posted 8 days ago on techdirt
For years now we've explored how large ISPs have (ab)used the lack of competition in the broadband market by imposing completely arbitrary and unnecessary usage caps and overage fees. But in addition to these glorified price hikes, ISPs have also long taken to exempting their own content from usage caps, while penalizing competitors -- allowing them to use this lack of broadband competition to tilt the content playing field in their favor. Incumbent ISPs have long tried to twist and distort this narrative, claiming that zero rating is the bits and bytes equivalent of a 1-800 data or free shipping. Of course that's simply not the case, and zero rating simply shifts costs around to the benefit of entrenched mono/duopolists. Since caps and overage fees are arbitrary implementations not tied to any sound, real-world economics, the consumer isn't technically really saving anything (especially in the States, where we already pay more for data than most developed nations). And because content companies are often penalized while ISPs exempt themselves, this reduction in overall competition has very real negative cost impact on the end user. This gross distortion of the market doesn't just benefit ISPs. Overseas, companies like Facebook have partnered with mobile carriers to cook up their own, poorly-received zero rating efforts, providing an AOL-esque portal to the internet stocked with Facebook-chosen content. Facebook tried to convince folks in India that it wasn't just trying to corner the international ad market, it was simply worried about the plight of the impoverished farmers. When Facebook's plan was being debated last year, Mozilla quite-correctly pointed out that if Facebook was so worried about the poor getting access to the internet, it could... you know... actually help fund connections to the actual internet. Mozilla's now back with a new study that further deflates some of the common, bunk narratives surrounding zero rating, particularly the Facebook and ISP claim that zero rating is a wonderful "on ramp to the internet" that showers immeasurable benefits upon the backs of the poor. More specifically, Mozilla and its international research partners found that zero rating isn't really an on ramp to anywhere useful: "In all countries surveyed — excluding India where zero rating has been banned by the regulator — focus groups revealed that users are not coming online through zero rated services. While more research is needed, if zero rating is not actually serving as an on-ramp to bring people online, the benefits seem low, while the resulting risk of these offerings creating an anti-competitive environment is extremely high." The study also gets to the real reason companies like Facebook are so breathlessly in love with zero rating -- it tends to keep users focused on just a handful of websites (and obviously the advertising companies like Facebook want seen). It should probably go without saying that users who are stuck with only a limited window to the internet, aren't getting the full benefits the internet has to offer. But one of Mozilla's research partners (pdf) also noted that many users of these walled garden, zero rated services wind up conflating "Facebook" with "the internet," which is one of Facebook's primary goals: "In discussing promotions and Internet-use more broadly, respondents focus on Facebook. Some respondents from rural focus groups use Facebook and the Internet interchangeably, as, for example Internet search for them means searching within Facebook...Our findings raise concern of Facebook’s influence within Myanmar, as these zerorated promotions may serve to perpetuate its dominance and undermine widespread understanding of the distinction between its services and the ‘open Internet’. Of course the decision to drive users to a handful of websites instead of the entire internet has a dramatic, negative impact on overall content competition. That's why India banned Facebook from engaging in this behavior, hoping to encourage efforts that help bring the real internet to the poor, not bizarre walled gardens where Facebook, Google or your ISP has the final say when it comes to the content and services you're seeing. Here in the States, where we're facing both a gutting of net neutrality rules and a looming reduction in competition thanks to mindless merger mania, we're about to get a crash course in how the "help" provided by zero rating is no real help at all. Permalink | Comments | Email This Story

Read More...
posted 8 days ago on techdirt
There's been a lot of debate over the past few years about forcing internet platforms -- YouTube, Facebook and Twitter, mainly -- to respond to terrorists (oddly only Muslim terrorists) using those platforms for propaganda and agitation by taking down that content. It's often been discussed under the banner of "countering violent extremism" or CVE. These days, those and other platforms tend to have large staffs reviewing videos, and especially quickly pulling down videos of ISIS promoters calling for attacks on America and Europe. And, in some countries it's now required by law that internet platforms remove such content. And you can certainly understand the gut reaction here: someone calling you evil and encouraging attacks on you is seriously unnerving. One of the points that we make about this, though, is that while many, many people think it's "easy" to determine which content is "good" and which content is "bad," it's not. The areas of gray are vast and murky. One example we pointed to is that when YouTube was first pressured into taking down terrorist propaganda videos, it resulted in YouTube killing a channel that was documenting atrocities in Syria. Understanding the difference between promoting violence and documenting violence is not easy. And here's another example. You may have seen the following news clip floating around, involving a Trump-connected Pastor named Robert Jeffress explaining on a news program why the Bible says it's okay to assassinate Kim Jong Un and go to war with North Korea. .@robertjeffress: "The Bible gives @POTUS the moral authority to use whatever force necessary... to take out an evildoer like Kim Jong-un." pic.twitter.com/UQZTE8fwzS — Fox News (@FoxNews) August 9, 2017 That video clip is all over the news this week and can be found all over the internet. The copy I'm posting above is from Twitter, but I'm sure it can be found elsewhere as well. But what if, instead of an evangelical pastor, that statement were coming from a Muslim cleric, and instead of North Korea and Kim Jong Un it talked about America and Donald Trump? Would it still be all over social media, or would people be demanding that the internet take it down? And this question applies no matter what you think of the video above. I'm not making a statement one way or the other on the content of it, even if I have an opinion about that. My point is simply that when we demand that platforms pull down "radical" content pushing for "violent extremism," it's really, really difficult to distinguish between the video above and some of what, say, ISIS releases. This is a point that I think frequently gets lost in these discussions. People think that it's easy to tell what's "bad" because it's easy for them to determine what is bad in their opinion or bad to them. But setting up general rules that scale across an entire platform is almost impossible. And even if you argue that the context of this video is different from my Muslim cleric example, you're only helping to make my point. Because that would mean that anyone reviewing the video to determine if it stays up or down would have to become knowledgeable in the overall context -- which in this case could require understanding centuries of global religious views and conflicts. I'm sorry, but Facebook, YouTube, Twitter and everyone else can't hire thousands of PhDs in all related fields to review these videos (within hours) with the level of understanding and context necessary to make a judgment call on each and every one. None of this is to say that the platforms need to leave everything up (or take everything down). But if you're going to require platforms to police content, you need to at least recognize that any "rules" on this stuff will lead to rules you don't like. Rules that say a Muslim cleric's call for war on America is not allowed will almost certainly lead to the video above also not being allowed. Maybe some people are comfortable with neither being allowed, but the situation sure gets tricky quickly... Permalink | Comments | Email This Story

Read More...
posted 8 days ago on techdirt
Gain a working knowledge of the ITIL framework and its applications to streamline IT service provision with this $29 course covering ITIL Foundation Training for IT Professionals. Understanding ITIL will allow you to optimize your IT service, and help you build better strategies to keep customers happy. The course gives you access to 20 hours of training and preparation for taking the ITIL Foundation exam to become certified as an ITIL Practitioner. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team. Permalink | Comments | Email This Story

Read More...
posted 8 days ago on techdirt
With only minimal media fanfare, violent crime is on the rise in London. There have been many explanations on offer for this, ranging from the refugee migrant crisis to drastic cuts to funding for youth services. Specifically noteworthy is the upward trend in knife violence, which, we will note, began before the Middle East refugee crisis, but has accelerated since. Knife attacks have risen not only in what could be called "terrorist" incidents involving Islamic extremists, but also in the more banal gang-related type of incidents as well. As experts search for the real cause and solution to all of this, however, London Mayor Sadiq Khan insists he has found the real enemy in all of this: YouTube. London mayor Sadiq Khan has criticised Google’s YouTube after it failed to take down four violent gang videos describing killing methods and threatening rivals, which were flagged by police. The videos reportedly show gang members waving a large Rambo-style knife as they attempt to goad rivals. The videos have been watched more than 356,000 times and have not been removed despite YouTube’s terms saying it takes “threats, harassment, intimidation (and) inciting others to commit violent acts” seriously. “Google, YouTube and other platforms have a responsibility to the millions of young people using their sites every day, and it is vital that they toughen up their guidelines, remove breaches immediately and work with partners to help ensure such horrific videos do not reappear. Lives could depend on it,” said Khan. “Social media and the internet can be used to inflame tensions and escalate violence quicker than ever before, and these videos are a shocking example of the glamorisation of gang culture.” It will never cease to amaze me how many people can look at a complex social problem with all sorts of subtle causes and influences... only to turn around and find an easy scapegoat in technology. Specifically the internet. London has endured a 24% rise in knife crime and His Honor is going to war with YouTube over four whole videos. In the first link in the introduction above, the New York Times interviews youths now carrying knives, typically found in their kitchen drawers, and provides a fairly good explanation of why these youths are arming themselves in the street. Absent from the prose of that article as any mention of teens slipping blades in their pockets because a YouTube video told them so. It's also worth noting that these videos make for great evidence for convicting bad actors when they actually do carry out attacks. Similar violent videos helped convict four men for the murder of 18-year-old Marcel Addai in September 2015, and have been used in other successful prosecutions. Now, YouTube has reviewed the specific videos in question and has decided to leave them up, while also noting that it is committed to working with police to take down true violent content. The problem in all of this is that there is a fuzzy line drawn between valid expression and an actual threat. If I wanted to, I could twist all kinds of content on YouTube and claim it represented real violent threats, from political expression to drill rap videos that often feature weapons to dramatic expressions. What YouTube typically requires is verified context that a threat made in a video is both specific and real before taking it down. It has deemed these videos not to cross that line. “We work closely with organisations like the Metropolitan police to understand local context and specifically, so that we can understand where artistic expression escalates into real threats. We’re committed to continuing and improving our work on this issue and making YouTube a hostile space for those who seek to do harm.” Which is as it should be, no matter the London Mayor that wishes to scapegoat the internet while too many of his own citizens bleed in his own streets. Permalink | Comments | Email This Story

Read More...
