posted about 18 hours ago on techdirt
Five Years Ago This week in 2013, the Harlem Shake was still taking the world by storm, and serving as a great example of selective copyright enforcement. WIPO negotiations over access to copyrighted works for the disabled were, as usual, shrouded in secrecy, while an anti-piracy group was threatening the Pirate Party with criminal charges, the RIAA was moaning about Google's lack of an anti-piracy magic wand, and ISPs were gearing up to enact the Six Strikes program. On the other hand, the European Copyright Society was arguing against the idea that linking and framing are forms of infringement, a court tossed out an attempt to block CNET from offering BitTorrent downloads, and the CCIA was making the interesting argument that Germany should be on the Special 301 naughty list... for its attacks on fair use. Ten Years Ago This week in 2008, torrent users were fighting back against Comcast's traffic shaping program by amping up their encryption efforts, while Comcast was weakly defending the practice by rolling out non-experts. Australia joined the list of countries considering the idea of kicking file sharers off the internet (even as, the same week, they declared their previous $89-million internet filtering plan a failure). Meanwhile, nobody could actually explain why stopping file sharing is an ISP's responsibility — indeed, as the US freaked out about P2P, the EU was investing in it; and as ISPs were starting to insist they can't offer unlimited access, mobile operators were pivoting to do exactly that. Fifteen Years Ago This week in 2003, the Lexmark printer ink case was waking some people up to the DMCA's potential for abuse. The Turner Broadcasting chairman who called all TiVo users thieves was stepping down, while Hollywood was trying to recruit piracy informants, and Congress was trying to hash out a weak "compromise" on copyright. Meanwhile, the news arrived that Overture would be buying Alta Vista, in what appeared to be another nail in the erstwhile search giant's coffin — right around the same time that people were starting to seriously talk about the idea of a Google IPO (which would arrive the following year). Permalink | Comments | Email This Story

Read More...
posted 1 day ago on techdirt
Another challenge of the NIT (Network Investigative Technique) warrant used by the FBI during its investigation of a dark web child porn website has hit the appellate level. A handful of district courts have found the warrant used invalid, given the fact that its reach (worldwide) exceeded its jurisdictional grasp (the state of Virginia, where it was obtained). That hasn't had much of an effect on appeals court rulings, which have all found the warrant questionable to varying degrees, but have granted the FBI "good faith" for violating the jurisdictional limits the DOJ was attempting to have rewritten (Rule 41 -- which governs warrant jurisdictional limits, among other things) to allow it to do the things it was already doing. Even though the FBI had to have known searches performed all over the world using one Virginia-based warrant violated Rule 41 limits, appellate judges have declared the FBI agent requesting the warrant wasn't enough of a legal expert to know this wasn't allowed. Two appeals courts have stated suppressing the evidence is pointless because the law changed after the jurisdiction limit violation took place. The appellate decisions have been troubling to say the least, providing further evidence that the good faith exception is the rule, rather than the outlier. The latest decision [PDF] dealing with the NIT warrant comes from the Third Circuit Appeals Court. It, too, finds the warrant questionable. And it states the government has agreed the warrant was not valid under Rule 41(b). The Government conceded below that “[a]lthough Rule 41 does authorize a judge to issue a search warrant for a search in another district in some circumstances, it does not explicitly do so in these circumstances.” App. 91 (Government Br. in Opposition to Motion to Suppress) (emphasis added). The opinion goes on to note the government, having admitted its warrant was bad, then argued it was good because it was apparently thinking of a different part of Rule 41 when it applied for a warrant, even though none of this thought made its way into the affidavit as words. On appeal, however, the Government curiously has reversed course, and now contends that the NIT was in fact explicitly authorized by Rule 41(b)(4), which provides that a magistrate judge may “issue a warrant to install within the district a tracking device; the warrant may authorize use of the device to track the movement of a person or property located within the district, outside the district, or both.” Fed. R. Crim. P. 41(b)(4) (emphasis added). According to the Government, under this Rule, “the NIT warrant properly authorized use of the NIT to track the movement of information—the digital child pornography content requested by users who logged into Playpen’s website—as it traveled from the server in [EDVA] through the encrypted Tor network to its final destination: the users’ computers, wherever located.” Wrong again, says the court, noting the disingenuousness of the government's goalpost move. (All emphasis added by me and not the court from this point forward.) We need not resolve Werdene’s contention that the Government waived this argument because we find that the Government’s tracking device analogy is inapposite. As an initial matter, it is clear that the FBI did not believe that the NIT was a tracking device at the time that it sought the warrant. Warrants issued under Rule 41(b)(4) are specialized documents that are denominated “Tracking Warrant” and require the Government to submit a specialized “Application for a Tracking Warrant.” See ADMINISTRATIVE OFFICE OF U.S. COURTS, CRIMINAL FORMS AO 102 (2009) & AO 104 (2016). Here, the FBI did not submit an application for a tracking warrant – rather, it applied for, and received, a standard search warrant. Indeed, the term “tracking device” is absent from the NIT warrant application and supporting affidavit. The court also helpfully finds that computer users have an expectation of privacy in their IP addresses and other identifying info housed in their computers. It points out the government obtained this directly from targets' computers rather than third parties, making this a Fourth Amendment search rather than a Third Party Doctrine case. But that's where the good news ends for the defendant. The appeals court says the warrant was invalid the moment it was issued, but that this can't be held against the FBI. It rationalizes its opinion this way: suppression of evidence is for deterrence, not for righting the government's wrongs. So, it's OK for the FBI to rely on an invalid warrant because the judge made the error approving it. The FBI was not wrong to rely on the warrant, even though it very likely knew its request violated Rule 41 jurisdictional limits. Then it arrives at this conclusion -- one reached previously by another appeals court: More importantly, the exclusionary rule “applies only where it ‘result[s] in appreciable deterrence.’” Herring, 555 U.S. at 141 (quoting Leon, 468 U.S. at 909) (emphasis added). Thus, even though Rule 41(b) did not authorize the magistrate judge to issue the NIT warrant, future law enforcement officers may apply for and obtain such a warrant pursuant to Rule 41(b)(6), which went into effect in December 2016 to authorize NIT-like warrants. Accordingly, a similar Rule 41(b) violation is unlikely to recur and suppression here will have no deterrent effect. In other words, because it's now impossible for the FBI to engage in this violation of Rule 41, there's nothing to be gained by suppressing the evidence. In essence, the court is saying that if the DOJ can get laws changed quickly enough to codify earlier statutory violations, defendants challenging evidence based on legal violations that occurred before the law was changed are shit out of luck. Compare and contrast this to civil rights lawsuits where the courts have awarded good faith to law enforcement for apparent rights violations because they occurred before such acts were declared unconstitutional by precedential opinions. It's "heads I win, tails you lose" in federal courts, thanks to the good faith exception. More cases will reach the appellate level but it hardly seems likely any of those will result in suppressed evidence for Playpen defendants. These findings will be reached despite most appellate judges declaring the underlying warrants void from the moment they were issued. Defendants asking for suppression are going to run into judges willing to forgive the FBI both before and after the fact, which means there's very little justice left in the justice system's tanks. Permalink | Comments | Email This Story

Read More...
posted 1 day ago on techdirt
It's no secret that Valve's Steam platform is the dominant marketplace for PC video games. Much comes along with that status, including the strategies and metrics studios must employ to get their games noticed on Steam. One of the important metrics for recognition is Steam reviews. And it's not just the review scores themselves that are important, but actually getting reviews -- any reviews -- to begin with is a big deal. So it's no surprise that game studios strategize on how to get their games in enough customer hands to generate reviews. Still, one studio's strategy has massively backfired. Insel Games out of Malta recently released Wild Buster, it's latest title. Sadly, in the all important initial release window, the game was not generating enough reviews to result in a general review score on the game page. Those scores are often used by consumers to quickly decide whether a title deserves their attention at all and a lack of a score can indicate that the game isn't good enough to even warrant a look. Insel's CEO, Patrick Steppel, decided to address this with a strongly-worded email to his own staff insisting that they all buy the game and review it, despite having had a hand in making the game. If employees refused to do this, Steppel warned that it could mean that they would no longer have a job at the studio. “I had [sent] an email earlier but I was told that some of you announced to colleagues that you do not want to make a purchase of the game and/or a review. Frankly, this leaves me pretty disappointed. Of course I cannot force you to write a review (let alone tell you what to write) - but I should not have to. Neglecting the importance of reviews will ultimately cost jobs. If WB fails, Insel fails, IME fails and then we all will have no job next year. So I am asking you either of do the following: buy the game and present me the receipt until Friday night for which (together with a claim form) you will be re-imbursed within 24h or explain to me tomorrow why you do not wish to do this. I would like to discuss this individually and privately with each of you and will follow up.” Corresponding with the timing of this email was a deluge of reviews suddenly washing over the game's Steam page, all of them glowingly positive. This, as many of you will know, is a form of astroturfing and it's plainly unethical. The point of reviews is for Steam customers to get a sense of what other Steam customers think of a game so as to inform their purchasing decisions. It is not a place for those who made the game to surreptitiously fool customers into thinking a game is better than it is by posting reviews from a clearly biased source. For the CEO of a studio to suggest employees do this at the end of a pointed employment-gun is all the more galling. And, ultimately, ineffective, given that Valve has responded from pulling every single Insel Games product from its marketplace. In a post last night on the Steam forums, a Valve representative wrote that as a result of this new information, the store has pulled all of Insel Games’ products. “The publisher appears to have used multiple Steam accounts to post positive reviews for their own games. This is a clear violation of our review policy and something we take very seriously. For these reasons, we are ending our business relationship with Insel Games Ltd. and removing their games from our store. If you have previously purchased this game, it will remain accessible in your Steam library.” Laughably, Streppel has publicly admitted to sending out the email while also insisting that he will appeal Valve's decision. What the basis of that appeal could be, given his admission, is anyone's guess. Streppel also insists that he didn't mean to threaten anyone's job and that he has not punished any employee that refused to write a review or buy the game, although that kind of gaslighting likely won't find much purchase in a gaming public that doesn't look kindly upon this kind of subterfuge. So, the lesson is that game studios should take the efforts they would spend conniving over how to fool customers and just make great games instead. Otherwise, the backlash may be more than they can handle. Permalink | Comments | Email This Story

Read More...
