posted 7 days ago on techdirt
There have been questions of when (not if) the next "Ed Snowden" situation would show up. There certainly have been a few recent leaks that appear to have been from folks other than Snowden, but they've mostly been one-off leaks. However, this morning, Al Jazeera is claiming that it got its hands on a huge trough of spy documents, in the form of cables from South Africa's spy agency, the State Security Agency (SSA), and it will begin reporting on what's in those documents, in collaboration with reporters at The Guardian: Spanning a period from 2006 until December 2014, they include detailed briefings and internal analyses written by operatives of South Africa's State Security Agency (SSA). They also reveal the South Africans' secret correspondence with the US intelligence agency, the CIA, Britain's MI6, Israel's Mossad, Russia's FSB and Iran's operatives, as well as dozens of other services from Asia to the Middle East and Africa. The files unveil details of how, as the post-apartheid South African state grappled with the challenges of forging new security services, the country became vulnerable to foreign espionage and inundated with warnings related to the US "War on Terror". As Al Jazeera points out, this is not "signals intelligence" (SIGINT) material, but rather "human intelligence" (HUMINT) of the kind normally done by the CIA, rather than the NSA. It's about spies on the ground -- and also, according to Al Jazeera, their humdrum daily office existence. Honestly, it almost sounds like the plot of a bad sitcom: come work at a premier national intelligence agency... and bitch about the lack of parking: At times, the workplace resembles any other, with spies involved in form-filling, complaints about missing documents and personal squabbles.... One set of cables from the Algerian Embassy in South Africa relates to a more practical concern. It demands that "no parking" signs are placed in the street outside. The cable notes that the British and US embassies enjoy this privilege, and argues that it should be extended to Algeria as well. Whether or not this latest leak turns up anything more interesting than parking disputes, it is worth noting that another trove of intelligence documents have leaked...Permalink | Comments | Email This Story

Read More...
posted 7 days ago on techdirt
This week is Fair Use Week, according to the Association of Research Libraries, and that's as good a time as any to remind everyone that it's wrong to refer to fair as merely a "limitation or exception" to copyright law -- or merely a defense to infringement. It is a right that is protected by the First Amendment. The Supreme Court has regularly referred to "fair use" as a "safeguard" of the First Amendment, allowing copyright law to be compatible with the First Amendment. As such, it seems bizarre that fair use is not seen as the default, rather than the other way around. If we are to protect the First Amendment, and not allow for speech to be stifled, at the very least, we need a greater recognition of the importance of fair use in guaranteeing that the First Amendment's principles of free speech are allowed to thrive. Freedom of expression is a right that may not be abridged by the government -- except in a few narrowly defined cases. Copyright is one of those cases -- and we can argue about whether or not that's appropriate, but at the very least, it's important to shift our view from thinking "copyright" is the norm and that fair use is a small "exception," to one where we recognize that free expression is the norm, with fair use making sure that freedom of expression is enabled, even when copyright is present. Unfortunately, too many powers that be in legacy industries have sought to flip this equation. They deny that fair use is a right -- insisting it is merely a "defense" to infringement. While it is true that under current law, in order to be able to demonstrate your fair use rights, you need to raise it as an affirmative defense to an accusation of copyright infringement, that does not diminish the fact that fair use is simply a procedure for guaranteeing your First Amendment rights. It is not a small issue that's only important in academic debate, but rather a central issue that determines just how strongly we, as a society, believe in the First Amendment. Finally, how could we conclude a post on fair use without including some fair use in it? How about this video, misleadingly called The Infringement Melody (Section 107 of the Copyright Act clearly states that "the fair use of a copyrighted work... is not an infringement of copyright"), which appears to be a student project to come out of a popular Yale class on Law, Technology and Culture, in which fair use is a big part of the curriculum: F-A-I-R U-S-E... find out what it means to me! Also, be on the lookout for tomorrow's podcast... all about fair use as well.Permalink | Comments | Email This Story

Read More...
posted 7 days ago on techdirt
Apparently, execs at Gemalto went to the same crisis management training program as the top execs at Lenovo. As you probably recall, last week The Intercept revealed that the NSA and GCHQ had hacked into the systems at Gemalto, the world's largest maker of SIM cards for mobile phones, in order to get access to their encryption keys. This is a pretty massive security breach, allowing these intelligence agencies to decrypt calls that people thought were encrypted. But Gemalto insists its SIM cards are perfectly secure: “Initial conclusions already indicate that Gemalto SIM products (as well as banking cards, passports and other products and platforms) are secure and the Company doesn’t expect to endure a significant financial prejudice.” This sounds an awful lot like Lenovo's initial reaction to the reports about the Superfish/Komodia vulnerability it shoved onto many of its customers computers, saying (totally incorrectly): We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns. Lenovo, at least, pretty quickly changed its tune and admitted to it being a major problem. Of course, there are some differences here. With Lenovo, the company had made the choice to include Superfish -- whereas the Gemalto hacking was done (obviously) without the company's knowledge. You'd hope that the company would be much more upfront about the seriousness of the issue, rather than insisting that everything is just fine and dandy. Of course, it's that last phrase -- about not having to "endure a significant financial prejudice" -- that shows what's really going on. Gemalto's stock price took a huge hit, and the company is trying to assure investors that everything is okay -- not necessarily its customers. See if you can tell when the news about this came out? So now the question is, which is more important to Gemalto? Keeping its stock price up or its users secure?Permalink | Comments | Email This Story

Read More...
posted 7 days ago on techdirt
With each passing day, it appears that new revelations come out, detailing how the Komodia/Superfish malware is even worse than originally expected. If you don't recall, last week it came out that Lenovo was installing a bit of software called "Superfish" as a default bloatware on a bunch of its "consumer" laptops. The software tried to pop up useful alternative shopping results for images. But in order to work on HTTPS-encrypted sites, Superfish made use of a nasty (and horribly implemented) "SSL hijacker" from Komodia, which installed a self-signed root certificate that basically allowed anyone to issue totally fake security certificates for any encrypted connection, enabling very easy man-in-the-middle attacks. Among the many, many, many stupid things about the way Komodia worked, was that it used the same certificate on each installation of Superfish, and it had an easily cracked password: "komodia" which was true on apparently every product that used Komodia. And researchers have discovered that a whole bunch of products use Komodia, putting a ton of people at risk. People have discovered at least 12 products that make use of Komodia. But it gets worse. Filippo Valsorda has shown that you didn't even need to crack Komodia's weak-ass password to launch a man-in-the-middle attack, but its SSL validation is broken, such that even if Komodia's proxy client sees an invalid certificate, it just makes it valid. Seriously. At this point a legit doubt is: what will the Komodia proxy client do when it sees a invalid/untrusted/self-signed certificate? Because copying it, changing its public key and signing it would turn it into a valid one without warnings. Turns out that if a certificate fails validation the Komodia proxy will still re-sign it (making it trusted), but change the domain name so that a warning is triggered in the browser. Okay, but at least there's a warning, right? Well, no, because... as Valsorda notes, there's another horrible part of the implementation that gets around this: alternative names. The Komodia proxy copies the server certificate almost entirely... What will it do with alternative names? Alternative names are a X509 extension that allows to specify in a special field other domains for which the certificate is valid. Boom. The Komodia proxy will take a self-signed certificate, leave the alternate names untouched and sign it with their root. The browser will think it's a completely valid certificate. So all you need to do to bypass verification is put the target domain in the alternate field, instead of in the main one that will be changed on failure. An attacker can intercept any https connection, present a self-signed certificate to the client and browsers will show a green lock because Komodia will sign it for them. As Valsorda points out, because of this, attackers don't even need to know which Komodia-compromised software you're running. They can just fuck with them all. Thought we were done with how bad this is? Nope. Not yet. Because another security researcher, going by the name @TheWack0lian, found that Komodia uses a rootkit to better hide itself and make it that much harder to remove. Komodia appears to have implemented its system in the worst way possible, and a whole bunch of companies agreed to use its product without even the slightest recognition of the fact that they punched a massive vulnerability into the computers of everyone who used their products. What's really stunning is that many of these products actually pitch themselves as "security" products to better "protect" your computer.Permalink | Comments | Email This Story

Read More...
