posted 4 days ago on techdirt
Russia's war on encryption and privacy has reached an entirely new level of ridiculous. We've noted for a while how Putin's government has been escalating its war on encrypted services and VPNs in the misguided hope of keeping citizens from dodging government surveillance. But things escalated dramatically when the Russian government demanded that encrypted messaging app Telegram hand over its encryption keys to the FSB. After Telegram refused, a Russian court banned the app entirely last Friday, and the Russian government began trying to actually implement it this week. It's not going particularly well. Telegram tried to mitigate the ban by moving some of its essential infrastructure to third-party cloud services. But Russian telecom regulator Roskomnadzor responded by blocking upwards of 16 million IP addresses, many belonging to Amazon Web Services and Google Cloud. Not too surprisingly, the heavy-handed maneuver resulted in connectivity problems across massive swaths of the Russian internet: Telegram started using Amazon's AWS to bypass Russian censorship. Now, if you were @roscomnadzor (highly unlikely because nobody's as dumb as these doorknobs), what would you do? Certainly not block 655352 IP addresses belonging to Amazon, right? That would be so stupid... oh pic.twitter.com/AxEHfRUGnU — Manual (@CatVsHumanity) April 16, 2018 Some users say the ban has disrupted the functionality of unrelated online games and services: Our officials are blocking Amazon IPs, hoping to block Telegram.And they hit other unrelated services as well. There are reports that GuildWars2 and Trello are unavailable, for example — Omni H. Sable (@OmniSable) April 17, 2018 And even credit card terminals: Telegram is routing traffic through Amazon and Google cloud services, which is forcing Russia's telecom regulator to block hundreds of thousands of IPs. People are reporting that some credit card terminals are not working as a result. https://t.co/7CO2roBJhJ — Yasha Levine (@yashalevine) April 16, 2018 While the Russian government has been portrayed as a technological and hacking mastermind in the wake of its escalating global disinformation and hacking campaign, there's nothing at all competent about this effort. The Russian government is demanding that both Apple and Google pull encrypted messaging apps from their app stores. They've also tried to pressure sideloading websites like APK Mirror into refusing to offer alternative access to the Telegram app. But it's just another game of Whac-a-Mole, with VPN provider NordVPN saying it saw a 150% spike in Russian usage in the wake of the ban. The Russian government is claiming that its ham-fisted blockade has resulted in a 30% dip in Telegram usage. But Telegram founder Pavel Durov has downplayed the ban's impact on overall "user engagement": "For the last 24 hours Telegram has been under a ban by internet providers in Russia. The reason is our refusal to provide encryption keys to Russian security agencies. For us, this was an easy decision. We promised our users 100% privacy and would rather cease to exist than violate this promise. "Despite the ban, we haven’t seen a significant drop in user engagement so far, since Russians tend to bypass the ban with VPNs and proxies. We also have been relying on third-party cloud services to remain partly available for our users there." Russian state media meanwhile continues to demonize Telegram as a haven for villains, and is directing users to alternatives like TamTam with alleged ties to the Russian government. All told, it's another wonderful illustration of how filtering the internet doesn't work (unless collateral damage and annoyance is your stated goal), and a war on fundamental security and privacy tools only makes everybody less secure. This is not a battle Russia can "win," but it's apparently too far down the rabbit hole of bad ideas to stop now. Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
Germany's ridiculous hate speech law continues to wreak havoc in the stupidest ways possible. Giving social media companies 24 hours to remove poorly-defined "offensive" content has resulted in proactive removals targeting anything marginally questionable. Official complaints aren't much better. Government demands for removal have been no less idiotic than proactive deletions by Facebook and Twitter. It's a bad law. The only way bad laws can be followed is badly. Facebook is dealing with something new, thanks to its adherence to its own content policies. It's an argument over deleted content, but the push/pull tension has been reversed. A Berlin court has ordered Facebook not to block a user and not to delete a comment made by that user, even though it breached the social network's community standards. This order follows a legal complaint by Facebook user "Gabor B." The court will still allow Facebook to argue in its defense, but it wants the content reinstated while this is sorted out. Facebook, following its internal content rules, decided Gabor B's insults weren't the sort of content it was willing to host. "The Germans are becoming ever more stupid," Gabor B's comment, posted in January, read. "No wonder, since they are every day littered with fake news from the left-wing Systemmedien about 'skilled workers', declining unemployment rates or Trump." Systemmedien can be inelegantly translated as 'system media'. The phrase carries echoes of the term Systempresse, or 'system press', that was used by the Nazis before they came to power. Gabor B had his post deleted and his account suspended. He took his complaint to the German court which now wants Facebook to violate its own policies to restore Gabor B to his rightful position of truth-to-power-speaker or whatever. This isn't what's expected from the German government, which has spent much of its time trying to find new ways to limit free expression by Germans. But there is internal consistency, even if it's not readily apparent. The German government feels its laws trump Facebook's policies. This applies even when Facebook's content policies are more restrictive than German law. That's why it demands takedowns of posts violating its speech laws (but not Facebook policy) and demands the restoration of posts violating Facebook policies (but not German law). Unfortunately, applying German speech laws consistently is almost as terrible as applying them inconsistently. In both cases, Facebook moderation policies no longer matter. The only way out of this mess is to handle this with logic. If a German Facebook user has violated a German law, the German government can go after the user, not the platform hosting the content. Instead, the law holds Facebook responsible for users' posts -- to the tune of €50m a violation. The law prompts overzealous deletion and the courts seem willing to punish Facebook for trying to remain in compliance. Facebook's more stringent moderation standards are a natural response to multiple governments with different free speech ideals all pushing their own agendas. Punish the wrongdoers, not the intermediaries, and you won't have these problems. Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
Whatever the actual numbers, it seems like some hefty percentage of technology news revolves around leaks of one kind or another. Whether it concerns government, corporate, or legal proceedings information leaking to the public, it happens enough that at this point the operating posture of any organization should probably be to expect leaks, rather than flailing at modernity and trying to stop them. Hell, if the White House can't keep what seems like literally anything under wraps, what hope does the average business have? Apple, of course, is not an average company. And, yet, when the company put out an internal memo warning its employees not to do the leaking, that memo almost immediately leaked to the press. On Friday, Bloomberg News published what it described as an "internal blog" post in full. The memo warned that Apple "employees, contractors, or suppliers—do get caught, and they’re getting caught faster than ever." The post also reportedly noted that, "in some cases," leakers "face jail time and massive fines for network intrusion and theft of trade secrets both classified as federal crimes," adding that, in 2017, "Apple caught 29 leakers, and of those, 12 were arrested." Memos like this set off a delightfully oppressive mood within the organizations that send them. Part of the reason for that is that the practice of leaking is so widespread so as to make the selective persecution of any leaker seem callous and unfair. Add to that the simple fact that well-timed strategic leaks are practically marketing SOP in many larger organizations and this seems doubly so. And, finally, I cannot be the only one struck by how low Apple's catch-rate feels within the memo itself. 29 leakers caught in a year? That has to be some unimpressive fraction of the actual leakers that exist. Anyone who might want to argue the points above needs to make that argument in the context of a reality in which this scare-memo itself leaked to the press. That this occurred only buttresses the argument that battling all leaks all the time is a losing battle. And if that's the case, then the selective enforcement of anti-leaking policies will only come off as both confusing and capricious. Not to mention a giant waste of time and money, compared with incentivizing employees to leak only when its beneficial to the company. Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
With site-blocking now fully en vogue in much of the world as the preferred draconian solution to copyright infringement, one point we've made over and over again is that even this extreme measure has no hope of fully satisfying the entertainment industries. Once thought something of a nuclear option, the full censorship of websites will now serve as a mere stepping stone to the censorship of all kinds of other platforms that might sometimes be used for piracy. It was always going to be this way, from the very moment that world governments creaked open this door. And it appears it isn't taking long for the entertainment industries to want to take that next step, either. As the debate about Kodi addons rages, and as governments begin to clamp down on the platform at the request of the entertainment industry, several industry players at an IP forum event in Russia have started announcing plans to push for app-blocking as the next step. Over in Russia, a country that will happily block hundreds or millions of IP addresses if it suits them, the topic of infringing apps was raised this week. It happened during the International Strategic Forum on Intellectual Property, a gathering of 500 experts from more than 30 countries. There were strong calls for yet more tools and measures to deal with films and music being made available via ‘pirate’ apps. The forum heard that in response to widespread website blocking, people behind pirate sites have begun creating applications for mobile devices to achieve the same ends – the provision of illegal content. This, key players in the music industry say, means that the law needs to be further tightened to tackle the rising threat. “Consumption of content is now going into the mobile sector and due to this we plan to prevent mass migration of ‘pirates’ to the mobile sector,” said Leonid Agronov, general director of the National Federation of the Music Industry. Look, all of that is true. Innovation happens often at the margins when it comes to technology, after all, and the technology that powers piracy is no exception to this rule. At the same time, neither the entertainment industry nor the governments of the world have ever, even once, shown themselves to be good or fair arbiters of what tools are "pirate tools" and which are legitimate tools that sometimes are used for piracy. If given the power, both will overshoot the mark, with entertainment groups carpet-bombing their way to collateral damage just to be sure that pirates are obliterated, and governments all too often using this copyright censorship as cover to enact oppressive censorship on matters of pure politics. In other words, it's not that the entertainment industry is wrong that there is some measure of a problem to be dealt with, it's just that their censorious solution creates way more problems than it solves. Despite that, the music industry, in particular, is banging its war drum. The same concerns were echoed by Alexander Blinov, CEO of Warner Music Russia. According to TASS, the powerful industry player said that while recent revenues had been positively affected by site-blocking, it’s now time to start taking more action against apps. “I agree with all speakers that we can not stop at what has been achieved so far. The music industry has a fight against illegal content in mobile applications on the agenda,” Blinov said. This is not an arms race that the content industry has shown it is capable of winning. But while they beat these war drums for evermore censorship, the unintended consequences are strewn like bodies all around them. From Blinov's home country of Russia, the government has been laughably inept at separating pirate site from non-pirate site to the tune of a ten-fold blocking of collateral damage sites, all while the government also uses those same copyright laws to shut down political speech and reporters it doesn't like. And it is in this climate that content companies want to hand even more blocking powers to the authorities? First they came for the websites, then they came for the mobile applications? Whatever comes after that is not something to look forward to. Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
Law isn't simple, and truly learning about it takes more than a few short primers or even an in-depth guide or two — which makes it the perfect topic to explore via the medium of podcasts. This week, we've got a pair of guests who are doing exactly that: Ken White of Popehat fame, who recently launched the Make No Law podcast about First Amendment issues, and Elizabeth Joh, co-host of the What Trump Can Teach Us About Constitutional Law podcast. Instead of picking their brains about the law itself, we've got an episode all about their experience using podcasts to teach people about legal issues. Follow the Techdirt Podcast on Soundcloud, subscribe via iTunes or Google Play, or grab the RSS feed. You can also keep up with all the latest episodes right here on Techdirt. Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
For many years now, various internet companies have released Transparency Reports. The practice was started by Google years back (oddly, Google itself fails me in finding its original trasnparency report). Soon many other internet companies followed suit, and, while it took them a while, the telcos eventually joined in as well. Google's own Transparency Report site lists out a bunch of other companies that now issue such reports: We've celebrated many of these transparency reports over the years, often demonstrating the excesses of attempts to stifle and censor speech or violate users privacy, and in how these reports often create incentives for these organizations to push back against those demands. Yet, in an interesting article over at Politico, a former Google policy manager warns that the purpose of these platforms is being flipped on its head, and that they're now being used to show how much these platforms are willing to censor: Fast forward a decade and democracies are now agonizing over fake news and terrorist propaganda. Earlier this month, the European Commission published a new recommendation demanding that internet companies remove extremist and other objectionable content flagged to them in less than an hour — or face legislation forcing them to do so. The Commission also endorsed transparency reports as a way to demonstrate how they are complying with the law. Indeed, Google and other big tech companies still publish transparency reports, but they now seem to serve a different purpose: to convince authorities in Europe and elsewhere that the internet giant is serious about cracking down on illegal content. The more takedowns it can show, the better. If true, this is a pretty horrific result of something that should be a good thing: more transparency, more information sharing and more incentives to make sure that bogus attempts to stifle speech and invade people's privacy are not enabled. Part of the issue, of course, is the fact that governments have been increasingly putting pressure on internet platforms to take down speech, and blaming internet platforms for election results or policies they dislike. And the companies then feel the need to show the governments that they do take these "issues" seriously, by pointing to the content they do takedown. So, rather than alerting the public to all the stuff they don't take down, the platforms are signalling to governments (and some in the public too, frankly) that they frequently take down content. And, unfortunately, that's backfiring, as it's making politicians (and some individuals) claim that this just proves the platforms aren't censoring enough. The pace of private sector censorship is astounding — and it’s growing exponentially. The article talks about how this is leading to censorship of important and useful content, such as the case where an exploration of the dangers of Holocaust revisionism got taken down because YouTube feared that a look into it might actually violate European laws against Holocaust revisionism. And, of course, such censorship machines are regularly abused by authoritarian governments: Turkey demands that internet companies hire locals whose main task is to take calls from the government and then take down content. Russia reportedly is threatening to ban YouTube unless it takes down opposition videos. China’s Great Firewall already blocks almost all Western sites, and much domestic content. Similarly, a recent report on how Facebook's censorship of reports of ethnic cleansing in Burma are incredibly disturbing: Rohingya activists—in Burma and in Western countries—tell The Daily Beast that Facebook has been removing their posts documenting the ethnic cleansing of Rohingya people in Burma (also known as Myanmar). They said their accounts are frequently suspended or taken down. That article has many examples of the kind of content that Facebook is pulling down and notes that in Burma, people rely on Facebook much more than in some other countries: Facebook is an essential platform in Burma; since the country’s infrastructure is underdeveloped, people rely on it the way Westerners rely on email. Experts often say that in Burma, Facebook is the internet—so having your account disabled can be devastating. You can argue that there should be other systems for them to use, but the reality of the situation right now is they use Facebook, and Facebook is deleting reports of ethnic cleansing. Having democratic governments turn around and enable more and more of this in the name of stopping "bad" speech is acting to support these kinds of crackdowns. Indeed, as Europe is pushing for more and more use of platforms to censor, it's important that someone gets them to understand how these plans almost inevitably backfire. Daphne Keller at Stanford recently submitted a comment to the EU about its plan, noting just how badly demands for censorship of "illegal content" can turn around and do serious harm. Errors in platforms’ CVE content removal and police reporting will foreseeably, systematically, and unfairly burden a particular group of Internet users: those speaking Arabic, discussing Middle Eastern politics, or talking about Islam. State-mandated monitoring will, in this way, exacerbate existing inequities in notice and takedown operations. Stories of discriminatory removal impact are already all too common. In 2017, over 70 social justice organizations wrote to Facebook identifying a pattern of disparate enforcement, saying that the platform applies its rules unfairly to remove more posts from minority speakers. This pattern will likely grow worse in the face of pressures such as those proposed in the Recommendation. There are longer term implications of all of this, and plenty of reasons why we should be thinking about structuring the internet in better ways to protect against this form of censorship. But the short term reality remains, and people should be wary of calling for more platform-based censorship over "bad" content without recognizing the inevitable ways in which such policies are abused or misused to target the most vulnerable. Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
Over the weekend Trump tweeted: Attorney Client privilege is now a thing of the past. I have many (too many!) lawyers and they are probably wondering when their offices, and even homes, are going to be raided with everything, including their phones and computers, taken. All lawyers are deflated and concerned! — Donald J. Trump (@realDonaldTrump) April 15, 2018 If you can't read that it says: Attorney Client privilege is now a thing of the past. I have many (too many!) lawyers and they are probably wondering when their offices, and even homes, are going to be raided with everything, including their phones and computers, taken. All lawyers are deflated and concerned! Attorney-client privilege is indeed a serious thing. It is inherently woven into the Sixth Amendment's right to counsel. That right to counsel is a right to effective counsel. Effective counsel depends on candor by the client. That candor in turn depends on clients being confident that their communications seeking counsel will be confidential. If, however, a client has to fear the government obtaining those communications then their ability to speak openly with their lawyer will be chilled. But without that openness, their lawyers will not be able to effectively advocate for them. Thus the Sixth Amendment requires that attorney-client communications – those communications made in the furtherance of seeking legal counsel – be privileged from government (or other third party) view. The problem is, it doesn't take a raid of a home or office to undermine the privilege. Bulk surveillance invades the sphere of privacy these lawyer-client communications depend on, and, worse, it does so indiscriminately. Whether it involves shunting a copy of all of AT&T's internet traffic to the NSA, or warrantlessly obtaining everyone's Verizon Wireless phone call records, while, sure, it catches records of plenty of communications made to non-lawyers (which itself is plenty troubling), it also inherently catches revealing information about communications made to and from lawyers and their clients. Meanwhile the seizures and searches of communications devices such as cell phones and laptops raises similar Constitutional problems. Doing so gives the government access to all records of all communications stored on these devices, including those privileged ones that should have been expressly kept from it. So Trump is right: attorney-client privilege in America is under attack, and ever since we started learning about these programs lawyers have definitely been worried about how they impose an intolerable burden on the Sixth Amendment right to counsel. But unlike in Trump's situation where there is serious reason to doubt whether there's any privilege to be maintained at all (after all, privilege only applies to communications made in the course of seeking legal counsel, not communications made for other purposes, including the furtherance of crime or fraud), and care being taken to preserve what privilege there may be, bulk surveillance sweeps up all communications, including all those for which there is no doubt as to their privileged status, and without any sort of care taken to protect these sensitive communications from the prying eyes of the state. Indeed, the whole point of bulk surveillance is so that the prying eyes of the state can get to see who was saying what to whom without any prior reason to target any of these communications in particular, because with bulk surveillance there is no targeting: it swoops up everything, privileged or not. If Trump truly finds it troubling for the government to be able obtain privileged communications he could put an end to these programs. It would certainly help make any argument he raises about how his own privilege claims should be sacrosanct rings ring less hollow if his administration weren't currently being so destructive to everyone else's. Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
Keep your skills sharp and stay up to date on new developments with the $89 Virtual Training Company Unlimited Single User Subscription. With courses covering everything from MCSE certification training to animation, graphic design and page layout, you'll have unlimited access to the entire catalog. They have over 1,000 courses, add more each week, and each course comes with a certificate of completion. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team. Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
A 19-year-old Canadian is being criminally-charged for accessing a website. The Nova Scotian government's Freedom of Information portal (FOIPOP) served up documents it shouldn't have and now prosecutors are thinking about adding charges on top of the ten-year sentence the teen could already be facing. (via Databreaches.net) Journalists first spotted the problem April 5th, when the FOI portal was taken offline. The Internal Services Minister, Patricia Arab, refused to provide details about the portal's sudden unavailability. It wasn't until the following week that the press was given more information and those affected notified. Even once the government learned of the breach, it waited until Wednesday to begin notifying affected people. Arab said they held off notifying people was because police suggested it would help them in their investigation. Seems logical, except… But [Halifax Police Superintendent Jim] Perrin told reporters police did not make that request. He could not say if advising people would have compromised the investigation. The province's protocols for a privacy breach state it is supposed to inform people as soon as possible, unless otherwise instructed by law enforcement. The suspect obtained 7,000 documents from the Freedom of Information portal. Apparently around 250 of those contained unredacted personal information. Here's how the government portrayed the supposed hacking: Government officials said someone got in by "exploiting a vulnerability in the system." The person wrote a script allowing them to alter the website's URL, which then granted access to the personal information. Internal Services found more than 7,000 PDF documents had been downloaded by a "non-authorized user" in early March. They filed a complaint with police on Saturday. A script made it easier, but a script wasn't required. The URLs for FOI documents are incremental. As software engineer Evan D'Entremont points out, anyone could have done what the supposed "hacker" did. The way the documents are stored is simple. They’re available at a specific URL, which David Fraser, a Halifax-based privacy lawyer, was happy to provide: https://foipop.novascotia.ca/foia/views/_AttachmentDownload.jsp?attachmentRSN=1234 Document number 1235 is stored at https://foipop.novascotia.ca/foia/views/_AttachmentDownload.jsp?attachmentRSN=1235. Guess where document 1236 is stored? This is not a new problem. In fact, it was recognized over a decade ago as one of the top ten issues affecting web application security. All [the "hacker'] had to do is add. All this "hacker" did was automate the retrieval of published documents from the government's FOI portal. That's it. This wasn't an attempt to access personal info. That problem lies with the government, which did not properly secure documents it hadn't redacted yet. As D'Etremont points out, plenty of other government websites use the same software for document access. (Searching "inurl:attachmentRSN"will bring up a handful of government websites, including Nova Scotia's temporarily disabled FOI portal). But other sites have taken care to wall off publicly-available documents from others they're not prepared to make public by using a PublicPortal subfolder. Nova Scotia's site apparently did not, hence the teen's ability to access unredacted documents. This isn't evidence of fraudulent access or malicious hacking. This is evidence of government carelessness. The question remains, was the access fraudulent? Remember what I said about the other installations being called “PublicPortal”? And how 6750 of the 7000 records were public anyways, and how this system is literally designed for facilitating “access to information?” Looking at it further, there are no authentication mechanisms, no password protection, no access restrictions. It’s very clear that the software is intended to serve as a public repository of documents. It’s also very clear that there at least 250 documents improperly stored there by the province. Documents that the province had a responsibility to protect, and failed. This wasn't a criminal act. This was simply efficient harvesting of publicly-available documents. If some documents weren't supposed to be publicly-available, the blame lies with the government for failing to secure them. The fact that the government decided to get police involved gives this the ugly appearance of scapegoating. This is an embarrassed government body trying to turn its mistake into the malicious works of teen hacker. It would be very surprising to see these charges stick. The URLs -- and the documents they held -- were publicly-accessible. But if they do stick -- and the Halifax PD has stated it may add more charges -- it will be due to the Nova Scotia government's unwillingness to take responsibility for its own carelessness. Permalink | Comments | Email This Story