posted 1 day ago on techdirt
In the annals of stupid legislation, California's attempt to fight ageism at Hollywood studios by targeting third-party websites and using the First Amendment as a doormat will secure a prominent place in infamy. Rising from the ashes of a failed lawsuit brought by an actress who claimed IMDb cost her untold amounts of wealth by publishing her age, the law basically said IMDb couldn't publish facts on its website. Those pushing the legislation included the Screen Actors Guild, which apparently doesn't have the spine to stand up to studios and target them for discriminating against actors and actresses. Last year, IMDb secured a temporary injunction against the state of California, forbidding it from enforcing the law while the courts sorted out its constitutionality. That day has arrived. A federal court has declared the law unconstitutional and permanently blocked California from going after IMDb because Hollywood producers participate in discriminatory hiring. (h/t Jacob Gershman) The decision [PDF] is short. It takes only six pages for the district court to destroy the state's arguments. First, it tells the state it's not going to apply a lower First Amendment standard of scrutiny to its awful law. California and SAG-AFTRA provide no reason to apply a lower level of judicial scrutiny to the statute than was applied at the preliminary injunction stage. AB 1687 cannot properly be considered a regulation of voluntary commercial contracts rather than a speech restriction. Upon the request of a subscriber to IMDbPro, the law requires IMDb to remove age-related information from its public-facing website, IMDb.com, regardless of the source of the information on IMDb.com. The law expressly contemplates that it will impact not just information obtained pursuant to a contractual relationship, but also information provided by members of the public… That's just the court's warm-up. It gets worse for the state from there. [A]s California concedes, AB 1687 is not properly considered a generally applicable law; moreover, its effects on expression are far from incidental. AB 1687 is a direct restriction on speech. The law prohibits certain speakers from publishing certain truthful information – information that, in many instances, is supplied by members of the public – because of concerns that a third party might use that information to engage in illegal conduct. The court also points out the targeted speech isn't commercial speech, which receives fewer Constitutional protections. Nor can AB 1687 plausibly be characterized as a commercial speech restriction. The speech at issue is factual information about entertainment professionals, conveyed – at least on IMDb.com – in a manner unconnected to any commercial transaction… The fact that IMDb has a financial interest in people's reliance on IMDb.com for information doesn't transform the age-related information restricted by AB 1687 into commercial speech. The court also has some choice words for the Screen Actors Guild, which really should have known better than to have supported this censorial garbage. SAG-AFTRA contends that publication of facts about the ages of people in the entertainment industry can be banned because these facts "facilitate" age discrimination – an argument that, if successful, would enable states to forbid publication of virtually any fact. There is no support in controlling case law for the proposition that a state may ban publication of facts to impede a third party’s possible reliance on those facts to engage in discrimination. If SAG really wants to do something about discrimination, it should use its collective weight to make changes in the studio system, rather than enable censorship and threaten the same protections that allow movies to be made without government interference. It's a stupid law and the district court does everything but directly call it stupid during the course of its six-page decision. It points out the state has plenty of ways of curbing age discrimination that don't involve walking all over the First Amendment. The fact that previous legislative efforts have failed is no reason for the state to decide the publication of facts must be banned. The court also notes neither the state nor SAG have shown any causal link between IMDb's publication of actors' ages and age discrimination in Hollywood studios. Even if IMDb's publications make it "easier" for studio heads to discriminate (a point the court does not concede), the statutory remedy deployed by California would only force IMDb to remove age info at the request of subscribers, which means there would still be plenty of data available for studios to "misuse." It's a resounding loss for both entities -- both of which should have known the law was destined for the federal court chopping block while it was still in its infancy. The fact the law even exists seems to indicate both the State of California and the Screen Actors Guild are too cowardly to confront Hollywood studio execs directly. Finally, the court calls the state and SAG out for being so jacked up about punishing IMDb that they can't even recognize the sort of discrimination they're dealing with. Although the previously-discussed flaws in the statute are more than enough to strike it down, one final point bears mention. The defendants seem to misunderstand the problem they hope to address through AB 1687. The legislative materials repeatedly cite an article discussing "[t]he commonplace practice of casting a much younger female against a much older male" and lamenting the significant underrepresentation of women in leading roles and in directors' chairs. The defendants describe this as a problem of "age discrimination." While that may be accurate on some level, at root it is far more a problem of sex discrimination. Movie producers don't typically refuse to cast an actor as a leading man because he's too old for the leading woman; it is the prospective leading woman who can't get the part unless she's much younger than the leading man. TV networks don't typically jettison male news anchors because they are perceived as too old; it is the female anchors whose success is often dependent on their youth. This is not so much because the entertainment industry has a problem with older people per se. Rather, it's a manifestation of the industry's insistence on objectifying women, overvaluing their looks while devaluing everything else. The defendants barely acknowledge this, much less explain how a law preventing one company from posting age-related information on one website could discourage the entertainment industry from continuing to objectify and devalue women. If the government is going to attempt to restrict speech, it should at least develop a clearer understanding of the problem it's trying to solve. That's some fine bench-slapping. Hopefully, it will deter the state and its SAG helpers from rushing back to the legislative halls to take another stab at crafting more First Amendment-violating stupidity. Permalink | Comments | Email This Story

Read More...
posted 1 day ago on techdirt
Ron Wyden is at it again. Sending pesky letters to government officials who appear to be completely falling down on the job. The latest is asking Customs and Border Patrol why it's still not verifying the e-passport chips that have been in all US passports -- and in all countries on the visa waiver list -- since 2007 (hat tip to Zach Whittaker). The letter points out that the US government pushed hard for these chips... and then never bothered to check to make sure no one has tampered with them. The U.S. government played a central role in the global adoption of e-Passports. These high-tech passports have smart chips--which store traveler information--and cryptographic signatures, an important security feature that verifies the validity and legitimacy of the passport and its issuing government agency. For more than a decade, the United States has required that countries on the visa-waiver list issue machine-readable e-Passports. Since 2015, the United States has further required that all visitors from countries on the visa-waiver list enter the United States with an e- Passport. Despite these efforts, CBP lacks the technical capabilities to verify e-Passport chips. To be clear: it's not that CBP doesn't use the chips at all. It does download the info from the chips. But it ignores the cryptographic signatures and doesn't verify that the information hasn't been tampered with. Incredibly, the letter notes that CBP was informed of this problem all the way back in 2010 by the GAO, but has still not done anything about it. CBP has deployed e-Passport readers at many ports of entry, which CBP personnel use to download data from the smart chips in e-Passports. However, CBP does not have the software necessary to authenticate the information stored on the e-Passport chips. Specifically, CBP cannot verify the digital signatures stored on the e-Passport, which means that CBP is unable to determine if the data stored on the smart chips has been tampered with or forged. CBP has been aware of this security lapse since at least 2010, when the Government Accountability Office (GAO) released a report highlighting the gap in technology. Eight years after that publication, CBP still does not possess the technological capability to authenticate the machine-readable data in e-Passports. As with a number of recent letters that Wyden has been sending that touch on areas around the government falling down when it comes to encryption, I'm assuming that this latest one comes from the work that Chris Soghoian is doing since being hired full time to work for Senator Wyden. Soghoian spent years calling out bad encryption practices of all sorts of organizations in the past, and it's nice to see that he's now able to (hopefully) shame the government into doing things better as well. Permalink | Comments | Email This Story

Read More...
posted 2 days ago on techdirt
One of the perennial questions around here is what companies should do about unauthorized copies of physical products. As readers will know, on Techdirt we don't think automatically filing lawsuits is the way to go. This little vignette from the New York Times reveals an alternative approach that is smarter and more remunerative: At a pop-up market stall just off Canal Street, the Madison Avenue of the unauthenticated, shoppers have spent the last week snapping up off-price, jeans, hoodies, T-shirts and boxer briefs with a familiar, almost-right logo: Diesel. Sure, the "i" and "e" are on the wrong side of their usual do-si-do. But you get what you pay for. They're $69.99; Diesel jeans generally start well over $200. Forget it, Jake -- it's Chinatown. Companies like Diesel spend significant resources chasing down counterfeiters and stamping them out. According to Renzo Rosso, the founder of Diesel and president of its parent company, the Only the Brave Group, the label shut down 86 websites hawking fake products last year. But Mr. Rosso was crammed into the small, wood-paneled shop on Friday with no intention of dampening Diesel. He'd created it. Rosso has realized that even unauthorized copies act as marketing for the original, and help to boost the brand. By producing his own fake versions, Rosso not only spreads the word about his company's products, but he even makes money from it. Moreover, by introducing a rival into the market of copies, he probably dilutes the other fake brands and maybe even their profits. It's a win-win-win-win situation, which Gucci too is keen to exploit: Gucci has riffed on its own bootlegs (and styled its own "Guccy" logo) and set up shop with Daniel Day, better known as Dapper Dan, the counterfeit couturier it had once threatened out of business. It's such a simple, clever idea, you wonder why no one has thought of it before. And the answer is -- they have. As Techdirt reported nearly nine years ago, a South African t-shirt designer sold its own counterfeit line and used that to boost awareness of the original products, while also being able to differentiate and sell into new markets -- and make money too. What's significant about the latest examples in the New York Times story is that it is top brands that have realized the power of this approach. And even if the idea of coming out with authorized "counterfeits", as Diesel and Gucci are doing, is not original, that somehow seems appropriate. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 2 days ago on techdirt
Aeon Timeline 2 for Mac And Windows is ideal for a wide variety of projects — big or small — and will help you manage your workload more efficiently, and get more done. You can manage events, entities, dependencies and more in an intuitive interface, as well as link events with images and external documents and websites to better track research and supporting documentation. You can work with either pre-configured or fully customizable templates, calendars and display options. It's on sale for $20. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team. Permalink | Comments | Email This Story

Read More...
posted 2 days ago on techdirt
1-800-LAWFIRM's oblique assault on Section 230 continues. This firm, along with Excolo Law, have been behind several Plantiff v. Social Media lawsuits seeking to hold Facebook, Twitter, YouTube, etc. responsible for acts of terrorism. The legal theories are as terrible as they are long-winded. In an effort to route around Section 230 immunity, these firms have tried to portray the mere existence of terrorist groups on social media platforms as active material support for terrorism by tech companies. But Section 230 itself is also targeted, just in case the plaintiffs happen to luck into a federal judge willing to punch holes in immunity. So far, none of these efforts have been successful. The Ninth Circuit Appeals Court recently rang up another loss for 1-800-LAWFIRM, finding none of its arguments credible. Unfortunately, it did not go so far as to reaffirm Section 230 immunity, limiting itself to 1-800-LAWFIRM's novel legal theories about the Anti-Terrorism Act (ATA). But, as Cathy Gellis noted in her coverage of the decision, this isn't necessarily a bad thing. By focusing on the ATA, Section 230 remains undamaged, and doesn't draw the attention of enterprising politicians who might try to "do something" (terrible) to keep terrorists from using social media platforms. Unfortunately, terrorists continue to kill and injure people, providing these law firms with clients hoping to extract payment from tech companies as compensation for death and injury caused by terrorists. As Eric Goldman notes, the Ninth Circuit loss has had no deterrent effect, apparently. But this loss possibly explains why the latest lawsuit [PDF] has been filed in Illinois, rather than in California (where the social media defendants are headquartered) like the law firm's previous attempts. Illinois is the plaintiff's home state, which gives the venue switch some legal grounding. More importantly, it moves the battle to the Sixth Circuit, where 1-800-LAWFIRM has yet to be shut down at the appellate level. The lawsuit is exceedingly long. It runs 128 pages and 663 paragraphs. Is it worth reading? Not really. Not unless you really need a blow-by-blow account of social media use by terrorists over the years, occasionally punctuated with things like this, presumably to remind the judge there's a personal injury lawsuit buried in all this exposition. ISIS used and relied on Twitter, Facebook, and YouTube as among its most important tools to facilitate and carry out its terrorist activity, including the terrorist attacks in which ISIS murdered 130 individuals and injured Mandy Palmucci. The lawsuit contains the usual bad assertions about content moderation, or perceived lack thereof. It claims YouTube could easily police the hundreds of thousands of hours of footage submitted everyday. The same goes for Twitter, which supposedly should be able to maintain strict control of millions of tweets flowing from its platform daily. It cites one "expert" who claims terrorist content could be as easily monitored as child pornography but glosses over the part where the current CP monitoring system was years in development and required active participation of multiple law enforcement agencies from around the world. And, unlike child porn, there are several reasons "terrorist content" could remain live, considering its use to journalists, activists, and law enforcement investigators. The whole thing redefines the word "active" to mean ad placement by algorithm or copycat "terrorist" accounts springing up on social media services to replace those shut down by platforms. The legal reps would like the judge to believe that any terrorist content anywhere on these platforms is evidence of material support for terrorism. It's a ridiculous argument and it's unlikely to end up in the hands of a sympathetic judge, no matter which circuit it's filed in. The Ninth Circuit decision may not be precedential in this circuit, but it can still be instructive. Someone may still find a way to damage Section 230 immunity by linking it to worldwide terrorism, but it won't be these lawsuits. Permalink | Comments | Email This Story

Read More...
