posted about 3 hours ago on techdirt
The Fourth of July is long in our rearview mirrors, but for some folks the holiday haunts them still. Such is the case with NFL football player Jason Pierre-Paul, who quite famously managed to celebrate our nation's independence by blowing apart a good chunk of his hand a year and a half ago. So too does the holiday likely remain top of mind for ESPN and its reporter, Adam Schefter, who found themselves in a bit of controversy after reporting on Pierre-Paul's condition and tweeting out a copy of the player's medical chart, revealing that he had no digits where there previously had been fingers. Pierre-Paul sued Schefter and ESPN for invading his privacy, arguing that he'd suffered great harm as a result and suggesting that, though Schefter had received the medical chart from a source, the publication of such information might make it less likely for other famous persons to seek medical treatment in the future. ESPN, meanwhile, attempted to spike the lawsuit on First Amendment grounds under an anti-SLAPP statute, arguing that journalists have always been free to provide evidence for stories gained from sources. Well, the court has ruled against ESPN's attempt to have the suit dismissed, saying the lawsuit will proceed. New York Giants defensive end Jason Pierre-Paul is suing ESPN and star reporter Adam Schefter over a tweet that revealed an amputated right finger as a result of a July 4 celebration last year. The NFL star asserts he suffered great damage when Schefter showed his four million followers a copy of Pierre-Paul's medical chart. But despite ESPN's First Amendment arguments, a judge on Thursday rejected ESPN's attempt to dismiss, according to a statement from Pierre-Paul's attorney. ESPN, represented by the same lawyers that represented Gawker, argued that courts "have consistently recognized that a journalist is entitled to include visual evidence corroborating a report on a matter of public concern." ESPN's lawyers also pointed out that Pierre-Paul is not suggesting that Schefter was prohibited from reporting on the exact details within the chart, which was the actual harming information if any harm actually was done, but that tweeting out the medical chart image itself suddenly was actionable. Why Pierre-Paul chose this attack on ESPN and a journalist rather than whatever source shared the chart with Schefter in the first place is largely left unaddressed, although the depth of the parties' respective pockets likely has something to do with it. Regardless, this is a disappointing ruling on many levels. Those seeking medical attention certainly do have an expectation of privacy from those providing the healthcare work and one would think HIPAA violations may be in play here as well, but Pierre-Paul has no such expectation of privacy from a journalist covering him. The proper defendant in this case is obviously whomever provided the chart to Schefter and likely over HIPAA violations. Whatever the implications upon privacy at issue here, it seems quite clear that chilling the reporting of journalists who receive information from sources is not hte proper vector for addressing those issues. Between this and the Gawker case, along with the public comments by one well-known would-be politician, we seem to entering a different era in terms of how the press is viewed and treated in America. Permalink | Comments | Email This Story

Read More...
posted about 5 hours ago on techdirt
Following two lawsuits against the NYPD for its pervasive, rights-violating surveillance of the city's Muslims, the department's Inspector General took a look at a sampling of cases from 2010-2015 to see if the Handschu Agreement -- crafted in 1985 and heavily modified in 2002 -- was being followed. The short answer is "No." So is the long answer [PDF]. The guideline was part of a consent decree created in response to pervasive NYPD surveillance of activities protected by the First Amendment, even when no unlawful activity was suspected. The guideline worked for awhile, but the 9/11 attacks changed that. The NYPD brought in two former CIA employees who decided to turn a domestic law enforcement agency into Langley on the Hudson. Former CIA officer David Cohen used terrorism fears to compel a judge to significantly modify the Handschu Agreement. From that point on, the NYPD steadily abused the revamped agreement. Its "Demographics Unit" designated entire mosques as terrorist entities, placed the city's Muslims under surveillance, and -- best of all -- generated zero leads. The Inspector General's report points out that the NYPD couldn't even comply with the relaxed, post-9/11 Handschu Agreement. Instead, the Demographics Unit copy-pasted justifications for pervasive surveillance and passed them up the ladder to the rubber stamps handling the approval process. OIG-NYPD’s investigation found that NYPD, while able to articulate a valid basis for commencing investigations, was often non-compliant with a number of the rules governing the conduct of these investigations. For example, when applying for permission to use an undercover officer or confidential informant, the application must state the particular role of the undercover in that specific investigation, so that the need for this intrusive technique can be evaluated. NYPD almost never included such a fact-specific discussion in its applications, but instead repeatedly used generic, boilerplate text to seek such permission. Tellingly, this boilerplate text was so routine that the same typographical error had been cut and pasted into virtually every application OIG-NYPD reviewed, going back over a decade. The NYPD's response [PDF] to the report disputes the accusation of using boilerplate permission slips. But that's all it does. It fails to explain how each individual request somehow contained the same typographical error. Repeatedly. For fourteen years. The NYPD disagrees with the Report’s characterization that the extensions of Preliminary Inquiries contain “boilerplate language.” To the contrary, extension requests include a full and detailed recitation of the key facts justifying investigation, including any new facts/updates learned since the investigation was opened. Often, the added facts learned since the opening of an investigation strengthen the original predicate. Once an investigation was under way, NYPD supervisors tended to take a very hands-off approach. Further, among all cases reviewed, NYPD continued its investigations even after legal authorization expired more than half of the time. Often more than a month of unauthorized investigation occurred before NYPD belatedly sought to renew the authorization. As the IG points out, this is completely unacceptable. The Agreement is there for a reason: to prevent unlawful surveillance. But the NYPD is left alone to ensure its own compliance with the guideline. There's no judicial oversight of these activities -- not like there is with searches, seizures, and stops. Left to police itself, the NYPD proved unworthy of the trust placed in it. These failures cannot be dismissed or minimized as paperwork or administrative errors. The very reason these rules were established was to mandate rigorous internal controls to ensure that investigations of political activity – which allow NYPD to intrude into the public and private aspects of people’s lives – were limited in time and scope and to ensure that constitutional rights were not threatened. [...] As a result, until OIG-NYPD conducted this review, there had never been any routine, independent third-party review to ensure compliance with these rules. NYPD's compliance failures demonstrate the need for ongoing oversight, which OIG-NYPD will now provide. The NYPD's response admits as much, even as it challenges many of the Inspector General's recommendations. Since February 2002, the NYPD's Demographics Unit has been grading its own papers. A law enforcement hot take, written by a CIA officer and pushed past a local judge, has guided the NYPD for almost 15 years. What it's left behind is a long string of First and Fourth Amendment violations. What it hasn't left behind is a string of successful investigations. Or a coherent paper trail. This is the NYPD in its own words, arguing with IG about the office's findings. First, the NYPD didn't implement electronic tracking of its Demographics Unit cases until after it was already on the losing end of two civil rights lawsuits. The Intelligence Bureau began discussing the development of an electronic case tracking system for Handschu investigations in February 2016 to assist in complying with the proposed modifications to the Handschu Guidelines as part of the settlement in the Handschu and Raza litigations. It will only now begin thinking about keeping all related investigative documents together in one place. While the prior history of a case and/or its proposed subject(s) is set forth in the Investigative Statement, the Intelligence Bureau will consider if there is a more effective way to trace the full history of an investigation, including other levels of investigation (i.e., checking of leads, Preliminary Inquiries, etc.) which may have occurred related to its underlying facts. It will also only now start thinking about documenting the written approval process for deploying new informants or extending the use of existing ones. The Intelligence Bureau will consider the development of best practices for documenting the written approval of the use of human sources in Handschu investigations by the Deputy Commissioner of Intelligence, including name, signature, and date. Even though the NYPD has been running investigations under the modified Handschu Agreement since 2002, it won't be until later this year that it will finally deliver a comprehensive compilation of baseline policies governing terrorism-focused investigations. As is evidenced by the Inspector General's findings -- and the NYPD's own admissions -- the department has never been interested in accountability. It's far more interested in pretending it's the DEA, FBI, CIA, and NSA all rolled into one local law enforcement office. And it operates with a level of opacity surpassing the federal agencies it aspires to be. The report finds a pattern of noncompliance and the NYPD defends itself by either pointing out that if there's no requirement to do something, it sure as hell isn't going to do it, or nodding thoughtfully and promising to get right on things it should have addressed more than a decade ago. Permalink | Comments | Email This Story

Read More...
posted about 6 hours ago on techdirt
Gawker's gone, and that's that. And yet, whenever we've expressed concerns over the billionaire vendetta that brought it down, we've faced a huge amount of pushback from people who had problems with the site and its reporting practices. This week, we're joined by Parker Thompson aka Startup L. Jackson for a friendly debate about whether the Gawker shutdown really is a big deal. Follow the Techdirt Podcast on Soundcloud, subscribe via iTunes, or grab the RSS feed. You can also keep up with all the latest episodes right here on Techdirt. Permalink | Comments | Email This Story

