posted about 12 hours ago on techdirt
In the long, convoluted and complex legal battles facing Megaupload founder Kim Dotcom, there was some bizarre stuff that happened late last year. As you may recall, early on, the US government seized basically all of his stuff and money. Dotcom has made efforts to get some of it returned, as it's tough to fight the most powerful government in the world when it's holding onto all of your money. Keep in mind from our previous discussions on asset seizure and forfeiture, the government can basically seize whatever it wants, just by claiming it was somehow related to a crime, but the seizure is only a temporary process. If the government wants to keep it, it then needs to go through a separate process known as civil asset forfeiture, which is effectively the government suing the assets. Back in July, the US government moved to forfeit everything it had seized from Dotcom in a new lawsuit with the catchy name USA v. All Assets Listed In Attachment A, And All Interest, Benefits, And Assets Traceable Thereto. As you may have guessed, Attachment A [pdf] is basically all of Kim Dotcom's money and posessions. Back in November, the DOJ argued that it should get to keep all of Kim Dotcom's money and stuff because he's a "fugitive", which is a bizarre and ridiculous way to portray Kim Dotcom, who has been going through a long and protracted legal process over his potential extradition from New Zealand (though he's offered to come to the US willingly if the government lets him mount a real defense by releasing his money). Dotcom's lawyers told the court that it's ridiculous to call him a fugitive, but it appears that Judge Liam O'Grady didn't buy it. In a ruling [pdf] that was just posted a little while ago, O'Grady sided with the government, and gave the DOJ all of Dotcom's things. You can read the full reasoning here and it seems to take on some troubling logic. Dotcom's lawyers pointed out, as many of us have, that there is no secondary copyright infringement under criminal law, but the judge insists that there's enough to show "conspiracy to commit copyright infringement." But the reasoning here is bizarre. Part of it is the fact that Megaupload did remove links to infringing content from its top 100 downloads list. To me, that seems like evidence of the company being a good actor in the space, and not trying to serve up more infringing downloads. To Judge O'Grady and the DOJ, it's somehow evidence of a conspiracy. No joke. The government has alleged that the conspirators knew that these files were infringing copyrights, as evidenced by their exclusion of infringing files from the "Top 100" list. The "Top 100" list purported to list the most frequently downloaded files on Megaupload.... According to the government, an accurate list would have consisted almost entirely of infringing content, so the claimants "carefully curated" the list to make the site look more legitimate.... Additionally, the claimants regularly told copyright holders, including many U.S.-based organizations, that they would remove infringing content, when in actuality they only removed particular links to the files.... The actual infringing files remained on the Mega-controlled servers and could be accessed from other links. As for that latter part, there are tons of perfectly legitimate reasons to only remove the links and not the underlying files. If Megaupload was doing deduping, then some version of the same file could be perfectly legitimate. Let's take an example: say that you and I have an MP3 of a Katy Perry song. I upload it to Megaupload to keep as a backup. You upload it to distribute to the world. Megaupload dedupes it, and just has the file stored one time. Your link could be potentially infringing if you distribute unauthorized copies, whereas my copy may be a legitimate personal backup. Given that, Megaupload should only delete the links that are called out as infringing, rather than the underlying files, which -- depending on their use -- may or may not be infringing. But the court just takes the DOJ's version and says "good enough for me." The court also has no problem with the fact that most of the assets aren't in the US, noting that since some of the "conspiracy" took place in the US, that's good enough. It more or less brushes off the concerns raised by Dotcom and the other defendants that this appears to violate existing treaties between New Zealand and the US -- basically saying that because Dotcom refuses to come to the US, it's not "punitive." Huh? On top of that, the judge says that taking all of Dotcom's assets shouldn't interfere with the legal process in New Zealand, because the New Zealand courts could (yeah right) reject the DOJ's request after this ruling to hand over Dotcom's assets. Then we get to the whole "fugitive" bit. Judge O'Grady notes that the statute does allow him to call anyone who "declines to enter" the United States a fugitive, and argues that Dotcom fits that description. Furthermore, he actually argues that Dotcom's offer to the DOJ to come willingly to the US if the money is freed for his defense actually works against Dotcom, and gives weight to the fugitive claim: As demonstrated, Dotcom need not have previously visited the United States in order to meet the prerequisites of § 2466. The statute is satisfied where the government shows that the claimant is on notice of the criminal charges against him and refuses to "enter or reenter" the country with the intent to avoid criminal prosecution. Because the court assesses intent under the totality of the circumstances, it is certainly relevant that Dotcom has never been to the United States and that he has lived in New Zealand since 2011, where he resides with his family. This tends to show that he has other reasons for remaining in New Zealand besides avoiding criminal prosecution. However, the existence of other motivations does not preclude a finding that he also has a specific intent to avoid criminal prosecution. Dotcom's statements, made publicly and conveyed by his attorneys to the government, indicate that he is only willing to face prosecution in this country on his own terms. See Technodyne, 753 F.3d at 386 (2d Cir. 2014) ("The district court was easily entitled to view those [requests for bail], evincing the [claimants'] desire to face prosecution only on their own terms, as a hallmark indicator that at least one reason the [claimants] declined to return in the absence of an opportunity for bail was to avoid prosecution"). Dotcom has indicated through his statements that he wishes to defend against the government's criminal charges and litigate his rights in the forfeiture action. If it is truly his intent to do so, then he may submit to the jurisdiction of the United States. In short, damned if you do, damned if you don't. This is the justice system, ladies and gentlemen. The DOJ gets to seize and keep all your money, and merely asking for access to it to fight to show your innocence is used as a reason to allow the DOJ to keep it. So he comes to the US and has to fight criminal charges without his own money, or he stays in New Zealand and the government uses it as an excuse to keep all the money. How is any of this even remotely fair? Where is the "due process" in totally handicapping Dotcom from presenting a defense? Again, it is entirely possible that Dotcom and the others broke the law -- though the case certainly does look pretty weak to me. But what's really astounding is how far the DOJ appears to want to go to make it absolutely impossible for Dotcom to present a full defense of his case.Permalink | Comments | Email This Story

Read More...
posted about 14 hours ago on techdirt
It's been talked about for a while, but on Friday, the White House released a draft of what it's calling a "Consumer Privacy Bill of Rights." Conceptually, that sounds like a decent idea, but in practice? Not so much. Yes, it's just a draft, but it's got a lot of vague hand-waving, and basically no one seems all that thrilled about it, either from the privacy advocate side or the tech company side. Also, it doesn't even address the biggest privacy concern of all: government surveillance and snooping. Privacy is, of course, one of those things that can be rather tricky to regulate, for a variety of reasons. Many attempts turn out badly, and don't really do much to actually protect privacy -- while sometimes blocking legitimate and useful innovations. While we're big supporters of protecting one's privacy we're at least somewhat concerned about legislation that appears to be pretty sloppy, and not all that well defined or thought out. This feels like a "we needed to do something, so here's something" kind of draft bill, rather than a "here's a legitimate problem, and here's how to fix it." It feels like a lost opportunity.Permalink | Comments | Email This Story

Read More...
posted about 15 hours ago on techdirt
Some people are naturally skinny and able to eat almost anything they want without gaining weight. Obviously, there are also plenty of folks who need to watch their diets very carefully and exercise regularly to prevent unhealthy weight gain. The causes for obesity are not well understood, and while many observers like to say it's obvious that people need to expend more calories than they consume, the challenge of doing so isn't as simple as it sounds for many. There aren't any miracle diets or drugs, but as we study obesity and understand it more, there could be more palatable treatments someday. Mitochondrial genetics could explain metabolic changes with age and with different environmental conditions. Large scale studies of mitochondrial changes in city populations are just beginning, and researchers will try to make sense of how cell genetics influence health. [url] A rare chromosomal abnormality can cause Prader-­Willi syndrome -- a condition that can be fatal and cruel because its victims can literally eat to death. People with this condition have no sensation of satiety, so they can eat until their stomachs rupture. [url] There's evidence to support the idea that intestinal microbes correlate with obesity. A fecal transplant from an overweight daughter to a mother suffering from an intestinal infection resulted in the infection going away -- but also a weight gain problem for the mother that previously didn't exist. [url] If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.Permalink | Comments | Email This Story