posted 2 days ago on techdirt
A few years back the FCC (under Obama's first FCC boss Julius Genachowski) spent around $300 million on a broadband availability map that did a crap job actually measuring broadband availability. As we noted at the time, the map tended to hallucinate both available competitors and the speeds they could deliver to any address, providing a completely bogus sense of the nation's competitive options. It also failed utterly to include pricing data at ISP behest, lest somebody actually look at the data and realize that a lack of competition drives high prices and abysmal customer service from coast to coast. After efforts to further fund the inaccurate map stalled (you can find the old map sitting unused here), Ajit Pai's FCC this week stated they've dusted off and relaunched the map as part of Pai's purported dedication to the digital divide (the new version is available here for your perusal). An FCC press release (pdf) said the new map offers better data at a lower price than the original: "As it works to close the digital divide, the Federal Communications Commission has updated and modernized its National Broadband Map so the map can once again be a key source of broadband deployment information for consumers, policymakers, researchers, and others. The new, cloud-based map will support more frequent data updates and display improvements at a far lower cost than the original mapping platform, which had not been updated in years." The FCC also took to Twitter to insist this new map will be the cornerstone of his office's noble quest to close the digital divide: The modernized National Broadband Map provides consumers, policymakers, and stakeholders a robust tool for closing the digital divide. https://t.co/Fvea4RTId8 — The FCC (@FCC) February 22, 2018 Except the "new" map appears to be a half-hearted reboot that shares all the problems of the original map. Were you to actually use the map to determine where coverage caps exist, you'd walk away thinking there is no digital divide. In that sense, the map is doing the exact opposite of what the FCC is claiming. Both the old and new iterations of the map all-but hallucinate available options out of whole cloth while vastly over-stating the speeds available to American consumers. That's because it relies on ISP data provided the FCC via the Form 477 process; data that's routinely taken at face value without any real independent analysis or confirmation by objective third parties. Data provided by companies with a vested interest in actively hiding deployment and competitive shortcomings for what should be obvious reasons. The same ISPs that lobby relentlessly to kill efforts at more accurate mapping. For example, I can only get access to one ISP (Comcast) at my residence in Seattle, purportedly one of the nation's technology leaders. Yet the FCC's new map informs me I have seven broadband options available to me. Two of these options, CenturyLink DSL and CenturyLink fiber are somehow counted twice despite neither actually being available. Three others are satellite broadband service whose high prices, high latency and low caps make them unsuitable as a real broadband option. The seventh is a fixed-wireless option that doesn't actually serve my address: Again, only one of those is actually available or can be considered broadband, and it's being delivered by a company with arguably the worst customer satisfaction and service scores of any company in America. Four of them don't even meet the FCC's own definition of broadband (25 Mbps down, 3 Mbps up). Looking at the world through rose-colored ISP glasses isn't "closing the digital divide." In fact the perpetuation of inaccurate data makes the problem worse by convincing the public it's not a real problem at all. Of course if you've watched Ajit Pai repeatedly proclaim his breathless dedication to closing the digital divide while dismantling broadband programs for the poor this probably isn't too surprising. Nor is it surprising if you're familiar with Pai's attempts to distort, twist, and manipulate data until the nation's broadband competition issues magically disappear. After all, if the data clearly shows that American broadband is expensive and patchy due to limited competition among regional mono/duopolies with a stranglehold over state and federal lawmakers, somebody might just get the crazy idea to actually do something about it. Permalink | Comments | Email This Story

Read More...
posted 2 days ago on techdirt
The thin line that exists between entertainment industry DRM software and plain malware has been pointed out both recently and in the past. There are many layers to this onion, ranging from Sony's rootkit fiasco, to performance hits on machines thanks to DRM installed by video games, up to and including the insane idea that copyright holders ought to be able to use malware payloads to "hack back" against accused infringers. What is different in more recent times is the public awareness regarding DRM, computer security, and an overall fear of malware. This is a natural kind of progression, as the public becomes more connected and reliant on computer systems and the internet, they likewise become more concerned about those systems. That may likely explain the swift public backlash to a small game-modding studio seemingly installing something akin to malware in every installation of its software, whether from a legitimate purchase or piracy. FlightSimLabs, a studio that specialises in custom add-ons for other company’s flight sims, has been found to be secretly installing a program onto user’s computers designed to check whether they’re playing a pirated copy of their software. The code—basically a Chrome password dumping tool— was discovered by Reddit user crankyrecursion on February 18, and as TorrentFreak reportwas designed to trigger “a process through which the company stole usernames and passwords from users’ web browsers.” Whatever fuzzy line might exist between DRM payloads and malware, this specific deployment appears to have crossed it in a very big way. The extraction of user names and passwords for infringers would be a step too far on its own, but the real problem is that the executable that does all of this was included in every copy of the software FlightSimLabs provided, including those from legit purchases. Lefteris Kalamaras, who runs FlightSimLabs, admitted that the installation of a file named "test.exe" was included in the software installation, but insisted that it was only weaponized when a pirated copy of the software is detected. First of all - there are no tools used to reveal any sensitive information of any customer who has legitimately purchased our products. We all realize that you put a lot of trust in our products and this would be contrary to what we believe. If such a specific serial number is used by a pirate (a person who has illegally obtained our software) and the installer verifies this against the pirate serial numbers stored in our server database, it takes specific measures to alert us. “Test.exe” is part of the DRM and is only targeted against specific pirate copies of copyrighted software obtained illegally. That program is only extracted temporarily and is never under any circumstances used in legitimate copies of the product. The only reason why this file would be detected after the installation completes is only if it was used with a pirate serial number (not blacklisted numbers). This attempt at an explanation failed to assuage the gaming community for understandable reasons. To include a program capable of extracting passwords in a flight simulator mod is flatly insane. The only proper description for such software would be malware and that malware was installed on the machines of customers of FlightSimLabs that had properly paid for its products. The claim that this malware remained dormant for those purchasing the mods would be the same as claiming that each of our homes have been outfitted with bombs without our knowledge, but those bombs will only be activated if the home builder thinks we're doing something illegal. This is all wide open for mistakes, abuse, and for other bad actors to swoop in on these customers and make use of the software for nefarious reasons. Shortly after Kalamaras' "explanation", FlightSimLabs updated the mods in question with the malware removed entirely. The company also updated its community with an apology that still somewhat misses the mark. We have already replaced the installer in question and can only promise you that we will do everything in our power to rectify the issue with those who feel offended, as well as never use any such heavy-handed approach in the future. Once again, we humbly apologize! This isn't about "feeling offended", it's about the company breaking the trust of its customers by installing what is clearly malware on their machines. That isn't the type of bad act a company should be able to come back from. Permalink | Comments | Email This Story

Read More...
posted 2 days ago on techdirt
When you write regularly about lawsuits, you learn very quickly that not all court systems are equal when it comes to allowing modern access to public filings and records. The country is a veritable panoply of an access spectrum, with some districts offering modern e-filing systems and websites to review documents, while other districts are far more antiquated and restrictive. That said, it's hard to imagine a county court system more backwards than that of Chicago's Cook County. Every workday, attorneys enter criminal courtrooms across Cook County, put away their smartphones and operate in a world that their grandparents would have recognized: accordion-style Manila folders to hold paper documents, handwritten orders for judges to sign, even carbon paper to make copies of the paper filings. “God help us all if the carbon didn’t take,” said defense attorney Alana De Leon, who had never used the outdated copying method — invented more than two centuries ago — before setting foot in a West Side branch court a few years ago. While the Tribune article notes that these antiquated techniques result in derisive jokes from the attorneys forced to use them, the reality is that they are no laughing matter. The article tells the story of a woman looking for filing information for her boyfriend's criminal court case and was forced to travel 14 miles just to find out what charges her boyfriend was facing. And this sort of thing isn't reserved for the lay public. Criminal defense attorneys must also make a similar trek just to find out the basic case information for any clients they may take on in Cook County as well. In the surrounding counties, this information would be available via e-filings via an internet connection. In Cook County, home to the third largest city in the union, its all physical filings and carbon copies. Circuit Court Clerk Dorothy Brown, in charge of this love letter to the days of robber barons, does not want to hear you blame her for any of this, however. Circuit Court Clerk Dorothy Brown bristled at the suggestion that her office has been slow to adapt to the internet age, telling the Tribune in an hourlong interview last week that a complete overhaul of the criminal case management system is expected to be completed by March 2019. Brown spoke of an “interactive” system in which much of the work performed by attorneys and judges in the courtrooms could be done electronically. Brown said her ultimate goal is to end the reliance on ink and paper. While that may all sound good, if quite late, it's worth noting that Brown is the same Clerk that has gone to court to block press access to e-filings in recent weeks. Dorothy Brown, Chicago’s elected court clerk, filed her appeal notice this week, challenging a ruling in early January by U.S. District Judge William Kennelly. The judge found the First Amendment prohibits the clerk from withholding new efiled complaints, a regular source of news, from the press corps. He gave the clerk 30 days to provide access. She made no move to comply and continues to argue that she must first screen the filings for confidentiality. In his 16-page opinion, Kennelly found that argument belied by a number of effective alternatives available to the clerk. It's moves like that which create the impression that the lack of transparency that comes along with Cook County's laughably anachronistic records systems is a feature rather than a bug. Cook County has long been a place where county and city officials have played a game of subterfuge with the press and the public, hiding legal machinations as well as actions taken by the city, such as million dollar payouts to the families of victims of police shootings. Making the court system as opaque as possible for as long as possible seems to be the goal. Brown, of course, insists otherwise and blames the state Supreme Court and Chief Judge Timothy Evans for Cook County's woes. Brown said her hands have been tied by the Illinois Supreme Court dragging its feet in allowing e-filing statewide in criminal cases for the first time just last year. She also blamed Chief Judge Timothy Evans’ office for blocking her from making basic docket information available online for criminal cases. In an email, however, Evans’ spokesman, Pat Milhizer, denied Brown’s claim, saying his office would consider any such proposal from the circuit clerk. Many will say this all smells of classic Chicago machine politics. And, in many respects, it certainly comes off that way. The suburban counties all have modern e-filing systems in place, after all, including several rural counties that don't have nearly the breadth of resources afforded to Cook County. What should be kept top of mind, however, is the tax all of this puts on the public and its interest in justice in the county. Going back to defense attorney De Leon and the use of technology as outdated as carbon copy: “To a certain extent ... the lack of transparency kind of is the ugly product of the old system,” De Leon said. “I don’t know if it’s necessarily on purpose — to keep this information away from the average citizen — but it certainly is a consequence of that.” And no amount of CYA or finger-pointing should distract anyone from the obvious reality that the public is not being well-served by the Cook County court filing system. Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