Read More...
posted about 7 hours ago on techdirt
When popular messaging app Whatsapp was acquired by Facebook in 2014 for $19 billion, the company responded to the obvious privacy implications with a blog post promising to "set the record straight" about the acquisition, while debunking all of the "inaccurate and careless information" being circulated online. In it, co-founder Jan Koum promised that the app, which has tried to build a reputation on respecting user privacy, would keep privacy at the heart of its operations under Facebook. Privacy was, Koum promised, simply "coded into our DNA":"Respect for your privacy is coded into our DNA, and we built WhatsApp around the goal of knowing as little about you as possible: You don't have to give us your name and we don't ask for your email address. We don’t know your birthday. We don’t know your home address. We don’t know where you work. We don’t know your likes, what you search for on the internet or collect your GPS location. None of that data has ever been collected and stored by WhatsApp, and we really have no plans to change that."That was then, this is now. Last week, the company announced in a new blog post that it would soon begin sharing Whatsapp user phone numbers and various analytics data with Facebook. While this is obviously about money, the company's blog post repeatedly insisted the move was about helping the end user avoid spam and make stronger, deeper connections with friends:"But by coordinating more with Facebook, we'll be able to do things like track basic metrics about how often people use our services and better fight spam on WhatsApp. And by connecting your phone number with Facebook's systems, Facebook can offer better friend suggestions and show you more relevant ads if you have an account with them. For example, you might see an ad from a company you already work with, rather than one from someone you've never heard of."Gosh, thanks. The Electronic Privacy Information Center was quick to claim that Facebook and Whatsapp may have violated federal law with the move. The group notes it filed an FTC complaint back in 2014 (pdf) expressing concern that failure to obtain users' opt-in consent before modifying privacy practices was an "unfair and deceptive trade practice" violating Facebook’s FTC Consent Order (pdf). In a subsequent letter from the FTC to Whatsapp (pdf), the FTC warned the two companies that they must honor their privacy promises to WhatsApp users. As expected, EPIC and the Center for Digital Democracy have filed a formal complaint with the FTC (pdf), accusing Facebook of violating Section 5 of the Federal Trade Commission Act. In public statements, both organizations accuse Facebook and Whatsapp of a "bait and switch" on previous promises that user information would not be used for marketing across the Facebook social media empire:"The FTC has an obligation to protect WhatsApp users. Their personal information should not be incorporated into Facebook’s sophisticated data driven marketing business,” said Katharina Kopp, Ph.D., and CDD’s Director of Policy. “Data that was collected under clear rules should not be used in violation of the privacy promises that WhatsApp made. That is a significant change that requires an opt-in, according to the terms the FTC set out. It’s not complicated. If WhatsApp wants to transfer user data to Facebook, it has to obtain the user’s affirmative consent."Whatsapp users looking to opt out of data collection within the 30 day warning window simply have to uncheck the "share my account info" box before accepting WhatsApp's newly updated terms and conditions. Users who accidentally approved the new TOS still have several weeks to uncheck this same box by clicking on "settings," "account," then unchecking the same "share my account info" box. Granted the Whatsapp opt out instructions note that even after doing this you're still not entirely opted out of having this data shared with the "Facebook family of companies":"The Facebook family of companies will still receive and use this information for other purposes such as improving infrastructure and delivery systems, understanding how our services or theirs are used, securing systems, and fighting spam, abuse, or infringement activities."It seems unlikely that the EPIC and CDD complaints gain much traction. Fortunately, unlike sectors like telecom, users here aren't stuck waiting on regulators since they already have the choice of alternative, open source (and frankly already more secure) encrypted messaging options.Permalink | Comments | Email This Story

Read More...
posted about 8 hours ago on techdirt
The ongoing saga that is the monkey selfie lawsuit has continued to move forward, with the lawyers for photographer David Slater filing their brief in response to PETA's. As you probably recall, PETA had teamed up with a primatologist named Antje Engelhardt claiming to be "next friends" for the Indonesian macaque monkey named Naruto, who is alleged to have taken the following selfie with David Slater's camera. Slater has claimed to hold the copyright on the photo for a long time, though he's wrong. But PETA is much more wrong in arguing that it can step in and claim both (a) that there is a copyright on the image and (b) that the monkey holds it. Slater is just wrong about the copyright existing. Either way, the PETA case was easily tossed out of the district court based on the fact that monkeys can't get copyrights under US law (US laws don't apply to animals unless specifically stated -- this is why farms aren't legally considered murder camps, no matter what some vegetarians might say). And, of course, PETA appealed. And we expect it will go about as well as the district court case. But it may go even worse. That's because in the reply, Slater's lawyer points out that not only can a monkey not hold a copyright, but also that PETA has even less standing than before, because the primatologist, Antje Engelhardt, has decided she's no longer a next friend of our buddy Naruto, the smiling monkey. On appeal, the crazy got crazier. Dr. Engelhardt withdrew from the case. That leaves PETA, which does not allege any relationship with the monkey, as the monkey’s sole next friend. [....] Two putative next friends filed this action: PETA and Dr. Engelhardt, a primatologist who alleged that she has “known, monitored, and studied Naruto since his birth.” ER 23. It may well be that the relationship with Naruto Dr. Engelhardt alleged is “significant” under Coalition of Clergy v. Bush. However, Dr. Engelhardt moved to withdraw from the case, informing the Court that she “will not continue as a next friend to Appellant in this proceeding.” This Court granted Dr. Engelhardt’s motion, thus leaving PETA as Naruto’s lone putative next friend. This is a fairly big problem for PETA and its big time (seriously) lawyers from the (previously respectable) law firm of Irell & Manella. Unlike Dr. Engelhardt, PETA did not allege any relationship with Naruto, much less a significant one. That is a problem on appeal. PETA is now in a position very much like the ballot initiative defenders in Hollingsworth v. Perry, 133 S. Ct. 2652 (2013): a party necessary for standing at the district court is not participating in the appeal. “[S]tanding must be met by persons seeking appellate review, just as it must be met by persons appearing in courts of first instance.” Id. at 2661 (internal quotation marks and citation omitted). All of the Naruto relationship allegations in the Complaint concern Dr. Engelhardt; none involve PETA.... PETA alleges no connection to Naruto, an Indonesian monkey who lives roughly 10,000 miles from PETA’s headquarters in Virginia. In other words, even if Engelhardt had standing, PETA doesn't. The filing also contains its fair share of monkey jokes, so we'll just end this post with a few of those: Under controlling Ninth Circuit precedent, monkey see, monkey sue is not good law under any Act of Congress unless the legislative text plainly grants non-human animals standing to sue. [....] The only pertinent fact in this case is that Naruto is a monkey suing for copyright infringement. Either way, one hopes that the court makes quick work of this case as well, but it is 9th Circuit, which perhaps deserves copyright on its... creative interpretations of copyright law at times. Hopefully this isn't one of those cases.Permalink | Comments | Email This Story

Read More...
posted about 9 hours ago on techdirt
Conveniently add storage to your MacBook with the $34 Nifty MiniDrive Air, a MicroSD card adapter that seamlessly plugs into your MacBook. The MiniDrive integrates with Time Machine to add up to 200 GB of extra space to store important files. You won't have to carry cumbersome storage devices anymore. Simply plug in MiniDrive and you're good to go. Available for the 13" Air, 13/15" Pro, and 13/15" Pro Retina MacBooks. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.Permalink | Comments | Email This Story

Read More...
posted about 10 hours ago on techdirt
Back in 2011, AT&T stopped selling unlimited wireless data plans, and began heavily pushing more expensive capped and metered plans. Existing unlimited users at the time were grandfathered, but the company engaged in all manner of sneaky behavior to try and make life as unpleasant as possible for these users, ranging from blocking them from using Facetime unless they migrated to metered plans, to heavily throttling these "unlimited" users after only consuming a few gigabytes of data. Ultimately AT&T faced a $100 million fine by the FCC (currently being contested by AT&T), and a 2014 lawsuit by the FTC for misleading consumers and dramatically changing the terms of service while users were under contract. Originally we noted how AT&T had used a Schrodinger-esque attempt to derail the lawsuit by claiming that since it would soon be a common carrier under Title II of the Communications Act (something its lawyers fought and continue fighting to this day), it didn't technically qualify as a common carrier under the FTC Act. At the time, consumer groups like Free Press found AT&T's tap dancing rather funny:"It is rich to see AT&T in two different appellate courts at once, simultaneously arguing in this case that its mobile broadband is a common carriage service -- and therefore not subject to FTC jurisdiction -- while telling the DC Circuit that AT&T's mobile broadband cannot be treated as a common carrier service."Initially it seemed like the laugh would be on AT&T, with a court last year denying AT&T's motion for dismissal (pdf), ruling it was "unambiguously clear" that only AT&T wireless voice, not wireless data, was classified as common carrier when the lawsuit was filed last fall. But this week an appeals court in California contradicted this finding and dismissed the FTC's case entirely, the ruling (pdf) stating AT&T can no longer be held in violation of the FTC Act because it's now classified as a common carrier under the Communications Act:"The common carrier exemption in section 5 of the FTC Act carves out a group of entities based on their status as common carriers. Those entities are not covered by section 5 even as to non-common carrier activities. Because AT&T was a common carrier, it cannot be liable for the violations alleged by the FTC. The district court’s denial of AT&T’s motion to dismiss is reversed, and the case is remanded for entry of an order of dismissal."There's some indications in the ruling that the court wasn't sure that the FTC ever had authority over AT&T under the FTC Act (Title II or no). But it's still amazing to realize that AT&T was simultaneously arguing before two different courts that ISPs should not be classified as common carriers under Title II, while at the same time using this pending reclassification as grounds to dismiss the FTC lawsuit. Fancy footwork, that. AT&T may still face the $100 million FCC fine for lying to its customers, provided its lawyers can't tap dance out of that punishment as well. This all occurs, of course, as AT&T's lawyers and trade groups continue their original assault on Title II and the net neutrality rules Title II allowed.Permalink | Comments | Email This Story

