posted 3 days ago on techdirt
Over the last year, we've noted the surge in so-called "right to repair" laws, which would make it easier for consumers to repair their electronics and find replacement parts and tools. It's a direct response to the rising attempts by companies like John Deere, Apple, Microsoft and Sony to monopolize repair, hamstringing consumer rights over products consumers think they own, while driving up the cost of said product ownership. John Deere's draconian lockdown on its tractor firmware is a large part of the reason these efforts have gained steam over the last few months in states like Nebraska. In New York, one of the first attempts at such a law (the "Fair Repair Act") has finally been making progress. But according to New York State's Joint Commission on Public Ethics, Apple, Verizon, Toyota, Lexmark, Caterpillar, Asurion, and Medtronic have all been busy lobbying to kill the law for various, but ultimately similar, reasons. And they're out-spending the consumer advocates and repair shops pushing for this legislation by a rather wide margin: "The records show that companies and organizations lobbying against right to repair legislation spent $366,634 to retain lobbyists in the state between January and April of this year. Thus far, the Digital Right to Repair Coalition—which is generally made up of independent repair shops with several employees—is the only organization publicly lobbying for the legislation. It has spent $5,042 on the effort, according to the records." To be clear, the vast majority of the time, companies lobbying against this kind of legislation don't like to even admit that they oppose it. But when they do go on the record, it usually features a trifecta of false claims that the bills will make users less safe, pose a cybersecurity risk, and open the door to cybersecurity theft. In Nebraska, for example, we've already noted how Apple claims that allowing people to repair and tinker with the hardware they own will somehow turn the state into a "mecca for bad actors and hackers," and that letting consumers repair their own electronics would cause lithium batteries to catch fire. Of course, the real reason Apple opposes this legislation is that it stands to lose significant repair revenue once people no longer have to drive half an hour to the nearest Apple Genius bar and support team. The same is true for game console makers Sony and Microsoft, who obviously would prefer it if you're only able to use their significantly-more expensive repair programs. They'll ignore the fact that this kind of behavior not only allows companies to charge an arm and a leg for what very well may be superficial repairs, but helps prop up closed, proprietary ecosystems, hurting customers in a myriad of other ways as well. And while supporters of these right to repair bills are very candid about the benefits they think users will see, it's telling that the companies lobbying against these rules refuse to comment whatsoever on their opposition, and when they are willing to talk can only trot out a parade of theoretical horribles that don't really make coherent sense. Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
From the basics to more advanced techniques, the $39 Ethical Hacking A to Z Bundle leaves no stone unturned as you explore the complex world of ethical hacking. Over 8 courses with 45+ hours of instruction, explore passive and active reconnaissance, scanning and enumeration, network mapping, and more. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team. Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
As information about police use of cell tower spoofers began leaking out, those who had kept the public (including defendants, judges, and even some prosecutors) out of the loop began defending their use of domesticated military technology. They said pay no attention to the possible civil liberties violations. Just think of all the good they're doing. They promised Stingrays would only be used on the worst of the worst, and only when time was of the essence: terrorists, murderers, kidnappers, etc. But then even more Stingray documents made their way into the public domain. These showed the devices were deployed in bog-standard drug investigations or, worse, used just because agencies had them. This perhaps reached its nadir when a police department fired up its Stingray to hunt down someone who had stolen less than $60 worth of fast food. To make matters worse, the Stingray failed to track down the alleged thief. Of course, anyone paying attention knew Stingrays would be used for nothing of importance, despite public officials' statements otherwise. The first person to start digging into Stingray use was Daniel Rigmaiden, who was doing time for fraud. Not exactly the sort of crime one would associate with exigent circumstances and possible danger to the public. And, of course, because it's now the government's foremost priority to toss undocumented immigrants out of the country, Stingrays are being used to accomplish this goal. And, just like the defensive statements made on behalf of IMSI catchers, the federal government has claimed it's only interested in removing the most dangerous of undocumented individuals first. These statements are also false. Federal officials in Detroit used a secretive tool known as a "Stingray" — which tricks cell phones into revealing their location — to find an undocumented man for deportation. The cell-site simulator has been used in the past by federal and local law enforcement to find murder suspects, kidnap victims, drug dealers and terrorists — but sometime in March, FBI and ICE officials used it to find a 23-year-old native of El Salvador to deport him. The alleged criminal act being used as leverage -- both for the Stingray deployment and the use of ICE's "eject" button -- is a long ways from the Parade of Horribles used to justify the acquisition and use of cell tower spoofers. According to the warrant, Carcamo-Carranza was deported in 2012 and 2015 to El Salvador, but returned to the US. In Feb. 28, 2016, he was arrested in Shelby Township, Michigan, on suspicion of hit-and-run, but was released by local police before he was detained by ICE agent. Also of note: ICE used a warrant to pry loose this phone number, serving one to Facebook which gave it access to Carranza's private messages. Just throwing that in there to add a bit more skepticism for the "Going Dark" theory. A phone that might be locked isn't the end of the line for investigators, no matter how loudly law enforcement officials sigh during press conferences while gesturing ineffectively at a pile of seized devices. As we always knew would happen, Stingray technology would soon shift from its more limited, "higher cause" deployment into just another tool for rote policework. Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
Apparently, giant broadband providers don't much want to put their sudden, mysterious love of net neutrality into writing. Last week, the FCC voted to begin killing net neutrality, opening the door to a 90-day comment period ahead of a broader rule-killing vote later this year. In the wake of the move, the same large ISPs that have spent a decade trying to kill meaningful regulatory oversight comically went out of their way to (falsely) claim that the killing of the rules doesn't mean all that much -- because these duopolies love net neutrality so much any hard rules simply aren't necessary. Verizon went so far as to publish a violently misleading video claiming that net neutrality isn't dying and large ISPs aren't trying to kill it. Comcast's top lobbyist David Cohen penned a blog post claiming that the FCC was only trying to "protect the open internet" from "dangerous and inappropriate Title II." And the day before the FCC voted to begin killing the rules, the cable industry's biggest lobbying organization (the NCTA) took out a full-page ad in the Washington Post, pledging the cable industry's "commitment to an open internet": Today we posted a full-page ad in @washingtonpost reaffirming our commitment to an open internet. Read the story: https://t.co/YTVQPoK0ty pic.twitter.com/sP4rgrJDz6 — NCTA - Internet & TV (@NCTAitv) May 17, 2017 Over in a corresponding blog post, the NCTA pushed a load of disingenuous prattle insisting that the cable industry will remain on its best behavior after the current FCC gets done dismantling all manner of consumer protections (net neutrality is only one small part of what the agency is up to): "The cable industry is proud to be America’s largest residential broadband internet provider and we’ve always embraced and delivered a truly open internet experience to consumers. Why? Because it’s what consumers demand and what makes our business grow and thrive. It’s really that simple...No matter what happens with this new FCC proceeding or whatever regulatory model comes next, we will continue to provide an open internet experience for our customers, and we remain willing to work with all parties on ways to promote internet freedom and continued technological progress." Of course if you recall Comcast's decision to throttle all upstream BitTorrent traffic, use zero rating to hamstring video competitors, or witnessed the rise of unnecessary usage caps and overage fees, you probably recognize that statement as the heaping pile of horse shit that it is. The Consumerist amusingly reached out to each of the NCTA's 24 cable company members to see if they'd be willing to sign a contract putting their adoration of the open internet into some kind of bonding contract with consumers. Three companies were unreachable, fourteen companies never wrote or called back, and only one company was willing to provide a statement; a complete and total non-answer from Cox Communications: "Cox has always been committed to providing an open Internet experience for our customers and reversing the classification of Internet services will not change our commitment,” a representative for the company told Consumerist. "We do not block, throttle or otherwise interfere with consumers’ desire to go where they want on the Internet. A stated pledge like that in our contracts with customers is something we are looking into as the debate continues." In other words, of the twenty-four cable companies claiming to breathlessly adore net neutrality, not one of them was willing to put that adoration into writing. That's because there's one reason these companies are pushing to gut these protections and put all telecom oversight in the hands of an overextended and ill-suited FTC: so nobody can stop them from finding creative ways to abuse the lack of last-mile broadband competition. Anything else is pretense. Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
