One day after Montana Governor signed the first statewide ban on TikTok into law, the measure is already facing a legal challenge. Five TikTok creators are suing in an effort to block the ban from taking effect.

In court filings, lawyers representing the TikTok creators say the ban is unconstitutional and that it violates their First Amendment rights. They also take issue with Montana’s supposed national security justification for the ban. 

“Montana has no authority to enact laws advancing what it believes should be the United States’ foreign policy or its national security interests, nor may Montana ban an entire forum for communication based on its perceptions that some speech shared through that forum, though protected by the First Amendment, is dangerous,” the suit states. “Montana can no more ban its residents from viewing or posting to TikTok than it could ban the Wall Street Journal because of who owns it or the ideas it publishes.”

In an interview on Fox News, Montana’s Attorney General, Austin Knudsen, said that legal challenges to the ban were expected. “There are some important issues here that I do think we probably need the federal courts to step in and answer for us here,” he said. “And that was part of our calculus in bringing this.”

The lawsuit is among the first legal challenges to the law, and will likely be closely watched as federal officials consider a nationwide ban on the app. Right now, the Montana ban is set to take effect January 1, 2024, though lawsuits challenging it could delay that timeline. TikTok itself hasn’t commented on whether it’s planning to bring its own litigation in Montana, but said in a statement following the bill’s signing that it planned “to defend the rights of our users inside and outside of Montana.”

The Supreme Court (SCOTUS) has issued two rulings in favor of tech companies that will continue to shield them from liability for what users post on their platforms. In the first case, the justices unanimously agreed that Twitter will not have to contend with claims that it aided and abetted terrorism over tweets that terrorist group ISIS posted.

SCOTUS reversed a lower court decision that allowed a lawsuit against Twitter to proceed after another judge initially dismissed it. The lawsuit was filed by US relatives of Nawras Alassaf, a man who was killed in a 2017 Istanbul attack that was claimed by ISIS. The justices determined that hosting general terrorist speech doesn't create indirect legal responsibility for specific terrorist attacks, as CNN reports. That is likely to make it more difficult for victims of terrorist attacks or their relatives to make a similar case against online platforms in the future.

"To be sure, it might be that bad actors like ISIS are able to use platforms like defendants’ for illegal — and sometimes terrible — ends. But the same could be said of cell phones, email or the internet generally," Justice Clarence Thomas wrote in the court's opinion. "We conclude that plaintiffs’ allegations are insufficient to establish that these defendants aided and abetted ISIS in carrying out the relevant attack.”

The justices also dismissed the case of Gonzalez v. Google, which accused the company of violating US anti-terrorism laws. As such, they left intact a lower court decision to throw out a suit against YouTube brought by the family members of a victim of the 2015 terror attack in Paris. They argued that Section 230 protections should not apply to Google and YouTube in this case, as the latter's algorithms surfaced ISIS videos in recommendations.

"We decline to address the application of Section 230 to a complaint that appears to state little, if any, plausible claim for relief," the court wrote in an unsigned opinion. "Instead, we vacate the judgment below and remand the case for Ninth Circuit to consider plaintiffs’ complaint in light of our decision in Twitter.”

Section 230 refers to a clause in the Communications Decency Act of 1996. In essence, it protects online platforms from being liable for what their users post as well as the ability of companies to moderate third-party material. 

The clause has faced opposition from both sides of the aisle over the years, with both Democrats and Republicans seeking to reform or scrap it. President Joe Biden claimed during his campaign that he would see Section 230 "revoked, immediately" if he were elected, but that obviously hasn't come to pass. In relation to Gonzalez vs. Google, Biden's administration argued that Section 230 protections don't extend to Google's algorithms, as the clause does not "bar claims based on YouTube’s alleged targeted recommendations of ISIS content."

Engadget has contacted Google for comment. Twitter does not have a communications team that can be reached for comment.

Digital rights groups are among those who have welcomed the SCOTUS rulings. “We are pleased that the Court did not address or weaken Section 230, which remains an essential part of the architecture of the modern internet and will continue to enable user access to online platforms," Electronic Frontier Foundation civil liberties director David Greene said in a statement to Engadget. "We also are pleased that the Court found that an online service cannot be liable for terrorist attacks merely because their services are generally used by terrorist organizations the same way they are used by millions of organizations around the globe.”

“With this decision, free speech online lives to fight another day,” Patrick Toomey, deputy director of ACLU’s National Security Project, said. “Twitter and other apps are home to an immense amount of protected speech, and it would be devastating if those platforms resorted to censorship to avoid a deluge of lawsuits over their users’ posts. Today’s decisions should be commended for recognizing that the rules we apply to the internet should foster free expression, not suppress it.”

