal Technology Foundation, uses a special open source encryption system called Signal Protocol, which was thought to make it nigh-on impossible for a third party to break into a conversation or access data being shared on the platform. It does so by employing what's called "end-to-end encryption."

According to Cellebrite's announcement last week, "Law enforcement agencies are seeing a rapid rise in the adoption of highly encrypted apps like Signal, which incorporate capabilities like image blurring to stop police from reviewing data. "Criminals are using this application to communicate, send attachments, and making [sic] illegal deals that they want to keep discrete [sic] and out of sight from law enforcement," the blog post added. Despite support for the app's encryption capabilities, Cellebrite noted that "Signal is an encrypted communication application designed to keep sent messages and attachments as safe as possible from 3rd-party programs.

"Cellebrite Physical Analyzer now allows lawful access to Signal app data. At Cellebrite, we work tirelessly to empower investigators in the public and private sector to find new ways to accelerate justice, protect communities, and save lives." In an earlier, now deleted, version of the blog post, the company went as far as to say: "Decrypting Signal messages and attachments was not an easy task. It required extensive research on many different fronts to create new capabilities from scratch. At Cellebrite, however, finding new ways to help those who make our world a safer place is what we're dedicated to doing every day." The initial post, which was stored on the Internet Archive, also included a detailed explanation of how Cellebrite "cracked the code" by reviewing Signal's own open source protocol and using it against it. The company noted in the deleted blog post that "because [Signal] encrypts virtually all its metadata to protect its users, efforts have been put forward by legal authorities to require developers of encrypted software to enable a 'backdoor' that makes it possible for them to access people's data. Until such agreements are reached, Cellebrite continues to work diligently with law enforcement to enable agencies to decrypt and decode data from the Signal app."

Pig Hogger (Slashdot reader #10,379) writes: Everywhere, every day, thousands of phones are plugged-into forensic tools that will pull out everything a phone has to offer an investigator. The thing is, investigators are not always working for police departments, but for school districts, who have been increasinly buying various phone hacking tools.
Gizmodo writes: Public documents reviewed by Gizmodo indicate that school districts have been quietly purchasing these surveillance tools of their own for years... Known as mobile device forensic tools (MDFTs), this type of tech is able to siphon text messages, photos, and application data from student's devices. Together, the districts encompass hundreds of schools, potentially exposing hundreds of thousands of students to invasive cell phone searches.

While companies like Cellebrite have partnered with federal and local police for years, that the controversial equipment is also available for school district employees to search students' personal devices has gone relatively unnoticed — and serves as a frightening reminder of how technology originally developed for use by the military or intelligence services, ranging from blast-armored trucks designed for use in war zones to invasive surveillance tools, keeps trickling down to domestic police and even the institutions where our kids go to learn. "Cellebrites and Stingrays started out in the provenance of the U.S. military or federal law enforcement, and then made their way into state and local law enforcement, and also eventually make their way into the hands of criminals or petty tyrants like school administrators," Cooper Quentin, senior staff technologist at the Electronic Frontier Foundation, said in a video interview. "This is the inevitable trajectory of any sort of surveillance technology or any sort of weapon...."

Gizmodo analyzed a random sample of 5,000 public school or school district websites across the United States and found that eight district websites mention Cellebrite or another MDFT technology. Because our sample is a relatively small portion of the total number of high schools in the United States — and the ones that stood out did so because they published the purchases as line items in public budget reports — many other school districts may have access to this technology. The Los Angeles Unified School District, the second-largest school district in the country with over 630,000 students enrolled in over 1,000 institutions in the 2018-2019 school year, has a Cellebrite device it says is used by a team that investigates complaints of employee misconduct against students...

Ultimately, Gizmodo's investigation turned up more questions than answers about why school districts have sought these devices and how they use them. Who is subject to these searches, and who is carrying them out? How many students have had their devices searched and what were the circumstances? Were students or their parents ever asked to give any kind of meaningful consent, or even notified of the phone searches in the first place? What is done with the data afterward? Can officials retain it for use in future investigations?

Most of the school districts did not respond to our inquiries.

An anonymous reader quotes a report from The Verge: Martin Tripp, the former Tesla worker who has been embroiled in a bitter legal battle with CEO Elon Musk for over two years, was ordered to pay his former employer $400,000 after admitting to leaking confidential information to a reporter. The settlement is intended to bring an end to one of the more sordid stories at Tesla, in which Tripp, a former process technician, locked horns with the billionaire CEO over allegations that Tesla was wasting a "jaw-dropping" amount of raw material as it ramped up production of the Model 3 sedan.