posted 8 days ago on techdirt
In the telecom market the trifecta of holy bullshit has long been AT&T, Verizon and Comcast. And while all three companies are painfully unethical, anti-competitive, and viciously anti-consumer, Verizon has long utilized a particular finesse as it works tirelessly to prevent its regional mono/duopoly from anything closely resembling actual competition. Many of these efforts have historically teetered on the comical, and you've likely forgotten most of them. Remember when Verizon tried to ban Bluetooth, tethering, or competing GPS apps to force you to use their inferior and expensive services? Or when it launched a shitty tech news blog, but banned reporters from talking about surveillance or net neutrality? Or that time Verizon blocked all competing mobile payment services on its phones to prop up its poorly-named and executed ISIS mobile payment service? Or when it was busted covertly modifying user packets to track users without their permission? And who could ignore its frontal assault on net neutrality, and recent comical video denying it was doing anything of the sort? Yeah, good times. Impressively, one man has done some yeoman's work for the rest of us and complied these and countless more examples of Verizon's anti-competitive behavior into what's the only real formal net neutrality complaint filed so far. It should be noted that there are tens of thousands of informal consumer net neutrality complaints (which the agency refuses to disclose because it might highlight how this is a real problem). But to file a formal complaint you need to pay $225, submit an ocean of paperwork, and kick off a long-train of procedural and legal fisticuffs most consumers simply don't have time for. But after doing a painstaking amount of homework, a man named Alex Nguyen did just that: "Nguyen is a recent college graduate living in Santa Clara, California. And for much of 2015, he spent his time digging through years of Verizon's public statements and actions, assembling more than 300 citations into a 112-page document that could well have been his master's thesis. (In fact, he studied computer science.) The document catalogs a dozen questionable actions Verizon has taken since 2012, assembling a body of evidence in an attempt to prove that the carrier has violated a number of open internet protections." Not only that, Nguyen took the time to actually navigate the myriad of bullshit counter arguments Verizon put forth in trying to deny the fact that it is a well-documented anti-competitive ass. Some of them being, well, pretty comical: "The complaint kicked off a back-and-forth process of objections, evidence discovery, and failed mediation to reach a resolution. Along the way, there have been some hilariously petty digressions, which Nguyen, untrained in the law, has handled patiently. At one point, Verizon objected to his definition of “Verizon” and proposed its own definition. Nguyen then objected to Verizon’s objection, saying that Verizon “copied my definition almost verbatim,” which, in fact, it had." "With Verizon it's always, 'We're blocking these features as a fraud prevention tactic,' or 'It didn't pass our certification requirement that we're not gonna talk about,' or 'It didn't pass these requirements that were never specified,'" he told The Verge. "There's always this pattern of deception with Verizon." After countless arguments and counter arguments taking nearly a year, Nguyen's complaint now sits in the lap of the FCC's Enforcement Bureau, which needs to either rule on the complaint, or refuse and explain why. With the current FCC boss busy bumbling toward killing the rules entirely and clumsily trying to downplay the massive backlash to his proposal, it seems unlikely that Ajit Pai and pals would want to sanction his former employer publicly or in any meaningful way. So for now the name of the game at the FCC appears to be to ignore the complaint and hope nobody notices, something that just became more difficult courtesy of this week's news coverage. Permalink | Comments | Email This Story

Read More...
posted 8 days ago on techdirt
The Supreme Court is going to take a look at the Fourth Amendment implications of warrantless access to historic cell site location information. The outlook for a Fourth Amendment win isn't particularly hopeful, given that there's no circuit split to be resolved. The lone holdout was the Fourth Circuit -- which originally had problems with the long-term collection of location information -- but that court reversed its earlier decision to align with other circuits which have addressed the issue. That doesn't mean no one should try! Who knows what the court might decide, especially given the shifting telecommunications landscape. After all, it has managed to budge the 4th a wee bit now and then, even in decisions that were mostly punts or calls for the aggrieved to take it up with their Congressional reps. The ACLU has filed a brief [PDF] on behalf of the appellants, pointing out what should be obvious: cell site location info isn't Just Another Third Party Record. It's a proxy tracking system for law enforcement, which can access this data without warrants. And it's only getting more precise every day. Service providers have long retained location information for the start and end of incoming and outgoing calls. Today, those companies increasingly also retain location information related to the transmission of text messages and routine internet connections—which smartphones make virtually constantly to check for new emails, social media messages, weather updates, and other functions. The information recorded can include not only cell site and sector, but also estimated distance of the phone from the nearest cell site. Id. Location precision is also increasing as service providers deploy millions of “small cells,” “which cover a very specific area, such as one floor of a building, the waiting room of an office, or a single home.” United States v. Graham, 824 F.3d 421, 448 (4th Cir. 2016) (en banc) (Wynn, J., dissenting in part and concurring in the judgment) (citation omitted); see also Hoy, supra, at 69-70. All told, a typical smartphone connects to cell towers hundreds of times a day, generating a densely pixelated matrix of data points documenting the user’s movements. The volume and precision of that data will grow steadily in coming years, generating ever more granular locational information. The ACLU notes Congress itself has granted consumer protections for CSLI, giving customers control over who has access to this data. Unfortunately, multiple courts have ruled that, since cell providers have access to the info and customers are at least somewhat aware their phones must connect to towers to provide service, this information can be obtained by the government with only a subpoena. (And, obviously, without the customer's consent.) In some rulings, this has been extended to real-time location tracking, with law enforcement officers basically shoulder-surfing telco computers for pings. The brief draws a connection between virtual location tracking with CSLI and the Supreme Court's Jones decision, which dealt with long-term tracking of individuals with concealed GPS tracking devices. That decision didn't quite establish a warrant requirement, but did suggest warrantless long-term location tracking raised a number of Fourth Amendment issues. Allowing law enforcement agencies to use service providers as tracking devices is a problem. It shouldn't really make a difference whether it's long-term or short-term, but the tremendous amount of location data automatically gathered can provide an extremely in-depth examination of someone's life, all through the magic of third-party records. Worse, long-term tracking through CSLI exposes even more of a person's movements to the government. Phones go places cars don't. A suspect could "opt out" of GPS data collection by walking, using public transportation, or riding in vehicles without tracking devices. But people's phones go everywhere they go. Having this wealth of information on tap is a boon for law enforcement. Obtaining a warrant isn't some sort of insurmountable obstacle. The world has changed incredibly since 1979, which is when the Supreme Court created the Third Party Doctrine out of thin air. If nothing else, this case should give it the opportunity to take another look at a decision headed into its fourth decade and see if it still remains relevant in a world where almost every citizen carries around a proxy government tracking device wherever they go. Permalink | Comments | Email This Story

Read More...
