posted 4 days ago on techdirt
Legislators and law enforcement (for the most part…) have been hesitant to demand companies build backdoors into their encryption schemes. The unwillingness to cross this government overreach line hasn't really tempered cursing of the impending darkness, however. That remains, largely propelled by a few of law enforcement's loudest mouths, who haven't seen a problem nerds can't solve, even after the nerds have told them repeatedly the problem (safely backdoored encryption) is unsolvable. A lobbying group for Canadian law enforcement thinks it has the answer. Why mandate encryption backdoors when you can just utilize the "backdoor" built into every electronic device? Canada's police chiefs want a new law that would force people to hand over their electronic passwords with a judge's consent. The Canadian Association of Chiefs of Police has passed a resolution calling for the legal measure to unlock digital evidence, saying criminals increasingly use encryption to hide illicit activities. The legislated human backdoor. Obviously, such a demand raises constitutional questions, even on that side of the border. The chiefs' proposed password scheme is "wildly disproportionate," because in the case of a laptop computer it would mean handing over the "key to your whole personal life," said David Christopher, a spokesman for OpenMedia, a group that works to keep the Internet surveillance-free. "On the face of it, this seems like it's clearly unconstitutional." On this side of the border, such a mandate would also seem clearly unconstitutional, even though some courts have ruled that providing a passcode to unlock a device isn't testimonial -- even if what's on the unlocked device may prove to be incriminating. The head of Royal Canadian Mounted Police echoes FBI Director James Comey's lament about (potential) evidence remaining out of reach of investigators. In fact, he pretty much quotes him directly. There is nothing currently in Canadian law that would compel someone to provide a password to police during an investigation, RCMP Assistant Commissioner Joe Oliver told a news conference Tuesday. Oliver said criminals -- from child abusers to mobsters -- are operating online in almost complete anonymity with the help of tools that mask identities and messages, a phenomenon police call "going dark." Mandating the divulging of passwords relies on some very dubious assumptions. One, it assumes that any information still unseen by prosecutors or investigators is of evidentiary value -- hence the perceived need to force suspects to unlock devices. As was seen in the San Bernardino case, a lengthy court battle and a million-dollar payout to Israeli hackers recovered nothing of interest from the shooter's iPhone. Second, it assumes law enforcement will use this power wisely and with restraint -- something that has historically been a problem for it. When an agency uses repurposed military technology (Stingrays) to (almost) hunt down fast food thieves, it's safe to assume forcing someone to expose their "whole personal life" by turning over a password is likely to result in the same sort of misuse… and abuse. It won't be reserved for the "worst of the worst" criminal suspects and will likely be legislated into existence without enough statutory restrictions to prevent device seizures incident to even the most innocuous of arrests to be viewed as evidentiary fishing expeditions. The only standing between this law (if it becomes law) will be Canada's judges. While some judges may be unwilling to expose a person's entire life just because law enforcement swears it's necessary, others will be more amenable. Bring on the forum shopping! Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
As self-driving cars inch closer to the mainstream, a common debate has surfaced: should your car be programmed to kill you if it means saving the lives of dozens of other people? This so-called "trolley problem" has been debated at universities for years, and while most consumers say they support automated vehicles that prioritize the lives of others on principle, they don't want to buy or ride in one, raising a number of thorny questions. Should regulations and regulators focus on a utilitarian model where the vehicle is programmed to prioritize the good of the overall public above the individual? Or should self-driving cars be programmed to prioritize the welfare of the owner (the "self protective" model)? Would companies like Google, Volvo and others prioritize worries of liability over human lives when choosing the former or latter? Fortunately for everybody, engineers at Alphabet's X division this week suggested that people should stop worrying about the scenario, arguing that if an automated vehicle has run into the trolley problem, somebody has already screwed up. According to X engineer Andrew Chatham, they've yet to run into anything close to that scenario despite millions of automated miles now logged:"The main thing to keep in mind is that we have yet to encounter one of these problems,” he said. “In all of our journeys, we have never been in a situation where you have to pick between the baby stroller or the grandmother. Even if we did see a scenario like that, usually that would mean you made a mistake a couple of seconds earlier. And so as a moral software engineer coming into work in the office, if I want to save lives, my goal is to prevent us from getting in that situation, because that implies that we screwed up."That automated cars will never bump into such a scenario seems unlikely, but Chatham strongly implies that the entire trolley problem scenario has a relatively simple solution: don't hit things, period."It takes some of the intellectual intrigue out of the problem, but the answer is almost always ‘slam on the brakes’,” he added. “You’re much more confident about things directly in front of you, just because of how the system works, but also your control is much more precise by slamming on the brakes than trying to swerve into anything. So it would need to be a pretty extreme situation before that becomes anything other than the correct answer."It's still a question that needs asking, but with no obvious solution on the horizon, engineers appear to be focused on notably more mundane problems. For example one study suggests that while self-driving cars do get into twice the number of accidents of manually controlled vehicles, those accidents usually occur because the automated car was too careful -- and didn't bend the rules a little like a normal driver would (rear ended for being too cautious at a right on red, for example). As such, the current problem du jour isn't some fantastical scenario involving an on-board AI killing you to save a busload of crying toddlers, but how to get self-driving cars to drive more like the inconsistent, sometimes downright goofy, and error-prone human beings they hope to someday replace.Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
The Director of National Intelligence's office has cleared another FISA court opinion [PDF] for release. These are getting far more interesting to read, even if little seems to be changing about the FBI/NSA's collection methods. The process is now a little bit more adversarial, thanks to the USA Freedom Act, which introduced the possibility of someone arguing on behalf of the surveilled and in the interest of privacy and the Fourth Amendment. Unfortunately, this opinion finds the FISA court mostly unimpressed with the counterarguments. The discussion involved the use of pen register orders to capture "post-cut through" dialing digits -- the sort of thing the court determined to be content, rather than metadata in the past. This time around, the court seems more amenable to the government's arguments that any digits obtained along with dialed phone numbers is fair game -- whether or not the orders actually allow for the collection of communications content. The government claimed it had no technical ability to capture only dialing information. Everything entered on a phone keypad would make its way back to government with the pen register. Past the point of interception, the government was supposed to discard the extra digits because they might be considered content. This is what the court determined in 2006: The court “had made modifications to the government’s proposed pen register orders,” reads the biannual report to Congress obtained by EPIC. “Although the [FISA Court] has authorized the government to record and decode all post-cut-through digits dialed by the targeted telephone, it has struck the language specifically authorizing the government to make affirmative investigative use of possible content” unless permission is specifically granted by the court. A decade later, the FISA court is seeing things differently. We have reviewed the record and considered briefs from the government and from amicus curiae appointed by the court under 50 U.S.C. 1803(i) to present argument in this matter. We conclude that section 1842 authorizes, and the Fourth Amendment to the Constitution of the United States does not prohibit, an order of the kind described in the certification. Read fairly and as a whole, the governing statutes evince Congress's understanding that pen registers and trap-and-trace devices will, under some circumstances, inevitably collect content information. Congress has addressed this difficulty by requiring the government to minimize the incidental collection of content through the employment of such technological measures as are reasonably available -- not by barring entirely, as a form of prophylaxis, the use of pen registers and trap-and~trace devices simply because they might gather content incidentally. Nor does an order authorizing such surveillance run afoul of the Fourth Amendment's guarantee against unreasonable searches and seizures. The warrant requirement is generally a tolerable proxy for "reasonableness" when the government is seeking to unearth evidence of criminal wrongdoing, but it fails properly to balance the interests at stake when the government is instead seeking to preserve and protect the nation's security from foreign threat. We therefore hold that surveillance of this type may be constitutionally reasonable even when it is not authorized by a probable-cause warrant. We further hold, on the facts presented here, that the order under review reasonably balances the investigative needs of the government and the privacy interests of the people. In other words, the Fourth Amendment is perfectly fine for criminal investigations, but doesn't really apply to national security investigations. Not really a comforting place to draw the line, considering the FBI's shift in focus from law enforcement to becoming the NSA's unofficial domestic wing over the past 15 years. The problem with the removal of restrictions the court had erected earlier is that this decision doesn't just influence the collection of dialed digits through pen register orders. Other metadata collected from other forms of communications are also affected by this ruling, as is pointed out by Marc Zwillinger, the court-appointed amicus acting on behalf of the Fourth Amendment and the general public. The amicus curiae contends that if the government's argument were applied to Internet pen registers, the government could collect information generated by a wide variety of activities on the Internet, including searching, uploading documents, and drafting emails. The court leaves it up to Congress to solve the problem -- which to a certain extent it has. The laws surrounding pen register orders have been updated periodically, but the most recent changes are still more than 20 years old: the Communications Assistance for Law Enforcement Act (CALEA) was passed in 1994. At that point, Congress added statutory language that said the FBI, et al, must use "technology reasonably available to it" to restrict the recording/decoding of post-cut-through digits. Twenty years later, the government is still claiming it has no way of limiting this collection. I guess "nerd harder" is only applicable to the private sector. The point made by Zwillinger isn't some form of privacy advocate paranoia. The Patriot Act allowed pen register orders to be deployed to capture internet metadata. As is pointed out in the opinion, Sen. Patrick Leahy expressed concern over this broadened collection and noted that without additional restrictions, the new law could be read as allowing the interception of a broad range of content, rather than just routing information. The court, however, interprets Congress's minimal actions post-Patriot Act as being indicative of its support for the collection of content (however inadvertently) with pen register orders. In fact, it goes so far as to claim the stipulations Congress did enact did not narrow the breadth of the collections, but rather only prevented the definition from being expanded further than it already had been. According to the FISA court, the national security ends justify the Fourth Amendment-bruising means. [T]he relevant statute at issue in this case authorizes the use of a pen register "to protect against… clandestine intelligence activities." 50 U.S.C. 1842(a)(1). Pursuant to that statute, the government seeks to monitor the dealings of a person, currently in the United States, who is suspected of collecting intelligence in the service of a foreign power. The purpose of the proposed monitoring is the preservation of national security. Few government interests are of a higher order. The interest at stake is no less -- and may even be greater -- for the foreign agent's being present in this country. And were we to insist on a showing of probable cause and the issuance of a judicial warrant in this setting, we would impede the Executive's ability to bring to bear against the threat those faculties -- "stealth, speed, and secrecy" -- needed to secure the nation's well-being in this most fundamental and sensitive of government endeavors. The streak continues. The Fourth Amendment is mostly null and void when it comes to national security, whether it's the FBI using pen register orders to collect communications content or the DHS/CBP pawing through electronics/traveling dozens of miles from the border to hassle inland citizens. Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
Former Riverside District Attorney Paul Zellerbach is in trouble, as Brad Heath and Brett Kelman report for The Desert Sun. A judge issued an arrest warrant Tuesday for former Riverside County District Attorney Paul Zellerbach after he failed to appear at a court hearing to answer questions about an eavesdropping operation so vast it once accounted for nearly a fifth of all U.S. wiretaps. [...] "He should have been there," said Jan Ronis, the attorney who subpoenaed Zellerbach. "But he just blew us off. We could have had court today." It's not uncommon for Zellerbach to go missing when people need him. When Zellerbach ran the DA's office, he was rarely there. The DEA found his office to be just as accommodating, with or without him, though. Although the DEA was supposed to run its wiretap warrant requests through federal judges and have them signed by the district attorney himself, it often found it easier to obtain a signature from whoever happened to be at the office and run them by Riverside County judge Helios Hernandez, who approved five times as many wiretap applications as any other judge in the US. The wiretap applications' reach frequently exceeded their jurisdictional grasp, traveling far outside of Riverside County, California, to be deployed against suspects as far away as North Carolina. But that was only one issue with the warrants applications approved by Zellerbach's office. The DOJ's lawyers didn't like the DEA's skirting of federal rules for wiretap applications. "It was made very clear to the agents that if you're going to go the state route, then best wishes, good luck and all that, but that case isn't coming to federal court," a former Justice Department lawyer said. "They'd want to bring these cases into the U.S. Attorney's Office, and the feds would tell them no (expletive) way," a former Justice Department official said. California's wiretap laws weren't being followed either, thanks to Zellerbach holding office in absentia. Riverside County’s former district attorney, Paul Zellerbach, has acknowledged that he allowed lower-level lawyers to do that job, saying he could not recall ever having reviewed a wiretap application himself. Four of the wiretaps in the Kentucky case were approved by one of Zellerbach’s assistants, and one was approved by an assistant to his successor. Now, the DEA's toxic and possibly illegal wiretap warrants are being challenged, now that defense lawyers know exactly how much -- and how often -- state and federal requirements were being skirted by the drug warriors. That's what has led to Zellerbach's arrest warrant. The first challenge, filed in Kentucky, led a federal judge to say that Riverside had issued so many wiretaps “that constitutional requirements cannot have been met.” The second challenge, filed locally, led to the warrant being issued for Zellerbach. Zellerbach was subpoenaed to appear in the case of Christian Agraz, 33, an accused drug trafficker who was allegedly caught on a wiretap selling bricks of heroin in 2014. The former DA did not appear at the hearing in the Agraz case on Tuesday morning, so Judge Michele Levine issued a bench warrant and assigned a bail of $1,500. The constitutional requirements say Zellerbach was supposed to sign each wiretap application personally. Paul Zellerbach can't recall approving a single one of the hundreds that flowed through his office over the years. The DEA's Riverside County-centric drug war looks like it's going to result in several cases being tossed out. Fortunately, the DEA still can keep everything it's claimed via civil asset forfeiture, which makes good busts out of bad ones and makes obtaining convictions entirely optional. Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
When all you have is repurposed war gear, everything looks like a war zone. It's not just the Pentagon handing out mine-resistant vehicles and military rifles to any law enforcement agency that can spell "terrorism" correctly on a requisition form. It's also the FBI acting as a gatekeeper (and muzzle) for cell phone-tracking hardware originally developed for use in Iraq and Afghanistan. The latest addition to the pantheon of "war gear, but for local law enforcement" is aerial surveillance. While this sort of surveillance is nothing new -- police have had helicopters for years -- the tech deployed to capture recordings is. Bloomberg has a long, in-depth article on aerial surveillance tech deployed by the Baltimore Police Department -- all without ever informing constituents. Baltimore isn't the first city to deploy this repurposed military tech. The Los Angeles Sheriff's Department gave the same gear a test run back in 2014. The LASD also did little to inform the public about its purchase, claiming that people might get paranoid and/or angry if they knew. Baltimore's acquisition of Persistent Surveillance Systems' 192-million megapixel eye in the sky also occurred under the cover of governmental darkness. The tech was given to the police and paid for by a private donor -- which kept the public out of the loop and any FOIA-able paper trail to a minimum. Last year the public radio program Radiolab featured Persistent Surveillance in a segment about the tricky balance between security and privacy. Shortly after that, McNutt got an e-mail on behalf of Texas-based philanthropists Laura and John Arnold. John is a former Enron trader whose hedge fund, Centaurus Advisors, made billions before he retired in 2012. Since then, the Arnolds have funded a variety of hot-button causes, including advocating for public pension rollbacks and charter schools. The Arnolds told McNutt that if he could find a city that would allow the company to fly for several months, they would donate the money to keep the plane in the air. McNutt had met the lieutenant in charge of Baltimore’s ground-based camera system on the trade-show circuit, and they’d become friendly. “We settled in on Baltimore because it was ready, it was willing, and it was just post-Freddie Gray,” McNutt says. The Arnolds donated the money to the Baltimore Community Foundation, a nonprofit that administers donations to a wide range of local civic causes. The cameras are able to capture activity across the city. The resolution may seem high, but the area covered by the cameras still makes individuals nearly unidentifiable. What it does do is provide a wide-angle look at the movements of these humans reduced to pixels by current tech limitations. Rather than just provide a closer inspection of certain areas, the scope of what's captured allows law enforcement to rewind their way through people's lives, seeing where certain pixels go and what pixels they interact with… and where those pixels go. The ability to trace movements backward can provide law enforcement with details on where criminal activities originate and where possible co-conspirators might be located. It also helps officers track down suspects who have fled from crime scenes. While it's certain to provide some investigative use, it also gives the Baltimore PD an unprecedented overview of entire neighborhoods for it to peruse in hopes of discovering something that justifies its deployment. It expended zero manhours informing the public, however, before putting it to use. The BPD is already facing heat due to the unconstitutional deployments (multiple thousands of them) of its Stingray devices. Now it has another bit of questionable war tech in use and it's still refusing to discuss it. Where the city stands in this approval process -- if there even was one -- remains a mystery. City officials aren't discussing the surveillance tech either. If there was any oversight of the high-tech donation, no records have surfaced. The only party that seems comfortable talking about the surveillance tech is the person behind Persistent Surveillance Systems, Ross McNutt. McNutt often says that when he stares into the computer monitors, the dots moving along the sidewalks and streets are mere pixels to him. Nothing more. If anyone else wants to project identifying features onto them—sex, race, whatever—that’s their doing, not his. Even as the technology advances and the camera lenses continue to get more powerful, he says, his company will choose to widen its viewing area beyond the current 30 square miles rather than sharpen the image resolution. He’s exasperated when his system is criticized not for what it does, but for its potential. The potential is the problem. Surveillance systems like these are prone to both feature creep and mission creep. If they're already being deployed secretly, the chances for abuse move from merely "probable" to "almost inevitable." McNutt may be extremely open about his tech and its capabilities, every law enforcement agency that has made use of it has been the polar opposite. And when private donors skirt procurement processes and other red tape by purchasing surveillance tech for law enforcement agencies, a certain amount of accountability disappears. If an agency feels it's counterproductive to gauge public sentiment before deploying more surveillance tech, the least it can do is keep them informed about upcoming changes. But the Baltimore PD did none of that. It simply took its expensive surveillance gift and put it to work. Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
Over the last few weeks there's been plenty of controversy over plans on the Côte d’Azur in the south of France to ban burkinis -- a kind of full body bathing suit favored by some Muslim women. As the Guardian pointed out recently, the whole thing seems like a "bizarre inversion" of Muslim countries where making sure women are covered is enforced: The burkini row may seem banal, and to some a surreal inversion of laws in Islamic countries, but it has become yet another flame in the murderous tinderbox of Islamism in France, invoking issues of control over the body, religious freedom, racism, provocation, terrorism, Islam and Islamophobia, republicanism and what the French call laïcité. Lïïcité is the hardest for people outside France to understand: our words “laity” and “secularism” fail to express the depth of allergy to all things theocratic, which is endemic to French societal fabric since the revolution. Others are pointing out the absurdities when compared to what's allowed. I've seen several versions of this, but this one is my favorite: Just to be clear everyone, only ONE of these is illegal to wear on the beach in France, #BurkiniBan pic.twitter.com/74HQhbZYPV — Ally (@_AllysonMarie_) August 24, 2016 Either way, the story blew up again last night as the Daily Mail reported on actual instances of women on a beach in Nice being forced to remove clothing and pay fines. While the Daily Mail is not particularly trustworthy on news, a number of other publications have now confirmed the story as well, and pictures are floating around on social media of police forcing women to remove clothing, including one where it's pretty clearly not a burkini at all, but just a large shirt or muumuu of some sort. Just let this sink in. Men with guns forcing a women to undress, with the weight of the law behind them. pic.twitter.com/4BI16Bbss9 — Abdul-Azim আজিম (@AbdulAzim) August 23, 2016 This seems pretty ridiculous on all sorts of levels, but never think things are so ridiculous that some politicians can't make them worse. Guillaume Champeau from the excellent French site Numerama alerts me to the news that the deputy mayor of Nice, Christian Estrosi is threatening to sue those who share these images over social media. Yup, France, a country that claims to pride itself on freedom is not just telling women that they can't cover themselves up too much on the beach, but that it's also illegal to report on the police following through on that. Here's is the awkward Google translation of the French report: Christian Estrosi ... has published a press release by the city of Nice, to announce that he would file a complaint against those who would broadcast pictures of municipal police verbalize women guilty of exercising what they believed to be their freedom to dress from head to feet on the beaches. " Photos showing municipal police of Nice in the exercise of their functions have been circulating this morning on social networks and raise defamation and threats against these agents ," the statement said. Wait. Showing accurate photos creates defamation against the police? How's that work? Estrosi apparently says that legal actions have already been filed, though Numerama was unable to confirm any legal actions as yet. The article also notes that despite Estrosi implying otherwise, police do not have any sort of special protections that say they cannot be photographed while in public. Either way, it's not clear what this kind of move will accomplish other than making France appear intolerant and petty towards all sorts of freedoms, including religious freedoms and freedom of speech.Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
Earlier this year, complaint site Pissed Consumer noticed a disturbing new trend in the dark art of reputation management: unnamed rep management firms were using a couple of lawyers to run bogus defamation lawsuits through a local court to obtain court orders demanding the removal of "defamatory" reviews. What was unusual wasn't the tactic itself. Plenty of bogus defamation lawsuits have been filed over negative reviews. It's that these lawsuits were resolved so quickly. Within a few weeks of the initial filing, the lawsuit would be over. Each lawsuit improbably skipped the discovery process necessary to uncover anonymous reviewers and proceeded straight to judgment with a (bogus) confessional statement from each "reviewer" handed in by the "defamed" entity's lawyer for the judge's approval. Once these were rubber stamped by inattentive judges, the lawyers served Google with court orders to delist the URLs. To date, no one has uncovered the reputation management firm behind the bogus lawsuits. In each case, the companies purporting to be represented by these lawyers were shells -- some registered as businesses on the same day their lawsuits were filed. It's one thing to do this sort of thing from behind the veil of quasi-anonymity afforded by the use of shell companies. It's quite another to file a bogus lawsuit with an apparently forged signature (of the supposed defamer) under your own name. But that's exactly what appears to have happened, as detailed in this post by Public Citizen's Paul Alan Levy. In addition to posting his reviews of Mitul Patel on Yelp, [Matthew] Chan posted on RateMDs, kudzu.com and Healthgrades.com about his unsatisfactory experiences with Dr. Patel.   Chan’s is but one of a number of negative reviews directed at Patel on these various sites, but Patel apparently took particular umbrage at this one: he filed a pro se libel action claiming, in highly conclusory terms, that the reviews were false and defamatory. It doesn't get much more conclusory than this filing [PDF], which runs only three pages -- with one page containing nothing more than a date and a signature. The complaint lists the URLs of Chan's reviews, says they're defamatory... and that's basically it. No part of the reviews are quoted as evidence of defamation. The filing simply declares every review defamatory and demands an injunction. But that's the kind of detail you can omit when you know you're never going to have to confront the accused in court. [I]nstead of suing Chan in Georgia, Patel filed in the circuit court for the city of Baltimore, Maryland, a court that would ordinarily have no personal jurisdiction over a Georgia consumer sued for criticizing a Georgia dentist. Patel justified suing there by identifying “Mathew Chan” as the defendant – note that the spelling of the given name is slightly different – and alleging that this Mathew Chan “maintains a primary residence located in Baltimore, Maryland.” There's a problem with both the defendant named and the primary address. The name is misspelled, perhaps deliberately so. The address listed in the complaint is completely bogus. The fact that the both the online docket for the case, and the “consent motion for injunction and final judgment” bearing a signature for “Mathew Chan,” list his address as 400 East Pratt St. in Baltimore implies to me that this is a case of deliberate fraud, because so far as I have been able to determine, 400 East Pratt Street is a downtown building that contains only offices, retail establishments and restaurants, but no residences.    Despite these deficiencies, the lawsuit made it past a judge because it contained a supposed mea culpa from "Mathew Chan" of "400 East Pratt Street" admitting to the defamatory postings. This motion with the bogus signature and admission was approved by judge Philip S. Jackson, who also instructed "Mathew Chan" to issue notices to search engines to delist the URLs if removing the original reviews proved impossible. The real Matthew Chan -- who posted the reviews -- had never heard of the lawsuit until after the injunction had already been approved and served. Yelp notified him of the court order it had received. Chan, who still lives in Georgia as far as he can tell, informed Yelp of the situation and the review site decided to reinstate his review. Other sites, however, took the order at face value and removed the reviews. It appears Yelp was the only site to reach out to Chan when presented with the court order -- something that doesn't exactly bode well for users of other review sites. If sites protected by Section 230 are in this much of a hurry to remove content, they're really not the best venues for consumers' complaints. Somewhat surprisingly, Levy received a response (of sorts) from Mitul Patel's lawyer. They claim this is the first they've heard of the lawsuit filed in Patel's name targeting negative reviews of Patel's dentistry. This wasn't delivered in a comment or statement, but rather in the form of a retraction demand [PDF]. The opening paragraphs are inadvertently hilarious. This letter is to advise you that I have been retained to represent Mitul Patel, DDS, regarding the contents of your blog, dated Friday, August 19, 2016, entitled "Georgia Dentist Mitul Patel Takes Phony Litigation Scheme to New Extremes Trying to Suppress Criticism". Based upon a review of your blog, which has unfortunately gone viral, please be advised that the contents of your blog are grossly inaccurate, factually incorrect, and were obviously written for no other purpose but to gain publicity for your blog, and to willfully damage the name and reputation of Dr. Patel. First, there's the pain of being Streisanded, embodied in the phrase "has unfortunately gone viral." That's the sort of thing that happens when negative reviews are mysteriously injunctioned into the cornfield. Then there's the stupid accusation the Streisanded hurl at those who expose questionable -- and possibly fraudulent -- behavior: that it was motivated by a thirst for internet points. The first statement is merely sad. The second is mostly just tiresome. The retraction demand goes on to claim that this is the first Mitul Patel has heard of the lawsuit (filed in his name) as well. While this would seem unlikely, Levy points out that a reputation management company could have created plausible deniability by filing a pro se lawsuit under Patel's name (its own kind of fraud) but without notifiying him that this is how it poorly and illegally handles its reputation-scrubbing duties. Unfortunately for Patel, whoever was hired to do this has done further damage to the dentist's reputation while presumably charging him for making things better. Levy, of course, will not be retracting the post. His response to the demand letter points out that it's rather curious no disavowal was made until after the blog post "unfortunately went viral." I was not persuaded, however, by your suggestion that I should "retract" the blog post or apologize for it. After all, you acknowledge that much of what I had to say on the blog was true. But I also have qualms about your assertion that, before my blog post was published, Patel had no knowledge of the lawsuit in Baltimore, for two reasons. First, in the course of investigating before I published my article, I obtained from Yelp copies of emails from Mitul Patel to Yelp, attaching the Baltimore court order and asking that Chan's Yelp comments be deleted. I attach the copies of these emails. Yelp has told me that Patel used [email address retracted], the same email address that [rest of sentence retracted]. Unless the email addresses were spoofed, those emails suggest that your client knew about the court order and was trying to take advantage of it. Moreover, before I posted my article on the blog, I placed two telephone calls to Patel's dental clinic to try to speak with him about the lawsuit; I told his receptionist why I was calling. In addition, on Wednesday, August 17, I sent your client an email message mentioning his lawsuit against Chan and spelling out my concerns. Although he did not call me back and did not reply to the email, I trust he saw the messages before I published my article on Friday. Levy goes on to point out that it seems strange someone or some company would pay a $165 filing fee to file a bogus defamation lawsuit for Patel without ever informing him it was doing so. The only motivation possible would be a shady reputation management company engaging in shadier tactics because Patel's paying it more than it's shelling out in filing fees. Levy has requested Patel provide him the name of anyone he's hired to do reputation cleanup work or perform SEO optimization on his behalf. So, it's not just DMCA notices being abused to "protect" dishonest entities' reputations. It's also the legal system, where there's very little compelling lower level judges to spend a few minutes scrutinizing bare bones complaints (and injunction motions) handed to them by shady plaintiffs. Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
How to keep your data secure seems to be on many people's minds these days. The $20 Ultimate PC Data Security Suite Bundle could go a long way in protecting what's important to you. Folder Lock 7 allows you to password protect your files, folders and drives, to encrypt your most important files easily, to back files up in real-time, to shred files and drives, and more. USB Block allows you to white-list your own USB drives and devices to not only prevent unauthorized access by USB, but also by CD/DVD and network computers. USB Secure lets you password protect all your USB drives, SSD drives, external drives and memory cards so nobody can access your data but you. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
Earlier this month, we wrote about how the Copyright Officer had filed a really bizarre and legally dubious comment with the FCC concerning the FCC's plan to open up competition in TV set top boxes, ending cable company's monopoly on those boxes (for which they bring in $21 billion in revenue per year). The FCC's plan was pretty straightforward -- and the cable companies have attacked it on all sides, with the one argument that seems to be sticking is that this plan is somehow an affront to copyright, and would result in piracy. This is blatantly, factually incorrect. The FCC's plan makes it clear that any system would retain existing technology protection measures against piracy (for better or for worse). If this new system resulted in infringement, it would because there's infringement on the internet already, not because of these new rules. The Copyright Office's comment was ridiculous on multiple levels, but the worst was the basic argument that private agreements between cable providers and content providers could somehow limit or erase the fair use rights of the public. Yet that's exactly what the Copyright Office argued: "The Office's principal reservation is that, as currently proposed, the rule could interfere with copyright owners' rights to license their works as provided by copyright law, and restrict their ability to impose reasonable conditions on the use of these works through the private negotiations that are the hallmark of the vibrant and dynamic MPVD marketplace." This simply incorrect interpretation of the law raised some pretty serious questions, with Public Knowledge going so far as to note a somewhat disturbing pattern of the Copyright Office acting like a lobbying arm for Hollywood, rather than an impartial organization bound by what's in the actual law. Following up on all of this, one of the many legacy entertainment industry lobbying groups, the Copyright Alliance has released its own letter to the FCC basically repeating what the Copyright Office claimed. It also put out a blog post about the letter... but really the blog post seemed to be an attempt to attack Public Knowledge for its comments about the Copyright Office. The Copyright Alliance's letter is basically exactly what you'd expect, rehashing the already debunked claims about how the FCC's plans will cause copyright problems, but the Copyright Alliance seems to take it one step further, arguing, ridiculously, that anything that copyright holders don't like is obviously against the law. Read the following quite carefully: As noted by the Copyright Office, copyright law is predicated on the theory that creators are incentivized to create new works by the prospect of reaping the economic fruits of their creative labor, which in turn benefits the public by increasing the number of creative works available for their enjoyment. This economic rationale behind copyright protection has been repeatedly confirmed by the Supreme Court. The Copyright Act creates these incentives by granting copyright owners a bundle of exclusive rights in their works, which they can assign and/or license to third parties in their discretion. The detailed contractual arrangements governing the release of copyrighted works into the commercial marketplace are what enable copyright owners to realize the full value of their works. The FCC’s Proposal undermines this licensing structure by forcing MVPDs to deliver copyrighted content—including all content the MVPDs license from programmers and other content creators—to unlicensed third parties, without the authorization of those copyright holders, while offering no mechanism to ensure that the detailed license arrangements between MVPDs and programmers/copyright owners are respected. Therefore, the Register is correct in her observation that the Proposal threatens to harm copyright owners by encroaching on their exclusive prerogatives to both exercise and license their rights to reproduce, distribute, display, and perform their creative works, as well as by undermining their ability to earn a return on their investment in those works. Except, if what I've bolded above is actually copyright law, then the VCR, the DVR, the MP3 player, photocopiers and much of the very internet itself are inherently against copyright law. But that's not what courts have found. If you look at the classic Betamax lawsuit, it made it abundantly clear that even when there were license agreements between content providers and TV stations that end users could absolutely record and watch content via an "unlicensed" device, known as the VCR. This just takes the Copyright Office's ridiculous assertion that copyright holders and ISPs can somehow write fair use out of their agreements for end users, and takes it even further to effectively write the Betamax ruling out of existence and set up a framework that says there can be no fair use in new consumer electronics. That's both wrong and crazy. And, yes, I know that the former Copyright Office boss Ralph Oman has argued that all technology should be considered infringing until Congress says it's okay, but that's not the actual law, and it's incredibly dishonest to suggest it's the case. Here's the important thing that the Copyright Office and the Copyright Alliance don't seem to understand (or are willfully ignoring). This content is already licensed. The only people who will get access to it are those who have a legitimate right to access the content from their cable providers. In other words, everything is licensed. There is no "harm" at all. The only issue is that the content can be accessed (by the paying subscribers!) via alternative hardware (which might add some more features, but which will still have the same copy protection). But nothing in this creates any problems for the content creators, because the overall setup is the same. They have licensed the work. The hardware alternatives that may arise may include some additional features, such as recording and such, but that's well within their legal rights under fair use. The complaint here seems to just be that the Copyright Alliance and the Copyright Office don't like fair use and don't want the Betamax standard to exist any more. The Copyright Alliance and its funders in the entertainment industry may wish that the VCR were never made legal (even though it was a device that basically saved Hollywood by bringing in massive new markets and revenue streams), but they don't get to rewrite history and pretend it doesn't exist. It's this kind of crap that is so annoying about these groups like the Copyright Alliance. They are flat out misrepresenting reality.Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
Let's face facts: if you have an electronic voting machine it can be hacked. Anyone who claims any piece of technology or computer equipment is "unhackable" is a fool and should not be in a position to determine the security of such equipment. Electronic voting machines have a very long tradition of having absolutely horrible security and being easily hacked. It's why it's so important that people understand just how vulnerable these things are, not just because they can be hacked, but the poor security practices around them will lead many people to distrust the results of any election, even if all the votes were actually counted. You know what doesn't help? Having election officials declare their e-voting machines unhackable. And yet that's exactly what officials in Pennsylvania's Allegheny County (think: Pittsburgh) have done. Starting in the next few weeks and running past Election Day, the machines will undergo tests to ensure they are recording votes properly, that they have not been hacked and that they cannot be tampered with, said Mark Wolosik, longtime manager of the Allegheny County Elections Division. Each test is designed to check a potential breach in the system. “The voting public can feel confident,” Wolosik said. “Everything is tested extensively before the election, after election and on Election Day.” Election officials in Allegheny and Westmoreland counties said they are confident their electronic voting systems are immune from hackers or malware that could alter election results. “In my experience, there is no way to compromise these election systems,” said Dave Ridilla, head of Westmoreland County's computer information department. That doesn't make me feel more confident. It makes me question the competence of those officials. Any such hardware can be hacked. Saying it can't means that you're just not understanding the threats you face, and that's more problematic. There are things that people can do to minimize the risks, and hopefully that's what's happening here, but giving a flat out "there is no way" statement is ridiculous on its face and is almost screaming out to have that statement mocked when the equipment is actually hacked. The machines being used do not appear to have open source software that people can examine, and they don't have a paper backup, so if votes are tampered with there's really no clear way to know for sure. That's especially problematic. Yes, people may have done a good job securing the machines, but saying they can't be hacked is not just wrong, but it calls into question the competence of the people securing the machines.Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
You'll recall that ISPs (and the lobbyists, think tanks, politicians, and consultants paid to love them) argued incessantly that if we passed net neutrality rules, investment in broadband infrastructure would grind to a halt, leaving us all weeping gently over our clogged tubes. ISPs like Verizon proudly proclaimed that net neutrality rules would "jeopardize our investment and the development of innovation in Broadband Internet and related services." ISP-tied think tanks released study after statistically-massaged study claiming that net neutrality (and the reclassification of ISPs as common carriers under Title II) would be utterly catastrophic for the broadband industry and its consumers alike. But as time wore on it became abundantly clear that these warnings were the empty prattle of a broken industry, using a thick veneer of bunk science to defend its monopoly over the uncompetitive broadband last mile. Since net neutrality was passed there has been absolutely no evidence that a single one of these claims had anything even remotely resembling merit, with broadband expansion pushing forward at full speed, constrained only by the ongoing lack of competition in many markets. We've watched as outfits like Google Fiber continue to expand its footprint. We've watched as Verizon suddenly promised to deploy fiber to cities long neglected. We've watched as Comcast and AT&T rushed to try and keep pace with gigabit investments of their own. In short, nothing changed, and things may have even improved. And now companies like Comcast, AT&T and Verizon are doling out what could be as much as $86.4 billion in what may be the most expensive spectrum auction ever:"The FCC’s forward auction headed into Round 8 on Monday with a total of more than $11.5 billion in bids, according to the auction dashboard. The figure was up from just $8.5 billion in auction proceeds from the first round of bidding last week. Demand appeared to be holding strong...Forward auction bidders are striving to hit an $86.4 billion price target set by broadcasters in the reverse auction. If demand does not reach supply, then a second reverse auction will be held with a lower clearing target of 90 MHz, the FCC has said. You'd think that carriers tripping over themselves to pursue fifth-gen (5G) wireless alone would be enough to put onerous claims about the negative impact of net neutrality rules to bed. But you'd be wrong. Revolving door regulators like Verizon lawyer turned FCC Commissioner Ajit Pai have consistently tried to claim that net neutrality somehow stifled investment, we just apparently didn't notice. Other sector chicken littles have turned to citing unrelated business downturns to try and obfuscate how full of crap the lion's share of these organizations and consultants were on the subject of net neutrality. Tech Freedom, for example, spent some time last week rewteeting claims that Cisco's decision to lay off an estimated 5,500 employees was somehow thanks to net neutrality: Hey, @FCC, how's that post-Title II infrastructure investment going ... ?#WhatHappensWhenYouIgnoreEconomics https://t.co/1E8umiojLZ — Gus Hurwitz (@GusHurwitz) August 17, 2016 Except Cisco's global layoffs have nothing to do with some relatively simple net neutrality rules passed in the States. Cisco is downsizing because of the rise in virtualization and the company's shift from its hardware roots into a software-centric organization, something the company itself admits, and something you'd think an economist would understand. This conflation attempt isn't unique. Industry-tied think tanker Hal Singer has done yeoman's work the last year or two trying to claim networking investment is down despite all evidence pointing to the contrary. Singer, whose study played the starring role in the industry's manufactured denial, continued to beat the same drum beat on Twitter last week:@derekkerton @GusHurwitz @mmasnick no one is denying investment. Question is, compared to what benchmark? Relative to 2014, we're down 8%. — Hal Singer (@HalSinger) August 18, 2016 But as noted previously Singer's 8% stat comes from his own study. A study repeatedly criticized for cherry-picking unrelated data to intentionally indicate a network investment downturn that doesn't exist. In many instances he included companies whose CAPEX was dropping because they'd just finished major deployments (Charter's finished deployment of new digital set top boxes, for example). Elsewhere, Singer and other think tankers have tried to claim that CAPEX reductions and cost savings due to the rise in software-defined networking (SDN) and network function virtualization (NFV) were actually caused by net neutrality. Ironic, then, that Singer took to The Hill to pen an op-ed accusing the FCC of playing fast and loose with empirical evidence when it comes to efforts like net neutrality or cable box reform:"It is simply irresponsible for regulators to rely on gut feelings – or political pressure or public opinion polls. Rather they should be guided by empirical evidence, rigorous analysis of regulatory costs and benefits and basic economic principles taught on every college campus across the country together. What matters most is not the sheer number of docketed public comments or the enthusiasm of those blockading of the Chairman’s driveway, but instead a sober analysis of the need for regulation in light of proven market failures."Again, that's an ISP-funded think tanker, freshly proven incredibly, repeatedly, and quite-possible intentionally wrong across numerous fronts, blasting the FCC for ignoring actual economic data. Gosh, it's almost as if these folks are paid to be as intellectually rigid as possible, utterly immune to any attempts at honest discourse when presented with conflicting evidence. Do you get to give people lectures on economics and integrity when your bunk studies are used repeatedly to smear net neutrality rules designed to aid consumers, startups and small businesses nationwide? Apparently. In short, ISPs and their "dollar-a-holler" think tankers used crap science and economics to intentionally mislead the public on net neutrality, but their predictions have been proven repeatedly and painfully wrong. But instead of acknowledging error and moving on to the next misleading argument, they've decided to double down and promote a broadband investment cataclysm that never actually happened.Permalink | Comments | Email This Story