posted 7 days ago on techdirt
As you may have heard, last night was the Oscars -- Hollywood's favorite back-patting celebration. However, as a recent study found, films that were nominated for Oscars saw the number of unauthorized downloads and streams surge, as people wanted to make sure they had seen these celebrated films. Films like American Sniper and Selma saw a massive increase in unauthorized downloads after being nominated. The company that did this study, Irdeto, argues that these unauthorized downloads represent a major loss for the films' producers -- but it seems like there's another explanation: the MPAA really ought to be targeting the Oscars for encouraging infringement. After all, for the past few years, the MPAA has been on a rampage trying to blame other third parties, like Google, which Hollywood insists is leading to greater infringement -- and yet, here's pretty obvious proof of another "cause" of piracy. Sure, one could argue (as we have, many times) that the lack of authorized, legitimate versions of these offerings may be contributing to the unauthorized downloads -- but the MPAA has insisted over and over again that this isn't fair. So, we'll take the MPAA at its word, and assume that the real culprit is "the Oscars" itself. Clearly, it's time to get rid of that major promoter of piracy. Just a few weeks ago, we noted that nearly all of the Oscar-nominated films were quickly finding their way online (in HD format, no less), and it's pretty clear that there would be a lot less demand if they weren't nominated. Sure, one might argue, that the more popular a film is, and the more attention it gets, the more piracy will be the result -- but, again, the MPAA angrily dismisses such claims, insisting that it must be other factors leading to piracy. And, from the Irdeto study, it certainly appears that one major factor is... the Oscars. I expect that the legal geniuses at the MPAA are now huddling in a circle figuring out which Attorney General they can convince to front a legal assault on the Oscars -- and this will all come out in the next batch of hacked emails....Permalink | Comments | Email This Story

Read More...
posted 7 days ago on techdirt
Last month, BlackBerry CEO John Chen tried to kiss up to major wireless carriers on the issue of net neutrality with a truly bizarre missive that received ample mockery in the technology press. Basically, Chen tried to argue that we don't need tough neutrality rules -- but we really should consider rules that force app developers to make content for unpopular mobile platforms. Like oh, BlackBerry, which after endless missteps now controls just 2% of the smartphone market. This was, to hear Chen tell it, because when companies refuse to make apps for unpopular platforms they're violating something Chen called "app neutrality": "Netflix, which has forcefully advocated for carrier neutrality, has discriminated against BlackBerry customers by refusing to make its streaming movie service available to them. Many other applications providers similarly offer service only to iPhone and Android users. This dynamic has created a two-tiered wireless broadband ecosystem, in which iPhone and Android users are able to access far more content and applications than customers using devices running other operating systems. These are precisely the sort of discriminatory practices that neutrality advocates have criticized at the carrier level." Of course, as we pointed out at the time, Netflix isn't discriminating against anybody. If BlackBerry wasn't currently a train wreck and had a big enough market share to justify their time, Netflix would surely develop an app for BlackBerry users as well. As most of you know, net neutrality is about protecting the Internet from the bad behavior of companies that have built massive last-mile broadband monopolies courtesy of regulatory capture. In contrast, developers aren't making apps for BlackBerry simply because people aren't using BlackBerry's products. And while Google and Apple do dominate the smartphone market, the primary reason is because they offer a good product. That's in contrast to say, AT&T or Comcast, which offer a crap product because they have a government-protected monopoly over the last mile and have no incentive to improve. I have no idea from the bowels of which ISP think tank or telco meeting room this "app neutrality" talking point originated; Chen and BlackBerry's incoherent tirade dominates the search results for the term. But it's worth noting that Mark Cuban actually argued a very similar point two days earlier, but, fortunately for Cuban, the media was too busy mocking BlackBerry to notice. Here's a snippet of Cuban's insight on the issue of app neutrality: "There are basically 2 doors that control the availability of apps to the vast majority of smart phones in this country. They are owned and controlled by 2 of the largest tech companies in the world, Apple and Google. If you want your app to reach any type of audience (yes there are other app platforms supporting phones on the margin, but they are tiny by comparison), you have to make Google and Apple happy." Again, this ignores that Apple and Google have come to dominate the smartphone market because they make a kickass product. Not to say either of those companies doesn't engage in anti-competitive behavior, and I don't think anybody would argue Apple's app approval process isn't bizarre. But that has nothing to do with net neutrality, and Apple and Google are a far, far cry from government-pampered duopolists like AT&T and Comcast. Still, Cuban proceeds to insist that net neutrality rules need to ensure Apple and Google play nice too: "The mobile app economy is far from open. It’s dominated by two companies. It is in the best interest of the entire mobile eco-system to address this duopoly while we are re-examining net neutrality. We should seriously consider requiring Apple to to allow and support 3rd party app stores and to require that Google continues to support and enable 3rd party stores and more importantly to integrate them into the Play Store, much as Amazon does with Marketplace integration." Cuban is again showing he doesn't quite understand how the broadband industry works or what net neutrality actually is. Consumers actually do have a choice of what kind of smartphone to buy or what apps to install. While there are some smartphone freedom constraints (usually imposed by the aforementioned carriers, mind you), users still can buy a Windows phone, or a BlackBerry phone, or some offshoot hackable Android ROM that provides greater application freedom and allows them to install whatever unsigned applications they'd like. They can also access something called the Internet for even greater freedom. That's in contrast to a Comcast customer who, if they want decent broadband, usually doesn't have any other choice. The two discussions are nothing alike, and I don't think that's a particularly complicated point to understand. Still, like "search neutrality" before it, somebody somewhere pretty clearly hopes that the idea of "app neutrality" will shift people's attention away from what the net neutrality conversation is actually about: highly-tactical telecom carrier abuse of an uncompetitive broadband market. Fred Campbell of the Center for Boundless Innovation in Technology (a policy group dedicated to "liberate the ingenuity and creative spirit of America’s high-tech entrepreneurs and enterprises through market-oriented government policies") also rushed to the "app neutrality" argument when the group recently suffered a small stroke over the FCC's Title II plans: "Chairman Wheeler’s description of his plan in Wired is disingenuous. His proposal will not ‘ensure the rights of innovators to introduce new products without asking anyone’s permission.’ Some of the biggest gatekeepers on the mobile Internet today are using their power over mobile operating systems to deny access to application developers, yet these behemoths are exempted from the FCC proposal. The fact is, application developers will still have to ask someone for permission before they can access the mobile Internet. The Chairman’s plan is also discriminatory. He is proposing to apply privacy limitations on Internet service providers through ‘Section 222′ while exempting Internet ‘edge’ companies whose fundamental business model is to profit from collecting and selling personal information about consumers. The Chairman’s discriminatory decision to exempt the Internet’s biggest data collectors from this privacy provision appears designed to protect the Administration’s political allies in Silicon Valley, not consumer privacy." You see, Google, Apple and Netflix's domination of the smartphone and streaming video market is bad, even though consumers still actually have an organic market choice when it comes to those services. AT&T, Comcast and Verizon's stranglehold on the broadband market is to be ignored -- even praised -- because, uh, well, I'm not sure. You'd think those endlessly espousing the value of "free markets" would find the latter situation equally untenable, since it often involves companies literally writing state telecom law to further insulate government-protected duopolies from said market freedom. Unless of course it's not really about loving free markets or meaningful personal values at all, and it's really just about offering any old flimsy, inconsistent argument to help carriers protect the revenues received from uncompetitive (and certainly not free) markets?Permalink | Comments | Email This Story

Read More...
posted 7 days ago on techdirt
The DOJ wants to amend Rule 41 (Search and Seizure) to grant its agencies unilateral powers to hack any computer in the world. This would expand its reach beyond the US, using warrants granted by magistrate judges to facilitate searches and seizures of remote data. This would obviously open up a whole diplomatic can of worms, what with the FBI hacking into computers whose locations it can't ascertain until after the fact. Not that the DOJ is bothered by the implications of the amendment it's pushing. It argues that the law already has determined searches in known jurisdictions legal. What's left to be established is whether it's similarly legal to search computers whose true location is unknown, thanks to the use of proxies and VPNs. That operating extraterritorially might cause some diplomatic strain or possibly even be illegal in the country the search takes place doesn't seem to have crossed its mind. In its opinion, this is the natural progression of Rule 41, which must be updated to reflect the change in technology. Google has fired back at the DOJ in its comments on the proposed wording change, pointing out not only the damage it could cause to international relationships, but also its further dismantling of Fourth Amendment protections. Although the proposed amendment disclaims association with any constitutional questions, it invariably expands the scope of law enforcement searches, weakens the Fourth Amendment's particularity and notice requirements, opens the door to potentially unreasonable searches and seizures, and expands the practice of covert entry warrants. Google then suggests that if the DOJ wishes to keep stripping away these protections, it should have the decency to do it the way it's usually been done: through acts of Congress. The substantive changes offered by the proposed amendment, if they are to occur, should be the work of congressional lawmaking. Such was the case with a slew of legislation providing law enforcement with the ability to use technological means to conduct invasive searches on targets, including the Foreign Intelligence Surveillance Act, which provides law enforcement with the ability to legally surveil and collect foreign intelligence information; Title III of the Omnibus Crime Control and Safe Streets Act of 1968, which provides law enforcement with the ability to legally intercept wire, oral, and electronic communications; the Stored Communications Act, which provides law enforcement with the ability to legally access electronically stored communications; and the Pen Registers and Trap and Trace Act and USA PATRIOT Act, both of which provide law enforcement with the ability to legally intercept real-time telephony metadata. In passing this legislation, Congress was able to openly debate and weigh the various constitutional issues at play. This would seem to be the least the DOJ can do, rather than trying to sidestep the process it forces American citizens to use. "I empathize that it is very hard to get a legislative change," Amie Stepanovich, senior policy counsel with Access, a digital-freedom group, told the judicial panel during a meeting called to review the proposal in November. "However, when you have us resorting to Congress to get increased privacy protections, we would also like to see the government turn to Congress to get increased surveillance authority." Google also warns that the non-specific wording of the proposal lends itself to all sorts of shady tactics. There are a myriad of serious concerns accompanying the government's use of NITs [Network Investigative Techniques]. These are outlined in detail in other comments submitted to the Committee and include, among other things, the creation of vulnerabilities in the target device thereby increasing the target's risk of exposure to compromise by other parties, actual damage to the target device, the creation of a market for zero-day exploits, and unintended targets' exposure to malware. Additionally, the remote facilities accessed by the government may in fact identify and disclose the 'hack' or take action to prevent it or retaliate against its use. These are serious concerns that are more appropriately considered and balanced by Congress than by the Committee. Again, with the exception of the eventuality listed last, these are side effects the DOJ couldn't care less about. Collateral damage is almost always acceptable, and at this point -- considering what we've learned about the tactics deployed by the NSA and other intelligence agencies -- making things worse and less safe for the world's citizens is just another essential part of fighting Wars on Things. The DOJ seems to view its proposal as a necessity in the race against technological advance, rather than a dangerous expansion of power that could result in some very negative repercussions. Unfortunately, the nation's prosecutors and magistrate judges seem to be very much aligned with the DOJ. Both refer to the Rule 41 change as "filling a significant gap" in existing law. But it does far more than that. The DOJ argues it's just a needed tweak, but it gives its agencies unprecedented extraterritorial powers and encourages these investigators to view anonymous connections as inherently suspicious. Permalink | Comments | Email This Story

Read More...