Jason Leopold has obtained the FBI's training slides for its "insider threat" program. This would be the same program the FBI refused to discuss in detail with the Senate, walking out of the briefing when asked how the program would avoid sweeping up legitimate whistleblowers. The federal government acts as though it's receptive to whistleblowing, but then undermines that sentiment with pretty much everything else it does. These insider threat programs have only become more severe after the Snowden leaks, asking federal government employees to treat normal, everyday behavior as inherently suspicious. The Defense Department's insider threat program declared such innocuous things as visiting foreign countries and being in debt as warning signs. Worse, anything less than full support for US government policies was considered threatening behavior. The FBI's presentation [PDF] isn't much better. FBI employees are encouraged to say something if they see something… and there are a lot of observable "somethings" on the list. According to the training material, potential insider threats include federal employees who brag about what they know, work odd hours, travel overseas without a good reason, or ask their co-workers about classified information without a "need to know." Workers who consume alcohol, use drugs or have “psychological conditions” may also be insider threats, as are those facing disciplinary action or job termination. [...] Another slide says leaks occur because leakers are “disgruntled” and are motivated by “ego,” “financial gain,” and “divided loyalty.” Some of these factors can be indicative of someone considering engaging in espionage. Unfortunately, a lot of these may also apply to whistleblowers. The FBI presentation spends a great deal of time comparing its lists of insider threat traits to those the government has successfully prosecuted but spends zero time discussing whistleblowers and their traits/motivations. Considering the FBI's leaky status, especially in recent months, the document feels inconsistent at best. It feels like a good way for FBI employees to get rid of coworkers they don't like and a great way to foster an atmosphere of corrosive suspicion in FBI offices. FBI employees will distrust each other, FBI officials will distrust nosy politicians… and, in a surprising revelation by Leopold, politicians will have even less reason to trust the FBI. As was noted earlier in this post, the FBI chose to walk out of a briefing rather than answer Sen. Chuck Grassley's question about whistleblower protections under the FBI's "insider threat" program. Thanks to the efforts of a media company (BuzzFeed) and a private citizen (Leopold), Grassley now has a copy of documents the Senator asked for months ago. Grassley asked the FBI to send him its insider threat training material. He received a couple of videos and a brochure. But a spokesperson for Grassley told BuzzFeed News that the senator did not receive the training slides until BuzzFeed News sent a copy. The documents released here don't answer Grassley's questions either. But recent history shows us the FBI is not a whistleblower-friendly agency. It seems to have no problem with very selective leaking, but isn't nearly as kind to those who use the official channels to report wrongdoing. An insider threat program like this doesn't help. Giving agents and employees sketchy reasons to distrust each other will only serve to deter whistleblowers before they even have a chance to experience the agency's unofficial retaliation program. Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
The European Union's top court has just handed down an important ruling about an otherwise minor trade deal between the EU and Singapore. The two sides initialled the text of the agreement in September 2013, and since then it has been waiting for the Court of Justice of the European Union (CJEU) to hand down its judgment. The issue is who gets to sign off on the deal: is it just the European Union, or do all 28 Member States of the EU need to agree too? There's clearly a big difference there, because in the latter case, there are 28 opportunities for the deal to be blocked, whereas in the former situation, the EU can simply wave it through on its own. The CJEU ruling (pdf) is fairly straightforward: the EU can sign and conclude trade deals covering most areas, but not for a few that must involve the EU Member States. Of most significance is the following: The regime governing dispute settlement between investors and States also falls within a competence shared between the EU and the Member States. Such a regime, which removes disputes from the jurisdiction of the courts of the Member States, cannot be established without the Member States’ consent. That is, the thorny area of corporate sovereignty, also known as investor-state dispute settlement (ISDS), is one of the few that requires the approval of all Member States. There's an interesting corollary to that ruling: if the EU wants to agree trade deals as quickly as possible, without the risk of Member States vetoing them -- as Wallonia did with CETA -- it should not include a corporate sovereignty chapter. If it seems hopelessly naïve to think that might ever happen, here's an editorial in a ruthlessly hard-headed newspaper, the Financial Times (FT), recommending that it should (paywall): [The CJEU's ruling] would be an excellent opportunity for the EU to go further, and reverse one of its bigger recent errors in trade policy. It should ditch the whole idea of having rules on investment, or at least rules allowing companies to sue a government directly, in FTAs. Such "investor-state" provisions have attracted intense opposition, not just from the Walloons but also from anti-corporate campaigners. Removing these rules would ease the way for future deals. As they do not seem to encourage foreign direct investment, they are more trouble than they are worth. Freed from this unnecessary encumbrance, the EU would find it easier to sustain with its quiet run of closing bilateral trade pacts. When Techdirt first started writing about corporate sovereignty, four years ago, it was an obscure area of trade policy that few knew about. The insiders who were familiar with the mechanism assumed it was a fixed and indispensable part of free trade deals. Now we have one of the most influential business newspapers calling it an "error" that should be "ditched," since ISDS chapters are "more trouble than they are worth." We've come a long way. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
This is just a periodic reminder that these are the sort of people whose "experience" and "expertise" are routinely granted massive amounts of deference by judges (and stenographers pretending to be journalists). Warrant affidavits providing more detail about the requesting officer's law enforcement career than the target of the search are often rubberstamped into actionable pieces of paper. (But not always!) And yet, these experienced experts look far more mortal when their actions are given something more than a cursory examination. Exhibit A: the Odessa PD's crack team of trained experts who participated in a daring no-knock raid of an empty motel room. The search warrant was executed on Jan. 29 at the America's Best Value Inn, 3023 E. Highway 80. Police officials say the officers involved in executing the warrant "used an unauthorized cooperating individual," and the cooperating individual did not have the required file. The Professional Standards Unit Investigation also found that the officers involved failed to correctly identify and confirm the location of the criminal activity. During the search, officers entered room #225 which was vacant, according to previous reports. Officers then reportedly made a "split-second" decision and breached the next room (#226) at the hotel where suspects were located. When reviewing the warrant, officers realized that on the warrant room #225 had been listed, police say. The suspects in the room were held "pending the production of a second search warrant," police say in a release. Post-facto warrants are seldom as legally-sound as warrants obtained before a search. Sometimes affidavit errors are excused but this case involved a confidential informant of uncertain trustworthiness and a lack of proper documentation. The officers are being lightly disciplined for their Keystone SWAT effort, but the department has cleared itself of any wrongdoing after investigating itself. In the investigation, police determined that the breach of room #226 was "not illegal because the conduct of the officers prior to their entry into room #226 was lawful, there was no violation or threatened violation of the Fourth Amendment, and therefore the exigent circumstance rule applied and allowed for the entry and securing of room #226," the release reads. I imagine any evidence will be challenged in court, despite the PD's claim no Fourth Amendment violations took place during the department's botched raid. We'll see how much claims of officer training and experience will hold up under judicial examination. (Sadly, they'll probably hold up much better than they should. While typos are an inevitability, the use of a CI with no pedigree or paperwork puts the warrant on severely shaky legal footing.) Exhibit B: the cop who justified the frisk of someone with statements that immediately undermined the asserted justifications. Here's the court explaining to the officer why the frisk wasn't reasonable: Officer Kim’s testimony about seeing the handle of a gun protruding from Smith’s pocket is not credible. At the evidentiary hearing, Officer Kim testified that she could see the black handle of a gun protruding from Smith’s pocket. However, in her arrest report, written shortly after the incident, Officer Kim wrote “[t]he handgun was concealed inside his pocket in such a manner as not to be discernible by ordinary observation.” (ECF No. 18-1 at 3) This statement directly contradicts her testimony. It is unlikely that Officer Kim, approaching a poorly lit landing in the wee hours of the morning, would have been able to discern a black gun handle allegedly sticking out of Smith’s pocket. [...] Indeed, Officer Kim acknowledged in her police report she only became aware of the handgun after she began the pat down. The question that must be asked (but can't be answered) is: how many times has this sort of thing happened? Only a very small percentage of frisks receive courtroom challenges. And stop-and-frisk programs have been heavily criticized for their routine abuse of civil liberties. There's no expertise on display here: only the inability to work backwards from an illegal search, even when given a chance to "correct the record" post-search by aligning the paperwork with a less-unconstitutional narrative. And, finally, Exhibit C: Police chief vows to make the same horrendous mistake if that's what it takes to somehow make a dent in sex trafficking. "Everybody's like, 'Don't move, don't move or we'll shoot you,'" Noel Navarete told local 4 News. His brother Isaias, 18, said he was in the bathroom when police kicked down the door. According to family matriarch Maria Navarete, police told her to "shut up, you have no rights" when she asked what was happening. She claims police never showed her or anyone in the household a warrant. Police apologized, explaining that a mysterious heroin-addicted woman in a local hospital said she and several underage girls had been held against their will and forced into prostitution; the woman (visually) identified the Navarete's place as where it went down. That night, police began observing the house, soon witnessing two girls get dropped off by an SUV and go inside. Apparently, that was enough to warrant a furtive, middle-of-the-night raid on the place. The kicker here is the apology came packaged with the police chief's assertion he would handle things EXACTLY THE SAME WAY in the future. Somehow, this department will stamp out the scourge of sex trafficking using proven law enforcement tools like "mysterious heroin addicts" and several minutes of results-oriented investigation. These are just a few of the experienced experts serving the public -- men and women whose testimony is often considered unimpeachable and nigh unto God in terms of trustworthiness. Men and women whose errors ruin lives and whose shortcuts use the Constitution as a doormat. Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
