posted 3 days ago on techdirt
Human Rights Watch has just published a report containing the facts needed to back up everyone's suspicions that the FBI counterterrorism efforts are almost solely composed of breaking up "plots" of its own design. And the bigger and more high-profile the "bust" was, the better the chance that FBI agents laid the foundation, constructed the walls… basically did everything but allow the devised plot to reach its designed conclusion. (via Reason) All of the high-profile domestic terrorism plots of the last decade, with four exceptions, were actually FBI sting operations—plots conducted with the direct involvement of law enforcement informants or agents, including plots that were proposed or led by informants. According to multiple studies, nearly 50 percent of the more than 500 federal counterterrorism convictions resulted from informant-based cases; almost 30 percent of those cases were sting operations in which the informant played an active role in the underlying plot. Of those four exceptions, two (Boston Bombing/LAX shooting) were successfully pulled off. Feeling safer with the g-men's increased focus on preventing terrorist attacks? Within the report is even more damning information that shows the FBI preyed on weak individuals in order to rack up "wins" in the War on Terror. Although an FBI agent even told Ferdaus’ father his son “obviously” had mental health problems, the FBI targeted him for a sting operation, sending an informant into Ferdaus’ mosque. Together, the FBI informant and Ferdaus devised a plan to attack the Pentagon and US Capitol, with the FBI providing fake weaponry and funding Ferdaus’ travel. Yet Ferdaus was mentally and physically deteriorating as the fake plot unfolded, suffering weight loss so severe his cheek bones protruded, loss of bladder control that left him wearing diapers, and depression and seizures so bad his father quit his job to care for Ferdaus. He was eventually sentenced on material support for terrorism and explosives charges to 17 years in prison with an additional 10 years of supervised release. Those that weren't weak enough were broken. Abu Ali, a US citizen, was swept up in a mass arrest campaign in Saudi Arabia in 2003. Ali alleged being whipped, denied food, and threatened with amputation, and ultimately provided a confession he says was false to Saudi interrogators. Ali was given a life sentence and is currently serving it at a Supermax prison. Uzair Paracha was held in solitary confinement for nearly two years before he was convicted on charges of material support. Nine months after his arrest and while he was refusing to take a plea deal, the federal government moved Paracha to a harsh regime of solitary confinement pursuant to Special Administrative Measures (SAMs)—special restrictions on his contact with others imposed on the grounds of protecting national security or preventing disclosure of classified material—ostensibly due to ties with Al-Qaeda. For a time, Paracha was only permitted to speak to prison guards. As much as the DHS and FBI have stated concerns about "radicalization" and domestic terrorism, those captured in FBI sting operations were strongly pushed in that direction by informants and undercover agents. The FBI created threats where none existed. In many of the sting operations we examined, informants and undercover agents carefully laid out an ideological basis for a proposed terrorist attack, and then provided investigative targets with a range of options and the weapons necessary to carry out the attack. Instead of beginning a sting at the point where the target had expressed an interest in engaging in illegal conduct, many terrorism sting operations that we investigated facilitated or invented the target’s willingness to act before presenting the tangible opportunity to do so. In this way, the FBI may have created terrorists out of law-abiding individuals. This sort of activity should have been treated as "own goals" by the agency and some of the more credulous press. Instead, these busts are touted as evidence of the agency's superior skill and effort, something more closely related to extolling the prowess of someone who has just scored on an empty net. The FBI took a man whose main hobbies were "watching cartoons" and "playing Pokemon," a man who a forensic psychologist described (during the trial) as "highly susceptible to the suggestions of others" and fashioned him into a supposed terrorist. The planned subway bombing never happened, thanks to the FBI's keenly-honed ability to capture terrorists it created. Arrested with the would-be subway bomber was his "co-conspirator," a high school dropout with drug problems and clinically-diagnosed paranoid schizophrenia. There's much, much more in the report. Human Rights Watch's investigative work was made extremely difficult by the FBI's disingenuous counterterrorism efforts over the last decade, which made many in the Muslim communities affected deeply suspicious of people who asked too many questions. There's nothing to celebrate about victories like these. The emphasis on creating plots just to shut them down diverts resources from actual threats -- ones arising without huge amounts of FBI prompting. All this does is ensure the agency's anti-terror funding remains intact -- money that will be largely wasted on the FBI's sting operation Ouroboros. And while the FBI plays with its terrorist dress-up dolls, the real threats will go undetected.Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
It's one thing to take a stand against questionable copyright trolling, but it's another thing to be a really bad defendant. We had this with both of the RIAA's lawsuits against Jammie Thomas and Joel Tenenbaum. In both cases, they were bad defendants who clearly broke the law and then tried to play cute in defending themselves. In both cases we pointed out that they should have settled, and that fighting on when they had no case was a really bad idea. Yes, there are all sorts of ridiculous things about many of these cases, and there are all sorts of legal questions raised about them. But if you're caught dead to rights infringing on the works of others, pretending that some magical fantasy world is going to open up in the back of the closet is just silly. Even worse: bad defendants create really bad case law that allows copyright trolls to use those cases to shake down lots of other people, many of which probably have much stronger cases. Unfortunately, it looks like we have another example of this. Uber copyright troll/porn producer Malibu Media has won an easy lawsuit against a defendant who tried to blame everything on the fact that he used Kickass Torrents to download Malibu Media movies. 57 of them. That kind of blaming the middleman is never going to work. In fact, others have tried it in the past, and it doesn't work. As the judge in the case noted: Defendant has some quarrels with the details of how BitTorrent works, but nothing that the Court sees as a fundamental or material issue of fact. Even as Defendant describes the facts, using BitTorrent technology, he ultimately winds up with 57 unauthorized copies of Plaintiff’s works�”copies that did not exist until Defendant himself engaged the technology to create new and unauthorized copies with a swarm of other users. True enough, the process is not identical to the peer-to-peer file sharing program in Grokster. It is, however, functionally indistinguishable from the perspective of both the copyright holder and the ultimate consumer of the infringed work. In both situations, the end user participates in creating a new and unauthorized digital copy of a protected work. It makes no difference from a copyright perspective whether the infringing copy is created in a single wholesale file transfer using a peer-to-peer protocol or in a swarm of fragmented transfers that are eventually reassembled into the new infringing copy. Of course, one could make a reasonable argument that the fragmented transfers raise issues concerning the distribution right of copyright, but not the reproduction right. On the reproduction right, the defendant, Don Bui, is clearly cooked. And he and his lawyer should have recognized that much earlier. Instead, they get this ruling that, because of the bad defendant, makes a bunch of broad statements that go beyond just Bui's immediate case and may create problems elsewhere. For example, the judge, Robert Jonker, cites the Aereo ruling to support this -- even though that's a dangerous way to read the Aereo ruling. Jonker seems to accept the "don't look in the black box, just look at the end results" aspect of Aereo. But, under such a system, lots of things that aren't infringement might now be judged infringing. It's basically a shortcut to avoid careful analysis, and that's what happens when you have bad defendants who clearly infringed. Bui's lawyer also tried the "poor immigrant who doesn't understand English very well" argument and saw that shot down as well. Deservedly so. There are plenty of reasons to challenge questionable lawsuits. And plenty of reasons for some folks to legally attack the underpinnings of copyright trolling -- including things like honeypots and abusing the judicial system to shake down people -- but taking a bad defendant all the way through the legal process is a bad idea. And the end result is going to be that Malibu Media not only claims vindication for its activities, but waves them around to every reporter, judge and (most importantly) future targets of its shakedown game.Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
Just about two years ago, we wrote about the DOJ seizing three websites that were allegedly set up to let people download cracked versions of fee-based Android apps. As in the past, we were somewhat troubled by the government's willingness to seize websites without any form of adversarial hearing. As far as we can tell, such actions clearly violate the First Amendment as per the ruling in Fort Wayne Books v. Indiana. Either way, two years later, the government has finally gotten around to indicting some of the folks behind the three sites: Appbucket, Applanet and SnappzMarket. It's entirely possible that those indicted did break the law, though the fact that in all three cases the feds first got some of the other participants to take a plea deal in which they supply evidence against the others and that most of them were only charged with one or two counts on things like "conspiracy to commit criminal copyright infringement" suggests a fairly weak case. This is a DOJ that we're used to seeing pile on dozens of charges. But, what caught my attention is the ridiculous rhetoric from the DOJ in announcing these indictments. The most bizarre and stupid line has to go to US Attorney Sally Quillian Yates of the Northern District of Georgia: “Copyright infringement discourages smart people from doing innovative things,” said U.S. Attorney Yates. “This problem is especially acute when it comes to rapidly developing technologies, like apps for smart phones, and these defendants are now being held accountable for the intellectual property they stole.” Note that this isn't just a random quote in an interview. This is the quote that Yates put in the press announcement, meaning that multiple people vetted this and thought it was appropriate. First off, I'm curious: which "smart people" have been "discouraged" from "doing innovative things" because of copyright infringement? Does Yates honestly believe that some brilliant app developer out there had an idea for an app and said... "nah, if I make that, people will just infringe, so screw it." There may be a reasonable argument that some developers may not make as much money as they otherwise might have -- and that leads to fewer resources to focus on development. But the idea that it scares people off from actually doing work is... simply not true. And even if the statement were true, is that really the yardstick we want to measure things by? Because I can also show plenty of cases where copyright infringement has actually encouraged smart