posted 9 days ago on techdirt
"You can't compete with free!" is the mantra of a number of copyright maximalists -- and no matter how many times we show them examples of people successfully competing with free, it's still taken as inviolable law by some. Yet, here we are with yet another example of it happening anyway. As you know, last week the Senate Intelligence Committee finally released its CIA torture report (or, rather, the redacted version of the executive summary of the full report). It is a gripping read, and you can read the whole thing here (or embedded below). We can post it here for a variety of reasons, including the fact that the document is in the public domain, as a work of the federal government. A little over ten years ago, we noted that the famed 9/11 Commission Report, despite also being in the public domain, had become a best seller in its printed version -- even though it, too, was in the public domain. It appears something similar is happening with the CIA torture report. There is a Kindle version that costs $2.99, and despite the report being available as a PDF (which can be viewed on Kindle), the fee-based version of the torture report is the number one seller in the "intelligence & espionage" section (beating out James Risen's recent book Pay Any Price). And this is happening despite the fact that people on Amazon are warning people not to buy the fee-based Kindle version, posting comments to tell them it's just a PDF that's available for free. Yet, it appears that the convenience factor has made it worthwhile to an awful lot of people, who are willing to pay the money rather than figure out how to get the PDF onto their kindle. As we've pointed out for years, things like convenience and ease-of-use are real selling points -- and it's why things like Netflix and Spotify have been shown to decrease infringement -- because it's worth paying a little extra for a better-to-use system. Meanwhile, physical copies of the CIA torture report are being rushed out with at least one publisher, Melville House, saying it will be out by the end of the year -- though, I'd imagine others will follow suit. In Michele Boldrin and David Levine's book, Against Intellectual Monopoly, they have a fascinating discussion on how publisher W.W. Norton made out wonderfully in being the first to publish a hard copy of the 9/11 Commission Report, despite not having to pay any copyright royalties: The 81-year-old publisher struck an unusual publishing deal with the 9/11 commission back in May: Norton agreed to issue the paperback version of the report on the day of its public release.…Norton did not pay for the publishing rights, but had to foot the bill for a rush printing and shipping job; the commission did not hand over the manuscript until the last possible moment, in order to prevent leaks. The company will not reveal how much this cost, or when precisely it obtained the report. But expedited printings always cost extra, making it that much more difficult for Norton to realize a profit. In addition, the commission and Norton agreed in May on the 568-page tome's rather low cover price of $10, making it that much harder for the publisher to recoup its costs. (Amazon.com is currently selling copies for $8 plus shipping, while visitors to the Government Printing Office bookstore in Washington, D.C. can purchase its version of the report for $8.50.) There is also competition from the commission's Web site, which is offering a downloadable copy of the report for free. And Norton also agreed to provide one free copy to the family of every 9/11 victim. As Boldrin and Levine point out, according to copyright system supporters, this situation couldn't possibly work out. After all, Norton is agreeing to publish a work that anyone can get for free, and which any other publisher (including the federal government) can offer for sale at a lower price. In fact, the book notes, a rival publisher, St. Martin's, teamed up with the NY Times and got a second physical copy on the market just a couple of weeks after Norton's physical copy, and priced it at $8.50. Clearly, Norton got a bad deal, right? And yet, Norton sold 1.1 million copies of the book, and donated $600,000 in "profits" from the book to charity. But, you know, you can't compete with free (and public domain).Permalink | Comments | Email This Story

Read More...
posted 9 days ago on techdirt
One of the more dubious Comcast practices brought up by opponents of Comcast's planned $45 billion acquisition of Time Warner Cable is the cable giant's sluggish refusal to support certain internet video services and platforms running over its broadband network. Case in point is the HBO Go app on Roku, which Comcast hasn't supported since around 2011 or so for no coherent reason. To get the app to work, it needs to simply authenticate with the cable provider to prove you are a cable subscriber (since, at least until next year, there's no HBO Go standalone option). Much smaller cable companies haven't had a problem in getting this to work, but Comcast, with its limited resources, somehow just can't seem to spend the time. Roku's neutrality filing with the FCC expressed concern that cable authentication systems could be used as yet another way gatekeepers could extract tolls from streaming services. As we noted when Comcast similarly refused to support HBO Go on the Playstation 3, the company -- when it can be bothered to comment on the issue at all -- usually trots out the excuse that getting this stuff to work is well, gosh -- time consuming:"With every new website, device or player we authenticate, we need to work through technical integration and customer service which takes time and resources. Moving forward, we will continue to prioritize as we partner with various players."It certainly does appear to be a case of priorities. With Comcast looking to eliminate any and all justifications to reject its merger, the company this week announced its network would finally support HBO Go on Roku -- some three years later. It couldn't possibly be that Comcast intentionally stalled on supporting HBO Go on the country's best-selling third-party streaming device because it wants to keep customers contained within the Comcast set top ecosystem and away from other options, could it? Of course while Comcast will now support Roku, that doesn't mean the same problem isn't going to keep coming up with