The FBI (and other US government agencies) are already moving forward with facial recognition technology, which will allow law enforcement to scan people like license plates, if everything goes to plan. So far, consultation with the meddling public has been kept to a minimum, as have any government efforts to address civil liberties concerns. Just because the public's been kept out of the loop (except for, you know, their faces and other personal information), doesn't mean members of the public aren't working hard to ensure police officers can start running faces like plates, even when there's no legitimate law enforcement reason for doing so. Digital Barriers, a somewhat ironically-named tech company, is pushing its latest law enforcement offering -- one that supposedly provides real-time face scanning. The software can pick out and identify hundreds of individual faces at a time, instantly checking them against registered databases or registering unique individuals in seconds. Demonstrating the software at the Forensics Europe Expo 2017, vice president of Digital Barriers Manuel Magalhaes said the company was introducing the technology to UK forces. He said: “For the first time they (law enforcement) can use any surveillance asset including a body worn camera or a smartphone and for the first time they can do real time facial recognition without having the need to control the subject or the environment. “In real time you can spot check persons of interests on their own or in a crowd." But why would you? Just because it can be done doesn't mean it should be done. This will basically allow officers to run records checks on everyone who passes in front of their body-worn cameras. There is nothing in the law that allows officers to run checks on everyone they pass. They can't even stop and/or frisk every member of the public just because they're out in public. Expectations of privacy are lowered on public streets, but that doesn't make it reasonable to subject every passerby to a records check. And that's without even factoring in the false positive problem. Our own FBI seems to feel a 15% bogus return rate is perfectly acceptable. Like so much surveillance equipment sold to law enforcement agencies, Digital Barrier's offering was developed and tested in one of our many war zones. The head of the company is inordinately proud of the product's pedigree, which leads to a statement that could be taken as bigoted if it weren't merely nonsensical. Mr Magalhaes continued: “If we can overcome facial recognition issues in the Middle East, we can solve any facial recognition problem here in the United Kingdom. Hopefully, this just refers to the sort of issues normally found in areas of conflict (hit-and-miss communications infrastructure, harsher-than-usual working conditions, etc.), rather than hinting Middle Eastern facial features are all kind of same-y. Taking the surveillance out of the Middle East isn't going to solve at least one logistical problem keeping this from becoming a day-to-day reality for already heavily-surveilled UK citizens. As is pointed out by officers in the discussion thread, Digital Barrier's real-time face scanning is going to need far more bandwidth than is readily available to law enforcement. One commenter notes they can't even get a strong enough signal to log in into their email out in the field, much less perform the on-the-fly facial recognition Digital Barrier is promising. The other pressing issues -- according to the law enforcement members discussing the post -- is one far more aligned with the general public's. A couple of members point out no one PNC's entire crowds (referring to the UK's law enforcement database: the Police National Computer) and that doing so might not even be legal. Unfortunately, the rank-and-file rarely get to make these decisions. These choices will be made by people who think the public needs to give til it hurts when safety and security are on the line. Dropping this capability into body cameras will make them more of an intrusion on the lives of citizens and far less likely to result in police accountability. Faces being linked automatically to databases full of personal info creates complications in obtaining camera footage. It won't result in improved policing, even though there are plenty of supporters who mistakenly believe "easier" is synonymous with "better." Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
Another Supreme Court case on patents, and another complete smackdown of the Court of Appeals for the Federal Circuit (CAFC), the court that is supposed to be the "expert" on patent cases. This morning the ruling on the TC Heartland case came out, and it could help put an end to jurisdiction shopping for patent cases. As you've probably heard, for years now patent trolls and other aggressive patent litigants have been filing their cases in East Texas, as it's become a jurisdiction that is ridiculous friendly to patent holders. The towns of Marshall and Tyler, Texas have practically built up industries around the fact that they are "patent friendly" jurisdictions. In the past few years, a second favored jurisdiction has popped up: Delaware, after a few academic studies showed that the courts there may have been even more friendly than East Texas. The TC Heartland case was about a case filed in Delaware, and raised the issue of whether or not this kind of patent forum shopping was okay. CAFC, in its usual CAFC manner, said "sure, that's great, we love jurisdiction shopping and have since our 1990 ruling in VE Holding v. Johnson Gas. This was kind of ironic, as one of the key justifications given for setting up CAFC in the first place was to put an end to jurisdiction shopping in patent cases. Either way, CAFC once again blessed the ability of patent holders to sue in plaintiff friendly locations, and the Supreme Court -- which has spent the past decade reteaching patent law to CAFC every chance it gets -- has done so again. Once again, the decision was unanimous, with the court voting 8 - 0 that trolls can't just file over and over again in East Texas (Gorsuch, having just joined the court after the case was heard, did not take part). The opinion, written by Justice Thomas, goes through the history of jurisdiction issues related to where one can bring lawsuits, noting that historically, where a company was incorporated was the proper jurisdiction. While most of the ruling is deep in the weeds about definitions in the law, and whether or not Congress intended to change certain definitions, here's a simplified version of what happened: some have interpreted patent law to mean that a patent holder can sue an alleged infringer anywhere that a product is sold/available. In the age of the internet, this generally means "anywhere." Thus, as long as your product was available in Texas or Delaware, trolls could sue in those locations -- even if the company was nowhere near those locations. Here, however, the Court has said that the lawsuits are supposed to be filed where the company "resides," which it says is the state where the company is incorporated. This is a huge win for companies who are targeted by patent trolls. Rather than being dragged across the country to courts like East Texas or Delaware, which have built up large practices and reputations for supporting patent trolls over actual innovators, now cases will need to be filed where the alleged infringer is actually incorporated. Expect to see the usual whining from patent trolls and their supporters about this -- but just remember: if they have a serious case of infringement, they should be fine filing it wherever the defendants actually are. Their concern is not about how this is somehow bad for patent owners. It's really about how certain courts were biased in their favor and they can no longer take advantage of that. Of course, this might mean that the ice rink in Marshall, Texas needs to find a new sponsor. Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
The FCC apparently doesn't want to talk much about its plan to gut meaningful oversight of some of the least competitive companies in any American industry. Last week, we noted that the FCC had voted to begin the process of gutting popular net neutrality protections, ignoring the overwhelming public support for the rules registered at the FCC's website. This notice of proposed rule making (NPRM) is followed by a 90-day public comment period (you can comment here) ahead of a finalizing vote to kill the consumer protections later this year. Since the FCC has been getting a few mean tweets over its decision to give consumers the policy equivalent of a giant middle finger, it's understandable that the agency is a bit on edge. That said, veteran defense beat reporter John Donnelly stated last week that this tension culminated in him being shoved up against the wall by two FCC staffers during their May 18 net neutrality meeting. Donnelly was, he stated, "manhandled" for simply trying to ask the agency a question: . @FCC guards manhandled me, forced me out of building when I tried to ask @AjitPaiFCC & @mikeofcc questions. https://t.co/qQHQ4O82lc 1 — John M. Donnelly (@johnmdonnelly) May 18, 2017 The National Press Club was quick to issue a statement on the incident, saying that the FCC's security detail had even taken to following the reporter to the restroom for some unspecified reason: "Donnelly said he ran afoul of plainclothes security personnel at the FCC when he tried to ask commissioners questions when they were not in front of the podium at a scheduled press conference. Throughout the FCC meeting, the security guards had shadowed Donnelly as if he were a security threat, he said, even though he continuously displayed his congressional press pass and held a tape recorder and notepad. They even waited for him outside the men’s room at one point. When Donnelly strolled in an unthreatening way toward FCC Commissioner Michael O’Rielly to pose a question, two guards pinned Donnelly against the wall with the backs of their bodies until O’Rielly had passed. O’Rielly witnessed this and continued walking." Again, so it's clear, this wasn't even a particularly controversial reporter (not that it should matter), it was a widely respected veteran who has been covering FCC policy for more than a decade. Numerous members of the press were quick to express their disgust at the incident, and GOP Senator Chuck Grassley proclaimed that there was "no good reason to put hands on a reporter who’s doing his or her job." This apparently all happened in front of FCC Commissioner Mike O'Rielly, who took to Twitter to apologize, but to deny that he saw the incident occur: @mikeofcc @FCC @AjitPaiFCC I appreciate the apology. But "put themselves" there makes it sound dainty. They pinned me. — John M. Donnelly (@johnmdonnelly) May 18, 2017 O'Rielly then proceeded, for some reason, to indicate that he was cold and hungry at the time the event happened: @johnmdonnelly @FCC @AjitPaiFCC John, I am not doubting you one bit. I didn't see physical touching. I was also freezing and starving. I am very sorry this occurred. — Mike O’Rielly (@mikeofcc) May 18, 2017 Clearly the FCC's majority is a little sensitive, but there's absolutely zero justification for this kind of behavior. But it does continue to make it clear that, much like its plan to gut meaningful oversight of telecom duopolies, the fake anti-net-neutrality bot comments flooding the agency's website, or the FCC's potentially-false DDoS attack claims -- there's more than a few subjects the current FCC doesn't want to talk too much about right now. Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
Start mastering Red Hat Linux and even prepare for the RedHat Certified System Administrator Exam (RHCSA) with the $19 CentOS and Red Hat Linux Certified System Administrator Course. Seeing as Linux powers most of the Web, every full stack hacker should be familiar with the operating system and its various tools. Learn the Linux GUI, understand file system navigation and command lines, experience the packet manager, and more. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team. Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