Read More...
posted 5 days ago on techdirt
As we've noted previously, Comcast has enjoyed a little more resilience to the cord cutting threat than satellite TV and telco TV providers--thanks to its growing monopoly over broadband. As DSL users frustrated by lagging telco upgrades switch to cable to get faster speeds, they're often forced to sign up for cable and TV bundles they may not want (since standalone broadband is often priced prohibitively by intent). Of course that doesn't mean these users or stick around (or that they even actively use the cable subscription they pay for), but it has helped Comcast all the same. There are some indications that advantage isn't helping as much now that we're seeing so many streaming services come to market. At least one Wall Street research firm predicts that Comcast's cord cutting defections will double this year, though those totals still remain modest (400,000) compared to the company's total number of pay TV (22.4 million) and broadband (25.5 million) subscribers. In the hopes of slowing the slow but study climb in cable TV defections, Comcast has announced that it will soon begin bundling Netflix subscriptions with its existing services, in what it claims is a quest to provide "more choice, value and flexibility": "Netflix offers one of the most popular on demand services and is an important supplement to the content offering and value proposition of the X1 platform,” said Sam Schwartz, Chief Business Development Officer, Comcast Cable. “Netflix is a great partner, and we are excited to offer its services to our customers in new ways that provide them with more choice, value and flexibility. The seamless integration of Netflix with the vast Xfinity entertainment library on X1 present a unique and comprehensive experience for customers." There's no indication yet whether Comcast will sell Netflix at any kind of discount. Still, the move isn't likely to help Comcast stop what's become an obvious example of market evolution. Customers looking for actual "choice, value and flexibility" pretty consistently find that's not something they get from traditional cable, thanks in part to Comcast's relentless rate hikes and hidden fees. Since most of these customers are ditching cable due to having to pay $130 or more per month, even a discounted subscription to Netflix isn't likely to help. Of course Comcast still has an ace up its sleeve: usage caps and overage fees. The company's slow and steady deployment of these arbitrary, unnecessary and punitive limits will allow Comcast to (ab)use a lack of broadband competition to not only counter reduced TV revenues by jacking up the price of broadband, but to punish customers who choose to wander outside of Comcast's walled gardens. After all, Comcast's own streaming services don't count against the company's caps, while Netflix's service does. And should Comcast and the FCC survive legal challenges to the net neutrality repeal, there's not much to stop Comcast from using a lack of adult oversight on this front to brutal, anti-competitive advantage. Permalink | Comments | Email This Story