other devices. This week, Amazon announced that their Fire TV set tops will now support HBO Go. Except when users go to activate their device, they'll find that Comcast's broadband network isn't supported. Once again, Comcast isn't explaining why it's having such a hard time getting such a simple authentication system to work -- when few if any cable providers seem to have this problem. Amazon, meanwhile, is directing annoyed users to Comcast. It's a good example of how gatekeepers can engage in anti-competitive behavior under the auspices of technical complications, even with net neutrality rules in place (though I don't think this is technically a neutrality violation). Like the wireless industry's blocking of Google Wallet for ambiguous security reasons (as their own competing platform was taking off), and AT&T's blocking of Facetime for "network congestion" issues (AT&T was really just trying to force people off of unlimited plans), all it apparently takes for incumbent ISPs to stall services they're afraid of is a one-two punch of silence and ambiguity.Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
Techdirt writes plenty about the dangers of surveillance, and how big data is not the solution to everything, despite what PR companies would have us believe. Putting the two together is usually a recipe for very bad things, but not always. Global Fishing Watch, a new project involving Google, the environmental mapping group SkyTruth, and the conservation organization Oceana, shows how they can be used responsibly to tackle serious global problems that were hitherto intractable: Global Fishing Watch is the product of a technology partnership between SkyTruth, Oceana, and Google that is designed to show all of the trackable fishing activity in the ocean. This interactive web tool -- currently in prototype stage -- is being built to enable anyone to visualize the global fishing fleet in space and time. Global Fishing Watch will reveal the intensity of fishing effort around the world, one of the stressors contributing to the precipitous decline of our fisheries. The system works by analyzing data from the Automatic Identification System (AIS) network, which broadcasts a ship's location. Although AIS was primarily designed as a safety mechanism to avoid collisions at sea, information about the vessel's behavior can be derived by analyzing AIS data for the identity, speed and direction of broadcasting vessels. Global Fishing Watch uses that analysis to remove all the cargo ships and other non-fishing vessel activity. A lot of data is involved: Global Fishing Watch started with 3.7 billion data points, more than a terabyte of data from two years of satellite collection, covering the movements of 111,374 vessels during 2012 and 2013. We ran a behavioral classification model that we developed across this data set to identify when and where fishing behavior occurred. The prototype visualization contains 300 million AIS data points covering over 25,000 unique vessels. For the initial fishing activity map, the data is limited to 35 million detections from 3,125 vessels that we were able to independently verify were fishing vessels. Global Fishing Watch then displays fishing effort in terms of the number of hours each vessel spent engaged in fishing behavior, and puts it all on a map that anyone with a web browser will be able to explore. That openness is a crucial aspect of the project: Global Fishing Watch will be available to the public, enabling anyone with an internet connection to monitor when and where commercial fishing is happening around the globe. Citizens can use the tool to see for themselves whether their fisheries are being effectively managed. Seafood suppliers can keep tabs on the boats they buy fish from. Media and the public can act as watchdogs to improve the sustainable management of global fisheries. Fisherman can show that they are obeying the law and doing their part. Researchers will have access to a multi-year record of all trackable fishing activity. That's pretty much a win for everyone. Nations gain better control over their territorial waters and the resources they contain. It will be easier for food suppliers, journalists and the public to track which ships are fishing legally and sustainably. That will make it easier to identify and penalize those that aren't -- and reward those that do. Better control of illegal fishing should mean that quotas are adhered to, allowing fishing to stocks to recover. Detailed record-keeping will improve the science behind those quotas, making them more realistic and thus sustainable in the long term. In other words, Global Fishing Watch is an example of surveillance and big data analysis that even fish can love. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
I've made this clear in the past, but I'm a huge fan of Major League Baseball's Advanced Media wing and a good deal of the work they do in providing clips and streaming on the internet and mobile devices. One aspect I hadn't been aware of, however, was a method for watching games very quickly by stripping out the downtime, commercials and the commentary. As I understand it, it's all the game content and nothing else, and it can make it possible to watch a full game in fifteen minutes. And if this sounds like something baseball broadcasts have obviously needed, a company called Baseball Quick fully agrees with you. That's why it also developed a system for likewise condensing baseball games. Then, because this is America, Baseball Quick and MLB spent the last three years going after each other in court for the two competing products that do the exact same thing. And, amazingly, despite the existence of patents in the works, the judge in the case has rightly outlined why there isn't any infringement. U.S. District Judge Katherine Forrest noted that each company's algorithm offers a different pitch, in a 23-page opinion issued Thursday. MLB "uses a subjective editing process focused on copying and pasting material, whereas BQ's is objective and focused on deleting material," the opinion states. She granted MLB's motion for a judgment declaring that its technology does not infringe its competitor's patent. While it's not quite the idea/expression dichotomy one finds in copyright cases, it's nevertheless nice to see a court rule on the actual method ("art") rather than the outcome. Too often the focus is on the latter, which feeds into an ownership culture that appears to think that having an idea that is of use is the same as developing a patentable method for arriving at said use. In this case, the method for achieving shorter baseball broadcasts was different in a significant enough way that there's no infringement. In the meantime, MLB is trying to get Baseball Quick's patent declared invalid under the idea that the method described is obvious. The move is likely MLB being vindictive, but that doesn't mean they aren't right. Shortening a broadcast of a baseball game by deleting all the parts that aren't the game does sound obvious, though the method for getting there may not be. Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