With UK Prime Minister Theresa May recently calling for a new election there, which she is expected to win easily (despite recent reports of narrowing polls), last week May's Conservative party released its Manifesto (what we in the US tend to call a party's "platform"). There are all sorts of things in there that are getting press attention, but for the stuff that matters here on Techdirt, let's just say May's view of the internet is not a good one. A part of the plan is basically to regulate, tax and censor the internet, because the Conservative Party leadership doesn't seem to much like the internet -- and they especially dislike the fact that Google and Facebook are so successful. What's hilarious is that the manifesto basically promises to put in place all sorts of rules that will absolutely kill off any internet economy in the UK, as no company in its right mind would agree to these restrictions, while, at the same time, it talks up how important it is to support digital businesses in the UK. Of course, some of the plan is couched in nice sounding language that should actually scare you: A Conservative government will develop a digital charter, working with industry and charities to establish a new framework that balances freedom with protection for users, and offers opportunities alongside obligations for businesses and platforms. This charter has two fundamental aims: that we will make Britain the best place to start and run a digital business; and that we will make Britain the safest place in the world to be online. "Balances" freedoms? Freedoms aren't supposed to be "balanced." They're supposed to be supported and protected. And when you have your freedoms protected, that also protects users. Those two things aren't in opposition. They don't need to be balanced. As for "obligations for businesses and platforms" -- those five words are basically the ones that say "we're going to force Google and Facebook to censor stuff we don't like, while making it impossible for any new platform to ever challenge the big guys." It's a bad, bad idea. Of course, immediately after that, there's a bunch of nonsense about how the UK will be the "best" place to run a digital business. That's, uh, not even remotely true based on what is said in the immediately preceding paragraph. We will ensure there is a sustainable business model for high-quality media online, to create a level playing field for our media and creative industries. This is a dog whistle to the legacy film and recording industries about terrible copyright laws on the way. For a few years now, those industries have been whining about the need for a "level playing field" -- which to them means no internet innovation in business models, but rather a government mandated business model that protects an old, legacy way of doing business. Promising a "sustainable business model" from the government makes no sense. That's not how it works unless you're giving companies monopolies... oh, wait, yeah, that's what copyright is all about. So, basically, say goodbye to lots of innovation in the creative fields in the UK, because Theresa May wants to lock in the business model from 1998. Our starting point is that online rules should reflect those that govern our lives offline. It should be as unacceptable to bully online as it is in the playground, as difficult to groom a young child on the internet as it is in a community, as hard for children to access violent and degrading pornography online as it is in the high street, and as difficult to commit a crime digitally as it is physically. Again, these are the kinds of things that lots of people find reassuring... if they know absolutely fuck all about how the internet works and what it would actually take to do this. First off, the rules that govern offline do govern online. Second, it is just as socially unacceptable to bully on the playground as it is to online -- but (spoilers!) it still happens in both places. It's sad and unfortunate, but history has yet to come up with a way to stop bullying on the playground, and most suggestions for how to do it online involve ridiculous surveillance and censorship, which creates a whole host of other problems. And, the whole "grooming children" on the internet is an overblown moral panic that happens extremely rarely. As for running into pornography and violence -- certainly an issue, but one that parents generally are supposed to handle, rather than the government seeking to censor the entire internet. And, what the hell does it even mean to say it should be as difficult to commit a crime digitally as it is physically? In many cases, it's more difficult. In some cases, it's easier. But, given the long list of crimes, it's difficult to argue that digital crime, as a whole, is somehow "easier" than offline crime. It's a silly, meaningless statement that just plays on bogus fears about the "dangers" of the internet. We will put a responsibility on industry not to direct users – even unintentionally – to hate speech, pornography, or other sources of harm. We will make clear the responsibility of platforms to enable the reporting of inappropriate, bullying, harmful or illegal content, with take-down on a comply-or-explain basis. Basically: we will make private internet companies our internet censorship police, or we'll fine them millions of dollars. This will create all sorts of unnecessary problems. First, to avoid liability, companies will massively over-censor. We see this happen all the time. All sorts of perfectly fine and legitimate content will be censored just to avoid the potential liability. Second, this will be massively expensive. Sure, Facebook and Google can probably handle the expense, but no one else will be able to. If you're trying to start the next Facebook or Google in the UK, you're fucked. You can't afford to police all the content on your platform, nor can you afford the potential liability. Probably best to just move somewhere else. Third, does the UK government really want private platforms like Google and Facebook making these determinations? Why is it handing off the responsibility of what kind of speech is "illegal" to private, for-profit companies (foreign companies, at that)? In addition, we do not believe that there should be a safe space for terrorists to be able to communicate online and will work to prevent them from having this capability. And this may be the most terrifying line of all here. That's the dog whistle for "we'll outlaw encryption" because encryption -- in the minds of foolish, scaredy-cat politicians -- creates "safe spaces" for terrorists. Nevermind that the same encryption creates "safe" spaces for every other person and that undermining that makes absolutely everyone less safe. This is a dangerous plan that seems to echo the words of the UK's Home Secretary, Amber Rudd, from a few months ago, where she wanted to find people who knew the necessary hashtags to silence terrorists online. This isn't policy making. This is nonsense. We will educate today’s young people in the harms of the internet and how best to combat them, introducing comprehensive Relationships and Sex Education in all primary and secondary schools to ensure that children learn about the risks of the internet, including cyberbullying and online grooming. First of all, why is the education only on the "risks" of the internet, and not the benefits and opportunities? What an odd thing to focus on. Second, it's 2017. Are there really still schools that don't already teach this stuff? And, as mentioned earlier, the bogeymen of "cyberbullying" and "online grooming" are both overblown moral panics. We will give people new rights to ensure they are in control of their own data, including the ability to require major social media platforms to delete information held about them at the age of 18, the ability to access and export personal data, and an expectation that personal data held should be stored in a secure way. And... there's the "right to be forgotten." Apparently, the plan is a blanket right to be forgotten for anything about you from before you're 18. Look, I did stupid things before I was 18. You probably did too. It's kind of part of being a teenager. You do stupid things. Most people then grow up. They regret what they did, but most normal people recognize that when others did stupid stuff in their teens, it was because they were teenagers who then grew up as well. In other words, most people put that stuff into context. You don't need to delete it. You just recognize it happened, that the person was a teenager when they did it, and you assume they probably grew up and matured. We will continue with our £1.9 billion investment in cyber security and build on the successful establishment of the National Cyber Security Centre through our world-leading cyber security strategy. We will make sure that our public services, businesses, charities and individual users are protected from cyber risks. We will further strengthen cyber security standards for government and public services, requiring all public services to follow the most up to date cyber security techniques appropriate. How the hell are you going to do that at the same time that you're outlawing encryption? Some people say that it is not for government to regulate when it comes to technology and the internet. We disagree. Yeah, we got that from all the nonsense above. Nor do we agree that the risks of such an approach outweigh the potential benefits. Then you need to hire at least someone in your leadership who understands the internet, because it's clear that that's severely lacking. We will introduce a sanctions regime to ensure compliance, giving regulators the ability to fine or prosecute those companies that fail in their legal duties, and to order the removal of content where it clearly breaches UK law. We will also create a power in law for government to introduce an industry-wide levy from social media companies and communication service providers to support awareness and preventative activity to counter internet harms, just as is already the case with the gambling industry. There's the censorship and taxation bit, all in the course of a couple of sentences. Sanctions to "ensure compliance" with the censorship regime and "levies" to tax Facebook and Google to pay up because of imaginary "internet harms." We believe that the United Kingdom can lead the world in providing answers. So we will open discussions with the leading tech companies and other like-minded democracies about the global rules of the digital economy, to develop an international legal framework that we have for so long benefited from in other areas like banking and trade. So, not only will they tax, regulate and censor the internet, they want to get other countries to do the same thing. There's much more in the manifesto, but this is basically a joke, and would destroy the tech sector in the UK, rather than help it. It shows an astounding level of ignorance about the internet and technology, and seems to be written by technically illiterate people who fall for internet hoaxes and now only think of the internet in terms of what they fear about it. It's a bad look, and a rather stunning one from a Conservative Party that supposedly favors deregulation/free market kind of ideas. This plan is the exact opposite. It's technically clueless, top-down paternalism. Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