posted 8 days ago on techdirt
This week, when the president was asked directly about his thoughts on encryption and law enforcement, he gave what was overall a very well-measured response about the need to acknowledge the tradeoff between safety and privacy, regardless of which side you ultimately conclude to embrace. It was a great answer in theory, but it was missing a critical point from the reality of the situation, and That One Guy wins most insightful comment of the week for pointing that out: You made your bed, now sleep in it This is something that even children can understand, the idea that if you cannot show responsibility with your toys, you'll have them taken away, and yet it seems to completely escape the government and law enforcement. They've had their chance, to act in a reasonable fashion, to show that they can be trusted, and they have utterly failed. If people and companies are moving towards phones that are encrypted by default and require the owner to personally unlock them, it's because law enforcement has proven that they cannot be trusted to follow the laws that prohibit them from 'browsing' on a whim or hunch. If society and the companies in it are pushing for more encryption, and more secure forms of communication, it's because those like the NSA have shown absolutely no restraint in scooping up everything they can get their hands on, just in case it might prove useful at some point down the road. The government, and the police, have shown that they cannot be trusted, and the public is reacting accordingly. It would be nice if those in the government and police forces were willing and able to admit this, but given that would require them to first admit that they've done something wrong, I'll not hold my breath while waiting for it to happen. Case in point: this week we also discovered that the NSA has the ability to hide spyware deep inside hard drives and swipe the encryption keys for SIM cards. One commenter asked why they weren't in jail, and jupiterkansas went on to wonder (and win second most insightful comment of the week) what all this accomplished anyway: Or a related question, since they pretty much have unrestricted access to everything, why is there still terrorism in the world? Of course, not all hardware is compromised by the NSA — sometimes it's compromised by the manufacturer itself, as is the case with Lenovo's Superfish malware and associate HTTPS hack. Lenovo CTO Peter Hortensius seemed to think that he could handwave this massive blunder because the threats were, in his mind, "theoretical", and both our editor's choice comments for insightful this week come in response to that notion. First up, an anonymous commenter pointed out what an inane statement that is: ALL threats are theoretical; otherwise, they're called attacks. But before that, John Fenderson explained why this kind of reaction is worse than the initial mistake: Including Superfish and the bogus certificate was a terrible thing to do in the first place, but what convinced me to never buy another Lenovo machine in the future was this exact response by them. It indicates either an insane level of incompetence or a deliberate effort to deceive everyone. Either way, that's enough to put them on my "never do business with" list. There's a reason I chose that first Lenovo comment — it's an interesting juxtaposition with our funniest comment of the week. The first one made the point in perhaps the most succinct and direct way possible — but there's something to be said for Just Another Anonymous Troll's approach of making it in the most amusing and indirect way possible: "Yes, there's a big honking hole in my castle wall, but no enemy troops have stormed in through it so any concerns about it are all theoretical." -King Peter Hortensius the First (and last) For second place on the funny side, we head to an already-pretty-funny trademark dispute between three companies with logos that are more or less just plain 'W's. Sorrykb might have inadvertently given the lawyers some ideas: "Today's episode of Sesame Street was brought to you by the letter [removed due to trademark claim]..." For editor's choice on the funny side, we turn our attentions to AT&T, which had a more creative approach to spying on people: offering lower broadband prices for users who opt in to be spied on. Rich Kulawiec had an idea: A solution suggests itself 1. Sign up for AT&T's surveillance package. 2. Set up VPN for all "real" traffic. 3. On a spare system that's connected 24x7 and not connected through the VPN, run a Perl script that issues intermittent search queries comprised of terms found on 4chan forums, Twilight fanfic sites, YouPorn, and whatever site is the main one for Bronies. Oh, and Frank Zappa lyrics. 4. Smile while contemplating how confused the marketroids staring at the data analytics are going to be. Finally, we've got one of the funniest things that happened this week. Plfer, the service that promises to find copyright-infringing text online and calculate damages for you, is a groaner for dozens of reasons, not the least of which is its apparent distaste for fair use. That especially, as pointed out by That One Guy, is compounded by the fact that its hypocritical practice of using (and attacking) Techdirt quotations on the site is a classic case of commercial fair use: Well, this is awkward... ...it is difficult to argue any part of the internet is truly "non-commercial" and so the application of the "fair use" defence would seem to remain limited. So fair use should be severely limited apparently. Boy, that sure does make this bit rather awkward... For instance, Mike Masnick at TechDirt says: "People copy stuff all the time, because it's a natural and normal thing to do. People make copies because it's convenient and it serves a purpose -- and quite often they know that doing so causes no harm in those situations." He's using someone else's quote to promote his own service, which according his own argument, would almost certainly count as commercial use, and therefor fair use wouldn't apply. ... I wonder just how much his service would qualify his use of someone else's work, and the 'harm' it caused? Perhaps a couple hundred thousand or so, depending on how long his post has been up? That's all for this week, folks! Permalink | Comments | Email This Story

Read More...
posted 9 days ago on techdirt
Five Years Ago In the past five years, we've been convinced that Title II is a necessary step in the right direction for net neutrality — but back in 2010, we still holding out hope that the problem could be solved purely with competition. Nonetheless, we could already see the utter ridiculousness of most anti-regulation arguments and the bad behaviour of ISPs, from warning about the death of iPhones to blocking broadband stimulus efforts or favoring marketing lawsuits over service improvement. And we weren't convinced when the FCC chair said that Google Fiber represents enough viable competition. These were also the early days of the New York Times paywall, when folks were still debating its fundamental structure and studying the question of how willing people are to pay for content online. Meanwhile the Times itself, like many other publishers, was attempting to sell people an expensive iPad edition (despite the obvious fact that pretty much all the same things can be done on the web). To some, the future of journalism was more about curation, or maybe even pay-what-you-want. The USTR's infamous Special 301 report came out this week in 2010, and for the first time included an open comment system which we promptly utilized. It was nice and all, but it's really time to scrap the program altogether. And if you want to talk about copyright, maybe look at Public Knowledge's sensible ideas for reform. Ten Years Ago The future of digital journalism was even less clear this week in 2005. Some newspapers thought the best approach was to keep lots of content offline. The New York Times, for its part, bought About.com (since sold to Barry Diller's IAC). Of course, iPad editions weren't exactly an issue yet — at this time, analysts were still arguing about the distinction between PDAs and smartphones. That didn't stop lots of companies from pushing mobile TV, though, and while we still weren't sure how big of a draw it that would really be, we were happy to see Showtime start experimenting with straightforward online streaming. This was the year that SHA-1 encryption was broken. Unfortunately, a decade later it's still in widespread use — though most companies are on track to deprecate it by 2017. Also in 2005: some states were rejecting red light cameras while others were demonstrating their problems, an Italian DJ was fined over a million euros for his MP3 collection, a tattoo artist sued the NBA for showing his artwork, manufacturers were starting to make ultra-cheap phones for developing nations while companies at home were jumping on the gadget giveaway bandwagon, and we were catching on to the practice of UK libel tourism. Fifteen Years Ago Ah, 2000 — the not-exactly-dawn of the new millennium, and a time of much philosophizing and prophesying about technology. The New York Times (popular this week) realized we were stuck with the internet for better or worse; Forbes opined on the parallels between the internet and railroads; Salon debunked the idea that the internet makes us lonely; and everyone was trying to have their say about the wireless future. Some people were tackling more immediate, practical questions: does internet sex count as prostitution? Should married couples share an email address? Are online customers less loyal? And, critically, should Jeeves answer questions about sex? Oh, and there was one very notable release this week in 2000: the original version of The Sims. Sixty-Nine & Thirty-Seven Years Ago We've got two milestones in the history of the internet and computing this week. First, on February 15th, 1946, the ENIAC was formally dedicated. It was the world's first general-purpose electronic computer, containing 17,468 vacuum tubes, 7,200 crystal diodes, 1,500 relays, 70,000 resistors, 10,000 capacitors and around 5 million hand-soldered joints according to Wikipedia. Next, just a few decades later, after a snowstorm gave them few options other than cabin fever or feverish engineering, two Chicago men launched CBBS, the world's first bulletin board system on February 16th, 1978. Permalink | Comments | Email This Story

Read More...