posted 9 days ago on techdirt
Techdirt has just written about the amazing achievements of Sci-Hub, and how it now offers the vast majority of academic papers free online. One implication may be that traditional publishing, with high-cost journals hidden behind paywalls, is no longer viable. But as we noted, that doesn't mean that traditional publishers will disappear. For one thing, many are embracing open access, and finding it pretty profitable (some would say too profitable thanks to things like "double dipping".) But there's another way that academic publishers, particularly the biggest ones with deep pockets, can head off the threat to their profits from developments like Sci-Hub and open access: by diversifying. Mike wrote about one example last year, when Elsevier bought the preprint service Social Science Research Network (SSRN), arguably the most popular repository of research in the fields of economics, law and the social sciences. Since SSRN deals in preprints, which can be freely downloaded, sites like Sci-Hub are no threat. Similarly, preprints are generally posted before submission to journals, and therefore can flourish whether or not those journals are open access. Now we have yet another significant move by Elsevier, reported here on the Scholarly Kitchen blog: Elsevier announces its acquisition of bepress. In a move entirely consistent with its strategy to pivot beyond content licensing to preprints, analytics, workflow, and decision-support, Elsevier is now a major if not the foremost single player in the institutional repository landscape. If successful, and there are some risks, this acquisition will position Elsevier as an increasingly dominant player in preprints, continuing its march to adopt and coopt open access. As that post explains, Bepress is not a publishing company, but seeks to provide key elements of the general infrastructure needed for scholarly communications. That includes things like repositories -- the stores of articles produced by researchers at an institution, or covering a specific field -- and "showcases". Bepress's product in this field is called Digital Commons. It claims to be: the only comprehensive showcase that lets institutions publish, manage, and increase recognition for everything produced on campus -- and the only institutional repository and publishing platform that integrates with a full faculty research and impact suite. It's a shrewd acquisition by Elsevier. It continues to move the company beyond the role of a traditional publisher into one that can offer a complete solution for the academic world, with products and services handling every aspect of scholarly work. By acquiring more and more parts of this solution, Elsevier can integrate them ever-more tightly, which will encourage users of one element to adopt others. If this process of integration can be carried out successfully, it will leave Elsevier with almost total control of the sector, beyond even today's already profitable position. That may be great for Elsevier shareholders, but it limits choices for the academic community. Fortunately, there are ways to counter Elsevier's rise to monopoly power. Techdirt wrote about one of them last year, when a new open preprint repository for the social sciences, SocArXiv, was created soon after Elsevier bought SSRN. There are already a number of open source alternatives to Bepress products, and supporting those rather than moving to Elsevier-owned services is an obvious move for those in the academic community who wish to preserve their independence. The problem is that doing so is likely to require a certain amount of effort, and it may be that institutions, libraries and academics don't have the time or energy to do that, and they will simply sign up to Elsevier's monoculture without worrying too much about the long-term consequences. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 9 days ago on techdirt
Second Bob Murray post in a day? Second Bob Murray post in a day! It would appear that the whole ACLU amicus brief side show will remain a side show. The federal district court has sent the case back to state court where it originated. We had written about HBO moving the case to federal court and (correctly) predicted that Murray would likely try to have it sent back to state court, but (incorrectly) predicted that it wouldn't work. Just as background: in many cases, defendants want these cases in federal court because of the general belief (and you can debate whether this is accurate or not) that federal court judges are more sophisticated in understanding legal issues than their state court counterparts. This can be a little unfair to state judges (and a little too nice to some federal judges), but the general rule of thumb is if you have a strong case, it's better to be in federal court. But, this case is moving back to state court over lack of "diversity." I'll leave it to lawyers to offer a more complete explanation of diversity, but the short layman's version is that it's basically about whether or not the parties are in different states. If they are, you can move to federal court. If they aren't, you're in state court. As we explained, HBO/John Oliver had tried to argue that Murray's inclusion of various West Virginia companies that he owned was a fraudulent attempt to avoid diversity rules, as those companies weren't really mentioned in Oliver's piece. Murray and Murray Energy are based in Ohio. Oliver and HBO are based in NY. However, here the court finds that it was proper for Murray to include the various West Virginia coal mining companies he owns as plaintiffs. The Plaintiff Corporations in question were, therefore, properly joined, and the case should be remanded to state court. First, Mr. Murray is the CEO and director of each of the Plaintiff Corporations and is listed as the controller of the mines owned by those corporations. Not only is Mr. Murray heavily interrelated with these corporations in a formal business sense, but a reasonable person who knows of Mr. Murray, especially in West Virginia or another coal state, would find it nearly impossible to separate Mr. Murray from his corporations and mines. With such a strong interrelationship between Mr. Murray and the Plaintiff Corporations, defamatory statements made about Mr. Murray in his professional capacity may be easily seen as negatively implicating the operation of his corporations. The court admits that the statements by Oliver were about Murray himself, and not his companies, but says the two are so closely identified with one another that it doesn't matter for this purpose. Also some of the comments Oliver made, while about Murray, were specifically about actions at Murray-owned companies. The allegedly defamatory statements made about Mr. Murray did refer to him in his professional capacity. First, the Crandall Canyon Statement refers to a collapse at a mine Mr. Murray chaired and operated regarding the cause of the collapse. Second, The Black Lung Statement refers to Mr. Murray in his professional capacity because his decisions regarding Black Lung regulation would be made as the chairman and operator of the mines. The alleged “character assassinations” of Mr. Murray, including the Geriatric Dr. Evil Statement, refer to Mr. Murray in his capacity as a private individual because they bear no relation to his professional conduct. However, because the interrelationship between Mr. Murray and the Plaintiff Corporations is so strong, it is possible that those comments may defame the corporations if it was determined that the comments discredited the way the Plaintiff Corporations were operated. The Crandall Canyon statement implies that the Plaintiff Corporations are run by a dishonest figure, while the Black Lung statement implies a lack of care for the safety of Mr. Murray’s employees. Even without the character statements, there would be sufficient cause for the Plaintiff Corporations to have a possible chance of success in a defamation action based on comments made about Mr. Murray Random aside: for reasons that I do not understand, in the midst of the above paragraph the court adds a footnote explaining Dr. Evil in much greater details than seems necessary. 1 For those who might not be familiar, Dr. Evil, whose real name is Douglas Evil Powers, gained notoriety as the villain of the Austin Powers film franchise. He is a parody of Ernst Stavro Blofeld, a nemesis of James Bond. Along with his cat, Mr. Bigglesworth, a colorful supporting entourage, and a plethora of secret lairs, Dr. Evil made several attempts at taking over the world, before ultimately finding redemption by the end of the final film. First: SPOILER ALERT. And second, I mean, sure. That's a decent summary (and I must admit I don't remember Dr. Evil even having a real name, but it's been a while since I've seen the films), but I'm not sure why this footnote is necessary in a straightforward decision to remand. Almost feels like the judge wanted to get in something oddly humorous in such a weird case. But back to the meat of the ruling. The court says that since the statements could defame the companies in West Virginia and (whoops...) HBO and those West Virginia coal companies are incorporated in Delaware, there's no diversity jurisdiction to move the case to federal court: Defendants’ primary contention is that the Plaintiff Corporations were not properly joined because the defamatory statements were not of and concerning the corporations, giving the corporations no possibility of asserting a right to relief. As discussed herein, this Court finds that defamatory statements made about an executive of a business may be sufficient to defame his business where the statement was made about the individual in his professional capacity and reflects negatively on the operation of the business. Therefore, the Plaintiff Corporations may have been defamed by statements made about Mr. Murray, giving them a possibility of success in this action as set forth by Ashworth, 395 F.Supp.2d at 403. Because the Plaintiff Corporations have this possibility of success, they were properly joined. This joinder destroys the diversity jurisdiction, which would have allowed a removal to this Court because the Plaintiff Corporations and Home Box Office, Inc. are all incorporated in Delaware. Therefore, this action should be remanded to state court. All in all, a pretty straightforward decision on remanding -- and, of course, it makes no statement on the merits (or lack thereof) of the actual defamation claims. This is probably not a big deal in the overall case, as Oliver/HBO's argument is much, much stronger when it comes to whether or not his statements were defamatory (as the ACLU so nicely explained in their now-irrelevant amicus brief), but it is at least something of a setback for Oliver and HBO. And, in case you're wondering, the 4th Circuit (where this is) does not tend to allow remand orders like this to be appealed. So they're likely stuck in state court. That's a bit of a hassle for Oliver/HBO, and a bigger annoyance for reporters like myself who do have access to federal court records while state court records in West Virginia are (annoyingly) not so easy to access. Permalink | Comments | Email This Story

Read More...
posted 9 days ago on techdirt
Here's how the CBP is defending our borders -- even before the Trump Administration's "surge:" Everyone they detained was an American citizen, coming back to the US after attending a wedding of a cousin. They were treated terribly, put in a cold room with no food or drinks, and no information on what was going on. CBP demanded they hand over their electronics, and made it clear they might not get them back. The thing is, this isn't a unique situation. As the report notes, there's almost no oversight over CBP actions, allowing them to act with impunity. In the report, the story is told of a 4-year-old girl, an American citizen, who was detained for 14 hours, in a cold room, without being allowed to speak to her parents and given no food beyond a cookie. And then she was deported. Even though she was a US citizen. She was allowed to come back weeks later, but now has symptoms of post-traumatic stress disorder. And that was at the Canadian border. Down south, treatment of citizens and (especially) non-citizens is even worse. The CBP has a vast amount of power but very minimal oversight. The fact that they deal with non-citizens frequently tends to result in a "They're not Americans, so who cares?" attitude. In 2013, the American Immigration Council studied data on complaints against the CBP. What it found was depressing, if unsurprising. The data, which the Immigration Council acquired through a Freedom of Information Act (FOIA) request, covers 809 complaints of alleged abuse lodged against Border Patrol agents between January 2009 and January 2012. These cases run the gamut of physical, sexual, and verbal abuse. Although it is not possible to determine which cases had merit and which did not, it is astonishing that, among those cases in which a formal decision was issued, 97 percent resulted in “No Action Taken.” On average, CBP took 122 days to arrive at a decision when one was made. Moreover, among all complaints, 40 percent were still “pending investigation” when the complaint data were provided to the Immigration Council. The most common complaint was physical abuse, occurring in nearly 40% of the studied cases with excessive force following close behind with 38% of reports. This should be expected, as the CBP is a law enforcement agency. Many US law enforcement agencies believe the most effective response to almost any situation is violence, and they deploy it frequently in various forms. Complaints about CBP officers are notoriously difficult to substantiate. It's not that the complainants are more unreliable than complaints against other agencies. It's that there's usually a language barrier to be dealt with and the odds of the complainant having been whisked into Mexican/Canadian cornfields are much higher. No other agency has the power to deport its unhappy customers. Three years later, the Immigration Council has compiled another report [PDF] based on FOIAed documents covering complaints from 2012 to 2015]. There has been no improvement. This data, obtained through a Freedom of Information Act (FOIA) request, includes 2,178 cases of alleged misconduct by Border Patrol agents and supervisors that were filed between January 2012 and October 2015. These cases range from instances of verbal abuse, to theft of property, to physical assault. Even though assessing which cases did or did not merit disciplinary action was not feasible with the information CBP provided, the overall findings of this report are still remarkable. For example: 95.9 percent of the 1,255 cases in which an outcome was reported resulted in “no action” against the officer or agent accused of misconduct. The complaints contain allegations of many forms of abuse, with “physical abuse” cited as the reason for the complaint in 59.4 percent of all cases. “No action” was the outcome of many complaints against Border Patrol agents that alleged serious misconduct, such as running a person over with a vehicle, making physical threats, sexually assaulting a woman in a hospital, and denying medical attention to children. A 1.1% "improvement" in sustained complaints is nothing more than expected variance. However, physical abuse appears to be on the upswing, jumping nearly 20% in the last three years. Again, the sheer amount of alleged abuse -- and the allegations themselves -- make for harrowing reading. Here's a small sampling of complaints against CBP officers. Border Patrol agent allegedly placed Taser in the mouth of a U.S. citizen, resulting in injury (Tombstone, AZ) Border Patrol agent allegedly beat, kicked, and made a UDA [“Undocumented Alien”] (a citizen of Ecuador) eat dirt while he was apprehended (Imperial Beach, CA) Border Patrol agent allegedly verbally abused and threatened a UAC [“Unaccompanied Alien Child”] with rape and either a weapon or [self-defense] spray (Laredo, TX) Border Patrol agent allegedly put a gun to a UAC’s [“Unaccompanied Alien Child’s”] neck and threatened to kick and kill him (Weslaco, TX) A UDA [“Undocumented Alien”] alleges she was raped by two male Border Patrol agents prior to her apprehension by a female Border Patrol agent (Casa Grande, AZ) Taken altogether you have an agency that has little fear of reprisal for its actions. Bolstering this is an opaque complaint process exacerbated by language barriers. On top of it, there's the general dehumanization of everyone the CBP interacts with, which only encourages staff to treat people like meat, rather than with any sort of restraint or dignity. Sitting all the way above it on the federal organizational chart is a president who's decided to make anyone without US citizenship a scapegoat for overstated leaps in criminal activity. It's only going to get worse. And considering how long the CBP has been able to escape punishment for its behavior, there's really no reason to append "before it gets better" to the previous sentence. Permalink | Comments | Email This Story

Read More...
