posted 2 days ago on techdirt
Hopefully you know who singer Dan Bull is by now. We've written about him many times. He's written and performed a bunch of songs about topics that we're interested in (and recently composed the awesome new theme song for the Techdirt Podcast (which you do listen to, right?). Dan has been able to build a career around giving away his music, and letting others do stuff with it. But he keeps running into ridiculous issues with YouTube's ContentID system. There was the time his video got silenced after another singer used the same sample he did, and then claimed the original work as his own. Or the time he got his video taken down because another rapper, Lord Finesse, was pissed off that Bull was criticizing Finesse's lawsuit against yet another rapper, Mac Miller. While YouTube has been a key place where Bull has built his audience, his run-in's with bogus claims and other problems even led him to write an entire diss track about ContentID. And, wouldn't you know it, he's having yet more problems with it. As we've discussed, in the last few years, there's been a rise in a new breed of trolls, known as ContentID trolls, who claim to hold the copyright in music that they don't have copyright in, and then use ContentID to "monetize" other people using that work for themselves. There are a number of companies and middlemen that help them do this, including one called Horus Music, which has become the perfect tool for ContentID trolls. The trolls take someone else's work, sign up with Horus, upload that other person's music, claim it as their own, and then start making claims on other people's videos. Free money. That's what just happened to Dan Bull -- who actively encourages people to use and share his own music (over which he claims no copyright restrictions). A fan of Dan's reached out to him, after a video he had made received a copyright claim, supposedly covering a song that the fan had used from Dan Bull. Bull reached out to Horus Music, telling them that its user, "DrewMCGoo72" was claiming copyright on other people's music, and asked the company to investigate the situation, and to explain "how this happened, and what exact steps will be taken to prevent such a thing from occurring again." The company issued a weak apology, saying that the DrewMCGoo72 account had already been suspended but "this must have been missed." And then they tell Dan (who encourages people to share his music) "It is a real shame that people feel that it is acceptable to steal someones music!" Except this isn't about "stealing music." This is about filing bogus copyright claims and claiming revenue or harming individuals who used music that they knew to be without copyright restrictions. Dan responded to Horus noting that he wasn't satisfied with the company's response: Horus Music's system has been exploited with the following results: A) An anonymous stranger has walked away with revenue from fraudulently claiming my music as their own, facilitated by Horus Music B) A child has received a copyright claim through Content ID from Horus Music and as a result has removed his 100% legitimate video out of fear of the consequences C) I look like a hypocrite and a dick for telling kids they can use my music, and they then receive a copyright claim on their videos for using the very same music You say you can only apologise - is an apology really all you are going to do? Horus' only response was that since the kid took down his original video, the company can't do anything to release the claim "but I assume we aren't claiming it any longer." It seems pretty clear that this is not the only time this has happened, since you can find other examples of Horus being used in this manner. This seems to raise a pretty serious question about how those companies are allowed to continue using the ContentID platform. After all, ContentID has a three strikes program for people who receive copyright violation claims. Why doesn't it have a similar three strikes program for those who abuse ContentID to claim copyright over projects they have no right to? Either way, we'll leave you with Dan's song about ContentID, as it seems only fitting: Permalink | Comments | Email This Story

Read More...
posted 2 days ago on techdirt
Steven Aftergood of the Federation of American Scientists directs us to a recently-released document issued by James Clapper (DNI) that formalizes something that the US has long held in principle, but had yet to commit to paper. Intelligence agencies that discover a threat to a person’s life or safety are obliged to alert the intended target in most cases as long as they can do so without compromising intelligence sources and methods, a new intelligence community directive instructs. A U.S. intelligence agency “that collects or acquires credible and specific information indicating an impending threat of intentional killing, serious bodily injury, or kidnapping directed at a person or group of people shall have a duty to warn the intended victim or those responsible for protecting the intended victim, as appropriate,” the new directive states. “This includes threats where the target is an institution, place of business, structure, or location.” The directive also covers, remarkably, non-US persons. The broad wording that pulls a lot of non-person "persons" under the "duty to warn" umbrella raises some questions about the included agencies' (FBI, NSA, CIA) duty to warn private companies about attacks of the "cyber" variety. Marcy Wheeler of emptywheel: As I have noted, NSA has secretly defined “serious bodily harm” to include threat to property — that is, threats to property constitute threats of bodily harm. If so, a serious hack would represent a threat of bodily harm (and under NSA’s minimization procedures they could share this data). While much of the rest of the Directive talks about how to accomplish this bureaucratically (and the sources and methods excuses for not giving notice), this should suggest that if a company like Sony is at risk of a major hack, NSA would have to tell it (and the Directive states that the obligation applies for US persons and non-US persons, though Sony is in this context a US person). So shouldn’t this amount to a mandate for cybersharing, all without the legal immunity offered corporations under CISA? It would appear to order the NSA and other government intelligence agencies to be forthcoming about impending (or ongoing) attacks. If interpreted in this fashion by the ODNI, it would appear to make CISA-ordained sharing redundant and ask the intelligence community to put aside its own interest in exploitables and preserving "means and methods" in favor of a "duty to warn." Or not. There are several exceptions. a. The intended victim, or those responsible for ensuring the intended victim's safety, is already aware of the specific threat; b. The intended victim is at risk only as a result of the intended victim's participation in an insurgency, insurrection, or other armed conflict; c. There is a reasonable basis for believing that the intended victim is a terrorist, a direct supporter of terrorists, an assassin, a drug trafficker, or involved in violent crimes; d. Any attempt to warn the intended victim would unduly endanger U.S. government personnel, sources, methods, intelligence operations, or defense operations; e. The information resulting in the duty to warn determination was acquired from a foreign government with whom the U.S. has formal agreements or liaison relationships, and any attempt to warn the intended victim would unduly endanger the personnel, sources, methods, intelligence operations, or defense operations of that foreign government; or f. There is no reasonable way to warn the intended victim. So, this voluntary assumption of a mostly-moral obligation to warn others of danger does not cover most criminals (apparently, the ODNI is fine with criminals killing/harming each other) or any situation where warning an entity of an impending attack would compromise intelligence agencies and their objectives. This would seem to eliminate warnings of cyberattacks, seeing as most relevant information would be hopelessly entangled in the cybersecurity efforts of multiple government agencies. Marcy Wheeler points out that these exceptions could explain the FBI's lack of interest in warning Occupy Wall Street members of an assassination plot. Of course, the directive didn't officially take effect until July 21, 2015. At the point the FBI decided against warning certain American citizens of assassination threats, the "duty to warn" was nothing more than an altruistic ideal. It was under no legal obligation to do so, and its investigation of Occupy Wall Street probably justified its unwillingness to keep these "insurrectionists" out of harm's way. The new directive doesn't really make this any more mandatory than it was back when it was unwritten and completely voluntary. Steven Aftergood points out the DNI's directive mentions both the National Security Act of 1947 and Executive Order 12333, but neither of these contain any wording that would legally compel intelligence agencies to honor a "duty to warn." That being said, there's at least some anecdotal evidence that intelligence agencies have carried out their "duty to warn" in the past. Aftergood's post links to a former intelligence officer's recounting of exercising the "duty to warn" in Iraq. A US citizen who was mixing good deeds (water supply work) with proselytizing (handing out Bibles to Iraq citizens) found himself the target of the Iranian Islamic Revolutionary Guards Corp. The IRGC implemented a Bible "buy-back" program, offering $5 for every Bible handed out by this "do-gooder." Iraqis soon turned this into a revenue stream, selling Bibles to the Guards and heading back to the missionary for fresh copies. The IRGC then decided it was sick of spending money to make money zero headway in the religious superiority game and decided to kill the Bible supplier. This news made its way back to the CIA task force, which then attempted to pass the warning on to the do-gooding Bible pusher. Incongruity ensued. So, I get the tasking to warn Doug under the "duty to warn" policy. I gather up a few of our Kurdish guard force and another American to go to the village and pass the warning on to Doug. I can imagine his confusion. We roll into town, something like a cross between the Rat Patrol and Pancho Villa, Toyota pickups with mounted 12.7mm’s, Alanis Morissette blaring on the CD player - you get the picture. I knocked on the door (I asked the locals, "Wayn al-Amrikan?" [Where's the American?]) and a gringo answers. I ask if he is Doug so-and-so. He says he is, but looking at our obviously loaded-for-bear entourage, asks who we are. I reply, "We’re from the State Department." He looks at us, AK-47’s and Browning High-Powers all over the place. I quietly said, "Just work with us here, Doug." "What exactly do you want?" he asks. Obviously he was not a fan of the CIA mucking around in "his" area. I explain, "We have information that the Iranians, who believe you are proselytizing Christianity, are planning to kill you. We are advising you to leave Iraq for your own safety and that of your family (he had actually brought his Dutch wife and 10-year old son with him)." Incredulously, he asked me, "Do you have anything more specific, more concrete than the fact they plan to kill me?" I was a bit taken aback - "The IRGC is going to kill you - Doug so-and-so. How much more specific do we have to be?" So, altruism exists. And inasmuch as it doesn't interfere too greatly with national security aims and/or ongoing investigations, people will be warned. But the ODNI's new "directive" doesn't add any additional obligations that weren't in place earlier. In fact, it seems to have been put down on paper mainly to explicitly list all the times the intelligence community won't be obligated to warn others of danger. Permalink | Comments | Email This Story

Read More...