Read More...
posted about 11 hours ago on techdirt
We've seen it so often over the years, it's probably now time to accept the fact that this will never change: when entities are presented evidence of security holes and breaches, far too often the initial reaction is to shoot the messenger. A school whose online student portal exposed a lot of sensitive data decided the best way to handle a concerned parent's repeated questions about how it was handling the problem was to file a criminal complaint against the parent. (via the Office of Inadequate Security) The details of the breach (since closed) were reported by independent journalist Sherrie Peif. The district uses Google Apps for Education (GAFE), a hosting solution by Google that incorporates Google mail, calendar, and chat services. Lewis-Palmer used it for student email accounts, which at that time consisted of the student’s district identification number. [The] system used by the district allowed anyone with email address in the system to download a complete contact list of district students. The list identified students’ names and district email addresses. Because student email accounts were comprised of the student ID, anyone who gained access to this list only needed to know the students’ birthdays to access another program, Infinite Campus, which contains the personal data of possibly thousands of students. Normally, it might have been difficult to ascertain what students' passwords were. But the school made it easy for anyone to suss out passwords and access the sensitive information stored at the Infinite Campus portal. This message, posted by administrators, sat on the login page for over nearly three years before being removed. On Aug. 9, 2013 the district posted: “Due to a security enhancement within Infinite Campus, your network and IC passwords have been changed! You must now enter the prefix LP@ before your regular birthday password (i.e. [email protected]).” What was contained behind the papier-mache security facade was a wealth of sensitive student info. In Lewis-Palmer, students and parents had access to names, addresses, and phone numbers for students, parents, siblings, and emergency contacts; schedules; attendance records; grades; locker numbers and combinations; transportation details, including where and when bus pickups took place; and health records. Parent Derek Araje brought this to the attention of Dewayne Mayo, a district technology teacher. Rather than promise to look into it or direct him to someone who might be able to verify his claims, Mayo became irritated and accused Araje of "breaking federal law." Mayo also emailed other school administrators to complain about Araje, claiming he was "polluting the waters" and making it easier for parents skeptical about "any new technology" used by the district to raise complaints. Others in the email thread treated Araje's claims skeptically, asserting (hilariously) that it would take "advanced cracking skills" to break into a site where visitors were greeted with a message that basically gave away every students' password. Six months after it was brought to the school's attention, parents are finally notified. Two days later, the school shut down the site and GAFE access. On the same day, the school filed a criminal complaint [PDF] with local police department accusing parent Derek Araje of hacking into the website. Fortunately for Araje, the police cleared him of any wrongdoing a month later. Not only did the school go after the person who brought the security hole directly to its attention, but it significantly downplayed its own role in making sensitive student info easily-obtainable. Teacher, administrator, and technology director Bill Fitzgerald points out the school's blatant attempt to cover its own ass after ignoring the site's security issues for months, if not years. It also appears - based on the parent testimony at the board meeting - that these concerns were brought to the district's attention in the fall of 2015, and were dismissed. Based on some of the other descriptions regarding access to health records, it also sounds like there might be some issues related to Infinite Campus and how it was set up, but that's unclear. What is clear, however, is that the district is not being as forthright as they need to be. The board meeting with parent testimony was May 19th; Complete Colorado article ran on May 24th. The data privacy page on the Lewis Palmer web site was updated on May 25th, with the following statement: "Yesterday, we discovered a possible security breach through normal monitoring of IP addresses accessing our systems." Given that the security issue was covered in the local press the day prior, and that the district was publishing their password structure for over three years, I'd recommend they look at their logs going back a while. I'd also recommend that the district own their role exacerbating this issue. Instead of owning its role, the school chose to try to make someone else -- parent Derek Araje -- pay for its own carelessness and unwillingness to address a security hole until it became impossible to ignore. Permalink | Comments | Email This Story

Read More...
posted about 13 hours ago on techdirt
While T-Mobile has certainly done some good things for the wireless industry, the company's ongoing tone deafness on net neutrality isn't doing the carrier any favors. T-Mobile fought against real net neutrality rules, then, once passed anyway, got right to work trying to find creative ways around the rules using zero rating (exempting only some content from usage caps). When net neutrality advocates and scholars repeatedly pointed out T-Mobile was violating net neutrality and being a bit hypocritical ("we're edgy and love consumers but not real net neutrality!"), the company dug a deeper hole by attacking groups like the EFF. Last week T-Mobile upped the ante with new plans that promise "unlimited" data, but are not only more expensive, they throttle tethering, throttle overall consumption at 26 GB, and throttle all video to 1.5 Mbps or 480p. Users who want HD video to actually work correctly can apparently pony up $25 more per month. Emboldended by T-Mobile and a (so far) apathetic FCC, Sprint revealed similar "unlimited" data plans of its own, which throttle all video, games and music to 1.5 Mbps, 2 Mbps, and 500 kbps respectively, unless you pony up another $25 per month. Groups like the EFF were quick to point out that installing ISPs as middlemen who get to determine how well your services work based on how much you pay in a marginally-competitive broadband market sets a horrible precedent. If regulators allow T-Mobile to charge more money for HD video to work, what stops Comcast from charging you more if you want 4K Netflix streams to work? Or AT&T deciding it can charge you more if you want your Steam games to download at full bitrate? This is a door that, once opened, won't be easily closed. And once this practice is a standard, it will be abused. T-Mobile, for whatever it's worth, continues to be annoyingly tone deaf about the slippery slope it's dragging the entire industry toward. However bad zero rating was, the act of throttling entire classes of traffic unless you pay your ISP more money is notably worse. Highlighting how video conferencing isn't throttled but YouTube is, The Verge tried to get T-Mobile to define "video" and "data" but came away stymied:"I asked T-Mobile for the company’s definition of "data" and a spokesperson said "that’s not something I could give you," but suggested that the company was on "the right side of history," and that the goal was to make "unlimited sustainable for the mass market." That’s an admirable goal! But let’s not dance around the fundamentals of the situation. Net neutrality is the law of the land, and T-Mobile has aggressively pushed the boundaries of net neutrality by manipulating the traffic on its network."But again, violating net neutrality principles isn't the same as violating net neutrality rules, and the FCC's rules were carved out with numerous exeptions that allow all manner of throttling -- provided ISPs claim it's for the health of the network. That's why T-Mobile frames this as a matter of "sustainability," even though it's really about adhering to basic dictionary definitions and not selling an "unlimited" service if you're not actually willing to offer it. For a company that markets itself as a pro-consumer alternative to traditional wireless carriers, T-Mobile seems increasingly hell bent on continuing some of the industry's worst habits.Permalink | Comments | Email This Story

Read More...
posted about 16 hours ago on techdirt
Cyrus Farivar of Ars Technica has obtained court documents showing the Oakland Police Department had to call in the feds -- and their IMSI catcher -- to track down a suspect wanted in connection with a shooting of an off-duty police officer. According to new government affidavits filed earlier this week, the Oakland Police Department (OPD) used its stingray without a warrant in 2013 for several hours overnight as a way to locate a man accused of being involved in shooting a local police officer. The OPD called in the FBI when that effort was unsuccessful. The FBI was somehow able to locate the suspect in under an hour, and he surrendered to OPD officers. The only reason these affidavits even exist is because the judge presiding over the prosecution of Purvis Ellis ordered the government to submit declarations detailing how the devices were used to locate him. Two declarations -- one from the FBI [PDF] and one from the Oakland PD [PDF] -- shed some additional light on the now-ubiquitous cell phone-tracking technology. Neither law enforcement agency sought a warrant for their Stingray deployments. Both declarations claim none was needed because of "exigent circumstances." Given that this occurred before the DOJ instituted a warrant requirement for the FBI's Stingray use, it's unlikely any evidence is in danger of being tossed. The Oakland PD's declaration states the same thing: no warrant was sought because of "exigent circumstances." Similarly, there appears to have been no warrant requirement in place for the Oakland Police Department at that time. That doesn't mean the court won't find that the use of a Stingray device (or, in this case, two of them) requires the use of a warrant, but even if it does, the good faith exception is likely to apply -- especially in the FBI's case, as its warrant requirement was still thee years away. In both deployments, pen register orders were used to obtain subscriber info. Because exigent circumstances dictated the requests, no judicial approval of the orders was needed. Ellis' lawyers are hoping the judge will find the circumstances surrounding the Stingray deployments to be not nearly as "exigent" as the government claims. Prosecutors argued that because the three men involved in the altercation were at large, there was a clear exigency. Ellis’ defense, meanwhile, has countered that because the OPD had declared the scene “secure” 14 minutes after Karsseboom was shot, there was no exigency. This issue remains unresolved. On one hand, securing a crime scene doesn't immediately dispel perceived exigency. As the government points out, the shooting suspects were still free and roaming Oakland. On the other hand, the amount of time that elapsed between the Oakland PD's response to the reported shooting and the eventual location of Ellis by the FBI -- 15 hours -- suggests some of the exigency may have dissipated by the time the FBI fired up its tracking device. Whatever the case is, the Oakland PD's call for assistance suggests its equipment was already outdated. “It's unclear from the Oakland declaration how continuous the operation of their equipment was,” Brian Hofer, chair of the City of Oakland Privacy Advisory Commission, told Ars. His newly created commission has been scrutinizing the city’s procurement process for surveillance and has pushed for new policies overseeing its use. “We believe that Oakland only had an older 2G/3G Stingray, based on public records in our possession,” he continued. “It is possible that the FBI already possessed a Hailstorm or similar 4G capable device at this time, or an older 2G/3G system but with enhanced amplification, or maybe Oakland's equipment was simply malfunctioning." The shooting occurred roughly two years before the PD attempted to secure a Homeland Security grant to pay for the Hailstorm upgrade, which would have allowed it to track the suspect. The FBI's newer version had no such problems. The Oakland PD spent ten futile hours searching for Ellis. The FBI located him roughly an hour after deploying its Stingray. It also deployed something else along with it. From the FBI's declaration: At one point, in an effort to reduce the error radius and increase the accuracy of the location of the cellular telephone, a cell site simulator augmentation device was deployed into the interior of the apartment building. This device is used in conjunction with the cell site simulator and has no data storage capability whatsoever. Farivar spoke to Daniel Rigmaiden -- the person who first uncovered government use of Stingray devices in criminal investigations (prior to that, it had only been deployed in war zones by the military) while serving time for tax fraud -- who suggested the "augmentation device" might be something made by KeyW or one of its competitors. These devices passively collect connection info and are small enough to be carried in an agent's hand. Rigmaiden also points out something else this incident shows, however inadvertently. All the money being spent by local law enforcement agencies might be better off spent on other things. Not having a Stingray device isn't the end of the world -- especially when the FBI is willing to put its devices and technical expertise to use at a moment's notice. Permalink | Comments | Email This Story