posted 9 days ago on techdirt
For this week's awesome stuff, we're talking all about monitors, projectors and display technology. Beam My first thought about Beam — a compact projector that plugs into any light socket and is controlled by your smartphone — was that it's a great idea. My second thought was that it can't possibly be bright enough. But, refreshingly, the video and pictures of the device in action don't make any attempt to deceive on this front: the projections are shown to be rather dim, but still visible, which is the best you could expect from 100 lumens. It's limiting, but it doesn't make it useless, and in the right circumstances for the right applications, Beam could be a very cool solution. Displio In a world of rapid device convergence, there's still something very attractive about the idea of dedicated single-purpose units like Displio: a small, configurable wi-fi display that can monitor anything from the weather to an eBay auction. Sure, you could get a smartphone widget or a desktop screensaver to do that job, but would it really feel the same? Some people already do this, at a high cost — I recently visited an office where every conference room was managed by a separate wall-mounted iPad with the sole purpose of scheduling meetings. The Displio looks like it can do that job for $100 a pop. ScreenStick This one's not a display, but a display accessory. The rise of mobile gaming has brought with it a revolutionary wave of innovative game design tailored for touch screens, but it's also brought a slew of games that struggle to force traditional control schemes onto these radically different devices. The most common and frustrating of these is the simulated on-screen joystick, which never feels natural and puts a huge cognitive barrier between the player and total immersion. The ScreenStick is not the first attempt to solve that problem by attaching a true joystick right to your touchscreen, but it is one of the nicest designs and best prices I've seen, perhaps capable of becoming a mainstream accessory among the mobile gamers of the world. Permalink | Comments | Email This Story

Read More...
posted 9 days ago on techdirt
We've made the argument for some time that a good modding community and culture is a boon for games and game creators. Far from the dangerous infringement on the original works that some seem to think, a prolific modding community can lengthen the shelf life of a game, improve it for customers of the original work, and even allow the original work to spiral off into unforseen directions, all of which only serve to increase the game's playability, replayability, and fun factor, making it all the more attractive for purchase. (An aside: many people think that modding as an element that can be included in business model considerations is unique to gaming. It isn't. Remixing, after all, is modding in another form, as are fan-edits to movies/television shows, or fan-made creations in existing universes. All of these are modding in a fashion simliar to how it works for gaming, so don't let anyone tell you that gaming is unique this way.) All that being said, it's fun for gaming enthusiasts like myself to watch a decades old game being yanked into modernity through the modding community. An obvious example of this is the original Doom games, still relevant enough to warrant the modding community developing a way for players to take "selfies" in-game. After almost 22 years Doom is finally finished thanks mod-maker Linguica's "InstaDoom", which adds 37 InstaGram filters to the game and swaps out the fabled BFG with a selfie stick. Available as a free download over at Doom World, "InstaDoom" gives players of the classic shooter a chance to take the battle to the next level by applying filters like "Ashby", Lo-Fi" and "Valencia". This, of course, is simply the latest mod coming out for a game that has one of the most insane mod-rosters of any in the history of gaming. The whole modding of the game original took off in no small part because Doom was an incredibly well-made game, but the continued modding of the game by the loyal fan community is what propelled the game far beyond being relevant to gaming, to instead being relevant to culture as a whole. The very idea that a game made over two decades ago, long before smartphones existed and any of us had to put up with the term "selfie," has been dragged into relevance with cultural motifs tossed in for effect by a modding community still going strong shows the power of a passionate fan base. With the success of Doom still on display, and sequels continuing to ride on the early success of a franchise still enjoying relevance in its oldest parts, why would anyone want to kneecap the modding community?Permalink | Comments | Email This Story

Read More...
posted 9 days ago on techdirt
We've had a bunch of posts today (and yesterday) about the "Superfish" debacle, with a few of them focusing on Lenovo failing to recognize what a problem it was -- first denying any serious security problem, and then calling it "theoretical." It appears that Lenovo has now realized it totally screwed up and is finally saying so. Speaking to Re/code, CTO Peter Hortensius has changed his tune from the "theoretical" problem he discussed earlier: “We messed up,” CTO Peter Hortensius told Re/code. The company now confirms that the way Superfish operates could leave machines vulnerable to a “man-in-the-middle,” or MITM, attack, in which an attacker mimics both sides of a conversation to actively eavesdrop on each one. [....] The company has an engineering review that made sure the tool itself didn’t store customer information and had a mechanism for users to opt out, but Lenovo missed that the way the software behaved could create a situation that left machines vulnerable to an attack. “We should have known going in that that was the case,” Hortensius said. “We just flat-out missed it on this one, and did not appreciate the problem it was going to create.” He later admits that the company "deserves" to take a beating for missing that. The company has also promised to publicly announce a plan for how it will make sure this sort of thing doesn't happen again. While we called the company out for its initial terrible reaction, at least the company now seems to recognize the problems it caused and is owning up to it. It should have happened faster, but at least it's happening. Hopefully, the company is better off for it. Of course, the same can't be said for Superfish, who insisted yesterday that Lenovo would show that there was no security risk at all, and still seems to be standing by that ridiculously wrong statement.Permalink | Comments | Email This Story

Read More...