Read More...
posted 5 days ago on techdirt
If this keeps up, the list of entities not hacked by Russian intelligence will be shorter than the list of those who have. [Caution: autoplay annoyance ahead.] Hackers thought to be working for Russian intelligence have carried out a series of cyber breaches targeting reporters at the New York Times and other US news organizations, according to US officials briefed on the matter. The New York Times has brought in investigators to "assess the damage." If anything truly damaging was obtained during the hack, there's a good chance we'll all get a chance to see it. While national security investigators are theorizing that the Russian hackers' targeting of non-government organizations is designed to give them a look at the government's inner workings without actually having to breach a government server, there's also the possibility that this hacking is more aligned with the focus of the Democratic National Committee hack: to find something potentially embarrassing and publish it for the world to see. According to the CNN article, Clinton's campaign believes the DNC hack was politically-motivated. Hardly unsurprising, considering most Russian hacking attempts are propelled by politics. The claim that Russia wants Trump to win the election isn't an entirely outlandish theory. If so, the hacking of news agencies may be similarly motivated. The press hasn't been shy about pointing out Trump's lies and bad behavior, so it could be hackers are seeking communications pointing to an anti-Trump conspiracy. It's likely they'll find evidence that fits this description, but it's hardly a conspiracy, no matter how theorists choose to spin it. Donald Trump is an exceptional presidential candidate -- and not in the most favorable definition of that term. While most candidates would at least pay lip service to presenting a unified front, Trump has been intentionally divisive, setting up "us vs. them" narratives that go beyond simple Republican vs. Democrat terms and deep into the party he supposedly represents. Beyond the alleged backing of Trump, there's more to be gained than simply pointing out the media's transparent disdain for the Republican candidate. There are also leaked -- but unreleased -- documents stored on agencies' servers. News organizations are considered top targets because they can yield valuable intelligence on reporter contacts in the government, as well as communications and unpublished works with sensitive information, US government officials believe. It could very well be that the Russian government is seeking to provoke a cyberwar, utilizing hackers to fire its opening salvos. There's also money to be made -- on both sides -- from a variety of cybersecurity firms who will do all they can to turn high-profile hacking into a multi-decade cyber-Cold War that will provide them with plenty of lucrative contracts. So, instead of seeing these attacks as a very normal state of affairs, hyperbolic theorizing will take precedence over more measured responses. Permalink | Comments | Email This Story