Advertising is a tricky business. Content producers can be as thoughtful and careful as they think they can be, and they can still make mistakes, really, really bad mistakes sometimes. Audiences everywhere are ready to jump on an ad that wastes their precious time or misleads them or offends some sensibility. But it's not always (ever?) easy to make content that is both compelling and also good for selling widgets (or promoting a message). Check out a few of these links on advertising campaigns gone a bit wrong. Best Buy wrote a playful tweet about having everything you need in its stores -- except a payphone, referring to the Serial podcast about a murder case and an unaccounted for payphone near a Best Buy store that might have exonerated a teen accused of murder. Best Buy apologized for making light of the topic since there was a backlash from people who thought it was inappropriate to joke about such a serious subject. [url] Greenpeace wanted to promote renewable energy with a huge banner, and unfortunately, it placed its message on the site of the Nazca Lines -- a 1,500-year-old ancient monument in Peru. Greenpeace will likely be charged criminally for defacing a heritage site with a tone-deaf advertisement that ignored the local population completely. [url] Sesame Street also tweeted a mildly humorous joke about Serial. However, the children's TV show didn't provoke much backlash for making a pun related to a murder case. Not-for-profit muppets aren't apparently held to the same standards as retailers, but then again, Bert didn't actually refer to anything specific in the murder case. [url] If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
Background Garcia v. Google. If it weren't for the Monkey Selfie, this case would have been the topic most on the lips copyright and Internet lawyers this year. The facts here, of course, are much less humorous: Garcia, an actress, was allegedly duped by a filmmaker into appearing in his eventually-titled "Innocence of Muslims" movie, which eventually turned out to be an anti-Muslim cinematic screed. A lot of people were offended, and some channeled their outrage into threats against her. Garcia sued the filmmaker for the harm she believes he caused her, but that's not the issue here. What is the issue is why this case has turned into such a mess, because what she really wants is for the movie to go away. So she also sued Google to make it go away – or at least have the court order Google to remove it from YouTube. The thing is, though, courts aren't supposed to be able to simply order content to be deleted, and for some very good reasons. We have laws (notably Section 230) that insulate intermediaries from take down orders because ordering content to be taken offline means ordering content to be censored. However, as those who have read Techdirt for any length of time know, American law seems to have a "censorship is bad except when it comes to copyrighted content" exception. Intermediaries are not insulated from demands to take down content when the person asking for its removal can claim that the reason it needs to be removed is because it violates their copyright. But even then there are some limits on the injunctive power of a court to order content to be removed, particularly at the preliminary injunction stage, which, believe it or not given everything that's followed, is only as far as her case had gotten. Generally speaking, preliminary injunctions are only issued when there is a likelihood that the party seeking the injunction will ultimately win the case, as well as a likelihood of irreparable harm to it if the court does not issue an injunction right away, before there has been a chance to evaluate the lawsuit on its merits. The district court considering Garcia's request for a preliminary injunction rejected it on both counts. It didn't appear Garcia had a valid copyright to sue Google for infringing, and even if she might have, there was no need to issue an injunction before the court had a chance to fully consider the question. And that would have been the end of it, except the Ninth Circuit, in a three-judge panel led by Judge Kozinski, decided otherwise, first finding her a copyright interest and then using it as the basis to issue a broad injunction to Google ordering the film's removal from YouTube (the injunction was later dialed back somewhat, but it still remained quite expansive). Which is what caused all this consternation, because if Judge Kozinski were right about her having a legitimate copyright claim, it would stand to change copyright law from how we understood Congress to have crafted it, as well as set the stage for even more efforts to censor online content. So Google, backed by 10 amicus briefs (including one I wrote on behalf of Techdirt and the Organization for Transformative Works) petitioned the Ninth Circuit for a "rehearing en banc," which basically asks the entire circuit to rethink this decision, given how much it would wreck if it remained valid precedent. And it worked! The Circuit agreed to reconsider the case and held a hearing on it yesterday in Pasadena. The Hearing It was not actually necessary to be at the hearing to follow along given that it was also streamed (and tweeted...). As it was, one judge out of the 11-judge panel, Judge Berzon, participated remotely. But there are always certain intangibles that can only be experienced in person, like seeing what appeared to be some representative of the defendant filmmaker distribute nicely xeroxed packets of propaganda advertising the book of the script for his "Innocence of Muslims" film to everyone in the gallery before the hearing began… As for the