posted 9 days ago on techdirt
Warner/Chappell's DMCA takedown arm is so damn proactive it can kill YouTube videos containing as little as 0% of its IP. A clip of Star Wars posted to YouTube sans overbearing John Williams soundtrack was targeted by Warner/Chappell, the owner of the rights to John Williams' Star Wars compositions. > Here's Jeremy Hsu of Wired with more details. Fans of the YouTube channel Auralnauts, which posted the doctored Star Wars scene in 2014 as a tongue-in-cheek tribute to the emotional power of Williams’ score, loved it for that weirdness. But another set of viewers—those with the rights to the movie’s soundtrack—tuned in to these sounds of silence and heard something else: the ka-ching of a cash register. That’s what the Auralnauts discovered earlier this summer when they received word that Warner/Chappell—the global music publishing arm of Warner Music Group—had filed a monetization claim on their “Star Wars Minus Williams” video through YouTube's Content ID System. That’s right: The copyright holder was claiming ownership of something that wasn’t there. There are several theories to what went wrong here, although Warner engaging in kneejerk copyright claims with zero pre-claim vetting doesn't appear to be the frontrunner. First, a clip of music sounding a lot like a John Williams piece opens the video. But the piece is written and composed by Gustav Holt -- and is "copyright-free" according to Wired. The studio behind Star Wars had no objection to the clip, so it's not related to the visual content. That leaves Warner, possibly motivated by a faulty trigger in its Content ID auto-scanning. There's also a four-second loop of Williams' score appended to the end of the video, which may have pulled the Content ID trigger as well. But even if so, there are still problems with Warner and YouTube's Content ID system because the wrong piece of music was named in Warner's copyright claim. [T]he Warner/Chappell claim incorrectly identified the “Star Wars Main Title” track as being present in the Auralnauts video. The single brief Williams excerpt used by the Auralnauts actually comes from a track titled “The Throne Room and End Title.” Whatever the case is, the claim was obviously bogus. But it shows how fragile an ecosystem YouTube can be for those using it as a revenue stream. Even when wrong about pretty much everything, Warner was still able to siphon this video's profits from the Auralnauts. The Auralnauts challenged Warner -- which the article points out is something that happens in less than 1% of content claims -- but it didn't matter. In fact, it's unlikely anyone at Warner even bothered to read the challenge before issuing a rejection. That leaves the Auralnauts in the difficult position of risking their entire channel to continue disputing Warner's obviously erroneous copyright claim. [I]f a copyright claimant such as Warner/Chappell does not back down from its claim, the video is likely to get taken down from YouTube entirely—and in that event, the Auralnauts would also be penalized by the platform as a copyright scofflaw and barred from some privileges, such as linking to their own store. Three such takedowns and YouTube will delete your channel. Despite the constant complaints about YouTube being some sort of infringement wonderland, the odds are stacked almost completely in favor of legacy industry copyright holders. Nothing happens to Warner if it continues to file bogus claims. But those targeted by claims are expected to just let the bogus claims happen because challenging claims is a great way to damage your own YouTube account. Permalink | Comments | Email This Story

Read More...
posted 9 days ago on techdirt
Free speech can make for some strange bedfellows at times, and the ACLU certainly has a history of defending the free speech rights of people from across the political spectrum (and out to the extremes). The ACLU's willingness to defend just about anyone's free speech rights sometimes confuses people who incorrectly think that free speech should only be protected for people you agree with. The most famous example of the ACLU's willingness to protect the free speech rights of those that they themselves likely disagree with is the famous case in which it defended the right of the KKK to march in Skokie, Illinois. But the ACLU may have just filed a new case that people can point to -- as they seem to have collected plaintiffs from different extremes of the political spectrum, all suing over the DC Metro's refusal to accept their controversial ads. In this case, the ACLU is representing "I just want to seem so controversial" Milo Yiannopoulos's company Milo Worldwide, as well as PETA (you know who they are) and Carafem (a healthcare organization that helps women get birth control and abortions). Oh, and themselves. The defendant is the Washington Metropolitan Area Transit Authority (WMATA), the organization that runs the Metro. The issue is that all four organizations sought to purchase "controversial" ads for the Metro, and all were rejected. Let's start with the ACLU's own ad, because this one is the most ridiculous of all. The ACLU tried to buy an ad that was just... the First Amendment. Really. No joke. Doesn't seem very controversial, right? Well, according to the ACLU, this ad was rejected for trying to "influence public policy." The ACLU inquired about placing our ads with WMATA, envisioning an inspirational reminder of our founding texts, with a trilingual twist, in the transit system of the nation’s capital. But it was not to be: Our ad was rejected because WMATA’s advertising policies forbid, among many other things, advertisements “intended to influence members of the public regarding an issue on which there are varying opinions” or “intended to influence public policy.” Quoting the Constitution might influence public policy? I mean, sure, but wouldn't it influence it in a way that is, well, Constitutional? The other three ads were all more "traditionally" controversial, even if they might be controversial to very different groups of people. Carafem's ad was rejected because it mentioned abortion. PETA's ad was rejected because it told people to "go vegan." And Milo's ad was rejected after people complained about it (yes, they were originally put up, but then pulled). As the ACLU summarizes: The ideas espoused by each of these four plaintiffs are anathema to someone — as is pretty much every human idea. By rejecting these ads and accepting ads from gambling casinos, military contractors, and internet sex apps, WMATA showed just how subjective its ban is. Even more frightening, however, WMATA’s policy is an attempt to silence anyone who tries to make you think. Any one of these advertisements, had it passed WMATA’s censor, would have been the subject of someone’s outraged call to WMATA. So, to anyone who’d be outraged to see Mr. Yiannopoulos’ advertisement — please recognize that if he comes down, so do we all. The First Amendment doesn’t, and shouldn’t, tolerate that kind of impoverishment of our public conversation. Not even in the subway. At the end of the day, it’s a real shame that WMATA didn’t accept the ACLU’s advertisement — the agency could really have used that refresher on the First Amendment. As for the actual lawsuit, there are a series of First Amendment claims about why the activity is unconstitutional (viewpoint discrimination, unfettered discretion, unreasonable application) and a Fifth Amendment due process claim for vagueness in the policy. The exhibits also contrast the rejected ads with ads that were allowed -- including ones for joining the military, drinking beer, other medical procedures, hookup apps and (of course) edible meats. All in all a pretty solid case. And we've already seen some people bitching about the ACLU representing any of these folks -- and you can count me among those who isn't a fan of PETA (have you seen what I've written about those guys?) and who hates giving Milo any attention at all, since that's basically all he wants (see what I put myself through to get you stories?). I don't know anything about Carefem, but I'm sure some people hate them too because "abortion." But I appreciate the fact that there's an ACLU that will stand up for all of their free speech rights (and its own). Permalink | Comments | Email This Story

Read More...
posted 9 days ago on techdirt
Final Draft 10 is the standard software for professional screenwriters and studios the world over. It automatically paginates your script to entertainment industry standards and gives you over 100 templates and formatting tools to turn your ideas into real scripts. You can collaborate in real time with a writing partner, outline acts, scenes, and sequences more efficiently, store multiple lines of dialogue in the same script, and more. Final Draft 10 is on sale for $150 (40% off of retail) for a limited time in the Techdirt Deals Store. Use the promo code FINALDRAFT15 for an additional 15% off. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team. Permalink | Comments | Email This Story

Read More...