posted 2 days ago on techdirt
All the cool kids are suing the NSA these days. The EFF and ACLU led the way, suing the NSA before suing the NSA was cool. Others followed as a series Snowden/Greenwald split releases gained popularity (culimating in Greenwald leaving The Guardian to start his own label website). Most recently, those abused by the NSA for their whistleblowing efforts enlisted the help of the frequently more-entertaining-than-effective Larry Klayman to sue the NSA (and many others) for the retaliatory actions that followed their whistleblowing efforts. The AP reports (without attaching the relevant filing, because information wants to be free omitted) that former Salt Lake City mayor Rocky Anderson is suing the NSA for "mass warrantless surveillance" conducted during the 2002 Winter Olympics, which were held less than six months after the 9/11 attacks. Rocky Anderson may be suing the NSA, but it appears he's only doing so by hitching his name to a pre-existing lawsuit. Anderson's name isn't found among the listed plaintiffs, which basically makes him a "similarly situated party" -- indistinguishable from the average Salt Lake City resident except that the press is willing to publish his statements. "I was outraged by this," Anderson said Wednesday. "Fundamentally, we want to get to the truth and expose what our government is doing." Anderson says he learned about the program from a 2013 report in the Wall Street Journal and has since confirmed it with an unnamed agency source. The suit names the NSA, FBI, George W. Bush, Michael Hayden, Dick Cheney and 50 "Does." What's alleged in the filing is the interception of data and communications in the Salt Lake City area for the duration of the Winter Olympics. The NSA, in conjunction with the FBI, planned and implemented a mass warrantless program—for which there was no probable cause, completely outside the Constitution and outside of any applicable federal statutory laws, including FISA, the Wiretap Act, and the Stored Communications Act—in which blanket surveillance was attempted and achieved during a period preceding the commencement of the 2002 Salt Lake Winter Olympic Games and throughout the period of the Games, from February 8, 2002 (Opening Ceremony) through February 24 (Closing Ceremony), over everyone within designated geographical areas, including Salt Lake City, Utah, and the areas including and in the vicinity of all Olympic venues. That surveillance included the interception and key-word spotting analysis of the contents of every text message sent and received, every email sent and received, and information reflecting the time and length of, and telephone numbers involved in, every telephone conversation involving any person within the areas subjected to the blanket surveillance. In some instances, people or telephone numbers were targeted by the NSA and FBI and telephone conversations involving such targeted telephone numbers were illegally and unconstitutionally recorded and subjected to analysis, without a warrant and without probable cause. In support of these allegations, it cites the exposure of the "Stellar Wind" program in 2005, as well as other confirmations of the warrantless wiretapping authority granted after the 9/11 attacks. The plaintiffs' standing relies on very simple assertions: that they made phone calls and sent text messages/emails during the Winter Olympics. Given what we know about the NSA's bulk collection programs, this is all that's really needed to make these allegations. Ex-mayor Rocky Anderson says he knows "about 200 others" who could make similar claims, but the barrier of entry for this class is low enough that thousands of residents and non-residents could join the proceedings, if granted class action status by the court. Here are the class stipulations: All individuals in the United States who sent or received a phone call, text message, or email from or to a location within Salt Lake City or within an area including and adjacent to any other 2002 Salt Lake Winter Olympic Games venue where any of the defendants were engaged in warrantless surveillance of communications by telephone, text messaging, or email during the time of December 1, 2001 to February 24, 2002 (or whenever it is established the warrantless surveillance took place). The lawsuit alleges First and Fourth Amendment violations, as well as violations of FISA, the Wiretap Act and the Stored Communications Act. It also cites similar violations of Utah's Constitution. I'm not sure this suit has any chance of surviving a motion to dismiss by the government. While standing is easier to achieve now that leaked documents have verified the specifics of the NSA's collection programs, the courts have generally granted more deference to the government's "national security" arguments. What is (slightly) helpful is that the Second Circuit found the Section 215 bulk collection isn't actually authorized by the Patriot Act. While Utah resides outside of that Circuit, decisions that question the legitimacy of bulk surveillance still may prove useful to the plaintiffs' claims. If there's going to be any retribution for the NSA's abuses, it will probably have to wait until the Supreme Court takes a swing at it. And by the time it does, the question about the legality of its bulk collection program (under Section 215) will be largely moot, thanks to the passage of the USA Freedom Act. While lawsuits like these have been mostly fruitless in their pursuit of favorable judgments, they have proven useful for shaking loose previously-hidden documents and legal justifications for warrantless, domestic surveillance. Permalink | Comments | Email This Story

Read More...
posted 2 days ago on techdirt
Did you know you can occasionally find people discussing narcotics on the Internet? Russian Internet regulator Roskomnadzor (the Kremlin's "Federal Service for Supervision in the Sphere of Telecom Information Technologies and Mass Communications") is pretending to have only recently figured this out, and is working tirelessly to purge this naughty behavior from the Internet. Of course, they're ingeniously doing so in a way that breaks the Internet for everybody else, often taking entire websites offline simply because of one yahoo's heady pontifications on dope. The country recently thought it would be a great idea to ban all of Reddit because of one thread on growing hallucinogenic mushrooms. Reddit complied and was unbanned after deleting the content, since complying with country-by-country censorship requests (sometimes reasonable, sometimes not) is something Reddit's ok with these days. This week, Russia briefly banned all of Wikipedia as well because of one entry on charas (an Indian version of hashish). Instead of censoring the entry in question (like Reddit), Wikipedia refused and only changed the URL of the entry so it technically adhered to Russian law:"Wikipedia refused to comply with the request and instead made a small change to the URL of the charas hashish article, technically putting it in compliance with Russian law. The old page now features a list of seven different Wikipedia entries on the various meanings of the word “charas,” while the original text about charas hashish is completely intact, but is now accessible at a new URL on the encyclopedia's website."As of yesterday, Roscomnadzor wasn't satisfied, saying it would (re-)ban all of Wikipedia. Unless, of course, the site was willing to make one notable change:"Roscomnadzor's press-office also said they didn't intend to block the whole website, and would be able to only block the offending content and pages, provided Wikipedia's management “cooperated” and removed the HTTPS encryption protocol that puts the whole website in danger of being blocked."So yeah, this isn't just another government being stupid and filter happy. Russia is filtering these websites under the authority embedded in a 2012 censorship law, whose purpose was purportedly to protect the children from the Internet's naughty bits. The bill's real purpose, of course, was to create an intentional, obfuscated slippery slope, designed specifically to aid in expanding control over the Internet. So Russia's sudden interest in playing pointless drug content Whac-a-mole is actually an attempt to reduce the overall use of encryption and make snooping easier:"This is an important case because it’s part of the general offensive against https. Roskomnadzor and the FSB [security services] don’t know what to do with it,” said Andrei Soldatov, a journalist and author of Red Web, a book about the Russian internet. Soldatov said SORM, the system Russia uses for internet surveillance, does not work with the more secure https protocol, also used by sites such as Facebook and Gmail... Soldatov speculated that the move against Wikipedia could be part of a test of another strategy: by threatening the site with bans over single pages, the site could be forced off https to ensure that the whole site is not affected when only one page is banned. Soldatov said: “There are two options for https: the first is to have access to the data before encryption, which explains the demand to store servers in Russia. The second is to try to force services to give up on https, which is what is happening with Wikipedia.”" So basically, the Russian government is assaulting encryption, expanding Internet surveillance power and cracking down on critics -- under the pretense of protecting the children from bonghits. Remember, though, killing journalists, encouraging violent homophobia and pumping the Internet full of propaganda twenty-four hours a day are still on the recommended hobbies list in Putin's Russia.Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
Here on Techdirt, nationwide tracking schemes tend to raise a red flag. In Malaysia, by contrast, there seem to be no such worries, as ambitious plans to introduce RFID tagging for all vehicles, reported by The Sun Daily, indicate: A new vehicle security tracking system suitable for all types of vehicles -- the Radio Frequency Identification (RFID) -- will be implemented nationwide by the Road Transport Department (JPJ) by 2018. According to the article, there are plenty of advantages of doing so: This new system will enable the police and other authorities to effectively track down criminals And: the RFID technology will herald a new era for vehicle security in Malaysia and it could be the answer to combat vehicle theft and cloned vehicle syndicates. Moreover: the RFID can also be used to provide real-time monitoring on road traffic situation. And if you're worried that ne'er-do-wells might seek to avoid being tracked simply by ripping off said RFID tags, fear not, Malaysia has that covered: theSun understands that the RFID tag is designed to shatter should any one attempt to tamper with it and can transmit a warning to the JPJ and police, should any one try to remove the sticker. Sounds pretty foolproof. So why aren't other countries rushing to adopt this approach? Interestingly, RFID technology has been criticised in many countries for its effectiveness to track vehicles movement and citizens. It has been widely accused for invasion of privacy in Belgium, Italy, UK and US. I just can't imagine why. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