Read More...
posted about 20 hours ago on techdirt
Earlier this year, Moosehead Brewery made the wonderful decision to get into a trademark dispute with the makers of a different beer, called Müs Knuckle, I imagine because trademark lawyers now know both that I'm paying attention to these cases and that I have the sense of humor of a high school sophomore. Moosehead essentially asserted that it owned the trademark rights to anything remotely close to "moose", including made up words that are homonyms but which have delightfully vulgar connotations. Other than the issue of the word "moose", none of the trade dress in question had anything remotely to do with one another. Which is slightly different in another trademark suit that Moosehead Brewery has initiated. In the case of Moosehead Brewery v. Moose Wizz Root Beer, the labels are somewhat similar in color and logo, though there is certainly differentiation within them as well. The real issue here, instead, is that one of these is an alcoholic drink while the other is just a soda. In its claim, Moosehead states: "Moose Wizz root beer products are so similar to Moosehead's beer sold under the Moosehead Registered Marks as to create a likelihood of confusion." The Canadian company is seeking damages, including the pulling of all Moose Wizz out of the market and the profits that Adirondack has made on the soda. Adirondack owner John Carr says no one would confuse Moosehead and Moose Wizz. He points out that one is a beer and the other is a soda. Which brings us all the way back to a point I've been making about trademarks in the alcohol industry for several years now: the USPTO and its Canadian counterpart, CIPO, need to start differentiating between types of beverages. Given the explosion in craft brewing, craft wines, craft spirits, and even craft soda, it simply can't be enough any longer to get a trademark on "beverages" or something of that sort. It must start being more specific, or we're going to start to see the trademark dispute carnage currently plaguing the beer industry spilling over into not just other alcohol industries, which has already started, but into other beverage markets as well. Not to mention the question as to whether or not CIPO should actually be approving trademark registration in Canada that revolve around the word "moose" at all. It certainly feels like a heritage word being carved out of the language of business.  Carr certainly doesn't seem to think that makes any sense. "I mean, we're in the Adirondacks, guys," he told syracuse.com in a story about the case published in November 2015. "Do you mean we have to take 'moose' out of our vocabulary? I don't like to be bullied,'' he said. "I say to them, 'You don't own the moose.' " Unfortunately, a jury at the trial disagreed and found in favor of Moosehead, awarding the brewer a meager eight thousand dollars. The jury awarded Moosehead Breweries of New Brunswick $8,800 in damages. Federal court judge Norman Mordue will decide at a later date whether to prohibit Moose Wizz from continuing to use the name and the depiction of a moose's head on its label, as Moosehead has demanded. Rather than focus on the similarity of the labels as I had expected, Moosehead apparently instead directly took on whether or not root beer and beer-beer could be conflated by the public. Adirondack argued as I have in the past, stating that the difference between the beverages makes them distinct in the marketplace. Moosehead, however, rather smartly pointed out that root beer has become the new alcohol flavor du jour, and that this suddenly meant that non-alcoholic root beers could be confused as alcoholic. Moosehead's lawyers contended the recent surge by beer brewers moving into the hard root beer and alcoholic soda marketplace has blurred those lines. "Really, that was the central issue in this case," said Moosehead lead attorney Mike Garvin, of the Vorys law firm in Cleveland. He cited products like Not Your Father's Root Beer, an alcoholic soda made by a brewery in Illinois. (The trend has reached Central New York, where, for example, Matt Brewing of Utica now makes hard sodas in a line called Jed's). "Really, Moosehead might not have brought this case ten years ago," Garvin said. "The point we tried to make is that the beverage world has changed. The lines between breweries making beer and other beverages is less clear than it was." We're now playing the degrees of separation game, but with beverages. Because what Moosehead is really suggesting isn't so much that Moose Wizz will be conflated with Moosehead directly, but that Moose Wizz will be conflated with other root beer-flavored alcoholic drinks, which then puts it in the category for which a trademark case would make logical sense. I can understand why the jury bought this argument, but I still find it odd that a beer and a soda are considered to be in the same marketplace. And, more importantly, if we're going to start playing this degrees of separation game in the alcohol arena, then the trademark dispute glut that has plagued the industry these past few years might be a mere warm-up act. Permalink | Comments | Email This Story

Read More...
posted 1 day ago on techdirt
The Kim Dotcom extradition appeal is now under way, with the first question being whether or not the courtroom drama could be livestreamed on the internet for a global public to watch. The request was originally made by Kim Dotcom and his lawyers, but the lawyers for the US government opposed... because... well, just because. "US defends mass surveillance programs with 'If you have nothing to hide, you have nothing to fear' but opposes live streaming of my hearing," Dotcom, who attended some of the hearing, said on Twitter. Honestly, it's not at all clear why the government lawyers are opposing this other than to just oppose stuff and be generally obstructionist. However, it doesn't appear to have worked. A little while ago, Dotcom's lawyer Ira Rothken announced that the court had agreed to allow live streaming: The Court granted Livestreaming today in the @KimDotcom case this is a victory for transparent justice in NZ - on YouTube soon live — Ira Rothken (@rothken) August 29, 2016 And Kim Dotcom himself tweeted that it would begin tomorrow, once a cameraman was set up: Live stream will start tomorrow. The cameraman needs to set this up professionally and implement the Judges live streaming rules. #winning — Kim Dotcom (@KimDotcom) August 29, 2016 This should be an interesting hearing to watch no matter what. If you want a preview of some of the points, check out our podcast interview with Dotcom's lawyer, Ira Rothken from last week.Permalink | Comments | Email This Story

Read More...
posted 1 day ago on techdirt
We've written probably hundreds of stories on just what a dumb idea electronic voting systems are, highlighting how poorly implemented they are, and how easily hacked. And, yet, despite lots of security experts sounding the alarm over and over again, you still get election officials ridiculously declaring that their own systems are somehow hack proof. And now, along comes the FBI to alert people that it's discovered at least two state election computer systems have been hacked already, and both by foreign entities. The FBI has uncovered evidence that foreign hackers penetrated two state election databases in recent weeks, prompting the bureau to warn election officials across the country to take new steps to enhance the security of their computer systems, according to federal and state law enforcement officials. The report apparently noted that Arizona and Illinois were the two states whose systems were exploited -- with both attacks coming from the same IP addresses. From the report, it does not look as if the hacks were specifically about modifying vote totals, but rather accessing voter registration data -- but that's still a pretty big concern. In response, the Department of Homeland Security has apparently reached out to state election officials offering "help" in better securing their election systems. Doesn't it seem a bit late for them to start securing their systems now? And, of course, it's not like DHS is somehow a great at stopping hackers either. It wasn't so long ago that a 16-year-old kid using the online handle "penis" was able to hack DHS's computer systems. Maybe, just maybe, people in charge of elections in America should have considered some of this, I dunno, two decades ago when people first raised the issues about vulnerabilities in election systems.Permalink | Comments | Email This Story