hearing itself, it took about an hour and essentially ended up focusing on these two questions: whether Garcia could have a copyright interest in the 5 seconds she appeared in the final film, and whether the preliminary injunction was appropriate. But the unusual procedural posture of the case caused the two questions to frequently blur together. Garcia's lawyer argued first and opened with, "Cindy Lee Garcia is an ordinary women surviving under extraordinary circumstances." She then went on to spell out some of the awful threats she had gotten, but then the judges quickly jumped in to ask how those threats bear on the preliminary injunction standard. (Note: I frequently refer to the "court" generally, rather than identify the judges specifically, although I did note some of Judge Kozinski's lines of inquiry due to his particular effect on this case earlier.) Garcia argued that because some of these threats were death threats, that supported the argument that without the injunction she was facing irreparable harm. That may be so, the court then asked, but the possibility of irreparable harm was only one factor considered by the district court. To get her injunction there had to be a threat of irreparable harm as well as a likelihood that she would win on her copyright claim against Google. How was the district court wrong when it decided she had no copyright claim to prevail on? One issue for Garcia (which the court kept coming back to in various respects) is that she had expressly disclaimed having a copyright in the final movie as a joint author. It's an argument that comes up from time to time when people who worked on larger productions try to claim partial ownership in the final product on the strength of their contributions to it. As courts, including the Ninth Circuit, have considered the question they generally have looked to the intention of the parties at the outset that all the "contributions be merged into inseparable or interdependent parts of a unitary whole." But Garcia wasn't arguing that she now owned a piece of the final "Innocence of Muslims" film; she was arguing that she owned a copyright in her performance made during the 3.5 days of filming. The court worried about the implications of her argument. What was to keep everyone who made a cameo in a Lord of the Rings battle scene from also claiming a copyright interest in their performance? Garcia's answer seemed to get at the heart of her copyright claim. In the court's example everyone knew what the deal was when they worked on the movie. They had agreed, expressly or impliedly, that their performances be captured as part of the whole. But for Garcia, she never consented to ending up in what turned out to be the "Innocence of Muslims" film. The filmmaker had duped her into agreeing to appear in one sort of movie but then used her performance in something completely different. This deception unwound the agreement to subordinate her performance into the whole and allowed her to retain her copyright in the individual contribution. The court seemed skeptical about this theory, for a number of reasons. For one, where was the work? While on the one hand it often seems like everything is copyrightable these days, its applicability is extremely technical. It requires an (a) original (b) work of (c) authorship that is (d) fixed in a tangible medium. As Google also later argued, she hadn't made out all of these elements in attesting to the copyrightability of her individual performance made over those 3.5 days. (There is also the issue that of her 3.5-days' worth of performance, only 5 seconds of it ever made it into the film.) The court also worried about what the impact of her theory would be. If her retaining a copyright in her performance hinged on the deception, then what was to stop any actor from claiming fraud or mistake and allowing them to claim copyright in their performances as well? This question was particularly relevant for Google's position, which was argued next. Could all these people then issue takedown notices to intermediaries? As Judge McKeown noted, it would put intermediaries "at risk for thousands, millions of claims made after the fact." Would all of them have to act to remove this content lest they end up like Google and find themselves on the receiving end of a lawsuit? In her rebuttal Garcia argued yes. The DMCA (or "free pass card," as she referred to it) protected intermediaries by getting them out of the dispute between the party who posted content, and the party claiming copyright in it. As long as it deleted the content as soon as it got notice, it could then let the parties fight it out. Google says taking down content is easy, she argued. We're not asking them to do something hard. As Google argued during its turn, however, the implications of Garcia's argument are chilling (particularly, as we argued in our brief, for intermediaries who are not as large or well-funded as Google and for whom taking down content may well be much harder than she described for Google). If all it takes is a claim of fraud to claim a copyright interest, Google argued, it "fragments" copyright and makes every intermediary vulnerable. They can't adjudge the merits of every copyright claim. Allowing these sorts of claims, especially if they could be predicated on but five seconds of material, would "overload the takedown system." Intermediaries would simply have to delete content in order to protect themselves, and that would lead to the censorship of myriad protectable speech. Other Arguments Google made one other main point during its argument, targeting the preliminary injunction the Ninth Circuit had issued and similarly to how the EFF had questioned it in its amicus brief. The appeals court had enjoined speech, and as such there was a question of whether that was permissible under other standards governing injunctions. Garcia argued that it was, saying that there was a difference in the standard governing whether it was a mandatory injunction, which asks someone to do something, and a prohibitory injunction, which restricts someone from doing something in the future. This was a prohibitory injunction, she argued, because all the panel had decided to do is restrict further infringement. Google argued otherwise. When it changes the status quo, it's a mandatory injunction. Here there was speech, but as a result of the injunction speech was removed. That