Read More...
posted about 16 hours ago on techdirt
Show of hands: who remembers the North Face vs. South Butt saga? Ah, yes, the trademark battle built perfectly for those of us with a sophomoric sense of humor, fully entertained us three years ago, when an upstart clothier attempted to be funny and the humorless lawyers at North Face cried consumer confusion. While the claim of confusion was as laughable as the rest of the story, the court proceedings saw South Butt agree to change its brand name. Which it did...to Butt Face, because why the hell not? South Butt/Butt Face, after all, was pimping its own publicity by streisanding its way through court proceedings, all thanks to North Face refusing to put down the litigation stick. Perhaps snowboarder Casey Sherr was taking notes at the time for his eventual release in 2013 of his Ass Armor clothing company, which of course has Under Armour's shorts in a twist. The Ft. Lauderdale company faces a trademark infringement lawsuit from Under Armour — and plans to fight. The $3 billion Baltimore athletic apparel maker also accused the snowboard shorts maker of unfair competition and cybersquatting for using the name Ass Armor and a tagline that could be confused with Under Armour's. The defendant copies Under Armour by using similar lettering and putting the Ass Armor name along the shorts' waistband, the lawsuit says. "Making matters worse, similar to Under Armour's well-known and widely promoted Protect This House tagline mark, defendants use, advertise and promote their Ass Armor mark, name and products… in connection with the Protect Your Assets tagline," says the lawsuit, filed last month in U.S. District Court in Maryland. Could the well-known Under Armour brand and imagery be somehow confused with Ass Armor and its logo? Frankly, it stretches credulity to believe that such confusion is likely. More likely this is simply the latest in a long line of battles Under Armour's legal team has staged for itself, having previously gone after Skechers, Salt Armour Inc., and others. Much like the South Butt case, it's woefully likely that all the courts will see is the obvious play on some of the more generic aspects of Under Armour's marks rather than actually weighing any real concerns over customer confusion. What's clear is that trademark wasn't designed to keep this kind of stuff tied up in court battles like this. Unlike South Butt, Ass Armor appears to be willing to fight the battle. "We strongly believe the lawsuit filed by Under Armour has no merit," said Scherr, president of the company that makes only the padded shorts, in an email Thursday. "Ass Armor has spent months fighting with Under Armour in front of the Trademark Trial and Appeal Board and then, without notice, Under Armour filed this matter in federal court. We believe this is a classic David and Goliath battle. As David, we intend to fight." Protecting its assets is part of the Ass Armor way, after all. Permalink | Comments | Email This Story

Read More...
posted about 17 hours ago on techdirt
As Mike pointed out recently, thanks to Snowden (and possibly other sources), we now know the NSA, with some help from GCHQ, has subverted just about every kind of digital electronic device where it is useful to do so -- the latest being hard drives and mobile phones. That's profoundly shocking when you consider what most non-paranoid observers thought the situation was as recently as a couple of years ago. However, given that's how things stand, there are a couple of interesting ramifications. First, that the recent attempts by politicians to demonize strong encryption look like an attempt to cover up the fact that most digital systems are already vulnerable using one or more of the techniques that have been revealed over the last year or two. That is, the NSA and GCHQ can probably access most digital content stored or transmitted in any way -- either because the encryption itself or the end-points have been compromised. Even standalone strong encryption systems like PGP -- thought still to be immune to direct attacks -- can be circumvented by breaking into the systems on which they are used. Perhaps the dark hints that encryption could be banned or backdoored are simply part of a cynical ploy to present such an appalling vision of what could happen, that we gladly accept anything less extreme without complaint. In fact, the authorities have no intention of attempting anything so stupid -- it would put all online business at risk -- because they don't need to: they already have methods to access everything anyway. That being the case, there is another important question. If the NSA and other parties do have ways of turning practically every digital electronic device into a system for spying on its users, that essentially means there is no criminal organization in the world -- ranging from the so-called "terrorist" ones that are used to justify so much bad policy currently, to the "traditional" ones that represent the bulk of the real threat to society -- that is not vulnerable to being infiltrated and subverted by government agencies. And yet we don't see this happen. Drug cartels thrive; people trafficking is surging; the smuggling of ivory and endangered animals is profitable as never before. Similarly, despite the constant and sophisticated monitoring of events across the Middle East, the rise of Islamic State evidently took the US and its allies completely by surprise. How is it that global criminality has not been brought to its knees, or that such massive geopolitical developments were not picked up well in advance -- and nipped in the bud? One obvious explanation for this pattern is that just as the attackers of London, Boston, Paris and Copenhagen were all known to the authorities, so early tell-tale signs of the rise of Islamic State were detected, but remained drowned out by the sheer volume of similar and confounding information that was being gathered. Similarly, it is presumably easy to create huge stores of information on drug bosses or people smugglers -- but hard to find enough personnel to analyze and act on that data mountain. Now that we have a better idea of the extraordinary reach of the global surveillance being carried out at all times, the failure of that activity to make us safer by countering criminal activity, at whatever scale, becomes all the more striking. It's time the intelligence agencies accepted that the "collect it all" approach is not just failing, but actually exactly wrong: what we need is not more surveillance, but much less of it and much better targeted. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted about 18 hours ago on techdirt
There are way too many stories of Paypal unfairly and ridiculously cutting off services that rely on it as a payment mechanism, but here's yet another one. Mega, the cloud storage provider that is perhaps well-known for being Kim Dotcom's "comeback" act after the US government shut down Megaupload, has had its Paypal account cut off. The company claims that Paypal was pressured by Visa and Mastercard to cut it off: Visa and MasterCard then pressured PayPal to cease providing payment services to MEGA. MEGA provided extensive statistics and other evidence showing that MEGA's business is legitimate and legally compliant. After discussions that appeared to satisfy PayPal’s queries, MEGA authorised PayPal to share that material with Visa and MasterCard. Eventually PayPal made a non-negotiable decision to immediately terminate services to MEGA. PayPal has apologised for this situation and confirmed that MEGA management are upstanding and acting in good faith. PayPal acknowledged that the business is legitimate, but advised that a key concern was that MEGA has a unique model with its end-to-end encryption which leads to “unknowability of what is on the platform”. MEGA has demonstrated that it is as compliant with its legal obligations as USA cloud storage services operated by Google, Microsoft, Apple, Dropbox, Box, Spideroak etc, but PayPal has advised that MEGA's "unique encryption model" presents an insurmountable difficulty. That last line is particularly bizarre, given that if anyone recognizes the value of encryption it should be a freaking payments company. And, of course, Paypal can't know what's stored on any of those other platforms, so why is it being pressured to cut off Mega? Mega's theory -- which is mostly reasonable -- is that because Mega was mistakenly listed in a report released by the "Digital Citizens Alliance" that insisted Mega was a rogue cyberlocker storing infringing content, that payment companies were told to cut it off. If true, this is problematic on multiple levels. The methodology of the report was absolutely ridiculous. Because most Mega files are stored privately (like any Dropbox or Box or Google Drive account), the researchers at NetNames have no idea what's actually being stored there or if it's being done perfectly legitimately. Instead, they found a few links to infringing works, and then extrapolated. That's just bad research practices. Furthermore, the Digital Citizens Alliance is hardly an unbiased third party. It's an MPAA front group that was the key force in the MPAA's (now revealed) secret plan to have states attorneys general attack Google. Think the MPAA has reasons to try to go after any potential revenue source for Kim Dotcom? Remember, taking down Megaupload and winning in court against Dotcom was a key focus of the company since 2010 or so, and Dotcom recently noted that he's out of money and pleading with the court to release some of the funds seized by the government to continue to fight his case. The lawyers who represented him all along quit late last year when he ran out of money. It seems like the MPAA might have ulterior motives in naming Mega to that list, don't you think? And, this all goes back to this dangerous effort by the White House a few years ago to set up these "voluntary agreements" in which payment companies would agree to cut off service to sites that the entertainment industry declared "bad." There's no due process. There's no adjudication. There's just one industry getting to declare websites it doesn't like as "bad" and all payment companies refusing to serve it. This seems like a pretty big problem.Permalink | Comments | Email This Story