people to do innovative things. The creation of important peer to peer technology was built on the back of the desire of some to infringe. The amount of creative and innovative work based on infringement is pretty damn high. If we're going to get into a pissing contest over whether infringement inspires or discourages innovation, US Attorney Yates is going to lose badly. Very badly. Also, what "intellectual property" did they "steal?" This is a US attorney, and as far as I can tell, none of the indictments involve anything relating to any statutes on theft. Furthermore, nothing seems to involve them taking the copyrights away from original owners. At most, it appears that these individuals set up sites for the sharing of infringing copies of apps. If you're talking about "theft" of "intellectual property" you kinda have to be talking about someone taking someone else's copyright (or patent or trademark), otherwise you're saying things that are simply inaccurate. Next up, we have "Special Agent in Charge J. Britt Johnson of the FBI’s Atlanta Field Office." “Today’s federal indictments are the direct result of an extensive and thorough federal investigation into three groups of individuals aggressively engaged in and profiting from the theft of intellectual property,” said Special Agent in Charge Johnson. “While copyright infringement is the direct theft of the hard work of others in the form of research and development expended, it can also negatively impact incentives for further or future development of those ideas or applications. The FBI will continue to provide significant investigative resources toward such groups engaged in such wholesale pirating or copyright violations as seen here.” Copyright infringement is "the direct theft of the hard work of others." How do you "steal" the hard work of others? And where in the indictment is anything having to do with actual theft, rather than copyright infringement? It's troubling that the DOJ seems to have taken the copyright industry's bogus language of "theft" and "stealing" and falsely applied it to issues related to infringement. Even if these individuals broke the law, you'd hope that the DOJ would at least accurately portray the indictment and charges against the individuals, rather than making plainly ridiculous claims. The problem, though, is that this is what happens after a generation of entertainment industry execs spew misleading garbage about how infringement is "theft." A bunch of DOJ folks who don't understand intellectual property just act as if this is the same thing, even though it isn't even close.Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
To call the UK's institution of ISP-level web filters "stupid" isn't just being blithely dismissive. For one, they don't work. They block the wrong stuff. They let offensive stuff in. They're easily circumvented. They're advance scouts for government censorship. The only people who think web filtering is a good thing are those with the power to turn pet projects into national laws. Add one more to the list: they're hugely unpopular. Broadband customers are overwhelmingly choosing not to use parental-control systems foisted on ISPs by the government - with take-up in the single digits for three of the four major broadband providers… Only 5% of new BT customers signed up, 8% opted in for Sky and 4% for Virgin Media. TalkTalk rolled out a parental-control system two years before the government required it and has had much better take-up of its offering, with 36% of customers signing up for it. Those pushing for filters would have you believe it's something the public has been clamoring for to help them protect their children from the many evils of the internet. In reality, hardly anyone appears to care all that deeply about hooking up to a pre-censored connection. There's more than simply unpopularity going on here. The numbers skew low for several reasons. At this point, the rollout isn't 100% complete and isn't being offered to every new customer (something that becomes a requirement in 2015). Virgin Media (somewhat ironically) has been hooking customers up with the filthiest internet. Techs for that company have only been presenting the "unavoidable choice" to a little over a third of its new signups. Other ISPs techs have been more thorough, presenting new customers with the option nearly every time. Many service providers say it's also possible the filtering has been activated post-installation (Ofcom's report only tracks filtering enabled at the time of install) or that customers are already using device-based filters. Despite all of these factors, I wouldn't expect adoption numbers to rise much. People generally don't like the government telling them what they can and can't access. Illegal content is already blocked at ISP level (as well as by several search engines), so what's being added is nothing more than a governmental parent to watch over citizens' shoulders as they surf the web. Those with children would probably prefer to run an open pipe and filter content at the device level. Not everyone in a household needs to be treated like a child, which is exactly what these filters (and their proponents) do. Beyond that, activating a web filter goes against human nature, especially the exertion of free will and the general avoidance of embarrassment. Most people view themselves as "good" and uninterested in the long list of internet vices (porn being the most popular). But even if they truly believe they'd never view this content, they'd rather have it arrive unfiltered than be forced to approach their ISP weeks (or minutes…) later like a bit-starved Oliver Twist and ask, "Please, sir. May I have some porn?" Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
Facial recognition software is the law enforcement frontier. Rather than having to build a lineup, law enforcement can just run suspected criminals' faces against the collected photos of criminals and non-criminals alike in hopes of a positive identification. At this point, it's still very touch-and-go. Technology hasn't kept pace with law enforcement's dreams of an accurate and speedy way of ID'ing suspects. As of 2008, the FBI was granting the contractor behind its system a 1-in-5 margin of error. Yes, a 20% chance of nabbing the wrong person was considered acceptable in a live system. The technology continues to improve, but it still requires clear photos taken nearly head-on for best results. Despite these limitations, law enforcement agencies continue to take these systems live, almost always without putting together some sort of privacy/data disposal policy. But we're all supposed to be fine with this because these agencies are using this tech to track down dangerous criminals and/or terrorists, right? British cops used a new facial recognition system to snare a shoplifting suspect whom they say was automatically identified due to his resemblance to criminal relatives, The Register has learned. And, apparently, shoplifters. Not only are British cops bragging up an expensive system's ability to nab an extremely low-level criminal, it's also playing up the fact that the system failed to pick the suspect out of the "lineup." Instead, it just seized on the fact that the suspect resembled other criminals in its database. Not exactly comforting… at least not for citizens who may resemble suspected criminals and vice versa. UK law enforcement, on the other hand, seems rather encouraged by the software's inability to correctly pick out a shoplifting suspect from a digital lineup. The Metropolitan Police Force is due to visit Leicestershire this week to scope out NeoFace, it is understood, while the Essex and Kent forces have already been to check out the system. French and Romanian officers have also been in contact to express an interest. The saving grace of this imperfect system is that it can't directly be used as evidence.* It can only guide a "line of inquiry." The downside is that photos are retained for five years and the Leicestershire police seem very happy that the software is so good at detecting familial members, rather than the people they're looking for. *I'm sure the UK police are equally familiar with the concept of parallel construction. On one hand, this isn't entirely unlike the old photo books police use to identify suspects. On the other hand, NeoFace doesn't just store photos of criminals. This is especially problematic in the UK, where CCTV wiring is the new kudzu. The Leicestershire Police has 90,000 photos in its database and that number should only be expected to expand rapidly, especially if coupled with NeoFace's other offerings. NeoFace Watch watches surveillance footage, constantly picking faces out of a crowd — and then storing those faces in a database, or matching them against a predefined watch list. NeoFace Smart ID is a smartphone and tablet app that allows for the real-time collection and identification of fingerprints, faces, voices, and other identifiable data at crime scenes. We're told these developments' privacy implications are mitigated by the dangerous criminals they'll be used to apprehend. And then it's all undercut by law enforcement members excitedly talking about nabbing a shoplifter who sort of resembled two other people. Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
This seems to be progressing more quickly than I would have predicted. We were just talking about a milestone of sorts being reached in eSports, or professional video game tournaments. Last month that milestone was an American university actually offering athletic scholarship money for eGamers. If you look to other sports to measure the legitimacy of eSports and its acceptance as a competitive platform by the general public, it was kind of a big deal. Probably not nearly as big a deal as having a major eSports tournament featured on ESPN, though. Yeah, the biggest name in cable sports featured an entire segment, with guest Gabe Newell, covering The International, a Dota 2 tournament with a $10 million-dollar prize-pool. I can already hear some of you groaning over ESPN choosing to cover eSports, decrying it as not really sports and all that, but I'll just rebut that by reminding you that the network runs poker coverage all the time, so there. Interestingly enough, as Kotaku highlighted, it wasn't poker that angry Twitter users appeared to be mirroring with their complaints over the coverage. It was soccer/futbol. And if that isn't a complete win for eSports, I don't know what is. Note that the response wasn't hugely against the coverage, but the fact that the tenor of anger back at ESPN that did exist sounded very similar to the coverage of a legitimate sport, even if it isn't the most popular sport in America, is probably a better response than most of us supporters could have hoped for. Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
Lots of people say they'd like to live longer. So longevity has been studied extensively, and a vast number of correlations have been found. The list literally goes on and on and on. This doesn't mean anyone has discovered the cure for death, and these correlations often have no causation logic behind them whatsoever. Drink a glass of wine every day, eat no meat, restrict your calories drastically, and read some of these other correlations. Women who have kids later in life (33+yo) have a higher likelihood of living longer. The researchers note there is no causality here, but that women who are capable of having children in their 30s (and beyond) just seem to live longer as well. [url] Being short is not generally a desirable trait, but how about when height inversely correlates with longevity? Several studies show that short people live longer than tall people, and there are some reasons for this correlation -- but don't amputate your feet just yet.... [url] Serious coffee drinkers who ingest 4-5 cups of joe per day seem to live longer than people who drink just a cup or less. However, drinking more than 5 cups of coffee has diminishing returns, and the notable catch to this correlation is that non-coffee drinkers actually live longer than coffee lovers. [url] If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