Musk later accused Tripp of "sabotage" and personally ordered investigators to hack Tripp's phone and spy on his messages. Tesla even misled local police about a potential mass shooting by Tripp at the company's Nevada factory. But in the end, Tripp came out on the losing side. The payment is part of a proposed settlement to a lawsuit filed by Tesla in 2018 alleging that Tripp hacked the electric car company's system and transferred "gigabytes" of data to third parties. As part of the agreement, Tripp admitted to violating laws related to trade secrets and computer crimes when he told a Business Insider reporter that Tesla was wasting a significant amount of raw materials during production of its Model 3. Tripp also agreed to pay $25,000 to Tesla for continuing to reveal information about the company, despite being ordered to stop by a judge.

There are few things as revealing as a person's search history, and police typically need a warrant on a known suspect to demand that sensitive information. But a recently unsealed court document found that investigators can request such data in reverse order by asking Google to disclose everyone who searched a keyword rather than for information on a known suspect. From a report: In August, police arrested Michael Williams, an associate of singer and accused sex offender R. Kelly, for allegedly setting fire to a witness' car in Florida. Investigators linked Williams to the arson, as well as witness tampering, after sending a search warrant to Google that requested information on "users who had searched the address of the residence close in time to the arson."

The July court filing was unsealed on Tuesday. Detroit News reporter Robert Snell tweeted about the filing after it was unsealed. Court documents showed that Google provided the IP addresses of people who searched for the arson victim's address, which investigators tied to a phone number belonging to Williams. Police then used the phone number records to pinpoint the location of Williams' device near the arson, according to court documents. The original warrant sent to Google is still sealed, but the report provides another example of a growing trend of data requests to the search engine giant in which investigators demand data on a large group of users rather than a specific request on a single suspect. "This 'keyword warrant' evades the Fourth Amendment checks on police surveillance," said Albert Fox Cahn, the executive director of the Surveillance Technology Oversight Project. "When a court authorizes a data dump of every person who searched for a specific term or address, it's likely unconstitutional."

The malware that French law enforcement deployed en masse onto Encrochat devices, a large encrypted phone network using Android phones, had the capability to harvest "all data stored within the device," and was expected to include chat messages, geolocation data, usernames, passwords, and more, according to a document obtained by Motherboard. From the report: The document adds more specifics around the law enforcement hack and subsequent takedown of Encrochat earlier this year. Organized crime groups across Europe and the rest of the world heavily used the network before its seizure, in many cases to facilitate large scale drug trafficking. The operation is one of, if not the, largest law enforcement mass hacking operation to date, with investigators obtaining more than a hundred million encrypted messages. "The NCA has been collaborating with the Gendarmerie on Encrochat for over 18 months, as the servers are hosted in France. The ultimate objective of this collaboration has been to identify and exploit any vulnerability in the service to obtain content," the document reads, referring to both the UK's National Crime Agency and one of the national police forces of France. As well as the geolocation, chat messages, and passwords, the law enforcement malware also told infected Encrochat devices to provide a list of WiFi access points near the device, the document reads.

An anonymous reader quotes Ars Technica: Law enforcement in several cities, including New York and Miami, have reportedly been using controversial facial recognition software to track down and arrest individuals who allegedly participated in criminal activity during Black Lives Matter protests months after the fact. Miami police used Clearview AI to identify and arrest a woman for allegedly throwing a rock at a police officer during a May protest, local NBC affiliate WTVJ reported this week...

Similar reports have surfaced from around the country in recent weeks. Police in Columbia, South Carolina, and the surrounding county likewise used facial recognition, though from a different vendor, to arrest several protesters after the fact, according to local paper The State. Investigators in Philadelphia also used facial recognition software, from a third vendor, to identify protestors from photos posted to Instagram, The Philadelphia Inquirer reported.

America's border-protection agency "can track everyone's cars all over the country thanks to massive troves of automated license plate scanner data, a new report reveals," reports Ars Technica.

And they didn't need to request search warrants from the courts, the article explains, since "the agency did just what hundreds of other businesses and investigators do: straight-up purchase access to commercial databases." U.S. Customs and Border Protection (CBP) has been buying access to commercial automated license plate-reader databases since 2017, TechCrunch reports, and the agency says bluntly that there's no real way for any American to avoid having their movements tracked. "CBP cannot provide timely notice of license plate reads obtained from various sources outside of its control," the agency wrote in its most recent privacy assessment. "The only way to opt out of such surveillance is to avoid the impacted area, which may pose significant hardships and be generally unrealistic...."

CBP already buys cell phone location data, even though it would not legally be able to hoover it up on a wide scale directly. Police also purchase hacked and breached data from third-party vendors that they can then use to track and identify individuals in ways that otherwise might have required a warrant.