Read More...
posted about 19 hours ago on techdirt
Yesterday evening I saw a tweet zip by in which some very smart people I know and respect appeared to be arguing about the color of a dress. It seemed like a weird thing, so I went and looked and saw what appeared to be a white and gold dress. No big deal. But, other people insisted that it was blue and black. Vehemently. At first I thought it was a joke. Or an optical illusion. Or maybe it depended on your monitor. But I called over a colleague here in the office, and she swore that it was blue and black. And I was 100% sure that it was white and gold. If you somehow live under a rock, here's the image: We now know the "truth" (sort of) -- which is that the dress itself really is blue and black, but thanks to the lighting and some odd visual tricks it appears white and gold to a large part of the population. For what it's worth, many people report that after a period of time it switches, and that's true for me too. Late last night I took one last look (after everyone else in my family swore that it was blue and black) and I saw it blue and black. Amusingly, at almost exactly the same time, my wife suddenly saw it as white and gold. My mother-in-law suggested we both need to seek mental help. There are fights like this going on all over the internet, with lots of people trying to decipher why this image seems to work this way. So why are we writing about it here? Because it's Fair Use Week, and what a great fair use story. This image isn't just being showed everywhere, it's being modified, flipped, adjusted, poked and prodded as people discuss it in all sorts of ways (comment and criticism). And it's all fair use. Take, for example, our own Leigh Beadon, who put forth on Twitter a theory about why different people see it in different ways: I think the dress is all about sensitivity to blue. pic.twitter.com/rnWD473AQ8 — Leigh Beadon (@marcuscarab) February 27, 2015 In our internal chat, he was also submitting additional images as he played with the image. Take, for example, this one, where he played with the brightness levels: Ok, thanks to @marcuscarab for min & maxing the brightness. I still see both as white and gold, but... pic.twitter.com/pRIiTJn5yK — Mike Masnick (@mmasnick) February 27, 2015 And tons of others have weighed in as well. Even software maker Adobe got into the discussion: For those seeing #WhiteandGold in #TheDress (http://t.co/pNG9tXu5pU), @HopeTaylorPhoto ends the debate. pic.twitter.com/W7TwQJy13m — Adobe (@Adobe) February 27, 2015 " And someone else posted a helpful video modifying it: MT @hopetaylorphoto: #TheDress problem has been solved s/o to @Adobe and @Lightroom: pic.twitter.com/y4nzLeI2PN — Adobe (@Adobe) February 27, 2015 Vice has an amazing story in which they present the image to a color vision expert who is so stumped he admits he may give up trying to cure blindness to devote the rest of his life to understanding the dress. The folks over at Vox both insist that the color changing can't be explained and that it can be (journalism!). The folks at Deadspin say you're all wrong and the dress is actually blue and brown. Almost all of these are using not just versions of the image, but modified ones as well, to try to demonstrate what they're talking about. And there's been no talk about copyright. Because we don't need to be discussing copyright, because this is all fair use. Last night, some were pointing out that this was such an "internet" story that it's great that it came out on the same day the FCC voted for net neutrality, but I say it's an even better way to close out fair use week, with a great demonstration of why fair use matters.Permalink | Comments | Email This Story

Read More...
posted about 20 hours ago on techdirt
Earlier this week, we wrote about a really dumb move by Google to effectively kick out all of the bloggers who use its blogger platform to post "adult" content -- either text or images. Google gave such bloggers just 30 days to find a new home before it would make all their blogs private. It insisted that, going forward, the content police at Google would determine what photographs were "artistic" and allowed, and which were "dirty" and not allowed. As we noted, this move seemed particularly tone deaf and problematic, and could lead to other problems for Google. And a lot of other people agreed. And... just like that, Google appears to have reversed course. Over in its product forums, someone from the Blogger Team announced that they had realized they already had policies they could enforce and didn't need to implement these new rules: This week, we announced a change to Blogger’s porn policy. We’ve had a ton of feedback, in particular about the introduction of a retroactive change (some people have had accounts for 10+ years), but also about the negative impact on individuals who post sexually explicit content to express their identities. So rather than implement this change, we’ve decided to step up enforcement around our existing policy prohibiting commercial porn. Blog owners should continue to mark any blogs containing sexually explicit content as “adult” so that they can be placed behind an “adult content” warning page. Bloggers whose content is consistent with this and other policies do not need to make any changes to their blogs. Thank you for your continued feedback. So, kudos to Google for at least hearing the feedback and rolling back the change -- though it's still unfortunate that it even had to come to that in the first place. It seems likely that many of those bloggers may go looking for alternate hosting anyway.Permalink | Comments | Email This Story

Read More...
posted about 21 hours ago on techdirt
A few weeks ago, after it was more or less confirmed that the FCC was going forward with full Title II reclassification of broadband, we noted that the stocks of the big broadband companies actually went up suggesting that Wall Street actually knows that reclassification won't really impact broadband companies, despite what they've been saying publicly. Perhaps this is partly because those same companies have been telling Wall Street that the rule change won't have an impact. However, for the Wall Street Journal -- which has become weirdly, obsessively, anti-net neutrality -- this is an abomination. The newspaper has spent months trying to whip everyone into a frenzy about how evil net neutrality is, using some of the most blatantly wrong arguments around. Just a few days ago, the WSJ turned to its former publisher, now columnist, L. Gordon Crovitz to spread as much misinformation as possible. This is the same L. Gordon Crovitz who a few years ago wrote such a ridiculously wrong article on the history of the internet that basically everyone shoved each other aside to detail how he mangled the history. He, bizarrely, insisted that the government had no role in the creation of the internet. Crovitz also has a history of being wrong (and woefully uninformed) about surveillance and encryption. It's difficult to understand why the WSJ allows him to continue writing pieces that are so frequently factually challenged. In this latest piece, Crovitz suggests that Ted Cruz didn't go far enough in comparing Obamacare to net neutrality, arguing that net neutrality is even "worse." The permissionless Internet, which allows anyone to introduce a website, app or device without government review, ends this week. Um, no, actually, the reverse. The rules say that no website or app needs to get permission. The government isn't going to be reviewing anything, other than anti-consumer practices by the large ISPs. Bureaucrats can review the fairness of Google's search results, Facebook's news feeds and news sites' links to one another and to advertisers. BlackBerry is already lobbying the FCC to force Apple and Netflix to offer apps for BlackBerry’s unpopular phones. Bureaucrats will oversee peering, content-delivery networks and other parts of the interconnected network that enables everything from Netflix and YouTube to security drones and online surgery. None of this is true. The BlackBerry thing isn't real. It's a stupid political stunt cooked up by the telcos to try to make the new rules look bad. But the rules do not, in any way, apply to Google's search results or Facebook's news feed or any other content online. It covers internet access services, and all it does is put in place some straightforward rules against discrimination. Still, all this fear mongering isn't working. Following yesterday's decision by the FCC, the folks over at Quartz noticed that the big broadband stocks have actually had a pretty damn good month: Which brings us back around to the Wall Street Journal. The paper of record for Wall Street, which normally likes to suggest that markets are "right" about everything, is absolutely positive that the markets are wrong about this. And it's furious. It has an article demanding that broadband investors need to "wake up" to what's happening with net neutrality: Investors actually seemed to breathe a sigh of relief when FCC Chairman Tom Wheeler unveiled his proposal on Feb. 4, sending cable stocks higher. Investors were cheering the chairman’s assurance that the commission wouldn’t invoke the Title II power to regulate prices. But investors, beware: Broadband’s new status opens the door to the possibility of a future that is far less lucrative and more uncertain for the companies that provide it. Bullshit. Frankly, things can always change in the future, in either direction, so claiming that things might change is meaningless FUD. At the end of the article, the WSJ pretends that maybe the reason why stocks are up is because investors expect that the broadband players will win an eventual court battle, but that seems like wishful thinking on multiple levels. Let's go with Occam's Razor on this one. The market is up because everyone knows that Title II won't make a huge difference at all for the prospects of broadband companies. Multiple Wall St. analysts have been saying this for months, as have the big broadband companies to the analysts themselves. The Wall Street Journal should take a page from its own playbook: maybe the markets do know best.Permalink | Comments | Email This Story

Read More...
posted about 22 hours ago on techdirt
While sexy Google Fiber deployments get the lion's share of media attention these days, it's the notably less sexy service in states like West Virginia that continue to perfectly exemplify just how broken U.S. broadband really is. Local Charleston Gazette reporter Eric Eyre has quietly done an amazing job the last few years chronicling West Virginia's immense broadband dysfunction, from the State's use of broadband stimulus subsidies on unused, overpowered routers and overpaid, redundant consultants, to state leaders' attempts to bury reports highlighting how a cozy relationship with companies like Frontier, Verizon and Cisco has led to what can only be explained as systemic, statewide fraud on the taxpayer dime. It's of course the one-two punch of regulatory capture and the resulting lack of competition that are to thank for West Virginia's problems, which certainly aren't unique across the country. In state after state, the largest, incumbent ISPs throw cash at the state legislative process, allowing them to literally write state telecom law aimed at protecting their uncompetitive geographical fiefdoms from real competition. Because the nation's suffering through a particularly nasty bout of partisan nitwit disease, when someone tries to do something about it, they're ironically assailed as anti-business, anti-American, or anti-states' rights. I tend to focus on West Virginia as a shining example of this dysfunction because things have gotten so bad there, local players have stopped even the slightest pretense that the entire legislative process isn't under the thumb of the country's biggest and wealthiest telecom companies. Case in point is this latest report by Eyre citing complaints by West Virginia Delegate Randy Smith, who says things have reached the point where nobody, from any party, can get a bill through the West Virginia legislative process if it doesn't first get approval from Frontier Communications. From a recent post to his Facebook page:"As you know, Frontier Communications is the only game in town for many rural communities in West Virginia when it comes to Internet service. After introducing the legislation, I spoke with someone in leadership and was told it'd go nowhere because it would hurt Frontier. In other words, Frontier has its hands in our state Capitol...No wonder they're called Frontier. Those are the kinds of speeds you'd expect on the American frontier in the 17th century." What reckless, dangerous bills was Smith trying to pass? One would have restricted ISPs from advertising their service as "broadband" unless it offered speeds of 10 Mbps (the FCC's new definition is already 25 Mbps, or 10 Mbps for rural subsidized service). Another would have allowed consumers to take complaints about poor broadband service directly to State Attorney General Patrick Morrisey -- if the state Public Service Commission refused to hear their complaints. But because both would have marginally threatened Frontier's monopoly in the State, they weren't even seriously considered. Frontier's facing a lawsuit in the state for long repair delays and for advertising broadband speeds users can't actually get. Again, West Virginia's certainly not unique; the ISP stranglehold over the state legislative process just tends to be more sophisticated and better obfuscated in larger States. Regardless of the state, attempts at reform are usually assailed by those professing to adore free markets, when more often than not what they really adore is being able to abuse government to help protect mono/duopoly revenues. That's why, although it was massively overshadowed by the net neutrality vote the same day, yesterday's FCC vote to begin gutting protectionist, ISP-written state laws is an incredibly important first step toward returning some degree of power back to local communities while taking the fight directly to the bloated and corrupt broadband industry status quo.Permalink | Comments | Email This Story

