posted 2 days ago on techdirt
Last fall, we noted that the world's largest patent troll, Intellectual Ventures, was running out of cash, which is somewhat incredible, given that it had previously claimed to have raised $6 billion in investments (though many of its earliest deals with tech companies were categorized as "investments" when they were really promises not to sue, combined with access to the patent bank) and a further $3 billion in licenses. It should take a long time to spend $9 billion when your company produces nothing that has ever been brought to market, but that's IV for you. As we noted in that story last fall, many of the tech companies that initially "invested" in Intellectual Ventures had no interest at all in re-upping, as they felt that the whole thing had been a bait-and-switch. They were initially told it was a "patent defense fund," not a giant patent troll itself. However, while many of the companies have indeed avoided giving IV any more money, it appears that Microsoft and Sony were quite happy to dump a lot more cash into IV, which has now ramped up its patent buying efforts again (as well as its lobbying and political contributions in an effort to kill off patent reform). Microsoft, of course, has always been close to IV, seeing as it was started by the company's former CTO, Nathan Myhrvold, who is also a close friend of Bill Gates (who has directly helped IV get some patents). Similarly, Microsoft has become one of the most aggressive patent abusers over the last decade, increasingly relying on its stock of patents to make money from other people's innovations, rather than innovating on its own. It is similarly no wonder that the company somewhat famous for having nearly all of its major success based on copying the work of others, is now trying to stop anyone else from doing the same without paying a massive tax. There was a time when Bill Gates said: "If people had understood how patents would be granted when most of today's ideas were invented and had taken out patents, the industry would be at a complete standstill today... A future start-up with no patents of its own will be forced to pay whatever price the giants choose to impose." And, now, via Intellectual Ventures and its own patent holdings, Microsoft seems to be trying to make sure Gates' prediction is a reality. It all fits in to the same paradigm we've observed for years. When you're young, you innovate. When you're old, you litigate. Microsoft appears to have given up on innovation, but is ramping up on litigation, and re-investing in patent trolling via Intellectual Ventures is merely the latest step.Permalink | Comments | Email This Story

Read More...
posted 2 days ago on techdirt
Yet another story of hypocrisy by the recording industry? Why yes, indeed. For years now, we've been covering the issue of pre-1972 sound recordings. When Congress wrote the 1909 Copyright Act, it did not cover sound recordings, because Congress didn't think that sound recordings qualified for copyright. In a statement released by Congress with the Act, it said it deliberately chose not to cover sound recordings, believing that they weren't covered by the Constitutional limitation on "writings" for copyright protection: Indeed, the report released with the Copyright Act expressly stated that Congress did not intend to protect sound recordings: "It is not the intention of the committee to extend the right of copyright to the mechanical reproductions themselves, but only to give the composer or copyright proprietor the control, in accordance with the provisions of the bill, of the manufacture and use of such devices." According to one commentator, Congress had two principal concerns about sound recordings, leading it to decline to protect them. First, Congress wondered about the constitutional validity of such protection. The Constitution allows Congress to protect "writings," and Congress was uncertain as to whether a sound recording could constitute a writing. Second, Congress worried that allowing producers to exclusively control both the musical notation and the sound recording could lead to the creation of a music monopoly. That latter concern certainly was prescient. When Congress did a massive overhaul of copyright law in 1976, the recording industry was a much more powerful lobby, and so sound recordings were included. However, in the years between 1909 and 1976, many states had created their own (often bizarre) "state" copyrights to protect recordings. Rather than deal with this in an intelligent way, Congress basically said the new federal copyright rules would only apply to songs recorded in 1972 or after, and pre-1972 recordings would remain in a bizarre limbo. This has created a whole host of legal issues, and the Copyright Office has been trying to figure out what to do about this for years. However, it appears that the recording industry would like it both ways. When it's to their advantage, they claim that pre-1972 recordings should be treated just like modern song recordings. And when it's not to their advantage, they insist that pre-1972 recordings should be treated wholly differently. In various hearings about the issue, the RIAA has been one of the most vocal in arguing against treating pre-1972 recordings as if they're covered by federal copyright law. And, at the same time, they've argued in court repeatedly that the DMCA safe harbors don't apply to pre-1972 recordings, making various music storage lockers liable for any such recordings they host. Some courts have rejected this theory, while others have accepted it. Either way, the recording industry has been pretty adamant that pre-1972 recordings should be treated differently, so they can sue whomever they want. And yet... when various streaming music companies recognize this fact, and note that pre-1972 recordings aren't covered under statutory licensing regimes... the recording industry freaks out. Michael Huppe, the President of SoundExchange -- an organization created by the RIAA -- is writing in Billboard magazine about how unfair it is that streaming services like Sirius XM and Pandora don't pay statutory rates for pre-1972 recordings. Huppe complains that "this is not fair" and notes: It's a matter of simple fairness to offer equal treatment for all sound recordings. Okay. If that's true, then why aren't SoundExchange and the RIAA out there in support of federalizing the copyright in pre-1972 recordings? Why aren't SoundExchange and the RIAA agreeing to the fact that the DMCA's safe harbors apply equally to pre-1972 recordings? I'm all for "equal treatment for all sound recordings" as well, but someone ought to point out to SoundExchange and the RIAA: you first.Permalink | Comments | Email This Story

Read More...