Another paper has been released, adding to the current encryption discussion. The FBI and DOJ want access to the contents of locked devices. They call encryption that can be bypassed by law enforcement "responsible encryption." It isn't. A recent paper by cryptograpghy expert Riana Pfefferkorn explained in detail how irresponsible these suggestions for broken or weakened encryption are. This new paper [PDF] was put together by the National Academies of Science, Engineering, and Medicine. (h/t Lawfare) It covers a lot of ground others have and rehashes the history of encryption, along with many of the pro/con arguments. That said, it's still worth reading. It raises some good questions and spends a great deal of time discussing the multitude of options law enforcement has available, but which are ignored by FBI officials when discussing the backdoors/key escrow/weakened encryption they'd rather have. The paper points out law enforcement now has access to much more potential evidence than it's ever had. But that might not always be a good thing. The widespread use of cloud storage means that law enforcement has another potential source of evidence to turn to when they do not have access to the data on devices, either because the device is unavailable or the data on the device is encrypted. Not all of this digital information will be useful, however. Because storage is cheap or even free, people keep all sorts of non-noteworthy electronic documents forever. What's unsaid here is law enforcement should be careful what it wishes for. Encryption that allows government on-demand access may drown it in useless data and documents. If time is of the essence in cases where law enforcement is seeking to prevent further criminal activity, having a golden key may not move things along any faster. I'm sure the FBI and others would prefer access all the same, but this does point to a potential negative side effect of cheap storage and endless data generation. And the more access law enforcement has, the more chances there are for something to go horribly wrong on the provider's end. How frequently might vendors be asked to unlock phones? It is difficult to predict the volume of requests to vendors, but a figure in the tens of thousands per year seems reasonable, given the number of criminal wiretaps per year in the United States and the number of inaccessible devices reported by just the FBI and Manhattan District Attorney’s Office. As a result, each vendor, depending on its market share, needs to be able to handle thousands to tens of thousands of domestic requests per year. Such a change in scale, as compared to the software update process, would necessitate a change in process and may require a larger number of people authorized to release an unlock code than are authorized to release a software update, which would increase the insider risk. The paper also runs down stats provided by the FBI and the Manhattan DA's office. It notes the overall number of unlockable phones has continued to rise but points out these numbers aren't all that meaningful without context. In November 11, 2016, testimony to this committee, then-Federal Bureau of Investigation (FBI) General Counsel James Baker reported that for fiscal year 2016, the FBI had encountered passcodes on 2,095 of the 6,814 mobile devices examined by its forensic laboratories. They were able to break into 1,210 of the locked phones, leaving 885 that could not be accessed. The information Baker presented did not address the nature of the crimes involves nor whether the crimes were solved using other techniques. [...] Although existing data clearly show that encryption is being encountered with increasing frequency, the figures above do not give a clear picture of how frequently an inability to access information seriously hinders investigations and prosecutions. It goes on to note that we may never see this contextual information. Any attempt to collect this data would be hindered by law enforcement's reluctance to provide it, and there are currently no visible efforts being made by agencies to determine just how often encryption stymies investigations. Whatever would actually be reported would be tainted by subjective assessments of encryption's role in the investigation. However, without more context, the endless parade of locked device figures is nothing more than showmanship in service to the greater goal of undermining encryption. The paper helpfully lists several options law enforcement can pursue, including approaching cloud services for content stored outside of locked devices. It also points out the uncomfortable fact that law enforcement doesn't appear to be making use of tools it's always had available. One of these options is compelled production of passwords or biometric data to unlock phones. While the Fifth Amendment implications of compelled password production are still under debate, it's pretty clear fingerprints or retinas aren't going to receive as much Constitutional protection. On top of that, there's the fact that a number of device owners have already voluntarily provided copies of encryption keys, and these can likely be accessed by law enforcement using a standard warrant or an All Writs Act order. [M]any storage encryption products today offer key escrow-like features to avoid data loss or support business record management requirements. For example, Apple’s full disk encryption for the Mac gives the user the option to, in effect, escrow the encryption key. Microsoft Windows’ BitLocker feature escrows the key by default but allows users to request that the escrowed key be deleted. Some point to the existence of such products as evidence that key recovery for stored data can be implemented in a way that sensibly balances risks and benefits at least in certain contexts and against certain threats. In any case, data that is recoverable by a vendor without the user’s passcode can be recovered by the vendor for law enforcement as well. Key escrow-type systems are especially prevalent and useful where the user, or some other authorized person such as the employer, needs access to stored data. The report also claims law enforcement "had not kept pace" with the increase of digital evidence. It posits the problem is a lack of funding and training. Training is almost certainly a problem, but very few law enforcement agencies -- especially those at the federal level -- suffer for funding or expertise. This might be due to bad assumptions, where officials believed they would always have full access to device contents (minus occasional end user initiative on encryption). When it became clear they wouldn't, they began to seek solutions to the problems. This put them a few steps behind. Then there are those, like Manhattan DA Cy Vance and FBI Director Chris Wray, who are putting law enforcement even further behind by pushing for legislation rather than focusing their efforts on keeping officers and agents well-supplied and well-trained. While the report does suggest vendors and law enforcement work together to solve this access "problem," the suggestions place the burden on vendors. One suggested fix is one-way information sharing where vendors make law enforcement aware of unpatched exploits, allowing the government (and anyone else who discovers it) to use these vulnerabilities to gain access to communications and data. It's a horrible suggestion -- one that puts vendors in the liability line of fire and encourages continued weakening of device and software security. The report also points out the calls for harder nerding have been at least partially answered. The proposed solutions aren't great. In fact, one of them (running lawful access keys and software update keys through the same pipeline) is terrible. But it's not as though no one on the tech side is trying to come up with a solution. Several individuals with backgrounds in security and systems have begun to explore possible technical mechanisms to provide government exceptional access. Three individuals presented their ideas to the committee. • Ernie Brickell, former chief security architect, Intel Corporation, described ways that protected partitions, a security feature provided by future microprocessor architectures, could be used to provide law enforcement access to devices in their physical possession, provide remote access by law enforcement, or provide key escrowed cryptography for use by applications and nonescrowed cryptography for a set of “allowed” applications. • Ray Ozzie, former chief technical officer and former chief software architect, Microsoft Corporation, argued that if a user trusts a vendor to update software, the user should be able to trust the vendor to manage keys that can provide exceptional access. He proposed that this extension of the trust model used for software updates could be used to provide government exceptional access to unlock mobile devices. Ozzie also provided the committee with materials describing how this approach could be extended to real-time communications such as messaging. • Stefan Savage, professor of computer science and engineering, University of California, San Diego, described how phone unlock keys could be stored in hardware and made available via an internal hardware interface together with a “proof-of-effort” lock that together would require physical possession and a time delay before law enforcement could unlock a device. The report points out these are only suggestions and have yet to be rigorously examined by security professionals. But their existence belies the narrative pushed by the FBI in its search for a federal statutory mandate. There are experts trying to help. Unfortunately, every solution proposed is going to require a sacrifice in device security. The problem is complex, if you choose to believe it's a problem. It may be troublesome that law enforcement can't have access to device contents as easily as they could five years ago, but it's not the threat to public safety anti-encryption enthusiasts like Chris Wray and Cy Vance make it out to be. Encryption use has gone up while crime rates have remained steady or decreased. The emphasis on cellphones as the ultimate investigative goldmine is misplaced. Plenty of options remain and law enforcement spent years solving crimes without having one-stop access to communications and personal documents. An ancient discovery known as "fire" has put evidence out of reach for hundreds of years, but no one's asking the smart guys at Big Match to come up with a solution. Things are harder but they're not impossible. What is impossible is what Wray and others are asking for: secure compromised encryption. Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
Last week was a big week for dramatically bad copyright rulings from the New York federal courts: the one finding people liable for infringement if they embed others' content in their own webpages, and this one about 5Pointz, where a court has found a building owner liable for substantial monetary damages for having painted his own building. While many have hailed this decision, including those who have mistakenly viewed it as a win for artists, this post explains why it is actually bad for everyone. The facts in this case are basically this: the owner of a run-down, formerly industrial building in a run-down neighborhood aspired to do something to redevelop his property, but it would be a few years before the time would be right. So in the meantime he let some graffiti artists use the building for their aerosol paintings. The building became known as 5Pointz, and the artwork on it soon began to attract attention. The neighborhood also began to change, and with the improvement the prospects for redeveloping the property into residences became more promising. From the outset everyone knew that redevelopment would happen eventually, and that it would put an end to the arrangement since the redevelopment would likely necessitate tearing down the building, and with it the art on the walls. As the date of demolition grew closer, the artists considered buying the building from the owner in order to prevent it from being torn down and thus preserve the art. However the owner had received a variance that suddenly made the value of the property skyrocket from $40 million to $200 million, which made the buyout impossible. So the artists instead sued to halt the destruction of their art and asked for a preliminary injunction, which would ensure that nothing happened to the art while the case was litigated. But in late 2013 the court denied the preliminary injunction, and so a few days later the building owner went ahead and painted over the walls. The painting-over didn't end the litigation, which then became focused on whether this painting-over broke the law. In 2017 the court issued a ruling allowing the case to proceed to trial on this question. Then last week came the results of that trial, with the court finding this painting-over a "willfully" "infringing" act and assessing a $6.7 million damages award against the owner for it. It may be tempting to cheer the news that an apparently wealthy man has been ordered to pay $6.7 million to poorer artists for damaging their art. True -- the building owner, with his valuable property, seems to be someone who potentially could afford to share some of that wealth with artists who are presumably of lesser means. But we can't assume that a defendant building owner, who wants to be able to do with his property what he is normally legally allowed to do, will always be the one with all the money, and the plaintiff artist will always be the one without those resources. The law applies to all cases, no matter which party is richer, and the judicial reasoning at play in this case could just as easily apply if Banksy happened to paint the side of your house and you no longer wanted what he had painted to remain there. Per this decision, removing it could turn into an expensive proposition. The decision presents several interrelated reasons for concern. Some arise from the law underpinning it, the Visual Artists Rights Act of 1990, an amendment to copyright law that, as described below, turned the logic of copyright law on its head. But there are also some alarming things about this particular decision, especially surrounding the application of high statutory damages for what the court deemed "willful" "infringement," that accentuate everything that's wrong with VARA and present issues of its own. With respect to the law itself, prior to VARA the point of copyright law (at least in the US) was to make sure that the most works could be created to best promote the progress of the sciences and useful arts (as the Constitution prescribed). The copyright statute did this by giving creators economic rights, or rights designed to ensure that if there was money to be made from their works, they would have first crack at making it. The thinking was that with this economic incentive, creators would create more works, and thus the public interest goal of having more works created would be realized. VARA changed this statutory equation for certain kinds of visual works. Instead of economic rights, it gave their creators certain moral rights, including (as relevant for this case), the right to preserve the integrity of their work. This right of integrity includes the right (A) to prevent any intentional destruction, mutilation, or other modification of that work which would be prejudicial to his or her honor or reputation, and any intentional distortion, mutilation, or modification of that work is a violation of that right, and (B) to prevent any destruction of a work of recognized stature, and any intentional or grossly negligent destruction of that work is a violation of that right. Which may sound well and good, but as we see with the costly way the statute plays out, rather than creating economic incentives stimulating the creation of new works, it has now created economic effects inhibiting them, which in the long run will only hurt the artists VARA was intended to help. The most obvious way it hurts them is by deterring property owners from allowing any art to be installed on their property, because it means that if they do, they may be forever stuck with it. Allowing art to be installed means they will either stand to lose the control they would have had without it (itself a hit to the property's worth), or potentially be faced with thousands if not millions of dollars in