Read More...
posted 5 days ago on techdirt
The UK High Court has handed down a win (and a loss) in the Right to be Forgotten column. Two plaintiffs seeking delisting of information about their past criminal exploits had their cases considered by the court. Only one of them is walking away with a court order for delisting. The other one will apparently have to live with his past. The claimant who lost, referred to only as NT1 for legal reasons, was convicted of conspiracy to account falsely in the late 1990s; the claimant who won, known as NT2, was convicted more than 10 years ago of conspiracy to intercept communications. NT1 was jailed for four years, while NT2 was jailed for six months. Granting an appeal in the case of NT1, the judge added: "It is quite likely that there will be more claims of this kind, and the fact that NT2 has succeeded is likely to reinforce that." Google disputed both of these claims when they were filed, prompting the legal challenges. While the court admits there's a public interest in both cases, only one of the two claimants apparently deserves to have his history wiped clean. NT2 was more of a model citizen and convicted on lesser charges, so that's where the line is being (vaguely) drawn in enforcing the European Union's Right To Be Forgotten. The summary [PDF] of the decision quickly details the merits of NT2's case. The crime and punishment information has become out of date, irrelevant and of no sufficient legitimate interest to users of Google Search to justify its continued availability, so that an appropriate delisting order should be made. The conviction was always going to become spent, and it did so in March 2014, though it would have done so in July of that year anyway. NT2 has frankly acknowledged his guilt, and expressed genuine remorse. There is no evidence of any risk of repetition. His current business activities are in a field quite different from that in which he was operating at the time. His past offending is of little if any relevance to anybody’s assessment of his suitability to engage in relevant business activity now, or in the future. There is no real need for anybody to be warned about that activity. In comparison, NT1 has apparently learned nothing from his brush with the justice system, and headed right back into the professional field where he committed his original crimes. NT1 did not enjoy any reasonable expectation of privacy in respect of the information at the time of his prosecution, conviction and sentence. My conclusion is that he is not entitled to have it delisted now. It has not been shown to be inaccurate in any material way. It relates to his business life, not his personal life. It is sensitive information, and he has identified some legitimate grounds for delisting it. But he has failed to produce any compelling evidence in support of those grounds. Much of the harm complained of is business-related, and some of it pre-dates the time when he can legitimately complain of Google’s processing of the information. His Article 8 private life rights are now engaged, but do not attract any great weight. The information originally appeared in the context of crime and court reporting in the national media, which was a natural and foreseeable result of the claimant’s own criminal behaviour. NT1's sentence has also been served, but the court -- while nodding its head toward fresh starts after repaying debts to society -- determines NT1 only paid his debt begrudgingly and benefited from an interim law change that saw him released ahead of schedule. The information is historic, and the domestic law of rehabilitation is engaged. But that is only so at the margins. The sentence on this claimant was of such a length that at the time he had no reasonable expectation that his conviction would ever be spent. The law has changed, but if the sentence had been any longer, the conviction would still not be spent. It would have been longer but for personal mitigation that has no bearing on culpability. His business career since leaving prison made the information relevant in the past to the assessment of his honesty by members of the public. The information retains sufficient relevance today. He has not accepted his guilt, has misled the public and this Court, and shows no remorse over any of these matters. He remains in business, and the information serves the purpose of minimising the risk that he will continue to mislead, as he has in the past. It's a bit of an inconsistent decision, but probably about as much as can be expected from a European ruling that says certain people can erase their pasts while others are doomed to repeatedly be disappointed with their vanity search results. At least this ruling shows challenged requests are being examined on a case-by-case basis weighing as much relevant information as possible. This is what Google is attempting to do as well, even though it has less outside info to work with and more than a half-million requests per year to work through. That Google appears to be operating in good faith despite its obvious opposition to the new "right" likely explains the court's refusal to award damages to the prevailing party. The recently-established right is still problematic and prone to abuse. But this decision shows the courts aren't viewing search engines as towering, villainous money machines hellbent on ruining lives through algorithmic indexing. Instead, this court appears to be willing to engage all sides of the issue when addressing claimants' complaints about troublesome search results. Permalink | Comments | Email This Story