Space travel isn't exactly a routine thing just yet. In the 70s, some people thought we'd have shuttles going up to space on a regular schedule, but that didn't exactly happen. Rockets haven't gotten all that much cheaper or more reliable, but presumably they will someday if we continue to build them and improve upon them. Or maybe we'll figure out a completely different way to escape Earth's gravity with a space elevator or rail-gun system to launch vehicles at extremely high speeds. Check out a few of the links below if you think human space exploration isn't a complete waste of time. Thoth Technology has been granted a patent for an inflatable "space elevator" that's (only) 12 miles tall. Disregarding the fact that this design wouldn't actually reach space, it still seems pretty impractical barring an amazing advance in materials that allows such a tall structure to withstand all the forces it would need to in order to remain standing, much less support cargo and launch vehicles. However, this isn't actually the first patent on a space elevator, and everyone should know by now that patents don't actually need to correspond to actual functioning products. [url] If you haven't been following the progress of space travel, this WaitButWhy article might be a good starting point. It's a long, but good, read -- and outlines why/how Elon Musk's goal of creating a Mars colony is a good idea. [url] While Elon Musk might sound credible and non-crazy for talking about a mission to Mars, the CEO of Mars One doesn't seem to be getting much benefit of the doubt when he says his company's plan to go to Mars is "feasible" still. Bas Lansdorp's company has identified lots of space fans literally willing to die to go to Mars, but the time table and plans behind that project make Mars One sound more and more like a outright suicide mission if it even gets off the ground. [url] After you've finished checking out those links, take a look at our Daily Deals for cool gadgets and other awesome stuff.Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
You may recall that several months back we wrote about Major League Baseball getting into a trademark dispute with Evolution Finance, who operates a website called WalletHub. The reason for the dispute was that WalletHub's logo was a white "W" on a green background, which MLB thought was too similar to symbols used by the Washington Nationals and Chicago Cubs teams. That Evolution Finance wasn't in even remotely the same industry as two major league baseball teams is a fact that appeared to escape MLB, as the league actually had the stones to claim that customers might be confused between the "W" symbols. Adding to the silliness of it all was the simple nature of the logos. The top left image is a registered logo for the Washington Nationals baseball team, the bottom left is the registered "W" flag the Chicago Cubs fly whenever they win a game, and the logo on the right is WalletHub's. Yes they all look somewhat similar...because they're all basically just the letter "w." Similarity or no, the idea that WalletHub's logo might cause a human person with a human brain to think that it was associated with Major League Baseball requires the kind of thinking that I'm not capable of. But all has ended well, it appears. MLB has agreed to drop its opposition to WalletHub's trademark application after the latter agreed to amend the application to absolutely needlessly clarify that it wasn't a baseball team. The addition of a single sentence ended a lengthy period of negotiations over trademark infringement allegations over how the letter "W" was used in logos between D.C.-based Evolution Finance's financial information company WalletHub, the Washington Nationals and Major League Baseball. With that, MLB's complaint was dismissed July 14. Evolution Finance’s original filing said it was “creating an on-line community for users seeking financial information to participate in discussions, get feedback from their peers, read and customize their news” and other services. But the new trademark application also adds “all the foregoing not relating to baseball or softball or to a baseball or softball team, league, mascot or stadium.” If pettiness were a sport, MLB's lawyers would be winning the pennant. Honestly, this sounds more like a legal team extracting some kind of action out of an opponent simply to justify its own existence rather than an action with any actual legal interest. But, hey, trademark, amirite? Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
Everybody wants a piece of the Internet advertising pie, and many are willing to sink to the very bottom of the well of stupidity to get what they believe is owed them. For years now ISPs, hardware vendors and even hotels simply haven't been able to help themselves, and have repeatedly been caught trying to inject their own ads over the top of user browsers and data streams. This is a terrible idea for a number of reasons, ranging from the fact that ad injection is effectively an attack on user traffic, to the obvious and inherent problem with defacing other people and organizations' websites and content with your own advertising prattle. Still, companies like Comcast, Marriot and Samsung have all been caught trying to shove their ads over the top of user data streams. When pressed, most companies are utterly oblivious (or pretend to be utterly oblivious) as to why this behavior might not be that good of an idea. AT&T appears to be the latest company to use its perceived power over the conduit to manipulate the message. Stanford computer science and legal lecturer Jonathan Mayer recently visited the Dulles airport in DC, and found AT&T's Wi-Fi hotspots pushing a number of pop up ads, overlaying themselves on browser content:AT&T's hotspots (or at least the one in Dulles) appear to be using technology provided by RaGaPa, a startup that promotes itself as an expert in "Wi-Fi Monetization and In-Browser User Engagement Solutions." RaGaPa's tech loads the page via the hotspot, then make three edits over HTTP: the injection of an advertising style sheet, the loading a backup advertisement (in case the user's browser has disabled Javascript), and the injection of a pair of scripts for managing advertisement selection and loading. There's no mention of this practice anywhere in AT&T's terms of service. As already noted, this type of injection is highly problematic and sets an awful precedent:"AT&T has an (understandable) incentive to seek consumer-side income from its free wifi service, but this model of advertising injection is particularly unsavory. Among other drawbacks: It exposes much of the user’s browsing activity to an undisclosed and untrusted business. It clutters the user’s web browsing experience. It tarnishes carefully crafted online brands and content, especially because the ads are not clearly marked as part of the hotspot service. And it introduces security and breakage risks, since website developers generally don’t plan for extra scripts and layout elements."As Mayer also notes, this is a legally muddy area, and, worried about regulatory wrist slaps, most busted ISPs have very quickly and sheepishly backed away from the practice for fear of legal repercussions. I reached out to AT&T to see whether this is a one-off instance of stupidity on the part of AT&T or somebody else (like Dulles), or if aggressively and idiotically injecting itself into the user browsing experience is now going to be AT&T's standard operating procedure across the company's network of 30,000+ Wi-Fi hotspots.Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
Late last year, we covered a Fifth Circuit Court of Appeals decision pertaining to a high school student who was suspended from school because he uploaded a "disruptive" rap song to his Facebook account. While the song was vulgar and hinted at violence towards a school employee (who was allegedly taking advantage of female students), it was recorded and uploaded off-campus during non-school hours. The divided decision found in favor of the student (Taylor Bell) and overturned his suspension. As the decision noted then, most of the claimed "disruption" was solely in the minds of the school administration. At the disciplinary/due process hearing, no evidence was presented that the song had caused or had been forecasted to cause a material or substantial disruption to the school's work or discipline. In addition, there was no evidence presented indicating that any student or staff had listened to the song on the school campus, aside from the single instance when (Coach Michael) Wildmon had a student play the song for him on his cellphone in violation of school rules. Neither of the coaches named in the song attended or testified at the hearing, and no evidence was presented at the hearing that the coaches themselves perceived the song as an actual threat or disruption. Because of the division in opinions in the original panel's decision, an en banc review was granted. And the pendulum has now swung in the other direction and Bell's suspension has been upheld. Primarily at issue is whether, consistent with the requirements of the First Amendment, off-campus speech directed intentionally at the school community and reasonably understood by school officials to be threatening, harassing, and intimidating to a teacher satisfies the almost 50-year-old standard for restricting student speech, based on a reasonable forecast of a substantial disruption. See Tinker v. Des Moines Indep. Cmty. Sch. Dist., 393 U.S. 503, 514 (1969) (infringing otherwise-protected school speech requires “facts which might reasonably have led school authorities to forecast substantial disruption of or material interference with school activities”). Because that standard is satisfied in this instance, the summary judgment is AFFIRMED. The 101-page decision, containing both additional concurrences and dissents, focuses more closely on the "disruptive" aspects of Bell's speech. Contrary to the original finding of the three-judge panel last year, the en banc review sees enough "disruption" to justify the school's actions. Without learning, there can be little, if any, education. Without education, there can be little, if any, civilization. It equally goes without saying that threatening, harassing, and intimidating a teacher impedes, if not destroys, the ability to teach; it impedes, if not destroys, the ability to educate. It disrupts, if not destroys, the discipline necessary for an environment in which education can take place. In addition, it encourages and incites other students to engage in similar disruptive conduct. Moreover, it can even cause a teacher to leave that profession. In sum, it disrupts, if not destroys, the very mission for which schools exist—to educate. If there is to be education, such conduct cannot be permitted. In that regard, the real tragedy in this instance is that a high-school student thought he could, with impunity, direct speech at the school community which threatens, harasses, and intimidates teachers and, as a result, objected to being disciplined. Put succinctly, “with near-constant student access to social networking sites on and off campus, when offensive and malicious speech is directed at school officials and disseminated online to the student body, it is reasonable to anticipate an impact on the classroom environment”. Snyder, 650 F.3d at 951– 52 (Fisher, J., dissenting). As stated, the school board reasonably could have forecast a substantial disruption at school, based on the threatening, intimidating, and harassing language in Bell’s rap recording. So, because the disruption could "reasonably" be "forecast" (even if there is little evidence such forecasted disruption ever occurred), the school did not err in punishing Bell for off-campus activities. Judge E. Grady Jolly, in a concurring opinion, goes even further than the majority decision (which did not examine the "true threat" aspects of Bell's rap track) and declares certain forms of student speech wholly unprotected. Student speech is unprotected by the First Amendment and is subject to school discipline when that speech contains an actual threat to kill or physically harm personnel and/or students of the school; which actual threat is connected to the school environment; and which actual threat is communicated to the school, or its students, or its personnel. Not a statement anyone can really disagree with, but also an area the en banc panel didn't explicitly cover and also one mostly ignored by the school, which could have pursued criminal charges instead if they truly believed Bell's track was an "actual threat." (Instead, the school found Bell so "threatening" it didn't confront him about this track until nearly the end of the school day.) The dissent, written by Judge James L. Davis, is scathing in its assessment of the majority's decision to grant deference to the