Read More...
posted about 24 hours ago on techdirt
For many years, it's been something of an open question if creating a major security or privacy vulnerability was illegal. For the most part, courts have ruled that without actual proven harm, it's difficult to show real standing for the sake of a civil lawsuit. In practical terms, this has meant that if you just introduce a massive security risk, without it directly being abused (in a way that people know about), a company's liability is fairly limited. Obviously, that could change quickly if there was an actual abuse. Not surprisingly, class action law firms still love to file these kinds of lawsuits after a major privacy/security breach just in case. So it was totally expected to see a class action firm jump in and sue Lenovo over the Superfish malware that we've been discussing for the past few days. The folks over at CDT, however, have a very good discussion over whether or not enabling such HTTPS hijacking really is illegal. The article compares the Superfish story to the other recent story about in-flight Wi-Fi provider GoGo doing something similar, and explores whether or not these man-in-the-middle attacks run afoul of Section 5 of the FTC Act, which is the broad rules under which the FTC "protects consumers." The rules basically say companies cannot do things that are "deceptive" or "unfair," but the definitions of both of those words matters quite a bit. Here's the exploration of whether this kind of man-in-the-middle attack is "deceptive": At a technical level, these SSL-breaking technologies trick your browser by forging SSL certificates, implying that their service operates encrypted websites like YouTube.com and BankofAmerica.com. In fact, instead of passing encrypted traffic on to the appropriate destination, these technologies enact the previously described “man-in-the-middle attack,” gaining access to potentially sensitive information that should rightly be kept between you and, for example, your bank or health care provider. Though these practices do not directly deceive the end user, they do effectively deceive the user’s software that acts as a “user agent.”  It’s not settled that this is prohibited by deceptive practices authority; in the past, the FTC has been reluctant to pursue deceptive practices cases merely on the grounds of tricking a browser: the FTC declined to pursue companies that issued bogus machine-readable P3P policies to get around Internet Explorer privacy restrictions or against companies that evaded Apple Safari’s default cookie settings in order to place third party cookies.[3] On the other hand, six state Attorneys General did bring a deceptive practices claim under their own version of Section 5 against companies that tricked Safari browsers into accepting third-party cookies. Alternatively, the FTC could argue that failure to disclose that encrypted transmissions were being intercepted constituted a material omission — that is, failure to explain the practice would be a deceptive means to prevent a consumer from meaningfully evaluating the product. The FTC has brought a number of cases arguing that failure to disclose highly invasive or controversial practices either in a privacy policy or in clear, upfront language could constitute a deceptive practice.  For instance, the FTC has found that failure to disclose access to your phone’s contact information or precise geolocation could constitute a material omission. From what I can tell, neither Gogo nor Lenovo went out of their way to tell users about these practices. If anything, Gogo’s privacy policy would lead users to think that their SSL-protected communications were safe from eavesdropping. For Lenovo, a post to one of its user forums says that users had to agree to the Superfish privacy policy and terms of service. I don’t know what these documents said exactly, though the Superfish documents available on their website say nothing about these practices.  Even if Lenovo had disclosed in fine print what it does, regulators could make the case that SSL interception was so controversial that permission needed to be obtained outside of a boilerplate legal agreement. A service could certainly try to make a value proposition to consumers that some feature was worth the cost of breaking web encryption – but that’s not what happened here. What about the question of "unfair"? Apparently, the FTC prefers to use "unfair" in the cases it brings, rather than deceptive, so that is the more likely option. In order to be “unfair” under Section 5, a business practice has to meet three criteria – it must: Cause significant consumer harm, Not be reasonably avoidable by consumers, and Not be offset by countervailing benefits to consumers. If breaking encryption exposes consumers to significant security vulnerabilities, regulators will likely have a very strong case for an unfairness violation. On causing significant harm, this seems fairly straightforward in Lenovo’s case: its partner Superfish configured its software to intercept all SSL requests — using the same decryption key across all devices. This key was easily reverse engineered soon after the story broke, meaning that any malicious attacker could use this key to intercept any encrypted communication. That’s a huge security vulnerability, and at least as concerning as several other vulnerabilities that the FTC has previously alleged to have harmed consumers. Gogo’s SSL interception also raised security concerns — it arguably inures users to security warnings and exposes them to attackers posing as Gogo’s network — but the risk is probably not as great as in the Lenovo case. The FTC has brought actions against device manufacturers in the past for weakening security; in its case against phone manufacturer HTC, the FTC alleged that badly designed software that let app developers piggyback on HTC’s access to certain phone functionality without user permission was an unfair business practice. On the second part of the unfairness test, it’s hard to argue how these practices are avoidable by ordinary consumers. They may have clicked though legalistic agreements, but as far as we can tell, none of these documents made any disclosure about these sorts of tactics — or the vulnerabilities to which they exposed consumers. Certainly, neither Gogo nor Lenovo presented information outside of a legal document where consumers were likely to notice. As a result, consumers weren’t provided with actionable information that they could have used to avoid these problems. Finally, it’s hard to see that the security vulnerabilities introduced by SSL-interception were outweighed by any benefits to the practice. Gogo used this tactic to block bandwidth-heavy video applications on planes with limited internet access — a worthy goal, but one better accomplished through less destructive means. Lenovo allowed its partner to break encryption in order to view private communications for targeted advertising.  It is doubtful that many consumers would find this trade-off beneficial, even if it lowered prices significantly; in any event, Lenovo claims that they didn’t make much money from its deal with Superfish, and the pre-installed adware was simply designed to improve the user experience. Since exposure of these practices, both companies have backtracked and ended use of the encryption-breaking technologies. But there's a much bigger question: will the FTC actually bother? The fact that Lenovo reacted pretty quickly to this mess probably suggests that the FTC may not bother. Yes, Lenovo's initial reaction wasn't great, but it did change its tune within less than 48 hours, and has been pretty vocal and active in apologizing and fixing things since then. That may be enough reason for the FTC to think it's not necessary to go after the company. Of course, it may feel differently about Superfish itself -- since that company still denies there's any problem and basically refuses to admit its role in this whole mess. It's still standing by its bogus statement that it did nothing wrong and claiming that Lenovo will clear things up -- even as Lenovo has clearly said otherwise.Permalink | Comments | Email This Story

Read More...
posted 1 day ago on techdirt
The NSA continues to "save" the United States from terrorism by making it weaker. Not only has the agency actively undermined encryption standards, but its willingness to insert backdoors and spyware in any piece of hardware or software it can get its hands on has severely damaged the world's trust of American technology. Cloud computing providers have already felt the aftershocks of the Snowden leaks. An Open Technology Institute report published a year after the first revelation noted that many had already seen a drop-off in sales and predicted that the backlash against the NSA's surveillance tactics could cost companies anywhere from $22-180 billion over the next three years. Hardware makers are getting hit hard as well. One of the largest buyers of American tech products has dropped some very big brands from its approved supplier list. China has dropped some of the world's leading technology brands from its approved state purchase lists, while approving thousands more locally made products, in what some say is a response to revelations of widespread Western cybersurveillance. Chief casualty is U.S. network equipment maker Cisco Systems Inc, which in 2012 counted 60 products on the Central Government Procurement Center's (CGPC) list, but by late 2014 had none, a Reuters analysis of official data shows. Smartphone and PC maker Apple Inc has also been dropped over the period, along with Intel Corp's security software firm McAfee and network and server software firm Citrix Systems. It's certainly no surprise that Cisco would be one of the first dropped by foreign purchasers wary of NSA meddling. A leaked document detailing the agency's hardware interdiction program contained a photo of operatives carefully unwrapping a box full of hardware destined for NSA spyware implants. While the faces of the agents may have been blurred, the logo on the box was not. As the story spread across the internet, one conclusion was drawn: Cisco products are not "safe." The fact that foreign hardware may arrive loaded with spyware and backdoors isn't the only thing prompting the Chinese government to drop nearly half of its overseas security-related tech suppliers. There's also the ongoing tension between the US and China, which has devolved into each country accusing the other of inserting backdoors into exported tech. It appears both sets of accusations are correct, but for years it was largely assumed that China was mostly alone in these efforts. China also has a domestic market it would like to expand, which will now get a leg up from the government. As it eyes an increased exports, it is likely aware that many foreign governments and other potential purchasers consider its exports no more "secure" than NSA-infected tech shipping from the US. Purchasers will find themselves taking the "lesser of two evils" approach when seeking to obtain tech products -- something that won't always work out in favor of American companies. Cisco has openly stated that "geopolitical concerns" -- like the NSA's interception of its products destined for foreign markets -- have led to a downturn in sales. Other affected companies like Intel have yet to issue official statements detailing any NSA-related impact on their sales, but it's clear the last 18 months of leaks have done little to raise their future expectations. OTI's wide-open estimate on potential losses will probably never achieve sharper focus. It's unlikely former customers are going to clearly state that unrenewed contracts or supplier list culls are due to the NSA's actions, but surveys have indicated this concern does factor heavily into purchasing decisions. The leaks aren't going to stop, and what is already in the public domain will continue to take its toll. Just as certainly, the NSA isn't going to stop looking for ways to circumvent encryption or compromise hardware. At this point, there's no way any company can claim with certainty that they have avoided becoming part of any government's intelligence apparatus -- and that's going to hurt them for years to come.Permalink | Comments | Email This Story