makes it look like a mandatory injunction and thus requires a much stronger showing than Garcia could provide that it was warranted. After all, as Judge Thomas noted, "Is there anyone in the world who doesn't know your client is associated with this movie by now?" The damage has already been done, the "toothpaste out of the tube," as Google put it, and nothing to be accomplished by censoring the movie now. The court also tested Google on its argument against Garcia having a copyright, and this discussion led to the examples cited in the title, the first of which being poor Celine Dion who kept being called upon to test various theories. Why does she get a copyright in her singing performance included in Titanic, Judge Kozinski wondered, but not Laurence Olivier for his performance in a film? To which Google answered that when Celine Dion recorded her song the intention was always that the performance be a standalone work then also included in the larger one, whereas for Olivier there was never an intention that his performance ever be considered some individually copyrightable work. In her rebuttal Garcia took issue with the Celine Dion example. If she had been singing on the bow of the ship, intending for her appearance doing that to become part of the movie, it would have been one thing. But it's another if then the filmmakers, having captured her performance, then distribute the clip of it to pornographers to be put in their movies. Garcia's argument is that something similar had happened here, where a performance made in one context she had allowed got used in another that she hadn't. The question, though, is not whether the law would recognize this injury but whether copyright is the law that does. There are other laws that recognize rights that might be implicated, such as those establishing rights of publicity. Interestingly a right of publicity case led to another detour by Judge Kozinski to test the contours of Google's argument, and that raised the second example in the headline. Google had argued that there was no precedent "that a 5 second performance is a separate copyright work." Judge Kozinski countered by citing Zacchini v. Scripps-Howard Broadcasting, where 15 seconds of Zacchini's performance had been broadcast on local TV. Because Zacchini was a human cannonball, however, those 15 seconds constituted a significant part of his performance. The Supreme Court found that the rebroadcast may well have caused him an injury the law recognized. But while the Zacchini case stands for the proposition that there can be something to protect in very short performances, it doesn't stand for the proposition that they are necessarily protected by copyright. This is an important distinction, because violations of rights of publicity are governed by state law, and intermediaries are insulated from injunctions ordering the removal of content reflecting these injuries by Section 230. The Garcia v. Google case has been about forcing these sorts of injuries to be evaluated through the lens of copyright solely to avoid the bar prohibiting these injunctions, and if this sort of Section 230 end-run is allowed to work here, as Google (and many amici) argued, it will enable all sorts of censorious mischief. (Note: Judge Kozinski also spent some time exploring the impact of the Beijing AVP treaty on the case at hand, but I will leave it to others to explore the potential implications of this argument, as they are worthy of their own post).Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
John Bills Managing Commissioner Chicago Transportation Department 30 N. LaSalle Street Suite 1100 Chicago, IL 60602   (312) 744-3600 Mr. John Bills, As the Commissioner of Chicago's DOT, you are undoubtedly aware that unsafe driving kills or injures hundreds of people every year.* While not every death or injury can be prevented, there are proactive measures that can be taken to reduce this terrible toll. *[Stats tk, but probably a lot.] One of the best deterrents is a non-intrusive camera: one that acts as both a recording device and a police officer. (And a judge and jury, truth be told.) In fact, these cameras -- which can* monitor speed and red light violations -- perform 24 hours a day, 7 days a week, generating a possibly unlimited amount of revenue for your department, as well as for the city itself. They may also make your streets safer, both for commuters and pedestrians -- something that can be highlighted when pursuing funding. *[The spirit is willing, but the tech is weak.] Unlike more static revenue streams like vehicle registration feeds and road taxes, camera systems can be tweaked as needed to guard against budget shortfalls. Working in conjunction with Redflex specialists, you'll be able to avail yourself to a variety of revenue boosters like shortened yellow lights, sudden speed limit changes, unchallengeable tickets and any number of camera malfunctions or programming errors that will almost always* result in more generated revenue. *[Caveats apply. See 135-page agreement for further details.] Choosing the best traffic camera solution for your city is a daunting decision. We at Redflex believe we can offer what many of our competitors can't, or at least likely won't. In addition to our traffic camera "expertise," we also offer the following: A condominium in Gilbert, Arizona Deep, deep, deep, deep, deep discounts on hotel rooms, car rentals and meals Debt consolidation plans for select transportation officials Multiple personal finance options We realize your have your choice in traffic control systems, but would like to remind you that only one company can offer you up to $570,000 in cash over the next eight years. Sincerely, Martin "Bagman" O'Malley Senior Consultant Redflex Traffic Systems Phoenix, Arizona 866 703-8097 [h/t velox -- and, yes, if you hadn't figured it out yet, this is satire, but based on a true story] Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