presumed sanctity of the learning environment. In doing so, the majority has allowed two things to happen, both of them bad. First, it has loosened the restrictions governing schools' punishment of students for off-campus behavior. [T]he majority opinion obliterates the historically significant distinction between the household and the schoolyard by permitting a school policy to supplant parental authority over the propriety of a child’s expressive activities on the Internet outside of school, expanding schools’ censorial authority from the campus and the teacher’s classroom to the home and the child’s bedroom. Even worse, the opinion sets a precedent that implicitly states certain public figures may not be criticized by certain individuals. Although mischaracterizing itself as “narrow” in scope, the en banc majority opinion broadly proclaims that a public school board is constitutionally empowered to punish a student whistleblower for his purely off-campus Internet speech publicizing a matter of public concern. Bell's rap song was a response to multiple complaints from female students about inappropriate comments and sexual overtures from two of the school's coaches. These complaints became sworn affidavits once the legal process was underway. So, even with the violent imagery, the track dealt mostly with the alleged misconduct of school employees. The en banc decision turns this sort of criticism into punishable behavior, especially if a school can "reasonably foresee" a possible disruption. Whether or not this disruption actually occurs is largely inconsequential. Judge Davis says this is free speech, alright, if you like your "free speech" surrounded by scare quotes. Even in the most repressive of dictatorships, the citizenry is “free” to praise their leaders and other people of power or to espouse views consonant with those of their leaders. “Freedom of speech” is thus a hollow guarantee if it permits only praise or state-sponsored propaganda. Freedom of speech exists exactly to protect those who would criticize, passionately and vociferously, the actions of persons in power. But that freedom is denied to Bell by the majority opinion because the persons whose conduct he dared to criticize were school teachers. If left uncorrected, the majority opinion inevitably will encourage school officials to silence student speakers, like Taylor Bell, solely because they disagree with the content and form of their speech, particularly when such off-campus speech criticizes school personnel. The majority does note that social media's ability to "bleed" into school life poses problems unanticipated by earlier decisions (like 1969's Tinker), but rather than explore that issue further, it simply decided on- and off-campus behavior were roughly inseparable if negative discussion of school employees in involved. The very low bar of "reasonably foreseeable disruption" grants schools leeway to arbitrarily punish off-campus speech. Anything can be "reasonably foreseeable," if enough imagination is applied and enough empathy is granted to these projections by the courts. And any post facto lack of disruption seemingly does nothing to harm schools' arguments in defense of their overreactions. Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
From e-voting and online petitions to broad new avenues of communication between politicians and the public, technology is changing democracy, and has the potential to do so even more. This week we're joined by Catherine Bracy, the Technology Field Officer for Obama For America in 2012, to discuss the current and future impact of rapidly changing technology on the democratic process and whether these impacts have been "good" or "bad." Follow the Techdirt Podcast on Soundcloud, subscribe via iTunes, or grab the RSS feed. You can also keep up with all the latest episodes right here on Techdirt. Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
This century has produced a new lexicon that didn't exist a generation ago: Broadband. Apps. Connectivity. Streaming video. Social networks. The on-demand economy. The new millennium has also produced a startling number of successful American companies with worldwide reach: Airbnb, Amazon, Facebook, Google, Lyft, Netflix, Pandora, Snapchat, Twitter, Uber, Yahoo, Yelp. With so many American innovators leading and improving the global economy, it would seem natural for American policymakers to do everything possible to allow these companies to flourish. Instead, we see far too many examples of our politicians actively discouraging or burdening new services from the country's leading American companies. With good intentions, but flawed logic, politicians are jumping in to regulate these new companies, slowing the pace of innovation. In July, Democratic New York Mayor Bill de Blasio was forced to table a plan to limit the growth of ride hailing companies like Uber and Lyft in New York after riders launched a public campaign to stop the proposal. Ride hailing services give New Yorkers and visitors access to quick, clean and affordable transportation options and help expand the city's economic growth by creating more job opportunities. So why are city regulators trying to slow their expansion and limit consumer choice? Ride hailing companies continue to face pressure from courts and politicians who say drivers should be treated as employees rather than independent contractors. Labor unions are pushing this view, while ignoring that many ride hailing drivers are drawn to the flexibility of being independent contractors. (Meanwhile, taxicab drivers in many cities are also considered independent contractors, a fact that is rarely mentioned in these debates.) On-demand economy services like Airbnb that link homeowners with those looking for places to stay are also under attack, as hotel unions join with the lodging industry to regulate, and in some cases ban, these services. The city of San Francisco is considering a measure that would cap Airbnb stays at 75 days, a move that Airbnb says will cost the city $58 million in tax revenue over the next 10 years. Why would city leaders seemingly ignore the potential good that immense amount of revenue could do? Our nation was built on a foundation of freedom -- freedom to contract with each other for goods and services, freedom to innovate and create new products, freedom to start a new business and maybe even fail at it. The government should only impose itself on industry if there's a compelling public interest. Rather than force new services to fit the framework of old rules, innovative startups offer regulators a chance to revise outdated rules to reflect a new reality. Ride hailing services naturally weed out bad drivers and poor service, especially when compared with the legacy cab drivers who aren't rated on or accountable for the quality of their service. Government can and should require driver screening and insurance, but it's the dynamic feedback nature of the wireless service that safeguards the public and benefits drivers. Home-sharing services like Airbnb give users more options when they travel and provide extra income for homeowners. Government can and should collect hospitality taxes after some threshold of rentals, but cities benefit from the influx of tourism whether visitors stay in hotels or not. Recently, my family took a holiday in New York City, where Manhattan has few hotel options for families with children. Thanks to Airbnb, we rented an apartment for a third of the comparable hotel price. Meanwhile, millions of Americans enjoy new services and experiences thanks to the ever evolving tech economy -- whether it's making a living from eBay or Etsy, figuring out where to eat or stay from Trip Advisor or Yelp, or enjoying new music from Pandora. Politicians need to get out of the way, let these businesses thrive and intervene only when there's a demonstrated, compelling need -- and even then, do so as narrowly as possible. The public is voting with their apps and their finger taps. Politicians would be wise to listen to the sounds of the page clicks. It's what their constituents want. Gary Shapiro is president and CEO of the Consumer Electronics Association (CEA), the U.S. trade association representing more than 2,000 consumer electronics companies, and author of the New York Times best-selling books, Ninja Innovation: The Ten Killer Strategies of the World's Most Successful Businesses and The Comeback: How Innovation Will Restore the American Dream. His views are his own. Connect with him on Twitter: @GaryShapiroPermalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
There's a famous line about grand juries and their willingness to indict anything prosecutors put in from of them, that they will "indict a ham sandwich" (coined by a judge who was later indicted himself in an effort to prove the point). But, someone apparently asked, can you copyright a chicken sandwich? This apparently serious legal question was recently taken up by the First Circuit appeals court to review a dispute about who owns the idea for a chicken sandwich. The backstory is that a guy named Norbeto Colon Lorenzana, working for Church's Chicken (owned by South American Restaurant Corporation, or SARCO) in Puerto Rico, thought that the restaurant should add a chicken sandwich to the menu. His bosses tested out some recipes and settled on the following recipe (which does not seem all that original): "a fried chicken breast patty, lettuce, tomato, American cheese, and garlic mayonnaise on a bun." Church's dubbed this the "Pechu Sandwich" and apparently it sold pretty well at Church's Chicken. Colon apparently decided that because it was his idea, he deserved a cut of every sale. And thus he sued for trademark and copyright violations (sorta, as you'll see)... because popular culture keeps falsely telling people that "intellectual property" must "protect" any possible "idea" they ever come up with, no matter how common or obvious it is, and no matter whether or not those ideas are even remotely protectable. The lower court correctly laughed this out of court, and Colon appealed, only to find the appeals court similarly unamused. Not surprisingly, apparently Colon's original complaint was so devoid of actual legal arguments that the court decided to "generously glean a claim for violations of the Copyright Act and a second claim under the Lanham Act for trademark infringement." As the ruling notes in a footnote, Colon didn't actually state either such thing, but the court said he claim close enough, and then in a reply to the company's motion to dismiss, Colon clearly was relying on copyright law, so it's a "copyright claim" even if the original complaint failed to make such a claim. The court also notes that "Colon does not seize upon the generosity of the district court and fails to develop any argument in his appellate briefing related to trademark infringement," so it drops the (bogus) trademark arguments entirely. Either way, even with the court "generously" saying there's a copyright claim, there isn't actually a copyright claim, because this is a freaking chicken sandwich. Contrary to Colón's protests on appeal, the district court properly determined that a chicken sandwich is not eligible for copyright protection. This makes good sense; neither the recipe nor the name Pechu Sandwich fits any of the eligible categories and, therefore, protection under the Copyright Act is unwarranted. A recipe -- or any instructions -- listing the combination of chicken, lettuce, tomato, cheese, and mayonnaise on a bun to create a sandwich is quite plainly not a copyrightable work.... As for the "Pechu Sandwich" moniker, we have previously held that "copyright protection simply does not extend to 'words and short phrases, such as names, titles, and slogans.'" The court separately rejects Colon's claim that SARCO registered the trademark in the sandwich by fraud (apparently in not giving it to him or something). The court again has trouble figuring out what he means, because he has no explanation: We need not linger over the potential elements of a Section 38 claim or the application of Rule 9(b) because the complaint fails for a more fundamental reason. It simply fails to sufficiently allege that any false statement exists. Colon merely offers conjecture about SARCO's actions and intentions. He avers that SARCO "intentionally, willfully, fraudulently and maliciously procured the registration of Plaintiff's creation in the Patent and Trademark Office without his consent and . . . with the intent to injure the Plaintiffs," but the complaint is silent as to any facts to support such conclusions. These kinds of lawsuits are what you get when you keep telling people that ideas are "ownable" and that anyone who does anything with your idea must be somehow infringing on your rights. Thankfully, the courts have quickly dumped this, but it's still a waste of time and resources.Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