Read More...
posted 1 day ago on techdirt
The Louisiana First Circuit Court of Appeals has just ended Terrebonne Parish Sheriff Jerry "Censorious Dumbass" Larpenter's attempt to silence a critic through the magic of abusing his power. The sheriff obtained a warrant to raid a blogger's house, using the state's mostly-unconstitutional criminal defamation law to justify the search. The blogger had pointed out that Larpenter's wife works for an insurance agency that provides coverage for the local government -- something that looked just a wee bit corrupt. Larpenter didn't care for this, so he took his search warrant application -- and a complaint by Tony Alford, who runs the insurance company that Larpenter's wife works for -- to an off-duty judge to get it signed. This same judge later declared the warrant to be perfectly legal when challenged by lawyers representing the blogger. The blogger's lawyers appealed [PDF] this decision, which has resulted in the warrant [PDF] being killed. Naomi Lachance of The Intercept has more details. An appellate court in Baton Rouge ruled Thursday that a raid on a police officer’s house in search of the blogger who had accused the sheriff of corruption was unconstitutional. The Louisiana First Circuit Court of Appeals argued that Sheriff Jerry Larpenter’s investigation into the blog ExposeDAT had flawed rationale: the alleged defamation was not actually a crime as applied to a public official. The unanimous ruling from the three-judge panel comes after police officer Wayne Anderson and his wife Jennifer Anderson were denied assistance in local and federal court. The one-paragraph decision [PDF] points out that Tony Alford is a public figure and cannot avail himself of the state's criminal defamation law. Anthony Alford, the supposed victim, is President of the Terrebonne Parish Levee and Conservation Board of Louisiana, and a public official. Consequently, the search warrant lacks probable cause because the conduct complained of is not a criminally actionable offense. The ruling of the district court denying the motion to quash the search warrant is reversed, the motion is granted, and the search warrant is quashed. So much for Judge Randall Bethancourt's declaration that the warrant he signed was valid. And so much for the Terrebonne Sheriff's Department's "look see" Bethancourt granted earlier. The seized devices -- which included a laptop belonging to the blogger's children -- have been held by the clerk of courts, which hopefully means Sheriff Larpenter didn't sneak some peeks before having his bogus warrant tossed. The state's top prosecutor won't be humoring Sheriff Larpenter any further. “We respect the First Circuit decision, we have no plans to appeal, and as far as the attorney general is concerned, the case is closed,” Ruth Wisher, press secretary for the attorney general, told The Intercept. Sheriff Larpenter still seems willing to abuse his office to shut people up, as evidenced by his inability to do so himself. Over the month of August, Larpenter had publicly defended his position. “They need to upgrade [criminal defamation] to a felony,” he recently said on local television station HTV10. “The media come and all the different outlets, even our local media, wrote unsatisfactory accusations about me like, ‘Oh, they got freedom of speech. They can say what they want.’ Well that’s not true,” he said. Larpenter is wrong on both counts. Defamation shouldn't be a criminal offense. Ever. And his definition of "free speech" doesn't sound very "free." Instead, it sounds like Larpenter would prefer limits to speech he doesn't like, which is a stupid and dangerous ideal to hold while in an elected office holding considerable power. I have my doubts Larpenter thought he'd really end up with a criminal prosecution, but he's probably satisfied that he was allowed to walk into someone's home, take their stuff, and force them to spend money defending themselves from a completely bogus criminal charge. Of course, intimidation tactics like these can sometimes backfire completely. Larpenter now looks like an easily-bruised bully and his BS attempted prosecution will likely only encourage his critics to speak up more loudly and frequently. In addition, The Intercept reports the blogger's lawyers will be moving forward with a lawsuit against the parish for Sheriff Larpenter's actions, so this may end up costing taxpayers some cash as well. Hopefully, this unneeded spending will be on their minds when Larpenter's up for re-election. Permalink | Comments | Email This Story

Read More...
posted 1 day ago on techdirt
Okay, we've been trying to raise the alarm bells about "ISDS" -- "Investor State Dispute Settlement" -- systems for many, many years, even helping to push the term "corporate sovereignty" to help describe it, since people's brains seem to turn to mush when you spell out ISDS. We've pointed out over and over again the problems of such a system where it basically allows companies to sue countries for passing regulations they don't like. We've noted over and over and over again how problematic this is... and yet people still tell us it's no big deal and the system is fair and "necessary" to keep countries from doing things like simply nationalizing an industry that foreign companies build up. Of course, that doesn't happen that often. ISDS corporate sovereignty cases are happening quite frequently, over subjects like Eli Lilly being upset that Canada rejected some patents and Philip Morris suing lots of countries for passing anti-smoking health regulations. Thankfully, Chris Hamby, an excellent investigative reporter with BuzzFeed*, has done a massive detailed investigative report into the ISDS corporate sovereignty system and what a complete disaster it is. Much of this was assumed before, but many of the ISDS cases are done in complete secrecy, so there are few details out there. Hamby's reporting, though, will hopefully change that. You know how we've written about the whole "high court, low court" thing where those in power and with connections get treated differently in court than those without? Well, consider the ISDS corporate sovereignty system an international version of the high court. You can only access it if you're a company, but it's also used, repeatedly, to protect executives who have been convicted of crimes for actions by companies. In just the first report (apparently more is coming), Hamby reveals: A Dubai real estate mogul and former business partner of Donald Trump was sentenced to prison for collaborating on a deal that would swindle the Egyptian people out of millions of dollars — but then he turned to ISDS and got his prison sentence wiped away. In El Salvador, a court found that a factory had poisoned a village — including dozens of children — with lead, failing for years to take government-ordered steps to prevent the toxic metal from seeping out. But the factory owners’ lawyers used ISDS to help the company dodge a criminal conviction and the responsibility for cleaning up the area and providing needed medical care. Two financiers convicted of embezzling more than $300 million from an Indonesian bank used an ISDS finding to fend off Interpol, shield their assets, and effectively nullify their punishment. The report notes that lawyers have increasingly looked to ISDS not as a system of last resort, as it was originally intended, but as a creative way to pad their billing help companies get all sorts of advantages over governments. Driving this expansion are the lawyers themselves. They have devised new and creative ways to deploy ISDS, and in the process bill millions to both the businesses and the governments they represent. At posh locales around the globe, members of The Club meet to swap strategies and drum up potential clients, some of which are household names, such as ExxonMobil or Eli Lilly, but many more of which are much lower profile. In specialty publications, the lawyers suggest novel ways to use ISDS as leverage against governments. It’s a sort of sophisticated, international version of the plaintiff’s attorney TV ad or billboard: Has your business been harmed by an increase in mining royalties in Mali? Our experienced team of lawyers may be able to help. A few of their ideas: Sue Libya for failing to protect an oil facility during a civil war. Sue Spain for reducing solar energy incentives as a severe recession forced the government to make budget cuts. Sue India for allowing a generic drug company to make a cheaper version of a cancer drug. There are even lawyers who basically just scour the world for any regulatory change, and then go hunting for companies who can bring ISDS corporate sovereignty cases over those regulatory changes. In other words, the cart is not just in front of the horse here, it's dragging it down the hill. And don't buy the claim that the "newer" versions of ISDS found in agreements like the TPP and the TTIP are somehow better and have fixed the problems of the old ones. The BuzzFeed report notes that there are massive loopholes, and lawyers are already preparing their clients on how to exploit them, should the TPP get ratified. As for the claim that ISDS must be fine because the US has never lost a case -- according to the report, that's basically mostly been luck, and it's unlikely to hold up much longer. But, really, it's the escaping criminal charges stuff that's eye-opening in this first report: Reviewing publicly available information for about 300 claims filed during the past five years, BuzzFeed News found more than 35 cases in which the company or executive seeking protection in ISDS was accused of criminal activity, including money laundering, embezzlement, stock manipulation, bribery, war profiteering, and fraud. Among them: a bank in Cyprus that the US government accused of financing terrorism and organized crime, an oil company executive accused of embezzling millions from the impoverished African nation of Burundi, and the Russian oligarch known as “the Kremlin’s banker.” Some are at the center of notorious scandals, from the billionaire accused of orchestrating a massive Ponzi scheme in Mauritius to multiple telecommunications tycoons charged in the ever-widening “2G scam” in India, which made it into Time magazine’s top 10 abuses of power, alongside Watergate. The companies or executives involved in these cases either denied wrongdoing or did not respond to requests for comment. Most of the 35-plus cases are still ongoing. But in at least eight of the cases, bringing an ISDS claim got results for the accused wrongdoers, including a multimillion-dollar award, a dropped criminal investigation, and dropped criminal charges. In another, the tribunal has directed the government to halt a criminal case while the arbitration is pending. The report then goes on to detail some specific case studies of people accused of criminal activity using corporate sovereignty tribunals to effectively get away with it. There's also evidence that all this game playing with corporate sovereignty involves lawyers effectively doing "treaty shopping" to figure out where to set up companies so they can sue specific countries for money. Really. A key service offered by the ISDS legal industry goes by various euphemisms: “corporate structuring,” “re-domiciling,” “nationality planning.” Critics have a different term: “treaty shopping.” It amounts to helping businesses figure out which countries’ treaties afford the most leeway for bringing ISDS claims, then setting up a holding company there — sometimes little more than some space in an office building — from which to launch attacks. So it is that a private equity firm based in Texas can fly the flags of Belgium and Luxembourg, enabling it to sue South Korea, which convicted one of its executives of stock manipulation. The private equity firm declined to comment. That means that even though domestic people aren't supposed to be able to use ISDS against their own governments, it still can happen: ISDS was designed to protect foreign investors, not people suing their own government. But members of the once-prominent Turkish Uzan family — accused of perpetrating a fraud worth billions and derided at one point by a US federal judge as “business imperialists of the worst kind” — found a way to sue their native land through a variety of companies primarily under their control in Cyprus, Poland, and the Netherlands. (Turkey won each case, but at a cost of tens of millions in legal fees.) The family’s telecommunications company, however, remained Turkish so it could bring a claim against Kazakhstan, with which Turkey has a treaty — and win a $125 million award. And, yes, lawyers specializing in this kind of money making effort are also the ones (shocker!) using the infamous revolving door at the US Trade Representative's office to cash in: Daniel M. Price negotiated the section of NAFTA containing ISDS when he was a lawyer at the Office of the US Trade Representative. He later served as a top international trade official in the George W. Bush White House. In between these government stints, he worked as a private lawyer helping clients in ISDS cases. Twice he used the treaty he himself had helped negotiate to help US-based businesses pursue claims against Mexico. He founded and chaired the unit handling ISDS claims at Sidley Austin, a leading global law firm. Today, he promotes his services as an arbitrator and, along with a powerhouse team that includes other former government lawyers, sells international expertise on ISDS and related matters. Nice work, if you can get it. Another key point in the report is that the talking point from ISDS defenders that governments win more ISDS cases than companies is basically bullshit: To prove that ISDS is not biased in favor of businesses, they point to the outcomes of known cases: Governments have won about 35% of the time, while business interests have won only about 25%. But that statistic is anything but straightforward. It pertains only to the outcomes of known cases; ISDS is so secretive no one even knows how many additional cases there have been. Also secret are most of the settlements. Roughly a quarter of the known cases were settled, but the terms are almost never disclosed. Moreover, subtract the cases that arbitrators tossed out because they didn’t have jurisdiction to hear the claim, and that win–loss balance flips: Business interests have won 60% of the time. Even then, cases recorded as losses for the corporation can actually be wins. In one case, an executive failed to garner a monetary judgment but obtained a finding that helped him wipe away a criminal punishment. There's much, much, much more in this story, and it's just the first in a series. Hopefully things like this will start to wake people up to just how incredibly bad ISDS corporate sovereignty provisions really are. They're not just some obscure system that involves big companies fighting. They're becoming an alternative court system for the super powerful and connected -- and letting them literally get away with criminal behavior. * Okay, okay, I know some people still insist that BuzzFeed is just a horrible site full of nothing but junk, but it's actually got a really great reporting team, that has done some amazing work over the years -- it's just that very few people know about it.Permalink | Comments | Email This Story