posted 9 days ago on techdirt
The hot sauce that has gotten insanely popular over the past few years is getting into everything. Several fast food chains -- Pizza Hut, Dominoes, Taco Bell, Subway, Jack In The Box, Panda Express, Wendy's -- have added Sriracha to their menu in some way. There's no trademark on Sriracha, so there's no legal friction to using the name/product. Maybe some products aren't using the real sauce, but it's still free advertising for the authentic Sriracha. (And do you really want to risk alienating the rabid fans of Sriracha just to save a few bucks using a knock-off hot sauce?) Rogue Sriracha Hot Stout Beer has a little bit of rooster sauce in it. Spicy beer isn't the only way to get drunk on Sriracha -- there's also Sriracha vodka (but that vodka doesn't actually use real Sriracha sauce). [url] Sriracha-flavored popcorn made with authentic rooster sauce is available. "Every kernel is infused with the most amazing condiment on the planet." [url] Sriracha has been in space -- consumed by astronauts on the International Space Station. Sure, Tabasco is also available in space, but a liquid sphere of Tabasco is probably a bit messier than Sriracha in microgravity. [url] If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
Let's play out a little thought experiment. Let's say that a corporation involved in the money business has a logo for themselves. Now, let's say that two separate trademark holders both claim that this company's logo is too similar to their own. However, let's also stipulate in this scenario that the two offended trademark holders, who both claim similarity concerns with the finance company's logo, aren't bothering to file against each other for trademark claims, even though both are intimately knowledgeable of the other. Now, just to really make all this as face-palming-ly silly as possible, let's consider that these are the three logos in question: Well, this isn't a thought experiment, it's actually happening, and it is maddeningly silly. The top left image is a registered logo for the Washington Nationals baseball team, the bottom left is the registered "W" flag the Chicago Cubs fly on the rare occassion they win anything, and the logo on the right is that of Evolution Finance's website, WalletHub, through which users can compare credit card prices and get financial advice. So what's the problem, you ask? Evolution Finance has been locked in a trademark dispute with lawyers representing the Washington Nationals and Chicago Cubs for two years after Major League Baseball, on behalf of the teams, opposed their attempt to trademark the white-and-green logo. The league asserts that the WalletHub logo bears a strong resemblance to Ws trademarked by the two teams, and that granting Evolution Finance rights to use the mark without restrictions could create confusion for customers and complications for both businesses. So many issues here, one struggles to know where to begin. Let's start with the fact that Evolution Finance is as much in the baseball business as it is in the puppy-murdering business, which is to say not at freaking all. "I came here to buy baseball tickets and I ended up transitioning my 401k into a personal Roth IRA on the basis of better returns in the bonds market" is a phrase that is nearly impossible to even have imagined, thus showing the extreme and dangerous power of dumb ass trademark claims. Add to it that half the problem appears to be that a trademark was granted on what barely amounts to more than a letter and we've already got issues with MLB's claims. But to really make this a head-scratcher, I'm trying to figure out why the two teams, who actually are in the same market, are being allowed to make this claim when they haven't bothered to go after each other over their respective marks. I mean, the obvious answer is that the league likely wants the two teams to play nice over the Ws each as trademarked, but that shouldn't make anyone more comfortable with a specious move attacking a company that isn't in their market. “It is common for trademark owners to sometimes overreach in protecting their marks,” said S. Lloyd Smith, an attorney at Buchanan, Ingersoll and Rooney who represents Evolution Finance. “They’re always concerned or cautious that if they don’t enforce their marks they might lose their rights. The real question is why does MLB care?” Smith said. “They don’t own the letter W. There’s lots of other Ws out there. They’re just plainly overreaching in this case.” Overreaching and fanning on a curve ball for strike three, more like it. Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
For a couple of years now, Chicago taxi companies have been making all kinds of noise in an attempt to keep Uber and other ridesharing services from disrupting the marketplace. The whole thing has been a fairly transparent case of a jealous legacy player in an industry not loving a disruptive newcomer. That said, there's precious little validity in a claim against a city or competitor that mostly amounts to: "But I really like all that money I was making." Not that such a lack of validity is keeping Chicago's taxi services from waving their arms around in an attempt to get attention. The most recent futile event was a staged mini-strike in Chicago's downtown area (actually, directly below my office), during which cabbies refused to pick up fares and instead drove around the loop honking their horns the entire time. Many cabbies drove through downtown for four hours Tuesday morning, refusing to pick up fares. Dozens of cabs drive in circles around City Hall and the Daley Center for more than an hour, honking their horns to draw attention. Many cabbies had posted protest signs in their windows, accusing Uber of stealing their customers. “It’s good music to my ears,” said cab driver Rocky Mmomo, a steering committee member of the United Taxidrivers Community Council. Mmomo said cabbies want the tax industry deregulated, so it can better compete with Uber and the other ride-sharing companies. A couple items to note here. First, don't be fooled by old Rocky's claim that they just want the cab companies to be deregulated so they can be on a level playing field with Uber drivers. What isn't mentioned here is the obvious problem with that line of thinking: Uber's service and livery services aren't really the same thing, so the same regulations don't apply. A full-time taxi driver employed by a taxi service that pays for the medallion and proper livery license is a far cry from an Uber driver who does a little people-shipping during his or her off hours. They're just not the same thing and pretending they are won't get anyone anywhere. And the city of Chicago, for its part, is licensing Uber based on what it actually is. On Monday, the city agreed to issue a “transportation network provider” license to Uber, after negotiations led to a promise from Uber to provide more stringent safety measures than required by the city’s ride-sharing ordinance. Uber competitors Lyft and Sidecar were granted similar licenses three months ago. Again, as you can see, Uber and ridesharing service providers aren't cab companies. Pretending they are doesn't make any sense. But that's what the legacy cab companies want. And you can tell that's all they want by their arguments for deregulation. “We’ll be sitting at a hotel for two, three hours; and all of a sudden you see three UberX cabs just came and picked up customers while we’re just sitting there. How is that fair? That’s not fair to a cab driver,” cab driver Mustafa Husein said. Forgive me, sir, but who the hell ever promised you fairness when it comes to competing in a changing business marketplace? The very nature of disruptive business models are to be "unfair" to the legacy models so as to build a more efficient product and happier customers. That's the entire point. I'm fairly certain nobody promised cabbies a living, after all. So honk away, guys. I'm sure Uber drivers are happy to pick up those fares you refuse. Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
As we've been noting, both Lenovo and Superfish have been bungling their way through the response to the fact that they introduced a massive security hole in the way that Superfish's adware/malware dealt with HTTPS protected sites (by using a self-signed root certificate that was incredibly easily hacked, allowing basically anyone to create a simple man in the middle attack). Lenovo has been going through the motions, first insisting there was no security concern, then arguing that the concerns were theoretical and then quietly deleting its statement about the lack of security problems with Superfish. It also posted some instructions on removing both the software and the root certificate, and promised to have an automated system soon. Superfish, on the other hand, has remained almost entirely silent. It gave some reporters bland statements insisting that there was no security risk, that it "stood by" Lenovo's statement, and insisted that Lenovo would come out with a statement that showed Superfish was not responsible for any of this mess. It also insisted that the company was fully "transparent" in how its software worked, but that's clearly not the case, because nowhere do they say "we create a massive man in the middle attack just so we can insert advertising images into your HTTPS surfing." At the time of writing this, Superfish appears to have nothing on its website about all of this. Its Twitter feed's last post, from yesterday mid-day simply says that Lenovo "will be releasing detailed information at 5 p.m. EST today." Except, it did not. That's about when it modified its original "nothing to see here" statement, with instructions on how to remove Superfish. It did not, as Superfish had previously told journalists, include a statement "with all of the specifics that clarify that there has been no wrongdoing on our end." In fact, it still looks very much like there was tremendous wrongdoing on the part of Superfish in the way it decided to implement its technologies. And that's not even getting into Superfish's sketchy history. In the end, while Lenovo and Superfish are flailing around, it was left to Microsoft to come in and clean up the mess, pushing out a Superfish Fix to its Windows Defender product: Microsoft just took a major step towards rooting out the Superfish bug, which exposed Lenovo users to man-in-the-middle attacks. Researchers are reporting that Windows Defender, Microsoft's onboard anti-virus software, is now actively removing the Superfish software that came pre-installed on many Lenovo computers. Additionally, Windows Defender will reset any SSL certificates that were circumvented by Superfish, restoring the system to proper working order. It's a crucial fix, as many security professionals had been struggling to find a reliable method for consistently and completely undoing the harmful effects of the bug. To make sure the fix takes effect, any Superfish-affected Windows users should update their version of Windows Defender within the program and scan as soon as possible. Perhaps it's not surprising that Superfish is struggling to figure out how to deal with this sudden attention as a smaller company, but Lenovo should have been on top of this issue much, much faster.Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