Read More...
posted 5 days ago on techdirt
Last October, Techdirt wrote about an important decision by the Irish High Court in a case concerning data transfers from the EU to the US. The original complaint was brought by Max Schrems in the wake of revelations by Edward Snowden back in 2013 that the NSA had routine access to user information held by companies like Facebook. As the post explained, the judge found that there were important legal issues that could only be answered by the EU's highest court, the Court of Justice of the European Union (CJEU). The High Court said that it intended to refer various questions to the CJEU, but has done so only now, as Schrems explains in an update on the case (pdf). He points out that the eleven questions sent to the CJEU (found at the end of the document embedded below) go further than considering general questions of law: While I was of the view that the Irish Data Protection Authority could have decided over this case itself, but I welcome that the issue will hopefully be dealt with once and forever by the Court of Justice. What is remarkable, is that the High Court also included questions on the 'Privacy Shield', which has the potential for a full review of all EU-US data transfer instruments in this case. That more or less guarantees that the CJEU will rule definitively on whether the Privacy Shield framework for transferring EU personal data to the US is legal under EU data protection law. And as Mike noted in his October post, it is hard to see the CJEU approving Privacy Shield, which does little to address the court's earlier criticisms of the preceding US-EU agreement, the Safe Harbor framework, which the same court struck down in 2015. That would be a serious problem for companies like Facebook and Google whose data is routinely accessed by the NSA. As Schrems suggests: In the long run the only reasonable solution is to cut back on mass surveillance laws. If there is no such political solution between the EU and the US, Facebook would have to split global and US services in two systems and keep European data outside of reach for US authorities, or face billions in penalties under the upcoming EU data protection regulation. In theory, a ruling that Facebook has broken EU privacy laws by allowing the NSA to access the personal data of EU citizens would not necessarily be an issue for other companies not involved in these surveillance programs. However, there is a cloud on the horizon even for them. As Schrems explains, data transfers from the EU to the US typically use contract law in the form of "Standard Contractual Clauses" (SCCs) to lay down the legal framework. Schrems says he is fine with that approach, because the Irish Data Protection Commissioner (DPC) can use an "emergency clause", built in to SCCs, to halt dodgy data sharing in cases like Facebook. However: The Irish Data Protection Commissioner took the view that there is a larger, systematic issue concerning SCCs. The DPC took the view, that as the validity of the SCCs is at stake the case should therefore be referred to the CJEU. The danger with this decision to ask the CJEU to examine the validity of SCCs is that if it rules against them, it would affect every company using them, whether or not they were involved in NSA surveillance. Schrems has a theory as to why the DPC has taken this risky route: I am of the view the Standard Contractual Clauses are perfectly valid, as they would allow the DPC to do its job and suspend individual problematic data flows, such as Facebook's. It is still unclear to me why the DPC is taking the extreme position that the SCCs should be invalidated across the board, when a targeted solution is available. The only explanation that I have is that that they want to shift the responsibility back to Luxembourg [where the CJEU sits] instead of deciding themselves. Given the massive knock-on effects that the ruling could have on digital flows across the Atlantic, including political consequences, the desire for the Irish DPC to give that responsibility to someone else is plausible. The CJEU is unlikely to feel intimidated in the same way, which means that US companies must now worry about the prospect of SCCs being struck down along with Privacy Shield. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 5 days ago on techdirt
In 2015, with much fanfare, the MPAA released its own search engine of sorts as WhereToWatch.com. The idea behind the site was to combat the argument that people pirate films because there are too few legal alternatives. The MPAA built the site to show where those legal alternatives do in fact exist. Left unaddressed, of course, were questions about how useful and convenient those alternatives were, how users had to navigate through a myriad of restrictive policies for those legal alternatives, and how terrible Hollywood must be in promoting its legal alternatives if the only thing needed to stop all this piracy was an MPAA search engine. On top of that, WhereToWatch served as something of an excuse for many draconian polices the MPAA was pushing for all along. By being able to point to the search engine as "proof" that all kinds of legal alternatives to piracy were readily available, the MPAA argued that policies such as "notice and staydown" as well as site-blocking were legitimate pursuits. Somewhat predictably and with a heaving helping of irony, WhereToWatch received multiple DMCA takedown notices for its search results, demonstrating how perilous DMCA takedowns have become. And now comes the news that the MPAA actually shuttered the site months ago. The MPAA pulled the plug on the service a few months ago. And where the mainstream media covered its launch in detail, the shutdown received zero mentions. So why did the site fold? According to MPAA Vice President of Corporate Communications, Chris Ortman, it was no longer needed as there are many similar search engines out there. “Given the many search options commercially available today, which can be found on the MPAA website, WheretoWatch.com was discontinued at the conclusion of 2017,” Ortman informs TF. “There are more than 140 lawful online platforms in the United States for accessing film and television content, and more than 460 around the world,” he adds. That is all absolutely true today, though it was also true three years ago when the site was launched. The simple fact of the matter is that the site did little to serve any real public customer base. Yes, legal alternatives to piracy exist. Everyone knows that, just as they know that there are far too many hoops and restrictions around which to jump that have nothing to do with price. The MPAA and its client organizations have long asserted strict control over their product to the contrary of public demand. That is, and has always been, the problem. On top of all that, the MPAA showed its no better at promoting its site than it was at promoting the legal alternatives to pirating movies. Perhaps the lack of interest from the U.S. public played a role as well. The site never really took off and according to traffic estimates from SimilarWeb and Alexa, most of the visitors came from Iran, where the site was unusable due to a geo-block. Look, the basis for this effort was a good one: promote legit movie-watching to customers currently pirating. That's laudable. But Hollywood is in the business of convincing the public to do so every bit as much as the public is obligated to buy Hollywood's products. It's not enough to build a search engine to the current unwanted offerings and call it a day. You have to actully innovate. Permalink | Comments | Email This Story

Read More...
posted 5 days ago on techdirt
For years we've documented how the internet of broken things industry and evangelists have contributed to a global privacy and security shitshow. The rush to connect everything from tea kettles to Barbie dolls to the internet without including even basic privacy or security standards has resulted in a massive security problem few seem interested in actually fixing. As a result we're not only less secure and more at risk for privacy violations, but these devices are now routinely contributing to some of the most devastating DDoS attacks history has ever seen. A year or so ago Bruce Schneier penned what was probably the best explanation of why nothing in the IOT chain of dysfunction seems to improve: "The market can't fix this because neither the buyer nor the seller cares. Think of all the CCTV cameras and DVRs used in the attack against Brian Krebs. The owners of those devices don't care. Their devices were cheap to buy, they still work, and they don't even know Brian. The sellers of those devices don't care: they're now selling newer and better models, and the original buyers only cared about price and features. There is no market solution because the insecurity is what economists call an externality: it's an effect of the purchasing decision that affects other people. Think of it kind of like invisible pollution." Instead of fixing their products, vendors simply move on to marketing the next best thing. And consumers continue to gobble them up, creating millions of millions of new attack vectors into homes and businesses around the world annually. Obviously this "invisible pollution" continues to have a very real and visible impact. Case in point: Nicole Eagan, the CEO of cybersecurity firm Darktrace, says hackers are increasingly targeting unprotected IOT devices including air conditioners, toys, and surveillance cameras to get into corporate networks. She noted how one bank that decided to skimp on security cameras actually wound up being hacked after those cameras were quickly compromised by attackers. Speaking at the WSJ CEO Council Conference, she also shared an anecdote about how one big casino client had their customers' financial histories stolen thanks to an internet-of-broken things aquarium thermostat: "Eagan gave one memorable anecdote about a case Darktrace worked on in which a casino was hacked via a thermometer in an aquarium in the lobby. The attackers used that to get a foothold in the network," she said. "They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud." It's understandable that people are wary of regulating this sector lest it stifle innovation or create unforeseen, additional problems. But it's pretty clear we're going to need a massive collaboration between the public, companies, and government if we want to avoid some potentially calamitous and fatal outcomes (especially if and when essential infrastructure is targeted). That's why what the open source IOT security and privacy standards organizations like Consumer Reports have been cooking up desperately need all the public and private sector support they can get. Permalink | Comments | Email This Story