posted 9 days ago on techdirt
Another day, another SLAPP suit -- but, unfortunately, not much in the way of an anti-SLAPP law to protect against it. As you may have heard recently, Fox News host Eric Bolling was recently suspended by the channel after Yashar Ali reported in the Huffington Post that Bolling had sent "lewd" texts to colleagues at the station, including the ever popular dick pic "unsolicited photo of male genitalia via text message." Earlier this week, Bolling announced that he looked forward to clearing his name and apparently he's decided to do that by... suing the reporter Yashar Ali for $50 million. We don't have the full complaint, but Ali has received a summons, which gives us some information. The notice part reads: The nature of this action is for damages and injunctive relief based on defamation arising from the defendant's efforts to injure plaintiff's reputation through the intentional and/or highly reckless publication of actionable false and misleading statements about the plaintiff's conduct and character. As a result of the defendant's action, the plaintiff has been substantially harmed. And... The relief sought includes, but is not limited to, reputational damages, monetary damages, special damages, punitive damages, costs, fees, injunctive relief and such other relief as is just and proper, in an amount not less than $50 million. A few important things here. The lawsuit is filed in New York state court, not federal court, and it may stay there as both Bolling and Ali appear to be in the state. As we've noted many times in the past, New York has an embarrassingly weak anti-SLAPP law, something it should really work on fixing (being the "media capital of the world" and all...). Also of note: Bolling is targeting Ali directly and not the Huffington Post, which published his article, or any of the layers of parent companies for HuffPo: AOL and Verizon. It is likely Ali does not have $50 million, though I'm pretty sure that those other companies do. Not that they should or would pay -- but if Bolling is truly seeking $50 million, you'd think he'd target the companies with the actual money, rather than the lowly reporter. The targeting of the reporter alone certainly adds weight to the idea that this is a pure SLAPP suit, targeting a reporter and trying to silence him. Ali, for his part, stands by his reporting and promises not to be intimidated: Just received a summons. Eric Bolling is suing me for defamation - $50 million in damages. I stand by my reporting + will protect my sources — Yashar Ali (@yashar) August 9, 2017 Not going to stop reporting on Eric Bolling or anyone else. I've had family members killed/jailed in Iran, a lawsuit isn't going to scare me https://t.co/nvludsIV87 — Yashar Ali (@yashar) August 9, 2017 Huffington Post has said it also stands by Ali's reporting, and has "no hesitation" about standing by him financially in the lawsuit, further pointing out that he had a fairly astounding 14 sources for his story. It is true that if the claims were entirely made up they likely would qualify as defamatory, but with that many sources, proving they were made up is not going to be easy. Of course, if the point of the lawsuit is just to create a massive hardship for Ali, that part doesn't matter. And without an anti-SLAPP law to make the plaintiff pay the legal fees, such cases can be overwhelming. One other element of this is that Bolling's lawsuit might serve another purpose: scaring anyone else (beyond the 14 who have already spoken) from speaking out about potential misdeeds for fear of having that info come out in a lawsuit. That's a separate form of chilling effects created by these kinds of lawsuits, and a problem in and of itself. It seems quite likely that Ali will seek to have the case tossed out as early as possible, but if it actually goes to discovery, well... I'm not sure Bolling will enjoy opening himself up to that. When people get angry over coverage, filing a defamation lawsuit often is their instinctual reaction -- but it can certainly backfire. Permalink | Comments | Email This Story

Read More...
posted 9 days ago on techdirt
As you likely recall, last week the ACLU of West Virginia asked the federal court handling the very upset coal boss Bob Murray's defamation lawsuit against comedian John Oliver to allow it to file a hilarious amicus brief explaining (among other things) why it was perfectly legal to say "Eat shit, Bob." As we noted at the time, it is a very funny filing, but we weren't sure the court would allow it for a whole variety of reasons. And thus it's no surprise that Murray's lawyers are opposing the motion -- but we didn't expect that their opposition would be quite so ridiculous. There are lots of normal arguments they could make, including no need for an amicus brief at this point, or pointing out that the amicus arguments are likely to be simply duplicative of HBO/John Oliver's arguments, but... Murray's lawyers went a bit further. Apparently, they don't want the ACLU weighing in, because it has an opinion. More troubling, the ACLU fails to disclose its indisputable and disqualifying bias, notwithstanding that several district courts have noted that impartiality is a key factor to consider when evaluating whether to permit a non-party to serve as amicus curiae. But, uh, most amicus briefs have a bias that supports one side or the other. They just add to the overall record, often providing different perspectives on the issues, or offering an alternative way of looking at the issues. Nothing says that amicus briefs need to be totally neutral. It's no surprise that Murray's lawyers attack the "tone" of the ACLU's brief. Indeed, it wouldn't surprise me if the tone alone makes the judge reject it. But, even here, Murray's lawyers' reasoning is... weird. They argue that the tone shows that the ACLU of West Virginia can't be an amicus. From the tone of its brief alone, it is obvious that the ACLU is not a "friend of the court" offering a dispassionate view of the issues. And then they claim that the ACLU is only supporting John Oliver because he once, many months ago, urged people to donate to various organizations, some of which may have helped the ACLU: Moreover, the ACLU's economic motivations for assisting Defendants and its prejudice against Plaintiffs are a matter of public record. As for its economic interests, in November of 2016, Defendant Oliver used "Last Week Tonight with John Oliver" to encourage viewers to donate to numerous left-leaning organizations, which—not surprisingly—resulted in an immediate surge of millions of dollars in donations to the ACLU, among others. See Exhibit A and Exhibit B hereto. Another subsidiary of Defendant Time Warner furthered the effort to add to the ACLU's coffers by reporting on Oliver's call for donations the next day. See Exhibit C hereto. Consequently, the ACLU's statement in the Motion that "no party, party's counsel, or other person…contributed money intended to fund preparing or submitting the brief" lacks appropriate and complete disclosure. Oh come on. The idea that the ACLU is weighing in because John Oliver and other Time Warner properties once encouraged donation is ludicrous. If I had to guess, I'd say that the court will simply reject the amicus brief as being unnecessary and unwanted at this stage, but the arguments from Murray's lawyers continue to make me wonder where he found these guys. Permalink | Comments | Email This Story

Read More...
posted 9 days ago on techdirt
So we've noted for a while how despite all the hype surrounding next-gen wireless and gigabit fiber builds like Google Fiber, vast swaths of this country are actually facing less broadband competition than ever before. That's in large part thanks to the nation's phone companies, which have effectively given up on upgrading their lagging DSL networks at any real scale. One net result is millions of customers paying an arm and a leg for sub 6 Mbps DSL service that doesn't even technically meet the FCC's new standard 25 Mbps definition of broadband. And it's not changing anytime soon. Verizon has all but frozen next-gen upgrades as it shifts its focus to gobbling up failed 90s internet brands to help it sling video advertisements at Millennials (poorly, we might add). But smaller telcos like Frontier, CenturyLink and Windstream have similarly been losing broadband customers hand over foot as they flee to faster cable competitors. Even Wall Street, which has historically and myopically disliked putting any money back into broadband networks, has started to take notice, resulting in the nation's telco stocks taking a precipitous dive in recent months: "Shares in the wireline ILEC/RLEC space (CenturyLink, Frontier, Windstream) have endured the worst three consecutive quarters in industry history, with shares plummeting an average of -20% in 4Q16, -21% in 1Q17, and -24% in 2Q17 (we note another -5% in 3Q17 thus far), mostly from Frontier and Windstream as CenturyLink shares are being supported by the Level 3 acquisition,” Cowen said in a research note." It has gotten to the point where some Wall Street analysts have even gone so far as to *gasp* recommend that some of these companies actually upgrade their networks if they want to remain relevant. Ironic, since it was Wall Street's relentless focus on short-term gains and avoiding these necessary network upgrades that help put these companies in this position to begin with: "Jennifer Fritzsche, senior analyst for telecommunications services at Wells Fargo, doesn't think Frontier can actually right said ship without offering consumers a better broadband product. "It is hard to fix a problem just by cutting costs when your competition (cable) is only pressing its foot heavier on the capex and fiber pedal," Fritzsche said. But instead of upgrading the networks they already have, many telcos are trying to please Wall Street by focusing on growth for growth's sake. Frontier recently gobbled up Verizon's unwanted DSL customers in California, Texas and Florida in the belief that bigger automatically means better. But Frontier not only saddled itself with massive additional debt and outdated copper landlines Verizon had neglected for years, but it bungled the acquisition so badly it actually forced many of these subscribers to flee to cable even faster. Focusing on growth for growth's sake now has Frontier teetering on the verge of bankruptcy. But the more problematic impact of all this is that across countless markets, consumers looking for current-generation broadband often only have one option: cable providers. These cable providers are on the cusp of enjoying a greater broadband monopoly than ever before, resulting in less incentive than ever to shore up their historically awful customer service, and only encouraging their slow but steady deployment of arbitrary and unnecessary usage caps. Combine that with the Trump administration's intense focus on eliminating all consumer protections in the telecom space, and it shouldn't take a tea leaf reader to see how this could potentially end very badly for consumers and competitors alike. Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
You will recall that we were just discussing a proposed law in Wisconsin that sought to do a number of things on college campuses, including limit the ability to protest and shout down controversial speakers, as well as mandating quite insanely that school administrations must "remain neutral" on the "controversial" topics of the day. It's a source of frustration for me that it's not immediately clear how bad an idea this is for any number of reasons. My two chief complaints about the law, built upon a legislative proposal from the Goldwater Institute, are how broad a range of topics this could conceivably cover and how it quite plainly seeks to favor one form of speech over another. Put simply, giving state governments oversight about which topics a university administration is allowed to opine while also mandating punishments for students who protest to shout down speakers is about as anti-free speech as it gets, even as the proponents of the legislation attempt to shroud themselves in that most sacred of American ideals. Well, North Carolina also had a similar bill under consideration, and indeed the state went ahead and passed its Restore Campus Free Speech Act. When you travel to that National Review link and/or read the pull quotes below, keep in mind that these are the words of a supporter of the bill and someone, Stanley Kurtz, who worked on the original Goldwater proposal. The North Carolina Restore Campus Free Speech Act achieves most of what the Goldwater proposal sets out to do. It ensures that University of North Carolina policy will strongly affirm the importance of free expression. It prevents administrators from disinviting speakers whom members of the campus community wish to hear from. It establishes a system of disciplinary sanctions for students and anyone else who interferes with the free-speech rights of others, and ensures that students will be informed of those sanctions at freshman orientation. It reaffirms the principle that universities, at the official institutional level, ought to remain neutral on issues of public controversy to encourage the widest possible range of opinion and