liability if they do what they want with their property anyway. And what property owner would want to chance such dire consequences in order to encourage art? Granted, some of this risk can be ameliorated with written agreements, which were lacking in this case. But if all public art requires lawyered paperwork, it raises costs and will deter both artist and property owner from pursuing this sort of mutually beneficial arrangement. In this case the property owner had let the artists use his building to create, for free, by unwritten agreement simply because at the time they all agreed that it was good for both of them. It will not be good for creativity if we discourage this sort of symbiotic relationship from taking root. It also will not be good for future artists whose economic interests might have benefited from other such opportunities like those 5Pointz offered. Even in this case the court noted all the evidence presented in "Folios", showing that being able to paint the building had opened up all sorts of doors for the artists to reap further economic rewards for their art. Artists will have fewer opportunities for that sort of career-enhancing exposure if landlords are deterred from giving it to them. There is an implicit argument present in the plaintiffs' case that some of the rise in the value of the building was due to the artwork, and that it would therefore be just to share some of that windfall with them. But by this same logic, the building owner would have been similarly responsible for, and thus entitled to a portion of, the rise in value of the work of the artists whom he had allowed to exhibit. It would not be good for artists in the long run if they should find themselves needing to share their good fortune with their benefactors – or be potentially liable for any loss in their property value, should the presence of their work diminish it. This case also stands to have some directly chilling effects on artists. While this case is not about graffiti artists suing each other for painting over each other's works (as the court noted, up to now graffiti artists have routinely painted over each others' works without any more severe penalty than social approbation, if even that), it's not clear why, if the decision stands, the next case couldn't be. The decision found that a VARA claim could be vindicated regardless of whether a work was temporary or permanent, and instead focused on whether a work had achieved the stature needed to be entitled to protection under the statute. It won't be good for artists if they have to fear being tied up in litigation with their peers due to the transient nature of their medium (or locked out of being able to create at all because others have already used all the good spaces first), or caught in a judicial cage match to determine whose work has the stature to be more deserving of protection. It is possible that the court erred, and transient art falls outside VARA's purview. But there is enough ambiguity in the statute to potentially extend to it, and in any case, the statute's deterring effects would apply to all sorts of art, not just aerosol-painted art. Unfortunately at no point does the decision contemplate these effects, or its effects on other important policy values such as urban planning and affordable housing, if VARA is able to trump other forms of law, such as property law, that normally speak to what a building owner may do. The decision also largely ignores that the building owner had let the artists paint there in the first place, when he didn't have to. And it ignores that the building owner had done this apparently now wrongful painting-over of the art on his walls after this very same court denied an injunction that would have told him not to. None of these factors mattered to the court. But all of them should matter to us, as should the extremely troubling way the court found his "infringement" (in other words, the painting-over) "willful," and thus subject to heightened damages. This is where the decision not only encapsulates the policy flaws of VARA, but also threatens to be seriously distorting to copyright doctrine (and other law) generally. One troubling aspect is the punitive attitude by the court towards the building owner for having painted over the art after the very same court had denied an injunction preventing it. In between its order of November 12, 2013 denying the preliminary injunction, and its November 20, 2013 decision explaining its order (embedded below), the building owner had gone ahead and done the painting-over. This act appears to have outraged the court, whose November 20 decision reads more as an explanation for why it probably should have issued the injunction, now that in the intervening time the owner had painted over it. As the court correctly observed in this 2013 opinion, preliminary injunctions exist so that courts can prevent irreparable harm at the outset that a court is likely to later rule needs to be prevented, if it would be too late to unring the bell at that point. In fact the language the court cited for the injunction is so standard that when the naked order denying the preliminary injunction was issued, it was perfectly reasonable for the building owner to presume that either (a) he was likely to win the case and be able to do what he wanted to the building, or (b) it wasn't such a severe harm if he removed the art now and later the court decided he shouldn't have, or (c) some combination of both. So it reads as a serious miscarriage of justice for the court's 2018 decision to punish him for going ahead and removing the art, or "recklessly disregard[ing] the possibility" that removing it would be wrongful, as the court put it. Furthermore, if the court is right in its 2018 decision that the painting-over raised a valid VARA claim, then it was wrong to deny the injunction in 2013. Problematic though it is for VARA to introduce non-economic rights into copyright law, the whole point of one of them – the right to maintain the integrity of the work – can only be vindicated with an injunction. If this right were something that could be adequately compensated for by monetary damages, then it would start to look a lot more like an economic right. That's not what VARA was ever intended to create, but it is what the court effectively created back in 2013 when it refused the injunction and deemed monetary damages sufficient to address any harm should the VARA claim later prevail. As it wrote in a confused passage in its 2013 decision: Although the works have now been destroyed—and the Court wished it had the power to preserve them—plaintiffs would be hard-pressed to contend that no amount of money would compensate them for their paintings; and VARA—which makes no distinction between temporary and permanent works of visual art—provides that significant monetary damages may be awarded for their wrongful destruction. See 17 U.S.C. §§ 501-505 (providing remedies for VARA violations). In any event, paintings generally are meant to be sold. Their value is invariably reflected in the money they command in the marketplace. Here, the works were painted for free, but surely the plaintiffs would gladly have accepted money from the defendants to acquire their works, albeit on a wall rather than on a canvas. It continued more bizarrely: Moreover, plaintiffs’ works can live on in other media. The 24 works have been photographed, and the court, during the hearing, exhorted the plaintiffs to photograph all those which they might wish to preserve. All would be protected under traditional copyright law, see 17 U.S.C. § 106 (giving, inter alia, copyright owners of visual works of art the exclusive rights to reproduce their works, to prepare derivative works, and to sell and publicly display the works), and could be marketed to the general public—even to those who had never been to 5Pointz. In the court's defense, it is correct that VARA does allow for infringements of moral rights to be compensated by monetary damages. But it shouldn't be the primary form of relief, and the court's punitive use of the highest amount of statutory damages to compensate the artists exemplifies why. Statutory damages are normally for when it is hard to measure economic loss and so we have to instead make some presumptions about how much compensation that loss deserves. There are already plenty of problems with these presumptions tending to allow for the recovery of far more than what actual losses would have been, but this decision magnifies their problematic nature by allowing statutory damages not only to overcompensate economic loss but to overcompensate non-economic loss. In other words, congratulations, we now have "pain and suffering" in copyright cases. Perhaps in a way we always have – the overuse of statutory damages has always suggested that is really a retributive, rather than truly compensatory, damages measure. In this case, the court is perfectly frank that's what it's doing: If not for Wolkoff’s insolence, these damages would not have been assessed. If he did not destroy 5Pointz until he received his permits and demolished it 10 months later, the Court would not have found that he had acted willfully. Given the degree of difficulty in proving actual damages, a modest amount of statutory damages would probably have been more in order. But courts have always maintained the facade that compensation for emotional harm is unavailable in copyright cases. The 5Pointz court even acknowledges this limitation in footnote 18 of its 2018 decision: Plaintiffs contend that they are entitled to damages for emotional distress. Under traditional copyright law, plaintiffs cannot recover such damages. See Garcia v. Google, Inc., 786 F.3d 733, 745 (9th Cir. 2015) (“[A]uthors cannot seek emotional damages under the Copyright Act, because such damages are unrelated to the value and marketability of their works.”); Kelley v. Universal Music Group, 2016 WL 5720766, at *2 (S.D.N.Y. Sept. 29, 2016) (“Because emotional distress damages are not compensable under the Copyright Act, this claim must also be dismissed.”). Since VARA provides damages under “the same standards that the courts presently use” under traditional copyright law, H.R. Rep. No. 101-514, at 21-22 (1990), emotional damages are not recoverable. But the outright hostility the court repeatedly shows the defendant, in the language in both decisions, makes it clear that statutory damages are being used to compensate for what is otherwise a purely emotional harm. From the 2018 decision: The whitewash did not end the conflict in one go; the effects lingered for almost a year. The sloppy, half-hearted nature of the whitewashing left the works easily visible under thin layers of cheap, white paint, reminding the plaintiffs on a daily basis what had happened. The mutilated works were visible by millions of people on the passing 7 train. One plaintiff, Miyakami, said that upon seeing her characters mutilated in that manner, it "felt like [she] was raped." Tr. at 1306:24-25. There are good reasons why we do not allow copyright to remediate hurt feelings, not the least of which being that they are likely to run raw on both sides. From an article from last year (before the $6.7 million judgment): Wolkoff feels betrayed by the artists he thought he was helping by lending them his wall to bomb. He cried when the building came down, he confessed, and said he would bring back more street artists to paint at the location after the renovation—just not those who sued. Notably in its 2017 ruling (also embedded below) allowing the VARA claim to go forward, the court dismissed the artists' claims for intentional infliction of emotional distress, despite the strong emotions the case had engendered. Because the defendants destroyed 5Pointz only after the Court dissolved its temporary restraining order and did no more than raze what they rightfully owned, the defendants simply did not engage in the kind of outrageous and uncivilized conduct for whose punishment this disfavored tort was designed. And therein lies the rub: the building owner did no more than what other law clearly allowed. But by allowing artists to bring claims for the "intentional distortion, mutilation, or other modification . . . [of works that] would be prejudicial to [the artist’s] honor or reputation" the court has set up a direct conflict between VARA and what traditional copyright law, and traditional property law, have allowed. And it has done this without addressing any of the implications of this new policy collision. Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
When a mass shooting occurs, politicians leap into the void with plenty of ideas of how to fix it. They can't -- or won't -- fix it, but they're more than willing to sacrifice other Constitutional amendments to keep the Second Amendment intact. Kentucky Governor Matt Bevins was the first to fill the void with garbage following the latest school shooting by blaming violent video games, despite there being no evidence linking violent acts to violent video games. Now it's Donald Trump blaming school shootings on the First Amendment. During a discussion with Florida legislators (video here), Trump suggested doing something we've been doing for years. Speaking to Florida Attorney General Pam Bondi, Trump said: ‘I’m hearing more and more people seeing the level of violence in video games is really shaping young people’s thoughts ‘ 'And then you go the further step, and that’s the movies. You see these movies, and they’re so violent a kid is able to see the movie if sex isn’t involved, but killing is involved, and maybe we need to put a rating system for that.' It appears Trump is suggesting video games and movies need a rating system. I honestly don't know where to go with this. Video games have had a rating system -- one adopted and enforced voluntarily by developers -- for nearly a quarter-century now. Movies have had ratings for more than 50 years, and that rating system has been revised a couple of times to allow for a more granular breakdown of possibly offensive content. These are not new ideas. But these are our President's ideas -- ones that carry a faint whiff of impending government censorship. Imposing further restrictions on "violent" media isn't going to solve an ongoing violence problem, but it will allow legislators (and sitting presidents) to pretend they did something useful. Whether or not you agree the Second Amendment guarantees the right to load up on powerful weapons, any advocate of Constitutional rights would do well to remember they're a bundle, not a la carte offerings. Trump is a fierce advocate of the Second Amendment but doesn't seem to care much for the First Amendment. (Or the Fourth Amendment, Fifth Amendment, Sixth Amendment… unless it's him or one of his being accused of criminal activity.) So, if you want an intact Second Amendment, you'd better leave the rest of the rights alone. This is stupid, kneejerk... well, it's definitely not "thinking." This sort of thing suggests no active firing of synapses. Instead, it suggests the primordial survival instincts of a politician who views rights as privileges and is willing to harm those not immediately beneficial to him. Politicians like Trump and Governor Bevins are quick to blame things they don't understand or don't participate in. This allows them to feel like they're taking action without risking anything that's meaningful to them. It's crass, stupid, short-sighted, and ultimately, it's a sign of weakness. It takes no backbone to sacrifice things you don't care about. Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