Read More...
posted 5 days ago on techdirt
An at-home dental appliance company has a problem with the website Lifehacker. It's the sort of problem it thinks can only be solved by filing a baseless defamation suit. SmileDirectClub -- maker of DIY teeth-straightening equipment -- is taking the site to court for an article originally titled "You Could Fuck Up Your Mouth With SmileDirectClub." The title has since been changed to suggest any "at-home orthodontics" could fuck up your mouth, but the wording of the article remains unchanged. The gist of the article is that straightening teeth requires direct oversight by qualified professionals -- something that seems unlikely to happen with at-home orthodontics. The author of post -- citing dental professionals and a few online forums -- notes that without proper, direct care, in-home dental appliances actually can cause worse alignment or result in the loss of teeth. I’m halfway through an unusually long two-year program of Invisalign, the most popular brand of aligner. (The company behind Invisalign also makes SmileDirectClub’s aligners.) Every ten weeks I see my orthodontist for a checkup, new aligners, and advice. On a recent visit, I admitted that I’d started leaving my aligners out for longer periods (at parties or picnics), and was making up for it by leaving them in an extra day each. My orthodontist gently explained that while my aligners are still pushing my teeth into place, my teeth want to shift back, and they’ll take every opportunity to do so. In effect, I’ve been very slowly wiggling my teeth. And wiggling teeth makes them fall out. I no longer leave my aligners out for long periods. So, given the average human's desire to take shortcuts or do whatever's most comfortable, rather than what's most necessary, at-home dental work, although cheaper, could cause serious problems down the road. Hence the need for professional care, rather than made-to-order appliances and online checkups based on photos of your mouth. SmileDirectClub is pissed off. Never litigate angry. It only makes your arguments stupider. The complaint [PDF] opens with claims of things that never happened before devolving into general complaints about internet business models and website lineage. (h/t First Amendment warrior/lawyer Daniel Horwitz) On April 6, 2018, Gizmodo through its weblog called Lifehacker, which is located at www.lifehacker.com, published an article written by Douglas entitled “You Could Fuck Up Your Mouth With SmileDirectClub” (the “Untruthful Article”). Through this outrageous, misleading and vulgar title, Gizmodo intended to lure the 24 million readers of Lifehacker to an article filled with unsubstantiated false statements and innuendo that attacks Plaintiff’s products and services. Although Douglas readily admits in the Untruthful Article that he never used or even tried Plaintiff’s products and services, he proceeds with a hatchet job based upon a comparison to a failed company that is not comparable for purposes of his statements; citation to a message board that does not support his statements; and conclusions that Plaintiff’s products and services are “bad” and “cheap.” Actually, the article doesn't make either of those claims. It merely suggests using an at-home version will possibly result in tooth problems. Obviously that’s because I’m lucky enough to afford the more expensive option. If you can’t, it can be very hard to hear that your only available option is a bad one. And maybe you’ll end up just fine with the cheap version—by all appearances, thousands of people have. But if you go remote, please be careful. Research as much as you can, and follow the instructions carefully. Don’t wiggle your teeth until they fall out. Even with the original title, the article is not defamatory. The key word in the headline is "could." On top of that, the assertions made are supported by statements from dental professionals and users of these at-home products. The headline change shifts the focus from SmileDirectClub, but does not change anything about the assertions and opinions that compose the body of the post. From that terrible start, the lawsuit goes off the rails. Apparently, SmileDirectClub believes "clickbait" and "part of the Gawker network" are pretty much all that's needed to successfully state defamation claims. Even when confronted with the falsity of their article and admitting that one of the citations does not support the statements in the article, Defendants refuse to remove the Untruthful Article. They refuse to do so because it is how they make their money. Douglas and Gizmodo made such statements and used the outrageous “You Could Fuck Up Your Mouth With SmileDirectClub” title to bait consumers into viewing the article so that they could obtain revenues from banner advertising. This continues a pattern over a decade of defamatory shock-style “journalism” by Gawker Media and its progeny (such as Lifehacker), whose weblogs were bought out of bankruptcy and now are held by Gizmodo. Douglas, as a former reporter for Gawker, also has ties to the now defunct Gawker Media. Defendants willfully, intentionally, and maliciously created a false story to drive “clicks.” There's more later in the lawsuit, where -- for no apparent reason -- SmileDirectClub decides to regale the court with tales of Gawker's fall from grace at the hand of Peter Thiel-backed lawyers who had every intention of destroying the company, rather than simply seeking to have a grievance redressed. SmileDirectClub also apparently believes -- incorrectly -- that statements of opinion must come with a disclaimer clearly designating them as opinions. The Untruthful Article does not contain a disclaimer that it constitutes opinion only or that the statements therein do not reflect the views of Gizmodo or Lifehacker. And it deliberately misreads the paragraph quoted above to portray it as an unsubstantiated statement of fact. Finally, Douglas makes the unsubstantiated statement that, if one cannot afford a traditional orthodontist, SmileDirectClub is a “bad” option. He further refers to SmileDirectClub’s products as “cheap” in connection with his allegation that the products are “bad.” Douglas’s conclusion is not based on any factual evidence and is unsupportable. It's his opinion about at-home products based on his personal experience and the not-unreasonable assumption that many people won't take the best care of their own teeth if the only person overseeing them is a Skyped-in dental professional viewing a tooth-filled selfie. And it's followed by statements the lawsuit chooses to omit, which says many people have had success straightening their teeth using in-home products like those offered by SmileDirect. The other supposed damning evidence presented by SmileDirect is the site's attempt to fix the problems noted by the company. On April 8, 2018, counsel for Plaintiff emailed a letter to Gizmodo, Lifehacker, Douglas, and Kirsch in which Plaintiff demanded that Gizmodo and Douglas immediately remove the Untruthful Article. A true and correct copy of the April 8, 2018, letter is attached hereto as Exhibit 6. On April 9, 2018, counsel for Plaintiff caused the letter to be hand delivered upon Gizmodo. Gizmodo acknowledged receipt as shown in the email from Gizmodo’s General Counsel. A true and correct copy of the email is attached hereto as Exhibit 7. On April 10, 2018, counsel for Plaintiff received an email from Gizmodo in response to Plaintiff’s April 8, 2018 email and April 9, 2018 letter. A true and correct copy of the response email is attached hereto as Exhibit 8. Gizmodo asserts in its email that “Mr. Douglas meant to link to an additional discussion forum about aligners, and he will update the article to do so.” Thus, Gizmodo admits that the Untruthful Article’s link to www.bracesforum.net is misleading but refuses to take the Untruthful Article down. Gizmodo doesn't actually admit what SmileDirect says it admits. And even if the link was misleading, another link was provided and the post's title changed. None of this needed to be done. The article wasn't defamatory to begin with, even if the title was somewhat of a cheap shot in its original form. Then it's time for more of this padding, which does little more than suggest SmileDirect's legal representation thinks courts run on emotion, rather than legal interpretations of existing laws. Lifehacker, through its villainous lineage and Gawker Media parentage, continues the bad conduct of Gawker Media. At best, Lifehacker’s Untruthful Article shows a reckless indifference for the truth, which is consistent with Gizmodo’s pattern of conduct going back to its origins with Gawker Media. To sum up: "Gawker was once sued successfully for defamation. I rest my case." Perhaps the plaintiff believes the court has some v. Gawker judgment boilerplate laying around just in case any of its now-bastardized children have roused the rabble again. Speaking of competent representation, it appears SmileDirect is hoping Gizmodo, et al will be held libel for slandering without proper disclaimers or whatever. If you can't see or read the picture, the heading/subheading reads: COUNT II TRADE LIABLE/PRODUCT DISPARAGEMENT Finally, the lawsuit ends with a plea for the article to be removed and anyone associated with the site from ever reposting it in any form. You know, a little prior restraint to go along with everything else that's wrong this lawsuit. SmileDirect wants this to happen before the judge even receives a response from Gizmodo or weighs the merits of the dental company's arguments. It's a stupid lawsuit but it's still going to be a legitimate pain in the ass. Tennessee has a relatively worthless anti-SLAPP law and courts there have allowed incredibly dubious defamation lawsuits to proceed past motions to dismiss. This could be an easy win for Gizmodo or a protracted battle that gives the plaintiff's arguments far too much credit. Either way, it's something a good anti-SLAPP law would keep this from being a boon for legal representation and a drag on protected speech. Permalink | Comments | Email This Story

Read More...
posted 5 days ago on techdirt
The Trans Pacific Partnership (TPP) Agreement is deeply unpopular with Americans for a variety of reasons (some of which we'll discuss below). Because of its unpopularity, both Donald Trump and Hillary Clinton denounced the agreement during their campaign for the Presidency. Trump's denunciation seemed a lot more genuine -- he's argued against free trade and in favor of protectionism for quite a long time. Clinton's denunciation was highly suspect, as she had long been a supporter of the TPP, and many people expected that, if elected, she'd flip flop back to support the agreement. Of course, she didn't get elected... but now it's apparently, Trump who has flip flopped to now supporting TPP. President Trump, in a sharp reversal, told a gathering of farm-state lawmakers and governors on Thursday morning that the United States was looking into rejoining a multicountry trade agreement known as the Trans-Pacific Partnership, a deal he pulled out of days after assuming the presidency. Mr. Trump’s reconsideration of an agreement he once denounced as a “rape of our country” caught even his closest advisers by surprise and came as his administration faces stiff pushback from Republican lawmakers, farmers and other businesses concerned that the president’s threat of tariffs and other trade barriers will hurt them economically. We spent years explaining the many, many problems associated with TPP. While we tend to be supporters of free trade, the problem with the TPP was that it wasn't actually a free trade agreement. Yes, a few parts of it included lowering tariffs and opening borders to trade (and those parts were, for the most part, pretty good), but the bigger part of the agreement was that it was an "investment" agreement, rather than a trade agreement. And thus it included two parts that were really problematic. First, was an intellectual property section which was the exact opposite of "free trade." Rather it required higher barriers to trade, creating mercantilist barriers to information and ideas, in locking up "intellectual property" under ever more draconian terms. The second part was what we've referred to as the "corporate sovereignty" section, which is officially referred to as "Investor State Dispute Settlement" provisions or (ISDS). This is a system by which companies can effectively take governments to a private tribunal, who will determine if their regulations cut into the expected profits of the company. The original idea behind such corporate sovereignty provisions was to deal with the situations in which, say, a big company invested in an economically developing country, and that country's leadership suddenly decided to seize the factory or whatever. But, as we've seen, over the years, is that ISDS/corporate sovereignty has mainly been used as a tool for corruption. Given all of that, we were happy that one of President Trump's first moves in office was to drop out of the TPP, even as we noted that he was clearly doing so for the wrong reasons (his stated reasons being wishing for more protectionism, when it was the lowering of trade barriers that we found to be the only good parts of the TPP). With the US out of the TPP, the remaining countries picked up the ball and ran with it -- under the leadership of Canada who agreed to remove the intellectual property section. An agreement was reached earlier this year without the awful copyright and patent provisions, but with corporate sovereignty still in there. It's ironic that Canada took over the leadership role, since it was actually a late entrant into the TPP after the US bent over backwards to keep Canada out of the agreement, partly in the belief that it would push back on things like the draconian intellectual property section. So... given all of that it seems doubly ironic that Trump now apparently says he wants back in. His tweet on the subject is, as per usual, somewhat nonsensical. Would only join TPP if the deal were substantially better than the deal offered to Pres. Obama. We already have BILATERAL deals with six of the eleven nations in TPP, and are working to make a deal with the biggest of those nations, Japan, who has hit us hard on trade for years! — Donald J. Trump (@realDonaldTrump) April 13, 2018 Claiming he'd only rejoin the TPP if the deal is better than what Obama negotiated is a reasonable enough claim to make, but if that was the case... why did Trump completely drop out of the negotiations and let the other countries conclude all of the negotiations without any US influence at all? Reopening such negotiations at this point seems like a total non-starter, and even if it happened, the US would be at a distinct disadvantage, given that everyone else has already agreed to nearly everything. And, of course, there's little to suggest that the attempt to rejoin now is to get rid of things like corporate sovereignty, or to do the actual good stuff around lowering trade barriers (this is coming just weeks after Trump announced plans to put in place tariffs on certain Chinese products) and soon after the dubious claim that winning trade wars is "easy." As far as I can tell, this appears to be Trump trying to make a group of people he was talking to happy, and not really understanding the details: As he often does, the president started to change gears after hearing complaints from important constituents — in this case, Republican lawmakers who said farmers and other businesses in their states would suffer from his trade approach since they send many of their products abroad. That, of course, seems like an odd way to lead. Or to negotiate. Chances are nothing significant comes of this -- certainly not a wholescale renegotiation of the TPP. Instead, we've just got yet another political mess. Permalink | Comments | Email This Story