Although hundreds of jurisdictions nationwide use automated plate-scanning technology, fewer than 20 states have laws of any kind on their books governing the collection, use, and storage of automated license plate-reader (ALPR) data. Even fewer of those laws specify what private entities can collect ALPR data and what can be done with that information. The software also seems to become more granular almost by the day.

Theoretically, CBP only has authority to operate within 100 miles of the US border. The data it purchases, however, may allow it to track any given license plate basically anywhere in the country.

Mr. Cooper was a retired high school history teacher using what NBC News calls those peer-to-peer networks where "the lack of corporate oversight creates the illusion of safety for people sharing illegal images."
Police were led to Cooper's door by a forensic tool called Child Protection System, which scans file-sharing networks and chatrooms to find computers that are downloading photos and videos depicting the sexual abuse of prepubescent children. The software, developed by the Child Rescue Coalition, a Florida-based nonprofit, can help establish the probable cause needed to get a search warrant... Cooper is one of more than 12,000 people arrested in cases flagged by the Child Protection System software over the past 10 years, according to the Child Rescue Coalition... The Child Protection System, which lets officers search by country, state, city or county, displays a ranked list of the internet addresses downloading the most problematic files...

The Child Protection System "has had a bigger effect for us than any tool anyone has ever created. It's been huge," said Dennis Nicewander, assistant state attorney in Broward County, Florida, who has used the software to prosecute about 200 cases over the last decade. "They have made it so automated and simple that the guys are just sitting there waiting to be arrested." The Child Rescue Coalition gives its technology for free to law enforcement agencies, and it is used by about 8,500 investigators in all 50 states. It's used in 95 other countries, including Canada, the U.K. and Brazil. Since 2010, the nonprofit has trained about 12,000 law enforcement investigators globally. Now, the Child Rescue Coalition is seeking partnerships with consumer-focused online platforms, including Facebook, school districts and a babysitter booking site, to determine whether people who are downloading illegal images are also trying to make contact with or work with minors...

The tool has a growing database of more than a million hashed images and videos, which it uses to find computers that have downloaded them. The software is able to track IP addresses — which are shared by people connected to the same Wi-Fi network — as well as individual devices. The system can follow devices even if the owners move or use virtual private networks, or VPNs, to mask the IP addresses, according to the Child Rescue Coalition.... Before getting a warrant, police typically subpoena the internet service provider to find out who holds the account and whether anyone at the address has a criminal history, has children or has access to children through work.
A lawyer who specializes in digital rights tells NBC that these tools need more oversight and testing. "There's a danger that the visceral awfulness of the child abuse blinds us to the civil liberties concerns. Tools like this hand a great deal of power and discretion to the government. There need to be really strong checks and safeguards."

Some companies are selling government agencies access to data stolen from websites in the hope that it can generate investigative leads, with the data including passwords, email addresses, IP addresses, and more. Motherboard reports: Motherboard obtained webinar slides by a company called SpyCloud presented to prospective customers. In that webinar, the company claimed to "empower investigators from law enforcement agencies and enterprises around the world to more quickly and efficiently bring malicious actors to justice." The slides were shared by a source who was concerned about law enforcement agencies buying access to hacked data. SpyCloud confirmed the slides were authentic to Motherboard. "We're turning the criminals' data against them, or at least we're empowering law enforcement to do that," Dave Endler, co-founder and chief product officer of SpyCloud, told Motherboard in a phone call.

The sale highlights a somewhat novel use of breached data, and signals how data ordinarily associated with the commercial sector can be repurposed by law enforcement too. But it also raises questions about whether law enforcement agencies should be leveraging information originally stolen by hackers. By buying products from SpyCloud, law enforcement would also be obtaining access to hacked data on people who are not associated with any crimes -- the vast majority of people affected by data breaches are not criminals -- and would not need to follow the usual mechanisms of sending a legal request to a company to obtain user data.

Police monitored a hundred million encrypted messages sent through Encrochat, a network used by career criminals to discuss drug deals, murders, and extortion plots. From a report: Something wasn't right. Starting earlier this year, police kept arresting associates of Mark, a UK-based alleged drug dealer. Mark took the security of his operation seriously, with the gang using code names to discuss business on custom, encrypted phones made by a company called Encrochat. For legal reasons, Motherboard is referring to Mark using a pseudonym. Because the messages were encrypted on the devices themselves, police couldn't tap the group's phones or intercept messages as authorities normally would. On Encrochat, criminals spoke openly and negotiated their deals in granular detail, with price lists, names of customers, and explicit references to the large quantities of drugs they sold, according to documents obtained by Motherboard from sources in and around the criminal world.