posted 2 days ago on techdirt
This won't come as a huge surprise, but Ladar Levison and Lavabit have now lost their appeal on whether or not they were in contempt for failing to compromise the security of every one of Lavabit's customers in complying with the DOJ's demands to get access to who Ed Snowden had been emailing. The ruling does a decent job explaining the history of the case, which also details some of the (many, many) procedural mistakes that Lavabit made along the way, which made it a lot less likely it would succeed here. Let this be a massive reminder that, if you're dealing with this kind of stuff, getting a good lawyer on your side immediately is important. Unfortunately, the procedural oddities effectively preclude the court even bothering with the much bigger and important question of whether or not a basic pen register demand requires a company to give up its private keys. As the court details, the problem seems to be how Lavabit went about the legal process here: In the district court, Lavabit failed to challenge the statutory authority for the Pen/Trap Order, or the order itself, in any way. Yet on appeal, Lavabit suggests that the district court’s demand for the encryption keys required more assistance from it than the Pen/Trap Statute requires. Lavabit never mentioned or alluded to the Pen/Trap Statute below, much less the district court’s authority to act under that statute. In fact, with the possible exception of an undue burden argument directed at the seizure warrant, Lavabit never challenged the district court’s authority to act under either the Pen/Trap Statute or the SCA. The court basically says that because Lavabit mucked up the process, the appeal is going to fail. It further rejects the claim that Lavabit did, in fact, challenge the Pen/Trap order when he objected to turning over his keys. The court notes that such a claim is a stretch. In making his statement against turning over the encryption keys to the Government, Levison offered only a one-sentence remark: “I have only ever objected to turning over the SSL keys because that would compromise all of the secure communications in and out of my network, including my own administrative traffic.” (J.A. 42.) This statement -- which we recite here verbatim -- constituted the sum total of the only objection that Lavabit ever raised to the turnover of the keys under the Pen/Trap Order. We cannot refashion this vague statement of personal preference into anything remotely close to the argument that Lavabit now raises on appeal: a statutory-text-based challenge to the district court’s fundamental authority under the Pen/Trap Statute. Levison’s statement to the district court simply reflected his personal angst over complying with the Pen/Trap Order, not his present appellate argument that questions whether the district court possessed the authority to act at all. Levison represented himself pro se at the beginning of the case (adding to the mess of procedural problems), and while his legal team tries to use that as a reason why the court should forgive some of the procedural mistakes, the court rejects that as well (even noting that, as a limited liability company, Lavabit shouldn't have been allowed to proceed pro se in the first place). The hail mary attempt in the case was to argue that because the underlying issues are of "immense public concern" (and they are) that the court should ignore the procedural mistakes. The court flatly rejects that notion: Finally, Lavabit proposes that we hear its challenge to the Pen/Trap Order because Lavabit views the case as a matter of “immense public concern.” (Reply Br. 6.) Yet there exists a perhaps greater “public interest in bringing litigation to an end after fair opportunity has been afforded to present all issues of law and fact.” United States v. Atkinson, 297 U.S. 157, 159 (1936). And exhuming forfeited arguments when they involve matters of “public concern” would present practical difficulties. For one thing, identifying cases of a “public concern” and “non-public concern” –- divorced from any other consideration –- is a tricky task governed by no objective standards..... For another thing, if an issue is of public concern, that concern is likely more reason to avoid deciding it from a less-than-fully litigated record.... Accordingly, we decline to hear Lavabit’s new arguments merely because Lavabit believes them to be important. This is unfortunate on many levels, because it's not just Lavabit that believes these issues to be of immense public concern. Either way, this mess of a case should be a reminder that, especially when dealing with the government, it's important to get good lawyers on your side from the very beginning.Permalink | Comments | Email This Story

Read More...
posted 2 days ago on techdirt
Usually, the NSA's whoppers are so ham-fisted everyone knows them for falsehoods. And if there's any question, you can usually rely on the fact that when the agency's lips move, it's stretching the truth so far that it's as good as a lie. But from the start of Snowden's revelations, one of the NSA's tall tales has differed vastly from the others. It's so subtle and ubiquitous, such a consummate Big Lie, that even the surveillance-state's fiercest critics haven't spotted it. Can you? Let's play Find the Fib with this testimony to Congress last June from Deputy Attorney General James Cole (though, to be fair, he doesn't state the Big Lie outright but only implies it in the phrases I've emphasized): "[T]here's a great deal of minimization procedures that are involved here, particularly concerning any of the acquisition of information that deals or comes from US persons. As I said, only targeting people outside the United States who are not US persons." Want another hint? Check out the letter Director of National Intelligence James Clapper wrote Sen. Ron Wyden, though he too merely implies the Big Lie: "There have been queries … using US person identifiers, of communications lawfully acquired to obtain foreign intelligence targeting non-US persons reasonably believed to be located outside the United States … These queries were performed pursuant to minimization procedures approved by the FISA court and consistent with the statute and the Fourth Amendment." Yep, those are my emphases again -- and I included "Fourth Amendment" because that's the biggest clue of all. Here's the text of that strangled, mangled, moribund member of the Bill of Rights: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." Anyone see notation there about "US persons" and "non-US persons?" Yet for basically its entire existence, the NSA has pretended that the Fourth prohibits the government from searching American citizens without a warrant (not that that's stopped the spooks) while authorizing it to search the rest of the world willy-nilly. But the Fourth's language is so clear that even Clapper should comprehend it: without a warrant, the government may not "violate" anyone's "person, house, papers, and effects." Whether he's Australian or American, from Utah or Uzbekistan, living in or visiting Mexico or Massachusetts is irrelevant. "Wait a minute!" the NSA's bureaucrats sneer. "'People' is just a synonym for 'citizens.'" Wrong. The Founding Fathers wrote "citizen" when that's what they meant (remember, most of these Dead White Men were fluent in Greek and Latin, which is to say they understood and used language precisely). And though they employ "citizen" eleven times in the body of the Constitution, they mention only "people" and "persons" in the Bill of Rights. For example, when delineating the requirements for election to the House of Representatives, the Senate, and the presidency, the Constitution specifies the minimum number of years each official must have been a citizen. But when the Constitution concludes, and its amendments begin, "citizen" goes on hiatus. As you may recall from high-school history, the Anti-Federalists insisted on adding ten amendments to the Constitution, the partial list of liberties known as the Bill of Rights. Anti-Federalists distrusted and loathed government, even the Constitution's severely limited one: they eerily, accurately predicted today's creeping totalitarian state and tried to protect themselves with a written guarantee that the government would never restrict their speech, disarm them, spy on them, etc. The Anti-Federalists also realized that politicians and bureaucrats powerful enough to silence, disarm, and spy on foreigners will certainly pull the same stunts at home. That's why the Bill of Rights consistently says "people," as in the Ninth Amendment: "The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people." The nationality of the government's victim doesn't matter: politicians and bureaucrats may not silence, disarm, or spy on, etc., anyone. Then, bingo, when the Bill of Rights ends and nationality becomes pertinent again in the Eleventh Amendment, "citizen" pops up like clockwork. Of course, at this point, discussions of the Constitution are somewhat academic: our rulers have amply demonstrated their disdain for it and us. But, unlike Sen. Dianne Feinstein or German Chancellor Angela Merkel, we should be as livid when the Feds spy on others as when they spy on us. The Constitution clearly, adamantly prohibits both. Becky Akers is the author of two novels, Halestorm and Abducting Arnold. Both are set during the American Revolution, when Peeping Toms were horsewhipped rather than handsomely paid to spy on citizens.Permalink | Comments | Email This Story

Read More...