With the MOTA 4-Port USB 3.0 Hub, you get 4 downstream ports for your laptop or computer. This compact hub allows you to plug in multiple accessories, charge them and transfer data quickly. It can easily fit in a laptop bag, gives you the convenience of extra ports, and has built-in surge protection. It is on sale for only $18 in the Techdirt Deals store. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
Well, well. Just a few days ago, we wrote about the fact that Google was being asked to "forget" articles about the right to be forgotten, under new right to be forgotten requests... and suddenly we've been notified that a Techdirt article about the right to be forgotten has been similarly stuffed down the memory hole*. The article in question, is our story from last fall about the NY Times writing about the right to be forgotten requests that resulted in NY Times articles disappearing from some searches. The NYT detailed what each story was about and it wasn't too difficult to figure out who was likely trying to make sure the articles were no longer linked to their names. It would appear that one of those individuals similarly has sent in this request -- but that's completely bogus, as we'll explain in a moment. First up, the notice: Due to a request under data protection law in Europe, we are no longer able to show one or more pages from your site in our search results in response to some search queries for names or other personal identifiers. Only results on European versions of Google are affected. No action is required from you. These pages have not been blocked entirely from our search results, and will continue to appear for queries other than those specified by individuals in the European data protection law requests we have honored. Unfortunately, due to individual privacy concerns, we are not able to disclose which queries have been affected. Please note that in many cases, the affected queries do not relate to the name of any person mentioned prominently on the page. For example, in some cases, the name may appear only in a comment section. Despite the claim that it might be someone in the comments, that seems unlikely here. Remember, the NYT article suggested who may have made the original requests, and it appears that person was likely now trying to cover up that fact. One of the individuals that the NYT story original wrote about was one Thomas Goolnik. Here's what the NY Times wrote in its original piece: One Times article that is being shielded from certain searches in Europe is a report from 2002 about a decision by a United States court to close three websites that the federal government accused of selling an estimated $1 million worth of unusable Web addresses. The complaint named three British companies, TLD Network, Quantum Management and TBS Industries, as well as two men who it said controlled the companies: Thomas Goolnik and Edward Harris Goolnik of London. The case was later settled. Thomas Goolnik did not respond to messages left via social networking sites. The NYT suggested that there was a decent likelihood that Thomas Goolnik made the original request. It seems likely that Goolnik made this new request as well. I just did a search from the US on US Google for Thomas Goolnik's name and the NY Times piece shows up as result number two. If you go to page two, the second item is our Techdirt story on the NY Times story. Yet, if you go to Google UK, neither story shows up when you search on Goolnik's name. At first glance, perhaps this seems reasonable. If Google has decided that a lawsuit against a company supposedly controlled by Goolnik is no longer relevant for those searching on Goolnik's name, then it's potentially reasonable to delink those results (though I have trouble seeing how the factual information that the lawsuit happened and that Goolnik was associated with it is no longer relevant. It seems abundantly relevant. However, the second order censorship here is much more troubling. Because the story is no longer about some long ago event which Goolnik might now wish to have hidden away in the depths. It's about his actions less than a year ago of likely filing for a right to be forgotten request. It's that news that both the NYT and Techdirt were reporting on. And that's not some "irrelevant" tidbit from history. That's recent, factual reporting. So I'm at a loss as to how this latest bit of censorship could possibly be legit. And it raises some of the many concerns about the whole "right to be forgotten" concept. Is it really just limited to the supposedly out of date and "irrelevant" information? Or is it now supposed to extend to any reporting on the new and very relevant information about using the whole right to be forgotten process. There is no official appeals process, other than that we can share "additional information regarding this content" that we feel "Google should be aware of" which may make the company reconsider -- though it also says "we can't guarantee responses." So it's just a blind "hey, that's crazy" and hoping common sense prevails. Or, you know, we'll keep writing about this story, because it's newsworthy no matter what the EU Court of Justice thinks or whatever whoever sent the request things, whether it's Thomas Goolnik or someone else. * To be clear, the article itself doesn't fully disappear from Google's index, it just means that anyone who searches on the name of the person who made the RTBF request will no longer have the article show up under that search. Other searches may still turn up the article.Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
Way back in 2004, we noted that the FTC went after Tower Records for getting hacked and leaking customer records. At the time, we wondered if this was appropriate. Companies get hacked all the time, even those with good security practices. So, at what point can it be determined if the company is being negligent, or if it's just that those looking to crack their systems are just that good. Well, the FTC had decided that it can draw the line, and for companies that do a particularly egregious job in not protecting user data, it's made it clear that it's going to go after them. A few years back, the FTC went after Wyndham Hotels for failing to secure user data, and Wyndham tried to argue that the FTC had no authority to do so. Last year, a district court sided with the FTC and now the Third Circuit appeals court has upheld that ruling, giving the FTC much more power to crack down on companies who fail to protect user data from leaking. The ruling doesn't fully answer the question of where can the FTC draw that line, but it certainly suggests that if your security is laughably bad then, absolutely, the FTC can go after you. And, yes, Wyndham's security was laughably bad. From the court ruling: The company allowed Wyndham-branded hotels to store payment card information in clear readable text. Wyndham allowed the use of easily guessed passwords to access the property management systems. For example, to gain “remote access to at least one hotel’s system,” which was developed by Micros Systems, Inc., the user ID and password were both “micros.”... Wyndham failed to use “readily available security measures”—such as firewalls—to “limit access between [the] hotels’ property management systems, . . . corporate network, and the Internet.” ... Wyndham allowed hotel property management systems to connect to its network without taking appropriate cybersecurity precautions. It did not ensure that the hotels implemented “adequate information security policies and procedures.” ... Also, it knowingly allowed at least one hotel to connect to the Wyndham network with an out-of-date operating system that had not received a security update in over three years. It allowed hotel servers to connect to Wyndham’s network even though “default user IDs and passwords were enabled . . . , which were easily available to hackers through simple Internet searches.” ... And, because it failed to maintain an “adequate[] inventory [of] computers connected to [Wyndham’s] network [to] manage the devices,” it was unable to identify the source of at least one of the cybersecurity attacks. Wyndham failed to “adequately restrict” the access of third-party vendors to its network and the servers of Wyndham-branded hotels. ... For example, it did not “restrict[] connections to specified IP addresses or grant[] temporary, limited access, as necessary.” It failed to employ “reasonable measures to detect and prevent unauthorized access” to its computer network or to “conduct security investigations.” It did not follow “proper incident response procedures.” ... The hackers used similar methods in each attack, and yet Wyndham failed to monitor its network for malware used in the previous intrusions. So, yeah. This wasn't a situation where determined malicious hackers had to carefully dismantle a security apparatus. There was no security apparatus, basically. The ruling also mentions that the Wyndham website claimed to encrypt credit card data and use firewalls and other things -- none of which it actually did. Oops. And, of course, hackers broke in multiple times and Wyndham did basically nothing. As noted, on three occasions in 2008 and 2009 hackers accessed Wyndham’s network and the property management systems of Wyndham-branded hotels. In April 2008, hackers first broke into the local network of a hotel in Phoenix, Arizona, which was connected to Wyndham’s network and the Internet. They then used the brute-force method—repeatedly guessing users’ login IDs and passwords—to access an administrator account on Wyndham’s network. This enabled them to obtain consumer data on computers throughout the network. In total, the hackers obtained unencrypted information for over 500,000 accounts, which they sent to a domain in Russia. In March 2009, hackers attacked again, this time by accessing Wyndham’s network through an administrative account. The FTC claims that Wyndham was unaware of the attack for two months until consumers filed complaints about fraudulent charges. Wyndham then discovered “memory-scraping malware” used in the previous attack on more than thirty hotels’ computer systems.... The FTC asserts that, due to Wyndham’s “failure to monitor [the network] for the malware used in the previous attack, hackers had unauthorized access to [its] network for approximately two months.” ... In this second attack, the hackers obtained unencrypted payment card information for approximately 50,000 consumers from the property management systems of 39 hotels. Hackers in late 2009 breached Wyndham’s cybersecurity a third time by accessing an administrator account on one of its networks. Because Wyndham “had still not adequately limited access between . . . the Wyndham-branded hotels’ property management systems, [Wyndham’s network], and the Internet,” the hackers had access to the property management servers of multiple hotels.... Wyndham only learned of the intrusion in January 2010 when a credit card company received complaints from cardholders. In this third attack, hackers obtained payment card information for approximately 69,000 customers from the property management systems of 28 hotels. The FTC alleges that, in total, the hackers obtained payment card information from over 619,000 consumers, which (as noted) resulted in at least $10.6 million in fraud loss. It further states that consumers suffered financial injury through “unreimbursed fraudulent charges, increased costs, and lost access to funds or credit,” ..., and that they “expended time and money resolving fraudulent charges and mitigating subsequent harm.” And yet, still, Wyndham insisted that the FTC had no mandate to go after them for this rather egregious behavior. The appeals court agrees with the lower court in saying "of course the FTC can go after such behavior." The main question: Is this an "unfair" practice by Wyndham? The company argued that it's not unfair because it's the victim here. The court doesn't buy it. Wyndham asserts that a business “does not treat its customers in an ‘unfair’ manner when the business itself is victimized by criminals.”