Well, well. For the past few months I've been meaning to write about Disney's silly lawsuit against Redbox, but other stuff kept coming up, and now a judge has ruled against Disney and said that Disney appears to be engaged in copyright misuse. This is in a case that Disney brought -- and it appears to be backfiring badly. Redbox, as you probably know, has kiosks where you can rent DVDs relatively cheaply. It's managed to stay alive despite the traditional DVD rental business disappearing most everywhere else. About a decade ago, Hollywood fought vigorously against Redbox, but the company survived (though being taken over by a private equity firm in 2016), relying heavily on first sale rights, enabling it to legally purchase DVDs and then rent them out. Back in December, however, Disney sued Redbox over taking its business to the next level and including download codes that could be purchased at a Redbox kiosk. Though it took them basically forever, Hollywood studios have finally realized that offering online access with the purchase of movies is a good idea, but they only want the end consumer who is buying a DVD to get access to them. So, Redbox would buy the Disney "Combo Packs" that offered the DVD and a download code, and the would offer the paper codes in kiosks to let renters watch the movie online. They weren't just copying the code and letting anyone use it -- it was still a one-to-one limitation with the purchase in that they would buy the DVD with a paper code on it, and then stuff that paper code into their kiosk delivery pods. Disney argued that this was contributory copyright infringement, even though the code pointed to a legitimate/authorized version of the movie and was legitimately purchased. Redbox hit back by arguing that the First Sale doctrine protected it (as it did with the physical rentals) and that it is free to use the codes in this manner as the legal purchaser. Disney's response to that was that First Sale does not apply to the download code because it's not the copyright-covered work. But Redbox also hit back with a separate punch against Disney, arguing that it was engaged in copyright misuse, a concept we've discussed in the past, but that rarely shows up in cases these days (even though we've argued it should be used more often). The basic argument was that Disney was over-claiming what copyright allowed it to exclude in order to stamp out competition. And, (somewhat surprisingly), in the process of denying Disney's demand for a preliminary injunction, the court agrees that Disney is engaged in copyright misuse because it is using its copyright in the movies to restrict what happens to purchases. Combo Pack purchasers cannot access digital movie content, for which they have already paid, without exceeding the scope of the license agreement unless they forego their statutorily-guaranteed right to distribute their physical copies of that same movie as they see fit. This improper leveraging of Disney’s copyright in the digital content to restrict secondary transfers of physical copies directly implicates and conflicts with public policy enshrined in the Copyright Act, and constitutes copyright misuse. Because of this, the court finds that Disney has little chance of prevailing on its contributory copyright infringement claims and denies the injunction request. The court then notes that it doesn't even need to get into the First Sale issues, but then suggests Redbox would have difficulty winning on a pure first sale argument, mainly because of the ReDigi decision that said you can't sell "used" MP3s. And then concludes that First Sale doesn't really come into play since it's the code that's at issue, rather than the copyright-covered content: Notwithstanding ReDigi, the plain language of the statutes, and the important policy considerations described by the Copyright Office, Redbox urges this court to conclude that Disney’s sale of a download code is indistinguishable from the sale of a tangible, physical, particular copy of a copyrighted work that has simply not yet been delivered. Even assuming that the transfer is a sale and not a license, and putting aside what Disney’s representations on the box may suggest about whether or not a “copy” is being transferred, this court cannot agree that a “particular material object” can be said to exist, let alone be transferred, prior to the time that a download code is redeemed and the copyrighted work is fixed onto the downloader’s physical hard drive. Instead, Disney appears to have sold something akin to an option to create a physical copy at some point in the future. Because no particular, fixed copy of a copyrighted work yet existed at the time Redbox purchased, or sold, a digital download code, the first sale doctrine is inapplicable to this case. There's a separate issue around whether or not Redbox's actions constituted a "breach of contract," and again the court is unimpressed. The key question is whether or not the text that Disney prints on its box about how "codes are not for sale or transfer" represents a contract. The court easily concludes that it does not: The phrase “Codes are not for sale or transfer” cannot constitute a shrink wrap contract because, like the box at issue in Norcia, Disney’s Combo Pack box makes no suggestion that opening the box constitutes acceptance of any further license restrictions.... Although Disney seeks to analogize its Combo Pack packaging and language to the packaging and terms in Lexmark, the comparison is inapt. The thorough boxtop license language in Lexmark not only provided consumers with specific notice of the existence of a license and explicitly stated that opening the package would constitute acceptance, but also set forth the full terms of the agreement, including the nature of the consideration provided, and described a post-purchase mechanism for rejecting the license. Here, in contrast, Disney relies solely upon the phrase “Codes are not for sale or transfer” to carry all of that weight. Unlike the box-top language in Lexmark, Disney’s phrase does not identify the existence of a license offer in the first instance, let alone identify the nature of any consideration, specify any means of acceptance, or indicate that the consumer’s decision to open the box will constitute assent. In the absence of any such indications that an offer was being made, Redbox’s silence cannot reasonably be interpreted as assent to a restrictive license. Of course, this almost certainly means that Disney is quickly reprinting the packaging on all its Combo Pack DVDs to make this language more legalistic to match the Lexmark standard. Still, the court also notes that Disney makes other claims on the box that are clearly not true, which further undermine the claim that random sentences on the box represent a contract: Indeed, the presence of other, similarly assertive but unquestionably non-binding language on the Combo Pack boxes casts further doubt upon the argument that the phrase “Not For Sale or Transfer” communicates the terms or existence of a valid offer. The packaging also states, for example, that “This product . . . cannot be resold or rented individually.”... This prescription is demonstrably false, at least insofar as it pertains to the Blu-ray disc and DVD portions of the Combo Pack.8 The Copyright Act explicitly provides that the owner of a particular copy “is entitled, without the authority of the copyright owner, to sell or otherwise dispose of the possession of that copy.” ... Thus, the clearly unenforceable “cannot be resold individually” language conveys nothing so much as Disney’s preference about consumers’ future behavior, rather than the existence of a binding agreement. At this stage, it appears that the accompanying “Not For Sale or Transfer” language plays a similar role. While it's a bit disappointing to see the court buy into the ReDigi reasoning on First Sale, it's good to see it not buy the language on the box representing a contract and to call out the company for copyright misuse in leveraging copyrights to stifle other lawful activity. This case is likely far from over, though, so we'll see how things progress. Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
In the CISSP Certification Training Course, overseen by the Information Systems Security Certification Consortium (ISSCC), you'll master the fundamentals of information systems security, and learn the skills you need to pass the CISSP exam. You'll learn the principles of access control, and how they can be strengthened and applied to keep unauthorized users out of a system. The course covers the role of information governance and risk management in security standards, the legal obligations of data security, and much more. It's on sale for $29. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team. Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
Things had been mostly quiet on the SESTA/FOSTA front for the past few weeks, but apparently that's about to change, as the House leadership has agreed to a plan to rush the bill to a full floor vote next week, by creating a terrible Frankenstein of a bill that solves none of the existing concerns people had -- but creates new ones. If you don't recall, there are competing bills in the House (FOSTA) and the Senate (SESTA) which purportedly both attempt to deal with the problem of human traffickers using internet services to enable illegal trafficking. Both bills have serious flaws in how they attack the problem -- with the potential to actually make the problem of trafficking worse while also screwing up how the internet works (especially for smaller internet services) at the same time. Things had been at a standstill for the past couple months as the House pushed its approach with FOSTA, while the Senate stood by its approach with SESTA. SESTA works by changing Section 230 of the Communications Decency Act to create a huge hole saying that CDA 230 doesn't apply if a site "knowingly facilitates" a violation of sex trafficking laws. If you don't have much experience with how similar laws work on the internet, this might sound reasonable, but in practice it's not. There's a similar "knowledge" standard in copyright law, and we've seen that abused repeatedly to censor all sorts of content over the years. You just need to allege that something violates the law, and a platform seeking to avoid potentially crippling liability is likely to remove that content. As I've noted, if the law passes, almost every internet company will be put at risk, including anyone from small blogs like ours to Wikipedia. The bill's backers seem to think this is a benefit rather than a problem -- which is quite incredible. Until now, the House had been pushing an alternative proposal, called FOSTA, which tried to achieve similar results without punching a giant hole in CDA 230. Instead, it focused on creating a new crime for those with the intent to promote or facilitate prostitution. The intent standard is a much stronger one than the "knowledge" standard. There were still a couple of problems with FOSTA, though. Rather than focusing on sex trafficking, it covered all prostitution, which is too frequently lumped in with trafficking, and worried many in the community of folks supporting the rights of sex workers. But, a larger issue was that this would still open a huge hole for state and local prosecutors to go on massive fishing expeditions if any sort of prostitution related content ended up on any website. Even if they couldn't show intent, they could still bog down almost any internet platform with charges and investigations for quite some time. I mean, even we get people trying to spam our comments all the time with what appear to be prostitution ads. We catch most of them, but what if a few get through and some law enforcement agency wants to make life difficult for us? Under FOSTA, that's a real possibility. Such laws can be abused. Still, the approaches were so different that things appeared to mostly be at a standstill. However, as noted above, suddenly things are moving and moving fast... and in the worst possible way. House Leadership apparently decided that rather than convince the Senate to move to a FOSTA approach, they would just bolt SESTA onto FOSTA via an amendment. And then, suddenly the House bill has all the problems of both bills without fixing either. That amendment was released yesterday and is being introduced by Rep. Mimi Walters of California. Her district includes Irvine, which houses a whole bunch of tech companies who should be absolutely furious that their own representative just made things much more difficult for them. Take, for example, JobzMall, an Irvine-based company for connecting workers and employers. It's not difficult to think of how some might try to abuse that tool for prostitution or trafficking -- and suddenly the site may face a ton of legal fights, fishing expeditions and criminal threats because of this. That seems like a huge, huge problem. And, importantly, it cannot be stressed enough that nothing in either of these bills does anything at all to actually stop sex trafficking. Supporters of the bill keep insisting it's necessary to stop sex trafficking and that those opposed to the bills are somehow in favor of sex trafficking. That's just wrong. Those opposed to the bill know what happens when you have mis-targeted bills that hold platforms responsible for what users do with them: and it's not that the "bad stuff" goes away. Instead, the bad stuff tends to continue, and lots of perfectly acceptable things get censored. A recent paper by one of the world's foremost experts on "intermediary liability," Daphne Keller, explains why the bill won't work based on years and years of studying how these kinds of intermediary liability laws work in practice: SESTA’s confusing language and poor policy choices, combined with platforms’ natural incentive to avoid legal risk, make its likely practical consequences all too clear. It will give platforms reason to err on the side of removing Internet users’ speech in response to any controversy – and in response to false or mistaken allegations, which are often levied against online speech. It will also make platforms that want to weed out bad user generated content think twice, since such efforts could increase their overall legal exposure. And, again, NONE of that does anything to actually go after sex traffickers. As Keller notes in her paper: SESTA would fall short on both of intermediary liability law’s core goals: getting illegal content down from the Internet, and keeping legal speech up. It may not survive the inevitable First Amendment challenge if it becomes law. That’s a shame. Preventing online sex trafficking is an important goal, and one that any reasonable participant in the SESTA discussion shares. There is no perfect law for doing that, but there are laws that could do better than SESTA -- and with far less harm to ordinary Internet users. Twenty years of intermediary liability lawmaking, in the US and around the world, has provided valuable lessons that could guide Congress in creating a more viable law. But instead of doing that, Congress is pushing through with something that doesn't even remotely attempt to fix the problems, but bolts together two totally separate problematic bills and washes its hands of the whole process. And, we won't even bother getting into the procedural insanity of this suddenly coming to the House floor for a vote early next week, despite the Judiciary Committee only voting for FOSTA, but not this SESTA-clone amendment. This is a terrible idea, done in a terrible way and Congress seems to be doing it because it wants to "do something" about sex trafficking, without realizing what it's doing won't help stop sex trafficking, and could create massive harm for the wider internet. It's the perfectly dumb solution to the wrong problem. It's a very Congress-like approach to things, in which "doing something" is much more important than understanding the issues or doing the right thing. And, once again, while some are incorrectly insisting that "the big tech companies" are against this, they are not. Their trade group, the Internet Association, came out in favor of SESTA's approach and Facebook in particular has gone all in supporting the bill. In talking to people familiar with Facebook's thinking on this, they recognize that they can withstand whatever bullshit comes out of this, but they know that smaller platforms cannot. And to Facebook, that is one of the benefits of SESTA. It weakens the competition and hurts smaller companies. So, no, this is not "big tech" fighting SESTA. Basically every smaller internet platform I've spoken to is upset about this and trying to figure out how they're going to handle the inevitable mess this causes. But few are willing to speak out publicly, because they know that SESTA supporters will vocally attack them and falsely claim that they're "in favor of sex trafficking." Incredibly, most of those attacks will come on platforms that only exist because of CDA 230's strong protections. Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