posted 2 days ago on techdirt
The LAPD wants you, Joe Citizen, to help it out with its surveillance. It has enlisted the help of a crowdsourcing tool called LEEDIR to collect photos and recordings from everyday people who may have additional footage of natural disasters or civil unrest that could help out both emergency responders and cops looking to put a few more demonstrators in jail. In today's announcement, earthquakes, terrorist attacks, and the Boston Marathon bombings were mentioned as scenarios in which LEEDIR could help law enforcement respond to disasters or large-scale public security threats. One might also imagine large citizen protests like Occupy Wall Street being the focus of such crowdsourced surveillance. It's unarguable that the addition of crowdsourced photos and video helped authorities track down the Boston Bombing suspects, which shows that there is some value to this service. But, as is pointed out by Xeni Jardin, it could also be used to build a database of people enjoying First Amendment-protected activities. Currently, the site is soliciting input for any info related to last week's party-turned-riot in Isla Vista, CA, where over 100 arrests were made and 44 people injured, including five police officers. The notice clearly states the police are "seeking to identify several subjects wanted for violent felonies that occurred during the evening." This is a potentially useful tool that isn't completely evil, but there are some definite concerns. For one, there's no real way to submit anything anonymously. You aren't required to input your name, but the app itself demands access to GPS data and any other communications-related metadata is likely hoovered up by LEEDIR when images and video are uploaded. There are also other questions left unanswered about the handling of the data submitted. According to today's announcement, agencies might typically retain uploaded content for a month or two, then delete it. But there's no requirement to delete it… And the way the system is accessed and used seems to lend itself to abuse. It's up to law enforcement to provide analysts or investigators to sort through all of the content uploaded to LEEDIR and find potential evidence… Once the content is uploaded, it belongs to law enforcement, [Co-Global CEO Nick] Namikas said. It's up to each agency to decide how long they want to store the content in the cloud – a service being provided by Amazon. An unfiltered influx of photos and videos curated by law enforcement officers. What could possibly go wrong? The tool may be aimed at natural disasters (which provides free access to police and emergency responders in the affected area), but paid subscriptions are available which would keep LEEDIR live at all times for any law enforcement agency willing to foot the bill. As if the potential negatives of this sort of crowdsourcing weren't apparent enough, there's also the very large problem of who's behind this new system. Under the leadership of disgraced former LA County Sheriff Lee Baca, the department is said to have conceptualized the web service and smartphone app, which was built by Citizen Global with Amazon… Baca's administration was plagued by corruption and scandal, and he resigned amid ongoing investigation into possible criminal activity. Certainly no such imperfect leader would misuse LEEDIR. But LA Sheriff's Dept. commander Scott Edson sees no downside: “I like to call this a flag-waving opportunity,” Edson said. “This is a great opportunity for the public who really wants to catch those guys as badly as any law enforcement agency wants to catch them. Now they’re going to have an opportunity.” Sure. Just like "see something, say something" filled DHS Fusion Centers with thousands of reports of people using cameras. With unfiltered access to whatever citizens submit, law enforcement can browse for unrelated criminal activity or simply use it to fill in the holes in their surveillance network. It's not that it couldn't help, as it did in the Boston Bombing. It's that the downside isn't even being considered by the proponents of the system, which include a former law enforcement official accused of corruption. There's seemingly no oversight to the program and absolutely no concerns being raised about privacy or the potentially endless retention of non-relevant footage and photos. Permalink | Comments | Email This Story

Read More...
posted 2 days ago on techdirt
In the wake of the serious Heartbleed flaw in OpenSSL, more people are becoming aware of how widely used and important open source encryption tools are, and how their security is too often taken for granted. Some people were already worrying about this back in September last year, when we learned that the NSA had intentionally undermined encryption by weakening standards and introducing backdoors. As Techdirt reported, that led to a call for a security audit of TrueCrypt, a very popular open source disk encryption tool. Fortunately, the Open Crypto Audit Project raised a goodly sum of money through FundFill and IndieGogo, which allowed the first phase of the audit to be funded. Here's what's now been done (pdf): The Open Crypto Audit Project engaged iSEC Partners to review select parts of the TrueCrypt 7.1a disk encryption software. This included reviewing the bootloader and Windows kernel driver for any system backdoors as well as any other security related issues. The good news: iSEC found no evidence of backdoors or otherwise intentionally malicious code in the assessed areas. However, it did still find vulnerabilities in the code it examined: the iSEC team identified eleven (11) issues in the assessed areas. Most issues were of severity Medium (four (4) found) or Low (four (4) found), with an additional three (3) issues having severity Informational (pertaining to Defense in Depth). Overall, the source code for both the bootloader and the Windows kernel driver did not meet expected standards for secure code. This includes issues such as lack of comments, use of insecure or deprecated functions, inconsistent variable types, and so forth. Because of that, among the recommendations that iSEC made was the following: Improve code quality. Due to lax quality standards, TrueCrypt source is difficult to review and maintain. This will make future bugs harder to find and correct. It also makes the learning curve steeper for those who wish to join the TrueCrypt project. That's an important point, and probably something that other open source projects might take to heart, too. Some have called into question whether Linus's Law -- that "all bugs are shallow, given enough eyeballs" -- is really true for free software (although Eric Raymond, author of "The Cathedral and the Bazaar", has offered a robust defense of that claim.) One reason why those eyeballs may not be finding the bugs is that the code, though open, is unnecessarily hard to read. The fact that vulnerabilities were found -- even if "all appear to be unintentional, introduced as the result of bugs rather than malice" as iSEC puts it -- is another reason why the second phase of the audit, which will look at the details of how the cryptographic functions have been implemented, is necessary. The discovery of "issues" in TrueCrypt's code also underlines why similar audits need to be conducted for all important open source security programs: if there are vulnerabilities in TrueCrypt, there are likely to be more elsewhere, perhaps much more serious. Finding them is largely a question of money, which is why companies currently free-riding on free software -- perfectly legally -- should start seriously thinking about making some voluntary contributions to help audit and improve them to prevent another Heartbleed. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
Interesting report over at the WSJ noting that some at Google are considering if they should boost the search results for sites that are encrypted as an attempt to encourage more widespread use of encryption. I would be a bit surprised if the company did this, as Google always claims that it's focus is entirely on the quality of the content of sites, and delivering people to what they're looking for. While the search algorithms do take into account things like page load time, it seems like encryption status might not be seen as a real indicator of quality. Still, I hope that Google does seriously consider such a move, because it could (very quickly) drive many more sites to encrypt -- and, it would probably (finally) drive more services that refuse to make encryption work to figure it out. For example, almost no media sites will do full encryption because it would effectively break most ad networks. So, for most media properties, going full encryption automatically means taking a huge hit in ad revenue. The various ad networks could do things to fix this, but very few of them seem interested (actually, very few of them seem to even understand the issue). If Google were to make this change, then the pressure coming from media properties (many of whom live and die based on their Google rankings) to ad networks to figure this out, would hopefully be enough to create a real shift.Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