dialogue within the university itself. And it authorizes a special committee created by the Board of Regents to issue a yearly report to the public, the regents, the governor, and the legislature on the administrative handling of free-speech issues. It all sounds so reasonable until you actually think about the implications of the law. Let's address them in order. To start, requiring a university to affirm the importance of free expression is the kind of pablum born from trying to establish that there is a problem where one doesn't actually exist. Does anyone imagine that polling the nation's universities on this question would result in some schools saying, "Meh, free expression isn't that big a deal"? Come on. As for disinviting speakers that "members of the campus wish to hear from", let's talk about that. First, how many members of campus are we talking about? And how are we to gauge their interest? If some tiny college group wants to invite a controversial speaker to campus to speak, where 90% of the campus doesn't want them anywhere near the campus, the administration is simply supposed to keep its hands tied? Or are the numbers something different? All of this is unclear in the law, even as it happily neuters a school's ability to manage its own campus. Why is a state legislature a better arbiter of who belongs on campus than the school itself? Then there are the disciplinary sanctions on students that "interfere with the free-speech rights of others". This is the really silly part, because it seeks to scholastically criminalize speech in order to protect speech. The proponents of this law will want to say that this refers to students rioting, or accosting would-be invited speakers, but there are already laws on the books to prosecute those crimes. Instead, this law seeks to punish students that attempt to shut down speaking engagements via peaceful protest, which is a form of speech. The law originally required mandatory suspension from school for students who are found to have violated the law twice. The universities beat that back and had it struck, but the proponents of the bill aren't even pretending that they aren't trying to stop anything other than the speech of students, while also detailing how its newly-created committee reports will be used to simply toss out adminstrators lovers of the law don't like. Without the mandatory suspension for a second offense, the university could conceivably undermine the law through lax enforcement. Yet it’s not as simple as that. If the university refuses to discipline shout-downs in the wake of passage of this law, there will be consequences. For one thing, the annual report of the Board of Governors will either condemn the refusal to discipline, or the committee will itself be subject to public criticism. A negative report on the administrative handling of discipline would give the Board of Regents a reason to replace administrators, and legislators a reason to cut university funds. Punishing "shout-downs"? That's a pretty bald-faced acknowledgement that this bill will curb the free speech of students in favor of the free speech of invited speakers. In other words, this bill cuts in only one direction: students that are paying to attend school now have less speech rights than guests invited onto the campus. If that doesn't immediately demonstrate how flatly gross this bill is, you need to recalibrate your sensors. Look, I said this in the last post, but I'll say it again: anyone that wants to say that campuses today are not as open to outside or unpopular viewpoints as they once were or should be won't get anything other than agreement for me. I tend to think the problem is overstated in certain circles, but I do agree that campuses today are generally less open-minded than they should be. But the solution to that is to win the argument via speech, not to run crying to state legislatures to simply curb the speech of others. Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
VPNs are important... for some situations. Unfortunately, the message that many have received in hearing about the importance of VPNs is that they somehow "protect your privacy." But that's always been wrong. They just move the privacy questions somewhere else. And sometimes it's a sketchy place. A few months back we discussed this very issue with some security experts on our podcast. All VPNs do is create a secure tunnel from where you are to somewhere else. That's useful if you don't want other people sitting in the Starbucks with you to pick up your unencrypted traffic (or other people in your hotel on the hotel WiFi), but it doesn't solve anything on larger privacy questions. The always excellent SwitfOnSecurity summed it up nicely recently: VPN: So you can login to Ukrainian coffee shop WiFi from the safety of your home internet connection — SwiftOnSecurity (@SwiftOnSecurity) August 7, 2017 Basically, you're just moving the risk elsewhere, and you're trusting whoever your VPN provider is -- and they may very well be worse than whatever it is you're trying to avoid. The specific use case that's almost never recommended is using a VPN on your home network (with a few specific exceptions). You may not trust Comcast/AT&T/whatever, but they may actually be a lot more serious about protecting you than a fly-by-night VPN provider. But with so many VPN providers out there, it's not always clear how legit they are, and there certainly have been rumors and complaints about some of them. Now, the Center for Democracy and Technology (CDT) has filed an FTC complaint against one of the more well known VPN providers, Hotspot Shield VPN. You can read the short complaint yourself, but the short version is CDT says that Hotspot Shield VPN makes claims about privacy that are... not accurate, and argues that these are deceptive trade practices. Hotspot Shield makes strong claims about the privacy and security of its data collection and sharing practices. CEO David Gorodyansky has stated that “we never log or store user data.” The company’s website promises “Anonymous Browsing” and notes that Hotspot Shield keeps “no logs of your online activity or personal information.” Hotspot Shield further differentiates itself from “...disreputable providers [that] are able to offer free VPN services [ ] because they make their money tracking and selling their users’ activities” by claiming that “Hotspot Shield neither tracks nor sells customers’ information.” Take a wild guess what's coming next... While connection logs can be designed to be minimally privacy-invasive, Hotspot Shield engages in logging practices around user connection data, beyond troubleshooting technical issues. The service uses this information to “identify [a user’s] general location, improve the Service, or optimize advertisements displayed through the Service.” IP addresses, unique device identifiers, and other “application information” are regularly collected by Hotspot Shield. And then this: While insisting that it does not make money from selling customer data, Hotspot Shield promises to connect advertisers to unique users that are frequent visitors of travel, retail, business, and finance websites. Moreover, these entities have access to IP addresses and device identifiers collected via Hotspot Shield. Even if Hotspot Shield only provides “hashed” or “proxy” IP addresses to these partners, third parties can also link information about web-viewing habits while using the Hotspot Shield by cross-referencing cookies, identifiers, or other information. And more: Contrary to Hotspot Shield’s claims, the VPN has been found to be actively injecting JavaScript codes using iframes for advertising and tracking purposes. An iframe, or “inline frame,” is an HTML tag that can be used to embed content from another site or service onto a webpage; iframes are frequently used to insert advertising, but can also be used to inject other malicious or unwanted code onto a webpage. Further analysis of Hotspot Shield’s reverse-engineered source code revealed that the VPN uses more than five different third-party tracking libraries, contradicting statements that Hotspot Shield ensures anonymous and private web browsing. But, wait, there's more... Additional research has revealed that Hotspot Shield further redirects e-commerce traffic to partnering domains. For example, when a user connects through the VPN to access specific commercial web domains, including major online retailers like and , the application can intercept and redirect HTTP requests to partner websites that include online advertising companies. And just one more thing... Consumers have reported instances of credit card fraud after purchasing the “Elite” paid-version of Hotspot Shield VPN. One consumer reported “thousands of dollars” in credit card charges, as well as other suspicious online activity. There's even more in the complaint, but those are some highlights. CDT claims that these are deceptive trade practices. Of course, the FTC doesn't need to do anything here. Such a complaint is basically asking the FTC to investigate and do something, and the FTC doesn't always do so. But at the very least, it may wake some people up about being careful which VPNs they use. Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
The Internet effectively turns everyone into a publisher, able to promulgate their ideas in a way that was not open to most people before. That's great for the democratization of media -- and terrible for governments that want to control the flow of information to citizens. The Australian government is particularly concerned about what its 150,000 public servants might say. It has issued a "guidance" document that "sets out factors for employees to consider in making decisions about whether and what to post". Here's why: The speed and reach of online communication means that material posted online is available immediately to a wide audience. It can be difficult to delete and may be replicated endlessly. It may be sent to, or seen by, people the author never intended or expected would see it. Deciding whether to make a particular comment or post certain material online is a matter of careful judgement rather than a simple formula. This guidance sets out factors for employees to consider in making decisions about whether and what to post. That sounds reasonable enough. But it turns out that what the policy is really about is muzzling public employees, and stopping them from expressing or supporting views that disagree with government policies. As the Australian organization Digital Rights Watch summarizes: The new guidelines warn that public servants would be in breach of code of conduct if they "liked" anti-government posts, privately emailing negative material or do not remove "nasty comments" about the government posted by others. The new policies apply to employees even if they use social media in a private capacity outside of work hours. It also applies to your past employment with the Australian government -- and futures ones: it is also worth bearing in mind that comments you make about an agency you've never worked in might be made public and taken into account if you apply for a job there later. Perhaps you haven't breached the Code, but you might have ruled yourself out for that job if the comment could reasonably call into question your capacity to work there impartially. In other words, if you criticize any aspect of government policy, you'll never work in this town again. What's troubling about this move is not just that it is limiting people's freedom of speech -- something that the guidance freely admits: The common law recognises an individual right to freedom of expression. This right is subject to limitations such as those imposed by the Public Service Act. In effect, the Code of Conduct operates to limit this right. It's also that we have seen before where this kind of muzzling leads. Back in 2013, Techdirt wrote about similar rules for public servants in Canada, only rescinded last year. One of the most problematic areas was in the field of the environment, since it meant that even world-leading scientists were unable to point out publicly the evident flaws in the the Canadian government's climate policy. It looks like experts employed by the Australian government now find themselves similarly unable to be openly critical of the official line, no matter how misguided or dangerous it may be. There are also signs that a similar muzzling of scientists is starting to take place in the US. Despite unequivocal evidence of "drastic" climate change in a new, but unreleased US government report, emails obtained by the Guardian reveal the following: Staff at the US Department of Agriculture (USDA) have been told to avoid using the term climate change in their work, with the officials instructed to reference "weather extremes" instead. At least they can still like social media posts that are critical of the US government's environmental policies. For now... Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