Advocates of digital privacy scored a major victory when the Supreme Court recently ruled that police need a warrant to search cellphones. In Riley v. California and United States v. Wurie, two cases that pivot on the legality of searching personal computing devices, what is becoming a tech-centric high court recognized not only the pervasive role technology is playing in modern society, but also the growing personal data that exists as we digitize larger swaths of our everyday lives. With this decision, the court confirmed what most of us have known for some time: modern cellphones are more than just a technological convenience or device for making phone calls, they're sophisticated "minicomputers" that hold for many of us "the privacies of life." The risks of harm to arresting officers or destruction of evidence do not exist when digital data is concerned. Rather, the justices said, searching the "vast quantities of personal information" on a smartphone is an invasion of privacy that far exceeds the Fourth Amendment protections against unreasonable searches of a person's physical property upon an arrest. Writing for the court, Chief Justice John Roberts noted, "a cell phone search would typically expose to the government far more than the most exhaustive search of a house: A phone not only contains in digital form many sensitive records previously found in the home; it also contains a broad array of private information never found in a home in any form." Fittingly, the opinion comes in a year when, according to Consumer Electronics Association (CEA) research, smartphone sales will eclipse 1 billion units for the first time ever. Today, nearly two-thirds of U.S. households own at least one smartphone, and that figure is projected to climb to 71 percent by 2017 as new manufacturers like Amazon and Blackphone enter the market. For many of us, our smartphones have become extensions of ourselves. They hold our favorite songs, house our favorite pictures and are home to the names and addresses of just about everyone we love -- even your background picture has a personal story to tell about you. Roberts was even more direct, noting cellphones are "such a pervasive and insistent part of daily life that the proverbial visitor from Mars might conclude they were an important feature of human anatomy." The court's opinion reveals an unwillingness, in this realm at least, to simply extend pre-digital precedents to new technologies -- especially when those extensions encroach on the fundamentals of our founders' views on liberty. The ruling follows the unanimous 2012 opinion in United States v. Jones that law enforcement's use of GPS-enabled devices to track suspects' vehicles is considered a search. In that case, the concurring opinion by Justice Sonia Sotomayor held that police needed a warrant in order to attach a GPS device to monitor movements by a suspect's car. The Court recognizes that the many capabilities of today's technological innovations continue to unfold. More, the technologically-infused life is still in its infancy. Smartphones that double as GPS devices are just the beginning. Soon, wearable technologies like activity trackers and health monitors could provide the government with our most personal data. Traditionally, the court has held that people have no reasonable expectation of privacy regarding information they show to third parties, so no warrant is required to obtain that information. But today's technology is eroding pragmatic limits on law enforcement's ability to track and trace us. Legal scholars believe that case planted a seed that could transform Fourth Amendment rights in light of modern technology. In his opinion concurring with the court's decision on cellphone searches, Justice Samuel Alito noted the court is not in a position to evaluate the implications on privacy posed by searching cellphones, considering the amount of information about the lives of Americans that can be gleaned by the government and private entities, and the fact that many Americans are choosing to make so much information available to the public. He suggests that lawmakers are "in a better position… to assess and respond to the changes that have already occurred and those that almost certainly will take place in the future" with legislation to govern the scope and limits of privacy rules involving modern technology. Regulators must take note of the vast ways in which technology will touch our lives in the future. As technology enables the digitization of more elements of our lives, private information is becoming one of the key components in the market for developing devices that increase connectivity. The court's opinion is perhaps the strongest legal defense of privacy in a world dominated by technology. And it comes at just the right time, because it's not just our phones that are getting smart. Soon, just about everything we touch will capture data about us. Our cars. Our watches. Our clothing. The fundamental privacies at stake in this ruling transcend far beyond phones. The Supreme Court needed to write its decision with the bigger picture in mind, and it did. Ultimately, this ruling can arguably apply to the millions -- and eventually billions -- of physical objects that are being connected at an increasing clip to the Internet of Things. And whether the justices realized it or not, this court has now provided important privacy protections that will foster the continued, rapid technological growth our innovation economy demands. Shawn DuBravac is the chief economist of the Consumer Electronics Association (CEA), the U.S. trade association representing more than 2,000 consumer electronics companies. Follow Shawn on Twitter @Twoopinions.Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
Last week, we wrote about some vague plans announced by Australia's Attorney General George Brandis to require data retention rules for ISPs. "Data retention" is a euphemism for mass surveillance. It requires ISPs to hold onto a ton of data and allow the government to snoop through it. Australian ISP iiNet -- a company whose willingness to stand up for its customers against Hollywood extremism we've discussed before -- has come out with a blog post in which it promises to fight back against any such data retention rules. Unlike the typically buzzword heavy responses you normally see from overly compliant ISPs regarding government surveillance, iiNet continues its reputation of being a straightshooter and explaining what's really going on and how the company is working to protect its users. Law enforcement agencies (like ASIO and Federal and State Police) are proposing private companies, like iiNet, should keep ongoing and very detailed records of customers’ telephone and online activity. We’re not talking targeted surveillance of individuals suspected of a crime, we’re talking about the wholesale collection and storage of data on your online, digital and telephone activity. These records are euphemistically labelled ‘metadata’ �“ and could include the unfiltered records of your browsing, updates, movements and phone calls, which can be readily matched to the identities in your customer account. We don’t think this ‘police state’ approach is a good idea, so we’re fighting moves by the Australian Government to introduce legislation that would force us to collect and store your personal information. iiNet goes even further in explaining and demonstrating graphically just how much "metadata" reveals about you. For example they show a single tweet -- and then all the "metadata" associated with that tweet to show just how much more information is often revealed in the metadata: From there, iiNet directly takes on the foolish folks who insist they have "nothing to hide." The data collected can be incredibly sensitive �“ it can reveal who your friends are, where you go and what websites you visit. Indeed, it may even tell more than the content of a phone call or an email. Recent research from Stanford University showed that when analysed this data may create a revealing profile of a person’s life including medical conditions, political and religious views, friends and associations. Police say “If you have nothing to hide, then you shouldn’t be worried”. Personally I think that if you follow that dubious logic, we’d all be walking around naked. It’s not about being worried, or wanting to ‘hide’ anything. It’s about the right to decide what you keep private and what you allow to be shared. YOU should be the one to make that call, and that decision should stick until a warrant or something similar is issued to law enforcement agencies to seize your information. Not convinced? Then we suggest you check out the startling website based on information collected on German politician Malte Spitz by Deutsche Telekom over just six months. Zeit Online combined this geo-location data with information relating to his life as a politician, such as Twitter feeds, blog entries and websites, all of which is all freely available on the Internet. It’s really worth a look and illustrates just how informative and personally invasive metadata can be �“ it is truly scary stuff. Experts in the US have some equally frightening things to say about metadata. According to NSA General Counsel Stewart Baker, “…metadata absolutely tells you everything about somebody’s life.” General Michael Hayden, former director of the NSA and the CIA, called Baker’s comment “absolutely correct,” and frighteningly asserted, “We kill people based on metadata.” Brandis, in the past, has seemed totally impervious to people who have a different opinion than he does (even if they have the evidence on their side), so it's unclear how much good this will do. Still, it's good to see an ISP that is loudly and clearly standing up against data retention, and not hiding behind misleading language, but clearly stating what's happening and why it's bad.Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
I first became aware of The Pirate Bay in 2006 when the site was raided by Swedish law enforcement and taken offline for a few days. Of course, the site came back online soon after, and all of the attention from taking it down resulted in a massive increase in awareness and traffic. Over the years, we've noticed a rather obvious pattern here. Every single time we hear about an attack on The Pirate Bay, it seems to get more traffic. In fact, TorrentFreak is reporting that despite all of the various countries that have officially ordered ISPs to block access to the site, traffic to The Pirate Bay has doubled since 2011. In fact, the traffic growth appears to be fairly steady: The really incredible thing is that, eight years after the initial raid, despite multiple lawsuits (even people in jail) and a variety of ISP blockades, it appears that the entertainment industry still hasn't learned a damn thing about understanding why people like The Pirate Bay and why its efforts to take it down keep failing. The industry's infatuation turned what had been a little-known Swedish torrent tracking site into a global phenomenon that makes them look worse and worse every time they fail to recognize what's happening.Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