Read More...
posted 1 day ago on techdirt
Every so often when people find out about the position we tend to take on copying, they hit back with what they think is a "gotcha" of something along the lines of "you wouldn't feel that way if someone copied your stuff." They really do. All the time. There are a number of scraper/spam blogs that copy and repost Techdirt's content, and it's really no big deal. As we've noted for a long time, all of the content that we publish directly we've declared to be in the public domain, so feel free to copy it with some caveats (which we'll discuss below). Last week, we launched our latest T-shirt, the "Copying is Not Theft" shirt: So far there's been a great response to it, but some people seem really upset by the basic message. On Twitter and in our comments, we've had a few people pull out the "Oh, well how will you feel when I copy that shirt!" line of thinking that they'd found some sort of gotcha. The oddest, of all, however, was John Anderson, who apparently runs something called the "Global Anti-Counterfeiting Group" insisting that he's going to counterfeit our shirt. Thanks - we'll make loads of cheap imitations and sell for five quid each. https://t.co/f7hzRHFBv1 — John Anderson (@gacgjohn) August 28, 2016 Yes, yes, he's obviously just being snarky and thinking he's making a point, but it still seems odd for someone who insists he's against counterfeiting to basically say he's planning to counterfeit our shirt. At the very least, it actually gives us a platform to make our point: if he really wants to do so, he can absolutely go and make those cheap $5 shirts. But they won't sell. Why? This is the whole point we've been trying to make all this time. The reason people buy shirts from us is because (1) they like the shirts and (2) they want to support Techdirt. Somehow, I get the feeling that the community that John Anderson has built up around his Global Anti-Counterfeiting Group aren't exactly the kind of people who would jump at an offer to buy "Copying is Not Theft" T-shirts, even if they are 25% the price of our T-shirts. This is the point that so many fail to get when they freak out about people copying. If you've built up a community of people who want to support you and people who like and are interested in what you do, there's nothing to fear from copying. It's only when you don't have that kind of support, or when you're trying to force something on people that they don't want that you suddenly have to worry about copying. This is why we've always pointed to the same response when people say they're going to copy us and prove that we really are worried about copying or that copying really is theft. It's not. Here's what I wrote nearly a decade ago and it's still stands true today: We have no problem with people taking our content and reposting it. It's funny how many people come here, like yourself, and assume you've found some "gotcha." You haven't. There already are about 10 sites that copy Techdirt, post for post. Some of them give us credit. Some of them don't. We don't go after any of them. Here's why: 1. None of those sites get any traffic. By themselves, they offer nothing special. 2. If anything, it doesn't take people long to read those sites and figure out that the content is really from Techdirt. Then they just come here to the original source. So, it tends to help drive more traffic to us. That's cool. 3. As soon as the people realize the other sites are simply copying us, it makes those sites look really, really bad. If you want to risk your reputation like that, go ahead, but it's a big risk. 4. A big part of the value of Techdirt is the community here. You can't just replicate that. 5. Another big part of the value of Techdirt is that we, the writers, engage in the comments. You absolutely cannot fake that on your own site. So, really, what's the purpose of copying our content in the manner you describe, other than maybe driving a little traffic our way? So, if you really want to, I'd suggest it's pretty dumb, but go ahead. This same thing holds true for counterfeiting goods as well. When we launched our first shirt, the Nerd Harder shirt, we saw a few copycats spring up on Teespring, complete with the language claiming that the shirts were from Techdirt, when they were not. We reached out to Teespring telling them we had no problem with them leaving up the T-shirts, but we would appreciate it if they didn't say that supporting them was supporting Techdirt. That's been consistent with our position all along, that in the realm of trademark, the one thing that does make sense is when it's used as a form of consumer protection. If buyers might be confused about who is really endorsing the product, that's a reasonable concern. But someone copying our shirt without pretending it's from us? That's totally cool. In fact, maybe they can make it better. I mean, it's not like we even came up with the phrase "copying is not theft" either. It's the name of a truly wonderful song that Nina Paley wrote and illustrated: Did we "steal" her song in taking the title and making it a shirt? Hell, no. We made a new thing. We took something that she did and we built on it to offer something new (cool T-shirts) to a different audience (ours), and so far, it seems to be working. If John Anderson thinks he can compete with his audience, he should go for it. Hell, we'd be happy to compete with anyone doing so, because we know the message resonates with our audience. I'm not so sure it would resonate with the audience of some random person trying (and failing) to prove a point. So, bring it on. And, yes, we've even made it extra easy for folks like John Anderson. If he likes, we've made the original image available as both a vector SVG file and a high-res PNG. So go ahead, John Anderson from the Global Anti-Counterfeiting Group. Go ahead and counterfeit our shirt. Knock yourself out. I imagine you'll sell somewhere close to zero of them. Though the members of your group may find it odd that the head of a Global Anti-Counterfeiting Group's first response to seeing a T-shirt he doesn't like is to talk about counterfeiting it. Right, John? Anyway, if you'd like to make a point to John Anderson and the Global Anti-Counterfeiting Group, here's your opportunity. Buy one of our lovely Copying is Not Theft T-shirts.Permalink | Comments | Email This Story

Read More...
posted 1 day ago on techdirt
Pay what you want for the Programming Into the Future Bundle and receive two courses covering Sass for CSS and Bootstrap 4. If you beat the average price, you get an additional 6 courses. They cover Angular 2, Node.js, Python, Docker and more to help keep your skills up to date. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.Permalink | Comments | Email This Story

Read More...
posted 1 day ago on techdirt
There are still people out there who think it's a good idea for the government -- whether it's the FBI, NSA, or other agency -- to hoover up exploits and hoard vulnerabilities. This activity is still being defended despite recent events, in which an NSA operative apparently left a hard drive full of exploits in a compromised computer. These exploits are now in the hands of the hacking group that took them… and, consequently, also in the hands of people who aren't nearly as interested in keeping nations secure. The problem is you can't possibly keep every secret a secret forever. Edward Snowden proved that in 2013. The hacking group known as the Shadow Brokers are proving it again. The secrets are out and those who wish to use exploits the NSA never disclosed to affected developers are free to wreak havoc. Lily Hay Newman of Wired examines the aftermath of the TAO tools hacking. Whoever they are, the Shadow Brokers say they still have more data to dump. But the preview has already unleashed some notable vulnerabilities, complete with tips for how to use them. All of which means anyone—curious kids, petty criminals, trolls—can now start hacking like a spy. And it looks like they are. Curious to learn if anyone was indeed trying to take advantage of the leak, Brendan Dolan-Gavitt—a security researcher at NYU—set up a honeypot. On August 18 he tossed out a digital lure that masqueraded as a system containing one of the vulnerabilities. Dolan-Gavitt used the Cisco zero-day -- one which the company is still unable to completely thwart -- for his honeypot. This exploit was in the hands of the NSA for at least three years and was never disclosed to Cisco. The security researcher saw one attack in the first 24 hours. Since then, there have been a handful of attacks mounted every day. This is the end result of someone hacking the hackers. The Shadow Brokers have turned the agency's exploit toolkit into NSA Everywhere!™ -- the NSA's new "Inadvertent Disclosure" project. The hackers have divulged far more exploits than the NSA ever has, even with the (severely loopholed) "presumption of disclosure" mandate handed down by the Obama Administration. The NSA -- and its defenders -- remain mostly unworried about this collateral damage. Presumably the nation is still secure, even if its companies and their customers aren't. I guess that's supposed to be good enough. Every war inflicts a toll on non-combatants, and the neverending War on Terror will be no different than the neverending War on Drugs in this respect. But those at the top of the IC heap -- and those who work closely with them, like the FBI -- need to stop pretending the government can be trusted with keeping its most secret secrets secure. And officials need to stop applying pressure on lawmakers to craft encryption backdoor legislation, because this debacle should make it clear -- even to true believers like FBI director James Comey -- that any hole labeled "GOVERNMENT USE ONLY" isn't going to keep bad guys out forever. Permalink | Comments | Email This Story