Read More...
posted 1 day ago on techdirt
The FBI is still actively thwarting its oversight. Last fall, DOJ Inspector General Michael Horowitz informed the House Judiciary Committee that the FBI was routinely denying his office documents it needed to perform investigations. The withheld documents included everything from electronic surveillance information to organizational charts. Not only did the FBI refuse to hand over requested documents, but it also stonewalled OIG investigations for so long that "officials under review [had] retired or left the agencies before the report [was] complete." Nearly six months later, the situation remains unchanged. Horowitz is again informing the House Judiciary Committee that the FBI is still less than interested in assisting his office. The same stonewalling tactics and withholding of information continues, preventing the IG from fully examining the DEA's use of administrative subpoenas. The unfulfilled information request that causes the OIG to make this report was sent to the FBI on November 20,2014. Since that time, the FBI has made a partial production in this matter, and there have been multiple discussions between the OIG and the FBI about this request, resulting in the OIG setting a final deadline for production of all material of February 13,2015. Both words in the phrase "final deadline" were quickly rendered meaningless by the FBI. On February 12, 2015, the FBI informed the OIG that it would not be able to produce the remaining records by the deadline. The FBI's fluid definition of "final deadline" apparently includes a shrugged "We don't really know when -- or if -- these documents will be produced." The FBI gave an estimate of 1-2 weeks to complete the production but did not commit to do so by a date certain. The FBI claims it still needs to review the requested document list to ensure nothing that's being asked for falls into its multitudinous exceptions -- like information related to grand juries, Title III electronic surveillance and, oddly, the Fair Credit Reporting Act. Horowitz's letter points out two things, the latter of which may prompt more immediate action than the first. In the first place, the exceptions raised by the FBI do not apply to OIG investigations. Secondly, the (apparently continual) stonewalling of OIG investigations is, at best, a misuse of taxpayer funds. Section 218 of the Appropriations Act does not permit the use of funds appropriated to the Department of Justice to deny the OIG access to records in the custody of the Department unless in accordance with an express limitation of Section 6(a) of the IG Act. The IG Act, Section 6(a), does not expressly or otherwise limit the OIG's access to the categories of information the FBI maintains it must review before providing records to the OIG. For this reason, we are reporting this matter to the Appropriations Committees in conformity with Section 218. We'll see if the the FBI suddenly becomes a bit more helpful now that Horowitz has made a move for its wallet. But once again, this sort of activity completely undermines the arguments of those defending these agencies by pointing to the "rigorous oversight" supposedly keeping domestic surveillance in check and abuses of power to a minimum. Permalink | Comments | Email This Story

Read More...
posted 1 day ago on techdirt
Even to those of us who are not experts in foreign policy, it is obvious that the security situation is deteriorating across a huge swathe of the Near East and Africa, as attacks in Afghanistan, Iraq, Syria, Yemen, Egypt, Libya, Nigeria, Cameroon and elsewhere multiply. Western analysts seem to be struggling to come up with a cogent explanation for this increasing success. That makes this short but illuminating post by John Robb particularly valuable. He describes what is happening across this vast area as the "open jihad." Here are its key characteristics: Open jihad evolves (gets better) through massively parallel co-development. All of the groups in the open jihad, no matter how small (even down to individuals), can contribute. They do this by: 1. tinkering with tactics, strategies, and technologies that can be used to advance the open jihad. 2. testing the efficacy of these innovations by using them against the enemy. In other words, throwing them against the wall to see what sticks. 3. copying the innovations that work. These are also some of the key features of open source -- hence the name "open jihad." Their appearance in the context of international violence is a reminder that they are not limited to the digital world, with things like open source, open access, open data and all the other "opens," but are a set of very general principles for producing extremely rapid innovation in any domain. That might provide a clue to governments struggling to deal with this growing threat to stability that they ought to try something similar, rather than resorting to traditional responses that are doomed to fail when dealing with a new kind of enemy. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+Permalink | Comments | Email This Story

Read More...
posted 1 day ago on techdirt
The problem of storing digital data usually involves transferring data from an older format to a newer one -- with the hopes that the newer one won't be replaced as quickly as the older format it just replaced. Maybe some archivists out there like to go through this periodic technology shift and verify that the data we've stored is still readable, but wouldn't it be nice if there was a "store it and forget it" format? A single gram of DNA can store up to 455 exabytes of data, and roughly four grams of DNA could store all of the world's collected information. It's not cheap to store arbitrary data on DNA yet, but the costs are coming down. [url] Stored data on DNA encased in glass at freezing temperatures could survive for a couple million years. The DNA of a woolly mammoth in Siberia was preserved for 40,000 in a tundra, so it's not unthinkable that we might want to keep a few backups of our data on ice. [url] Making large DNA crystals with precisely-controlled structures is something that can be done with a "DNA-brick self-assembly" method. Being able to do this could help fabricate all kinds of nanoscale designs and create a manufacturing process for complex, artificial DNA structures. [url] If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.Permalink | Comments | Email This Story

Read More...
posted 1 day ago on techdirt
Despite the feds' best efforts to keep IMSI catchers (Stingray devices, colloquially and almost certainly to the dismay of manufacturer Harris Corporation, as they head to becoming the kleenex of surveillance tech) a secret, there's still enough information leaking out around the edges of the FBI's non-disclosure agreements to provoke public discussion. The discussion appears to have reached the top of the food chain. Sen. Bill Nelson -- following the lead of Senators Leahy and Grassley -- has sent a letter to FCC chairman Tom Wheeler asking the following: [image credit: Julian Sanchez] Dear Chairman Wheeler: On Feb. 23, The Washington Post published a front-page article “Secrecy around Police Surveillance Equipment Proves a Case’s Undoing.” That article indicated that the Tallahassee Police Department and other law enforcement agencies around the country have been using a device called the StingRay to collect cell phone call information. That article and previous others concerning the device reveal the StingRay was certified for use by the Federal Communications Commission (FCC), contingent upon the conditions that StingRay’s manufacturer sell these devices solely to federal, state, and local public safety and law enforcement; and that state and local law enforcement agencies must coordinate in advance with the Federal Bureau of Investigation (FBI) before acquiring or using this equipment. According to the article, these devices now have been purchased by 48 law enforcement agencies in 20 states and the District of Columbia and used in hundreds of cases. Yep, the devices are pretty much everywhere and no one wants to talk about them. When the US Marshals Service isn't stepping in to physically remove Stingray-related documents, local law enforcement agencies are disguising their use of these devices behind vague warrants and subpoenas. What Sen. Nelson wants to know is what the FCC knows about Stingrays. What information the FCC may have had about the rationale behind the restrictions placed on the certification of the StingRay, and whether similar restrictions have been put in place for other devices; Whether the FCC inquired about what oversight may be in place to make sure that use of the devices complied with the manufacturer’s representations to the FCC at the time of certification; and A status report on the activities of the “task force” you previously formed to look at questions surrounding the use of the StingRay and similar devices. What we DO know so far about the interplay of Harris, the FBI and the FCC is that the first two parties have been less than forthright with the third. Harris managed to push its devices past the FCC by implying they would only be used in emergencies -- even though it was already clear at the point it made that statement that law enforcement agencies were frequently deploying them in non-emergency situations. The FBI has performed its own obfuscation, implying in a letter to law enforcement agencies that the FCC required the signing off a non-disclosure agreement with the FBI. The FCC has since denied this, and obtained documents indicate it's the FBI that wants to control the flow of information regarding Stingrays, not the other way around. I imagine the FCC would be compliant with this request, considering its past relationship with the FBI and Harris. But it can expect to run into significant resistance from the DOJ, which still believes that the long-exposed technology should still be afforded NSA-level secrecy -- especially when answers to Sen. Nelson's questions will likely expose its less-than-honest dealings with the FCC. Sen. Nelson deserves some extra praise for being willing to put himself in an awkward situation. As the ACLU's Chris Soghoian notes, the senator has picked a very public fight with his second biggest campaign contributor. Somebody needs to provide some answers and, while it's really the FBI that should be talking at this point, the FCC's take on this -- and its dealings with the FBI -- should be enlightening. The FBI's insistence on secrecy is not only screwing defendants during the discovery process, but it's also harming local law enforcement itself, which has shown an alarming willingness to drop cases/charges rather than reveal the use of Stingray devices. Permalink | Comments | Email This Story