In the wake of the school shooting tragedy in Florida that saw 17 people slain and more injured, the following days have played out in a depressingly familiar fashion. It's somewhat stunning to see such bloodshed result in the predictable retreat by most people to the defensive or offensive ground of their cause du jour. What should be immediately obvious to anyone seriously examining something like the mass murder of school children and teachers is that the reality that surrounds such an event is messy, complicated, and influenced by detail. Yet, as is our wont, entirely too many people decide that the solution to the mass shooting puzzle is made up of one or two pieces, rather than hundreds and thousands. It's guns. It's specific types of guns. It's mental health. It's rap music, or the waltz, or comic books. It's one of these things that deserve our ire, or maybe two if we're feeling generous. Well, it was only a matter of time, but contributing to this non-conversation is Kentucky Governor Matt Bevin, who has yet another cliched scapegoat upon which to place the sins of the shooter. "There are video games that, yes, are listed for mature audiences, but kids play them and everybody knows it, and there's nothing to prevent the child from playing them," Bevin said in an interview on WHAS' Leland Conway show Thursday morning. "They celebrate the slaughtering of people. There are games that literally replicate and give people the ability to score points for doing the very same thing that these students are doing inside of schools, where you get extra points for finishing someone off who's lying there begging for their life." "These are quote-unquote video games, and they're forced down our throats under the guise of protected speech," Bevin continued, seemingly referring to a 2011 Supreme Court decision that prevents content-based restrictions on games. "It's garbage. It's the same as pornography. They have desensitized people to the value of human life, to the dignity of women, to the dignity of human decency. We're reaping what we've sown here." We are indeed, except what we've reaped has been a vibrant culture in which art and expression are both liberated and celebrated. We owe that to the very First Amendment protections at which Bevin finds it so easy to sneer. Importantly, at no point did Bevin suggest that Nikolas Cruz himself had any affinity for any particular video game or games. For Bevin, such details matter not. A campaign against video games has been the Governor's aim since long before Cruz shot up his former school and the shooting simply provided an excuse to rant against a favorite whipping post. If that sort of co-opting of real violence doesn't outrage you, it certainly should. As should how divorced from the facts Bevin's claims are generally. International comparisons of per capita spending on violent games and gun-related murders show a negative correlation between the two. And meta-analyses of video game violence studies have found no real link between imaginary on-screen violence and actual aggressive behavior. With that in mind, understand that Bevin, the head of a state in our union, is suggesting an attack on the First Amendment protections of a form of art in response to a correlation to violence that is at best unproven, and for which much evidence to the contrary exists. Whatever that is, it isn't good political leadership. Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
While the FCC formally voted to kill net neutrality late last year, the actual repeal of the rules doesn't occur until the repeal itself is published in the Federal Register. Sources tell Reuters that with Ajit Pai's agency having completed the finishing touches on its repeal, the publication should finally happen this week. Once that happens, there's a 60 day window before the actual repeal takes effect, meaning the rules will formally end in April: "The U.S. Federal Communications Commission is expected to publish on Thursday its December order overturning the landmark Obama-era net neutrality rules, two sources briefed on the matter said Tuesday." Of course that's really just the beginning of an entirely new chapter in the fight to prevent broadband monopolies from abusing a lack of competition in the broadband space (remember: net neutrality violations are just a symptom of a lack of competition, a problem nobody wants to seriously address for fear of upsetting campaign contributors). The publication in the Federal Register opens the door to the myriad lawsuits that will be filed against the agency. Those lawsuits range from suits by Mozilla and consumer groups, to the 22 state attorneys general who say they're also suing the agency for ignoring the public interest. These lawsuits must be filed within the next 60 days. Expect the court battle to quickly begin heating up in March. The publication also starts the 60 day shot clock on net neutrality activists' attempts to use the Congressional Review Act to reverse the FCC's repeal. As we've noted that effort needs just one more vote in the Senate, but faces a steep uphill climb in getting approval in the House, where ISP-loyal lawmakers are even more common. It would then require the signature of President Trump, something unlikely to happen. The gambit does have one primary benefit: it will force lawmakers to put their disdain for net neutrality and the will of the public down on paper ahead of the looming midterms. That said, the lawsuits have a fairly solid shot at reversing the FCC's attack on the rules thanks to numerous missteps by the agency. As we've well documented, the FCC turned a blind eye to identity theft and comment fraud during the repeal by "someone" clearly trying to downplay massive public opposition to the FCC's plan. The FCC also made up a DDOS attack for the same purpose, and used debunked lobbyist data as the cornerstone of the repeal. Expect a lot more data on this behavior to surface during the court challenge. As we've noted previously, you can expect ISPs to remain on their best behavior for the foreseeable future. Comcast, AT&T and Verizon policy marionettes will be eager to try and suggest that concerns about the repeal were hyperbole. ISP lawyers also won't be keen on providing any ammunition to help opponents in court. And since the next FCC or a future congress could just pass net neutrality rules again -- ISP lobbyists and compromised politicians are busy pushing fake net neutrality legislation with only one real purpose: prevent real, tough rules from being passed later. It's worth reiterating that ISPs aren't just killing net neutrality here. They're actively eroding most meaningful state and federal (FTC and FCC) oversight over a broken, uncompetitive market. And should ISPs successfully navigate all court challenges and pass their desired legislation codifying federal apathy into law, the result won't be subtle. Anybody that thinks otherwise hasn't watched Comcast do business the last few decades. Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
Some research [PDF] has emerged indicating handing officers extra rights results in more citizen complaints. This may seem to be of the "water is wet" research variety, but there's no reason to shrug this off. While most of us can infer that shielding officers from the consequences of their actions would naturally result in increased misconduct, almost all evidence to date has been anecdotal. (h/t Marginal Revolution) University of Chicago researchers were given the perfect chance to weigh the addition of a collective bargaining agreement against year-to-year complaint totals. Thanks to a 2003 Florida state supreme court decision, Florida sheriff's deputies were allowed to unionize, finally joining their police department counterparts. This gave the researchers a dividing line for a before and after comparison. The results were unsurprising. We construct a comprehensive panel dataset of Florida law enforcement agencies starting in 1997, and employ a difference-in-difference approach that compares sheriffs’ offices and police departments before and after Williams. Our primary result is that collective bargaining rights lead to about a 27% increase in complaints of officer misconduct for the typical sheriff’s office. That's an impressive jump and it can be tied to the addition of a collective bargaining agreement. The union's bargaining power secured a lengthy list of extra rights for deputies. While due process should be afforded to everyone, the version of due process citizens make do with contains none of these perks and protections. [F]lorida provides by statute a Law Enforcement Officer Bill of Rights (“LEOBOR”), which includes a variety of procedural protections for officers facing disciplinary investigations. One provision gives such an officer the right to “be informed of the nature of the investigation before any interrogation begins,” and to receive “all witness statements . . . and all other existing evidence, including, but not limited to, incident reports, GPS locator information, and audio or video recordings relating to the incident under investigation, . . . before the beginning of any investigative interview of that officer” (F.S.A§ 112.532(1)(d)). That is particularly generous given another requirement that “[a]ll identifiable witnesses shall be interviewed, whenever possible, prior to the beginning of the investigative interview of the accused officer” (id.). And that's not even the whole list of additional "due process" goodies Florida deputies received. [S]ome Florida CBAs give law enforcement officers the right to challenge any discipline the local government seeks to impose through arbitration or other administrative review, thus depriving the government of the power to make independent disciplinary decisions. Other rights include a time limitation on internal disciplinary investigations, expungement of old records even when the officer is found to have engaged in misconduct, and inspection of investigation files prior to a disciplinary hearing… [A]ll of these additional procedural rights raise the cost of terminating misbehaving officers and thereby lower deterrence. The researchers note the conclusions aren't definitive. There's no control group to observe and it's tempting to let correlation infer causation. But the research is as thorough as it can be, given the limited dataset. Law enforcement agencies closely guard internal documents on police misconduct. In some states, public records laws make it illegal to release any of these files to the public, forcing researchers to work blind. But this paper does show there's something wrong with union agreements and has the math to back up the seemingly obvious conclusions. When you give people with power more power and less accountability, abuse is usually the result. Whether the union agreements are responsible for all of the 27% jump in complaints is debatable, but the numbers show the agreements have made policing worse, rather than better. Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
Last year we wrote about a bizarre and troubling DMCA case involving the print-on-demand company Zazzle, in which the judge in the district court bizarrely and wrongly claimed that Zazzle lost its DMCA safe harbors because the allegedly infringing works were printed on a t-shirt, rather than remaining digitally (even though it was the end user using the infringing work, and Zazzle's system just processed it automatically). To add insult to injury, in November, the judge then issued a permanent injunction against Zazzle for this infringement. However, it appears that no one is more troubled about this permanent injunction issued by Judge Stephen Wilson... than Judge Stephen Wilson. In early February, Wilson released a new order reversing his earlier order and chastising himself for getting things wrong. The Court finds that there is a “manifest showing” of the Court’s “failure to consider material facts presented to the Court” because the Court did not provide any justification for the permanent injunction. Yes, that's the judge chastising himself for not providing the necessary justification for an injunction after finding Zazzle to not have safe harbors (some of the background here involves a question about which rules -- federal or local -- the court should be using to reconsider the earlier ruling, which isn't that interesting). Unfortunately, Wilson doesn't go back and revisit the DMCA safe harbors question -- this new ruling just focuses on why he was wrong to issue a permanent injunction after finding that the DMCA safe harbors didn't apply. For that, the court notes (correctly, this time!) that under the Supreme Court's important MercExchange standard, courts should be careful about issuing injunctions for infringement, and that the plaintiffs need to show irreparable harm and that other remedies aren't more appropriate (and that an injunction won't cause greater harm to the public). Here, the plaintiff failed to do all of those -- and somehow the court missed it. In addition, the court does note that it never even considered the question about whether the artwork that is displayed on Zazzle's website, but not printed on t-shirts, still gives Zazzle safe harbor protections -- and the injunction would have applied to those works too, even though they might have been protected under the DMCA: Plaintiff’s proposed permanent injunction was ambiguous and went beyond the issues at trial, facts which the Court did not consider when it granted the initial motion for a permanent injunction. Before trial, the Court never decided whether Zazzle had a viable DMCA defense as to images only displayed on Zazzle’s website and never physically manufactured. Dkt. 81. Plaintiff withdrew its claims as to such “display-only” artworks prior to trial, so the issue was not tried. Dkt. 110 at 2:11-25. As such, it is unclear whether the injunction applies to both the manufacture and distribution of physical goods, or also to display of images on the Zazzle website. It is also unclear if Zazzle must take “reasonable” steps to address the display of images on its website as well as its manufacture of products. The Court did not consider these material facts in determining the scope of the permanent injunction; upon reviewing these facts, the proposed injunctions go beyond the issues at trial. It's good that the court has realized its own mistakes and fixed them -- though it would be nice if it went further to the point of recognizing the problems of saying that by printing an image on a physical good the DMCA protections disappear. But, really, reading this new ruling, you almost (almost) feel bad for Judge Wilson as he complains about Judge Wilson's failings in this case: The Court recognizes that it failed to consider material facts in granting the permanent injunction in October 2017. The Court also recognizes that it provided no rationale for the permanent injunction, manifestly showing the failure to consider such facts. Upon considering those facts, the Court finds no basis for a permanent injunction in this matter. Don't be too hard on yourself, Judge. Admitting your mistakes is the first step. Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