Read More...
posted 1 day ago on techdirt
The internet is for porn terrorism. That's according to a report by the UK's Home Ministry, which claims the medium is inseparable from the message, especially if it's a US tech company. Facebook, Twitter and Google and are deliberately failing to stop terrorists from using their websites to promote terrorism because they believe it will "damage their brands", MPs have warned. MPs warned that social media websites are becoming the "vehicle of choice" for spreading terrorist propaganda but websites are policing billions of accounts and messages with just a "few hundred" employees. I'm pretty sure giving terrorists free rein is more "damaging" to "brands" than the current status quo. Sure, chasing terrorists off the internet is just another form of whack-a-mole, but it's not as though these companies aren't trying. Facebook's policing of content tends to lean towards overzealous. Twitter just removed over 200,000 terrorist-related accounts. And as for Google, it's busy bending over backward for everyone, from copyright holders to a few dozen misguided governments. But the internet -- including terrorists -- perceives censorship as damage and quickly routes around it. The argument can be made (and it's a pretty good argument) that it might be more useful to have terrorists chatting on open platforms where they can easily be monitored, rather than pushing them towards "darker" communications methods. But it's tough to reason with lawmakers who find big corporations to be the easiest targets for their displeasure. And, really, their complaints are nothing more than a cheap form of class warfare, one that tacitly asks millions of non-terrorist internet users to sympathize with a government seeking to gain more control over the platforms they use. Keith Vaz, the chairman of the committee, said: "Huge corporations like Google, Facebook and Twitter, with their billion-dollar incomes, are consciously failing to tackle this threat and passing the buck by hiding behind their supranational legal status, despite knowing that their sites are being used by the instigators of terror." That's what the MPs are really seeking: a way to carve off a slice of these billion-dollar incomes. Vaz fears the "Wild West" internet (one filled with Middle Eastern desperadoes, apparently…) because it's "ungoverned" and "unregulated." If both of those "problems" are fixed, he'll presumably be able to sleep better -- perhaps warmed by the flow of a new revenue stream or soothed by an expansion of his government's powers. Either way, these companies should have to shoulder the blame for terrorism's continued existence. Some might make the argument that the government isn't doing enough to fight terrorism. After all, "billions" of dollars go towards this battle every year, and every year nothing appears to change. The report points specifically to the supposedly "low" number of employees policing posted content. "It is alarming that these companies have teams of only a few hundred employees to monitor networks of billions of accounts..." Apparently, these billion-dollar companies are expected to move towards a 1:1 ratio of moderators to users. Vaz also claims these companies need to take a "no questions asked" attitude towards law enforcement demands to have content taken down. If so, perhaps the UK government should start hiring more law enforcement officers and move the needle more towards a 1:1 ratio of constables to internetizens… or at least a 1:1 ratio of constables to platform content moderators. The report also points to various "failures" within the UK government, suggesting anti-terrorism laws just aren't quite strict enough. It notes that police have allowed alleged terrorists to leave the country while on bail because they haven't seized their passports. And an official from Scotland Yard asserts -- with wording that suggests the UK doesn't have quite enough restraints on speech yet -- that existing laws can't shut down the sort of thing the report complains that Google, Facebook, and Twitter aren't shutting down quickly enough: namely, posts by Anjem Choudary, a "hate preacher" who was convicted of supporting the Islamic State. Richard Walton, the former head of Scotland Yard's counter terrorism command, today warns that existing British laws would not prevent preachers who followed Choudary's example and acting as "radicalisers". Obviously, the answer is MORE LAWS. That should fix it. That and blaming tech companies for third-party content, something they already police about as well as they can, considering the number of users on their respective platforms. It's always handy to have a scapegoat to beat like the dead horse these arguments are, especially when the scapegoat can mixed-metaphorically be portrayed as fat cats electro-fiddling while social media burns. Permalink | Comments | Email This Story

Read More...
posted 1 day ago on techdirt
Hillary Clinton has been somewhat hard to pin down on the encryption debate -- because she's done what she's done with plenty of issues. Generally spoken in broad platitudes without ever making a statement that allows her position to actually be clear. But she's certainly said some pretty concerning stuff. Last fall she said: Encryption of mobile communications presents a particularly tough problem. We should take the concerns of law enforcement and counterterrorism professionals seriously. They have warned that impenetrable encryption may prevent them from accessing terrorist communications and preventing a future attack. Of course, she then did a "on the other hand" and noted the concerns of security folks. Since then, she's called for a sort of Manhattan Project on encryption, believing that if Silicon Valley people just could nerd harder, they could make encryption that could only be broken by law enforcement. That's not how it works. She's also complained that Silicon Valley treats the government "as its adversary." So it seems rather noteworthy that, following questions about how well she secured her own emails, combined with email leaks from the DNC and reports that the campaign itself has been hacked, the Clinton campaign has now started using Signal, the popular encrypted messaging system from Open Whisper Systems (who made the protocol that is generally considered the best around for end-to-end encrypted messaging). In the intervening weeks, staffers were told, according to a person who works with the committee, that if anyone was going to communicate about Donald Trump over e-mail or text message, especially if those missives were even remotely contentious or disparaging, it was imperative that they do so using an application called Signal.... Signal, staffers in the meeting were told, was “Snowden-approved.” A week after the meeting at the campaign headquarters, according to two people who have worked with the D.N.C. and the Clinton campaign, an e-mail was sent out instructing staffers where to download the app and how to use it. So, you'd think that, maybe (just maybe) the Clinton campaign might come out and say that it's not planning to support bills that would outlaw Signal after they're elected, right? Perhaps it'll take another lesson. Because, apparently, the Clinton campaign staffers didn't pay much attention to the briefing: While the D.N.C. hack sent tremors down the spines of virtually everyone in Washington, it didn’t take long for people to take the easy route, once again e-mailing sensitive information that could easily hamper the campaign if it ever became public. Or, as one Washington insider told me: “No one really learned.” So, there's that. The other oddity in this story is that Hillary Clinton has called for Snowden to be put in jail, and yet now her campaign is telling everyone to use Snowden-approved encryption? The irony did not go unnoticed by one person in particular: 2015: Even if he revealed unlawful government surveillance, put him in jail!2016: wait what apps does he use pic.twitter.com/00XIm45l3p — Edward Snowden (@Snowden) August 27, 2016 Permalink | Comments | Email This Story

Read More...
posted 1 day ago on techdirt
Well, here we go again with the bad EU copyright proposals. Just a few days ago, Mozilla actually launched a petition to call on the EU to update its copyright laws for the 21st century, to make it "so we can tinker, create, share, and learn on the internet." Apparently the EU's answer to this is "Fuck You!" According to a leaked draft of the EU Commission's plan to "modernize" copyright, the plan really seems focused on coming up with new ways to tax successful internet companies, like Google, to prop up other companies and industries that have failed to adapt. Apparently, the EU Commission thinks that copyright should be a tool to punish innovation and to reward those who have refused to innovate. The leaked draft talks repeatedly about this silly idea of a "value gap." Just a few weeks ago we discussed why the "value gap" is a misleading talking point. It's being used by companies that didn't innovate to try to guarantee a business model, with that model being "have the government force successful companies to subsidize us, because we didn't adapt to the current market." And this draft is full of that kind of thinking. The draft also continues to weigh "the impact" of various proposals on different stake holders. For example, it notes whether different proposals will have a "positive, neutral, or negative" impact on rightsholders, internet services, consumers and "fundamental rights." While it's nice that they include the "fundamental rights" (and the public -- who, it should be noted, are more than just "consumers") it feels like they're trying to set up proposals again that are sort of "balancing" all of these interests, rather than finding the one that maximizes overall utility. In fact, it's quite troubling that they seem to think that anything that directly expands copyright automatically benefits "rightsholders." We've seen how that's not true at all. Greater freedom to remix, reuse and build on the works of others allow everyday people to become creators themselves more easily. And saddling internet platforms also harms many, many content creators who are only able to create, publicize, distribute, connect and monetize because of these new platforms. But the draft doesn't seem to take much of that into account -- or sort of hand-waves it away. Even the way the draft describes "problems" show that it's biased at looking for ways to prop up old industries: In particular intervention at EU level is expected, because of its scale, to strengthen publishers bargaining powers in a more effective way than it has happened under national measures such as the "ancillary rights" adopted in DE and ES, where major online service providers either closed down their news aggregation services (ES) or concluded free licences for the use of publishers' content (DE) which did not generate any remuneration for publishers so far. Moreover the related right granted to press publishers under this option would be different from the ES law insofar as it would be an exclusive right and not an unwaivable compensation: this would leave news publishers a greater margin for manoeuvre to negotiate different types of agreements with service providers and is therefore expected to be more effective for them in the long run (notably as it will allow press publishers to develop new business models in a flexible way). Basically, so much is looking at how can we prop up newspaper businesses by basically forcing Google to pay them to link to them. Even more ridiculously, the report says that basically pushing Google to pay to link to news will "benefit consumers" because it will mean more "high quality" news. That seems like a dubious assumption. Consumers reap considerable benefits from news aggregators and social media news providers. At the same time they also benefit from high quality newspaper content feeding these channels of consumption. By fostering the production of high quality news content, this option is expected to have a positive impact on consumers. Better market conditions for the news publishing industry could give rise to the development of innovative offers for the digital distribution of news content, with larger catalogues and more choice. Digital subscription of newspapers and magazines are expected to be further developed, which will be particularly beneficial to consumers given the decline of print products. That seems like the EU Commission is only thinking a single step out, and not any further about how business models may develop. Doing this will also lock in Google as the dominant player and not allow newer, better, more innovative startups to enter the market without first having to raise significant amounts of capital. The report notes that consumer groups disagree with the assumption that consumers will benefit under such a plan, but the entirety of the Commissions reason for this is "well, this is different from the Spanish law that made Google News shut down." All in all, this looks like (unfortunately typical for Europe) plan written by bureaucrats looking to basically minimize the number of people who are upset, rather than creating the best actual overall plan. As a result, the proposals look to be a mess, that will almost certainly harm innovation and creativity in Europe.Permalink | Comments | Email This Story