Read More...
posted 2 days ago on techdirt
At some point, this whole fad of trademarking phrases that leap into the public consciousness through public events is going to have to stop. Between trying to lock the language of the recently slain, the foreign policy story du jour, and all the rest, eventually the public and the courts are going to have to realize that this can't go on unchecked. For some reason, professional and college sports organizations seem especially prone to this kind of nonsense, from the attempt to exert control over a colloquial term to a team simply treating its own fanbase like so much trademarkable chattle. That last example, concerning the Seattle Seahawks' apparent attempt to trademark roughly all the things, is particularly apropros in the latest trademark news, which features the team's running back, Marshawn Lynch. See, Lynch likes to paint himself as an anti-establishment guy. Far from the spotlight-seeking nature enjoyed by some of this league-mates, Lynch shies from the press, refusing to do the mandatory press engagements collectively bargained between the players union and the league. When he deigns to grace the press with his presence at all, he typically keeps things to one-word or one-phrase non-sequitors in answering reporters' questions, such as when he most recently responded to all questions with, "I'm just here so I won't get fined." It was petty, childish and a departure from the rules agreed upon between the league and the union. Oh, and now it's the subject of a trademark application by Lynch as well. Lynch last week filed for the trademark to the phrase "I'm just here so I won't get fined" with the U.S. Patent and Trademark Office. Lynch famously uttered the phrase as the answer to more than 20 questions on Super Bowl XLIX media day before walking off the podium. "We heard from our fans, and so many of them were saying that they wanted that phrase on the clothing," Chris Bevans, who runs Lynch's "Beast Mode" apparel line, told ESPN.com. "This is just listening to the marketplace." That last bit is nonsense, of course, because no fan of Marshawn Lynch's anywhere ever pined for the running back to get a trademark for a phrase he happened to utter. Why such a generic sentence deserves any manner of protection is simply beyond me. A brand is a brand, but simply going out and putting a mark on ever half-garbled jab at his employer that Lynch's fans happen to enjoy isn't what trademark is for. At some point, with the acknowledgement that the USPTO has been so lax in allowing the culture of permission and gates to spring forth, some kind of litmus test is going to have to be introduced to keep otherwise common language from being locked out of commerce this way. And it's not like this is the first time Lynch has gone around applying for trademarks on whatever happens to come out of his mouth that grabs any measure of attention. Last year, he trademarked "About that action BOSS," which he said to Deion Sanders of the NFL Network in the only interview he conducted during Super Bowl XLVIII media day. Lynch is expected to be the owner of that trademark by this summer, but in the meantime, he has already started selling clothes with the phrase on it. Lynch owns four "Beast Mode" trademarks and has filed for four more. He has also filed for the phrase "Power Pellets." Devin Lacerte of Octagon, who works with a trademark attorney on all of Lynch's trademarks, told ESPN.com last month that hundreds of cease-and-desist letters have been sent to people who try to sell products with the "Beast Mode" name. Delightful, especially considering the origins of "Beast Mode" don't exactly start with Marshawn Lynch (it almost certainly was used in conjunction with video game Altered Beast as well as the cartoon Beast Wars). So here we have a guy who paints himself as anti-establishment, but who is quite happy to run to the USPTO and turn himself into language authoritarian any time something he says grabs attention. Maybe it's time for the USPTO to go all beast mode on phrases getting trademarks like this, please? Permalink | Comments | Email This Story

Read More...
posted 2 days ago on techdirt
Over the last year, there's been plenty of good news in the fight against the abuse of patents to stifle innovation. A bunch of court rulings have gone the right way, with the biggest being the Supreme Court's ruling in the Alice v. CLS Bank case, that has resulted in many courts invalidating patents, the US Patent Office suddenly rejecting more patents and a rapid decline in patent lawsuits. Based on that, you might think that we no longer need patent reform. But you'd be wrong. Patent trolls are regrouping and fighting back. Despite the big drop in patent lawsuits following the Alice ruling, patent trolls have come up with some new ideas, and have recently ramped up the filing of new trolling lawsuits at a rapid pace. And there have even been a few victories. While the dollar amounts were relatively low (especially compared to what was asked for), a troll who claimed to have a patent over Bluetooth 2.0 (despite "inventing" it years after Bluetooth 2.0 was on the market) was awarded $15.7 million, and the world's biggest patent troll, Intellectual Ventures actually won a case against Symantec (but got "only" $17 million). But, earlier this week, there was the big one. A pure patent troll, Smartflash, with a collection of vague and broad patents (US 7,334,720, US 8,118,221 and 8,336,772 -- all for "data storage and access systems") has been awarded $532,900,000 from Apple, despite everyone happily admitting that Apple came up with the idea on its own. Here's the East Texas (of course) court jury form: And, yes, Apple could probably pay that off with the spare change falling off the edge of Tim Cook's desk, but that's not really the point. Rulings like this don't seem to create any value towards actual innovation. Smartflash once had a product, but it failed in the marketplace over a decade ago. Apple built a product that people actually wanted. Shouldn't we be rewarding the people who actually make the things people want, rather than subsidizing failure by the successful? Smartflash's lawyer told Ars Technica's Joe Mullin that this ruling is actually a "great example of why the patent system exists." Actually, it's a great example of how screwed up the patent system is. The lawyer also spewed this load of bullshit: The thing about a patent is—let's say you have a university professor who spent two years researching something. It's irrelevant the effort that [an infringing company] spent to build it. It's the person who came up with it first. That's the way the Constitution, and the patent laws, are written. It's designed to cause people to spend money and time innovating. The patent office publishes it, so that advances the state of the art. In exchange for that, you get a property right. That's also not how the Constitution is written, though it is (unfortunately) how patent laws are written. But that's not a way to get people to spend "money and time innovating" because the actual innovators here -- Apple -- had to pay out to the guy who failed in innovating. Being "first" isn't innovating. Building the product someone wants is. Either way, Apple will appeal this ruling (and those other rulings are likely to be appealed as well). And in the last few months, CAFC has actually been shown to have gotten the message about problems with its previous interpretation of patent law. But, in the meantime, we still need serious patent reform.Permalink | Comments | Email This Story