Montana’s TikTok ban is now official. Governor Greg Gianforte signed a bill banning the app in the state, one month after it was passed by the state’s legislature. The law is scheduled to take effect in 2024, though legal challenges could potentially delay that timeline.

The law prohibits the company from operating in the state and requires app stores to block users in Montana from downloading TikTok. The app’s users won’t face repercussions for using the service, but app stores and TikTok face daily fines of $10,000 for violating the law.

The statewide ban, and the expected legal challenge to it, offers a preview into how future attempts to ban the app could play out around the country. In a statement, a TikTok spokesperson said the Montana law “unlawfully” violates the First Amendment rights of its users.

“Governor Gianforte has signed a bill that infringes on the First Amendment rights of the people of Montana by unlawfully banning TikTok, a platform that empowers hundreds of thousands of people across the state,” the spokesperson said. “We want to reassure Montanans that they can continue using TikTok to express themselves, earn a living, and find community as we continue working to defend the rights of our users inside and outside of Montana.”

Like other officials who have proposed bans or restrictions on TikTok, Montana lawmakers have claimed that TikTok’s ties to ByteDance, a Chinese company, puts the personal data of US users at risk. The company has long denied that it would turn over such data to the Chinese government, and has invested more than $1 billion into Project Texas to address data security concerns raised by US regulators.

But officials have reportedly said those efforts don’t go far enough, and the US government is now trying to force ByteDance to sell TikTok. If it doesn’t, TikTok will face a nationwide ban and, likely, another massive legal fight.

The US State Department has announced a reward of up to $10 million for information that leads to the arrest of a prolific hacker. On Monday, the Department of Justice filed criminal charges against Mikhail Pavlovich Matveev, a Russian national and resident with links to the infamous Hive, LockBit and Babuk ransomware gangs. Starting as early as 2020, Matveev has allegedly targeted US law enforcement and healthcare organizations on multiple occasions.

In April 2021, for instance, he was linked to a Babuk ransomware attack that saw the computer systems of the Metropolitan Police Department in Washington DC locked out. Last May, Matveev, whose online pseudonyms include Wazawaka, Uhodiransomwar, m1x, and Boriselcin, was allegedly involved in a Hive ransomware attack that targeted a healthcare NGO in New Jersey.

Separately, the Treasury Department’s Office of Foreign Assets Control announced sanctions against Matveev. "Matveev has been vocal about his illegal activities. He has provided insight into his cybercrimes in media interviews, disclosed exploit code to online criminals, and stated that his illicit activities will be tolerated by local authorities provided that he remains loyal to Russia," the Treasury said.

Of the ransomware gangs Matveev is allegedly affiliated with, LockBit is among the most active and destructive. As of late 2022, the group’s malware has infected the computer systems of at least 1,400 victims, including a Holiday Inn hotel in Turkey. According to the Justice Department, the gang’s affiliates have extracted at least $75 million in ransom payments. Security researchers recently found evidence that suggests that LockBit recently began targeting Mac computers.

Doing your taxes in the United States can be famously convoluted. It can also be expensive: on top of paying their tax bills, Americans who have more complicated finances often have to pay for software to help them navigate the US tax code. That might change soon: a report from the Washington Post says that the Internal Revenue Services is preparing to roll out a free direct filing system that will allow Americans to complete their taxes digitally.

The first version of the direct filing system could be available as soon as next year, according to the report, with a pilot program launching for a small group of taxpayers in January of 2024. That would arrive just a year after the IRS publicly started exploring the option, when the tax agency tapped the New America think tank to help explore the feasibility of an agency-run filing program. That effort was kicked off in February of this year, after the Inflation Reduction Act earmarked $15 million to the IRS to research a "multi-lingual and mobile-friendly" free direct e-file system.

That focus on a user-friendly system might be the point. The IRS already offers a Free File Online tool, but according to the Government Accountability Offices, it's used by less than 3% of eligible taxpayers. If the program is a success, it could make filing taxes easier and more affordable for millions of Americans. If not? Well, TurboTax and H&R Block probably aren't going anywhere. After all, the US tax prep and filing industry is still worth about $14 billion.

On the eve of potentially one of the most consequential elections in the country’s history, Twitter began blocking posts in Turkey. “In response to legal process and to ensure Twitter remains available to the people of Turkey, we have taken action to restrict access to some content in Turkey today,” the company tweeted on Friday, in English and Turkish. “We have informed the account holders of this action in line with our policy. This content will remain available in the rest of the world.” 

Twitter didn’t say which tweets it was blocking, and the company no longer operates a communications department Engadget could contact for more information. Predictably, the decision to comply with a censorship request from the Turkish government has put a spotlight on Elon Musk’s free speech beliefs. On Friday, Musk, who named Linda Yaccarino as the next CEO of Twitter that same day, lashed out at Bloomberg columnist Matthew Yglesias when he suggested the decision “should generate some interesting Twitter Files reporting.”