So, last week, that customer service call between Ryan Block and a Comcast "retention specialist" who refused to take "cancel the damn service" for an answer went viral. Comcast has since apologized, said it was investigating, and insisted that the call was "not consistent with how we train our customer service representatives." I doubt many people actually believe that -- but it may be even more serious than most people realize. That's because, throughout the call, the nameless representative keeps insisting that Comcast's broadband is the fastest. And that's not true. Which raises some potentially serious questions about Comcast directly misleading customers. “You’re not interested in the fastest Internet in the country?” the rep asked goadingly. “Why not?” Were it true, it would be a convincing bit of rhetoric. The problem is, Comcast is not the fastest Internet service provider in the United States -- at least, not according to the most recent survey from Speedtest.net and PC Magazine. Published in September 2013, the survey ranks Comcast the third fastest broadband provider, behind Midcontinent Communications at No. 2 and Verizon FiOS at No. 1. “Verizon FiOS continues to set the pace for Internet speed in the United States,” the magazine wrote. IBTimes asked a Comcast PR person, who insisted that the company does not claim to be the fastest internet in the country, nor does it train its reps to make that claim. But it's undeniable that the guy said exactly that many, many times during the call, and it sure sounded like it was coming from a script that he'd read pretty damn often. The report also notes that the guy repeatedly called Comcast the "number 1 rated" provider, but that's equally questionable. IBTimes did call up pretending to be a potential customer and couldn't get any other reps to repeat the "fastest internet in the country" line -- suggesting that it might not be on a script -- but it is worth noting that they were talking to a different type of rep. Block was being handled by special "customer retention" specialists -- so it might be more interesting to see if those guys have that line in their script. Though, at this point, I'd imagine Comcast has pretty carefully scrubbed those scripts.Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
Join the AMA, happening now! » Starting right about... now, I'm doing an AMA over at Reddit. It's mainly supposed to be focused on issues related to net neutrality (and our crowdfunding campaign -- which we've explained in detail here), but it's an Ask Me Anything, so the topic certainly isn't limited. Come for the net neutrality discussion, and stick around for a fuller explanation of the pros and cons of duck sized horses. Just don't ask me about the movie Rampart.Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
Here's copyright once again playing the thug role because rights must be enforced and the subsequent harm, etc. and so forth until things are broken and people are angry and in the end, the "victor" is able to walk away from a battle not worth fighting, much less worth winning. (via Nate Hoffelder) Sam Morris, a UK mobile and web designer currently employed with The Guardian, put together a few mobile/computer wallpapers based on the distinctive seat patterns found in the London Underground. Here are two examples of his creations: It's such a lightweight project (possibly not in terms of effort, but in the scheme of things, as they say) that it's surprising it drew the attention of Transport for London, the agency that ostensibly controls all things related to the London Underground. (This is not its first time playing the role of IP thug.) Morris didn't charge for these wallpapers, nor did he attempt to make it appear as though his work was officially-sanctioned or otherwise a part of Transport for London's purview. And yet, TFL decided this fun little project that united fans of the Tube and pleasurably tacky patterns needed to go. A creative outlet now memorialized by this tweet... End of the Line. Unfortunately due a copyright claim by @TfLOfficial, I've had to close Tubepapers. http://t.co/BbGNlLUhMd — Sam Morris (@SamMorrisDesign) July 19, 2014 … and this message at Morris' site: End of the line Unfortunately due to a copyright claim by Transport for London, the backgrounds are no longer available for download. I'd like to quickly thank everyone who visited the site over the past week for your enthusiasm. One whole week before a government agency throttled it into nonexistence. Apparently, TFL said it sells products of its own featuring these patterns -- actual, physical products -- and that was enough to head off someone who wasn't even competing in the same space. Morris was not even competing, period. He offered free wallpapers for devices and could easily have partnered with with TFL to add his work to its offerings. Or it just could have left it alone and enjoyed the small tribute Sam Morris had created. Now, all it has is a useless assertion of rights that has served to do nothing more than turn a small part of population against it. Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
Right now the issue of housing in San Francisco is a big local topic -- and while I tend to agree that the real issue is the regulations limiting the building of new housing in and around the city, the fight has gotten quite nasty at times. It often seems to focus on two issues (neither of which are the true cause of the problem): local evictions for longtime tenants, and tech workers. You can certainly understand the frustration, even if it's mostly misguided. Still, even given that, this seems like a clear abuse of copyright law by some of the lawyers who have been helping train people to conduct those evictions: using a bogus DMCA takedown to hide a video of a protest of one of their training sessions. Jackson West attended one of the sessions and video taped people protesting it at a seminar given by lawfirm Bornstein & Bornstein. You can see the video below via Vimeo: However, you cannot see it on YouTube, because Daniel Bornstein issued a bogus copyright notice over the video. The full article is worth reading, as it includes West calling up Bornstein to talk about things and Bornstein appearing to offer to trade meeting in person for pulling the takedown notice. No matter where you stand on the issue of evictions in SF, hopefully everyone can agree that issuing a bogus copyright notice to delete a video of people protesting you is not okay. Hell, even if you think Bornstein is doing the right thing in helping evict people, hopefully you'll still agree that abusing copyright in this manner is simply wrong. In West's account (which is, obviously, just his side of the story), Bornstein doesn't seem to understand copyright laws: ...he began asking to meet in person in order to be “presented as human, multi-dimensional.” I pointed out that issuing a takedown notice without contacting me first didn’t really offer me that same benefit of the doubt. I asked if he’d actually watched the video, which he didn’t confirm but instead indicated that he’d objected to the characterization of the incident in the description, complained about other videos of the event (which can’t be found on YouTube, suggesting he may have issued additional claims) and asked to be sent a copy. Just because you object to the "characterization" of the event, it doesn't magically give you the right to abuse copyright law. Bornstein promised that if I agreed to meet he would consider dropping the matter, but when I made it clear that I reserved the right to publish a story before the meeting, he replied he’d then have to contact copyright counsel. While not directly stated, the implication was clear that if I agreed to hold the story until after meeting with him, he’d agree to drop the claim. Later in the story, there's an "update" when West goes to meet with Bornstein. After a dispute about whether things are on or off the record, Bornstein trots out another non-copyright, but still bogus, reason for issuing the copyright takedown, claiming West is not "a legitimate reporter." When I pointed out that a story was already online, along with the video, he rescinded the offer. However, seemingly confused over the difference between copyrights and privacy rights, he seemed intent on arguing that I wasn’t acting as a legitimate reporter for having attended the event and filmed the protest without notifying the firm first. That doesn't really have anything to do with privacy rights either -- and even if it did, it still doesn't give Bornstein (a lawyer, remember) the right to abuse copyright law to takedown the video. Yet again, we see copyright being abused for the purpose of censorsing content someone doesn't like.Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
Last week, the House Judiciary Committee held yet another copyright hearing, this one on Moral Rights, Termination Rights, Resale Royalty, and Copyright Term. We've discussed these issues at different times, and the hearing itself didn't break any major ground on anything, really. The artist resale right issue is nothing but a blatant money grab by successful artists, demanding to get paid any time one of their works gets resold. It shafts younger, up-and-coming artists to the benefit of the few, super-successful artists. However, the tidbit that caught my attention was the copyright term issue. As you know, some are expecting there to be a fight in the near future to extend copyrights yet again. Thanks to repeated copyright extension, brought to you by relentless lobbying from Disney and others, the US hasn't had a previously copyrighted work fall into the public domain in ages. However, there actually has been some inkling that maybe, just maybe, Hollywood had realized this wasn't a fight worth taking on. In fact, we were pleasantly surprised when the head of the Copyright Office, Maria Pallante, presented her (mixed bag) plan for copyright reform, that it actually included a reduction in copyright terms rather than an increase. And yet... two of the panelists last week laid out arguments for why the currently insane levels of copyright terms are perfectly reasonable. Of course, to do so, both had to totally misrepresent reality, often to levels that one might call disingenuous. Of course, the two individuals who made these arguments have appeared in stories on Techdirt before, so it really wasn't a huge surprise. First up, was Rick Carnes the head of the Songwriters Guild of America. Carnes is from the old school world where internet hatred is a thing of pride. He seems to think that the internet destroyed songwriting and that no one could possibly write songs without strong copyrights. Carnes' also got some attention for demanding extra payment for songwriters when Apple increased iTunes previews from 30 seconds to 90 seconds. That's the kind of person we're dealing with here. His filing on copyright terms was so ridiculous that the Association of Research Libraries had to step in and correct all the "myths" he stated. Here's a little secret: when unprompted librarians step in to tell you you're totally wrong, you're not going to look very good. The ARL notes that Carnes is simply wrong in saying that the US's copyright term lengths "represent the international standard." They don't. As the ARL notes: The copyright term in the United States extends well beyond the Berne Convention’s standard and beyond the term of protection in the majority of countries. Many countries’ copyright terms are set by the international agreements to which they are bound. The Berne Convention sets the minimum copyright term as the life of the author plus fifty years. The current term of protection in the United States is set at a period of the life of the author plus an additional seventy years. For corporate works or “works for hire,” the period of protection is set at ninety-five years. These terms far exceed what is required by international law. As ARL further notes it's the US that is actually out of step with "international standards": The vast majority of countries use the Berne standard of life plus fifty years; there are almost twice as many countries with a period of protection shorter than the current term in the United States than there are countries with a period of life plus seventy years or greater Carnes also totally ignores (as mentioned above) that the Copyright Office boss has, herself, called for shorter terms, instead saying that the Copyright Office believes the current term is proper. And finally, Carnes totally misrepresents the Supreme Court's ruling in the Eldred v. Ashcroft case to mean that the Supreme Court is fine with the current length of copyright. But, as anyone who knows anything about the decision realizes, that's not what the case was actually decided on. Instead, SCOTUS merely said that Congress has the