A report by Kevin Poulsen for The Daily Beast shows, once again, that those suggesting Ed Snowden should have used the proper channels to voice his concerns about domestic surveillance are either ignorant or deliberately obtuse. Just prior to the Snowden leaks, President Obama enacted Presidential Policy Directive 19, which was supposed to prevent retaliation for whistleblowing. It was issued in 2012 and went into force just months before Snowden left the NSA with a trove of documents. However, it did not protect contractors like Snowden. Those protections were added by Congress years later. Not that it really matters. It has been well established those protections are mostly worthless. Over the past year, there's been a concerted effort to oust Dan Meyer -- the person Intelligence Community whistleblowers are supposed to take their complaints to. Meyer filed his own whistleblowing complaint against the Defense Department, claiming IC officials retaliated against him for exposing waste and misuse of funds. Those gunning for top-level positions in Trump's Intelligence Community have histories of retaliatory behavior against whistleblowers, which would further cement the reputation of the "official channels" as a good way to jettison your career. According to The Daily Beast, the problem is larger than previously thought. The implementation of PPD-19 hasn't changed anything. Whistleblowers are still facing retaliation or being ignored completely. The investigators looked into 190 cases of alleged reprisal in six agencies, and uncovered a shocking pattern. In only one case out of the 190 did the agencies find in favor of the whistleblower—and that case took 742 days to complete. Other cases remained open longer. One complaint from 2010 was still waiting for a ruling. But the framework was remarkably consistent: Over and over and over again, intelligence inspectors ruled that the agency was in the right, and the whistleblowers were almost always wrong. This damning report has never been presented to intelligence oversight nor to the general public. It was buried by the new head of the IC Inspector General's office. The report was near completion following a six-month-long inspection run out of the Intelligence Community Inspector General office. It was aborted in April by the new acting head of the office, Wayne Stone, following the discovery that one of the inspectors was himself a whistleblower in the middle of a federal lawsuit against the CIA, according to former IC IG officials. Stone also sequestered the mountain of documents and data produced in the inspection, the product of three staff-years of work. The incident was never publicly disclosed by the office, and escaped mention in the unclassified version of the IC IG’s semiannual report to Congress. In essence, the IC has no independent oversight. That's not going to prevent whistleblowers from losing their jobs or security clearances. If the oversight is burying reports and withholding findings from its Congressional oversight, then there's really no reason whistleblowers should stick to the proper channels. If the IC wanted to shut down leaks, this was completely the wrong way to handle it. If careers are on the line, IC employees may as well take their complaints to the press, where they'll get heard, rather than to their supervisors or the Inspector General's office. The numbers quoted in the Daily Beast's report show there's scant chance the Inspector General's office will be of any help to whistleblowers. Even if whistleblowers aren't suffering direct retaliation, the office's ability to "wait it out" prevents whistleblowers from escalating complaints further than the office uninterested in investigating complaints. To move forward, there must be some form of ruling or determination from the Inspector General. Without it, complainants have almost zero chance to seek other remedies, including suing agency officials for workplace retaliation. The burial of this report by the Inspector General shows the official channels have suffered a perverse form of regulatory capture. The IG is no longer independent. It's owned and operated by the Intelligence Community, highly-deferential to officials who have nothing to gain if whistleblower complaints are sustained. It was arguably worse when Snowden left for Hong Kong. The bad news is it hasn't gotten any better over the last five years. Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
Techdirt has been following the ridiculous proposal to extend EU copyright even further to include tiny snippets from articles for years now. The idea has already been tried twice in the European Union, and failed dismally on both occasions. In Spain, a study showed the move there caused serious economic damage, especially to smaller companies; German publishers tacitly admitted the law was pointless when they granted Google a free license to use snippets from their titles. More recently, the European Commission's own research confirmed that far from harming publishers, news aggregators have a positive impact on the industry's advertising revenue. Despite the clear indications that a snippet tax is a terrible idea, some want to go even further, and make it apply to hyperlinks too. Writing in the French newspaper Le Monde back in December, large news agencies including Germany's DPA and France's AFP complained that sites: offer internet users the work done by others, the news media, by freely publishing hypertext links to their stories. […] Solutions must be found. […] We strongly urge our governments, the European parliament and the commission to proceed with this directive. Now EU publishers have weighed in on the snippet tax, formally known as Article 11 of the proposed Copyright Directive. Their latest position paper, embedded below, makes a confession: We acknowledge that concerns have been raised that Article 11 as proposed by the Commission may have a negative effect on the legitimate personal non-commercial use of excerpts from press publications by a natural person by way of hyperlinking or sharing. But there's no reason to worry, they say, for the following reason: However, we would like to emphasize that it is in publishers' interest to make their products available as widely as possible, on as many platforms as possible and this is why publishers themselves encourage their readers to share articles and news on social media for free. In other words: trust us, we won't misuse a new right to forbid anyone from sharing even tiny snippets. Except, of course, copyright holders have repeatedly abused their intellectual monopoly to censor material, in precisely this way. EU publishers want this new right to block snippets to apply even to single words: We therefore question the necessity of introducing in the new [EU] Presidency's compromise text, a reduction of the scope of protection granted to press publishers to acts of reproduction and making available to the public performed by "service providers" and excluding "individual words or very short extracts of text". They also want to extend the scope of the snippet ban: In our view it is essential that any commercial entity or organisation, regardless of their business model, including those currently licensed by press publishers, exclusively or collectively, continues to be within scope of protection. Typically these organisations can be aggregators, media monitoring and press clipping agencies, individual companies, or public institutions. This isn't just about making search engines pay for the privilege of using snippets of text: it would include every company, of whatever size, and every public body, however meritorious or altruistic its activities, that uses them. The new position paper is important because it makes clearer than ever before that the snippet tax is not about stopping a few big players like Google from indexing stories from publications. After all, that could be easily achieved by blocking the crawlers using the robot.txt file. Article 11 is about something much bigger. It is the latest expression of the publishing industry's apparently infinite sense of entitlement -- that it has a right to control even "individual words or very short extracts of text" used by "any commercial entity or organisation, regardless of their business model", as the document puts it. The egotism of publishers is so monstrous that they don't even care if achieving this insane level of control over the Internet goes against their own economic interests, as the evidence shows it will. Power, it seems, is more important than profits. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
The government's antipathy towards FOIA requesters is well-documented. Our last president declared his White House to be the Openest Place on Earth. This was followed by a clampdown on FOIA responses, huge increases in withheld documents, and a war on whistleblowers. The Trump Administration has made no such promises. Good thing, too, as the uncontrollable mouth running the country would make these promises impossible to keep. We're living in a halcyon era of unprecedented, if inadvertent, government transparency. Whatever multitudinous leakers won't provide, the president will hand over himself via Twitter or televised interviews. Late last year, Trump handed plaintiffs in two FOIA lawsuits a gift when he undercut an FBI Glomar response ("neither confirm nor deny") by confirming FBI investigations (and FISA court involvement) in domestic surveillance. Trump has done it again, thanks to approving the release of the Nunes memo. Again, FOIA requesters seeking information about FBI domestic surveillance have been handed a gift by the Commander in Chief, as Politico reports. During a hearing on a bid by BuzzFeed to get more information about how a so-called dossier compiled by a former British spy was handled, U.S. District Court Judge Amit Mehta grew frustrated with a Justice Department lawyer who argued that Trump’s declassification order did not alter the contours of the legal dispute. Mehta said the government would normally be entitled to deference in asserting the need to keep its investigative work under wraps, but perhaps no longer with respect to the dossier. “This isn’t the ordinary case,” Mehta told a Justice Department lawyer, Anjali Motgi. “I don’t know of any time the president has declassified the fact of a counterintelligence investigation. That’s going to be a hard sell given what the president has done. … This is a new frontier and it has an impact.” The DOJ tried to argue that Trump's declassification of the memo wasn't an endorsement of its contents. The judge found this assertion literally incredible, saying she found it impossible to believe the DOJ and the White House disagreed about the factual basis of the released memo. If the DOJ can't find a way to push this argument past the judge, Buzzfeed will likely gain access to documents it might need to defend itself from a libel lawsuit brought by someone mentioned in the Steele dossier. If nothing else, the declassification of the memo shows there's substantial public interest in the contents of the dossier, which would buttress Buzzfeed's claims that publishing it (without verifying the contents first) was "fair reporting" on government activities. The DOJ, however, continues to insist the sought documents, even if released, change nothing for Buzzfeed. But to make this argument it has to sell its first argument -- that the facts disclosed by the Nunes memo are not actually facts. The DOJ will get to make this argument in person, behind closed doors with the judge, where it will argue that releasing documents to Buzzfeed would harm its ongoing investigation. On top of this turn of events, the Nunes memo's release has also forced the DOJ to change its opacity stance in other FOIA lawsuits. In one of those FOIA cases on Wednesday, government lawyers notified the court that the president’s declassification actions forced them to withdraw a refuse-to-confirm-or-deny response issued on requests that USA Today reporter Brad Heath and the pro-transparency James Madison Project made for surveillance warrants on Trump associates. The DOJ may end up having to release documents it doesn't want to release, thanks to the president and legislators aligned with Nunes. All it can do right now is buy time. And it will be an indefinite amount of time, apparently. “Given recent events, and the possibility of additional declassifications by the president,” the lawyers wrote, “the government is unable at this time to propose a timetable to conduct this review.” The Forever War on Transparency continues, but it's being frustrated by self-serving acts of openness by the White House. I guess we're the beneficiaries of accidental largesse, although it may be outweighed by other damaging White House acts and policies. However, someone writing about issues like these should never wish to live in uninteresting times, so the remainder of the Trump presidency should provide plenty of transparency yin/yang moments like these, where the government's natural affinity for opacity is undone by the Commander in Chief's proclivity for outing company secrets whenever it seems it might serve his singular narrative. Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
Pay what you want to for the Absolute Python Bundle. If you beat the average price, you get all 5 courses. You'll learn the basics of how to code with Python by exploring tuples, dictionaries, decision statements, and more. Other courses cover TensorFlow and Selenium WebDriver. With over 57 hours of content and hands-on exercises, you'll master Python in no time. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team. Permalink | Comments | Email This Story

Read More...