We've noted for some time how T-Mobile's crazy idea to be nice to consumers (well, if you exclude their attacks on the EFF and net neutrality) has been a great thing for American consumers. Thanks to more consumer-friendly policies, T-Mobile has been adding more subscribers per quarter than any other major carrier for several years running. This pressure recently resulted in both AT&T and Verizon being forced to bring back the unlimited data plans the companies had been telling consumers they didn't actually want for years. This added competition has really annoyed Wall Street, which has been grumbling about the shift back to unlimited plans for months. Wall Street had grown comfortable with the non-price competition in the wireless market, where plan pricing often obscured the fact that Americans pay more for mobile data than most developed countries. AT&T and Verizon used a lack of competitive pressure to kill off unlimited data plans in 2011, allowing them to introduce significantly more expensive metered plans -- just as video consumption on mobile began to take off. For the giant incumbents, things were going swimmingly. Of course as T-Mobile grew, improved its network, and fashioned its often brash and amusing new identity, it slowly but surely became a more viable competitor, forcing both companies to respond. And, just as Wall Street worried, the shift back to unlimited data is having a negative impact on cellular revenues. How negative? According to respected wireless industry analyst Chetan Sharma, cellular data revenues dropped last quarter for the first time in seventeen years. This was part of a number of firsts for an industry not-entirely-familiar with this whole competition thing: US had a rough start to 2017 with several indicators turning negative for the industry: The US mobile data services revenue has seen QoQ growth for 17 straight years until Q1 2017 when it saw its first negative growth for the quarter. (Q1 is generally a down quarter but for the first time the revenue growth dipped below zero). Verizon suffered its first ever decline in service revenues YoY. For the first time, the net adds for connected (cellular) tablets were negative. For the first time, the postpaid net-adds were negative (AT&T net-adds were impacted due to sun setting of the 2G network). And while T-Mobile added 798,000 postpaid (month to month) subscribers, Verizon and AT&T saw a 289,000 and 348,000 postpaid subscriber reduction, respectively. Before you feel too badly for these industry giants, know that very healthy sector net income still managed to improve 13% overall as operators focused their attentions on other profitable markets (like the internet of things, ads and media, and smart cities), tightened their belts and lowered their some expenditures. Still, there's little doubt this added competition has been of notable benefit to consumers, who still pay some of the highest prices on the planet, but are at least getting to touch the hem of what real competition is supposed to look like. The problem: there's no indication things stay that way, and some indicators that things could reverse course. The FCC is busy gutting all consumer protections in belief that blind deregulation magically results in telecom utopia, ignoring that this has the opposite intended impact on less competitive markets (especially fixed-line broadband). And there's also every indication that these same regulators are keen to approve Sprint's planned acquisition of T-Mobile, a deal that would reduce the players in the space, likely putting an end to this pesky flirtation with competition in fairly short order. Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
The NSA's exploit toolkit has been weaponized to target critical systems all over the world. So much for the debate over the theoretical downside of undisclosed vulnerabilities. (It also inadvertently provided the perfect argument against encryption backdoors.) The real world has provided all the case study that's needed. It appears the NSA finally engaged in the Vulnerabilities Equity Process -- not when it discovered the vulnerability, but rather when it became apparent the agency wouldn't be able to prevent it from being released to the public. What's happened recently has been devastating and Microsoft -- whose software was targeted -- has expressed its displeasure at the agency's inaction. Maybe the agency will be a bit more forthcoming in the future. Ellen Nakashima and Craig Timberg of the Washington Post report former NSA employees and officials had concerns about the undisclosed exploit long before the Shadow Brokers gave it to the world. When the National Security Agency began using a new hacking tool called EternalBlue, those entrusted with deploying it marveled at both its uncommon power and the widespread havoc it could wreak if it ever got loose. Some officials even discussed whether the flaw was so dangerous they should reveal it to Microsoft, the company whose software the government was exploiting, according to former NSA employees who spoke on the condition of anonymity given the sensitivity of the issue. Officials called it "fishing with dynamite." The exploit gave the NSA access to so much on compromised computers, the agency obviously couldn't bear the thought of voluntarily giving up such a useful hacking tool. But when it was first deployed, some inside the agency felt the vulnerability might be too powerful to be left undisclosed. But there were plenty of others who viewed disclosure as "disarmament." Somehow, despite three straight years of leaked documents, the NSA still felt it had everything under control. The Shadow Brokers NSA exploit auction made it clear the NSA was no better at securing its software stash than it was at keeping thousands of internal documents from wandering out the door. The only upshot is the NSA has now witnessed what kind of damage its exploits can do in the wrong hands. Since the agency cannot possibly ensure this sort of thing won't happen again, the question now is how much of other people's security is the agency willing to sacrifice in the name of national security? The NSA appears to believe it handled this as well as it could given the circumstances, but the outcome could have so much worse. The chain of events leading to the NSA's eventual disclosure helped minimize the collateral damage. It has very little to do with the steps the NSA took (or, more accurately, didn't take). What if the Shadow Brokers had dumped the exploits in 2014, before the [US] government had begun to upgrade software on its computers? What if they had released them and Microsoft had no ready patch? There's your intelligence community nightmare fuel. Had the vulnerability managed to take down US government hardware and software, the NSA would be facing even more criticism and scrutiny that it already is. The NSA appears to only disclose vulnerabilities when forced to. It may possibly hand over those it finds to be of limited use. Former NSA head Keith Alexander says the agency turns over "90%" of the vulnerabilities it discovers, but that percentage seems inflated. The NSA spent years as "No Such Agency." It's only been the last four years that it's been forced to engage in more transparency and accountability, so it's tough to believe it's spent years proactively informing affected companies about the flaws in their products. In any event, the NSA's second-guesswork will have do for now. Some legislators are hoping to shore up the vulnerabilities reporting process, but it's likely by the time it heads for the Oval Office desk, it will be riddled with with enough national security exceptions to make it useless. With the Shadow Brokers hinting they still have more dangerous exploits to release (including one affecting Windows 10), the decision to disclose these vulnerabilities will once again be informed by the NSA's inability to keep its hacking tools secure, rather than any internal examination of its hoarder mentality. Permalink | Comments | Email This Story

Read More...
posted 5 days ago on techdirt
This week, we covered the disturbing story of a cop whose huge number of impaired driving arrests turned out to stem from his arbitrary decisions about who was impaired as though it was some sort of magical ability. Roger Strong took a firm line on responding to this, and enough people agreed to make it the first place winner for insightful: Officer T.T. Carroll is a known serial liar. The Cobb County police department supports and encourages serial liars. Cobb County police department arrest records are not credible. These points should be raised in ANY trial where Cobb County police testimony is presented, or any background check using police records. In second place, we've got a response from JoeCool to the Conan O'Brien joke stealing lawsuit, making the case that some jokes essentially write themselves: Topical jokes shouldn't be eligible for copyright Seriously, I heard that same joke about the MVP truck from a dozen people before it made it online or TV. It was the most obvious joke in the world, and therefore not all that funny. Given how much humans value humor and how many people at least TRY to be funny, I expect that EVERY topical joke is reinvented thousands of times independently. As such, they don't deserve any sort of protection. For editor's choice on the insightful side, we head to our post about Microsoft's angry response to the NSA following the WannaCry ransomware debacle, which made use of a leaked NSA exploit. First, mcinsand did a good job of summing up the most important lesson for the government to learn here: Senators Feinstein and Burr Need to Pay Attention For the slow class, there is an important lesson here. An unintentional weakness created havoc this week, and the NSA's knowledge hurt national and global security by not working with Microsoft to fix the problem. If an accidental flaw can cause trouble, then a designed-in backdoor has at least the same potential for damaging our security. We will only make our nation less secure by hiding vulnerabilities or, especially, if we actually deliberately create them; we will make our nation more secure, however, if we work to secure our software. However, PaulT also made a good point that sparked a conversation about Microsoft that is worth checking out in full: I appreciate MS here, but they have to accept a lot of responsibility for the situation. It's not just about their historically shoddy record of security (although that's undoubtedly improved), it's about how they've run their ecosystem for so long. Many people have had major issues installing Windows updates in the past, so they make sure they're turned off. Lots of people killed Windows 7/8 updates because they wanted to avoid being forced to install Windows 10 without their permission. MS has been really bad at separating actual critical updates from other types of changes, so there's no middle ground in a lot of areas - especially businesses where their updates have been known to kill mission critical production systems if not properly vetted. So, they don't rush to install new patches unless they're made aware of an urgent reason to do so. Part of the reason why some places were still running XP has to do with compatibility issues for certain software and drivers. I can understand why Microsoft wants to get away from supporting such things. But, if they have introduced problems in getting legacy products to run on a new OS, then they're the reason people didn't upgrade to an OS that was protected against this attack. All kudos due to Microsoft for coming out and saying what they have here, and taking a stance against the NSA (although a large part of that is probably self-preservation rather than altruism). But, they have to recognise that their own actions, not just recently but over most peoples' experience with their products, has led to everyone being less secure. Saying they released a patch a couple of months ago is no good when the reason why the patches weren't applied on so many machines is because of their own historical behaviour. Over on the funny side, our first place winner is Roger Strong who had a hilarious response to the BBC's bizarre new commenting policy that says they might report abusive comments to your boss: If you're abusive AND insightful, they let you host Top Gear. For second place, we head to our post about the Japanese music collection society that wants music schools to pay up for the performance rights to songs they teach to students. My_Name_Here provided a case study in Poe's Law with a comment that racked up a lot of funny votes despite nobody being quite sure if it was actually a joke: I know this will be hidden, but If composers aren't paid when students are being taught to play songs they've already written, why would they write more songs that will simply be performed for free? Masnick doesn't like thinking about these unfortunate truths, because they don't mesh with his piratey worldview. For editor's choice on the funny side, we start out with one more comment on that post. This time it's Roger Strong again with a great survival tip: If I were ever lost alone in the woods, I'd just sing a happy tune. Because then I could get directions from the collection society representative demanding payment for the public performance. (And yes, it's a public performance if animals hear it.) Finally, we've got a different kind of survival tip from Jigsy — a creative response to immigrations officers requesting account passwords: "Why yes, officer. My password is the last 21 digits of Pi." That's all for this week, folks! Permalink | Comments | Email This Story

Read More...