authority to determine the appropriate term, and the Court wasn't going to overrule Congress. As the ARL explains to flunking student Carnes: The Supreme Court never addressed the question of whether a period of protection of life plus seventy years was appropriate. The Court only upheld the power of Congress to set the term and extend the term retroactively. The majority opinion in Eldred, while upholding the Copyright Term Extension Act, never addressed the propriety or benefits of the extension itself. Instead, the court addressed “the authority the Constitution assigns to Congress to prescribe the duration of copyrights.” As Justice Stevens’ dissent further points out, the question of “whether the extraordinary length of the grants authorized by the 1998 Act are invalid because they are the functional equivalent of perpetual copyrights is a question that need not be answered in this case because the question presented by the certiorari petition merely challenges Congress’ power to extend retroactively the terms of existing copyrights.” Perhaps even worse than Carnes' filing, however, is that of Tom Sydnor, who currently hangs his hat working for the American Enterprise Institute (AEI). Sydnor is sort of a joke in the copyright world. Once responsible for whatever ridiculously expansion of copyright policy Senator Orin Hatch was pushing out, since leaving his job as a Congressional staffer, Sydnor has bumped around making increasingly ridiculous arguments for stronger and stronger copyright -- while occasionally stooping to taking Larry Lessig quotes totally out of context as part of a smear campaign against him. Some of Sydnor's previous hits include claiming that universities who don't turn students over to the RIAA are helping terrorists and pedophiles, that the RIAA getting a jury to award it $1.92 million from Jammie Thomas for sharing 24 songs was a perfectly reasonable outcome and that France's (totally failed) Hadopi policy of kicking file sharers offline represented "consumer relief." So I'm already pre-conditioned to expect arguments that are reality-challenged from Sydnor, and he does not disappoint. His challenge was to try to take the life plus 70 term of today's copyright, and argue that it's completely consistent with the Founding Father's vision, which had copyright set at 14 years, plus a renewal for another 14 years. And rather than just admit this is ridiculous, Sydnor gives it the old Sydnor try and basically makes up a bunch of stuff. First, he states this, which has no basis in reality: The Framers concluded that copyright term should last during the lifetime of a work’s author, and for a (potentially short) post-mortem-author period in which an author’s copyrights could support his or her spouse and children. They did no such thing. If they wanted copyright terms to last the lifetime, they had every opportunity to make it so. They did not. The founders were well aware that the initial term of copyright quite frequently resulted in works going into the public domain during the authors lifetime -- and they were actually quite okay with that. the Framers’ principle of providing at least life-of-the-author copyright protection repeatedly required term to increase. Over time, authors and others simply began living longer than they tended to in 1790. For example, since 1790, the average human lifespan has increased by about 100% �“ from about 40 years to about 80 years. The Framers’ premise of life-of-the-author copyright term then required increases in copyright term. So, we've already established that the basis of this point is simply incorrect, but even so, Sydnor is now building an incorrect argument on top of an incorrect argument. The increase in life-expectancy is true, but much of that came from better medical care concerning births and baby care. In other words, if you made it through the early years, you were expected to live much older than 40 years old. And I don't think that the founders were setting the length of copyright terms to encourage infants to write books. By ignoring infant mortality and child deaths, Sydnor is blatantly misleading people to pretend that the life expectancy of authors doubled. It did not. In the US, legislative calculations of copyright term have always been driven by estimates of how long human authors are likely to live. Human life spans change gradually, but laws that calculate copyright terms by estimating human life spans do not �“ and that is another reason why changes in copyright term have been applied retroactively, to then-existing works. Again, that's clearly bogus. The increase in the lifespan of authors has been tiny. Some have basically argued that once you account for infant mortality, there's been very little change in life expectancy over the last few centuries. And yet, copyright terms have gone from a maximum of 28 years to what's now likely to be more like 150 years. I don't care how you calculate life expectancy (even if you include infant mortality rates), things have not changed that much. Either way, these kinds of blatantly dishonest arguments are likely to become increasingly common as we approach the next round of fights concerning copyright terms. Don't let them get away with it.Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
A few weeks ago, an anonymous internet user was able to acquire and subsequently extract a website blacklist used by Germany's Federal Department of Media Harmful to Young Children (Bundesprüfstelle für jugendgefährdende Medien [BPjM]). This un-hashed list was posted to the user's Neocities blog, along with some analysis of the blacklist's contents and a rundown on the minimal protective efforts used for the list. The actual blacklist is much more extensive than what's published here. In fact, as is noted in the post, a majority of the list is publicly viewable. The censorship list ("index") is split into various sublists: Sublist A: Works that are harmful to young people Sublist B: Works whose distribution is prohibited under the Strafgesetzbuch (German Criminal Code) (in the opinion of the BPjM) Sublist E: Entries prior to April 1, 2003 Sublist C: All indexed virtual works harmful to young people whose distribution is prohibited under Article 4 of the Jugendmedienschutz-Staatsvertrag Sublist D: All indexed virtual works, which potentially have content whose distribution is prohibited under the Strafgesetzbuch. The sublists A, B and E contain about 3000 movies, 400 games, 900 printed works and 400 audio recordings. That sublists are quarterly published in the magazine "BPjM-aktuell" which can be read in any major library in Germany. Sublists C and D are what's been withheld from the public, even as these URLs are distributed once a month to software and hardware companies. As of the time of the posting, there were more than 3,000 URLs on the blacklist. The leaker spotted some unusual things in the list of banned URLs. To begin with, it appears that there's very little effort being made to keep the blacklist current. On only about 50-60% of the domains on the list the questionable content is still accessible: About 10% of the domains are not registered at all, another 10% are parked domains, and about 20% don't provide any content at all (either no DNS A record, no webserver on port 80 or a redirect to another domain). Beyond that, the government body building the list seems to be suffering from technical ineptitude, resulting in supposedly blocked sites not being blocked at all. The domain "homo.com" offers a wildcard domain which echoes anything that is entered as a subdomain on the website, eg. visiting "Fritz.homo.com" results in a webpage "Haha, Fritz is gay!". On the BPjM list there is a entryirgend.ein.name.homo.com – the German "Irgend ein Name" stands for "any name". Contrary to the belief of the BPjM public servants this doesn't work as a wildcard – just this specific domain will be blocked… several URLs with a wrong trailing slash: Death.html/ welcome.htm/ free/index.html/ freecontent.html/ A URL path with a trailing slash means that the part before the slash is a directory and not a file. The examples above are filenames. The entries on the list with the trailing slash are invalid and return a 404 file not found error. The correct URLs without the trailing slashes won't match the hash and are not blocked. Explanation here... As is inevitable when entities pursue bulk website blocking, non-offending content is part of the collateral damage. [T]he complete sell list of leading online music database Discogs. Probably at one point in time there was a listing of a music album which is forbidden in Germany – this was enough to block access to the "eBay of music" for years... [A]ccording to archive.org the domain facegoo.com is since at least 3 years not an porn website anymore. Now it is the website of an iPhone App for fun picture manipulation. The startup has no chance to be listed in German search engine results at all... This is on top of strange and very arbitrary blockages, like a listing for the videogame Dead Island at amazon.co.uk and a few offending YouTube accounts whose account pages are blocked, but not the offending videos themselves. Beyond that, the list covers a wide variety of offensive-to-the-German-government (and in some cases, offensive to nearly everyone) content, including "normal porn, animal porn, child/teen porn, violence, suicide, nazi or anorexia." Notably, the Wikipedia page quoted in this post points out that BPjM is an anomaly in the "free" world. Germany is the only western democracy with an organization like the BPjM... The rationales for earlier decisions to add works to the index are, in retrospect, incomprehensible reactions to moral panics. With its secret list exposed, the German government has gone after Neocities in a belated attempt to keep its no-longer-secret list secret. Neocities has complied, but not without protest. An anti-censorship activist, concerned citizen and security researcher has proved that the hashes are very easily reversible, and published the disclosure, including a plain-text list of the censored sites on a Neocities page. Now the German government is pressuring Neocities to take the site down, and are claiming we were breaking German (and possibly US) law by hosting a copy of the list of sites that they distribute. The letter from KJM (Commission for the Protection of Minors in the Media) makes some rather odd statements. Two lists (containing URLs) were published on one of your blogs, namely https://bpjmleak.neocities.org/. The list of URLs contains child sexual abuse material (CSAM), animal pornography, nazi propaganda, minors in poses involving unnatural sexual emphasis and content inciting hatred, just to name a few. All of the URLs are illegal under German law. Since CSAM is also illegal under US law, we are of the opinion that this site violates the laws applying to your service and also violates your terms of conditions. More properly stated, the websites contain the offensive material, not the URLs themselves. And, as was pointed out by the person researching the list, much of what's in the list is out of date (i.e., the URL no longer contains the illegal content, domain is expired, etc.) or is ineptly targeted (typos, invalid URLs, etc.), which means the list isn't nearly as useful as the government believes. And, if the statement about violating two countries' laws wasn't (theoretically) frightening enough, KJM goes on to claim that posting this content violates Neocities own mission statement. (No. Really.) The KJM sees that neocities values anonymity and states to be uncensored. But the KJM thinks that https://bpjmleak.neocities.org/ is not what your service is intentionally for as your website states: “But our goal is clear: to enable you to harness the creativity, beauty, and power of creating your own web site. To rebuild the web we lost to monotony, and make it fun again.” The statement is truly wondrous in its inanity, approaching the level of non sequitur. At no point does the mission statement encourage the stripping of anonymity or encourage