Read More...
posted 5 days ago on techdirt
The Avanca Minim True Wireless Earbuds redefine wireless listening with the latest technology and audio quality, allowing you to enjoy your music, stay effortlessly connected, and say goodbye to tangled cables. These little earbuds are equipped with the latest CSR Bluetooth 4.2 chipset, and are compatible with voice-activated digital assistants If you're an active music lover, you'll love these truly wireless earbuds, which are on sale for $54.99. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team. Permalink | Comments | Email This Story

Read More...
posted 5 days ago on techdirt
The Inspector General of the FBI has released a report detailing the incidents leading up to FBI Deputy Director Andrew McCabe's firing. Whether or not these were the reasons the White House chose to can him isn't confirmed, but the report [PDF] does show there was plenty of justification for his termination. According to the report, McCabe violated FBI policy multiple times during the investigation process with dishonest or misleading answers while under oath. On top of that, his unauthorized disclosure of the status of a Clinton Foundation investigation to a Wall Street Journal reporter violated department policy on media relations. The leaks appear to have been McCabe's damage control efforts. The Wall Street Journal had already published an article detailing McCabe's involvement in his wife's unsuccessful 2015 state senate campaign. During this run, McCabe's wife received $675,000 from a political action committee run by the state's governor (Terry McAuliffe) who had "long-standing ties to Bill and Hillary Clinton." Given Clinton was one of the candidates in the 2016 presidential race, suggestions were made that McCabe should recuse himself from the investigation. The FBI's official statement said McCabe's supervision of the investigation did not begin until after his wife's senate campaign was over. But the WSJ article painted a different picture: McCabe's office provided personnel and resources to the Clinton Foundation investigation while his wife was still campaigning (and receiving money from a PAC tied to a Clinton buddy). With another article two days away, the WSJ reached the FBI for comment on McCabe's involvement. At that point, McCabe apparently took a hands-on approach. The info the WSJ had contradicted McCabe's own narrative about recusing himself from the investigation. Instead, the journalist had sources stating McCabe had tried to kill the Clinton Foundation investigation. According to Special Counsel’s contemporaneous notes of the call and testimony to the OIG, she and AD/OPA learned during the first call that Barrett had sources who were adamant that McCabe gave a purported order to “stand down” on the CF Investigation before the 2016 presidential election, implying that McCabe wanted to shut down the investigation for improper reasons. McCabe -- engaging in several texts and phone calls with FBI media intermediaries -- provided the WSJ with a different narrative. The OIG report quotes the WSJ article: According to a person familiar with the probes, on Aug. 12, a senior Justice Department official called Mr. McCabe to voice his displeasure at finding that New York FBI agents were still openly pursuing the Clinton Foundation probe during the election season. Mr. McCabe said agents still had the authority to pursue the issue as long as they didn’t use overt methods requiring Justice Department approvals. The Justice Department official was “very pissed off,” according to one person close to McCabe, and pressed him to explain why the FBI was still chasing a matter the department considered dormant. . . . “Are you telling me that I need to shut down a validly predicated investigation?” Mr. McCabe asked, according to people familiar with the conversation. After a pause, the official replied “Of course not,” these people said. Following this spin attempt, McCabe then began ringing up field offices and "admonishing them for leaks." These would be the same leaks McCabe provided to the WSJ. While officials in New York and DC remember these calls from McCabe, McCabe apparently does not. From that point on, the report details several divergences between McCabe's sworn statements and those of others, like then-FBI director James Comey. McCabe, however, could not present a clear timeline of this authorization when questioned by FBI investigators. And so it goes for several pages, with McCabe's testimony being disputed by everyone else involved. Not only does Comey not recall there being any leak authorization, but that McCabe himself presented the leak to Comey as unauthorized. I have a strong impression he conveyed to me “it wasn’t me boss.” And I don’t think that was by saying those words, I think it was most likely by saying “I don’t know how this shit gets in the media or why would people talk about this kind of thing,” words that I would fairly take as “I, Andy, didn’t do it.” And I actually didn’t suspect Andy, after conversations with [my chief of staff], my worry was, was his aide [Special Counsel] doing it. McCabe's Chief of Staff also had no idea McCabe was behind the leak. In fact, the COS felt the leak did more harm than good, benefitting McCabe at the expense of the FBI and DOJ. I just can't imagine that the Deputy would have authorized the leak. It just doesn't seem to serve, I mean, I guess it serves, it serves the purpose of the Deputy by saying, hey look, do you want us to shut this thing down? I guess it serves Andy in that way, but it really, it really highlights a dysfunction between the FBI and the, and DOJ. And to that end, it doesn't really serve the greater good. The denials of wrongdoing by McCabe are rebutted thoroughly by the OIG report. Some are as simple as noting clear discrepancies between McCabe's testimony and that of others involved. Some are even worse, showing someone running a fine-tuned surveillance apparatus somehow thought his own communications would escape the attention of investigators. [W]with regard to McCabe’s claim that he did not know where Special Counsel was or what she was doing during the relevant time period, FBI records show that McCabe was in frequent telephone and text communication with Special Counsel during that time period and had several communications with her regarding her calls with [WSJ journalist Devlin] Barrett, including a 51 minute call after her first call with Barrett and a 23 minute call after her final call with Barrett. McCabe’s own text messages reflect that McCabe was keenly interested to learn about the results of Special Counsel’s calls with Barrett. We therefore found that McCabe’s claimed ignorance regarding Special Counsel’s activities on those days was demonstrably false. Unfortunately, there's a portion of the populace that feels anyone the Trump Administration fires is a martyr to the Resistance cause. And they're putting their money where their bias is. McCabe's legal defense crowdfunding effort raised more than $500,000, showing there are plenty of Americans willing to hand additional money to a well-paid public servant who committed career suicide by apparently covering up his involvement in a self-serving leak. McCabe's legal team has issued a response [PDF] to the OIG report which takes issue with a few of its conclusions. About the only rebuttal with merit is related to the leak. As his legal team points out, McCabe was authorized to selectively leak information to journalists, much like many high-ranking government officials. The rest of it is little more than semi-plausible explanations as to why there might be an incredible amount of inconsistencies in McCabe's sworn testimony. There are reasons to be concerned about how the firing was handled. McCabe was basically 24 hours away from qualifying for a pension, so the decision to fire him rather than let him resign looks more vindictive than judicious. And while McCabe's leak may have given some people the impression FBI investigations weren't subject to personal political leanings, it appears to have been pushed out to clear McCabe of any Clinton-related suspicions, rather than serve the greater purpose of protecting the reputation of the FBI or DOJ. Permalink | Comments | Email This Story

Read More...
posted 6 days ago on techdirt
The FBI continues to push its "going dark" theory. It's not interested in the truth. It would rather have a legislative mandate or a string of favorable court decisions than utilize options vendors have made available. These are the candles the FBI will forgo to publicly curse the darkness. A recent Inspector General's report made it crystal clear: those charged with finding a way to crack open the San Bernardino shooter's cell phone slow-walked their search in hopes of ending up with a judicial mandate forcing Apple to crack its own encryption. The complaints about the darkness continue, even as vendors like Cellebrite have shown they can crack any iPhone given enough money and time. There are solutions out there, but the FBI doesn't want them. Cellebrite isn't the only company with an iPhone crack for sale. As Joseph Cox reports for Motherboard, another device has surfaced that can brute force its way past iPhone lock screens. The FBI may continue its disingenuous push for weakened encryption, but law enforcement agencies around the nation are more than willing to pay for a solution that doesn't involve Congressional reps or federal judges. Grayshift has been shopping its iPhone cracking technology to police forces. The firm, which includes an ex-Apple security engineer on its staff, provided demonstrations to potential customers, according to one email. “I attended your demo presentation recently held at the Montgomery County Police Headquarters and was pleased by your product’s potential,” an Assistant Commander from the Technical Investigations Section at the Maryland State Police wrote in an email to Grayshift in March. The GrayKey itself is a small, 4x4 inches box with two lightning cables for connecting iPhones, according to photographs published by cybersecurity firm Malwarebytes. The device comes in two versions: a $15,000 one which requires online connectivity and allows 300 unlocks (or $50 per phone), and and an offline, $30,000 version which can crack as many iPhones as the customer wants. Marketing material seen byForbes says GrayKey can unlock devices running iterations of Apple’s latest mobile operating system iOS 11, including on the iPhone X, Apple’s most recent phone. According to documents obtained by Motherboard, multiple state and local law enforcement agencies have purchased Grayshift's device. The documents also show many agencies expressing an interest in picking up a GrayKey, including some at the federal level, like the DEA and, oddly enough, the FBI. The FBI doesn't appear to have acquired one yet, but if that's the case, it's lagging behind local PDs with less funding and tech expertise. It's also trailing the State Department, which has already acquired at least one of the devices. The device comes in two flavors: an online version with a fixed number of unlocks or an offline version that retails for twice as much ($30,000) but can be used as often as the purchaser wants (or until Apple fixes the vulnerability, whichever comes first). The brute force method deployed takes anywhere from 2 hours to several days, depending on passcode complexity. "Going dark" is a convenient lie. The FBI has been deliberately misconstruing reality for a couple of years now, beginning with then-director James Comey's coining of the phrase. Even while Comey was peddling his "going dark" theory to security researchers, Congressional reps, and federal judges, the FBI was rarely having trouble accessing device contents. In 2016, the FBI admitted it could access the contents of passcode-protected devices 87% of the time. Somehow, despite only incremental changes in encryption offerings, the small number of locked devices has grown from ~880 to over 7,000 in two years. This suggests FBI officials is more interested in generating a "going dark" narrative than actually deploying available tech to access contents of seized devices. The existence of another device capable of cracking iPhone encryption should be good news for the FBI. Other law enforcement agencies apparently view this as a plus. The downside for those not employed by the government is that there's a vulnerability in iPhones Apple hasn't fixed yet. And, given the intense secrecy surrounding vendors of exploits, we have no idea how many governments have purchased iPhone-cracking devices. It's unlikely Hacking Team is the only exploit vendor selling to authoritarian governments and UN-blacklisted countries. It's just the only one to have been caught doing it. An exploit is an exploit and it will be used by the good and the bad. Not that relegating it to "good" law enforcement agencies is necessarily a huge improvement. Authoritarian regimes may use tools like this to go after critics and stifle dissent, but let's not forget the FBI has a long history of doing exactly the same thing under the guise of protecting public safety. And, at this point, the FBI isn't being honest about its weapons stockpiles during this Crypto Cold War. Sure, it needs to retain some sort of tactical advantage -- whether it's pursuing bad guys or legislation -- but it should never be granted full credibility when it talks about thousands of unlocked phones, the coming darkness, and how much security we should be forced to give up in the name of public safety. Permalink | Comments | Email This Story