Read More...
posted 5 days ago on techdirt
You know those stupid and annoying "tree shaped" car air fresheners you see every damn where? Of course you do. The company behind those "Little Trees" is called Car-Freshner Corporation, and it's notoriously overprotective of whatever trademark it thinks it has. Way back in 2009, we wrote about the company and an absolutely ridiculous ad it had taken out in Photoshop User Magazine: At the time, we noted how odd it was to take out a full page ad warning people against supposed trademark infringement, and over-claiming its own rights at the same time (e.g., "no matter how you use it."). So it comes as little surprise that Car-Freshener corporation is a bit of a trademark bully in court. Though, perhaps it's met its match -- and it may result in it losing some trademarks. Trademark lawyer Marty Schwimmer, who runs the excellent Trademark Blog, is representing a non-profit organization, Sun Cedar, that has been sued by Car-Freshener for daring to create tree-shaped blocks of wood (cedar!) that smell good. The answers and counterclaims from Sun Cedar is worth the read in full, but we'll hit a few high points here. Sun Cedar is not just a non-profit, but an organization that tries to train and to employ "at risk" individuals, including those who are homeless, ex-felons and substance abusers to help them get back on their feet. The organization creates objects out of wood, including tree shaped ornaments. It even ran a very successful Kickstarter project last year. So, yeah, both organizations make tree shaped objects that smell nice. But that's about the extent of it. To argue that only the Little Trees trademark extends that far is a huge reach. In comparing the two, Sun Cedar's response points out that the only real similarities are the idea of a pine tree -- and that's not protectable. Sun Cedar does not use any distinctive element that Plaintiffs could arguably claim as a mark (such as the saturated green field or block base in its Tree Design). It is questionable whether Plaintiffs can assert rights in either a blank silhouette of a tree or a blank configuration of a pine tree, because Plaintiffs (1) chose the pine tree outline for functional reasons (to the point of patenting the shape); and (2) have abandoned the blank silhouette registrations, as they do not use blank silhouettes as trademarks in commerce. Finally, Sun Cedar’s $10, thick, wooden ornaments are sold on its website, through Kickstarter, and in “green” retail stores, as opposed to in the gas stations and car washes that sell Plaintiffs’ approximately $1.00 cardboard-thin cellulose car fresheners. The two products never have and never will be offered for sale side by side in any retail setting. Now, if you follow the law around trademarks and patents there are a couple of eyebrow raising statements in that paragraph above, beyond just the "hey, our trees are nothing like your trees and there's no chance of confusion." That's the standard "no likelihood of confusion" defense to trademark claims. And it's a good one here, because, really, those are pretty different. And it's ridiculous to argue that any tree shaped thing that smells nice infringes -- especially since there are lots of other such products: So, yeah. But, as mentioned above, there are other serious problems here called out in the response and counterclaims that could mean that Car-Freshener is going to lose some of the trademark protections it likes to claim it has. First up: the patent issue. What's that got to do with anything? Well, you see Car-Freshener apparently also got itself a patent on its design, patent 3,065,915, granted back in November of 1962. As you're probably aware, that patent is now long expired. But what does that have to do with the trademark? Well, the patent -- which is technically on the system for removing the car freshener from the packaging over a period of time to release the smell, claims that the tree-shaped design is actually functional to make all this work: Upon information and belief, this diagram illustrates the system claimed by the ’915 Patent. Specifically, the diagram consists of seven images, each showing the body of the air freshener in different stages of removal from the cellophane package over a seven week period. A notch is cut in the center of the cellophane. The first week, the packaging is pulled down to the first branch and only the top of the tree is exposed. The second week, the packaging is pulled down to the second branch, exposing more of the tree, and the cellophane is tucked under the corresponding branches. This continues until the seventh week, when the tree is removed completely from the packaging. This matters to trademark law because you can't trademark functional design. That's what patent law is for. So Sun Cedar is arguing that the entire trademark here is invalid because it tried to trademark a functional design, and the fact that it's functional is proven by Car-Freshener's own patent. That's a neat legal judo move. In short, upon information and belief, the shape of the Tree Design is essential to the use or purpose of the article for which it is registered, namely air fresheners. As such, the Tree Design is functional and is not entitled to registration, pursuant to Section 14(3) of the Lanham Act, 15 U.S.C. § 1064(3). The filing also argues that the rectangular block base of Little Trees fresheners is also functional since it's used to display names or the type of scent or other information. The other interesting argument is that Car-Freshener actually abandoned the actual design in the trademarks that it holds on Little Trees. It gives a few examples of this, but we'll show one here to demonstrate. In arguing that Car-Freshener has abandoned trademarks like US Reg. No 1,781,016, the filing points out that the actual trademark is for a silhouette of the tree shape: But that the products it's offering, which it claims show the use in commerce, are not of the silhouette, but quite different: I will admit that this part -- claiming abandonment -- feels like more of a stretch to me. Frankly, it seems the case should be won solely on the lack of any likelihood of confusion. But the patent argument saying that the tree-shaped design is functional and therefore cannot be covered by trademark sure is a fun one. It will be interesting to see how this goes in court -- and whether or not Car-Freshener's trademark bullying over its Little Trees products results in the company actually losing some or all of its trademarks...Permalink | Comments | Email This Story