Most folks don't really like flying for more than a few hours at a time, so it's not really a problem for a lot of people that most planes aren't even capable of flights lasting longer than day. (Zeppelins can fly for weeks at a time, but those ships haven't been flying regularly for a while.) Autonomous drones have been making some really long flights recently, and there may be more uses for aircraft that can stay up in the air for long periods of time. Here are just a few examples. Google has acquired Titan Aerospace for its solar-powered drone technology that can act as "atmospheric satellites" by flying for months or even years at a time. Google presumably outbid Facebook for this company, but regardless who bought this company, it sounds like wireless internet services could become more competitive with traditional wireline telcos/cablecos. Maybe. [url] The world's longest aircraft, the Airlander, is just over 300 feet long and can fly for a couple weeks. This particular Hybrid Air Vehicle (HAV) is a cross between a blimp and a zeppelin -- and a bigger version is designed to carry a 50-ton payload. [url] The Solar impulse 2 has a maximum speed of only about 85 mph, so it'll take more than a couple days to accomplish its flightplan to circumnavigate the globe. This solar-powered plane is expected to launch sometime in mid-2015, and it'll take a solo pilot almost a week to travel around the world. [url] If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
I think I've come to the realization that the debate over whether violent video games cause real-life violence is probably never going to end. Centuries from now, some new race of alien beings will be picking over humanity's remains like some kind of alien-Indiana Jones and think to themselves, "What the hell is this bullshit?" They'll look over fossilized papers about crazy video game hardliners who were running guns on the side, or studies that stated that violent games will breed violent children despite the relative lack of violent children present. Oh, the laughs they will have at our expense. But, it turns out, there is a way you can cause aggression in children through games. You just have to make really crappy games. Researchers at the Oxford Internet Institute and the University of Rochester took Half-Life 2, one of the most satisfyingly intuitive games ever made (in my opinion), and modified it, turning it into a game of tag rather than a first person shooter. Some users were given a tutorial, and others were simply thrown into the game. Those that did not get the tutorial were much more aggressive after playing. Andrew Przybylski from the Oxford Internet Institute: "This need to master the game was far more significant than whether the game contained violent material. Players of games without any violent content were still feeling pretty aggressive if they hadn't been able to master the controls or progress through the levels at the end of the session." So, all you have to do to make folks aggressive with a game is make it very difficult, counter-intuitive, and annoying. You know, like Battle Toads, Myst, or any game produced by Derek Smart. This explains why I used to go over to a friend's house, find him playing Bulls Vs. Blazers on his Sega, and would know for sure that the gaming session would eventually end with him ripping the cartridge out of the machine and chucking it at a wall (true story). The real question is: if we were going to tax violent games because we thought that's what made some kids violent, are we similarly going to tax shitty games for the same reason? It would make just as much sense, which is to say none, but it might be a good buttress against the ruination of the next ending to a Mass Effect game, amirite? Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
Well, this is interesting. I naturally assumed that when the various researchers first discovered Heartbleed, they told the government about it. While I know that some people think this is crazy, it is fairly standard practice, especially for a bug as big and as problematic as Heartbleed. However, the National Journal has an article suggesting that Google deliberately chose not to tell the government about Heartbleed. No official reason is given, but assuming this is true, it wouldn't be difficult to understand why. Google employees (especially on the security side) still seem absolutely furious about the NSA hacking into Google's data centers, and various other privacy violations. When a National Journal reporter contacted Google about the issue, note the response: Asked whether Google discussed Heartbleed with the government, a company spokeswoman said only that the "security of our users' information is a top priority" and that Google users do not need to change their passwords. Here's the thing: if the NSA hadn't become so focused on hacking everyone, it wouldn't be in this position. The NSA's dual offense and defense role has poisoned the waters, such that no company can or should trust the government to do the responsible thing and help secure vulnerable systems any more. And for that, the government only has itself to blame.Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
With the latest attempt at patent reform stalling out a bit, it's worth looking at how the last attempt to reform patents to stop abuse, 2011's America Invents Act, has helped solve the problem of bogus patents. Oh, actually, it hasn't. As Patently-O notes, patenting has continued to shoot up at an insane pace, setting new records along the way. Does anyone actually believe that the US has really become that much more inventive in just the past few years, or can we reasonably assume that the USPTO is passing a ton of crappy patents, ensuring that patent trolling activities over bad patents continue for decades to come? The latest dubious "record" is the USPTO granting over 6,000 utility patents in a single week. Because nothing says "innovation" like throwing over a quarter of a million monopolies into innovative markets every year. That's not helping innovation. It's throwing piles upon piles of sand into the gears of innovation.Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
Another FOIA lawsuit brought against the government by the EFF has resulted in the release of previously withheld documents. The papers cut loose this time detail the FBI's facial recognition database and other parts of its "Next Generation Identification" (NGI) program, one that aims to compile a collection of biometric data. EPIC's FOIA lawsuit over similar information revealed last year that the FBI's facial recognition software (as of 2010) had an acceptable margin of error of 20%. With a 1-in-5 chance of "recognizing" the wrong person, the accuracy of the database had nowhere to go but up. But it appears the FBI prioritizes quantity over quality, as the first number to hit you from the "released" documents is a big one. The records we received show that the face recognition component of NGI may include as many as 52 million face images by 2015. By 2012, NGI already contained 13.6 million images representing between 7 and 8 million individuals, and by the middle of 2013, the size of the database increased to 16 million images. The new records reveal that the database will be capable of processing 55,000 direct photo enrollments daily and of conducting tens of thousands of searches every day. The millions of images come from a handful of sources. Only 46 million of those images, however, will be from criminal databases. The other 6 million will come from other sources, not all of those necessarily related to criminal or terrorist activity. [T]he FBI does not define either the “Special Population Cognizant” database or the "new repositories" category [which account for nearly a million images]... A 2007 FBI document available on the web describes SPC as “a service provided to Other Federal Organizations (OFOs), or other agencies with special needs by agreement with the FBI” and notes that “[t]hese SPC Files can be specific to a particular case or subject set (e.g., gang or terrorist related), or can be generic agency files consisting of employee records.” These employee records may be tossed into the database along with the criminal records if the FBI chooses to assign these a Universal Control Number (UCN). And these records may become more common. As the EFF points out, if you submit your fingerprints as part of a pre-employment background check, these are added to the FBI's database. If employers decide they also want a pre-employment mug shot, that will head the FBI's way as well. The database will be populated with non-criminal photos and overseen by an agency that hasn't provided an updated Privacy Impact Assessment for its facial recognition program since 2008. The low resolution (often at 0.75 megapixels or less) makes this blending of hit/non-hit photos even more problematic, as it means the FBI's actual accuracy rate still hovers between 80-85%. But the agency has weasel-worded its way out of having to defend such a lousy accuracy rating. [T]he FBI has disclaimed responsibility for accuracy, stating that “[t]he candidate list is an investigative lead not an identification." Because the system is designed to provide a ranked list of candidates, the FBI states NGI never actually makes a “positive identification,” and “therefore, there is no false positive rate.” The FBI generates a "top 50 candidates" report from searches, which it claims is only an "investigative tool," not a starting point for any investigation. That's some remarkably devious dissembling. The agency won't ever be wrong because it's not even trying to be right! So, how exactly is this supposed to aid in investigations, if the best results are a grab bag of low-res photos dredged from a variety of sources, some of them non-criminal? The FBI doesn't say. All it says is