... It offers no reasoning or authority for this principle, and we can think of none ourselves. Also: it's generally not a good thing when a court refers to your legal argument as "a reductio ad aburdum" (i.e., taking something to such an extreme as to be ridiculous). Finally, Wyndham posits a reductio ad absurdum, arguing that if the FTC’s unfairness authority extends to Wyndham’s conduct, then the FTC also has the authority to “regulate the locks on hotel room doors, . . . to require every store in the land to post an armed guard at the door,” ... and to sue supermarkets that are “sloppy about sweeping up banana peels,” ... The argument is alarmist to say the least. And it invites the tart retort that, were Wyndham a supermarket, leaving so many banana peels all over the place that 619,000 customers fall hardly suggests it should be immune from liability under § 45(a). Going for a due process move, Wyndham tries to argue that there was not "fair notice" of what kinds of security practices the FTC required. I'm actually marginally sympathetic to this argument. If this is ever amorphous, then that is really challenging for companies who just don't know if their security practices meet the vague non-public standard of "okay" for the FTC. But, if you're running a company -- especially one as large as Wyndham Hotels -- it's not unreasonable to suggest that your tech staff at least understand some basic fundamentals about security, like not using default passwords, encrypting credit card data, and using firewalls. This isn't advanced computer security here. This is pretty basic stuff. Furthermore, the court basically says Wyndham doesn't need specific rules from the FTC, but rather just should know that the law about "unfair" practices exists. Wyndham is entitled to a relatively low level of statutory notice for several reasons. Subsection 45(a) does not implicate any constitutional rights here.... It is a civil rather than criminal statute.... And statutes regulating economic activity receive a “less strict” test because their “subject matter is often more narrow, and because businesses, which face economic demands to plan behavior carefully, can be expected to consult relevant legislation in advance of action.” In this context, the relevant legal rule is not “so vague as to be ‘no rule or standard at all.’”... Subsection 45(n) asks whether “the act or practice causes or is likely to cause substantial injury to consumers which is not reasonably avoidable by consumers themselves and not outweighed by countervailing benefits to consumers or to competition.” While far from precise, this standard informs parties that the relevant inquiry here is a cost-benefit analysis,... that considers a number of relevant factors, including the probability and expected size of reasonably unavoidable harms to consumers given a certain level of cybersecurity and the costs to consumers that would arise from investment in stronger cybersecurity. We acknowledge there will be borderline cases where it is unclear if a particular company’s conduct falls below the requisite legal threshold. But under a due process analysis a company is not entitled to such precision as would eliminate all close calls. And, the court notes, Wyndham's behavior here is so egregious that no reasonable person could find it surprising that the FTC went after the company for its [lack of] security practices. As the FTC points out in its brief, the complaint does not allege that Wyndham used weak firewalls, IP address restrictions, encryption software, and passwords. Rather, it alleges that Wyndham failed to use any firewall at critical network points, did not restrict specific IP addresses at all, did not use any encryption for certain customer files, and did not require some users to change their default or factory-setting passwords at all. Which leads to the kicker in the following sentence: Wyndham did not respond to this argument in its reply brief. Ouch. The court also notes that maybe Wyndham's response would be more reasonable if the company had only been hacked once. But three times is a bit much: Wyndham’s as-applied challenge is even weaker given it was hacked not one or two, but three, times. At least after the second attack, it should have been painfully clear to Wyndham that a court could find its conduct failed the cost-benefit analysis.... [C]ertainly after the second time Wyndham was hacked, it was on notice of the possibility that a court could find that its practices fail the cost-benefit analysis. And thus, while I'm still a little nervous about going after companies who get hacked, it seems in this case, where there appears to be overwhelming evidence of near total gross negligence on the part of Wyndham to secure user data, it does seem reasonable for the FTC to be able to proceed, and now both a district and appeals court agree.Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
This should be fun. A bunch of whistleblowers that were hounded, surveilled and prosecuted/persecuted by the US government are banding together to sue all the big names in domestic surveillance. Thomas Drake, Diane Roark, Ed Loomis, J. Kirk Wiebe and William Binney have filed a civil rights lawsuit against the NSA, FBI, DOJ, Michael Hayden, Keith Alexander, Chris Inglis, Robert Mueller and a handful of others. They will be represented by Larry Klayman, who has some experience suing intelligence agencies. The claims arise from the government's treatment of these whistleblowers after they started making noise about the NSA's surveillance programs. More specifically, the lawsuit points to the short-lived internet surveillance program THINTHREAD, which was ignored and abandoned in favor of something more expensive, but less protective of Americans' communications. Plaintiffs worked in various roles on developing and perfecting a candidate program called THINTHREAD which was capable of performing the technical work desired by the NSA for surveillance of the internet efficiently, effectively, and at very low cost. THINTHREAD was put into operation successfully but only on a demonstration basis. It was approved to demonstrate that it worked, but not officially commissioned for actual operational use. Despite the Plaintiffs demonstrating that THINTHREAD actually worked, the NSA ignored THINTHREAD as a candidate for performing the desired surveillance of the internet and telephone communications, because THINTHREAD was inexpensive and highly effective, yet Lt. General Michael Hayden had made a corporate decision to “buy” externally rather than “build” internally the solution deemed necessary to harvest internet data. $4 billion went into another program called TRAILBLAZER (THINTHREAD's internal development cost, by contrast, was only $4 MILLION), along with five years of development. In the end, TRAILBLAZER never worked properly and was abandoned by the NSA in 2006. This wasteful "funneling" of funds to preferred government contractors was reported to the Dept. of Defense by four of the whistleblowers, under the heading of waste, fraud and misuse of taxpayers' money. The DoD wasn't happy. It issued a scathing internal report. But the NSA wasn't interested in having its faults pointed out. It sent the DOJ after the whistleblowers, using an unrelated leak of information about the NSA's expansive domestic surveillance programs to the New York Times as the impetus for a series of raids. According to the filing, the raids were retaliatory. The government had already determined the plaintiffs had nothing to do with the leaks reported on by the New York Times. And it used faulty affidavits to justify the corresponding raids. In fact, the affidavit for the search warrants are themselves based upon an illegal, warrantless phone tap and refer to a conversation illegally intercepted between Plaintiff Roark and Plaintiff William Binney, although misrepresenting the call’s contents. Further, the ultimate pretext for the search, a paper describing THINTHREAD at a high level that Binney had given the FBI, was falsely claimed by NSA to be classified. Thus, the search warrant affidavit is not only false but illegal. The lawsuit also attempts to use the breadth and reach of known surveillance programs as proof the government knew the whistleblowers had nothing to do with the NYT leak. Moreover, as later revealed by Edward Snowden, the NSA was even then, with the assistance of cooperating telephone and telecommunications companies, conducting mass interception and surveillance of all telephone calls within the domestic United States for the very purpose – at least so they claimed – of detecting both external and internal threats against the national security of the United States. Therefore, through those phone and internet records, the Defendants had actual evidence at the time of the false affidavit and retaliatory searches and seizures that none of the Plaintiffs had communicated with the The New York Times or other journalists, except that Plaintiff Drake on his own had spoken confidentially with regard to public and /or unclassified information to the Baltimore Sun. The end result of the FBI, NSA and DOJ's actions in response to whistleblowing (largely performed through proper channels) is a host of alleged civil liberties' violations and other abuses, starting with the violation of 1998's Whistleblower Protection Act. From there, the whistleblowers allege violations of their First, Fourth and Fifth Amendment rights, along with malicious prosecution, intentional infliction of emotional distress and abuse of process. It will be interesting to see where this goes. The government likely won't be able to dismiss the suit quickly, but the plaintiffs are going to run into a ton of immunity claims that will be buttressed by invocations of national security concerns. Their lawyer -- Larry Klayman -- has occasionally displayed his inability to distinguish between actionable claims and conspiracy theories, a tendency that doesn't improve the plaintiffs' chances of succeeding. But of all the outcomes I imagined for the stories of Drake, Binney, et al, taking these agencies on directly in federal court wasn't one of them. Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