Read More...
posted 5 days ago on techdirt
While Windows 10 is generally well-liked by reviewers and users, it's relatively clear that it's not the OS to choose if you actually want to control how much babbling your OS does over the network. While a lot of complaints about Windows 10 have been proven to be hyperbole or just plain wrong (like it delivers your BitTorrent behavior to Hollywood or it makes use of menacing keyloggers), Windows 10 is annoyingly chatty, sending numerous reports back to Microsoft even when the operating system is configured to be as quiet and private as possible. While Microsoft has been criticized for this behavior for some time now, the general response out of Redmond has been to tap dance over, under and around most of the key complaints. Enter the Electronic Freedom Foundation, which last week effectively called on Microsoft to stop bullshitting everybody in terms of what gets collected and why. The EFF does a good job reiterating how Microsoft used malware-esque tactics to get users to upgrade, then once installed, Windows 10 collects user location data, text input, voice input, touch input, web browsing history, and general computing telemetry data, including which programs you run and for how long -- which would be arguably less of an issue if you had full control over how much of this data was collected and funneled back to the Redmond mothership. Microsoft has made some modest changes to address ballooning concern about user privacy over the last year, but the EFF notes that the company continues to tap dance around how much data is collected, what the company is doing with it, and why users can't have full privacy control over an OS they purportedly own:A significant issue is the telemetry data the company receives. While Microsoft insists that it aggregates and anonymizes this data, it hasn’t explained just how it does so. Microsoft also won’t say how long this data is retained, instead providing only general timeframes. Worse yet, unless you’re an enterprise user, no matter what, you have to share at least some of this telemetry data with Microsoft and there’s no way to opt-out of it. Microsoft has tried to argue that Windows Update won't work if telemetry reporting is minimized and user privacy and preferences are actually protected. In short, Microsoft has tried to claim that giving users broader control puts the user at risk by hamstringing security updates. That's something the EFF is quick to call bullshit on, calling it a "false choice" that's "entirely of Microsoft's own creation." What Microsoft should do if it truly values its customers, the EFF argues, is dramatically ramp up company transparency and finally offer a meaningful, simple opt-out functionality:Microsoft should come clean with its user community. The company needs to acknowledge its missteps and offer real, meaningful opt-outs to the users who want them, preferably in a single unified screen. It also needs to be straightforward in separating security updates from operating system upgrades going forward, and not try to bypass user choice and privacy expectations. In response to the EFF, Microsoft has continued to do what it has always done: pretending that nothing is wrong, customer control and privacy are the company's highest priorities, and these privacy concerns are overblown because, shucks, most people really like the OS:Microsoft is committed to customer privacy and ensuring that customers have the information and tools they need to make informed decisions. We listened to feedback from our customers and evolved our approach to the upgrade process. Windows 10 continues to have the highest satisfaction of any version of Windows.Granted that may say more about past interactions of Windows than of Windows 10. Even then, because people generally like the core OS experience Windows 10 offers doesn't magically dismantle concerns that Microsoft still, more than a year after launch, isn't actually listening to its customers when it comes to privacy and control.Permalink | Comments | Email This Story