Read More...
posted 2 days ago on techdirt
The billion-dollar lawsuit against the producers of the Edward Snowden documentary CitizenFour rolls on, gradually unraveling as it does. Since we last covered the story (where the United States of America was added as an involuntary plaintiff -- a plaintiff since forcibly removed by the court), a lot has happened. For one, CitizenFour won an Oscar for Best Documentary, something that can't be sitting too well with Horace Edwards and his legal representation, which sought to have the film removed from consideration during the early days of this lawsuit. The film has also been put into limited release and is streaming on HBO GO -- something that makes the following developments even crazier than they would be without these key details. Over at Vice, Jason Koebler has compiled a timeline of Edwards' (and his lawyer, Jean Lamfers') descent into paranoiac craziness. Around January 23rd, Lamfers requests that a copy of the film not be allowed to be entered as evidence, what with it being full of highly-sensitive documents, espionage and whatever. She asserts that the movie contains so much classified info that it should only be reviewed in camera. Then, no hell at all breaks loose, although in Lamfers' and Edwards' eyes, the espionapocalypse is nigh. Poitras and her attorney deliver a copy of the film to the Lamfers. She does not take it well. "I said I did not want to take possession of it. This was because of my understanding the film contains classified information based on my having seen the film. I received no response to [my] request from defendants' counsel [to bar the film from being entered as evidence in court]," Lamfers wrote in an email sent to the judge presiding over the suit. "To the contrary defendant's counsel delivered a copy of the DVD to my office (which remains unopened and under lock and key)." That time when the normal process of discovery became a cheap knockoff of a le Carré novel. From this point on, it's a long but fast slide downhill into amateur cloak-and-dagger awkwardness. Two DVDs and a transcript of the film are entered as evidence because this is how that process works. Lamfers immediately files a motion asking for these to be sealed. The requested injunction would have no effect on the public release of the film, as the judge notes. "Given the inherently public nature of this film, the Court can discern absolutely no interest that could justify sealing this exhibit. Moreover, even if this DVD contained some sort of confidential information for which Plaintiff had an interest in preventing public disclosure, it has already been publicly filed…" [Side note: For reasons only comprehensible to Cryptome, a copy of the movie is being made available at the site, apparently under the mistaken belief that publicly-filed evidence automatically enters into the public domain. This perhaps-willful misunderstanding of both the court system and copyright law may be at least partially due to Cryptome's ongoing animosity towards anyone involved with the Snowden leaks for their refusal to make every single document Snowden gave them available in one massive dump -- and without redactions.] Undeterred by the judge's logic, Lamfers proceeds to pester the court with "emergency" phone calls in hopes of sealing the Very Dangerous DVD. The judge reminds Lamfers that there are certain ways these things are handled during court proceedings and making "emergency" phone calls isn't one of them. Lamfers reads this rebuking email and decides the judge is suggesting she pester the court with "emergency" emails. Lamfers emails the judge, at 12:46 AM local time (according to the court record), chastising the court for endangering national security and not immediately responding to her call. "This situation has placed the plaintiff in an untenable position regarding avoiding irreparable harm and obtaining appropriate relief sought on a serious issue in a timely manner," she wrote. "The denial of a sealing motion has furthered the irreparable harm and relief necessary to address such harm, among other things, by the continuing injury through repetition of classified, stolen information that reaches a broader constituency of extremists with each showing." Lamfers follows this up with a filed motion stating that the DVDs and transcript should be locked up under the legal precedent of "better safe than sorry." (No, I am not making this up. If I was, it would be more credible.) Apparently further phone calls from Lamfers ensued, because the court is forced to formally -- via a court order -- tell her to knock it off. Plaintiffs counsel has been instructed that the Court prefers informal communications with the Court be made by e-mail, with copy to the opposing counsel. In the Court's experience, such informal communications are rarely necessary and are typically limited to coordinating hearing dates after the court has determined a hearing is necessary, or to address routine, procedural questions. The does not and will not entertain requests for relief in this manner and the Plaintiff shall refrain from this practice going forward. Well, we'll see if that works. Nothing else has so far. The docket shows things have remained eerily quiet over the past several days, but there's no telling how many phone calls and emails have made their way to Judge Julie Robinson's court in the meantime. Of course, the lawsuit doesn't hinge on the misguided actions of the plaintiff and his counsel but on the actual merits of the case. However, even if Edwards' suit has its legal merits, he and his counsel appear to be the worst people to argue them. Permalink | Comments | Email This Story

Read More...
posted 2 days ago on techdirt
If the US intelligence committee is concerned about the status of "hearts and minds" in its ongoing NSA v. Snowden battle, it won't be winning anyone over with its latest response to a FOIA request. Various representatives of the intelligence community have asserted (sometimes repeatedly) that Snowden's leaks have caused irreparable harm to intelligence-gathering efforts and placed the nation in "grave danger." But when given the chance to show the public how much damage has been done, it declares everything on the subject too sensitive to release. EVERYTHING. Here's the Defense Intelligence Agency's appraisal of the current situation, as released to Vice News' Jason Leopold. On the subject of compromised information: How about intelligence sharing and cooperation? At least we know that -- as of January 2014 -- there were four (4) "talking points." Every single assessment, dating back to September 2013, is fully redacted. How does that help communicate the DIA's concerns about Snowden's leaks to the general public? How does that persuade anyone about the alleged severity of the situation? From what's not on display here, it's safe to say the general public's perception of the American intelligence apparatus doesn't matter. Those who do matter are those already on the NSA's side, and then only those with the power to guide legislation towards favorable ends. It's safe to say that there are people in Washington DC who have seen at least a portion of these reports, but that small group contains no members of the general public. A fully-redacted report may seem logical in the eyes of the intelligence community, which despite multiple leakers, still pretends its secrets will always be secret. Page after page of redaction shows it's really not interested in the transparency it keeps promising will make everything better. It doesn't want to give the public any more information than it already has and this mess of whiteout and black ink clearly and loudly states that it believes the public has no stake in the ongoing debate over mass surveillance. It's a wordless insult, delivered under the pretense of "national security." Permalink | Comments | Email This Story

Read More...
posted 2 days ago on techdirt
One of the many problems with America's criminal justice system is the use of federally-mandated sentencing guidelines. These policies take a one-size-fits-all approach to sentencing, stripping away the chance of any leniency being applied by the presiding judge. The guidelines demand ridiculously lengthy prison terms for certain crimes -- the foremost being anything drug-related. Following close behind it are mandatory sentences for sexual offenses. What's meant to act as an effective deterrent has instead become an easy way to lock up people for far longer than their criminal activity would warrant. One judge found out just how out of touch federal sentencing guidelines are when he did something out of the ordinary: he asked the jury's opinion. (via Simple Justice) The crime was one of the most universally-loathed: the collection and distribution of child porn. And the perpetrator was completely unsympathetic. When government agents used cutting-edge software to hack into the hard drive of Ryan Collins’s computer, they found more than 1,500 sexually-explicit images of children, some of whom were younger than twelve. The agents also discovered file-sharing programs, indicating that Collins may have been distributing the pornography online. Collins was unrepentant, even after a jury in Cleveland, Ohio convicted him of possessing, receiving, and distributing child pornography. The prosecutors sought the statutory maximum sentence of 20 years’ imprisonment, and the federal sentencing guidelines would have allowed a term of as long as 27 years. Even when faced with someone as apparently damnable as Ryan Collins, the jury's suggested sentence was lower than the sentencing guidelines called for. Far lower. Before dismissing the jury, [Judge Gwin] asked each member what they thought would be an appropriate sentence for someone who had downloaded child pornography. According to Gwin, the average of the sentences they recommended was only 14 months. This admittedly-small sampling shows that mandatory sentencing guidelines do not match up -- at all -- with what the public believes to be fair and just. These guidelines are supposedly written on behalf of the general public, with Congress and other government bodies acting to "protect" us from drug dealers, sex offenders, hackers, etc. by locking them away for extended periods of time. But it appears the public may still feel "protected" without putting child porn enthusiasts behind bars for a quarter of a century. And it's not just Judge Gwin's peculiar query -- although he appears to be the first to make this line of questioning public. Other judges have heard similar answers from jury members, behind the scenes. Iowa district court judge Mark W. Bennett: "Every time I ever went back in the jury room and asked the jurors to write down what they thought would be an appropriate sentence -- every time – even here, in one of the most conservative parts of Iowa, where we haven't had a 'not guilty' verdict in seven or eight years – they would recommend a sentence way below the guidelines sentence." Why wouldn't judges ask the jury's opinion on sentencing? After all, it's supposedly composed of the accused's "peers." They're entrusted with determining guilt or innocence, but somehow can't be trusted to offer up a worthwhile opinion as to the "reasonableness" of the sentence recommended by Congress? Those intimately familiar with the details of the case should at least be trusted to give their view on the ensuing sentence. Their view is no less informed than that of their representatives, who mostly deal with criminals and the criminal justice system in the abstract -- and are often far more inclined to appease the prosecutorial half of the equation than appear to be "soft on crime." Judge Gwin's informal jury straw poll shows that the word "justice" -- in the context of mandatory sentencing guidelines -- is nothing more than a prosecutorial term of art, completely removed from the actual definition of the word. All those people being sentenced to decades in prison under the pretense that it’s what society wants and needs is revealed, as Judge Bennett says, as baloney. While the Sentencing Commission won’t heed the defense lawyer perspective, perhaps a few federal judges making this point clear might carry sufficient weight to end the needless destruction of a life or two under the draconian guidelines. For the rest, maybe they will start taking the admonition of § 3553(a), “sufficient, but not greater than necessary.” seriously. As for Judge Gwin, he did what he could in response to this gaping disparity by sentencing Collins to the minimum allowed under the guidelines -- five years, or roughly four years longer than the jury felt was reasonable or just. The prosecution had recommended the maximum -- 27 years -- a number so far removed from the public's sense of justice it may as well have been a number pulled out of thin air by a government lawyer who had stumbled into the wrong courtroom. We're imprisoning people at an alarming rate in this country, and the nation's unofficial hobby shows no sign of slowing. And we're doing it for far longer than the public itself feels is necessary. We're destroying lives by taking criminals out of circulation for decades at a time, based on little more than Congressional appeasement of professional moral panickers and the law enforcement officials who love them. The fact that so many of our prisons are now run by private corporations makes the situation worse, because nothing pays better -- or more consistently -- than cell after cell of long-term "tenants."Permalink | Comments | Email This Story