We've written before about Jay Rosen's excellent explanation of "the church of the savvy," in which political reporters seem more focused on describing the "horse race" aspect of politics rather than the truth. It's the old story in which the press ignores, say, a really good concept because "politicians won't support it." A key giveaway for a "savvy" post is to focus on "what the polls say" rather than what reality says. That doesn't mean that polls are never useful or shouldn't be reported on -- but when they get in the way of the actual story, it can make for ridiculous results. Take, as a quintessential example, the Washington Post's Aaron Blake giving us the latest on torture's polling numbers. Apparently, the polls tell us that Americans are okay with torture (even when they believe it's torture): A Pew poll shows Americans say, by a two-to-one margin (56-28), say the CIA's interrogation methods after 9/11 "provided intelligence that helped prevent terrorist attacks." Similarly, a CBS News poll shows that 57 percent of Americans think waterboarding and other interrogation techniques practiced by the CIA "provide reliable information that helps prevent terrorist attacks" either "often" or "sometimes." Just 8 percent say it "never" provides quality information, while 24 percent say it "rarely" does. And finally, a Washington Post-ABC News poll released Tuesday morning shows people say 53-31 that the CIA's program did "produce important information that could not have been obtained any other way." Now, an actual reporter might point out that (1) these Americans are wrong and (2) that it doesn't fucking matter whether or not torture works -- it's still reprehensible. But, instead, Blake concludes that, boy, this sure is a loss for the Democrats: And as long as people believe torturing terrorism detainees leads to valuable information, the CIA's interrogation program — and torture in general — are unlikely to face a major public backlash. This is the unhappy reality being confronted by Democrats who had hoped to make a splash with the CIA report. So the only "reality" in the article is the fact that the public's depraved position is bad for one particular party. Apparently, it's not bad for "humanity" or common sense or human rights or America. It's just bad for one party? Rather than actually educating the public -- which reporters are supposed to be doing -- the focus is just on what these polling numbers mean for torture -- presented in the same way one might discuss the polling numbers for a regular election. This isn't a political horse race we're talking about here. This is about a fundamental issue of human rights, and the press is acting like all that matters is torture's polling numbers?Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
Compared to the initial flood of astonishing revelations provided by Edward Snowden in the summer of 2013, things have gone relatively quiet on the NSA/GCHQ leaks front. So an interesting question is: what impact have all these had on ordinary people? That's one of the areas that the CIGI-Ipsos Global Survey on Internet Security and Trust explored. Here's what it found: Of those aware of Edward Snowden, 39% have taken steps to protect their online privacy and security as a result of his revelations In a perceptive blog post on the survey, Bruce Schneier notes that the "press is mostly spinning this as evidence that Snowden has not had an effect": I disagree with the "Edward Snowden Revelations Not Having Much Impact on Internet Users" headline. He's having an enormous impact. I ran the actual numbers country by country, combining data on Internet penetration with data from this survey. Multiplying everything out, I calculate that 706 million people have changed their behavior on the Internet because of what the NSA and GCHQ are doing. In fact, he calculates that there are probably another 46 million in countries not covered by the survey, bringing the total number who have "taken steps" to around 750 million. He goes on: It's probably true that most of those people took steps that didn't make any appreciable difference against an NSA level of surveillance, and probably not even against the even more pervasive corporate variety of surveillance. It's probably even true that some of those people didn't take steps at all, and just wish they did or wish they knew what to do. But it is absolutely extraordinary that 750 million people are disturbed enough about their online privacy that they will represent to a survey taker that they did something about it. And he concludes on a hopeful note: we have reached "peak indifference to surveillance." From now on, this issue is going to matter more and more, and policymakers around the world need to start paying attention. Let's hope he's right. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
Techdirt has been highlighting the growing problem of police militarization in the US for a while, and its huge impact on basic rights like free speech. But over in Spain, the government has taken a rather different approach to muzzling dissent. Rather than turning the police into a militia that can stop demonstrations through the use of overwhelming force, it's aiming to bring in a new law that makes organizing and taking part in protests -- both on the streets, and online -- almost impossible. Here's Global Voices' summary of what the new "Protection of Public Safety Bill" currently proposes: It is against the law to participate in a demonstration before a state institution without sending prior notification to the relevant government office. Disobedience or resistance to authorities; refusing to identify oneself; and giving false or inaccurate information given to state security agents are all prohibited. "Insulting, harassing, threatening, or coercing" members of the Security Forces will constitute a serious offense. But in addition to these general measures, there are some aimed specifically at ending the use of the Internet to organize protests: Those who call for demonstrations through the Internet, social networks, or another other means may also be penalized for having committed a very serious offense. The circulation of riot images during demonstrations can also constitute a very serious offense, punishable by 600,000€. Circulating information on the Internet that is understood to be an attack on an individual's privacy or that of a person's family, or that contributes to disrupting an operation, will be punished equally with fines up to 600,000€. The chilling effect that those last three will have on protests is clear. People will be reluctant to express any view that might be interpreted as calling for a demonstration, however vague. Forbidding riot images from being posted will, of course, mean that images of any police brutality against demonstrators are less likely to be circulated widely, removing one of the few brakes on violent police responses. And the last one concerning an "attack on privacy" is so vague that any mention of an individual might well be caught by it. In addition, anyone "insulting" Spain, its symbols or emblems, may be punished with up to a year's imprisonment. Despite pressure from the public and opposition politicians, the legislation has been passed by the Spanish Congress, and now goes to the Senate for final approval. That means the only thing likely to halt it is an appeal to Spain's Constitutional Court. What's worrying here is the very clear intent to bring in a law that makes the online organization and coverage of peaceful protests difficult or even impossible -- something that many other governments would doubtlessly love to achieve, and may well even be encouraged to attempt if Spain goes ahead with this awful proposal. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