censorship. Neocities is a platform for website construction, something KJM believes is somehow contrary to sticking up for its users and their content. Leave it to a government agency to craft one of the emptiest paragraphs to ever grace an official takedown request. The biggest issue is the list itself, the one the government wants to keep out of the hands of the public, as Neocities points out. There is apparently no legal way to challenge the list. It is decided by fiat in secret by a German government agency, and there is little or zero recourse for those falsely condemned. By keeping it secret -- ostensibly to prevent the public from accessing illegal content -- website owners are kept in the dark about the German government's censorious efforts. This sort of power is dangerous without accountability. The list is outdated and composed carelessly. Sites like Discogs are blocked off while true offenders remain uncensored because the "for the children" agency can't be bothered to ensure its slash marks are properly used or that the URL is free of typos. Neocities has discussed this unofficially with the EFF but, as the post notes, the legal implications of this leaked list are still very murky. As a precaution the list has been removed. (It survives, for now, at the Internet Archive.) And, if given notification that the posting of the list does not violate US law, the BPjM blacklist will be reposted. Either way, Neocities states that it will not punish the end user in any way and that his/her access to the site will remain intact. The ultimate stupidity of this debacle is the fact that the German government thinks it can undo what's been done. By acting in this fashion, it's only drawn more attention to the list it wants to remain a secret. Worse, it's drawn more attention to the blog post highlighting the many failures of the list itself. It's one thing to want to prevent access to clearly illegal material. It's quite another to slap together a list composed of dead sites, mistyped URLs and a variety of bizarre blockings based on "incomprehensible reactions to moral panics." Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
ProPublica has a new story about the rise of "canvas fingerprinting," a new method of tracking users without using cookies. It's a method that is apparently quite difficult to block if you're using anything other than Tor Browser. In short, canvas fingerprinting works by sending some instructions to your browser to draw a hidden image -- but does so in a manner making use of some of the unique features of your computer, such that each resulting image is likely to be unique (or nearly unique). The key issue here is that the popular "social sharing" company AddThis, which many sites (note: not ours) use to add "social" buttons to their website, had been experimenting with canvas fingerprinting to identify users even if they don't use cookies. As ProPublica's Julia Angwin notes, it's very difficult to block this kind of thing -- and tons of sites make use of AddThis -- including WhiteHouse.gov (whose privacy policy does not seem to reveal this, saying it only uses Google Analytics as a third party provider). The report does note that others who have tried canvas fingerprinting have found that it's not necessarily accurate enough yet, but the technology appears to keep getting better. Still, AddThis says it's likely to drop it anyway, because it's not good enough yet: AddThis said it rolled out the feature to a small portion of the 13 million websites on which its technology appears, but is considering ending its test soon. “It’s not uniquely identifying enough,” Harris said. AddThis did not notify the websites on which the code was placed because “we conduct R&D projects in live environments to get the best results from testing,” according to a spokeswoman. The company also insisted it wasn't doing anything bad with the tracking, but even if you believe that's true, how long will it be until others make use of similar fingerprinting for more questionable behavior. Given the attention this is getting, hopefully browsers will at least role out features that allow users more notification and control over such practices. Cookies are hardly a perfect solution, but at least users have control over them.Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
The net neutrality debate has been underway for many years now, but more recently it has entered the mainstream. The main arguments in favor of preserving net neutrality -- that it creates a level playing field that allows innovation, and prevents deep-pocketed incumbents from using their financial resources to relegate less well-endowed startups to the Internet slow lane -- are familiar enough. But PC World points us to a fascinating paper by Sascha D. Meinrath and Sean Vitka in the journal "Critical Studies in Media Communication" that offers a new and extremely important reason for defending net neutrality: that without it, it will be hard to fight back against blanket surveillance through the wider use of encryption (pdf). Here's the main argument: One particularly problematic industry practice is the move by ISPs to create tiered or preferential service offerings. Plans to create tiered services have been floated for years -- enabled in part by constant pressure toward less competition in the broadband market. In fact, within mobile broadband services, tiering of various applications (e.g. voice, texting, data) are already normative. But if an ISP can't tell what sort of application is being used, it doesn't know whether to prioritize or deprioritize a specific communications stream -- which is why good encryption breaks one of the fundamental assumptions for this new business model. Since encryption can help circumvent discriminatory practices, the incentive to use it will expand with practices like tiering. If net neutrality disappears, and tiering becomes more common, users may turn to encryption to thwart traffic analysis by ISPs. That, in its turn, is likely to lead to ISPs putting encrypted traffic in the slow lane by default -- or even trying to ban it altogether. Either would ensure that the majority of users would go back to using communications in the clear, since they would probably be unwilling to pay for their security, which is non-obvious and hard to measure, with the loss of speed -- something that is immediately all-too evident. You might think that it is unlikely that ISPs would be able to push through changes with such serious implications for their customers' privacy -- not least because the usual worthy digital rights organizations would doubtless fight back fiercely. But as Meinrath and Vilka rightly point out, there could be an unholy alliance between industry and security services that would be hard to defeat: It is difficult to imagine a politician standing up for privacy and free speech rights when opposition of this position, from both well-moneyed private industry and law enforcement, proclaim that encryption supports 'copyright infringement, child pornography, and terrorism' -- all at once. That rings horribly true: the copyright industries would doubtless love to get encrypted connections banned, as would the NSA. Bringing together the perfect scaremongering trinity of copyright infringement, child pornography and terrorism could well create a winning combination. The best way to avoid this nightmare scenario is to head it off early. Save net neutrality now, and you save the one thing that we think can help us against surveillance: end-to-end encryption. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
Among the many things Richard Nixon was infamous for, his "Enemies List" stands out for the sheer pettiness involved. The most powerful man in the free world took time out of his schedule to compose a running tab of everyone who had ever slighted him. Without a doubt, the world is full of such pettiness, but most of it remains unexposed, or deployed by people the public could not care less about. A former campus cop for the University of Oregon (now a court clerk) has sued the school for wrongful termination, something he claims was the result of retaliatory actions by his UOPD (University of Oregon Police Dept.) supervisors. The list of allegations is long and detailed, but much of the friction seems to track back to an (allegedly) oft-discussed "enemies" list maintained by one UOPD officer that (again, allegedly) contained a number of people, ideas and entities that these officers felt should "eat a bowl of dicks." The names and terms on the list – which range from politicians to famous personas such as Chelsea Handler and even particular crowds such as “mouth breathers” – were put there when UOPD officers disliked them for one reason or another. In the opinion of the officers, those referred to on the list were entitled to “eat a bowl of dicks,” according to the lawsuit. [James] Cleavenger is a graduate of UO Law and currently works as a clerk at the Eugene federal court. In his lawsuit, he said that the list was assembled during night shifts and that several officers contributed. The list was kept on Officer Eric LeRoy’s cell phone and, according to the lawsuit, the list was a constant topic and debated over during work hours. That this sort of behavior occurs is no surprise. In the "us vs. them" environment of law enforcement, it's almost expected. But it's rarely admitted to and even more rarely exposed in such a public fashion. Cleavenger alleges that the defendants discussed this list during briefings and many other times during the course of the shift and, most worryingly, that the list contained names of University of Oregon staff and administration. Rather than the expected denial, the defendants openly admitted (in their filed response to the allegations) the list exists, although they claim it wasn't discussed quite as frequently as Cleavenger alleges and doesn't contain the names of people these officers worked for (and in conjunction with). [...] admit that there were remarks made about a bowl of dicks list but deny such remarks were made during "many" briefings; and admit the referenced list was and is maintained on Leroy's cell phone. The remaining allegations of paragraph 20 are denied. In response to paragraph 21, Defendants admit the list identified in paragraph 20 contained dozens of entries; admit O.J. Simpson, Oprah Winfrey and Hilary Clinton were and are on this list; admit Plaintiff alleges he does not have a copy of the list; and admit officers will confirm the existence of the list. Despite the defendants stating in a legal filing that the list was referred to as the "bowl of dicks" list, a statement from the chief of the UOPD denied the phone-contained list was referred to by that name. “The list was not meant maliciously, it was not labeled with the vulgarity referred to in the court complaint, and was not a collection of ‘enemies,’” said UO Police Chief Carolyn McDermed. But it was labeled that way, and the defendants are on record saying so. The allegations in Cleavenger's complaint note that the list was a "work in progress and constantly updated," a detail that caught the eye of the UO Matters blog. It issued a public records request for the "bowl of dicks" list and received its own version, albeit one that now contains redactions. And, note that the court complaint explains that the “eat a bowl …” list was a work in progress that was frequently updated, debated, and discussed. So why does UO only provide one version, and act as if it’s the only one? Here’s UO’s response to my request for “any public records that list the members of the “Bowl of Dicks” list kept by UOPD employee Eric LeRoy.”: On FridayJul 11, 2014, at 10:22 AM, Office of Public Records wrote: "… The attached list is responsive to your request. It is a list of names that was maintained on a UOPD officer’s phone as referenced in a pending litigation. Thank you for contacting the office with your request." Every other public records response from UO includes this boiler-plate: "The office considers these documents to be fully responsive to