Read More...
posted 5 days ago on techdirt
It is with mostly pleasure, but a little bit of sadness, that I am here to inform you, dear reader, that the idiotic trademark lawsuit brought by Citigroup against AT&T because it dared to say "thank you" to its customers is dead. Yes, what started only a couple of months ago as an unintentional test to see just how far a large corporation could twist trademark law out of its useful intentions has been dropped by both parties with prejudice, meaning that no further legal action can be taken on the matter. At issue was AT&T including the phrase "thank you" in some of its messaging and branding. Citigroup, as it turns out, somehow got the USPTO to approve a trademark for the phrase "thankyou" and declared that, largely because the two companies had done some co-branding work in the past, customers might be confused by an AT&T ad thanking them for their business into thinking that it has something to do with Citigroup. I read the argument Citigroup made in its filing as to why this confusion was likely, but my brain came to a screeching halt every few sentences, distracted by questions like, "How much can a bank's lawyers drink during the day?" and "Precisely how many peyote buttons would I have to swallow before 'thank you' equalled 'Citigroup' in my addled mind?" Yet the end of this lawsuit was easily predicted after the court refused Citigroup's initial request for an injunction against AT&T. That court opinion went further in explaining to Citigroup the flimsy nature of its position than it had to, almost as a warning not to pursue this any further. And, this week, the banking company relented. Citigroup Inc (C.N) and AT&T Inc (T.N) have ended a court battle over whether the "AT&T thanks" customer loyalty program infringed Citigroup's trademark in the phrase "thankyou." The resolution may help preserve a relationship between Citigroup and AT&T dating to 1998 that includes 1.7 million U.S. customers with co-branded credit cards. "We have decided not to pursue this matter any further and look forward to continuing to work with AT&T," Citigroup spokeswoman Jennifer Bombardier said in a statement. I'm sure AT&T appreciates Citigroup dropping the suit, but it's probably searching for an allowable phrase to express that kind of gratitude. What this may have more to do with is AT&T's defense that basically consisted of pointing out the ridiculousness of a single company being able to trademark a common phrase like "thank you," or iterations of it, for any category of anything ever. The end of the suit likely means the end of AT&T's challenge to the trademark, which is unfortunate. We'll have to see if Citigroup has learned its lesson, or if it will choose to bring legal action against any other thankful companies in the future. Permalink | Comments | Email This Story