posted 6 days ago on techdirt
Five Years Ago This week in 2012, a Microsoft-funded effort to disrupt BitTorrent was drawing scrutiny, EMI was gloating over the demise of MP3Tunes, and the MPAA was cheering on legal rulings against the Pirate Bay. Of course, one of those rulings was called into question when a Dutch judge's connections to anti-piracy groups drew accusations of corruption, and one of TPB's founders was taking the legal fight over a Swedish ruling to the EU courts. Meanwhile, protestors against the TPP were getting creative, Chile was threatening to drop out of the negotiations all together, Rep. Darrell Issa posted an old leaked version of the agreement for discussion, and the USTR was still attempting to claim that listening to people counts as "transparency". Ten Years Ago This week in 2007, while the MPAA was making some curious changes to its opaque and esoteric ratings system, the RIAA was getting journalists to parrot its propaganda about its copyright shakedowns, and Microsoft was spreading unoriginal FUD about Linux infringing on its patents (prompting Sun to remind it that real companies don't litigate, they innovate). Cinemas were lashing out at the idea of getting rid of movie release windows, CBS was learning why trying to build its own online video destination was a bad idea, and the latest update to AACS was cracked before it even hit the market. We also witnessed the birth of The Copyright Alliance at the hands of the RIAA, MPAA, Disney, Viacom and more. Fifteen Years Ago Sometimes — such as this week in 2002 — cracking CD protection was as easy as using a black marker or some electrical tape. Then again, other times the CD might lock up your iMac and force you to take it in for repairs. While the copyright world was discussing big, sweeping ideas like blanked licensing fees paid to ISPs and compulsory licenses for music downloads, the recently-announced Creative Commons was launching in earnest. Also, you know that oft-mentioned fact about how everyone from Europe is descended from Charlemagne as a matter of mathematical inevitability? It was this week in 2002 that those numbers were first crunched. One-Hundred And Fifteen Years Ago Most of you are probably at least vaguely familiar with the Antikythera mechanism, an shockingly advanced astronomical calculator/analog computer from Ancient Greece. It was on May 17th, 1902 that the mechanism was discovered by an archaeologist examining the remnants of a ship, itself discovered on the sea floor two years earlier by sponge divers. Permalink | Comments | Email This Story

Read More...
posted 7 days ago on techdirt
Certain senators have repeatedly pushed for encryption bans or encryption backdoors, sacrificing personal security for national security in a move that will definitively result in less of both. Former FBI Director James Comey's incessant beating of his "Going Dark" drum didn't help. Several legislators always managed to get sucked in by his narrative of thousands of unsearched phones presumably being tied to thousands of unsolved crimes and free-roaming criminals. It will be interesting if the anti-encryption narratives advanced by Sens. Feinstein and Burr (in particular -- although others equally sympathetic) continue now that senators can officially begin using an encrypted messaging system for their own communications. Without any fanfare, the Senate Sergeant at Arms recently told Senate staffers that Signal, widely considered by security researchers and experts to be the most secure encrypted messaging app, has been approved for use. The news was revealed in a letter Tuesday by Sen. Ron Wyden (D-OR), a staunch privacy and encryption advocate, who recognized the effort to allow the encrypted messaging app as one of many "important defensive cybersecurity" measures introduced in the chamber. ZDNet has learned the policy change went into effect in March. If this isn't the end of CryptoWar 2.0, then it's at least a significant ceasefire. Senators are going to find it very hard to argue against encrypted communications when they're allowed to use encrypted messaging apps. It's not that legislators are above hypocrisy. It's just that they usually allow a certain amount of time to pass before they commence openly-hypocritical activity. This doesn't mean the rest of the government is allowed to use encrypted chat apps for official communications. Federal agencies fall under a different set of rules -- ones that provide for more comprehensive retention of communications under FOIA law. Congressional communications, however, generally can't be FOIA'ed. It usually takes a backdoor search at federal agencies to cut these loose. So, members of Congress using an encrypted chat app with self-destructing messages may seem like the perfect way to avoid transparency, but it's the law itself that provides most of the opacity. If encryption's good for the Senate, it's good for the public. There's no other way to spin this. Even Trump's pro-law enforcement enthusiasm is unlikely to be enough to sell Congress on encryption backdoors. With this power in the palm of their hands, they're more apt to see the benefits of leaving encryption un-fucked with. Permalink | Comments | Email This Story

Read More...
posted 7 days ago on techdirt
The South China Morning Post has a story about a new requirement for drone owners in China to register with the country's civilian aviation regulator starting next month. So is this yet another example of the Chinese authorities clamping down on a potentially subversive new technology by ensuring that drone use can be tracked? Well, that might be one reason, but it's probably also to do with this: The move is the latest by Chinese authorities to tackle the drone safety threat after the illegal use of unmanned aerial vehicles (UAVs) made headlines at least a dozen times since the beginning of 2017. The latest case was in April when more than 240 flights were disrupted by drones flying near Chongqing Jiangbei International Airport in southwest China, leaving 10,000 travellers delayed. And if you still think this is another manifestation of China's authoritarianism, just using safety as a pretext, you might like to bear in mind that the US authorities have required drone owners to register their machines for over a year. However, those regulations have just been struck down by a federal court in Washington, D.C., and it's not clear what the FAA will now do. Perhaps more interesting than arguing about China's real motives here, is information in the South China Morning Post story about who is using this technology in China: Once the preserve of the military, they are now used in a wide range of industries, from aerial surveillance of crops to search operations and delivery of medical supplies to remote or otherwise inaccessible regions. For Chinese consumers, drones have become the favoured gadget for taking aerial videos and photos. There are also estimates of future growth: The overall UAV market in China is expected to reach 75 billion yuan (US$10.9 billion) by 2025, of which consumer drones will contribute 30 billion yuan while agricultural and forestry drones, as well as security drones, are likely to account for 20 billion yuan and 15 billion yuan respectively, iiMedia Research said in a report last year. It's worth noting that the company generally regarded as world's top drone maker, DJI, is also Chinese. Given the activity and importance of the sector, what's surprising is not that China has brought in registration requirements for drone owners, but that it has taken so long. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 7 days ago on techdirt
We've often discussed the darker side of the repurposed war tech that's made its way into the hands of local law enforcement. Much like backdoored encryption (something some in law enforcement would like to see), rebranded war surveillance gear like Stingrays may sound great when touted by good guys, but we should never forget bad guys have access to the same equipment. The seldom-discussed capabilities of Stingray devices are on full display in other countries. So far, we haven't seen US law enforcement use Stingrays to intercept communications or purposefully disrupt them. (A lack of public evidence doesn't mean it hasn't happened, however.) The power is there, though. Stingrays act as faux cell towers and force all phones in the area to route their communications through them. This has the potential to be more than merely disruptive to cell service. The devices carry the capability to act as roving wiretaps. They also have the power to act as very frightening purveyors of government propaganda. Television journalist Julia Kirienko was sheltering with Ukrainian soldiers and medics two miles (three kilometers) from the front when their cellphones began buzzing over the noise of the shelling. Everyone got the same text message at the same time. “Ukrainian soldiers,” it warned, “they’ll find your bodies when the snow melts.” Text messages like the one Kirienko received have been sent periodically to Ukrainian forces fighting pro-Russian separatists in the eastern part of the country. The threats and disinformation represent a new form of information warfare, the 21st-century equivalent of dropping leaflets on the battlefield. The messages -- sent to cell phones presumably by Russian government operatives -- contain a mixture of propaganda and threats, warning recipients they're not much use to their children dead, or attempting to portray Ukrainian forces as being in disarray and on the run. Multiple investigations have pinpointed the source of these communications: Russian LEER-3 electronic warfare systems feature drone-mounted cell site simulators launched from communications trucks for more effective cell communication interception/disruption. Russia is waging a mobile war of words with enemy combatants. A 2015 article in Russia’s Military Review magazine said the LEER-3 has a cell site simulator built into a drone that is capable of acting over a 6-kilometer-wide area and hijacking up to 2,000 cellphone connections at once. That makes it a “pretty plausible” source for the rogue texts in Ukraine, said Hardman, the former signals analyst. What isn't mentioned in the AP story is this: if the Russian military is dropping propaganda text bombs on opposing forces, it's definitely intercepting their communications as well. The devices do both and the nearby communications truck provides a mobile base for harvesting, snooping, and analysis. That this version is still on the battlefield rather than in the hands of Russian police (although it's surely there as well) doesn't offer much comfort to citizens not currently in war zones but still likely considered to be "enemies" by other governments. The devices are also scary cheap -- at least in terms of cost/benefit ratio. A half-million dollars gives governments the power to disrupt communications in multiple ways. It can spew propaganda directly into captive phones, pick up communications from these phones on the fly, track cell phone users, and, if nothing else, simply make it impossible for anyone to communicate with anyone else in the immediate area. Permalink | Comments | Email This Story

Read More...