your request, and will now close your matter. Thank you for contacting the office with your request." Why did they leave it out this time? Because they’ve got more lists? There are two names redacted in the UO matters version, both of whom are former Oregon football players. Cliff Harris Alejandro Maldonado Apparently, this information wasn't deemed sensitive enough to redact from the UOPD's version of the definitely-not-a-"bowl-of-dicks" list. What's not contained in these documents are Cleavenger's more serious allegations: that University of Oregon staff were included in the extensive compilation. What it does look like is a list of annoyances, running from A-, B- and C-list celebrities (Beyonce, Miley Cyrus, Gary Busey) to stuff that generally annoys a large subsection of the public (mouth breathers, fraternities, Comcast, Windows Vista). In fact, for the most part, this is probably one of the least controversial "hate" lists to ever be outed. Osama bin Laden makes the list. So does David Hasselhoff. And Adobe Acrobat. One of the stranger inclusions is "ORS 352.385," the state statute that provides for the creation and funding of university police departments. Were these campus cops suffering from a bit of self-hatred? Maybe they didn't see themselves as "real" cops and felt that they shouldn't be expected to do much more than hole up in the office and compile a list of eminently hateable entities. So… tempest in a dickbowl? Possibly, but there are still unanswered questions as to whether the list(s) that have been made public were edited by Officer Eric LeRoy before turning it over to authorities. If these officers were including campus staff on its enemies list, that's definitely a cause for concern, especially if it prompted any sort of harassment under the color of law. But at this point, there's no indication this was much more than a crude inside joke for UOPD officers, albeit one that apparently consumed a great deal of each workday. The university has gone on the defensive, however, which indicates there may be something to Cleavenger's allegations. "A recent story with information about a legal matter involving a former employee of the University of Oregon Police Department focused primarily on the unproven allegations of the former public safety officer and did not provide the university’s responses to the courts or the newspaper reporter,” said the university. The "blame the press" approach -- one that nearly universally goes terribly but is almost always the first reaction to negative attention. But, considering the following was the initial response, what did the university PD expect? UO Police Chief Carolyn McDermed declined this week to comment on Cleavenger’s firing, saying that the university “does not comment on pending litigation.” Now, the press is focusing on the fact that the UOPD not only admitted its officers compiled an enemies list, but that it also attached a vulgar name to said list. The official denial by Chief McDermed says otherwise, but one would think that the legal document filed in response to Cleavenger's allegations is the more trustworthy version. And that version clearly says the list was referred to as the "bowl of dicks" list. Police officers should know better than anyone else how much evidence a cell phone can store. It's one thing to be obnoxious behind closed doors during long, boring night shifts. It's quite another to (allegedly) hassle an officer out of a job because he disagreed with the contents of a vulgarly-named list and the amount of time being spent keeping such a non-essential item updated. This list doesn't seem to indicate these officers' attitude towards the general public was less healthy than any other person's. In fact, in its own perverse way, it somewhat humanizes these public servants. I mean, who doesn't hate Vista and Acrobat? But if further versions come to light -- ones that show the police were adding staff or students to this obviously negative list -- then it's likely the surface indicator of something uglier lying underneath.Permalink | Comments | Email This Story

Read More...
posted 5 days ago on techdirt
American highways are slowly filling up with Crossover vehicles that drive like a car but have some of the height and space of an SUV. Sedans still outnumber Crossovers, but this non-car-non-SUV segment is growing rapidly. The Toyota RAV4 came out in 1994, but in 1991, a car design no one of a certain age will ever forget made its debut on The Simpsons. The Homer will have the last laugh. Here are some links to prove it. A real-world version of The Homer raced in the 24 hours Of LeMons in 2013. It finished in 5th place, but it didn't fully capture the essence of The Homer. [url] If you missed the episode "Oh Brother, Where Art Thou?" when it first aired, you can read up on the specs of The Homer on The Simpsons Wikia page. The car was built by Powell Motors (owned by Homer's half-brother Herb), and ultimately ruined the fictitious Detroit automaker. [url] The Homer was actually ahead of its time in some ways, sorta. No soundproof bubble domes for kids yet, but active noise cancellation and some child safety restraint systems might be a step in that direction. [url] If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.Permalink | Comments | Email This Story

Read More...
posted 5 days ago on techdirt
We've joked about how James Clapper and the Office of the Director of National Intelligence (ODNI) like to claim that the various documents they've been declassifying and releasing in the post-Snowden era are decisions they've made out of the goodness of their transparency-loving hearts, when the reality is that much of it is in response to FOIA lawsuits from the EFF. When it comes to Section 702 of the FISA Amendments Act, the part of the law that covers PRISM and (more importantly) the direct "upstream" tapping of the internet backbone via companies like AT&T, EFF had asked for a variety of documents pertaining to how the program was run. After ODNI did everything possible to refuse to provide such documents in any meaningful way, EFF sued. Following the Snowden revelations, and the sudden "we love transparency*" (*not really) attitude of the ODNI, it started re-reviewing the original redactions and (look at that!) suddenly realized that it didn't actually need to have wasted so much black ink on the originals. EFF continued to push back on certain redactions, and ODNI magically discovered even more wasted black ink. Eventually, huge portions of the various documents that had previously been withheld were revealed. EFF kept pushing, and asked the court to review some of the remaining redactions, just to make sure that ODNI wasn't hiding anything solely out of embarrassment, rather than for legitimate national security purposes. The court got to secretly review the unredacted document, asked some detailed questions of the DOJ, leading to even more redactions falling by the wayside. So, now, finally, after all of that, the judge has basically said that all of the remaining redactions are legitimate, and thus effectively rules "against" the EFF. However, this is a pretty clear victory for the EFF, considering that during the course of the case it was able to remove many of the original redactions. Of course, this is still problematic, because it highlights how many of those original redactions were clearly improper, and it took this long and convoluted process (and Ed Snowden) before ODNI was willing to reveal these documents concerning a rather key program in how the NSA conducts surveillance.Permalink | Comments | Email This Story

Read More...
posted 5 days ago on techdirt
Even though the government hates to get warrants for searches, sometimes it has no choice. But just because there's a warrant involved doesn't mean the search will be any less invasive. Warrant applications are supposed to contain specifics about what is being sought and where it likely resides based on the sworn statements of investigators. Unfortunately, this often doesn't seem to be the case, especially when it comes to electronic data. Two recent pushbacks by magistrate judges have sent the government back to its desk to rewrite overly vague warrant requests. (In one case, this resulted in 'judge shopping,' rather than a rewrite. The new judge was unimpressed.) Judges willing to make the government fine tune warrant requests are still a very small minority, however. The more common approach is exemplified by Judge Gabriel Gorenstein of the Southern District of New York. A New York judge defended a controversial order that gave the government access to all content of the Gmail account of a target in a money laundering investigation, holding that courts have long recognized the practical need for law enforcement to seize documents if only to determine whether they fall within the warrant. As John Ribeiro's article notes, other recent decisions have found that overly broad warrant requests are stretching the Fourth Amendment to the breaking point by not limiting the time period or scope of the electronic communications being sought. The government, on the other hand, has argued (with Gorenstein echoing) that seizing months of emails is no different than cloning an entire hard drive -- another common process deployed during criminal investigations. That it's no different doesn't suddenly make it more "right" or less of a violation of privacy. Those other decisions (one of which Gorenstein refers to in his) had no noticeable effect on the approval of this warrant, which asked for everything… and got it. The New York court, in contrast, granted on June 11 a warrant that permitted law enforcement to obtain emails and other information from a Gmail account, including the address book and draft mails, and to permit a search of the emails for certain specific categories of evidence. Moving on from his "lesser of two wrongs" argument, Gorenstein added that allowing the service provider to return relevant communications would likely result in important information being overlooked. "While an agent steeped in the investigation could recognize the significance of particular language in emails, an employee of the email host would be incapable of doing so," he wrote. While this is likely true to some extent (the decision goes on to note that criminals often use codewords to discuss illegal activity -- something private company techs may not be versed in), the warrant itself is still highly problematic. The court did not also place any limits on the manner or time frame in which the emails should be searched or retained. So, the government will be given a suspect's entire email account and allowed to peruse it for anything for as long as it wants to. As we've seen just recently, this is the sort of open-ended access the government shouldn't be given. In June, the Second Circuit Court returned a decision that said the government violated a person's Fourth Amendment rights by holding onto seized information for much longer than the period stated in the warrant. Not only did the feds dig through irrelevant information (after swearing in the warrant request that it wouldn't), it continued to do so until it came across something of possible interest to another federal agency (the IRS) and forwarded the data it supposedly wasn't digging through. Gorenstein's approved warrant contains no such safeguards, which means the feds literally can't go beyond the scope of the request. It's a blank check disguised as a nod to the Fourth Amendment. The Fourth Amendment prohibits unreasonable searches and seizures. It does not go on to say "...unless you get a warrant." The warrant process is supposed to limit unreasonable searches and seizures by forcing law enforcement to detail (in a sworn statements) the specifics of what's being sought and the efforts that will be made to limit the seizure to the scope of the investigation. There's nothing "reasonable" about this open-ended request. Gorenstein's decision places ease of law enforcement access above Constitutional rights. Permalink | Comments | Email This Story

Read More...