that the "true candidate" will show up on the "top 50 list" 85% of the time -- and then only if the "true candidate" is already present in the database. The EFF asks the question the FBI hasn't asked itself, or at least hasn't shown any interest in answering honestly. It is unclear what happens when the “true candidate” does not exist in the gallery—does NGI still return possible matches? Could those people then be subject to criminal investigation for no other reason than that a computer thought their face was mathematically similar to a suspect’s? The FBI's "answer" shifts all the accountability to other law enforcement agencies. [T]he Bureau notes that because “this is an investigative search and caveats will be prevalent on the return detailing that the [non-FBI] agency is responsible for determining the identity of the subject, there should be NO legal issues.” The FBI, which hasn't updated its privacy protections in a half-decade, which knows that a majority of the photos in its database have a resolution only slightly above "useless" and which sees no problem with throwing photos of criminals and non-criminals into the same database, still has yet to see any significant pushback on its NGI expansion from anyone tasked with overseeing the agency. The fact that these documents were forced free via a FOIA lawsuit shows the FBI has no interest in sharing this info with the public. As for our representatives -- they either don't know or don't care, neither of which should make the represented happy. This program has some very serious issues, and it's only going to get worse unless someone outside the FBI intervenes. It's obvious from its caveat emptor-esque "policy" ("not our fault if you arrest the wrong pixelated suspect") governing law enforcement's use of the intermingled good guy/bad guy database that it has no interest in policing itself. Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
It's tax time again, when we all turn just a bit more Republican for a month or so, curse out the inept government that asks us to pay for all that they do, and emote a general grumbling attitude throughout the days. Fun, right? Part of what makes this time of year such a royal pain in the ass is that many of us pay to pay our taxes, using any number of accounting and tax prep services just to keep Uncle Sam off our backs. Last year, we wrote about how Intuit, the company behind TurboTax, was actively waging a campaign against the government free-filing program, in which the IRS offers to fill out much of the paperwork and allow citizens to e-file their taxes with minimal input. The program is entirely voluntary, but that didn't stop Intuit from raging against the machine, suggesting that the IRS would overcharge the poor and that the program would, like, really hurt their business (honesty!). It turns out that trying to stifle people's ability to simplify their own lives and file their taxes for free wasn't all that great for the old public relations department, however, so Intuit has instead decided to go the sneaky route and get a bunch of unwitting mouthpieces to do it for them. Over the last year, a rabbi, a state NAACP official, a small town mayor and other community leaders wrote op-eds and letters to Congress with remarkably similar language on a remarkably obscure topic. Each railed against a long-standing proposal that would give taxpayers the option to use pre-filled tax returns. They warned that the program would be a conflict of interest for the IRS and would especially hurt low-income people, who wouldn't have the resources to fight inaccurate returns. Rabbi Elliot Dorff wrote in a Jewish Journal op-ed that he "shudder[s] at the impact this program will have on the most vulnerable people in American society." So you're wondering where the problem in all of this is? Well, it turns out these folks didn't just independently decide to write the same op-eds. It would appear that they were approached by groups affiliated with Intuit and asked to write them. The folks targeted weren't informed of the connection, either. Rabbi Dorff says he was approached by a former student, Emily Pflaster, who sent him details and asked him to write an op-ed alerting the Jewish community to the threat. What Pflaster did not tell him is that she works for a PR and lobbying firm with connections to Intuit, the maker of best-selling tax software TurboTax. "I wish she would have told me that," Dorff told ProPublica. You think? What once appeared to be some kind of grassroots campaign by the concerned public towards what might be a real issue suddenly has devolved into a public relations blitz undertaken through dishonest means by corporate interests. In other words, it's the same message we got last year, and from the same source, but that source is hiding behind unwitting accomplices. The underhanded deeds weren't over, however. The website of Pflaster's firm, JCI Worldwide, had listed Intuit among its clients, but removed it after ProPublica contacted them. Pflaster said Intuit had been listed by mistake.... That's quite an error to make and quite a coincidental time for that error to be "corrected." And, while Intuit's only comment on the matter was some general mumblings about how they use multiple avenues to improve "tax empowerment" of the public, it's a special kind of shady that refers to demonizing an entirely optional and free government service as empowerment of the public. Meanwhile, of course, Intuit has lobbied heavily on bills related to free-filing. In the end, there may indeed be flaws in the government's free-filing program and process. Actually, it'd be a bit of a shock if there weren't flaws. But it's voluntary, and the solution to those flaws is most certainly not subterfuge and dishonest attempts to coerce a public through their religious leaders.Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
So, the Guardian and the Washington Post won the Pulitzer for "public service" for their coverage of the NSA's surveillance activities. We mentioned how this should really end the debate over whether or not Ed Snowden was a whistleblower or not, but knew that would never happen. We'd already covered Rep. Peter King's incensed response, but an even more amusing response has to be the one from John Yoo. You may recall Yoo as the guy in the George W. Bush administration who basically shredded the Constitution in "authorizing" the CIA's torture program. He's weighed in a few times about the NSA stuff, arguing that the NSA shouldn't have to obey the Constitution because it takes too long and insists that the courts have no role in determining if something violates the 4th Amendment. For reasons that are beyond comprehension, the political color commentary sportscasters at Politico decided to ask Yoo if the Pulitzer vindicated Snowden, and he (of course) answered with an emphatic no, though in a way that suggests he still has no clue what this story is about: John Yoo, a former deputy assistant attorney general and author of the 2002 memos advising the CIA’s use of enhanced interrogation techniques, said the Pulitzer committee’s decision did not vindicate Snowden. “I’m not surprised the Pulitzer committee gave The Washington Post a prize for pursuing a sensationalist story, even when the story is a disaster for its own country,” he said. “I don’t think we need automatically read the prize as a vindication for Snowden’s crimes. Awarding a prize to a newspaper that covered a hurricane does not somehow vindicate the hurricane, [and] awarding a Pulitzer for a photo of a murder does not somehow vindicate the crime.” Except, of course, the award was not for their coverage of Snowden's actions (mislabled "crimes") by Yoo, but rather the NSA's actions. So if we replace "Snowden's crimes" in the quote above with "the NSA's crimes" the quote actually makes some sense. The reporting certainly was no vindication of the NSA -- quite the opposite. The award itself was always for the reporting on the NSA, and the reason it vindicates Snowden (and which Yoo seems unable to comprehend) is because without Snowden, there would be no reporting on the NSA's unconstitutional and illegal behavior. There would be no "national debate" on the surveillance state, and there would be no ongoing effort in all three branches of government to change how the intelligence community spies on people. The award wasn't for reporting on Snowden. It was on the NSA. And it's that reporting that vindicates Snowden. It's simply crazy that folks like Yoo are so focused on hating Snowden that they still don't seem to realize that.Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