Read More...
posted 6 days ago on techdirt
The government of Singapore is working its way towards regulating "fake news." This is already a problem, as no government that has tackled this issue has been able to define what "fake news" is, other than news the government doesn't like. A government granting itself the power to unilaterally remove competing narratives is something that never goes out of style, and those picking up the "fake news" torch from the Twitter feed of the leader of the free world tend to be of the authoritarian variety. The government's "Select Committee on Deliberate Online Falsehoods" sought input from citizens on the proposed legislation. Then it recast that input by memorializing it in a way that downplayed, if not excised completely, any input that didn't align with the government's views. Freelance journalist Kirsten Han stated her opinion on several matters during the committee's hearing, only to find out the government's prepared summary of the session portrayed her dissenting opinions as roughly concurring with the committee's views. I generally argued that there should be no new legislation that would police or censor content, such as legislation that might allow the government to issue takedown orders, as Singapore already has plenty of legislation that can deal with online falsehoods or content that incite social disharmony or exert undue influence on elections. I also argued for the introduction of a Freedom of Information Act in Singapore — one of the recommendations I made in my written submission. I was horrified to see my views so drastically misrepresented within the Summary of Evidence. Yes, the committee on fake news created fake news. The summary of the committee hearing -- which will presumably be used to inform legislators about potential issues with a fake news law -- is a misrepresentation of what actually happened during the hearings. Here's one example from Han's post, which should be read in its entirety to gain a full appreciation of the committee's editorializing of meeting minutes. (The committee's phrasing is in italics, with Han's response in bold.) i. 92% of Singaporeans, at face value, supported more effective laws, including to remove falsehoods. Ms Han did not support the need for more effective legislation as there were existing powers and she accepted that she may be out of step with the majority of the population. I was asked about the REACH survey a few times during the session. Firstly, I questioned the survey, and said that I did not accept the survey’s results at face value. This was also reflected in Ms Bertha Henson’s blog post on the session. While I do accept that perhaps I might be “out of step” with the majority, I am once again registering for the record that I question the survey and its results. Another point of discussion was rewritten by the committee to make it appear as though Han had admitted some of her other writing was possibly "fake news." vi. On her article in relation to the Public Order and Safety (Special Powers) Act, she agreed that it could be interpreted as being incomplete or misleading. I did not agree that my article could be interpreted as being incomplete or misleading. I stand by my article. I accepted that Mr Tong had a different opinion, as is his right, and advocated engagement and discussion over conflicting interpretations. Rather than leave this open to interpretation or allow the committee to turn it into an our-word-against-hers "victory," Han has also uploaded clips of her responses to the committee's questions to YouTube (these are included in her Medium post), where anyone can compare the camera's record of the hearing with the committee's rose-tinted recollections. Speech regulation predicated on vague terminology is always a vehicle for government censorship. The committee overplayed its hand here, though, offering up pre-censorship censorship of the official record in hopes of showing no one was all that opposed to letting the Singaporean government control what's said about it. Permalink | Comments | Email This Story

Read More...
posted 6 days ago on techdirt
This week, our first place comment on the insightful side is a long one from Stephen T. Stone, responding piece by piece to a comment that was packed full of errors about Section 230, the first amendment, and... everything: You must expand on why and how wrong. Well, if you insist… NO LAW in the US has ANY other valid purpose than to serve the interests of We The People. And the last time I checked, CDA 230 makes it possible for We The People to run and moderate websites and web-based services of all kinds without facing legal liability for anything posted by a third party to those sites/services. Corporations having total and arbitrary control over the now-dominant speech outlets just simply CANNOT be a valid interpretation. Dominant or not, corporations—and the people who ultimately control them—do have total and arbitrary control over those outlets for speech. Twitter, Facebook, and their ilk are not public utilities; being booted from Twitter for breaking their rules is no different than being kicked out of someone’s home for yelling about chemtrails. The right to free expression does not guarantee you forced usage of a privately-owned platform, regardless of who owns the platform. "natural" persons now have a vital First Amendment Right on "platforms" A person’s First Amendment rights do not extend to forcing a platform into hosting speech. The platform’s owners have every right to decide what speech it will and will not have associated with that platform. (Sidebar: The usage of SovCit lingo might be a clue that the poster is talking out of their ass.) In order to be protected by Section 230, companies like Facebook should be “neutral public forums.” -- Simply right. What Mr. SovCit fails to address here is the idea of “neutral public forum”. What does the phrase mean in this regard? Masnick ALWAYS asserts that Corporation are to be de facto censors, and any "natural" persons can just try to find some tiny outlet on which to rant. Well…yeah. Again: The First Amendment does not guarantee the access to or usage of a given platform. The government cannot block you from using a platform; the platform’s owners and administrators, on the other hand… DE FACTO and DE JURE I have Right to comment here while within common law What you have, Mr. SovCit, is a right to speak your mind. Techdirt admins are under no legal obligation to host your speech, regardless of your assertion of “common law”. If you know of any legal statute that says you can force Techdirt to host your speech, your argument would look a lot better if you could cite it. (SovCit lingo is not a legal statute.) a business will have to make it truly private with code if don't want me to use it Now I see the mistake: You confuse "privately-owned" with "private". A privately-owned platform can be both open to the public and capable of “censorship”/moderation that fits with the sociopolitical ideologies of that platform’s owners. A White supremacist forum owned by the Ku Klux Klan, for example, can be open to the public while still retaining its right to delete any posts that insult the concept of White supremacy, the Klan, and White people in general. …how’s that, did I expand on the wrongness of that post well enough? In second place, we've got an anonymous response to the suggestion that Netflix is on the same grounds as any other filmmaker at Cannes: The rule change requiring cinematic release. After Netflix entered films last year, the French cinemas complained which led to the cinema release rule being introduced this year. So Netflix has reason to feel aggrieved at the change, which seems targeted at it. For editor's choice on the insightful side, we start out with a response to Anonymous Anonymous Coward to the perennial and incorrect idea that voting is a prerequisite to having an opinion on politics: Whether one votes or not, whether one performs military service or not, whether one does or doesn't do something else that some pinhead thinks should be required, just being a citizen allows for all the freedoms the Constitution provides, including being able to speak their minds. Even you snowflake. Next, we've got a response from Jeff Green to the EU copyright proposal that would stop people from using Creative Commons on their own work: The proposal strikes at another "fundamental right". If intellectual property is property, which is of course debatable, the law should not ban its owner from giving it away freely. I would be more than a little upset if the EU were to tell me that I wasn't allowed to give my money away to a charity or a friend. Over on the funny side, we head to our post about Ted Cruz's many muddled ideas about online platforms, in which we called the Fairness Doctrine "incredibly silly". That garnered a pair of rebuttals, one reasonable and the other... not. Thad's reply to the latter won first place for funny: What a COMPLETELY ignorant thing to say. If you had been around, you would have KNOWN how effective it was. There would BE no Fox News propaganda if it were still here. Kind of ironic to call somebody ignorant when you don't seem to realize that the Fairness Doctrine only applied to broadcast TV, not cable. This site is about to go off my RSS feed page, now that I know what a simpleton is in charge. Stop, don't, come back. In second place, we've got an excellent reply from hij to our post about the deranged and exaggerated way people think about Facebook: So, you are saying our relationship status with Facebook should be listed as "complicated?" For editor's choice on the funny side, we start out with another reply to Netflix leaving Cannes, this time from Anonymous Anonymous Coward: It sure seems like Cannes is working at its own exercise of the right to be forgotten. And finally, we have an anonymous comment responding to the headline of our post about Trump signing SESTA/FOSTA into law: Despite Repeated Evidence That It's Unnecessary And Damaging, Trump remains president. Fixed that headline for you, Mike. That's all for this week, folks! Permalink | Comments | Email This Story