Read More...
posted 5 days ago on techdirt
Ira Rothken is a lawyer on the front lines of many major legal battles relating to copyright and piracy, including defending Megaupload founder Kim Dotcom and, most recently, taking up the defense of Kickass Torrents operator Artem Vaulin. This week, Ira joins us on the podcast to discuss the ins and outs of these and other cases where the entertainment industry has come down hard on consumers and innovators. Follow the Techdirt Podcast on Soundcloud, subscribe via iTunes, or grab the RSS feed. You can also keep up with all the latest episodes right here on Techdirt. Permalink | Comments | Email This Story

Read More...
posted 5 days ago on techdirt
Another FBI/Playpen/NIT case has moved to the point of a motion to dismiss. The lawyer for defendant Steven Chase is arguing the government should abandon its prosecution because the FBI's activities during its conversion of child porn site Playpen into its own Rule 41-flouting watering hole were "outrageous." What did the FBI do (besides traveling beyond -- far beyond -- the warrant's jurisdiction to strip Tor users of their anonymity) to merit this accusation? It made Playpen a better, faster child porn website. Joseph Cox reports for Motherboard: Newly filed court exhibits now suggest that the site performed substantially better while under the FBI's control, with users commenting on the improvements. The defense for the man accused of being the original administrator of Playpen claims that these improvements led to the site becoming even more popular. “The FBI distributed child pornography to viewers and downloaders worldwide for nearly two weeks, until at least March 4, 2015, even working to improve the performance of the website beyond its original capability,” Peter Adolf, an assistant federal defender in the Western District of North Carolina, writes in a motion to have his client’s indictment thrown out. The government generally isn't known for efficiency or immediate improvements, but the filing [PDF] points out that the gains were exponential. From there the FBI distributed child pornography to viewers and downloaders worldwide for nearly two weeks, until at least March 4, 2015, even working to improve the performance of the website beyond its original capability. As a result, the number of visitors to Playpen while it was under Government control from an average of 11,000 weekly visitors to approximately 50,000 per week. During those two weeks, the website’s membership grew by over 30%, the number of unique weekly visitors to the site more than quadrupled, and approximately 200 videos, 9,000 images, and 13,000 links to child pornography were posted to the site. A better child porn site, brought to thousands of criminal suspects all over the world by your tax dollars. What a time to be alive! The motion to dismiss points out that making it easier and faster to download child porn images runs contrary to assertions the government has made in support of prosecutions and stricter penalties for child porn viewers. This behavior is all the more shocking because the federal government itself – in sentencing memoranda, online mission statements, reports to congress, press releases, and arguments before this very Court and many others – has repeatedly emphasized that victims of child pornography are revictimized each and every time their images are viewed online. Despite these frequent pronouncements, the government here made no attempt during the two weeks it was running the site to reduce the harm to innocent third party victims by limiting the ability for users to view or access the images. Indeed, government agents worked hard to upgrade the website’s capability to distribute large amounts of child pornography quickly and efficiently, resulting in more users receiving more child pornography faster than they ever did when the website was running “illegally.” And once the images have been downloaded from a (faster) source, they can be redistributed elsewhere, furthering the damage done to victims of child pornographers. It really can't be argued that the ends justified the means. Once the government seized the server hosting the Playpen site, it possessed a wealth of information it could use to criminally prosecute users without resorting to operating the site for two weeks. Even if the government wanted to deploy an NIT, it could have done so without also rendering the Playpen site functional. It could have, for example, disabled access to the images of child pornography, turned off the ability to upload pictures or videos, or even just run the site for a much shorter period of time. Moreover, as noted above, the government has charged less than 1% of Playpen members, the same percentage of users it already had IP addresses for on the day it seized the site. It cannot be that the government may distribute child pornography to a thousand users for each user it catches, particularly when it already has the necessary information to identify the same number of users before it had distributes a single image. The defense points to a message [PDF] posted to the forums after the site was seized by the FBI as evidence the agency improved the site to better serve users (with its NIT). A Playpen administrator's account stated the following on February 28th, eight days after it took control of the site. I upgraded the Token Ring to Ethernet about an hour ago and things seem to be working a bit better. This is what the FBI will do to further its investigations: it will become a better distributor of illegal material than the criminals it's going after. The filing notes that a conservative estimate of the number of images distributed during the FBI's two-week hosting stint sits around one million. Also of note: throwaway email accounts are to be expected when users create accounts at child porn sites. But I honestly expected more from the President of the United States. The motion makes good points about the FBI's apparently hypocritical child porn distribution and points out it had many options -- including disabling image downloads -- to pursue that would still have allowed it to serve up its NIT to the site's visitors. Unfortunately, courts have a hard time finding law enforcement activity to be "outrageous" enough to toss cases. And in this particular prosecution, it's the worst of the worst being prosecuted: a child porn viewer. Permalink | Comments | Email This Story

Read More...
posted 5 days ago on techdirt
Recently, Sony had let it be known that it would soon be announcing some new offerings for its PlayStation 4 console. While most of the media coverage had focused on what is suspected to be a new, more powerful version of the console, a leak this week instead revealed a different console offering, consisting of a newly slimmed down form factor PlayStation 4 with a slightly redesigned controller. As an owner of a PS4, I can join others' interest in this design, with the original console being somewhat bulky. I can also join others in having only a mild bit of surprise as a reaction, given that Microsoft had already announced a slimmed down version of its Xbox product, and given that Sony has done this with previous versions of the console as well. But I was slightly surprised to learn that Sony has apparently been setting its lawyers on spooking gaming media sites and taking down news articles from social media accounts about the leak. Reports of the latter have just started coming in. Sony issued a takedown and had this post removed from my Facebook page: https://t.co/fIjP0buTdY — Erik Kain (@erikkain) August 23, 2016 Now, Forbes has an annoying restriction on access to its site if you are sensibly using an ad-blocker, so I won't include the link for which the takedown was reportedly issued. That said, the post references the work Eurogamer did in visiting the leaker of the image to confirm the console is for real (it is), as well as generating its own image and even video of the console working for its story on the leak. But if you go today to the Eurogamer post about the leak, the video has been replaced by the following update. UPDATE, 7.30pm: Upon taking legal advice, we have removed the video previously referenced in this article. Left unsaid is whether or not any contact had been made by Sony with Eurogamer, thus prompting this "legal advice," but one can imagine that being the case, particularly given Sony's threats to social media users sharing images and reporting of Sony leaks and, more to the point, threats against any media that might report on those leaks. One can understand why a gaming website might blanch in the face of Sony's legal hounds, but it's still disappointing to see the tactic work. Which brings us to this very moment. I imagine that the entire point behind these legal threats was to keep the news of a slimmed down PS4 from spreading prior to its official announcement. But, thanks to the Streisand Effect, here we are talking about it anyway, while simultaneously discussing the attempted coverup and questionable threats to fans and media that Sony has undertaken. So...mission accomplished? Permalink | Comments | Email This Story

Read More...
posted 5 days ago on techdirt
Help protect your data online with a $49 unlimited subscription to SaferVPN Basic. You gain access to 400+ servers in 30 countries with unlimited bandwidth, data, and server switching. The simple to use app could be a perfect introduction to VPNs for the uninitiated. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.Permalink | Comments | Email This Story

Read More...
posted 5 days ago on techdirt
Oh boy. The Information Technology and Innovation Foundation (ITIF) is a DC-based think tank that, from it's name, you might think would promote things that are important for innovation. And yet, this misleadingly named think tank has been on the wrong side of almost every major tech issue over the last few years -- perhaps because a large segment of its funding comes from anti-technology industries, like the entertainment industry and the large telco/broadband providers. This is the same organization that argued that net neutrality was bad, that kicking people off the internet for piracy was a good idea, that the US gov't should encourage countries to censor the internet and, most recently, that broadband companies charging more to not track your every move is "pro-consumer." But perhaps the pinnacle of bullshit policy proposals from ITIF was that it was the organization (again, funded by the entertainment industry) that first proposed the basic framework of site blocking as a response to copyright infringement, back in 2009. The basis of that proposal was then turned into SOPA, leading ITIF to take a victory lap for creating what it believed was such a good law. Of course, you know how that all went down. After actual technologists pointed out how problematic the ITIF approach to site blocking would be, and the public spoke up, the bill went nowhere. And ITIF is basically the sorest of sore losers. Last fall, ITIF published a bogus snarky "report" insisting that it's original SOPA plan for DNS blocking "did not break the internet." This, of course, conveniently misstates what was meant by "breaking the internet" when tech experts like Paul Vixie explained the problems with SOPA. It wasn't that the overall internet would just stop working or that fewer people would use it, but rather than basic ways in which the internet is expected to function (I reach out to this DNS entry, I get back the proper response) would fail, and that would open up opportunities for serious mischief, from man in the middle attacks to breaking how certain security protocols work. But ITIF just can't let it go. This week it published a new report, once again using snark to insist that the internet didn't break: How Website Blocking Is Curbing Digital Piracy Without "Breaking the Internet." But its "evidence" is pretty suspect. It relies heavily on a recent report from some Carnegie Mellon professors, but leaves out the fact that those professors run a research center that was launched with a massive grant... from the MPAA. It also quotes papers from NetNames (funded by NBC Universal) and the Digital Citizens Alliances (a secretive MPAA front group that was a core component to the MPAA's "Project Goliath" plan to attack Google). The paper is full of misleading statements and half truths. Take this for example: In the vitriolic debates over the Stop Online Piracy Act (SOPA) in the United States, many opponents of taking action to limit access to foreign websites dedicated to piracy argued that website blocking would “break the Internet,” although they never satisfactorily explained how this breakage would occur or why the Internet was not already broken, since some site blocking already existed before the SOPA debate. Nonetheless, no policymaker wanted to be accused of being responsible for breaking the Internet. Five years later, we have evidence to evaluate. Meanwhile, 25 nations have enacted policies and regulations regarding website blocking to find a better balance between preserving the benefits of a free and open Internet and efforts to stop crimes such as digital piracy. And the Internet still works just fine in these nations. Actually lots of people pretty clearly explained how and why it would break things -- including tech superstars like Paul Vixie and, yes, even Comcast, the owner of NBC Universal, an MPAA member. This is from Comcast: When we launched the Domain Helper service, we also set in motion its eventual shutdown due to our plans to launch DNSSEC. Domain Helper has been turned off since DNS response modification tactics, including DNS redirect services, are technically incompatible with DNSSEC and/or create conditions that can be indistinguishable from malicious modifications of DNS traffic (including DNS cache poisoning attacks). Since we want to ensure our customers have the most secure Internet experience, and that if they detect any DNSSEC breakage or error messages that they know to be concerned (rather than not knowing if the breakage/error was "official" and caused by our redirect service or "unofficial" and caused by an attacker), our priority has been placed on DNSSEC deployment -- now automatically protecting our customers... The non-technical policy wonks at ITIF might not understand this "technical" speak, but what Comcast is saying here is that using DNS blocking is a massive security risk. It doesn't mean that the internet itself "stops working" altogether, but that a core way that the internet is expected to work no longer does, and that exposes lots of people to lots of mischief. ITIF, of course, will then point to the fact that 25 countries have implemented DNS blocking, and since they haven't seen the internet "stop" working in those places, they assume it's fine. This is dubious on two accounts. First, much of the mischief that can be caused by DNS blocking won't be directly observable to the public. ITIF really is in no position to know what kind of mischief is now enabled thanks to DNS blocking in those countries, but it won't be surprising to see that it eventually leads to security nightmares. The second is more fundamental: many people in those countries now use VPNs to virtually transport themselves elsewhere to get around these blocks. Many, in fact, transport themselves to the US to access things here. But, put in place site blocking in the US, where a huge percentage of internet traffic happens, and the opportunities for massive mischief increase quite a lot. But ITIF is too clueless to understand this. In fact, the only "problem" that ITIF says might come up with DNS blocking is that it might take down multiple servers behind the same DNS, but which ITIF insists is easy to fix. ITIF also insists that such a small percentage of people use VPNs, getting around DNS blocking won't be much of a problem. Though, hilariously, they then admit that the methods to get around DNS blocking could put users at risk. But ITIF never puts two and two together to recognize how DNS blocking puts more people at risk. Critics claim that DNS blocking, like IP blocking, will cause “collateral damage” due to the risk of over-blocking, as a single domain can host many websites through website extensions.26 However, this risk can be addressed by implementing DNS blocking at the subdomain level (e.g. www.piracysite.maindomain.com instead of www.maindomain.com).... [....] Many, if not most, consumers have low levels of computer literacy and certainly are not sophisticated enough to understand how to manipulate the DNS settings in the network configuration of their computers, mobile phones, and other Internet-connected devices. Furthermore, users who switch DNS servers can expose themselves to many security risks if they cannot trust the responses from these servers. You know what else will mean you can't trust the results from a DNS server? DNS blockades! That's the "breaking" of the internet that Vixie and others were talking about. Which ITIF still doesn't comprehend. Later in the report, ITIF also claims that people who worried about DNS blocking for copyright infringement were "fine" for it in blocking malware: The irony is that just months before leading opponents stated their opposition to website blocking, a key opponent said it was okay to block domains that spread malware and that this could be done without harming the Internet itself. I'll just note that basically every other sentence in that paragraph has a footnote as a source for the information... but that sentence conveniently has no footnote. I've looked at the other footnoted links in that paragraph and none of them involve "leading opponents" supporting DNS blocking for malware. So I'm curious how ITIF's sourcing on this key point seems to have magically disappeared. There's more in the ITIF report, but it's basically fighting the same old war: it lost on SOPA, but ITIF can't let it go. And so it's not just fighting, but fighting dishonestly. It takes quotes out of context, makes misleading statements and doesn't seem to actually understand the core technological issues at play here. And it would be at least marginally more compelling if every study it cited (and ITIF itself) weren't funded by the MPAA, the main driver behind SOPA.Permalink | Comments | Email This Story