Sen. Feinstein seemed incredibly outraged that her office was spied on by the CIA in its efforts to keep a torture report under wraps. This was noted with some attendant irony, given Feinstein's boisterous support of the NSA's surveillance efforts. Now, she's stepped into irony again, opening an investigation of McClatchy News for leaking a condensed, bullet-points-only summation of the findings hidden within the still-unreleased 6,600-page "torture report." The Senate Intelligence Committee has opened an investigation into how McClatchy obtained the classified conclusions of a report into the CIA’s use of waterboarding and other harsh interrogation tactics, the panel’s chairwoman said Friday. Sen. Dianne Feinstein, D-Calif., said she was also referring the case to the Justice Department for investigation. “If someone distributed any part of this classified report, they broke the law and should be prosecuted,” Feinstein said in a prepared statement. “The committee is investigating this unauthorized disclosure and I intend to refer the matter to the Department of Justice.” Unauthorized disclosure, maybe. But it's looking more and more like the only way Americans are ever going to see the inside of the infamous report is via unauthorized channels, what with the CIA asking for redaction privileges. This is the same Senator who fought the CIA over control of this report, only now she wants to control how the information is fed to the public. The investigation of the CIA wasn't performed just because Washington had money to waste. Supposedly this was done in the public interest, even if almost everyone involved has done as much as they can to keep the information out of the public's hands. It's the kind of government no one wants: one that internalizes its investigative efforts and withholds the findings. The public is frequently treated like an unwanted side effect of governing. "Shut up," Feinstein explained, "or we'll make you regret ever speaking up." Disappointing, yes. But worse, it's predictable. McClatchy isn't happy. “We are disappointed that Sen. Feinstein plans to seek a Justice Department investigation of our journalism,” said James Asher, McClatchy’s Washington bureau chief. “We believe that Americans need to know what the CIA might have done to detainees and who is responsible for any questionable practices, which is why we have vigorously covered this story.” Asher is right about the public knowing, which is ostensibly the endpoint of investigations like these. But now that it's all been compiled, representatives are (somewhat inadvertently) joining forces with the same agency they decried and throwing as much dirt as they can over any exposure. There's a slim chance that much of the 480-page "executive summary" will survive the rounds of redactions headed its way. For McClatchy to release a 2-page summary is a drop in bucket compared to the voluminous whole. The DOJ will now (possibly) start searching for yet another whistleblower, one who felt the refusal to discuss the contents beyond vague generalities was an intellectually dishonest move by those heading the investigation. But it's even more wrongheaded for Feinstein to request an investigation into this leaked document, only a few months removed from the CIA asking the DOJ to investigate Feinstein's staffers for their "unauthorized removal" of documents. It's apparently OK to take "unauthorized" documents if you're a Senator, but not so much if you're a journalist. Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
Monday was the deadline for amici briefs over whether or not the 9th Circuit should rehear, en banc, the Garcia v. Google debacle, in which Alex Kozinski made a bunch of highly questionable decisions in ruling that actress Cindy Lee Garcia deserves a copyright in her 5-second performance shown in the controversial 13-minute "trailer" known as Innocence of Muslims. The 9th Circuit made it clear that it would welcome briefs from anyone who wanted to file them, and a bunch of organizations and companies have been lining up to do so. You can see the full list of briefs here, though at the time I write this, it's still being updated. If I get the chance I'll try to review some of the other briefs soon. However, I wanted to write about one such brief first: ours. After some consideration, we teamed up with the Organization for Transformative Works to file our own brief concerning "intermediary liability." While the 9th Circuit noted it would accept briefs from all interested parties, it also said those briefs had to be shorter than 2,500 words, which is not a lot of space to make complex legal arguments. We fully expected many others to focus in on all of the (many, many) troubling copyright aspects in Kozinski's ruling, but wanted to raise a separate (and, in some ways, larger) issue that was almost entirely ignored by the ruling: that third parties should not be blamed for the actions of their users -- and that Judge Kozinski's broad injunction did just that. Lawyer Cathy Gellis wrote up an amicus brief on our behalf, highlighting Congress's clear intent in both Sections 230 of the CDA and 512 of the DMCA in providing safe harbors from liability for third parties, in order to encourage them to support free and open dialogue and discourse online, without fear of legal repercussions. As our brief argues, while many have ignored Section 230 (which excludes intellectual property), it should be quite clear that Garcia's case was really nothing more than an attempt to misuse copyright law in order to get around Section 230 and to hold a third party liable. Furthermore, as we've noted in the past, Judge Kozinski's injunction appears to go well beyond what the law says is appropriate in responding to copyright claims. There is a reason why Congress was so intent on providing safe harbors, recognizing the incentives for broad censorship when you blame service providers for the actions of their users. Judge Kozinski appears to have ignored nearly all of Congress' intent in his ruling, and we're hopeful that (among the many other reasons why his ruling should be reviewed), the rest of the 9th Circuit will recognize that the original ruling has serious First Amendment implications, beyond just the basic copyright questions.Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
Somewhat late to the game (by about a week), after the Heartbleed vulnerability was publicly revealed, and a few days after it was reported and denied that the NSA was already well aware of Heartbleed and exploiting it, the NSA has put out a one page PDF about Heartbleed. This seems like something of a too little, too late effort by the NSA to live up to its semi-promise of a "bias" towards revealing vulnerabilities over exploiting them. However, that leads to the simple question that plenty of people should be asking: given everything you've learned about the NSA recently (or, well, for years), would you trust the NSA's advice on how to deal with Heartbleed? Not that I think the NSA would publicly suggest anything bad, but at this point, the NSA has a serious trust problem in convincing anyone engaged in computer security that they have their best interests in mind.Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
While AT&T, Comcast, and Verizon have argued -- with incredible message discipline -- that network neutrality is "a solution in search of a problem," that's simply not true. There are many concrete examples of network neutrality violations around the world. These network neutrality violations include ISPs blocking websites and applications, ISPs discriminating in favor of some applications and against others, and ISPs charging arbitrary tolls on technology companies. We have seen network neutrality violations all over the world. Even in the U.S., there have been some major violations by small and large ISPs. These include: The largest ISP, Comcast, secretly interfering with peer-to-peer technologies, including some of the most popular basic technologies used to distribute online TV and music (2005-2008); A small telephone ISP called Madison River blocking Vonage, a company providing competing telephone service online (2005); Apple blocking Skype on the iPhone, subject to a secret contract with AT&T, a company that competes with Skype in providing telephone service (2008-2009); Verizon, AT&T, and T-Mobile blocking the functionality of Google Wallet on Nexus devices, while all three of those ISPs are part of a competing mobile payments joint venture called Isis (late 2011- +today); and Comcast's disputes with Level 3 and Netflix over termination fees, and the appearance that Comcast is deliberately congesting its network connections to force Netflix to pay Comcast for an acceptable connection (2010- +today). In other countries, including democracies, there are numerous violations. In Canada, rather than seeking a judicial injunction, a telephone ISP used its control of the wires to block the website of a union member during a strike against that very company in July 2005. In the Netherlands, in 2011, the dominant ISP expressed interest in blocking against U.S.-based Whatsapp and Skype. In the European Union, widespread violations affect at least 1 in 5 users. That is the conclusion of a report issued in June of 2012 by the Body of European Regulators for Electronic Communications (BEREC), a body composed of the regulatory agencies of each EU country. Most of these restrictions were on online phone services, peer-to-peer technologies (which are used not only by copyright pirates, but also in a variety of well-known technologies, including Skype and several Amazon cloud services), as well as other specific applications "such as gaming, streaming, e-mail or instant messaging service." ISPs block and discriminate against applications and websites even in countries that require disclosure of the violations and even in countries with far more competition among ISPs than the U.S. A recent Oxford dissertation on the topic explores the wide-scale blocking and discrimination in the United Kingdom, a market with both considerable competition among ISPs and robust disclosure laws. Essentially, a specific rule that would be upheld in court is necessary protect network neutrality and address a major, global problem. * Footnote: Thanks to Stanford professor Barbara van Schewick, whose recent letter to the FCC inspired my thinking in this post.Permalink | Comments | Email This Story

Read More...