“Did your brain fall out of your head, Yglesias? The choice is have Twitter throttled in its entirety or limit access to some tweets. Which one do you want?” Musk tweeted at Yglesias.

As The Washington Post notes, Sunday’s election could have significant ramifications for Turkey. After two decades in power, Recep Tayyip Erdogan faces the most credible threat to his presidency in recent memory. Ahead of Sunday’s contest, most polls showed opposition leader Kemal Kilicdaroglu had a slight lead on his opponent. If elected, Kilicdaroglu has promised to reshape the country’s domestic policy. Erdogan’s defeat could also have a profound impact on Turkey’s relationship with other powers in the region, including Russia and NATO. Per CNN, If one candidate can’t win more than 50 percent of the vote, the country will hold a run-off election on May 28th. As of the writing of this article, Erdogan holds an 11 percentage point lead on Kilicdaroglu, though that could change as more ballots are counted.

Data breaches and security failures happen everyday. There’s little we can do about that if we want to participate in modern society, except maybe switch out the companies we interact with for their competitors if we presume one to be more secure. There’s one service that we don’t have a choice on whether to interact with, no matter how high profile its security incidents become: the federal government.

A breach of the Office of Personnel Management announced in 2015 it had leaked background investigation records, impacting 21.5 million individuals, according to the agency. The highly publicized Solarwinds hack discovered in 2020 exposed government and business records to Russian insiders. Earlier this year, the US Marshals Service division of the Department of Justice became a target, when hackers stole personal information about investigation targets, personnel and more.

The attacks were targeted, usually seeking out some type of sensitive state information. But we all have sensitive information stored throughout federal agencies like our social security numbers or home addresses. Probably even more information is at stake if you utilize federal services like Medicare, student loans or SNAP benefits. We have no choice but to give the federal government access to our personal information in exchange for certain services, unless you’re reading this while living off grid.

“If we want to live in the information age, and we're using some of these systems, we are inherently giving up control,” Kevin Cleary, clinical assistant professor of management science and systems at University at Buffalo, told Engadget. “You have to trust that agency has put forward all the best controls and practices.”

In response, the federal government has developed agencies like the Cybersecurity and Infrastructure Security Agency to lead better security initiatives across departments. In part, this is intended to help you feel a little bit better about storing your data within federal servers by setting higher standards for how it safeguards your data. According to Michael Duffy, associate director of the cybersecurity division at CISA, since the agency’s establishment in 2018, it’s spearheaded the most progress he’s seen in his federal cybersecurity career.

So, things are improving, and you can probably trust the federal government to keep your data safe in the same way you trust the companies you interact with everyday. What makes the government so different, though, is that it’s a high profile target. Adversarial countries want in on state secrets while, at the same time, it’s hard to prioritize spending on security measures. Getting tax-payer funds to fill a pothole on your local highway is hard enough when the damage is tangible and obvious, while security is hard to quantify the benefits of until an attack occurs. In other words, the value of security investments aren’t proven until it’s already too late.

This has gotten better. Security investments in the federal government largely trend upwards. Still, it’s not enough. “Sometimes their budgets don't allow them to take every step or to everything that they would like to do, because you just simply don't have the money,” Marisol Cruz Cain, director of information technology and cybersecurity at GAO, said.

But the reason why the federal government may appear less secure is because of its obligation for transparency. There’s a responsibility to share lessons learned after an incident, and make sure citizens know what happened. That’s actually a big part of CISA’s job. “We are really looking at ways that we are making it more acceptable to raise the hand and say this is the way that we were attacked or an incident occurred,” Duffy said.

The government also interacts with a ton of outside businesses. So, say a government contractor experiences a breach or security incident, that means that data held in federal tech could be exposed. This opens up a slew of new attack vectors, and possibilities for malpractice.

You can actually see how secure certain agencies are thanks to the Government Accountability Office (GAO) and legislation like the Federal Information Technology Acquisition Reform Act. The latter documents tech modernization efforts across major agencies, including cyber readiness. GAO, for its part, audits cybersecurity efforts and develops privacy impact assessments that are publicly available descriptions about what information the agency collects, how they use it and more.

But with all these audits come a relatively bleak conclusion. Agencies aren’t evaluating their policies and procedures to make sure that high profile incidents don’t happen on a regular basis, Cruz Cain said. Your information will be on those servers whether you like it or not.