posted 5 days ago on techdirt
There's some buzz in security circles today after it came out that a session at the upcoming Black Hat Conference entitled "You Don't Have to be the NSA to Break Tor: Deanonymizing Users on a Budget" by Michael McCord and Alexander Volynkin (both of whom work for Carnegie-Mellon University and CERT) had been pulled from the conference at the request of CMU. A Black Hat spokeswoman told Reuters that the talk had been canceled at the request of lawyers for Carnegie-Mellon University, where the speakers work as researchers. A CMU spokesman had no immediate comment. There's been plenty of speculation about what's going on, but Chris Soghoian has a pretty good thesis that the researchers likely didn't have institutional approval or consent of the users they were identifying, meaning that they were potentially violating wiretapping statutes. As he notes, running a Tor server to try to spy on Tor traffic without talking to lawyers is a very bad idea. While it hasn't yet been confirmed that this is what happened, it certainly is a pretty sensible theory. Of course, none of that changes the fact that it's possible to identify some Tor users. But... that's also not particularly new. In fact, we've discussed in the past how the feds can identify Tor users. Tor adds an important layer of protection, but there are plenty of ways that you can still be identified while using Tor. Just ask Russ Ulbricht. The problem isn't so much Tor itself but how people use it -- and the simple fact is that most people use it in a way that will eventually reveal who they are. While it's not definite, it seems likely that this is what the talk would have revealed. Shutting it down wasn't any sort of big attempt to cover up this fact, but perhaps it was to protect the researchers and CMU (potentially) from a lawsuit for violating wiretapping laws.Permalink | Comments | Email This Story

Read More...
posted 5 days ago on techdirt
Today's demonstration of post-brutality scrambling is brought to you by the California Highway Patrol. First off, we'll take a look at the "alleged" brutality, which looks incredibly similar to non-alleged brutality. (Apologies for the watermark the person who recorded the incident slapped all over the video.) This head-punching (David Diaz, who recorded the incident, counts 15 punches in total) was performed as an act of civil service, according to the CHP. Speaking to the television station ABC7, the California Highway Patrol said that the officer had ordered the woman to stop walking, out of fears for her safety. She failed to follow this order, possibly due to mental illness. After the unnamed officer's fists were finished ensuring her safety, the CHP sent the woman to a mental health facility and refused to allow her family to see her. The video surfaced shortly thereafter, forcing the CHP to make further statements about how "physically combative" the woman was, as well as expressing its utmost desire to find a way out of this to see justice done. "We're looking at every possibility, every fact, every circumstance that have contributed to this situation, and we're going to try to come to a just conclusion," Highway Patrol Assistant Chief Chris O'Quinn said at a news conference on Friday. "Just," in this context, seems to actually mean "exonerating." The investigation continues, apparently, albeit in unexpected (and terrible) directions. California Highway Patrol investigators have seized the medical records of a woman seen on video being repeatedly punched by one of its officers on the side of a Los Angeles freeway. Chris Arevalo, executive administrator for psychiatric services at Los Angeles County-USC Medical Center, confirmed that the CHP served the search warrant Tuesday for Marlene Pinnock's records. Why the CHP would need to seize the records, rather than just view them, is completely inexplicable. The person served the warrant noted that it was issued to grab "property or things" as part of a felony investigation, which apparently included communications with her doctor about her well-being and "references to her attorney." I'm sure the ongoing investigation will clarify the CHP's need to violate its victim's privacy before this debacle is wrapped up. That's how it works. But it looks like an uphill battle. The statement released by the CHP commissioner sounds like even he was caught off-guard by this bizarre, smells-like-a-cover-up records seizure. "I think what they're trying to do is, they don't have a statement from her, and they're trying to find that out," Farrow said. "I don't think the CHP is trying to put her on trial or make it an issue about her. What I'm looking at is entirely about the circumstances, we all saw what happened. Our job is to find out the why and the how." So, the CHP gets statements by hospitalizing someone and seizing their medical records. While these records may offer some insight as to why she didn't immediately follow the officer's instructions, they really don't fill the "statement" void -- unless the CHP is going to further violate her privacy by releasing a statement on its own behalf using information gleaned from the seized records. As it stands now, it looks exactly like the CHP is planning to "make it an issue about her." If it isn't, then perhaps it might quid pro quo with the release of the disciplinary records of involved officers. Moving on from this larger wrongness, I'd like to take a little time to point to the complicity of the Associated Press in the low-level whitewashing of this latest development by using that famous law enforcement standby, the passive voice. My first notification came to me via Officer.com, whose headline read: CHP Seizes Medical Records of Woman Seen Punched "Seen punched?" Punched by whom? By the CHP, of course, not that this headline indicates that. As far as this headline goes, it may have just been a random mugging. A more accurate headline would be "CHP Seizes Medical Records of Woman They Were Seen Punching." Clumsy, but more honest. Considering this AP story was reposted by a police-centric site, the passive voice is completely expected. But it's not just cop sites like Officer.com. It's other places as well. The AP buries the lede and other media sites run the feed without even altering it. Of course, Police One took the AP's weak title and made it even worse. CHP seizes medical records of woman in scuffle with cop Not only does it side more with the CHP, but it also makes it appear as though the CHP seized her records during the "scuffle." We expect this use of the passive voice from police officers. The media doesn't really need to assist law enforcement spokespeople in their blame-deflection efforts. When misconduct allegations arise, they're always followed by details of "weapons discharging" and innocent bystanders "receiving gunshot wounds" and officers never striking anybody but always "responding" to actions, movements or words from some person whose personal safety was ensured by hospitalization. Permalink | Comments | Email This Story

Read More...
posted 5 days ago on techdirt
Drones: they're a thing. They were once reserved for the military to use to remote control the fiery death of scary people most of us have never met, some of whom may occasionally, ahem, be, you know, American or whatever. Now all kinds of commercial applications are being explored for these sky-borne death-machines, like getting me my damned tacos delivered through the sky, the way God intended. Well, the FAA went all crazy-pants over the idea of businesses using UAVs, which was followed by the NTSB ruling that the FAA had no jurisdiction over commercial drones. Following an FAA appeal, the agency then decided to claim that drones were only for fun, not profit. You know, like sex. That brings us to today, where we get to read news about the FAA investigating the use of a drone to take sky-recordings of the wedding of a US Congressman who sits on the subcommittee that oversees the FAA. The agency's carefully worded statement doesn't mention Rep. Sean Patrick Maloney, D-N.Y., by name, but said it was looking into "a report of an unmanned aircraft operation in Cold Spring, New York, on June 21 to determine if there was any violation of federal regulations or airspace restrictions." Maloney has acknowledged hiring a photographer to produce a video of his wedding using a camera mounted on a small drone. The wedding took place in Cold Spring on June 21. Maloney is a member of the House Transportation and Infrastructure Committee's aviation subcommittee, which oversees the FAA. Well, if the NTSB can't get the FAA to calm the hell down about minor commercial uses of drones, darkening the memories of a congressman's wedding with a pointless investigation sure as hell might. Particularly when that congressman is directly involved in overseeing said FAA. Boys, you may just have bit off a little more than you can chew. And this all comes off as particularly silly, given that this particular drone is the increasingly common small helicopter with a video recorder attached to it. The chances that this thing is going to interfere with airborne Boeings seem, shall we say, slim. "On their wedding day, Sean and Randy were focused on a ceremony 22 years in the making, not their wedding photographer's camera mounted on his remote control helicopter," Stephanie Formas, spokeswoman for Maloney, said in a statement. Formas, citing the judge's ruling, said there was "no enforceable FAA rule" or regulation that applied to "a model aircraft like the helicopter used in the ceremony." I rather expect that point to be driven home at an upcoming subcommittee meeting. Permalink | Comments | Email This Story

Read More...