Read More...
posted 7 days ago on techdirt
Five Years Ago This week in 2013, Ken White returned to fill us in on the massive fallout from Prenda's hearing (as predicted), while the folks involved scrambled to get out of trouble — often by throwing each other under the bus. Paul Hansmeier played innocent, as did John Steele in his filing, both of them trying to turn the blame onto Brett Gibbs, who hit back with his own defence. And while Prenda and Paul Duffy fought hard to block any new evidence from being brought into the case, Judge Wright was having none of that and accepted new evidence from Morgan Pietz. Ten Years Ago This week in 2008, we found out that e-voting problems were in some cases even worse than people thought, but while Congress was failing to do anything about it, some states were hard at work on fixing things. Meanwhile, we got a pair of examples of people using litigation instead of, you know, actually competing: ConnectU's settlement with Facebook, and Mattel/Hasbro's ongoing attempts to get rid of Scrabulous. And we had a big, long post looking at the deluge of amicus briefs in the Supreme Court's critical Bilski case on software and business model patents. Fifteen Years Ago This week in 2003, there was lots of talk about spam, including the legal landmine for employers created by porn spam, and the overall fact that the battle against spam was not going well. One spammer tried to sue an anti-spammer for signing him up for a bunch of spam via his publicly posted business address, but the court very quickly smacked that down. And then the Senate introduced an anti-spam bill, though there was no reason to believe it would accomplish much. Permalink | Comments | Email This Story

Read More...
posted 8 days ago on techdirt
In today's fast-paced news cycle it's easy to overlook the important things: the copyright status of the monkey selfie. Today we have learned nothing new about it, except that the case is not over yet. Which is itself significant, because the parties in the case had jointly moved to dismiss the appeal, and today that motion was denied. In its order denying the motion [pdf, embedded below] the Ninth Circuit acknowledged that while it had the power to dismiss an appeal if the parties so requested it, it did not have the obligation to do so if there were countervailing interests. And in this case, the Ninth Circuit found, there were countervailing interests requiring it to fully adjudicate the matter. It cited several other cases as analogs. As in Albers v. Eli Lily, "this case has been fully briefed and argued by both sides, and the court has expended considerable resources to come to a resolution. Denying the motion to dismiss ensures that 'the investment of public resources already devoted to this litigation will have some return.'" Furthermore, as was the case in Ford v. Strickland, "a decision in this developing area of the law would help guide the lower courts." Also, referencing Albers and Khouzam v. Ashcroft, the court noted that denying the dismissal of appeals prevents the parties from "manipulating precedent in a way that suits their institutional preferences." As one of our colleagues once warned in a similar context, “courts must be particularly wary of abetting ‘strategic behavior’ on the part of institutional litigants whose continuing interest in the development in the law may transcend their immediate interest in the outcome of a particular case.” Suntharalinkam v. Keisler, 506 F.3d 822, 828 (9th Cir. 2007) (en banc) (Kozinski, J., dissenting from the denial of rehearing). In other words, enough of this procedural monkey business. The appeal remains a live matter, and at some point the court will presumably substantively rule on it. Permalink | Comments | Email This Story

Read More...
posted 8 days ago on techdirt
Whenever companies and brands begin behaving badly when it comes to enforcing their trademarks, one common reaction from outsiders is "why?" The reason for that singular question can vary, whether it stems from a lack of true infringement taking place to the seemingly harmless nature of use in dispute to everywhere in between. But perhaps there is no better example of a trademark dispute inducing a "Why?" than in the news that In-N-Out is suing an Australian burger company without doing any real or regular business on that entire continent. Californian burger chain In-N-Out has no presence in Australia. Or anywhere much further than the U.S. west coast and Texas, really. That hasn't stopped In-N-Out from suing Sydney-based restaurant Down N' Out, which opened in 2016 and served burgers that were a tribute to the cult chain. As reported by the Sydney Morning Herald, In-N-Out claimed the Australian restaurant infringes on its trademark and engaged in misleading or deceptive conduct by using the Down N' Out name and logo. Ok, let's highlight this just so nobody can accuse us of being unclear on the point: Down N' Out is clearly referencing and paying homage to In-N-Out, the famous California burger chain. In-N-Out also claims that all of this amounts to Down N' Out trying to pass itself off as being related to the California company. Even if the latter were true, which I doubt is the case, the fact remains that In-N-Out has barely done any business on the entire Australian continent. Despite this, the chain argues that it has "substantial goodwill" in Australia. How that would be, other than by reputation in the media, is anyone's guess. Despite that, In-N-Out is demanding the Australian company change its name and hand over a bunch of money. Legal proceedings were launched in Australia's Federal Court in October last year, and In-N-Out has until June to submit evidence to support its claims. In-N-Out wants Down N' Out to stop using the brand, and to pay damages or hand over profits made while using the name. Again, why? This is dumb, and it's a terrible use of legal funds to wage trademark war on a country in which In-N-Out has no storefront. There's no threat here, because the company isn't operating in that market. All we are left with is our singular question: why? Permalink | Comments | Email This Story

Read More...
posted 8 days ago on techdirt
Silicon Valley companies have historically not seen eye to eye with giant ISPs, as we saw during the early years of the net neutrality debate. But Google and Facebook recently put aside their differences and joined forces with Comcast, AT&T and Verizon to successfully kill an attempt to impose some fairly-modest privacy standards in California. California's proposal closely mirrored the FCC privacy rules ISPs lobbied the GOP and Trump administration to kill last year. Those rules simply required that companies clearly outline what data is collected and sold, and provide working opt out tools. As the EFF noted at the time, sidelining this proposed law required a lot of lying on the behalf of Facebook and Comcast, including claims that the modest protections would harm children, prevent law enforcement from doing its job (not true), reduce consumer security, increase internet popups (what?) and even somehow "embolden extremism." It's pretty clear lobbyists didn't have much problem exploiting the (then) recent tragedy in Charlottesville to their tactical advantage, notes the EFF: "One of the most offensive aspects of the misinformation campaign was the claim that pretending to restore our privacy rights, which have been on the books for communications providers for years, would help extremism. Here is the excerpt from an anonymous and fact-free document the industry put directly into the hands of state senators to stall the bill: The bill would bar ISPs from sharing potentially identifiable information with law enforcement in many circumstances. For example, a threat to conduct a terror attack could not be shared (unless it was to protect the ISP, its users, or other ISPs from fraudulent, abusive, or unlawful use of the ISP's service). AND the bill instructs that all such exceptions are to be construed narrowly. In addition to national security scaremongering, the industry put out a second document that attempted to play off fears emerging from the recent Charlottesville attack by white supremacists: "This would mean that ISPs who inadvertently learned of a rightwing extremist or other violent threat to the public at large could not share that information with law enforcement without customer approval. Even IP address of bad actor [sic] could not be shared." While ISPs, Google and Facebook successfully managed to stall that bill, a new citizen petition has emerged in its shadow. Dubbed the California Privacy Act, the proposal again focuses largely on transparency, requiring that ISPs and content companies alike disclose precisely what data is being collected and sold, while providing working opt out tools. This new proposal should show up as a ballot initiative in November. In some ways it goes further than the earlier proposal, but in other ways it's less comprehensive ("The ISP privacy bill regulates use, sale, and disclosure of cable and telephone. The initiative goes at sale and disclosure of everyone (tech and ISP) but leaves use untouched," the EFF tells me). Needless to say, with everybody suddenly at least pretending to care about privacy for a little while in the wake of the Cambridge Analytica scandal and Zuckerberg's testimony before Congress, Facebook was forced to quietly retreat from its opposition to the measure: #UPDATE: KPIX Exclusive @facebook will no longer back the opposition to the Nov ballot measure known as the CA #ConsumerPrivacyActFB tells us: “We took this step in order to focus our efforts on supporting reasonable privacy measures in #California.”(1/2) — KPIX 5 (@KPIXtv) April 11, 2018 Except again, Facebook has consistently fought reasonable privacy measures in California. Backers of the proposal were quick to issue a statement applauding Facebook's retreat, while noting that AT&T, Verizon, Comcast and Google continue to battle the proposal: "We believe that all consumers deserve the basic rights outlined in our initiative. We call on the remaining corporations who have contributed to the Super PAC opposing this common-sense measure to drop their opposition. Google, AT&T, Verizon & Comcast: if you are not selling our personal information, why are you spending a million dollars to oppose us? Voters overwhelmingly support this measure, and protecting consumers is not only a good business decision, but the right thing to do. It’s time to stop business as usual and to step up and do the right thing." Of course we'll see if Facebook's opposition persists once the spotlight fades. Facebook had already donated $200,000 to the "Committee to Protect California Jobs" in the hopes of keeping the initiative off the ballot, with matching support from AT&T, Google, Comcast and Verizon. That committee remains very much active in its opposition: "Steven Maviglio, the spokesperson for the Committee to Protect California Jobs, contends that Facebook still considers the proposed bill to be “flawed.” In an emailed statement, he told Gizmodo, “It is unsurprising that proponents of the so-called ‘California Consumer Privacy Act’ are looking to distract from their deeply flawed initiative that will do enormous harm to the California economy while not protecting anyone’s privacy." Obviously legislation will play at least some role in addressing the deep well of privacy dysfunction that ranges from your broadband connection to your IOT gadgets. It should be fairly apparent these industry giants aren't likely to support even the most modest of proposals without a fight. An informed and empowered consumer is simply more likely to opt out of data monetization schemes, reducing overall revenues. And as we stumble forward, many of these companies are already proposing their own bogus legislative "solutions" that could make things worse. People spent much of this week pearl clutching over privacy, but it's a very small fraction of those folks that actually pay attention to the nuts and bolts policy efforts to actually do something about it, especially on the state level. That's going to need to change. Privacy legislation is coming, and the public can either choose to be a part of its construction, or cede that responsibility to industry giants intent on crafting incomplete or potentially harmful "solutions." Permalink | Comments | Email This Story

Read More...