On one hand, the increasing number of independent streaming services is certainly a good thing. This increase in competition is finally starting to apply pressure on incumbent cable TV providers to offer greater programming flexibility and to compete on price, even though many cable and broadcast execs falsely believe they can ignore the threat and do the exact opposite. But as everybody and their mother jumps into the streaming game, we're facing a new threat: the rise of fractured exclusivity silos that make consumers hunt and peck to obtain their favorite programs. Case in point: if you're a fan of a particular program in the modern streaming video age, you first need to check to see if that program or film is available on any of the half-dozen services you may subscribe to, be it Hulu, Netflix, Amazon, CBS All Access, YouTube TV, or any of a myriad of other options. That in and of itself can prove fatiguing on your patience -- and wallet if you're trying to save money over traditional cable. You've then got to see if that content is still actually available, since content licensing results in titles being added and removed in what are often illogical availability windows, adding another layer of confusion. Now, things are poised to become even more complicated in that regard. Wanting to cut out the middleman, many broadcasters (like CBS, FX or AMC) are busy pursuing their own streaming services, pulling their content from existing available services and forcing users to sign up for yet another monthly subscription. For example, if you want to watch CBS's upcoming new Star Trek: Discovery TV show, your only option will be to sign up for CBS's $7 per month All Access service. Don't want or can't afford another service? Your option is to either go without -- or to pirate the program. Guess which option many choose? A more recent case in point: Disney announced this week that the company would be pulling its content from Netflix in order to launch its own streaming video service: CEO Bob Iger told CNBC's Julia Boorstin Disney had a "good relationship" with Netflix, but decided to exercise an option to move its content off the platform. Movies to be removed include Disney as well as Pixar's titles, according to Iger. Netflix said Disney movies will be available through the end of 2018 on its platform. Marvel TV shows will remain. The new platform will be the home for all Disney movies going forward, starting with the 2019 theatrical slate which includes "Toy Story 4," "Frozen 2," and the upcoming live-action "The Lion King." It will also be making a "significant investment" in exclusive movies and television series for the new platform. On one hand, if you really like Disney content, this may not be a horrible thing for you. On the other hand, if you're only interested in a few Disney titles but already feel you pay for too many streaming services, you could find yourself annoyed. Users are, it goes without saying, cutting the TV cord because they're tired of the poor value proposition traditional cable TV represents. It's not entirely clear you can call it real pricing evolution if you replace one bloated, giant cable bill with an ocean of smaller charges that ultimately cost you the same if not more than your old cable TV subscription. And while it's not entirely clear how many monthly fees and subscriptions users are willing to tolerate, it is abundantly clear that broadcasters and cable companies intend to push their luck and figure out the answer. Not many seem to realize that should they push too hard and cordon off content into an ocean of annoying exclusivity silos, the end result will drive users back to the simplicity of piracy. And that's a particular shame given all the work it took to wean consumers off of file trading services like BitTorrent and on to "legitimate" monthly streaming subscriptions in the first place. There's a fine line here as we shift from traditional cable to over the top streaming, and it's precisely the kind of line the traditional cable and broadcast industry loves to trip face-first over. Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
Time and time again, we see that everyone who doesn't work in the field of trust and safety for an internet platform seems to think that it's somehow "easy" to filter out "bad" content and leave up "good" content. It's not. This doesn't mean that platforms shouldn't try to deal with the issue. They have perfectly good business reasons to want to limit people using their systems to abuse and harass and threaten other users. But when you demand that they be legally responsible -- as Germany (and then Russia) recently did -- bad things happen, and quite frequently those bad things happen to the victims of abuse or harassment or threats. We just wrote about Twitter's big failure in suspending Popehat's account temporarily, after he posted a screenshot of a threat he'd received from a lawyer who's been acting like an internet tough guy for a few years now. In that case, the person who reviewed the tweet keyed in on the fact that Ken White had failed to redact the contact information from the guy threatening him -- which at the very least raises the question of whether or not Twitter considers threats of destroying someone's life to be less of an issue than revealing that guy's contact information, which was already publicly available via a variety of sources. But, it's important to note that this is not an isolated case. In just the past few days, we've seen two other major examples of social media platforms banning or punishing the victims of harassment and abuse for posting about it, rather than the perpetrators. The first is the story of Francie Latour, as told in a recent Washington Post article, where she explains how she went on Facebook to vent about a man in a Boston grocery store loudly using the n-word to describe her and her two children, and Facebook's response was to ban her from Facebook. But within 20 minutes, Facebook deleted her post, sending Latour a cursory message that her content had violated company standards. Only two friends had gotten the chance to voice their disbelief and outrage. The second story comes from Ijeoma Oluo, who posted to Medium about a strikingly similar situation. In this case, she made what seems to me to be a perfectly innocuous joke about feeling nervous for her safety as a black woman in a place with many white people. But a bunch of rabid angry people online got mad at her about it and start sending all sorts of abusive tweets and hateful messages to her on Facebook. She actually says that Twitter was pretty good at responding to reports of abusive content. But, as in the Latour story, Facebook responded by banning Oluo for talking about the harassment she was receiving. And finally, facebook decided to take action. What did they do? Did they suspend any of the people who threatened me? No. Did they take down Twitchy’s post that was sending hundreds of hate-filled commenters my way? No. They suspended me for three days for posting screenshots of the abuse they have refused to do anything about. That, of course, is a ridiculous response by Facebook. And Oluo is right to call them out on it, just as Latour and White were right to point out the absurdity of their situations. But, unfortunately, the response of many people to this kind of thing is just "do better Facebook" or "do better Twitter." Or, in some cases, they even go so far as to argue that these companies should be legally mandated to take down some of the content. But this will backfire for the exact same reason that these ridiculous situations happened in the first place. When you run a platform and you need to make thousands or hundreds of thousands or millions of these kinds of decisions a day, you're going to make mistakes. And that's not because they're "bad" at this, it's just the nature of the beast. With that many decisions -- many of which involve people demanding immediate action -- there's no easy way to have someone drop in and figure out all of the context in the short period of time they have to make a decision. On top of that, because this has to be done at scale, you can't have a team that is all skilled in understanding context and nuance and culture. Nor can you have people who can spend the necessary time to dig deeper to figure out and understand the context. Instead, you end up with a ruleset. And it has to be standardized so that non-experts are able to make judgments on this stuff in a relatively quick timeframe. That's why about a month ago, there was a kerfuffle when Facebook's "hate speech rule book" was leaked, and it showed how it could lead to situations where "white men" were going to be protected. And when you throw into this equation the potential of legal liability, a la Germany (and what a large group of people are pushing for in the US), things will get much, much worse. That's because when there's legal liability on the line, companies will be much faster to delete/suspend/ban, just to avoid the liability. And many people calling for such things will be impacted themselves. None of the people in the stories above could have reasonably expected to get banned by these platforms. But, when people demand that platforms "take responsibility" that's what's going to happen. Again, this is not in any way to suggest that online platforms should be a free for all. That would be ridiculous and counterproductive. It would lead to everything being overrun by spam, in addition abusive/harassing behavior. Instead, I think the real answer is that we need to stop putting the burden on platforms to make all the decisions, but figure out alternative ways. I've suggested in the past, that one possible solution is turning the tools around. Give end users much more granular control about how they can ban or block or silence content they don't want to see, rather than leaving it up to a crew of people who have to make snap decisions on who's at fault when people get angry online. Of course, there are problems with my suggestion as well -- it could certainly accelerate the issues of self-contained bubbles of thought. And it could also result in plenty of incorrect blocking as well. But the larger point is that this isn't easy, and every single magic bullet solution has serious consequences, and often those consequences fall on the people who are facing the most abuse and harassment, rather than on those doing the abuse and harassment. So, yes, platforms need to do better. The three stories above are all ridiculous, and ended up harming people who were highlighting harassing behavior. But continuing to rely on platforms and teams of people to weed out content someone deems "bad" is not a workable solution, and it's one that will only lead to more of these kinds of stories. And, worst of all, the abusers and harassers know and thrive on this. The guy who got Ken White's account banned gloated about it on Twitter. I'm sure the same was true of the folks who went after Oluo and likely "reported" her to Facebook. Any time you rely on the platform to be the arbiter, remember that he people who want to harass others quickly learn that they can use that as a tool for further harassment themselves. Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
MondoHub Master USB Hub is the one hub to rule them all, adding 28 USB ports to any PC or Mac. It features four SuperSpeed USB 3.0 ports for lightning fast data transfer or charging. Your devices are protected with automatic overcurrent protection and you can switch any port on or off depending on what you need to use. The MondoHub is on sale for $55 in the Deals Store. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team. Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