Lenovo keeps making things worse. First it installed crappy Superfish malware/adware on a bunch of its computers. That was bad enough. But the real problem was that in a clever little "hack" to get around the fact that the adware wouldn't work on HTTPS enabled pages, Superfish installed its own self-signed root certificate to basically create a massively dangerous man-in-the-middle attack to snoop on what you were doing on those HTTPS pages. Oh, and to make it even worse, the company made sure that everyone who had this Superfish self-signed root certificate had the exact same certificate with an easily cracked password, so that a massive and easily exploited vulnerability is in place in tons of machines out there. And Lenovo's first response was to insist there was no evidence of any security concerns. It later, quietly, deleted that statement, but still seems to be unwilling to admit what an incredibly dangerous situation it has created. In fact, the company is still in denial mode. Lenovo's CTO, Peter Hortensius, was interviewed by the WSJ, and he insisted that any threats were "theoretical." WSJ: There seems to be a disparity between what security researchers are saying about the potential dangers of this Superfish software, and what the company has said about this app not presenting a security risk. Hortensius: We’re not trying to get into an argument with the security guys. They’re dealing with theoretical concerns. We have no insight that anything nefarious has occurred. But we agree that this was not something we want to have on the system, and we realized we needed to do more. Fire your CTO, Lenovo. Fire your marketing people. Fire your security team. This is a disaster. In our first post, we compared it to the Sony rootkit fiasco from a decade ago, while noting the security risk here is much, much greater. And, so far, Lenovo appears to be playing straight from the Sony rootkit response playbook. If you don't recall, after security folks pointed out what a security disaster the rootkit was, Sony's response was to dismiss the concerns as... theoretical: "Most people, I think, don't even know what a rootkit is, so why should they care about it?" In both cases, these technologies opened up giant, massive vulnerabilities on people's computers. In both cases, they were easily exploitable (in the Lenovo case, much, much, much more easily exploitable in a much, much, much more nefarious way). And, in both cases, senior execs from the company tried to handwave it away because they don't know if anyone abused these problems. This ignores that (1) it's quite possible people have been abusing these vulnerabilities for months and it's just not public yet, and (2) more importantly, it doesn't fucking matter because the vulnerability is still there and easily exploitable by lots and lots of people now because it's widely known. Handwaving this off as a "theoretical" concern is not just missing the point -- it suggests a fundamental lack of understanding about rather basic security practices. As I mentioned earlier, I've been a very loyal Thinkpad buyer for years (though, thankfully, the machine I bought a couple months ago wasn't one infected this way). Every time I've dabbled with other laptops I've regretted it. But Lenovo's response to this is very quickly convincing me that the company should never get any more money from me. It's not just the initial screwup in preinstalling such a security mess, but the completely ridiculous response to it that suggests a company that still doesn't recognize what it has done.Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
Yet another person thinks there's money to be made (albeit indirectly) in the copyright trolling business. (h/t to the Cyberlaw and Policy Blog) Stephen Moignard lives a quiet life in the Coonawarra wine district in South Australia, tending his vineyard and small wine company, the Hundred of Comaum. He also beavers away until 4am most mornings writing software for a new business venture which he’s hoping will be a global winner in the internet age. It detects breaches of international copyright on millions of websites and produces almost instantaneous legal letters of demand. Moignard survived the turn-of-this-century dotcom bust. He used to have a successful company that installed high-speed internet connections in office buildings, but his fortunes crashed with many others in the early 2000s. Now, he's looking to make some money by using an algorithm to hunt down "substantially similar" text across multiple websites and serve demand letters to alleged copyright infringers. His new business is called Plfer, and its detection algorithm bears many similarities to commercial plagiarism detection software, albeit with a few tweaks that allow it to bypass web formatting and other obstacles that might throw off comparisons. Moignard designates "victims" as "Plferees" and those using words written by others as "Plferers." At the site, you can view scans requested by site visitors, along with some very sketchy math used to determine potential damages. (Bad news for those of you who block Java by default: nearly the entire site is Java, so you'll be greeted with nothing but a banner. Incredibly annoying, but presumably there to prevent people like me from copying and pasting Moignard's words and thus becoming one of those pesky "Plferers.") One such example of sketchy math and questionable algorithms involves perfume site Fragrantica and some short-lived Wordpress blog. Somehow, the use of Cartier-related words adds up to more than $600,000 in potential damages. [pdf link to printed report] The report contains a lot of cool-sounding "weights" and "scores," all of which are presumably part of Plfer's proprietary algorithm. Shallow scan: (stage one) Found with string: "Cartier gained notoriety in 1904 when Louis Cartier created the first wristwatch" on search page: 0 amongst total results of: 16 (weighted value: 1.6) with snippet: "Cartier gained notoriety in 1904 when Louis Cartier created the first wristwatch for aviator Alberto Santos-Dumont. This famous timepiece was known as the ..." Recorded on Plfer search page:fragrantica.com (in full:fragrantica.com/designers/Cartier.html) This string was number: 16 on the page. It has an improbability weighting of: 520. The infringement has a duration of: 708 days. The Plfer score is:-1741. The Plfer score is explained on the "Getting Started" page: The complexity of the string of text, the time between the earliest and later dates and the total number of copies in existence can be used to create a score (plfer score)(10). The lower the number (or the larger the negative number) the more serious the breach. After a deep scan, the plfer score is updated with many more known factors. A shallow scan plfer score should not be solely relied upon to issue infringement notices. Using both of these, Plfer arrives at this conclusion: The plferer earned 1164 points which is greater than the score required to amount to an 'actionable infringement' . The last sentence makes no sense, but there it is. "Actionable infringement" doesn't need a score. Either it's infringement or it isn't, and much of what gets highlighted by Plfer's "Deep Scan" seems to be nothing but language that would be common to two sites covering the same subject matter. Here's a screenshot from one Plfer report on two SEO/web design companies' websites. "Substantially similar" phrases include "understanding... signals algorithmically" and "reach your audience." For the two sites noted above, the "substantially similar" wording contains phrases that would be common across all Cartier biographical information. ("Cartier gained notoriety in 1904 when Louis Cartier created the first wristwatch…") Finding matching phrases and keywords across two marketing sites and claiming it's copyright infringement is a bit like looking over the resume of someone applying for the same position as you and claiming the similar buzzwords and job descriptions are due to your competitor reading over your shoulder. Now, we get to the really fun stuff: potential damages. These numbers are key to Plfer's success. Plfer charges very minimal fees. "Deep Scans" and "Shallow Scans" run $1/per plus $0.85 in fees. There will presumably be small fees for demand letters and other forms, but the site is still in beta and no pricing is available. Plfer, notably, does not want a cut of recovered damages, which doesn't make it so much a copyright troll as a copyright troll facilitator. From Moignard's advertorial PDF "2015 - the end of copyright?" Plfer differs from other online copyright service providers in that it takes no pecuniary interest in any of the copyright infringements it uncovers. It does not become a party to any of the cases it reveals but merely assists to provide evidence, pro-forma documents and "wizards" for users and their advisors. Plfer may not partake of any damages recovered, but it still needs to sell its services. And when a scan returns an amount in the low hundreds, it still looks like a bargain because the infringed party only spent a few bucks in return for this "evidence" of "actionable infringement." (The PDF quoted above also hints at Plfer entering into mutually-beneficial contracts with IP-oriented law firms, but there appears to be nothing in place at the moment.) In the case of Fragrantica, the potential damages are huge. Here's the "math" behind the massive number. The total value of fragrantica is $ 2,389,600 according to Alexa.com and WorthOfWeb.com. We have calculated the plferee's actual losses as follows: Our daily advertising income is valued at a minimum of $3314. The proportion of our site contained in parentalstyle.wordpress.com is 5.51%, giving a proportionate advertising revenue loss of $182.60 per day. The value of this loss over 708 days is therefore $129280.8 USD. Applying a penalty multiplier of 5 times gives a total fair and just actual damages amount of $646,404.00 USD. A standard fee for enforcing an infringement of this nature and degree is $1,998.00 USD. The total amount payable is therefore $1,998.00 + $646,404.00 = $648,402.00 USD. Plferer Alexa ranking: 15,105,799 Plferer value: 64 Plferee Alexa ranking: 8,185 Plferee value: 2389600 Duration (years): + 1.94 Penalty: + 646404.00 Fee: + 1998.00 Total: + 648,402.00 That's some, um, interesting math, especially when the "plifering" site ranks 14 million places lower than the "victim" and would probably never surface in a search for Cartier products -- which would seem to make it more difficult to claim damages. Sure, Fragrantica could pursue this payout and present Plfer's proprietary Alexa math to a judge, but the numbers cited here as mathematically sound are actually beyond the point of speculative. Going beyond the sketchy math, there's the reality of the situation. Has anyone ever made money going after "scrapers," who "republish" posts of others in their entirety and whose sites contain 100% infringing material? Of course not. Smaller infringements like these -- which are closer to plagiarism than copyright infringement -- won't be moneymakers either. Plfer might have limited success selling $1 scans to the curious and litigiously stupid, but it's not going to change the face of copyright enforcement, much less supplant Moignard's vineyard as his primary moneymaker. So, why is Moignard doing this? Well, according to his own statements, it appears to be some sort of crusade against the internet's "devaluing" of copyright-protected content. In the FAQ, under the heading "Is copyright evil?," Moignard first points out that copyright isn't a moral right... [C]opyright, like all intellectual property rights, is an incentive device, designed to elicit more of certain kinds of 'learning' or knowledge creation and certain kinds of knowledge processing by government, rather than being any fundamental sort of moral right... ... before going on to make this a moral issue by quoting two supposed copyright opponents (at least one of which will be very familiar to Techdirt readers)... For instance, Mike Masnick at TechDirt says: "People copy stuff all the time, because it's a natural and normal thing to do. People make copies because it's convenient and it serves a purpose -- and quite often they know that doing so causes no harm in those situations." There are a raft of similar postings by annonymous file-sharing fans such as Enigmax [TorrentFreak], who argues that all information should be free and authors should not receive anything. ... and summing it up by claiming the high ground. Plfer stands in total opposition to the Enigmaxs and Mike Masnick's of this world, and can prove that the technology that makes copying easy also makes prosecuting infringers just as easy. He also presents the copyright industry's attitude towards technological advancement in a far better light than it deserves, while simultaneously portraying innovation as an "attack" on rightholders. (From the "End of copyright" PDF.) Digital 'internet' transmissions have