New York State may soon have its own legislation to prevent crypto scandals on par with FTX's downfall. Attorney General Letitia James has proposed a law, the CRPTO Act (Crypto Regulation, Protection, Transparency and Oversight), that's meant to thwart cryptocurrency fraud and protect investors. Whether or not it's the "strongest and most comprehensive" set of crypto regulations that James touts, it would theoretically prevent repeats of some high-profile incidents.

The CRPTO Act would bar conflicts of interest, such as owning multiple practices or marketplaces that trade for their own accounts. Companies would have to publicly report financial statements, including risk disclosures. There would be a host of investor safeguards, such as "know-your-customer" requirements, compensation for fraud victims and a ban on stablecoins (crypto coins whose value is tied to a safe asset) that aren't pegged directly to US currency or "high-quality" liquid assets.

The bill would let the Attorney General's office shut down lawbreakers and fine $10,000 per violation for individuals, and $100,000 per violation for companies. The office would also have the power to issue subpoenas and demand damages, penalties and restitution. The Department of Financial Services, meanwhile, would be ensured authority to license various crypto service providers.

James pointed to multiple real-world examples of alleged abuse the CRPTO act would potentially stop. Terraform Labs, for instance, promised a very high 20 percent interest rate to investors in one token on its marketplace if they bought the company's other token, supposedly hiding the assets' real value. Celsius, meanwhile, bought up its own token and created an artificial appearance of demand. That left investors "caught by surprise" when Celsius declared bankruptcy, according to the Attorney General.

The federal government is already cracking down on crypto fraud. The Securities Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) believe existing rules already cover numerous crypto-related activities, and in some cases have jockeyed to claim primary responsibility for regulating the technology. Politicians in the House and Senate are pushing for nationwide regulations. New York's efforts go one step further by tackling crypto-specific problems, though, and the state's role as a financial hub may effectively let it dictate policies guiding firms across the US.

The Biden administration may be funding AI research, but it's also hoping to keep companies accountable for their behavior. Vice President Kamala Harris has met the CEOs of Alphabet (Google's parent), Microsoft, OpenAI and Anthropic in a bid to get more safeguards for AI. Private firms have an "ethical, moral and legal responsibility" to make their AI products safe and secure, Harris says in a statement. She adds that they still have to honor current laws.

The Vice President casts generative AI technologies like Bard, Bing Chat and ChatGPT as having the potential to both help and harm the country. It can address some of the "biggest challenges," but it can also be used to violate rights, create distrust and weaken "faith in democracy," according to Harris. She pointed to investigations into Russian interference during the 2016 presidential election as evidence that hostile nations will use tech to undercut democratic processes.

Finer details of the discussions aren't available as of this writing. However, Bloombergclaims invitations to the meeting outlined discussions of the risks of AI development, efforts to limit those risks and other ways the government could cooperate with the private sector to safely embrace AI.

Generative AI has been helpful for detailed search answers, producing art and even writing messages for job hunters. Accuracy remains a problem, however, and there are concerns about cheating, copyright violations and job automation. IBM said this week it would pause hiring for roles that could eventually be replaced with AI. There's been enough worry about AI's dangers that industry leaders and experts have called for a six-month pause on experiments to address ethical issues.

Biden's officials aren't waiting for companies to act. The National Telecommunications and Information Administration is asking for public comments on possible rules for AI development. Even so, the Harris meeting sends a not-so-subtle message that AI creators face a crackdown if they don't act responsibly.

Apple is facing additional scrutiny over its alleged crackdown against pro-union retail workers. House Representatives Emanuel Cleaver and Sylvia Garcia have sent a letter to the National Labor Relations Board (NLRB) asking for an investigation into alleged labor abuses at Houston and Kansas City, Missouri stores. The politicians are concerned about claims Apple fired five Kansas City staff in retaliation for unionization efforts, and disciplined multiple Houston employees for attempting to organize.

In March, the Communications Works of America union (CWA) filed charges with the NLRB over the purported retaliation. The CWA believes Apple used thin pretexts to fire and intimidate employees, such as slightly late arrivals and even typos in timesheets. Some of the workers were reportedly forced to sign a release of claims against the company if they wanted a severance package. These practices are illegal, Cleaver and Garcia say.

The House members also pointed to the NLRB's January finding that Apple was violating labor rights with rules barring leaks and discussions of employment conditions. The representatives are worried about a "recurring pattern," according to the letter. In December, the board said Apple also broke the law by holding anti-union meetings in Atlanta.

We've asked Apple for comment. The company has previously argued that it can better care for retail staff without unions. At the same time, it has addressed concerns by raising pay, improving benefits and easing its scheduling rules.

The letter doesn't obligate the NLRB to respond, and there's no certainty that an investigation will lead to official action. Even so, it's notable that Apple's stance on retail labor has drawn Congress' attention. It won't be surprising if there's more interest from the federal government, whether or not the NLRB responds to the letter.