posted 3 days ago on techdirt
At long last, there finally seems to be a recognition by members of the judicial branch that they are, in fact, there to provide checks and balances against government overreach. We've already covered the recent orders by Magistrate Judge John Facciola, who has twice sent the government back to fix its overly broad warrant requests seeking access to email accounts and cell phone content. (This is tempered somewhat by another Facciola decision, which declared the law enforcement agency in question didn't need a search warrant for a supposedly "abandoned" phone.) Facciola isn't the only judge pushing back against the government's vague warrant requests, however. In the past year, U.S. magistrate judges John Facciola in Washington, D.C., and David Waxse in Kansas City, Kan., have rejected or modified a number of applications for warrants to search people's emails and other electronic communications at Internet firms such as Google Inc. and Yahoo Inc. The rulings go against the grain of a federal judiciary that has generally approved them, according to current and former law-enforcement officials. They also come against the backdrop of a legal and political debate over the scope of government surveillance that has raged since the National Security Agency's bulk collection of phone records was revealed last summer. At issue is the Justice Department's two-step process of obtaining all emails and other electronic information in the accounts of a person under investigation, and then using names and keywords to sift through it in hopes of finding evidence of wrongdoing. The judges have ruled the government needs to refine its requests to comply with the Fourth Amendment, which protects against unreasonable searches. This has been the government's process for years: obtain everything and keep whatever is deemed "relevant" to the case. Both of these judges appear to realize that they are the last line of Fourth Amendment defense between the government and the public. Presumably, the Snowden leaks have played a part in this altered mindset. As both judges have pointed out in their orders, what the government has routinely sought is unbounded access to communications via unconstitutional warrants. These two have suggested an alternate route, if the government can't manage to operate within the constraints of the Constitution. Both judges have suggested Internet service providers and other Web firms could do their own searches based on specific guidance from the Justice Department, and turn over only the information that appears relevant to an investigation. They have also proposed systems in which a court-appointed official or others could perform the initial search, providing a buffer between investigators and bulk data. Of course, the government thinks these are terrible ideas. "I don't think ISPs or email providers have the institutional competence to conduct the searches of their customers for evidence of crimes," said Neil MacBride, a former U.S. attorney in Virginia who described the magistrate judges' rulings as "outliers." Maybe. Maybe not. But it's clear the government is no better than the private sector at performing targeted searches. Instead, it simply demands everything and expects to be trusted to only take a look at what is pertinent. Despite the fact that the government routinely asks (or rather, expects) the judicial branch, along with those defending the accused, to simply trust it with petabytes of someone's personal data, it seems completely unwilling to trust a private company with fulfilling searches for relevant data on its behalf. The days of the government simply saying "it's complicated" and running broad warrant requests past technically-incompetent judges might finally be numbered. Judge Waxse said he believed more people would come around to his view if they better understood recent technological advances and how service providers operate. "What Facciola and I are saying is, use what is now developed, and you can comply with the Fourth Amendment," he said. "There are too many lawyers and judges who don't have a clear grasp of how it all works." This is also part of the problem. Far too often, technically-ignorant judges have credulously accepted the government's arguments because they don't have the knowledge to challenge these assertions. They could seek the input of those who can parse the technological demands, but rather than do so, this crucial part of the system of checks and balances has simply allowed the government to portray its circumvention of the Fourth Amendment as unavoidable. Following the revelations of the last several months, including documents showing the NSA misrepresented its bulk records collections for nearly three years straight, the government has been shown it cannot be trusted with unlimited access to people's data and content. Hopefully, this pushback from the judicial branch will become the new standard. Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
The web is a dangerous place these days. Akamai, which many large companies rely on for hosting as a CDN, has admitted that its Heartbleed patch was faulty, meaning that it was possible that the SSL keys "could have been exposed to an adversary exploiting the Heartbleed vulnerability." Akamai had already noted that it was more protected against Heartbleed than others, because of custom code it had used for its own OpenSSL deployment. However, as researchers looked through that custom code, they found some significant defects in it. Some people have been arguing that the Heartbleed bug highlights a weakness in open source software -- but that's not necessarily true. Pretty much all software has vulnerabilities. And, sometimes, by open sourcing stuff you can find those vulnerabilities faster.Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
Digital cameras are almost everywhere, and they're getting smaller and smarter. Whole new categories of cameras are being developed that don't need lenses or don't need large sensors. Instead, algorithms are being used to manipulate digitized light rays to create impressive images without traditional camera components. Here are just a few examples. Rambus is developing a super tiny camera that could be embedded in almost anything. The imaging from this lensless sensor is pretty low resolution, but it's good enough for many situations, and it could even record video. [url] Capturing 3D images with a single lens camera can be done without moving the camera. The trick is done by taking a picture of the same object but focused at different depths. The technique is called "light field moment imaging" and uses an algorithm to create the stereoscopic images. [url] Bell Labs is working on single pixel, lensless cameras. The technique used here is called "compressive sensing" and relies on a randomized array of apertures to collect multiple snapshots that can re-create a high-resolution image. The applications aren't exactly obvious, but perhaps astronomers or photographers of slow-moving subjects would be interested. [url] If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