The sometimes blisteringly-inane hype surrounding the "Internet of Things" appears to be on a collision course with the sophomoric security standards being employed in the field. As we've seen time and time again, companies were so bedazzled by the idea of connecting everything and anything to the Internet (your hat! your pants! your toilet!) they left device and network security as an afterthought -- if they could be bothered to think about it at all. The result has been smart TVs that share your personal conversations, vehicles that can easily be used to kill you, and a home full of devices leaking your daily habits. The latest example comes again via Samsung, whose "smart" refrigerators aren't so smart. While Samsung's shiny new refrigerators connect to the Internet, can display your Google Calendar and implement SSL, hackers during a challenge at the recent DEFCON found the refrigerators fail to validate those SSL certificates. That opens the door to all kinds of man-in-the-middle attacks, potentially allowing your neighbor to steal your Gmail login information while sitting on his couch next door:"The internet-connected fridge is designed to display Gmail Calendar information on its display," explained Ken Munro, a security researcher at Pen Test Partners. "It appears to work the same way that any device running a Gmail calendar does. A logged-in user/owner of the calendar makes updates and those changes are then seen on any device that a user can view the calendar on." "While SSL is in place, the fridge fails to validate the certificate. Hence, hackers who manage to access the network that the fridge is on (perhaps through a de-authentication and fake Wi-Fi access point attack) can Man-In-The-Middle the fridge calendar client and steal Google login credentials from their neighbours, for example."On the plus side, this vulnerability was found after Samsung invited hackers to try and find vulnerabilities in the system, showing some proactive thinking. On the flip side, this is the same company whose "smart" TVs were found to be happily sending living room conversation snippets unencrypted over the Internet -- so it's not always clear Samsung listens to feedback, or how many bugs and vulnerabilities go unnoticed. Regardless, the researchers' blog post has a little more detail, noting they may have also found some vulnerabilities in the app's encrypted communication stream with the refrigerator. These endless IOT security issues may have the opposite effect of that intended: actively marketing the need for many devices to be dumber. And those dumb devices are getting harder to find. Many of the latest and greatest 4K television sets, for example, simply can't be purchased without intelligent internals that integrate functionality the user may not want. So while Wired magazine's endless 1990's obsession with intelligent refrigerators may have finally come to fruition, they may be unwitting pitchmen for how sometimes it's better for things to simply remain utterly analog -- and beautifully, simply stupid.Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
Techdirt has written numerous articles about an important move in academic publishing towards open access. By shifting the funding of production costs from the readers to the researchers' institutions it is possible to provide free online access to everyone while ensuring that high academic standards are maintained. An important aspect of that, both for open access and traditional publishing, is peer review, which is designed to ensure that the most important papers are brought forward, and that they are checked and improved as they pass through the publication process. Given that pivotal role, the following story in The Washington Post is both shocking and troubling: One of the world’s largest academic publishers, Springer, has retracted 64 articles from 10 of its journals after discovering that their reviews were linked to fake e-mail addresses. The announcement comes nine months after 43 studies were retracted by BioMed Central (one of Springer’s imprints) for the same reason. To put those numbers in context, a specialized site that tracks this and similar malpractice in the academic world, Retraction Watch, reports that the total number of papers withdrawn because of fake reviews is 230 in the past three years. It's not known exactly how the reviews of the 64 articles involved were faked, or by whom. But there are plenty of other cases that indicate ways in which the peer review system is being subverted. These range from the obvious ones like researchers reviewing their own papers or suggesting people they know as suitable reviewers, to more devious approaches, including the use of companies providing "specialist" services. As the Committee on Publication Ethics (COPE) wrote in its statement on "inappropriate manipulation of peer review processes": While there are a number of well-established reputable agencies offering manuscript-preparation services to authors, investigations at several journals suggests that some agencies are selling services, ranging from authorship of pre-written manuscripts to providing fabricated contact details for peer reviewers during the submission process and then supplying reviews from these fabricated addresses. Some of these peer reviewer accounts have the names of seemingly real researchers but with email addresses that differ from those from their institutions or associated with their previous publications, others appear to be completely fictitious. We are unclear how far authors of the submitted manuscripts are aware that the reviewer names and email addresses provided by these agencies are fraudulent. However, given the seriousness and potential scale of the investigation findings, we believe that the scientific integrity of manuscripts submitted via these agencies is significantly undermined. The Washington Post article goes on to discuss various policies that publishers are beginning to put in place in an attempt to prevent fakes from undermining the peer review system. But the real problem lies not in the publishing process, but in the way that academic careers are judged and advanced. Currently, too great an emphasis is placed on how many papers a researcher has published, and whether they are in "prestigious" journals, where "prestigious" is generally defined using the highly-unsatisfactory "impact factor," supposedly a measure of academic influence. This creates an enormous "pressure to publish," which inevitably leads to some people cutting corners. The best way to address the growing problem of fake reviews is to adopt better, more inclusive ways of evaluating academics and their work, and thus move beyond today's fixation on publishing papers in high impact-factor titles. While that thorny issue remains unaddressed, the great revolution in knowledge production and dissemination that open access potentially enables will remain incomplete and even compromised. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
Chemists haven't quite mastered manipulating atoms and molecules, but physicists are making some progress in making/discovering all kinds of new particles -- and not just sub-atomic scale particles. We've mentioned "super heavy hydrogen" before, but there are a few other unnatural bits of matter brewing in labs, too. Check out a few of them below. Powerful X-ray pulses can blast away the guts of atoms, making hollow atoms. Giant Rydberg atoms, antimatter atoms (e.g. antihydrogen) and elements beyond Ununoctium (atomic #118) are extremely difficult to observe (or create in the first place), but these particles might prove useful someday. But even if they don't, it's interesting to see how far we can push the boundaries of atoms and groups of sub-atomic particles. [url] Magnetic superatoms are clusters of atoms with electrons in orbitals that surround the entire cluster instead of just the individual atoms. A stable magnetic superatom VNa8 can be synthesized -- but not in macroscopic quantities yet. These kinds of superatoms could have spintronics applications, but it's really too early to make any kind of useful device out of these things. [url] A variant of atomic force microscopy can produce images of atomic bonds in molecules with amazing detail, gaining picometer resolution. Imaging at this scale could help develop molecular electronics and keep Moore's law from faltering more than it already has. [url] After you've finished checking out those links, take a look at our Daily Deals for cool gadgets and other awesome stuff.Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
While Google is still seen as (and proclaims to be) a net neutrality advocate, evidence continues to mount that this is simply no longer the case. Back in 2010 you might recall that Google helped co-write the FCC's original, flimsy net neutrality rules with the help of folks like AT&T and Verizon -- ensuring ample loopholes and making sure the rules didn't cover wireless at all. When the FCC moved to finally enact notably-tougher neutrality rules for wired and wireless networks earlier this year, Google was publicly mute but privately active in making sure the FCC didn't seriously address the problems with usage caps and zero-rated (cap exempt) content. While the company pretends this isn't a notable turnaround from previous principles, the evidence is on the table for all to see. As India has been exploring net neutrality rules it's again apparent that, if not at least leaning into the anti-neutrality rule camp -- Google sure as hell is not helping. Both Google and Facebook have come under fire recently for their zero rating efforts overseas, which include exempting some select partner content from usage caps, and setting up walled garden fiefdoms under the banner of selfless altruism. Critics charge that these plans create vast inequalities in connectivity and violate Internet openness, and that if the companies' really want to help the poor, they can help subsidize truly open Internet access. While Facebook has responded to this criticism by insisting that all of its critics are extremists should they dare question Facebook's noble intentions, Google's again chosen a more subtle route; staying mute on the subject publicly but quietly working behind the scenes to weaken the final rules:"Google joined hands with Facebook to try and prevent the Internet and Mobile Association of India, which represents some of the largest Internet companies in India, from taking a stand that counters Zero Rating. According to emails exchanged between IAMAI’s Government Relations committee members, of which MediaNama has copies, Vineeta Dixit, a member of Google’s Public Policy and and Government Relations team, strongly pushed for the removal of any mention of Zero Rating from the IAMAI’s submission, as a response to the Department of Telecom’s report on Net Neutrality. Please note that Google hasn’t responded to our queries, despite multiple reminders...Apparently Google was preparing to launch its own zero-rated effort in India but put those plans on hold once it saw Facebook taking a public relations beating. And while Google's been very careful to even avoid having any of its positions on the record, these e-mails show it pushed India's wireless carriers to make sure they all were on board supporting zero rating:"Dixit’s email to the IAMAI government relations committee, while reasoning that there is no consensus on Zero Rating, asked for its removal from the submission, saying: “We would like to register strong protest against this formulation and would request you to remove this (Zero Rating) from the submission."So yes, this is basically Google's net neutrality modus operandi now: publicly say as little as possible (while harvesting press and public acclaim for being a net neutrality "supporter") while privately undermining real neutrality. As we've discussed with both AT&T's sponsored data and T-Mobile's Music Freedom, such a model gives preferential treatment to larger companies while making life immediately harder for smaller outfits, independents and non-profits. And Google's ok with that. Worth remembering the next time Google (or a press outlet) proclaims that Google's still a noble champion on the net neutrality front.Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
