Jury convicts ex-CIA engineer for leaking the agency’s hacking toolset

Joshua Schulte, the former CIA engineer arrested for what’s being called the biggest theft of classified information in the agency’s history, has been convicted by a federal jury. Schulte was arrested in relation to the large cache of documents that Wikileaks had published throughout 2017. That string of CIA leaks known as “Vault 7” contained information on the tools and techniques the agency used to hack into iPhones and Android phones for overseas spying. It also had details on how the CIA broke into computers and how it turned smart TVs into listening devices. A federal jury has found Schulte guilty on nine counts, including illegally gathering national defense information and then transmitting it.

According to The New York Times, Schulte was arrested after investigators traced the leaks to him. The former CIA engineer worked with a team in a secret building protected by armed guards to create tools, like malware, that were used to target the devices of suspected terrorists. In 2018, he was formally charged with 13 counts that included theft of classified information, obstruction of justice, as well as possessing and sending images and videos with child pornography. He’s still awaiting trial on charges of possessing child pornography, which he allegedly downloaded from 2009 until March 2017. 

Schulte’s original trial back in 2020 was declared a mistrial after jurors couldn’t come to an agreement regarding some of hist most serious charges, illegally gathering and transmitting national defense information included. After that event, the former CIA engineer had decided to represent himself. As part of his closing arguments, he told the jurors that the CIA and the FBI made him a scapegoat for their embarrassing failure, repeating what his side had been saying from the time he was arrested.

While the judge, AP said, was impressed with his closing arguments, they weren’t enough to get the jury on his side. In court, he argued that the government’s case is full of holes and that he didn’t even have motive to leak the CIA’s hacking tools. Prosecutors, however, accused him of being a disgruntled employee who felt that he was disrespected when the agency ignored his complaints about his work environment. As retaliation, he allegedly tried “to burn [the CIA] to the ground.” US Attorney Damian Williams said his actions rendered the “most valuable intelligence-gathering cyber tools used to battle terrorist organizations and other malign influences around the globe” essentially useless. Williams also accused Schulte of trying to leak more classified materials against the government while he was behind bars. 

Schulte will have to face the court again to face charges related to possession of child pornography before a sentencing date can be set. The nine counts he was convicted of, however, are enough to keep him in prison for up to 80 years.

Uber sued by more than 500 women over sexual assault and kidnapping claims

Uber is facing a lawsuit filed by more than 500 women who allege they were assaulted by drivers, CNBC has reported. The complaint states that “women passengers in multiple states were kidnapped, sexually assaulted, sexually battered, raped, falsely imprisoned, stalked, harassed, or otherwise attacked,” by Uber drivers. The San Francisco law firm that filed the suit said it has about 550 clients with at least another 150 claims being investigated. 

Earlier this month, Uber released its second safety report showing that sexual assault reports in the five most severe categories fell 38 percent from 5,981 in 2017 and 2018 to 3,824 for the years 2019 and 2020. However, that may be correlated with the COVID-19 pandemic which saw a severe drop in ridership from 2020-2021. “We’re constantly innovating and investing in the safety of our platform,” Uber chief legal officer Tony West wrote in the report.

However, the law firm said that safety is not the company’s highest priority. “Uber’s whole business model is predicated on giving people a safe ride home, but rider safety was never their concern – growth was, at the expense of their passengers’ safety,” said Slater Slater Schulman LLP founding partner Adam Slater. “While the company has acknowledged this crisis of sexual assault in recent years, its actual response has been slow and inadequate, with horrific consequences.”

The law firm criticized Uber for lax policies related to driver background checks and enforcement. It noted that Uber has “opted to hire drivers without fingerprinting them or running their information through FBI databases… [and] has a longstanding policy that it will not report any criminal activity – even assaults and rape – to law-enforcement authorities.” 

Uber said it can’t comment on pending litigation but a spokesperson gave Engadget the following comment: “Sexual assault is a horrific crime and we take every single report seriously. There is nothing more important than safety, which is why Uber has built new safety features, established survivor-centric policies, and been more transparent about serious incidents. While we can’t comment on pending litigation, we will continue to keep safety at the heart of our work.” 

The company also pointed out recent safety features like the Emergency button and Ride Check feature that checks if a vehicle goes “unusually off-course.” It also noted that it checks MVR and criminal offenses at the local, state and federal level and re-screens drivers annually.