obviously increased the risk that copyrighted works will be 'reproduced' and 'distributed' in violation of the exclusive rights granted to copyright owners. Copyright law, however, has withstood attacks from other developing media. Specifically, copyright has coped with the invention of broadcast media, copy machines, and the video cassette recorder, and technology is assisting copyright law to step up again today. Yeah, if by "coped" you mean "pushed for favorable legislation" and "sued endlessly." That's not coping. That's finally relenting to the inevitable because you've exhausted all your options. Plfer is positioning itself as a "volume" business, making money from quantity rather than quality. Its developers’ are assuming that the sheer volume of infringements will enable it to generate significant income despite offering these services at a fraction of the cost of equivalent legal advice. This puts it in the same group as copyright trolls like Malibu Media and Prenda Law, even if it doesn't directly benefit from settlements and awarded damages. What it hopes to do is become the starting point for aspiring copyright trolls, using questionable algorithms and damage assessments. It even wants to further limit fair use protections -- again, by using some questionable rationalizations. With the increasingly commercial nature of all aspects of the public internet and the "monetisation" of site traffic via ubiquitous advertising services such as Google™ AdSense™ and other variants, it is difficult to argue any part of the internet is truly "non-commercial" and so the application of the "fair use" defence would seem to remain limited. Fair use isn't limited to non-commercial enterprises. This misconception refuses to die, and self-proclaimed copyright enforcers like Plfer are doing their best -- either out of spite or ignorance -- to keep it alive. You can make money and still avail yourself of the fair use defense. Plfer is a mess. Moignard may be ambitious, but his "solution" to small-time infringement will either become another also-ran or the tool of copyright trolls. There's nothing here that doesn't point to either of these two outcomes.Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
While the government and industry pay a lot of lip service toward expanding broadband availability and competition, we've noted how giant phone companies like AT&T and Verizon are actually backing away from unwanted DSL markets. Through a combination of apathy (failing to repair the lines timely) and price hikes for services that cost less than ever to offer, the telcos are actively driving DSL users to either cable competitors or wireless (or both, since cable operators now help sell Verizon wireless services). Fixed-line broadband is perfectly profitable, it's just not profitable enough quickly enough for telco investors. As a result, these companies are shifting their attention to significantly-more-expensive wireless services with caps and overages, and pretending this is just as good as an uncapped, less expensive DSL line. The result? A huge swath of the country where the cable broadband monopoly is going to be more potent than ever, resulting in worse customer service (if that's even possible) and higher prices than ever before. Of course, AT&T and Verizon can't just come forth and say that they no longer care about huge swaths of the country, so as they go state to state trying to gut all regulations requiring they continue to offer fixed-line services, they're claiming that if state legislatures do their bidding, the states will somehow be awash with amazing new technologies. AT&T calls this the "IP transition," and has been successful in conflating a general shift toward wireless and IP networks with the company's refusal to upgrade fixed-line assets. Both companies have even gone so far as to have folks like Steve Forbes issue editorials proclaiming DSL lines are dead -- news to those for whom that's their only reliable connectivity option. Verizon has also used natural disasters as justification for refusing to repair or upgrade customers, with some victims of Hurricane Sandy on the East Coast still waiting for their DSL lines to get repaired. Most recently, Verizon tried to claim that the reason it just sold its unwanted fixed-line assets in Florida, Texas and California was because of regulators' positions on net neutrality. It's of course not just rural regions that are impacted by this shift: Baltimore's one of several cities (like Boston, Alexandria and Buffalo) that didn't get chosen for Verizon's now-dead FiOS expansion plans. With Verizon not willing to spend the money for further FiOS expansion, the company needed something to tell locals that not only aren't seeing upgrades, but in some cases are now waiting months for repairs. This month's excuse? Parts are just too hard to find: "It's not just the wires that are going bad, it's the switches," said Sherry Lichtenberg, the principal researcher for telecommunications at the Washington-based National Regulatory Research Institute. "It's really hard to find parts." AT&T officials have said the company sometimes has to scrounge on eBay for parts." Yes that's AT&T, a company that saw $132.4 billion in revenues last year, claiming that it has to head to eBay to upgrade its networks. Of course, parts aren't hard to find when you replace those older parts -- like in more upscale development communities where AT&T is slowly starting to offer very limited 1 Gbps fiber deployments (deployments, it should be noted, that AT&T also claims it paused over net neutrality). Parts also aren't hard to find when you're offering wireless LTE services with $15 per gigabyte overages. Parts are, apparently, only hard to find in areas you're intentionally abandoning -- but don't want to admit you're intentionally abandoning. On one hand, you can understand that Verizon and AT&T are simply heading where the real money is. The problem is that after refusing to upgrade many markets, the telcos have lobbied for laws prohibiting these same towns and cities from upgrading themselves (or in some cases engaging in public/private partnerships). When the FCC recently (and quite belatedly) announced they'd be trying to eliminate the most contentious parts of these protectionist laws, the broadband industry threatened to sue. As such, the telecom industry has created a giant painful ouroboros of intentional dysfunction, one that only begins to unravel when we stop letting AT&T, Comcast and Verizon write state telecom law.Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
A couple of weeks ago, we reported on a small but important defeat for the UK government when the Investigatory Powers Tribunal (IPT) ruled that intelligence sharing between the NSA and GCHQ was unlawful. Now, in a sign that the cracks in the UK's impenetrable silence on its surveillance activities are beginning to spread, the Guardian reports on the following surprising development: The regime under which UK intelligence agencies, including MI5 and MI6, have been monitoring conversations between lawyers and their clients for the past five years is unlawful, the British government has admitted. Here's why the UK government has suddenly started owning up to these misdeeds: The admission that the regime surrounding state snooping on legally privileged communications has also failed to comply with the European convention on human rights comes in advance of a legal challenge, to be heard early next month, in which the security services are alleged to have unlawfully intercepted conversations between lawyers and their clients to provide the government with an advantage in court. Remarkably, the confession has brought with it an unprecedented explanatory statement: "In view of recent IPT judgments, we acknowledge that the policies adopted since [January] 2010 have not fully met the requirements of the ECHR, specifically article 8 (right to privacy). This includes a requirement that safeguards are made sufficiently public. "It does not mean that there was any deliberate wrongdoing on their part of the security and intelligence agencies, which have always taken their obligations to protect legally privileged material extremely seriously. Nor does it mean that any of the agencies' activities have prejudiced or in any way resulted in an abuse of process in any civil or criminal proceedings." This surprise admission shows once again the value of taking legal action against government surveillance, even when the odds of succeeding seem slim. Twice now the UK has revealed details purely as a result of challenges. Perhaps even more importantly, twice now the UK government's standard response to leaks -- that it wouldn't confirm or deny anything, but the British public could rest assured that whatever may have happened was completely legal -- has been shown to be false. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
According to his online biography, Vint Cerf is: Vice president and Chief Internet Evangelist for Google. He is responsible for identifying new enabling technologies and applications on the Internet and other platforms for the company. That suggests someone whose main job is to look forward, rather than back, and with a certain optimism too. But an article in the Guardian reports on a speech he gave in which he is not only concerned with the past of online technologies, rather than their future, but is also issuing an important warning about their fatal flaws: Humanity's first steps into the digital world could be lost to future historians, Vint Cerf told the American Association for the Advancement of Science's annual meeting in San Jose, California, warning that we faced a "forgotten generation, or even a forgotten century" through what he called "bit rot", where old computer files become useless junk. Of course, he's not the first person to raise that issue -- Techdirt wrote about this recently -- but Cerf's important contributions to the creation of the Internet, and his current role at Google, lend particular weight to his warning. That said, the Guardian article seems to miss the central reason all this is happening. It's not that it's really hard to create emulators to run old programs or open old files. The real issue is tucked away right at the end of the article, which quotes Cerf as saying: "the rights of preservation might need to be incorporated into our thinking about things like copyright and patents and licensing. We're talking about preserving them for hundreds to thousands of years," said Cerf. The main obstacles to creating software that can run old programs, read old file formats, or preserve old webpages, are patents and copyright. Patents stop people creating emulators, because clean-room implementations that avoid legal problems are just too difficult and expensive to carry out for academic archives to contemplate. At least patents expire relatively quickly, freeing up obsolete technology for reimplementation. Copyright, by contrast, keeps getting extended around the world, which means that libraries would probably be unwilling to make backup copies of digital artefacts unless the law was quite clear that they could -- and in many countries, it isn't. Once again, we see that far from promoting and preserving culture, intellectual monopolies like patents and copyright represent massive impediments that may, as Cerf warns, result in vast swathes of our digital culture simply being lost forever. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