Over the last few years, we've published a ton of stories about the growing police reliance on Stingray cell site simulator devices (also known as IMSI catchers), that mimic a real cell phone tower and help provide the location of a certain mobile phone. As we've written, these devices have been super popular with police departments, who often receive them from the federal government with strict non-disclosure agreements, which means law enforcement has been known to lie to courts or simply drop cases where the usage is at risk of coming out in court. It seems that this story is getting more and more national attention. Brad Heath, over at USA Today, has a fairly deep dive into the fact that police are using these devices to solve petty crimes all the time, without a warrant, and then refusing to tell defendants how they were caught (which is a bit of a constitutional no-no). Heath specifically was able to get a police surveillance log in Baltimore, which detailed how the devices were used there. The records show that the city's police used stingrays to catch everyone from killers to petty thieves, that the authorities regularly hid or obscured that surveillance once suspects got to court and that many of those they arrested were never prosecuted. Defense attorneys assigned to many of those cases said they did not know a stingray had been used until USA TODAY contacted them, even though state law requires that they be told about electronic surveillance. “I am astounded at the extent to which police have been so aggressively using this technology, how long they’ve been using it and the extent to which they have gone to create ruses to shield that use,” Stephen Mercer, the chief of forensics for Maryland’s public defenders, said. Some of the cases are absolutely ridiculous -- such as the one where an angry husband grabbed his wife's phone and left the house. Police declared it a theft and used an IMSI catcher to track it down... but by that point, the husband had already given it back to his wife, so the police just showed up at her home where she already had the phone. Also, because it's so easy to use these devices to just go and locate anyone, Baltimore police sometimes used it just to find the location of witnesses (i.e., people who haven't committed any crimes). That's going way over the line of what's appropriate. These things are being used so often in so many cases with so little transparency, one hopes that the growing press attention will finally lead to much more accountability on how these devices are used and a requirement for a warrant.Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
We write frequently about those who abuse the DMCA either directly for the sake of censorship or, more commonly, because some are in such a rush to take down anything and everything that they don't bother (or care) to check to see if what they're taking down is actually infringing. The latter, while common, could potentially expose those issuing the takedowns to serious legal liability, though the courts are still figuring out to what extent. Last week, we wrote about Boston public television station WGBH issuing a bogus takedown on some public domain (government created) video that Carl Malamud had uploaded to YouTube. That doesn't look like an automated takedown, but rather someone working for WGBH's legal team who just decided that anything with "American Experience" in a title must be infringing. Malamud has now published the letter that he sent YouTube, about the whole situation. It includes some more details concerning the insulting manner in which WGBH's legal team, Susan Kantrowitz and Eric Brass, handled the situation, including Brass telling Malamud that this wasn't a big deal because deleting this "particular film" was not that important. Meanwhile, I finally reached the WGBH legal department. Susan L. Kantrowitz, General Counsel, wrote to me that “It is highly unusual for Amex to be in a title and not be one of our shows” and they would “address it on Monday.” Eric Brass, Corporate Counsel, wrote that “the take down request very well may have been an error, but given that it is late on a Friday afternoon in August, I may not be able to get back to you (or YouTube) until Monday.” He then wrote me back and indicated that while perhaps my YouTube account was important, this “particular film” was certainly not. I spoke to him on the phone and he repeated that no harm had been done, but and that after he completed his investigation he would,“follow up with something in writing that might be helpful for you if a question arises down the road about the take down.” I want to stress that the timing of this takedown was not mine, it was instigated by WGBH and it was done deliberately as a formal legal action. Mr. Brass seemed quite peeved that I was upset, even though I was just minding my own business on the Internet when some hooligans from Boston came over and smacked me for no reason at all, then left for a weekend at the Cape. The process of creating a copyright strike is not a casual one. WGBH had to go through several screens to identify the video, fill out their contact information, and checked numerous boxes indicating that they understood this was the beginning of a legal process, then signed a statement indicating that all statements were true and that they were in fact the true and correct owners of that film or portions of that film. In order to respond to that legal accusation, I had to go through a similar process of swearing under oath and accepting a court’s jurisdiction for my counter-claim. Because of all of this, Malamud has suggested that YouTube institute a similar reverse three strikes policy for those who abuse the DMCA takedown process: I believe that incorrectly posting a video that is under copyright is in fact worthy of a copyright strike. However, I think the opposite of that should be true. WGBH committed a copyright foul and should be prohibited from having the capability to take another user’s films down for a six-month period. If they commit 3 copyright fouls, their account should be revoked. WGBH personnel should be required to go to copyright school so that they fully understand their responsibilities under the law. Given the blithe and uncaring attitude of WGBH legal staff, they should also be required to undergo copyright school. Their blase attitude was not impressive, and I can just imagine the reaction of WGBH if somebody had improperly taken down one of their media properties would not have been nearly so casual. The idea of a reverse three strikes policy is not a new one. We first wrote about it back in 2008. Unfortunately, under the current wording of the DMCA, it would be very difficult to do it properly, but it does seem worth considering, considering just how frequency such a power is abused.Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
A couple months ago, we wrote about Twitter shutting down Politwoops, a service from the Sunlight Foundation that highlighted tweets that politicians had posted... and then deleted. This was a useful tool for transparency, showing what kinds of tweets politicians delete. Frequently it was silly things like typos, but sometimes it caught and highlighted really ridiculous statements by politicians that they should have thought more about first. Twitters reasoning behind this made no sense at all at the time, claiming that it was about "honoring the expectation of user privacy." That's wrong. If you tweet publicly, there is no "expectation of privacy." You have done something publicly. This weekend, this whole situation got more attention, as Twitter similarly shut down a number of similar services, including foreign instances of Politwoops run by the Open State Foundation. Once again, Twitter gave a reason... that made absolutely no sense: Imagine how nerve-racking – terrifying, even – tweeting would be if it was immutable and irrevocable? No one user is more deserving of that ability than another. Indeed, deleting a tweet is an expression of the user’s voice. This is worse than the original reason. First of all, that's not terrifying at all. That's how life is, every day. You say something, people hear it/see it and they can repeat it or call you out on it if they disagree. And you can have a discussion. And, of course, you can later change your words, admit you made a mistake, or, yes, delete your tweet. But people might notice that. And that's fine. It's not terrifying. There's nothing "immutable" or "irrevocable" about Politwoops highlighting things that actually happened. As for the next two lines, again, it makes no sense. There is nothing in Politwoops that makes one user "more deserving" of any ability than any other. Anyone can delete tweets. And anyone who saw the original tweet can call it out and highlight it. Yet, for whatever reason, Twitter has decided that it wants to give extra special protections to some users, by claiming that it's an abuse to actually build a system to automate such things. This is the opposite of enabling free speech. It's stifling it. And, yes, deleting a tweet is an expression of the user's voice -- as is having someone highlight what you deleted. That's how this works. This move is profoundly disappointing by Twitter -- a company that regularly positions itself as a champion of free speech and being engaged in the political process. Politicians say stupid stuff all the time (as does pretty much everyone). And people call them out on it. And no one ever argues that's an invasion of their privacy... except, apparently, Twitter. Once again, this is a reminder of why we should be focused on protocols instead of platforms for the services that enable free expression. When we rely on platforms, we have to live by their rules.Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
Remember the 4th Amendment? We hear it's making a comeback. Back in May, we had a story about another court explaining to the government that, contrary to popular belief within Homeland Security, the 4th Amendment does still apply at the border, and thus Border Patrol can't just take someone's laptop without a warrant. The case involved a guy named Jae Shik Kim, who the government suspected was shipping items to China that were then being forwarded to Iran. Because of that, DHS grabbed his laptop as he was leaving the US (on a flight to Korea). The DOJ argued that the laptop was a "container" subject to search at the border. The court disabused the DOJ of this notion: After considering all of the facts and authorities set forth above, then, the Court finds, under the totality of the unique circumstances of this case, that the imaging and search of the entire contents of Kim’s laptop, aided by specialized forensic software, for a period of unlimited duration and an examination of unlimited scope, for the purpose of gathering evidence in a pre-existing investigation, was supported by so little suspicion of ongoing or imminent criminal activity, and was so invasive of Kim’s privacy and so disconnected from not only the considerations underlying the breadth of the government’s authority to search at the border, but also the border itself, that it was unreasonable. Given an opportunity to respond, the DOJ has dropped the entire case. The United States, by and through its attorney, the Acting United States Attorney for the District of Columbia, respectfully moves this Court to dismiss the Indictment against the defendants. As grounds for this motion, the government states the following: in a Memorandum Opinion and Order, filed on May 8, 2015, the Court granted the defendants’ motion to suppress evidence, and the government has decided not to pursue an appeal of that decision. Accordingly, the government is unable to continue prosecuting this matter, and we therefore move the Court to dismiss the Indictment pending against the defendants. Yup. Next time, maybe don't violate the 4th Amendment.Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
The $39 Investment Banking Training Bundle is a cost-effective way to learn the skills and tools needed to get into investment banking. The comprehensive 99 courses are geared to teach you about everything from analyst accounting to financial modeling to portfolio management. There is a section focused on learning advanced skills in Excel, Word and PowerPoint and how to automate tasks with VisualBasic. There is even a section on becoming a great negotiator and communicator. The lifetime access to this complete bundle will quickly have you fluent in the lingo and basics of investment banking. Courses on corruption, swindling and getting the federal government to bail you out for your biggest failings apparently not included. You'll have to learn that on your own. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.Permalink | Comments | Email This Story

Read More...