Uber has a history of settlements and complaints related to passenger and driver safety. In 2016, The Guardian reported that Uber had paid out $161.9 million in safety-related lawsuits since 2009. In 2017, it faced a class-action lawsuit accusing it of “giving perpetrators of sexual assault, sexual harassment and physical violence access to thousands of ‘vulnerable victims’ nationwide.” And in 2019, the company was sued for $10 million by a woman who was sexual assaulted by an Uber driver, saying the company put her in harm’s way. 

Update 7/14/2022 10:44 PM ET: The article has been updated to include a comment on the litigation from Uber. 

Amazon gave Ring footage to police without customer consent

As of July 1st of this year, Amazon has provided Ring footage to US law enforcement 11 times without user consent or a court order, according to a disclosure shared by Senator Edward Markey on Wednesday. The Massachusetts Democrat sent Amazon a letter last month with questions about the company’s policies related to Ring and its relationships with police. Amazon responded to the letter at the start of July.

The disclosure marks the first time Amazon has shared this kind of information with the public. In its law enforcement guidelines, Ring says it reserves the right to “immediately” respond to police requests in cases where someone could die or suffer serious injury.

“In each instance, Ring made a good-faith determination that there was an imminent danger of death or serious physical injury to a person requiring disclosure of information without delay,” wrote Brian Huseman, Amazon’s vice-president of public policy, of the 11 videos. Huseman didn’t say the specific footage Ring shared with police.

In his letter, Markey asked Amazon to agree not to accept financial contributions from police or participate in sting operations. The company did not agree to those restrictions. In the past, Ring has actively courted partnerships with law enforcement and even gone so far as to author statements shared by police.

“It’s simply untrue that Ring gives anyone unfettered access to customer data or video, as we have repeatedly made clear to our customers and others,” a Ring spokesperson told Engadget. “The law authorizes companies like Ring to provide information to government entities if the company believes that an emergency involving danger of death or serious physical injury to any person, such as a kidnapping or an attempted murder, requires disclosure without delay. Ring faithfully applies that legal standard.” 

The news that Amazon shared footage with police without user consent at least 11 times this year is likely to add to the concerns many privacy experts have about the company. In 2021, the Electronic Frontier Foundation reported that the Los Angeles Police Department requested footage from Ring of Black Lives Matter protests captured by residential cameras. 

Markey used the disclosure to call on lawmakers to pass the Facial Recognition and Biometric Technology Moratorium Act, a bill he introduced alongside Senator Jeff Merkley and Representatives Pramila Jayapal and Ayanna Pressley. “As my ongoing investigation into Amazon illustrates, it has become increasingly difficult for the public to move, assemble, and converse in public without being tracked and recorded,” said Markey. “We cannot accept this as inevitable in our country.”

Google files a lawsuit that could kick Tinder out of the Play Store

Google has counter-sued Match seeking monetary damages and a judgement that would let it kick Tinder and the group’s other dating apps out of the Play Store, Bloomberg has reported. Earlier this year, Match sued Google alleging antitrust violations over a decision requiring all Android developers to process “digital goods and services” payments through the Play Store billing system. 

Following the initial lawsuit in May, Google and Match reached a temporary agreement allowing Match to remain on the Play Store and use its own payments system. Google also agreed to make a “good faith” effort to address Match’s billing concerns. Match, in turn, was to make an effort to offer Google’s billing system as an alternative. 

However, Google parent Alphabet claims that Match Group now wants to avoid paying “nothing at all” to Google, including its 15 to 30 percent Play Store fees, according to a court filing. “Match Group never intended to comply with the contractual terms to which it agreed… it would also place Match Group in an advantaged position relative to other app developers,” the document states.

Match group said that Google’s Play Store policies violate federal and state laws. “Google doesn’t want anyone else to sue them so their counterclaims are designed as a warning shot,” Match told Bloomberg in a statement. “We are confident that our suit, alongside other developers, the US Department of Justice and 37 state attorneys general making similar claims, will be resolved in our favor early next year.”

Match is referring to an antitrust action launched last year by States and the federal government probing Google’s Play Store fees. Shortly before that, Google dropped its fee on app developer revenue to 15 percent on the first $1 million, and 30 percent after that. At the same time, it announced it would enforce a policy requiring all developers to process payments through the Play Store’s billing system. Earlier this year, a Senate bill moved forward targeting in-app payments in both Google and Apple’s stores. 