Maybe it was a coincidence, but in the same time frame, police across the UK and Europe busted a wide range of criminals. In mid-June, authorities picked up an alleged member of another drug gang. A few days later, law enforcement seized millions of dollars worth of illegal drugs in Amsterdam. It was as if the police were detaining people from completely unrelated gangs simultaneously. "[The police] all over it aren't they," the dealer wrote in one of the messages obtained by Motherboard. "My heads still baffled how they got on all my guys." Unbeknownst to Mark, or the tens of thousands of other alleged Encrochat users, their messages weren't really secure. French authorities had penetrated the Encrochat network, leveraged that access to install a technical tool in what appears to be a mass hacking operation, and had been quietly reading the users' communications for months. Investigators then shared those messages with agencies around Europe.

Only now is the astonishing scale of the operation coming into focus: It represents one of the largest law enforcement infiltrations of a communications network predominantly used by criminals ever, with Encrochat users spreading beyond Europe to the Middle East and elsewhere. French, Dutch, and other European agencies monitored and investigated "more than a hundred million encrypted messages" sent between Encrochat users in real time, leading to arrests in the UK, Norway, Sweden, France, and the Netherlands, a team of international law enforcement agencies announced Thursday. As dealers planned trades, money launderers washed their proceeds, and even criminals discussed their next murder, officers read their messages and started taking suspects off the street.

New submitter feross shares a report: A group of Senate Republicans is looking to force tech companies to comply with "lawful access" to encrypted information, potentially jeopardizing the technology's security features. On Tuesday, Republican lawmakers introduced the Lawful Access to Encrypted Data Act, which calls for an end to "warrant-proof" encryption that's disrupted criminal investigations. The bill was proposed by Sen. Lindsey Graham, chairman of the Senate Judiciary committee, along with Sens. Tom Cotton and Marsha Blackburn. If passed, the act would require tech companies to help investigators access encrypted data if that assistance would help carry out a warrant. Lawmakers and the US Justice Department have long battled with tech companies over encryption, which is used to encode data.

The Justice Department argues that encryption prevents investigators from getting necessary evidence from suspects' devices and has requested that tech giants provide "lawful access." That could come in many ways, such as providing a key to unlock encryption that's only available for police requests. The FBI made a similar request to Apple in 2016 when it wanted to get data from a dead terrorist's iPhone in a San Bernardino, California, shooting case. Giving access specifically to government agencies when requested is often referred to as an "encryption backdoor," something tech experts and privacy advocates have long argued endangers more people than it helps.

Authorities used popular websites including Etsy, Poshmark and LinkedIn to identify a woman who has since been charged for the arson of two Philadelphia police vehicles during the unrest that followed peaceful protests on May 30. From a report: Lore-Elisabeth Blumenthal, 33, of Philadelphia, is currently in federal custody and had her initial court appearance on Tuesday. According to United States Attorney William M. McSwain, on May 30, two vehicles, one PPD sedan (number 2514) and one PPD SUV (number 1612), were parked on the north side of City Hall. During the violence that began around City Hall following peaceful protests, Blumenthal allegedly set fire to both vehicles.

[T]he FBI says it was Blumenthal's T-shirt and a forearm tattoo that helped authorities identify her. In amateur photos given to authorities, she is seen wearing a T-shirt that says, "Keep the immigrants, deport the racists." They were able to trace the T-shirt back to an Etsy shop, where a review was left by a user that displayed a Philadelphia location. Investigators say open searches for the username led them to a Poshmark user by the name of lore-elisabeth. Open searches for a Lore Elisabeth in Philadelphia led investigators to a LinkedIn profile for a woman who was employed as a massage therapist. [...] If convicted, Blumenthal faces a maximum possible sentence of ten years in prison, followed by three years of supervised release, and a fine of up to $250,000.

Slack recently deleted one of the company's own blog posts that explained how a local police department used the chat platform to share intelligence. From a report: The move came after some Black Slack employees flagged the blog post years ago, one employee suggested on Twitter. Slack removed the post in the past few days in the wake of widespread protests about police brutality after a white police officer killed unarmed Black man George Floyd. "These days, the Hartford Police Department's intelligence sharing is primarily coordinated over Slack with more than 450 investigators and officers from all over the state, "the blog post read, referring to Hartford, Connecticut, according to archived and cached versions viewed by Motherboard. The post explained how the police department used Slack to post updates in a #department-wide channel, and use other channels such as #narcotics, #crimes, and #BOLO (be on the lookout). Sometimes the officers used Slack to track specific crimes, such as ATM robberies, the post added. The Slack team hosted over 450 members across 75 agencies and states, according to the post.