posted 7 days ago on techdirt
Consternation over so-called "joke stealing" goes back roughly as long as comedy itself has been a thing, but these past few years have seen something of a rise in awareness whenever a comedian is accused of copying a joke. Honestly, much of this hand-wringing is overblown, likely born of an ownership culture that values protectionism over expanded culture, and devoid of the understanding that a joke is much more than the words used to tell it. After all, timing and delivery factor into the success in telling any joke, and it almost seems too obvious to have to point out that multiple comedians come up with similar jokes all the time. For that reason, the bar for copyright infringement on jokes has tended to be very high in the few cases that actually get tried. On top of that, the common method for policing such copying involved the massive reputational hit the accused takes -- rather than legal action. And that's only accelerated thanks to the internet's public shaming engine. Because of that, actual lawsuits over this sort of thing are few and far between. Which brings us to Conan O'Brien, who is still in the midst of a years-old copyright infringement suit over the claim that he and the writers of his show used several jokes from a freelance joke writer without authorization. Experts in copyright law say the 2-year-old copyright infringement lawsuit filed against O'Brien, his writers for his late-night show, Conan, and Time Warner over a handful of topical jokes may never get before a jury, despite a ruling by a judge that the case can proceed. The stakes are high, not just in time and litigation costs but in "reputational" costs: No comedian wants to be known as a joke thief. "Accusing a comedian of stealing a joke is the worst thing you can accuse them of, in my opinion, short of murder," O'Brien said in a deposition in the case. "I think it's absolutely terrible." The relatively few lawsuits of this sort almost never get to trial for this very reason. It ends up being in the accused's best interest to settle, and settle quickly, regardless of the merits. The more public attention given to accusations, the bigger the reputation hit. Of course, those bringing the suits know this as well. The plaintiff in this case is Robert Kaseberg, a freelance joke writer who claims several of his jokes made their way onto Conan's show, unauthorized by him. In the ruling, you can get a flavor of how similar the jokes actually are, but here's a sample. On Feb. 3, 2015, Kaseberg posted his version: "Tom Brady said he wants to give his MVP truck to the man who won the game for the Patriots. So enjoy that truck, Pete Carroll.” That night, O'Brien ran with this: "Tom Brady said he wants to give the truck that he was given as Super Bowl MVP … to the guy who won the Super Bowl for the Patriots. Which is very nice. I think that’s nice. I do. Yes. So Brady’s giving his truck to Seahawks coach Pete Carroll." Keep in mind that when it comes to jokes and copyright, the bar has generally been set really high. Generally, the word for word lifting of a joke is required for there to be infringement. While the examples in the suit don't rise quite to that level, the judge decided there was enough to push the trial to a jury. "Plaintiff’s protectable expression is his implication that a fictionalized Tom Brady would therefore give his truck to the coach of the opposing team, Pete Carroll," she writes. "And although the Conan joke takes an active stance … the fundamental expression is the same, i.e., that there was no doubt Brady would be giving his MVP award to the opposing team’s coach. As previously stated, while not exactly identical, the jokes are sufficiently objectively virtually identical to create a triable issue of fact regarding whether a jury would find these objective similarities to be virtually identical within the context of the entire joke." It's worth noting that while several jokes are currently at issue in this case, two more were, but are no longer part of it. Why? Well, because the judge ruled that they should be tossed, with the reasoning for one of them demonstrating exactly how it is that two comedians could come up with similar, nearly identical jokes in parallel. Judge Sammartino threw out the jokes about UAB football and the Delta flight (finding in the latter case that one of O'Brien's writers had already pitched a similar joke before the one on the blog appeared). That left Kaseberg with the Tom Brady Joke, the Washington Monument Joke, and the Jenner Joke, as the judge labels them. It's worth noting that while the judge ruled that the remaining jokes at issue were similar enough for this to go to trial, she also points out that though these jokes are deserving of copyright protection in general, that protection is mitigated by both the nature and length of the works. She notes that we're talking about two-sentence jokes in every case here, with a topical setup sentence and a punchline. There are only so many ways those jokes can be told, which means that for any infringement to have occurred, the bar for that is typically going to be that the uses must be virtually identical. It's a function of the jokes' format, which the judge appears to go to some lengths to point out. Each joke begins with a factual sentence and then immediately concludes with another sentence providing humorous commentary on the preceding facts. Facts, of course, are not protected by copyright. So now both sides of the lawsuit will attempt to calculate whether it's worth it to see this thing through to the completion of a trial. Conan and his team will have to weigh the reputation hit against the likelihood they will prevail given the high bar for infringement in these cases, while Kaseberg will have to weigh the cost of carrying on with the trial against that same high bar. If it strikes you as silly to watch a legal system contemplate the nature of comedy and jokes in this manner, you aren't alone. It strikes me that all of this legal wrangling is only effective because of the reputation hit Conan has taken and will continue to take. So, why wasn't public shaming enough, even if there truly was joke-copying going on? Permalink | Comments | Email This Story

Read More...
posted 7 days ago on techdirt
You recall, of course, the Panama Papers? The massive leak of documents about offshore shell companies last year, that a large coalition of reporters worked on for many months before releasing a bunch of stories at the same time. The documents were leaked from a law firm, and highlighted more than a few cases of what appeared to be questionable activity by the rich and powerful in moving money around in offshore accounts. Apparently the subject of one such story, Malta's Prime Minister Joseph Muscat, wasn't happy that he and some of his colleagues were mentioned in some of the reporting on this, and filed a defamation case against Matthew Caruana Galizia, the reporter who wrote up some stories, using the Panama Papers, arguing that Muscat and his chief of staff were involved in a scheme to get kickbacks on the sale of Maltese passports. Caruana Galizia, who is a journalist at the International Consortium of Investigative Journalists (ICIJ), and who coordinated the mass reporting effort on the Panama Papers (and who won a Pulitzer Prize as part of that), had posted those stories to his Facebook page. In addition to facing this defamation lawsuit, Caruana Galizia has also noted that Facebook has deleted some of his posts and locked him out of his account temporarily. It would appear that someone has complained to Facebook about those posts, claiming they were terms of service violations. Once again, this should be a reminder of the problem of relying on someone else's platform for posting your stories, as they get to make up the rules for what's allowed. But there are two larger issues here: First, this appears to be a classic SLAPP-style lawsuit, in which reporters are being sued as an attempt to chill free speech on reporting that the subject doesn't like. I'm no expert in Maltese defamation law, but it does appear that there has been a lot of concern about abuse of Maltese defamation law to intimidate reporters and chill speech (amusingly, that article focuses on Daphne Caruana Galizia who has been sued a few times for defamation, and who appears to be Matthew's very proud mother). There have also been attempts to update defamation law in Malta, but there appears to be nothing akin to a an anti-SLAPP provision. Indeed, it's not even clear if there's a "truth" defense. The interview with Daphne Caruana Galizia is quite detailed in how officials in Malta use defamation laws to chill the free speech of journalists: The fees and court expenses for filing a civil suit for libel are low and therefore not a bar to frivolous cases. There is no penalty to be paid by those who file cases unnecessarily, even if they eventually lose the case. Meanwhile, the journalist who has been sued has to pay a lawyer to defend him/her, pay fees to file a formal response to the suit, and go to many court hearings over the course of several years. Even if the journalist is cleared of libel, he or she has still paid a heavy price in terms of stress, time wasted and money spent. Criminal defamation cases are even worse. In this case, there is really no bar. The politician or other public person who feels himself to have been libelled will file a formal request for the police to prosecute the journalist, and the police are obliged to comply as they cannot ignore a formal request. The complainant pays nothing, as this is a police prosecution and not a civil suit. Meanwhile, the journalist must pay lawyers to defend him/herself and be present at every single court hearing as required under Maltese law. The stress is great. Though the government has pledged itself to repeal the criminal defamation law, it has not. And now her son gets to experience that terrible process as well. The other issue is Facebook's decision to take down the posts and lock Matthew out of his account. That's... bad. Yes, it's a private platform and has the right to make these kinds of decisions, but if Facebook wants to position itself as a platform for free speech and communication around the globe, it needs to stand up for the rights of the people using the platform, especially when they're doing investigative reporting, backed up by evidence, and speaking truth to power. Unfortunately, in this instance, it failed to do that, and is, instead, punishing the journalist. That's a shame. Permalink | Comments | Email This Story

Read More...
posted 7 days ago on techdirt
Keep your information safe while browsing with the $39 unlimited subscription to VPNSecure. You can connect up to 5 devices at once to any of their servers in over 46 countries. VPNSecure proudly assures that ZERO logs are recorded, and they provide a warrant canary as well. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team. Permalink | Comments | Email This Story

Read More...