Apple and Jony Ive are parting ways

Apple and Jony Ive are breaking up — and this time, according to The New York Times, it’s for real. Ive left the tech giant in 2019 after over two decades and formed his own company called LoveFrom, which counted Apple as its first and primary client. The publication said that both parties agreed not to extend their contract in the weeks leading up to its renewal and to stop working together for the first time since the 90’s. 

Ive was a close collaborator of Steve Jobs and is credited with designing the translucent, candy-colored plastic cases older Mac computers were known for. He also helped design the iPod, its white earbuds, the iPhone, the iPad, as well as the Apple Watch. Ive even reportedly contributed ideas to Apple’s upcoming mixed reality headset. In 2015, he was named Apple’s first Chief Design Officer, though his role shifted again over the years. The reports that came out after Ive left Apple claimed that he felt “dispirited” by Tim Cook’s lack of interest in design and the CEO’s decision to focus on selling software and services. Cook called those reports “absurd.”

The Times said LoveFrom’s multi-year contract with Apple was worth $100 million and prohibited the firm from taking on any project that the tech giant considered to be in competition with its products. Ive reportedly wanted the freedom to take on new clients without needing to ask permission from Apple. Meanwhile, the company’s executives had apparently been questioning the amount Apple was paying him and had grown frustrated over employees quitting to join his design firm instead.

Back when Ive left Apple and LoveFrom signed a deal with the company, Cook said that he looked “forward to working with Jony long into the future.” Whether that means there’s a possibility of them working together again remains to be seen. Unless, of course, one or both parties are taking a leaf from the great Taylor Swift’s book and swearing that they are never, ever getting back together.

Twitter tells Musk his attempt to bail on $44 billion acquisition is ‘invalid and wrongful’

Twitter’s lawyers have hit back at Elon Musk for his attempt to bail on his $44 billion takeover of the company. The company said Friday, immediately following Musk’s official notice that he wanted to terminate the deal, that it was prepared to pursue …

New York law requires gun permit applicants to submit social media accounts for review

As of September 1st, New York residents who want to carry concealed handguns will need to submit their social media accounts as part of their permit application. They’ll need to provide details of active and inactive accounts from the previous three years, along with at least four references.

The accounts will be used to review the applicant’s “character and conduct,” according to the Associated Press. Those seeking a permit need to show that they have “the essential character, temperament and judgment necessary to be entrusted with a weapon and to use it only in a manner that does not endanger oneself and others.” Local sheriffs’ staff, judges and country clerks will be tasked with looking at social media accounts for warning signs.

The measure was included in legislation that Governor Kathy Hochul signed into law last week. The legislation was passed to enact some gun restrictions following a Supreme Court ruling determining that most people have the right to carry a handgun for their own protection.

Hochul acknowledged that shooters often share details or hints of plans to harm others online. The person accused of killing 19 children and two teachers in Uvalde, Texas in May reportedly harassed and threatened to hurt girls and young women on social media apps. Suspects of other mass shootings have posted manifestos online before attacks took place.

Critics have taken issue with the social media provision of the legislation. It’s unclear how the state will address concerns over privacy and free speech, and how it will assess the intent of applicants’ social media posts.

Peter Kehoe, the executive director of the New York Sheriffs’ Association, argued that the law infringes rights under the Second Amendment and suggested local officials may not actually review an applicant’s social media accounts. “I don’t think we would do that,” Kehoe told the AP. “I think it would be a constitutional invasion of privacy.” Others have expressed concern about the law in relation to surveillance of people of color.

Engadget Podcast: How bad is the Supreme Court’s EPA ruling?

This week, Devindra and Senior Writer Sam Rutherford dive into the Supreme Court’s latest EPA ruling, which severely limits the agency’s ability to curtail power plant emissions. Devindra also chats with ProPublica reporter Lisa Song about what this me…

Former Theranos COO Sunny Balwani found guilty of all charges

Ramesh “Sunny” Balwani, Theranos’ former chief operating officer, has been found guilty of all charges in his criminal trial. Balwani, whose trial began in March, was charged with ten counts of wire fraud and two counts of conspiracy to commit wire fra…

Meta sues a site cloner who allegedly scraped over 350,000 Instagram profiles

Meta is taking legal action against two prolific data scrapers. On Tuesday, the company filed separate federal lawsuits against a company called Octopus and an individual named Ekrem Ateş. According to Meta, the former is the US subsidiary of a Chinese…