Read More...
posted 5 days ago on techdirt
Charles Harder is the California lawyer who likely will forever be known as "Peter Thiel's lawyer" after Thiel helped set up his own law firm with the "focal point" of hunting for any lawsuit that might destroy Gawker. It appears that Thiel is happy to share his pet lawyer with his new best buddy, Donald Trump, or Trump's wife, Melania. On Monday the UK's Daily Mail (not exactly known for its accuracy in reporting) received a threat letter from Harder, representing Melania Trump, claiming that its recent article on Melania was defamatory. I'm not exactly sure where Mr. Harder is looking to sue but, if it's in the US, it's difficult to see how the article reaches the level of defamation by any stretch of the imagination. Melania Trump is, obviously, a public figure and, under US law, for a news report to be defamatory it needs to not only be incorrect and harmful but also published "with actual malice" -- meaning that the Daily Mail would have known that the published statements of fact were false, or they had a reckless disregard for the truth. Reading through the original Daily Mail article, I don't see how that could possibly be the case. The supposed "bombshell" claims in the piece are statements from a couple of different sources alleging that Melania was an escort when she first came to NY (and that may be how she met Donald in the first place). But the Mail is actually (somewhat surprisingly, given its reputation), quite careful with those statements, pointing out that they came from a book, but also noting that there's little evidence to back them up. It also points to a Slovenian magazine article claiming that the modelling agency Melania worked for was actually an escort service, but the Mail only notes that the magazine said this, and then gets a quote from the guy who ran the modelling agency saying (vehemently) that the story wasn't true. Furthermore, the Daily Mail noted: There is no evidence to back up these startling claims made in Suzy magazine. The rest of the article is just kind of weird. Perhaps it's how the Mail normally reports, but much of the second half is stories from a guy who had a crush on Melania when they were both teens. But, yeah, it's not at all clear how any of this rises to the level of defamation. The Daily Mail doesn't say anything defamatory about Melania at all. It just notes that certain sources (a book written by an anonymous author and a Slovenian magazine article) make these claims (both of which are accurate factual statements) and then notes that there's little actual evidence to back them up. And yes, this is a trashy tabloidy kind of thing to do ("some people say..." to say something mean, rather than making the case themselves), but it's difficult to see how it comes anywhere near the standard for actual defamation. And it's not just the Daily Mail that Harder is going after. The Guardian reports that Harder has said that Melania may also sue Politico and the Week for reporting on her immigration status a few weeks back. You may remember the story. Politico noted some discrepancies in the timing of when Melania had claimed she had come to America, and the date of some nude photos that the NY Post dug up from a photo shoot in NY. That led Politico to raise questions about whether or not Melania was an illegal immigrant -- a bit of irony considering her husband's hardline stance against illegal immigration. Once again, going through the Politico story, it's basically ridiculous to argue that anything in there is defamatory. Again: the statements need to be statements of fact (not just questioning things) that were made with "actual malice." There's no way the Politico article reaches that level. But, again, we're talking about Charles Harder and the Trumps here, and the legitimacy of the case may be secondary to just threatening people. Trump, of course, has a long history of SLAPP-like lawsuits designed to bury journalists he doesn't like. And that's not me just saying that, Trump has flat out admitted to doing this: Trump said in an interview that he knew he couldn’t win the suit but brought it anyway to make a point. "I spent a couple of bucks on legal fees, and they spent a whole lot more. I did it to make his life miserable, which I’m happy about." And, again, that's the basis of Thiel's campaign against Gawker, where no matter what you think of the Hogan case, the other cases that Harder has filed against Gawker appear to pretty clearly be basic SLAPP suits designed to burden the company with legal fees. And, of course, some smaller publications have already been intimidated into silence. The NY Times notes that Harder has contacted other publications as well (mainly those that wrote about the Daily Mail's article) and at least two of them have retracted or apologized for their original stories. Here's the Inquisitr apologizing and retracting its story and here's Liberal America doing the same thing. Liberal America flat out explains: This is being written under duress because I don’t have enough money to fight a legal battle against the Trump machine. You can see the full threat letter that Charles Harder sent on behalf of Melania and judge for yourself. Harder claims that he can show "actual malice" in the reporting "by nature of the fact that my client has publicly denied the foregoing statements." That's not, actually, how one proves "actual malice." Without being able to see the original stories at Inquisitr and Liberal America, I can't say definitively if either one said anything that would be considered defamatory, but it certainly sounds like they were just quoting what was in the Daily Mail article, which does not seem to be defamatory. So what are we left with? A thin-skinned Presidential candidate who has admitted to happily filing bogus lawsuits to burden journalists whose reporting he doesn't like, whose wife has teamed up with a lawyer who was basically set up in business to "focus" on filing a bunch of lawsuits for the purpose of overburdening a publication another billionaire disliked. People have been disagreeing with me over whether or not the Gawker shutdown is a big deal, insisting that "if you just don't publish private sex tapes, there won't be a problem." Yet, here we have publications already being intimidated into not publishing stories and other larger publications being threatened for reporting which does not appear to be defamatory at all. Doesn't that seem the least bit problematic to some people?Permalink | Comments | Email This Story

Read More...
posted 5 days ago on techdirt
Making fun of the Internet of Things has become a sort of national pastime, made possible by a laundry list of companies jumping into the space without the remotest idea what they're actually doing. When said companies aren't busy promoting some of the dumbest ideas imaginable, they're making it abundantly clear that the security of their "smart," connected products is absolutely nowhere to be found. And while this mockery is well-deserved, it's decidedly less funny once you realize these companies are introducing thousands of new attack vectors in every home and business network the world over. Overshadowed by the lulz is the width and depth of incompetence on display. Thermostats that fail to heat your home. Door locks that don't protect you. Refrigerators that leak Gmail credentials. Children's toys that listen to your kids' prattle, then (poorly) secure said prattle in the cloud. Cars that could, potentially, result in your death. The list goes on and on, and it grows exponentially by the week. The latest gift of the Internet of Things industry, revealed last week by security researchers at Bitdefender, is smart electrical sockets that can be hacked to hand over e-mail credentials, create a botnet, or (potentially) burn your house down by firing up connected appliances. The devices are sold as an amazing new tool to help create a connected home, allowing users to manage any device plugged into them via a smartphone and/or the internet. The problem, as usual, is an (unspecified) company that treated security as an afterthought. From the full Bitdefender research paper:"Bitdefender researchers observed that the hotspot is secured with a weak username and password combination. Furthermore, the application does not alert the user to risks associated with leaving default credentials unchanged. Changing them can be done by clicking ‘Edit’ on the name of the smart plug from the main screen and choosing a new name and a new password. Secondly, researchers noticed that, during configuration, the mobile app transfers the Wi-Fi username and password in clear text over the network. Also, the device-to-application communication that passes through the manufacturer’s servers is only encoded, not encrypted.That's not just bad security, that's yet another company that's not even trying. And not even trying, it should be added, despite a constant flood of news reports that have demolished an endless list of different brands for failing to embrace things like fundamental encryption. We're building a mansion out of flammable toothpicks and empty promises, and as Bruce Schneier recetly noted, it's really only a matter of time before the check comes due on a fairly massive scale. And while security is a big part of the problem, equally troubling is the rise of "smart" products that stop working once the company's manufacturer gets bored or sold. Like, you know, connected light bulbs that no longer really connect to much of anything:"Earlier this month, our colleague and Consumerist reader Michelle spotted a great deal on some Connected by TCP smart lightbulbs she’d been eyeing for her home. Before buying, she checked to see if they’d be compatible with her Amazon Echo or Wink app, and it’s good that she checked first. As it turns out, those bulbs are no longer compatible with any device, app, or hub, because TCP pulled the plug on their server as of June 1. Whoops, sorry! Not only is the Internet of Things a total shit show when it comes to security and privacy, you also don't really own the things you buy, creating a universe of new possibilities when it comes to dysfunction, fraud, and misleading advertising promises. There are plenty of reasons why this incompetence is coming home to roost, though the simplest is that many companies were just too cheap and lazy to invest in quality kits, research and technology, and most IOT "evangelists" were too focused on self-promotion to much care about the fact that they were selling us an industrial-grade disaster.Permalink | Comments | Email This Story