Read More...
posted 2 days ago on techdirt
Last summer, we wrote about the rise of open journalism, whereby people take publicly-available information, typically on social networks, to extract important details that other, more official sources either overlook or try to hide. Since then, one of the pioneers of that approach, Eliot Higgins, has used crowdfunding to set up a site called "Bellingcat", dedicated to applying these techniques. Principal themes there include the shooting down of Malaysian Airlines Flight 17 (MH17), and the civil war in Syria. Higgins recently published a post on the blog of the Policy Institute at King's College, London, in which he suggested that such open source intelligence (OSINT) could be used for formulating policy in situations where traditional sources of information are limited: In recent years, content shared via social media from conflict war zones has allowed us to gain a far deeper understanding of the on-the-ground realities of specific conflicts than previously possible. This presents a real opportunity for providing robust evidence which can underpin foreign and security policymaking about emerging, or rapidly escalating, conflict zones. He cites his own group's work on the shooting-down of the MH17 flight as an example, noting some of the advantages and challenges: Our research on the Buk missile launcher demonstrates that not only is there a wealth of largely untapped information available online and especially on social media, but also that a relatively small team of analysts is able to derive a rich picture of a conflict zone. Clearly, research of this kind must be underpinned by an understanding of the way in which content is being produced, who is sharing it, and, crucially, how to verify it -- and these are methodological challenges which need to be addressed systematically. That call for open source information to be used more widely has now been echoed by two researchers at the International Centre for Security Analysis, also at King's College -- not surprisingly, perhaps, since they too use this technique in their work: There is a powerful case for incorporating OSINT approaches to evidence-based policymaking. In the first place, evidence produced by OSINT methods can be both robust and rigorous, not least because it can be underpinned by extensive datasets. And in the second, it has the potential to be both transparent and verifiable; all open source evidence is, by definition, based on data that is publicly (and often freely) available. However, they note that so far the uptake of such methods to inform policy-making has been very limited. Here's why: At the heart of the problem is the fact that OSINT approaches are still relatively 'young' and, all too often in our experience, lack the rigour and reliability needed to underpin effective policymaking. To overcome those issues, they suggest that practitioners of OSINT should develop more reliable open intelligence tools and methods, and should communicate better the advantages of this approach. They also urge policy makers to take open source intelligence into consideration as an additional form of evidence, but given the conservatism and risk aversion in these circles, I imagine it will take some time before that happens. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
There's no guarantee that life will evolve any kind of intelligence. However, given the numerous examples of smart animals in nature, while we're worried about hyper-intelligent robots rising up, we'll miss the genius bird/lizard/ape revolution. Or maybe we'll just be left behind by space-faring dolphins. In any case, check out a few of these curiously smart animals. Baby turtles, specifically Giant South American river turtles, that haven't hatched from their eggs yet can apparently communicate with other turtles to coordinate when to hatch. If you record the sounds coming from turtle eggs, the baby turtles seem to start talking up to three days before they break out of their shells. [url] Newly hatched baby chickens prefer to count ascending numbers left to right -- just like most people, some monkeys and some birds do. This discovery could mean that number space mapping in our brains is somehow hard-wired rather than learned. [url] Crows have been known to be pretty clever, but now we know they can understand some analogies. These birds aren't going to ace the SAT verbal section, but some five year old kids haven't figured out analogies yet. [url] If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
You talk enough about the intersection of trademark and alcohol, and you end up discussing a whole lot of stupid. Between breweries going after breweries, Star Wars going after breweries, and even the whole damned MPAA going after breweries, and almost always for the silliest reasons, you have to wonder who could possibly come by and really knock the petty trademark thing out of the park, right? Oh, hi there, Red Bull! Thanks for coming along and turning trademark into a giant joke about testicles! Red Bull has filed a complaint with the United States Patent and Trademark Office against a small brewery in Virginia called Old Ox Brewery for the using a male cow in its name and logo. “An ‘ox’ and a ‘bull’ both fall within the same class of ‘bovine’ animals and are virtually indistinguishable to most consumers. In addition, an ox is a castrated bull,” Red Bull said in the lawsuit. “Applicant’s Old Ox marks so much resemble Red Bull so as to cause confusion, mistake or deception among purchasers, users and the public, thereby damaging Red Bull.” I'll give Red Bull credit: it takes a giant set of balls to file a straight-faced trademark complaint that in part centers around your competitor's name's lack of cajones. Beyond that, this entire thing is monumentally stupid. First, any moron in a hurry is too moronic to know what makes an ox an ox, rather than a bull. After all, these are morons we're talking about. Morons with shit to do and no time to sit around and even learn how to spell "bovine" nevermind understand what the hell it means. Oh, and the similarity of the logos? Pffffffft. See the similarities in the logos? Because if you do, no you don't, and also shut up. This is pure, unnecessary, downright flabbergasting bullying on the part of Red Bull, which I had thought gives you wings, but apparently might actually give you IQ-point-sucking amoebas in your brain. Fortunately, Old Ox Brewery ain't buying this red bullshit and has instead posted its letter to Red Bull, in which they essentially kindly ask its adversary to eat a bag of castration-remnants. “Basically you are holding us hostage with a list of demands that, if agreed to, would severely limit our ability to use our brand. Demands like, never use the color red, silver, or blue; never use red with any bovine term or image; and never produce soft drinks. Do you own the color red? What about fuchsia, scarlet, crimson, or mauve? Are you planting your flag in the color wheel and claiming those shades for Red Bull? Do you claim exclusive rights to all things bovine? Do you plan to herd all heifers, cows, yaks, buffalo, bison, and steer into your intellectual property corral, too?” Huh, turns out these ox have balls, after all...Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
Last week, The Intercept revealed how the NSA and GCHQ had hacked into the major supplier of SIM cards to swipe encryption keys for tons of mobile phones. Earlier this week, we noted that Gemalto appeared to be taking the Lenovo approach to insisting that no one was put at risk. Today the company presented the "findings" of its internal analysis of what happened, admitting that there were sophisticated hack attacks, but insisting that those attacks could not have reached the goldmine source of encryption keys. First, the admission of the hack: In June 2010, we noticed suspicious activity in one of our French sites where a third party was trying to spy on the office network. By office network we mean the one used by employees to communicate with each other and the outside world. Action was immediately taken to counter the threat. In July 2010, a second incident was identified by our Security Team. This involved fake emails sent to one of our mobile operator customers spoofing legitimate Gemalto email addresses. The fake emails contained an attachment that could download malicious code. We immediately informed the customer and also notified the relevant authorities both of the incident itself and the type of malware used. During the same period, we also detected several attempts to access the PCs of Gemalto employees who had regular contact with customers. At the time we were unable to identify the perpetrators but we now think that they could be related to the NSA and GCHQ operation. And then the "but don't worry about it" part: These intrusions only affected the outer parts of our networks – our office networks - which are in contact with the outside world. The SIM encryption keys and other customer data in general, are not stored on these networks. It is important to understand that our network architecture is designed like a cross between an onion and an orange; it has multiple layers and segments which help to cluster and isolate data. While the intrusions described above were serious, sophisticated attacks, nothing was detected in other parts of our network. No breaches were found in the infrastructure running our SIM activity or in other parts of the secure network which manage our other products such as banking cards, ID cards or electronic passports. Each of these networks is isolated from one another and they are not connected to external networks. The report also notes that it appears that someone (again, probably NSA/GCHQ) also targeted communications between Gemalto and its carrier partners using highly targeted spearphishing attacks -- but that the company sought to block those and has long used a "highly secure exchange process" to protect such transmissions. The company also says that some of the operators listed in the leaked documents are ones that Gemalto has never worked with anyway, so if NSA/GCHQ got access to their keys, it wasn't via Gemalto. It further notes that even where the NSA/GCHQ may have gotten access to keys (via other means) it may have only been of limited use, while also noting that the encryption that was targeted was already pretty weak: In 2010-2011 most operators in the targeted countries were still using 2G networks. The security level of this second generation technology was initially developed in the 1980s and was already considered weak and outdated by 2010. If the 2G SIM card encryption keys were to be intercepted by the intelligence services, it would be technically possible for them to spy on communications when the SIM card was in use in a mobile phone. This is a known weakness of the old 2G technology and for many years we have recommended that operators deploy extra security mechanisms. However, even if the encryption keys were intercepted by the Intelligence services they would have been of limited use. This is because most 2G SIMs in service at that time in these countries were prepaid cards which have a very short life cycle, typically between 3 and 6 months. This known weakness in the original 2G standards was removed with the introduction of proprietary algorithms, which are still used as an extra level of security by major network operators. The security level was further increased with the arrival of 3G and 4G technologies which have additional encryption. If someone intercepted the encryption keys used in 3G or 4G SIMs they would not be able to connect to the networks and consequently would be unable to spy on communications. Therefore, 3G and 4G cards could not be affected by the described attack. However, though backward compatible with 2G, these newer products are not used everywhere around the world as they are a bit more expensive and sometimes operators base their purchasing decision on price alone. While I will admit to being pretty skeptical based on Gemalto's initial comments, its explanation here is somewhat more reasonable. While some may question if Gemalto really was able to figure out what the NSA/GCHQ got access to, it does not appear that the company is merely brushing this off as a non-story. However, if the company was really hacked back in 2010/2011 -- one can reasonably question how much the company can actually determine what really happened.Permalink | Comments | Email This Story

Read More...