So one of AT&T, Comcast and Verizon's favorite bogus claims about net neutrality rules is that such consumer protections will somehow prevent the sick or disabled from getting the essential internet connectivity they need. For example, Verizon once tried to claim that the deaf and disabled would be harmed if large ISPs weren't allowed to create fast or slow lanes, or prioritize emergency traffic over say -- Netflix streams. Comcast recently tried to argue something similar, again implying that the hearing-impaired could be harmed unless ISPs are allowed to prioritize or deprioritize select classes of traffic. But this claim that net neutrality rules somehow prevent ISPs from prioritizing essential medical technologies or other priority traffic has always been bullshit. The FCC's 2015 open internet rules (pdf) are embedded with numerous, significant caveats when it comes to creating fast and slow lanes, and only really single out the creation of fast or slow lanes when it comes to hindering competitors. In fact, the existing rules go to great lengths to differentiate "Broadband Internet Access Service (BIAS),” (your e-mail, Netflix streams and other more ordinary traffic) from “Non-BIAS data services,” which can include everything from priority VoIP traffic to your heart monitor and other Telemedicine systems. The fact that this talking point is complete and utter bullshit (much like the one about how net neutrality kills network investment) doesn't stop it from being circulated repeatedly by the army of politicians, think tankers, consultants, fauxcademics, and lobbyists paid to pee in the net neutrality discourse pool. One of the core perpetrators of this myth is AT&T, which just scored a massive, lucrative $6.5 billion contract to build the nation's first, unified emergency first responder network: aka FirstNet. Speaking about the project at a recent investor event this week, AT&T's John Stephens once again trotted out this bogeyman for proud display, implying that net neutrality rules would somehow threaten first responder network traffic: "During an appearance this morning at an investor event, AT&T’s CFO pointed out that FirstNet’s pre-emption requirements for public safety users present “a challenge with the net neutrality process because you are giving prioritized service to police, firefighters.” “But quite frankly I think everyone would agree that that’s probably a good thing,” explained John Stephens, AT&T’s SVP and CFO. “It’s just one of the uniquenesses of some of the other arguments that we have to deal with.” Of course if you didn't know the net neutrality rules were carefully crafted to exempt precisely this sort of traffic from them, you might become outraged, which was Stephens' intent. The executive proceeded to double down on his falsehood: "We have the ability today to give [FirstNet public-safety users] preferential treatment. What we’ll have by the end of the year is what we call ‘relentless pre-emption,’ such that if there’s capacity for 10 calls and 10 calls are being used, and a firefighter gets on, one of the 10 people gets booted off and the firefighter gets in,” he said. “Quite frankly, I don’t think they thought about it [when crafting net neutrality guidelines]. The FirstNet process has been around since 9/11. It came out of the 9/11 events, and so that had been out there for a long time, and so I don’t even think it was even considered.” Right, "not even considered." Except for the fact that it was painstakingly considered, and AT&T knows it. It's a little grotesque to use the specter of 9/11 to attack popular net neutrality protections, but that's well in line with AT&T's behavior on this subject (including its recent use of the net neutrality protests to con its own customers into opposing net neutrality. In reality AT&T isn't worried about net neutrality rules harming medical services, since they've long-been exempted. AT&T's worried about one thing: any rules stopping it from abusing a lack of broadband competition to drive up prices and engage in anti-competitive behavior. Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
So one of AT&T, Comcast and Verizon's favorite bogus claims about net neutrality rules is that such consumer protections will somehow prevent the sick or disabled from getting the essential internet connectivity they need. For example, Verizon once tried to claim that the deaf and disabled would be harmed if large ISPs weren't allowed to create fast or slow lanes, or prioritize emergency traffic over say -- Netflix streams. Comcast recently tried to argue something similar, again implying that the hearing-impaired could be harmed unless ISPs are allowed to prioritize or deprioritize select classes of traffic. But this claim that net neutrality rules somehow prevent ISPs from prioritizing essential medical technologies or other priority traffic has always been bullshit. The FCC's 2015 open internet rules (pdf) are embedded with numerous, significant caveats when it comes to creating fast and slow lanes, and only really single out the creation of fast or slow lanes when it comes to hindering competitors. In fact, the existing rules go to great lengths to differentiate "Broadband Internet Access Service (BIAS),” (your e-mail, Netflix streams and other more ordinary traffic) from “Non-BIAS data services,” which can include everything from priority VoIP traffic to your heart monitor and other Telemedicine systems. The fact that this talking point is complete and utter bullshit (much like the one about how net neutrality kills network investment) doesn't stop it from being circulated repeatedly by the army of politicians, think tankers, consultants, fauxcademics, and lobbyists paid to pee in the net neutrality discourse pool. One of the core perpetrators of this myth is AT&T, which just scored a massive, lucrative $6.5 billion contract to build the nation's first, unified emergency first responder network: aka FirstNet. Speaking about the project at a recent investor event this week, AT&T's John Stephens once again trotted out this bogeyman for proud display, implying that net neutrality rules would somehow threaten first responder network traffic: "During an appearance this morning at an investor event, AT&T’s CFO pointed out that FirstNet’s pre-emption requirements for public safety users present “a challenge with the net neutrality process because you are giving prioritized service to police, firefighters.” “But quite frankly I think everyone would agree that that’s probably a good thing,” explained John Stephens, AT&T’s SVP and CFO. “It’s just one of the uniquenesses of some of the other arguments that we have to deal with.” Of course if you didn't know the net neutrality rules were carefully crafted to exempt precisely this sort of traffic from them, you might become outraged, which was Stephens' intent. The executive proceeded to double down on his falsehood: "We have the ability today to give [FirstNet public-safety users] preferential treatment. What we’ll have by the end of the year is what we call ‘relentless pre-emption,’ such that if there’s capacity for 10 calls and 10 calls are being used, and a firefighter gets on, one of the 10 people gets booted off and the firefighter gets in,” he said. “Quite frankly, I don’t think they thought about it [when crafting net neutrality guidelines]. The FirstNet process has been around since 9/11. It came out of the 9/11 events, and so that had been out there for a long time, and so I don’t even think it was even considered.” Right, "not even considered." Except for the fact that it was painstakingly considered, and AT&T knows it. It's a little grotesque to use the specter of 9/11 to attack popular net neutrality protections, but that's well in line with AT&T's behavior on this subject (including its recent use of the net neutrality protests to con its own customers into opposing net neutrality. In reality AT&T isn't worried about net neutrality rules harming medical services, since they've long-been exempted. AT&T's worried about one thing: any rules stopping it from abusing a lack of broadband competition to drive up prices and engage in anti-competitive behavior. Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
As you are likely aware, we are currently facing a First Amendment fight for our life. I've spoken about the chilling effects the lawsuit has been having on our reporting -- but also have noted that we are trying to be inspired by this situation to focus more of our reporting efforts on attacks on free speech online, and to tell the stories of those who they're impacting most. As you may recall, we have already launched the crowdfunding site ISupportJournalism.com to support our ability to continue reporting on these issues, and I'm happy to announce today that we've further partnered with the Freedom of the Press Foundation and a group of other companies and organizations to fund more free speech reporting, which will now be included under a new "free speech" tab on the site. Attacks on free speech have been growing, not shrinking, and we need to shine much more light on these attacks, and we're thrilled to be able to do as much as we can. Our official announcement of the program is here: For nearly two decades, Techdirt has reported extensively on issues related to free speech on the internet. Much of this coverage has been about laws that help to protect free speech, such as anti-SLAPP laws, intermediary liability protections, and fair use, among others. Over time, we’ve seen countless attempts to silence speech and undermine important protections for free speech, even as new technologies and services have risen up to provide more arenas for free speech to thrive. These attacks on free speech — including lawsuits, threats, bullying, and legislative proposals — raise serious concerns about protecting free speech online. In January of this year, the company behind Techdirt, and two of its employees, were sued for $15 million in a lawsuit that seems specifically designed to either shut down the company or to silence reporting on matters of public interest. The lawsuit, along with our reporting on many similar stories, motivated the Techdirt team to double down on our coverage of issues related to free speech on the internet, and the ways that it is being attacked. Going through the process ourselves has given us an even deeper appreciation for the First Amendment and the legal protections provided in states with strong anti-SLAPP laws. Similarly, we are more aware than ever before of the myriad ways in which free speech is under attack — not just directly, but indirectly as well, such as via threats against third parties and platforms to stifle speech. It has also given us greater recognition that many people — even journalists, lawyers and politicians — may not fully understand these issues, what legal protections there are, where those protections are under attack, and where they could be strengthened. Many are also not aware of the massive cost attacks on free speech have, and just how many people they are impacting. This has inspired us to work with the Freedom of the Press Foundation to put this project together, which will enable us to focus even more reporting resources on covering threats to free speech in the US and around the globe, and to tell the stories of the chilling effects created when free speech is attacked. We are thankful that a number of prominent organizations and foundations have also stepped up to sponsor this effort, including Automattic, the Charles Koch Foundation, Craig Newmark's CraigConnects and Union Square Ventures*. Between all supporting organizations, more than $250,000 has been committed so far to further reporting on free speech. We hope you’ll look forward to much more reporting on issues related to free speech online. * Techdirt maintains full editorial control over all content. Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
It must be repeated over and over: people who discover security flaws and report them are not the enemy. And yet, company after company after company treat security researchers and concerned users like criminals, threatening them with lawsuits and arrests rather than thanking them for bringing the issue to their attention. Kids Pass -- a UK company providing discounts for families attending restaurants, theaters, and amusement parks -- had a problem. Any user could access any other user's personal information just by altering numbers linked to user IDs in the URL. A concerned user told security researcher Troy Hunt about the flaw. (via Boing Boing) [J]ust this weekend I had a Twitter follower reach out via DM looking for advice on how to proceed with a risk he'd discovered when signing up to Kids Pass in the UK, a service designed to give families discounts in various locations across the country. What he'd found was the simplest of issues and one which is very well known - insecure direct object references. In fact, that link shows it's number 4 in the top 10 web application security risks and it's so high because it's easy to detect and easy to exploit. How easy? Well, can you count? Good, you can hack! Because that's all it amounted to, simply changing a short number in the URL. Here's the example the user passed on to Hunt: Hunt told the user to stop doing anything -- including accessing other users' information -- and immediately inform the company. The user did as instructed, contacting the company via Twitter direct message. Shortly thereafter, the user informed Hunt Kids Pass had blocked him on Twitter. Hunt then made an attempt to speak to someone at Kids Pass… only to find out he had been blocked as well, most likely for having the gall to retweet the concerned user's message about the security flaw. The responsible, ethical approach -- notifying a company of a security flaw as soon as possible -- was being treated like some sort of trollish attack on Kids Pass' Twitter account. From all appearances, the company simply wanted everyone to shut up about the flaw, rather than address the concerns raised by userw. It was only after Hunt asked his followers to contact the company on his behalf that Kids Pass finally unblocked him and told everyone the "IT department was looking at it." The belated reaction doesn't make up for the initial reaction. And Kids Pass has shown it has little interest in addressing security flaws until the problem becomes too public to ignore. Hunt points to a blog post by another security researcher who informed Kids Pass last December about its insecure system -- including the fact it sent forgotten passwords in plaintext via email to users. He heard nothing back, finally publishing his discoveries in July. If you want people to be good web citizens and report breaches and flaws, you can't treat them like irritants or criminals when they do. Securing users' personal info is extremely important, but some companies seem to feel they should be able to handle it however they want and mute/sue/arrest those who point out how badly-flawed their systems are. Permalink | Comments | Email This Story

Read More...