As the times continue to change, the past few years have seen a notable increase in LGBT characters appearing in video games. Not that this is any kind of major victory, of course, but it is probably an imperfect barometer for public tolerance of our fellow human beings. There's obviously still a long way to go, and not everyone is embracing tolerance as much as I would personally prefer, but that's okay. These things take time and it's important that we listen to all sides and engage in the debate with integrity, honesty, and respect. What can make this difficult and challenging is when the worlds of two different, but important, issues you have collide. Such is the case with an upcoming mobile game called Ultimate Gay Fighter, which is finding itself forced to change that name due to legal pressure, likely over a trademark. According to Handsome Woman Productions, the company in question "believes the UGF brand and related mobile gaming product threatens one of their reality TV series/fighting competition brand." As a result, the developer is unable to defend the game's current name against what founder Michael P. Venker calls a billion-dollar company. "We have a trademark pending, but the prospect of a potential lawsuit is very intimidating," Venker said. "We don't have the funds to compete with their take-no-prisoners approach. We offered them solutions, but this company remains firm in believing our Ultimate Gay Fighter brand threatens their brand, despite vast differences in our customer base and product." You don't need to be a master at reading between the thinly-veiled lines to understand that Venker is almost certainly referring to the UFC, or Ultimate Fighting Championship, and their reality TV show, The Ultimate Fighter. They're really the only ones that fit the parameter here. And, while UGF is going ahead and caving to the name change, and looking to crowdsource a new name from their fanbase, it seems likely that they'd at least have a case in challenging the threat in court. Trademark, after all, was built to prevent customer confusion, and it's unlikely that any UFC fan is going to think that UGF is affiliated with the fighting company. In addition, the whole concept behind the game appears to be one of parody, which would be protected as fair use. Where this all gets tricky is that there's a whole lot to hate in Ultimate Gay Fighter. In Ultimate Gay Fighter, a forthcoming brawler for iOS and Android, players take on the role of a variety of iconic gay caricatures, including a drag queen, a butch lesbian, an Asian 'twink', a gym bunny, a golden-chain wearing African-American rapper and a drunken bisexual woman. Each character wields a comedic 'gaytality' move that makes reference to common LGBT jokes. The caricatures are crude at best and, in my opinion, not particularly funny. That said, my opinion means eff-all when it comes to free speech and my sense of allowing speech to rule the day outweighs my offense: UFC shouldn't be bullying this game out of their name. And no, before everyone gets started on my regular attacks on the Washington Redskins organization, this isn't even close to being the same thing. There's nothing inherently offensive in the name Ultimate Gay Fighter, "gay" isn't recognized as having a detrimental definition, and in this case we're talking about taking away speech rights, not opening them up to everyone. Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
We've already been discussing how President Obama has told the NSA it can continue exploiting computer security flaws, rather than fixing them, and also how the NSA's offensive and defensive roles are incompatible with each other. However, I wanted to highlight a more concerning point raised by Julian Sanchez about the NSA and Heartbleed in the article about the NSA's dual role: and it's that, even granting the fact that the NSA might not have known about Heartbleed until it became public, the NSA could still use it to their advantage, in part because it has so much old encrypted data stored up: Here, however, is the really crucial point to recognize: NSA doesn't need to have known about Heartbleed all along to take advantage of it. The agency's recently-disclosed minimization procedures permit "retention of all communications that are enciphered." In other words, when NSA encounters encryption it can't crack, it's allowed to – and apparently does – vacuum up all that scrambled traffic and store it indefinitely, in hopes of finding a way to break into it months or years in the future. As security experts recently confirmed, Heartbleed can be used to steal a site's master encryption keys – keys that would suddenly enable anyone with a huge database of encrypted traffic to unlock it, at least for the vast majority of sites that don't generate new keys as a safeguard against retroactive exposure. If NSA moved quickly enough – as dedicated spies are supposed to – the agency could have exploited the bug to steal those keys before most sites got around to fixing the bug, gaining access to a vast treasure trove of stored traffic. As Sanchez notes, this creates a dilemma for those who discover such flaws. Normally, they should want to reveal such things to the NSA to help with protecting networks. But doing so now might expose more risk. And, in fact, it seems likely that the NSA was aware of the bug prior to its revelation to the public. Note that in its denial of the Bloomberg story, it just says it wasn't aware prior to "April 2014," but not on which date in April it found out about it. Thus, it's likely the NSA had a heads up, and could collect a bunch of private keys to use against its encrypted data store for a few days before everyone else was informed to fix the vulnerability.Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
Rep. Peter King has made it clear that he will stop at nothing to attack anyone who thinks Ed Snowden did something useful. He was one of the first to call for the reporters who revealed the NSA's surveillance to be prosecuted and has no qualms about lying to get his way. He's even gone so far as to argue that anyone who claims the NSA is "spying" or "snooping" is committing slander. His main beef is his supposed belief that Snowden and anyone reporting on the facts he revealed are somehow "appeasing" terrorists. Of course, that's quite ironic, given King's history as a major terrorist appeaser in supporting the IRA decades ago, even as they were blowing up buildings that resulted in death and injury to many. However, it's long been clear that King has no self-awareness and no understanding of his own hypocrisy. Within minutes of the Pulitzers announcing that one of its prizes was being given to the publications that reported on the Ed Snowden documents, King angrily tweeted his disgust: Awarding the Pulitzer to Snowden enablers is a disgrace — Rep. Pete King (@RepPeteKing) April 14, 2014 Notice that King refers to two respected news publications and countless journalists as "enablers" rather than journalists. There's only one person who's a disgrace in this situation and it's Rep. Peter King. Someone might want to send him a copy of the First Amendment, and its parts about freedom of the press. King seems to have forgotten his oath to uphold that part of the Constitution.Permalink | Comments | Email This Story

Read More...
posted 4 days ago on techdirt
While various arbitrary prizes and awards may not mean much in the grand scheme of things, it's still quite heartening to see that the Guardian and the Washington Post were awarded a Pulitzer for public service for their reporting on the NSA via the Ed Snowden documents. For a distinguished example of meritorious public service by a newspaper or news site through the use of its journalistic resources, including the use of stories, editorials, cartoons, photographs, graphics, videos, databases, multimedia or interactive presentations or other visual material, a gold medal. Awarded to The Washington Post for its revelation of widespread secret surveillance by the National Security Agency, marked by authoritative and insightful reports that helped the public understand how the disclosures fit into the larger framework of national security. and Awarded to The Guardian US for its revelation of widespread secret surveillance by the National Security Agency, helping through aggressive reporting to spark a debate about the relationship between the government and the public over issues of security and privacy. Glenn Greenwald, Laura Poitras, Bart Gellman and Ewan McCaskill (among others at both publications) should be congratulated for the work they put into the original stories and for all of the followup in the face of ridiculous levels of criticism from those who were embarrassed by Snowden's whistleblowing. Separately, with the Pulitzers recognizing that such reporting was a public service, can we finally stop people from claiming that Snowden was a "traitor" and admit that what he did was clearly whistleblowing in the furtherance of the public interest?Permalink | Comments | Email This Story

Read More...