Anheuser-Busch is no stranger when it comes to silly little intellectual property conflicts. Sometimes the perp, sometimes the victim, the insanely large beer-maker often finds itself deviating from the business of making beer and instead landing in the courtroom. The company's latest foray centered around a perceived large threat from a tiny little brewery called Natty Greene Brewing. Last summer, Anheuser-Busch filed opposition to Natty Greene’s application to trademark “Natty Greene.” The company said it has been using the “Natty” name in connection with its line of beers since at least 1998 and that it has trademarks for “Natty Light” and “Fatty Natty” — also known as Natural Light beer — as well as its Natty Daddy brand. The company felt that the Natty Greene’s trademark would cause confusion among consumers. Natty Greene is a small micro-brewery with a couple of locations out of North Carolina and they make craft beer. Anheuser-Busch is a macro-brewery if ever there was one and Natural Light is what college kids drink because it costs roughly the same as a thimble of sand in the Arabian Desert. The chance of someone attending a tasting at a Natty Greene location and somehow thinking the whole thing was coordinated by the same people who make Budweiser, Beck's and Natural Light is effectively null. And, in a rare sign that sense still exists in this crazy, crazy world, apparently the folks over at A-B agree. Anheuser-Busch late last week agreed to drop its opposition to the trademark application Natty Greene’s Pub and Brewing Co. is pursuing. David Sar, an attorney with the Greensboro law firm of Brooks, Pierce, McLendon, Humphrey & Leonard who handled the matter for Natty Greene’s, said Anheuser-Busch filed its withdrawal on Friday. Sar said it was withdrawn with “prejudice,” meaning it can’t be refiled. He added that the two sides reached a confidential resolution. The trademark office will now most likely grant Natty Greene’s its trademark, he said. It's a nice end to the story, I suppose, but the resolution leaves me questioning why any of this had to happen in the first place? With just a small application of the common-sense-juice to A-B's lawyers' brain-thoughts, a whole lot of time and money could have been avoided, considering we ended up in the same place as though no opposition had been filed anyway. Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
Plastic is a relatively new material in our environment, but many kinds of plastic don't decompose -- so it sticks around for a long, long time. But it's so useful -- and who wants to drag around metal or glass bottles? (Ahem, even if you did, many glass/metal bottles are lined with plastic anyway.) We could do a better job of recycling plastic and making sure plastic doesn't end up in the ocean, but we'll probably never get rid of plastic unless we run out of oil. Making plastic without chemicals that have estrogenic activity can be done, but some chemical companies are still fighting to make their competitor's products look bad. The dose makes the poison, and what you don't realize is that iocane powder is present in all plastic water bottles. [url] An estimated 4.8 to 12.7 million metric tons of plastic waste entered the ocean in 2010. This estimate is also probably a bit low because it only counts the plastic that is buoyant in seawater. [url] The FDA says BPA from polycarbonate plastic in beverage containers and food packaging is safe. Go ahead and avoid plastic if you want to, but there are probably worse things in your food. [url] If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
Florida's legislators are pushing through bills mandating body camera use by the state's law enforcement officers. So far, so good, except for the fact that law enforcement officers aren't really looking for greater transparency or accountability, at least not according to Florida Police Benevolent Association chief Gary Bradford. Sen. Chris Smith was unable to slide his bill past the first panel review until concessions had been granted to soothe Bradford's "worries." “Our concern is if the camera is on, and it’s required to be on through the entire shift, then it will capture video and audio when you have roll calls or when you’re walking down the hallway or just as you’re go through your day. You’re on a lunch break, you’re in the privacy of your own car with your partner, you’re having a conversation about having a fight with your wife in the morning, or something along those lines, and we just think those things are private, and they shouldn’t be part of the discussion,” said Bradford. Except that's not the extent of the exceptions being granted to supposedly ensure the public won't be allowed to eavesdrop on officers' private discussions of their domestic disputes. Instead, the new language provides several options for law enforcement agencies to abuse to deny responses to public records requests. PCS/SB 248 creates a public records exemption for an audio or video recording made by a law enforcement officer in the course of the officer performing his or her official duties and responsibilities, if the recording: Is taken within the interior of a private residence; Is taken on the property of a facility that offers health care, mental health care, or social services; Is taken at the scene of a medical emergency; Is taken at a place where a person recorded or depicted in the recording has a reasonable expectation of privacy; Shows a child younger than 18 years of age inside a school or on school property; or Shows a child younger than 14 years of age at any location. Taken without context, the list of exceptions seems reasonable. But match it up with recent events, and you can see where this set of exceptions could easily nullify this tool of accountability. Medical emergency exception? Sure, HIPAA and other related laws make medical events and history very private information, subject to several sharing restrictions. But what if a cop is called to assist someone who's suffering a medical emergency or is suicidal or suffers from mental illness? Far too often, a call for help is answered with violence. Under this exception, the underlying medical emergency prompting the police response would allow law enforcement agencies to withhold captured body cam footage. The exceptions devoted to minors would allow law enforcement agencies to withhold the sort of damning footage that contradicted the Cleveland police narrative in the shooting of 12-year-old Tamir Rice. Without this footage, the public would have been left to rely on the CPD's claims that Rice refused to comply with multiple orders to put his hands up and "made a move towards his waistband," ultimately resulting in his being shot to death by responding officers. A park surveillance camera recording showed what actually happened: two police officers drove across the park, stopping within feet of Tamir Rice and and shot him within two seconds of arrival. ACLU Florida's Michelle Richardson says these exceptions are blank checks for LEO opacity and abuse. "If this was really about privacy, it would apply to what officers can practically release on their own as well," Richardson says. "So this is really just about shielding police misconduct. If police want to control the narrative, they can release what they want." While not nearly as restrictive as the LAPD's policy of only releasing body cam footage to parties involved in criminal or civil court proceedings, it's still a recipe for disaster. Florida has laws in place that already restrict the release of police-captured recordings and this pile of exceptions -- while facially well-intentioned -- allows agencies to further dodge accountability for their officers' misdeeds. Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
Thought that the revelations of NSA/GCHQ spying were dying out? Having some "surveillance fatigue" from all the stories that have been coming out? Have no fear -- or, rather, be very very very fearful -- because two big new revelations this week show just how far the NSA will go to make sure it collects everything. First up: your hard drives. Earlier this week, Kaspersky Lab revealed that the NSA (likely) has figured out ways to hide its own spyware deep in pretty much any hard drive made by the most popular hard drive manufacturers: Western Digital, Seagate and Toshiba. Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said. The firm declined to publicly name the country behind the spying campaign, but said it was closely linked to Stuxnet, the NSA-led cyberweapon that was used to attack Iran's uranium enrichment facility. The NSA is the U.S. agency responsible for gathering electronic intelligence. A former NSA employee told Reuters that Kaspersky's analysis was correct, and that people still in the spy agency valued these espionage programs as highly as Stuxnet. Another former intelligence operative confirmed that the NSA had developed the prized technique of concealing spyware in hard drives, but said he did not know which spy efforts relied on it. As the report notes, it appears that this is a kind of "sleeper" software, that is buried inside tons of hard drives, but only "turned on" when necessary. The report notes that it's unclear as to how the NSA was getting this software in there, but that it couldn't do it without knowing the source code of the hard drive firmware -- information that is not easily accessible. A few of the hard drive manufacturers have denied working with the government on this and/or giving them access to the firmware. It's possible they're lying/misleading -- but it's also possible that the NSA figured out other ways to get that information. And that brings us to door number two: your mobile phone's SIM card. Today, the Intercept revealed (via the Ed Snowden documents) how the NSA and GCHQ were basically able to hack into the world's largest manufacturer of mobile phone SIM cards in order to swipe encryption keys, so that your friendly neighborhood intelligence snooper can snoop on you too: The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. The company operates in 85 countries and has more than 40 manufacturing facilities. One of its three global headquarters is in Austin, Texas and it has a large factory in Pennsylvania. In all, Gemalto produces some 2 billion SIM cards a year. Its motto is “Security to be Free.” With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt. The details of just how the NSA hacked into Gemalto are quite a story -- and proves what a load of crap it is when the NSA and its defenders insist that they only target bad people. As former NSA (and CIA) boss Michael Hayden recently admitted, they actually like to spy on "interesting people." And who could be more interesting than the people who have access to the encryption keys on billions of mobile phones? So, yeah, the NSA and GCHQ basically spied on IT folks at the company until they found a way in. So, the NSA spies on "bad guys" and "IT people" for the good guys. Because, I'm sure they'll claim, it helps them get the bad guys. We've seen this before, when the GCHQ hacked into Belgian telco giant Belgacom, allowing them to tap into communications at the EU Parliament. Hacking into various companies appears to be standard operating procedures for the NSA/GCHQ these days, with no thought to the collateral damage being caused. And, yes, both of these hacks basically involve giving the NSA an astounding amount of access to our electronic devices: Leading privacy advocates and security experts say that the theft of encryption keys from major wireless network providers is tantamount to a thief obtaining the master ring of a building superintendent who holds the keys to every apartment. “Once you have the keys, decrypting traffic is trivial,” says Christopher Soghoian, the principal technologist for the American Civil Liberties Union. “The news of this key theft will send a shock wave through the security community.” [....] The U.S. and British intelligence agencies pulled off the encryption key heist in great stealth, giving them the ability to intercept and decrypt communications without alerting the wireless network provider, the foreign government or the individual user that they have been targeted. “Gaining access to a database of keys is pretty much game over for cellular encryption,” says Matthew Green, a cryptography specialist at the Johns Hopkins Information Security Institute. The massive key theft is “bad news for phone security. Really bad news.” Between both of these big stories this week, it's clear that the NSA is basically deeply buried in pretty much every bit of electronic equipment these days, with the tools ready to go to spy on just about anything. The idea that this power isn't being abuse regularly is pretty laughable.Permalink | Comments | Email This Story

Read More...