posted 7 days ago on techdirt
A brief review of our past stories about copyright collection societies should paint you a fairly complete picture on how these businesses operate. While they pimp themselves as proxies for content creators to police the known world for unauthorized use of that content, as well as operators working to license the use of that content, instead these companies work as syphons sucking money from both sides. They will be genuinely creative in their attempts to find infringement everywhere, liberally interpreting copyright law and what constitutes requirements for various licenses for things like art and music, while at the same time often being found to feign brain-death when it comes to paying the copyright holders' share for the money they collect. While the tactics used by collection societies regularly flirt with absurdity, it's not terribly often that they behave in a way that will garner broad disdain. One collection society in Japan, though, has decided to cross that line, unilaterally informing music schools that they must now pay up for daring to teach students how to play music. The schools, it seems, are not taking this lying down, having banded together and planning to sue the collection society. The music school operators said they planned to file a lawsuit against the Japanese Society for Rights of Authors, Composers and Publishers (JASRAC) with the Tokyo District Court as early as July, a representative told The Japan Times. In February, JASRAC informed several hundred private music school operators it will begin collecting copyright fees for the use of sheet music under its management. It claims the use of music to teach piano or other instruments infringes on the “right of performance” under Article 22 of the Copyright Law, which stipulates the composer has the exclusive right to perform their work publicly. JASRAC plans to revise its regulations, enabling the organization to collect 2.5 percent of all annual fees charged by the music schools. You can immediately see what I mean about liberal interpretations of the law. Only in the mind of someone working at a collection group would a private school teaching a student how to play a song constitute a "public performance." For the collection group to suggest that this liberal interpretation entitles it to 2.5% of the gross revenue of a music school is plainly absurd. Japan's exceptions to copyright law do include exceptions for non-profit educational institutions, but these schools appear to be private. Those exception provisions also appear to be more geared to works like educational software than music. The schools are trying to get the government to fill in this gap. In response to JASRAC’s move, Yamaha Music Foundation, Kawai Musical Instruments Manufacturing Co. and five other musical school operators initially set up a group advocating for the right to educate using musical works without copyright consent. The group, which now has 350 members, has collected over 10,000 signatures demanding a halt to JASRAC’s plan, which it plans to submit to the culture ministry in July.It remains unclear how many companies will join the lawsuit. “We want the court to confirm that performances at (music) schools do not need JASRAC’s consent,” said a representative for the group. For it's part, JASRAC points out that there is no definition of a "public performance" in Japanese copyright law. But that likely doesn't mean that JASRAC can simply interpret what a public performance is any way it likes, including in the teaching of a student. Instead, it seems likely that this dispute will give the Japanese government the impetus to flesh out the law. That will ultimately be a good thing, assuming the government doesn't suddenly lose its mind and decide to pretend that educating students is a public performance of music. Permalink | Comments | Email This Story

Read More...
posted 7 days ago on techdirt
Two lawsuits filed by victims of terrorist attacks against Facebook have been dismissed. Both suits alleged Facebook was complicit in acts of terrorism simply because it (subjectively) didn't do enough to discourage use of the platform by alleged terrorists. One lawsuit (Cohen v. Facebook) plead on behalf of "20,000 similarly-situated" residents of Israel who continue to face the threat of violence at the hands of terrorist organization Hamas. The other (Force v. Facebook) also featured multiple plaintiffs but was limited to families of victims of Hamas attacks. Neither case presented legitimate complaints and both advanced novel arguments in an attempt to avoid a dismissal under Section 230. The alternative routes to judgment worked out no better for the plaintiffs, as Eric Goldman reports. The Cohen class action presented a legal theory that couldn't even be addressed by the court due to a lack of jurisdiction. From the decision [PDF]: the Cohen Plaintiffs do not seek redress for past actions but instead seek prospective, injunctiye relief based on their allegation that Facebook’s actions increase their risk of harm from future terrorist attacks. This claimed harm relies on multiple conjectural leaps, most significantly its central assumption that the Cohen Plaintiffs will be among the victims of an as-yet unknown terrorist attack by independent actors not before the court. The Cohen Complaint contains no factual allegation that could form a basis to conclude that those individuals in particular are at any “substantial” or “certainly impending” risk of future harm. At most, the Complaint shows a general risk of harm to residents of Israel and impliedly asks the court to extract a risk of harm to the Cohen Plaintiffs based on this risk. Without further allegations, however, the court sees no basis to conclude that the Cohen Plaintiffs “specifically will be the target of any future, let alone imminent, terrorist attack.” Nor can the Cohen Plaintiffs rescue their claims by arguing that they suffer a present harm resulting from their fear of such attacks, as “allegations of a subjective [fear] are not an adequate substitute for a claim of specific present objective harm or threat of a specific future harm.” While the court does not question the sincerity of the Cohen Plaintiffs’ anxieties, their subjective fears cannot confer standing absent a sufficient showing of the risk of future harm. The Force plaintiffs did not entirely avoid a Section 230 argument, but posited the immunity does not apply to content posted outside of the United States. The court grants that this legal theory is mostly unexplored at this point, but that the plaintiffs cannot avail themselves of an extraterritorial-reliant legal theory while bringing legal action in a US court against a US-based company. In light of its focus on limiting civil liability, the court concludes that the relevant location is that where the grant of immunity is applied, i.e. the situs of the litigation. Section 230(c)(1) suggests a number of "territorial relationships and events," which are generally divisible into those associated with the underlying claim (e.g., the location of the information content provider, the intemet service provider, or the act of publishing or speaking) and the location associated with the imposition of liability, i.e. where the intemet service provider is to be "treated" as the publisher or speaker. Given the statutory focus on limiting liability, however, the location of the relevant "territorial events" or "relationships" cannot be the place in which the claims arise but instead must be where redress is sought and immunity is needed. With this in mind, the court concludes that the Force Action does not require an impermissible extraterritorial application of Section 230(c)(1). As the situs of the litigation is New York, the relevant "territorial events or relationships" occur domestically. Accordingly, the court rejects the Force Plaintiffs argument that Facebook should be denied immunity under Section 230(c)(1). As Goldman points out, this looks like a routine and logical application of Section 230 immunity, but if arguments like these are entertained in other courts, it could pose some serious, irreparable problems for social media platforms. The plaintiffs essentially sought to treat Facebook as the financial guarantor of all terrorist-caused harms to all victims, regardless of what role Facebook played in causing those harms. Such an unbounded financial exposure could dwarf Facebook’s market capitalization, meaning that the theories behind these lawsuits pose an existential threat to Facebook, other social media sites, and possibly the entire Internet. Thus, the judge’s well-reasoned and clear rejection of the plaintiff’s claim is a big win for Facebook and the Internet. This decision will be appealed by both parties. There's been no decision yet on a similar suit filed in the Ninth Circuit, but the chances of these legal theories succeeding is very slim. But it's not impossible to end up with a bad ruling or, at the very least, precedent that weakens Section 230 without removing it completely. We've seen it happen before. But so far courts haven't felt the urge to hold social media platforms directly responsible for terrorists' acts of violence and it's unlikely these two complainants are going to change that. Permalink | Comments | Email This Story

Read More...
posted 7 days ago on techdirt
As Techdirt readers will recall, in 2013 David Miranda was held by the UK authorities when he flew into Heathrow airport, and all of his electronic equipment was seized, in an act of blatant intimidation. His detention was under Schedule 7 of the UK's Terrorism Act, which, as its name implies, is supposed to be used only if someone is involved in committing, preparing or instigating "acts of terrorism." That was clearly ridiculous in Miranda's case, and it's just as outrageous in the latest example of UK border bullying, this time against Muhammad Rabbani. He's a British citizen, and the international director of Cage, which describes itself as "an independent advocacy organisation working to empower communities impacted by the War on Terror." The Guardian fills in the background: Rabbani, 35, from London, is involved through Cage in investigating torture cases. He said he was stopped at Heathrow in November returning from one of the Gulf states where he had been investigating a torture case allegedly involving the US. He said he handed over his laptop and mobile phone but refused to provide his passwords. Although not a lawyer, he said the laptop contained information about the case and the client refused permission to release it. Rabbani was then arrested. Rabbani later said that he felt that he had been subjected to a "digital strip search," and pointed out: Using this power, [UK] officers can compel a person to surrender their passwords without cause and there's also no right to remain silent. There is nothing like this anywhere in the Western world. Rather than dropping the case, this week the UK authorities have formally charged Rabbani under the Terrorism Act. He told the Guardian that he intends to fight, because the move has "serious implications" for journalists, lawyers and human rights, even though he faces three months in jail if he loses. This may be the first time Rabbani's been charged, but he is certainly no stranger to being stopped by the UK border officials: Rabbani said he had been detained 20 times over the last decade by border officials and had handed over his laptop and mobile phone. On previous occasions, after refusing to hand over passwords, they were returned to him and he was allowed to go. But not on this occasion. He's not alone in being subjected to this kind of harassment by the UK authorities. Figures published in an article on the Middle East Eye site reveal just how ineffective Schedule 7 examinations are at spotting terrorists: More than 28,000 people were subjected to Schedule 7 examinations in 2015-16 resulting in about 10,000 intelligence reports being filed, according to a report by the Independent Reviewer of Terrorism Legislation. About 500,000 are also estimated to have been subjected to pre-examination screening questions in the same period. According to 2016 statistics, only 0.02 percent of stops lead to an arrest. An even smaller number lead to criminal charges. The good news is that the UK court of appeal has already criticized Schedule 7 for forcing people to betray confidences and thus make it unlikely that others would trust them again with information in the public interest. That holds out the hope that Rabbani will ultimately win in the courts, since his case is very similar. The bad news, of course, is that the US is thinking of demanding passwords from every foreigner who visits the US. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...