Read More...
posted 6 days ago on techdirt
We've talked a great deal here about what a theater of security our national airports have become. Far from accomplishing anything having to do with actually keeping anyone safe, those in charge of our airports have instead decided to engage in the warm fuzzies, attempting to calm an easily-spooked traveling public through bureaucracy and privacy invasion. The hope is that if everyone suffers the right level of inconvenience and humiliation, we'll all feel safe enough traveling. But it's quite easy for the 4th wall in this security theater to be broken by the right sort of circumstance. In case you missed it, one such circumstance happened recently at JFK Airport. The fallout was described in a first-person account in New York Magazine by David Wallace-Wells. Following a long plane ride after a delayed departure, Wallace-Wells describes the start of the ensuing chaos as he and his wife waited to get to passport control: On the right of the hallway was that familiar line of people-movers, each of them stalled, when suddenly somebody realized that you could lap the line by walking down it like it was a highway shoulder in a traffic jam. Risa turned, smiled, and dashed off to take advantage. I made a show of protesting, hanging back for a second, and then followed her, but probably 50 people had swum into that lane between us in the meantime, and I couldn’t even catch sight of her to roll my eyes. Then the screaming began. I can’t remember what happened first — the flashing light of a fire alarm, the yelled warnings of a bomb and a shooter, the people turning around in a mob panic. I thought I saw smoke. I know I saw bags dropped, people falling to the floor and others stomping past them, through them, on them. Everybody was screaming. And I couldn’t find Risa. See her, really. Because there was no moving in the other direction. There was not even time or space to process what was happening, really. People were shouting about terrorism right next to me, as they ran next to me, but I wasn’t thinking about a shooter; I was just thinking, GO! He goes on to describe being in the middle of one of several literal stampedes that had broken out throughout the airport, with travelers scattering in many directions and trampling one another. Members of the public were escorted out onto the tarmac, then back inside, then back out onto the tarmac again. Airport security alternatively either bolted for the exits when the scare began, or else were ineptly ushering the public in one direction or another. NYPD officers were inside the airport terminals, clearing them, but nobody seemed to be informing or instructing the public as to what to do. It was, in simple terms, chaos. A woman in a hijab called to her family, and everyone around her panicked. Even the set-pieces of the security theater contributed to the bedlam. When people started running, a man I met later on the tarmac said, they plowed through the metal poles strung throughout the terminal to organize lines, and the metal clacking on the tile floors sounded like gunfire. Because the clacking was caused by the crowd, wherever you were and however far you’d run already, it was always right around you. There was a second stampede, I heard some time later, in Terminal 4. I was caught up in two separate ones, genuine stampedes, both in Terminal 1. The first was in the long, narrow, low-ceilinged second-floor hallway approaching customs that was so stuffed with restless passengers that it felt like a cattle call, even before the fire alarm and the screaming and all the contradictory squeals that sent people running and yelling and barreling over each other — as well as the dropped luggage, passports, and crouched panicked women who just wanted to take shelter between their knees and hope for it, or “them,” to pass. I can only imagine the terror one must feel being caught within a panic inside an airport under these circumstances. As the author notes, it was clear to anyone in the airport that day just how silly the idea is that authorities could respond to a threat at an airport in a methodical and organized way. Part of the lesson of this story is just how useless the security theater we've allowed to be propped up before us actually is. Useless as a system for when a terror event actually occurs, but more useless at keeping travelers calm and feeling safe. Because the cause of this chaos would be laughable if it weren't so terrifyingly frustrating. When the first stampede began, my plane had just landed. It started, apparently, with a group of passengers awaiting departure in John F. Kennedy Airport Terminal 8 cheering Usain Bolt’s superhuman 100-meter dash. The applause sounded like gunfire, somehow, or to someone; really, it only takes one. According to some reports, one woman screamed that she saw a gun. That's all it took. A spooked public whose fear is unassuaged by the pretend security the government has set up at the airport, mixed with applause for an Olympic athlete, gets you bedlam. This is everyone's fault, from a public that can't bother to keep the threat of terrorism in perspective, to politicians that decided on a feel-good show at airports that couldn't even achieve that goal, to federal agencies keeping everyone so on edge that simple applause rang as gunfire in the minds of some. It's hard to think of a more powerful example of how terrorism works than that. Permalink | Comments | Email This Story

Read More...
posted 6 days ago on techdirt
Three police unions in different cities have come forward to insert their feet in their mouths following changes to department policies. The thrust of their terrible arguments? Cops should be paid more for doing their job properly. In Cincinnati, officers are being outfitted with body cameras. This, of course, has sent the local Fraternal Order of Police into defense mode. The FOP sent a letter to the city stating that officers won't be wearing the cameras until they're given more money. The union apparently believes any increase in officer accountability should be accompanied by an increase in pay. A lawyer for Fraternal Order of Police Lodge #69, Stephen Lazarus, sent the city a "cease and desist" letter, saying until pay for wearing the equipment has been decided, officers shouldn't wear them. He asked that the city cease the program by Wednesday at the latest, pending the bargaining process. The city's mayor has already suggested he'd be willing to grant an across-the-board 5% pay increase, but the union wants additional pay on top of that, simply for wearing body cameras. The union insists that cameras will alter many facets of officers' day-to-day duties, which -- judging from other cities' experiences with body cameras -- apparently includes discovering ways of ensuring footage of questionable arrests and uses of force aren't captured by the recording equipment. Meanwhile, down in San Antonio, policies affecting misconduct punishments are receiving similar demands from that city's police union. The San Antonio Express-News reports that the San Antonio police union demanded higher pay in exchange for accepting changes to their collective bargaining agreement that would have delivered stricter discipline for officer misconduct. The Express-News notes that right now “the contract limits how far back a chief can invoke prior misconduct in punishing an officer — no more than two years in most instances — and automatically reduces suspensions of three days or less to a reprimand after two years.” Once again, a union is fighting officer accountability with increased salary demands. In both cases, neither union seems to understand (or care) how tone deaf these arguments are. Police reform is needed because officers aren't doing what they're being paid to do, or they're doing it in a way that results in civil rights lawsuits and DOJ interventions. The main obstacle to reform appears to be police unions, which often seem to offer hardline opposition to minor changes that even most of those supposedly represented by the union don't agree with. It would be one thing if law enforcement was a historically-underpaid profession. But it isn't. These demands are simply a way to make cash-strapped cities rethink plans to introduce more accountability into the process. But it's not always the unions that are at fault. The rank-and-file has its own issues with increased accountability. The city of Boston is outfitting its officers with body cameras. The pilot program asked for volunteers to wear the recording devices. There were no takers. When the City of Boston called on 100 volunteers from the police department to help pilot a body camera program, something very expected, predictable, and heard of happened: Nothing. Even with $500 bonuses as a result of negotiations with their union, not a single police officer in Boston volunteered to wear a camera. If no one responds when asked nicely, the optional aspect goes away. Speaking during the monthly “Ask the Commissioner” segment on WGBH-FM’s Boston Public Radio on Tuesday, Boston Police Commissioner William B. Evans said that a consultant has selected officers of all ages and races from five sections of the city and the department’s Youth Violence Strike Force to wear the cameras for a six-month trial. Any officer selected who chooses not to wear the camera would be subject to disciplinary action, Evans said. It's not as though the police union here decided to sit this one out. When no officers volunteered to wear the cameras, the union claims that randomly selecting officers somehow breaches the department's contract. Boston Police Patrolman’s Association President Patrick M. Rose told the Herald that goes against the deal the union reached with the department, which he says specifically states participants must be volunteers. “The selection process must be from volunteers,” Rose wrote in an email to the Herald, adding that the union still supports that agreement. “To require non-volunteers to participate in the program would clearly violate the agreement,” he said. “The BPPA would hope that the City and the Department would honor its written agreement with the BPPA concerning (body cameras).” The Boston Police chief saw it differently, however, pointing out that no volunteers stepping forward to take part in a voluntary program also violates the agreement. Somewhat ironically, civil rights and accountability activists were skeptical of the volunteer pilot program, fearing that the only cops that would volunteer would be exemplary models of the law enforcement profession and unlikely to generate much footage of misconduct or abuse. What a relief it must be to discover the Boston PD has no officers that fit that description. Permalink | Comments | Email This Story

Read More...
posted 6 days ago on techdirt
Even as the candidate that President Obama is supporting, Hillary Clinton, has been increasingly insisting that she really (no, really) is against the TPP (despite being for it prior to this campaign) -- and even as Donald Trump has been vehemently against it, despite trade agreements usually getting strong support from the GOP -- President Obama is making a big push to get the TPP ratified by Congress. It needs a majority vote in both houses of Congress to be ratified in the US. Last week, we noted the weird situation where everyone's position on the agreement appeared to be wishy-washy, though mostly for all the wrong reasons. But that's not stopping Obama from having his cabinet make a big push to get it approved by Congress: Among those who will hit the road will be Secretary of State John F. Kerry; Secretary of Defense Ashton B. Carter; retired Admiral Michael G. Mullen, former chairman of the Joint Chiefs of Staff under Presidents George W. Bush and Obama; Admiral Harry B. Harris Jr., commander of the United States Pacific Command; and William Cohen, a former Republican senator and defense secretary under President Bill Clinton. Of course, everyone knows that it won't be voted on until after the election. Although the administration’s push will begin in September, no vote on the accord will occur before the election. Just as the White House and congressional Republican leaders mostly agree on the economic benefits of trade, they have parallel political interests in delaying debate. Republicans do not want to provoke attacks from their presidential nominee, Donald J. Trump, who called the trade accord “a rape of our country,” or hurt other Republican candidates. Mr. Obama does not want to make trouble for the Democratic nominee, Hillary Clinton, who has struggled to persuade voters of her sincerity in switching from support of the pact to opposition. This month, during an economic address in Michigan, she declared, “I oppose it now, I’ll oppose it after the election and I’ll oppose it as president.” But, of course, that seems like it could also make a so-called "lame duck" vote pretty damn awkward as well. Yes, after the charade of the election is over, perhaps politicians will revert to their previous positions supporting the deal, but even at their most cynical, it seems a bit crass to do so right after the election. It would just underscore how absolutely full of shit they were during the campaign season. Maybe that doesn't have political consequences... but it should.Permalink | Comments | Email This Story

Read More...