Read More...
posted 2 days ago on techdirt
This week, officials in Nice reacted in the worst way possible by threatening to sue people sharing photos of the fashion police doing their anti-burka duty. Some of the conversation turned to refugees, and Uriel-238 won most insightful comment of the week by getting serious about things: We decided that proper and reasonable treatment of refugees was important after the Napoleonic wars, and the standards for such treatment remain enshrined as a testament to humanity in the Geneva and Hague conventions. Hospitality and fair treatment of refugees is not a duty that one nation owes to another nation, it's a duty that each of us, as individuals who benefit from national laws and identity, owe to all other individuals, considering that but for the grace of God (or your luck and fortune) you could also be outlawed by your own state and pushed out of its borders... or just executed and cremated in a mass oven. Of course, thanks to George W. Bush's administration the Geneva Convention doesn't mean as much as it once did, and we will have to relearn why we created and ratified it in the first place. So you can choose to vote against allowing refugees into your borders. You can choose to deny others sanctuary when their own have turned against them and the trains are getting packed and the ovens are on day and night. But when fortune turns around, and it happens to you, or your grandchildren or your descendants down the line, when they become the persecuted, when the death camps are cooking once again, you had best hope that the people controlling those borders are kinder, more empathetic or more honorable than you are. In second place, we've got an anonymous response to the airport stampede caused by applause mistaken for gunshots: I guess this proves that despite 15 years of focus and nearly unlimited funding, the war on terror has not achieved its goal: the public in general is still terrified. Arguably more so today than 15 years ago. I'm aware that terrorists are still active, and yes, unfortunately they do at times succeed in attacking airports and other public areas. But I think too much (if not all) effort in that war on terror was focused on making a show of trying to find and stop the next terrorist (mission impossible), and not enough in reassuring the public. When I'm scared, I don't want you to tear apart my bedroom and try to find the monster! I want you to acknowledge my fear, reassure me, and help me put things into context and perspective. I want to be informed in an open and rational way about the danger, without exaggerations or hidden agendas, so I can cope with it in my own way. Instead, what the 'security theater' has done is actually reinforce the fears of the public beyond reason: Lots of noise. No perspective. No context. No open and transparent communication. And I'm worried there may very well be a hidden agenda... For editor's choice on the insightful side, we start out with a comment from Derek Kerton calling the Copyright Alliance out on its at-best incomplete explanation of the purpose of copyright: Incorrect "copyright law is predicated on the theory that creators are incentivized to create new works by the prospect of reaping the economic fruits of their creative labor, which in turn benefits the public by increasing the number of creative works available for their enjoyment" The objective is not so that the works are "available for our enjoyment", but rather that such works will eventually be fully ours, aka, Public Domain. They act like the mid-state is the end game. It is not. Next, after the EFF criticized Microsoft's lack of meaningful response to Windows 10 privacy concerns and one commenter accused them of relying on "second-hand knowledge", JMT wondered what other sort of knowledge they'd be able to have: Which is kinda the whole point, since the first hand knowledge is being jealously guarded. When you mess with people's privacy but won't be up front about exactly what you're doing, expect to be called on it. Over on the funny side, we start out on our post about Slate's really bad advice about running your own e-mail server, where we also pointed out that the comments were full of IT experts saying it was a bad idea. That One Guy won first place for funny by suggesting Slate solve this problem by jumping on a hot blogging trend: Well, only one way to respond to that: Shut down the comments and claim that they're doing so because they care so much about their readers that they want to dump them elsewhere. For second place, we return to the refugee debate, where sorrykb delivered a smackdown to any argument that boils down to everything being the refugees' fault: Yeah. Stupid refugees should have been born into a wealthy stable country. What were they thinking. For editor's choice on the funny side, we start out with a comment from Mark Wing discussing self-driving car fears that go beyond the trolley problem: The real danger of automated cars is that they'll get hacked by Russians and drive you straight to a GOP rally. And finally, after one anonymous commenter recently asked what happens to a lawyer who is found guilty of fraud perpetrated upon the court, another offered a perfect response: He gets a job in Congress. That's all for this week, folks! Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
Five Years Ago This week in 2011, the mainstream press was waking up en masse to the fact that the patent system was terribly broken, with even the Wall Street Journal joining the fray. The patent system was, of course, getting in the way of health care, and attempts to convince Silicon Valley that software patents are great were unsurprisingly unsuccessful. Amidst all this the most notable patent battle going on was, of course, the one between Oracle and Google — and this was the week that we got our first whiff of the side-fight over API copyrights that would end up becoming so important. Ten Years Ago This week in 2006, we had several early discussions about things that would grow to become major subjects of concern. There was the fact that content takedown laws were sneaking censorship into the traditionally censorship-proof internet; there was the RIAA following in DirecTV's footsteps and starting to automate the process of sending out mass copyright shakedown letters; and perhaps most perniciously, there was the quiet fallout of a Supreme Court ruling that told courts not to rush to issue injunctions over patent infringement: companies began exploiting the now-well-known "ITC Loophole" to route around the courts and ban a competitor's imports. Meanwhile, we all waited to see who would buy YouTube, and the platform's recent MySpace-esque branded offerings led us to incorrectly speculate that News Corp. might be the answer. Fifteen Years Ago This week in 2001, Windows XP was beginning its takeover of the PC scene. Bluetooth was all the trendy rage, but some were declaring it dead on arrival while others defended it — not that the world's wireless visionaries really had any idea what to expect (except, perhaps, more wi-fi security breaches). Oh, and remember when computers only came with one little branded sticker on the outside, proudly declaring the Intel processor and nothing else? That all started to change this week when IBM adopted the same strategy and opened the floodgates. One-Hundred And Twenty-Eight Years Ago Adding machines have a history that dates back to the 17th century, but they didn't really become useful and popular until the late 1800s. One of the two main trailblazers was the machine patented by William Seward Burroughs on August 25th, 1888. His company would go on to become what we know today as Unisys — and his grandson would become an author who helped define the beat generation. Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
Limited Time Offer:Support Techdirt & get a Copying Is Not Theft t-shirt, hoodie or mug! Yesterday, we launched our latest Techdirt gear design: Copying Is Not Theft, available on a variety of products. Men's and women's t-shirts are $20, hoodies are only $35, stickers are $4, and this time we've added v-necks and long-sleeve tees for $22 and mugs for $14. Help spread the word that whatever people think about copying and piracy, you won't swallow a false equivalency like "copying is theft". Still not sold? Well, perhaps these computer-generated composites of photogenic people wearing the shirt can convince you: Something cool must be going on over to the left. Seriously, whatever's happening to the left must be just spellbinding. WHAT IS GOING ON OVER THERE? Also, after being challenged on Twitter, we decided it only makes sense to offer up the design for free as a vector SVG and a high-res PNG, just in case you want to steal copy it. The Copying Is Not Theft gear is only available until Monday, September 5th so hurry up and order yours today! Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
So, Slate has a weird article by Nat Meysenburg suggesting that everyday people should run their own email servers. He admits up front that he doesn't think Hillary Clinton should have run her own email server, but for lots of other people he declares it to be "a good idea." For years, I’ve been trying to convince people that there is value in having an email server in your closet. But few seemed to really get it, so I often found myself wishing for a high-profile example to illustrate why it is a good idea. That wish has, in a way, come true: The casual news consumer has had the pleasure of hearing about a “private email server” quite a lot over the past year. Except, beyond that, he's basically wrong. Yes, if you're really technologically savvy and want to do it, you can absolutely run your own email server. Though, honestly, it's probably going to be kind of a pain, because you'll need to constantly be patching it and protecting it, and even then it will probably be significantly less secure than if you use an online provider. Meysenberg is right one only one point, barely, and it's that if you run your own email server, and the government wants to get access to it, at least you'll know about it: When your emails reside on a cloud provider’s server, the owners of that server are ultimately who decide when to let the government, or any other party, access those emails. In the case of your work’s server, those choices are made by your employer. In the case of Gmail (or any other cloud provider), this choice is typically made by the company’s legal team, based on its evaluation of the government’s demands. Most of the big companies, including Google, do have a policy of notifying users about demands before they hand over the requested data, which would give you an opportunity to assert your rights in court. However, there are many cases in which the government’s demand will be accompanied by a gag order forbidding the company from providing that notice. And, thus, he notes: Having a private server in your home side steps these uncertainties. At home you as a private individual have the ability determine who has access to your email inbox—just like you have a right to determine who has access to that box of old love letters from high school. By owning the server, all requests for data have to go through you (and/or your lawyers), and any confiscation of the physical hard drives on which your emails are stored requires a search warrant for your home. And unlike with email stored in the cloud, it will always be obvious if and when the police seize your email server. But, of course, none of that stops the government from getting your server if they want it... it's just that in this one case you'll know about it. And for what tradeoff? Well, there are some pretty big ones. If you're not particularly skilled and experienced with online security issues, your personal email server is almost certainly significantly less secure than the big companies that have strong security teams and are constantly making it stronger and on the lookout for attacks. If you're that good, you're not learning about the issue of hosting your own email server for the first time in... Slate. The article insists that it's a myth that running your own server is a security nightmare, but I've yet to see an online security expert who agrees with that even remotely. Even the comments to the Slate piece are filled with IT folks screaming about what a bad idea this is. In the end, this seems to be an issue of tradeoffs and skills. If you're quite skilled with online security and you think the government might want secret access to your email, then maybe in some limited cases, it might make more sense for you to run your own server -- though, even then you're exposing yourself to being hacked by the government too, because, you know, they do that kind of thing also in some cases. Otherwise, you're almost certainly opening yourself up to a home IT nightmare and a lot more trouble than it's worth for significantly less security. In short, even if you're not Hillary Clinton, running your own email server is a bad idea. And if you're just now getting the idea from Slate... then it's a really bad idea.Permalink | Comments | Email This Story

Read More...