While I still think the biggest story to come out of the Sony hacks is the fact that the MPAA had a plan to fund investigations of Google by public officials to get negotiating leverage over the company, a lot of other interesting tidbits have been revealed as well, including the fact that the MPAA still really, really believes in the idea of site blocking. It has listed it as a "high priority" item that was discussed in a recent anti-piracy strategy meeting bringing together the top lawyers from most of the major Hollywood studios: As the TorrentFreak article above notes, the MPAA laid out a four prong approach to force site-blocking on the US. The Verge recently posted an MPAA email that described at least some of the strategy as well: We have traditionally thought of site blocking in the US as a DMCA 512(j) issue. In some ways, that is too narrow and we plan to expand our scope of inquiry on two levels. First, DMCA 512(j), by its terms, necessarily creates an adversarial relationship with the target ISP (and more generally with the ISP community). We have been exploring theories under the All Writs Acts, which, unlike DMCA 512(j), would allow us to obtain court orders requiring site blocking without first having to sue and prove the target ISPs are liable for copyright infringement. This may open up avenues for cooperative arrangements with ISPs. Second, we start from the premise that site blocking is a means to an end (the end being effective measures by ISPs to prevent infringement through notorious pirate sites). There may be other equally effective measures ISPs can take, and that they might be more willing to take voluntarily. Our intention is to work with our own retained experts and Comcast (and MPAA’s Technology group) to identify and study these other possibilities, as well as US site blocking technical issues. The MPAA is right that 512(j) is likely a dead end. In fact, a legal analysis done by the MPAA's lawyers at Jenner & Block (the MPAA's preferred legal hatchet men) details why. The "All Writs Act" approach is nutty, and would lead to significant push back from a variety of parties (we just recently noted that the DOJ has been trying to use the All Writs Act to get companies to help decrypt encrypted phones). There would undoubtedly be a big legal fight over any such attempt. Other plans, like using the ITC or the Communications Act would also run into problems. In fact, The Verge also just published some internal legal analysis from Jenner & Block explaining why the ITC route is really risky and unlikely to work, whether targeting transit ISPs (Level3, Cogent, etc...) or access ISPs (Verizon, Comcast, AT&T, etc...). Amusingly, the "alternative" to SOPA that was pushed out by some anti-SOPA folks in Congress actually would have made the ITC route more feasible, but the MPAA was among its loudest critics. And yet now suddenly it's exploring the ITC path? Ha! Either way, the most insane part of all of this is the fact that, nearly three years after SOPA, the MPAA more or less admits in an email that it hasn't really analyzed the technological impact of site blocking (which was a key component of SOPA) and feels like maybe it should get on it. From the email sent by MPAA General Counsel Steven Fabrizio: Technical Analyses. Very little systematic work has been completed to understand the technical issues related to site blocking in the US and/or alternative measures IPSs might adopt. We will identify and retain a consulting technical expert to work with us to study these issues. In this context, we will explore which options might lead ISPs to cooperate with us. Talk about putting the anti-piracy cart before the internet horse... Meanwhile, the MPAA -- recognizing the shit storm created by SOPA -- has made sure that all of its site blocking efforts are to remain as quiet as possible (oops): Be cautious about communications on site-blocking—continue building a record of success where possible, but avoid over-communicating and drawing negative attention.... Where site-blocking is actively under consideration, make available research (1) that site-blocking works and (2) that it does not break the Internet (lack of "side effects"). [Do this] in closed-door meetings with policymakers and stakeholders, [but] not necessarily publicized to a wider audience. Yes, make sure people think site blocking "works" even though the MPAA doesn't have the requisite technical knowledge to understand it. So, in the interest of open source research, I'm going to help the MPAA out a bit and explain to them why site blocking is stupid and massively counterproductive. I mean, they could just look at what's happened in the past few weeks since The Pirate Bay went down, leading tons of other sites to pop up and (as reported in Variety -- normally a keen source of spinning in favor of the studios) the actual impact on infringement online was basically nil. But, let's take this a step further. Let's say... for example, that the MPAA succeeded in having certain "evil" sites blocked. Thankfully, at about the same time as these meetings were going on, the MPAA also gave Congress a list of the sites it considered "notorious." Let's take one -- how about torrentz.eu -- an do a basic Google Search showing what results would come up if Goliath Google were forced not to link to the site (which is slightly different from site blocking, but the MPAA is also talking about similar efforts to get full domains "removed" from Google as an alternative to site blocking -- and the end results would be pretty much the same thing). Take a look: If you can't see it, it's basically a bunch of links to pages listing out where you can go instead of that particular site. In short, site blocking is stupid. It won't actually cut down on any infringing activity, and it's easily gotten around, whether by VPNs or just by doing a rather basic search. Now, of course, the MPAA and its friends would likely still blame Google for this state of affairs, but I'm curious how the MPAA contends that Google should return results on such a site if it's been blocked or removed from search? How could it possibly also block out links to sites that list alternatives? Or is part of the plan to expand the censorship all the way down the pile so that any site that even mentions sites that the MPAA declares "notorious" also need to be blocked? Because if that's the case, they're going to run into a pretty massive First Amendment question before long. The problem -- as always -- is that the MPAA still thinks that the public is stupid, and that if they can successfully "block" sites that people will stop looking for alternatives. The reality is that the way to get people to stop looking for unauthorized alternatives is to make better authorized alternatives -- but that's clearly still not a priority for the MPAA. And that's a real shame. And none of this even touches on the problems with false positives (something that's already happened a bunch) or how site blocking might seriously screw up certain security setups, like DNSSEC (something the MPAA was clearly warned about during the SOPA fight, but which it still seems to deny is a real problem). In fact, during a recent secret "Site Blocking" meeting by the MPAA, it still appears to mock the idea that site blocking would break the internet by messing up DNSSEC. That's because the MPAA still doesn't seem to fundamentally understand the issues at play. If they actually talked to some real engineers at ISPs, maybe they'd learn that this whole infatuation is misguided and won't work. In short, the MPAA sees site blocking as a priority because it doesn't understand the first thing about site blocking and why it would fail -- and that's speaking legally, technically and using just basic common sense. So why is the MPAA so focused on that, rather than actually innovating and adapting? This is what happens when you put a bunch of litigators, rather than innovators, in charge.Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
Some of the recent heat surrounding asset forfeiture seems to have gotten to the IRS. Late last week, it moved to dismiss one of its more high-profile cases -- one that had received extensive coverage from the New York Times and countless other sources. [via Michael Scarcella's (of the National Law Journal) invaluable Twitter feed] A brief refresher: Carole Hinder had run a small, cash-only restaurant for nearly 40 years without incident before the IRS decided to step in and seize $33,000 from her bank account. Shortly after that, it acquired a warrant to seize another $150,000. The IRS's case hinged on the fact that every deposit made to the account totalled less than $10,000. From the dismissal order [pdf link]: As reflected in the affidavit in support of the verified complaint, from April 2012 through February 2013, more than $315,000 in currency was deposited into Mrs. Lady’s, Inc. bank account in approximately fifty-five separate deposits. No individual currency transaction exceeded $10,000 during that period. A sample of cash transactions between May 2012 and August 2012 showed a pattern of deposits consisting of frequent large deposits in amounts under $10,000 that were near in time to smaller deposits that, taken together, would have triggered bank reporting requirements. Hinder's defense was that her mother had advised her to break up the deposits into smaller amounts as a "convenience" to the bank. Staying below the reporting requirements does actually make the bank's work easier (and the customer's), but the IRS (and law enforcement) view this sort of behavior, no matter if it's linked to criminal activity or not, as "structuring" -- deliberate attempts to avoid reporting large amounts of cash to the government. The dismissal order indicates the IRS may have had evidence on its side. (That is, evidence that someone broke up deposits to avoid hitting the $10,000 mark. Not evidence that Hinder was involved in criminal activity or somehow intentionally screwing the IRS.) Despite this, it moved to drop the case, using the old "we have better things to do" excuse. It also maintains it did nothing wrong. Pursuant to Rule 41(a)(2) of the Federal Rules of Civil Procedure, the United States hereby moves to dismiss, without prejudice, the instant case. Despite two judicial probable cause finding supported by Claimant’s clear pattern of manipulating bank deposits below $10,000 in order to evade the reporting requirements of 31 U.S.C. § 5313, plaintiff believes, in the exercise of its prosecutorial discretion, that allocating its limited resources elsewhere would better serve justice in this case. Notwithstanding, the request herein, the request should not be construed as an acknowledgement or admission to any liability or wrongdoing whatsoever. The dismissal is without prejudice, meaning the IRS is still free to pursue this in court in the future. The court also notes that this voluntary dismissal does not remove the IRS's claim to the disputed assets seized by the agency. So, it's not a complete win for Hinder, but it does at least indicate the IRS is somewhat responsive to negative press. The IRS does have limited resources, and it's going to be better off pursuing clearly illegal actions than chasing down fringe cases and fighting battles in two courts (federal and public opinion). The IRS has also announced that it will no longer pursue apparent "structuring" if there's no indication the money comes from illegal sources. This is a step in the right direction, especially considering asset forfeiture has become shorthand for government abuse and the agency's pursuit of small business owners seemingly nothing more than the intersection of vindictiveness and greed.Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
Last week we reported on the Spanish newspaper publishers' association (AEDE) begging the Spanish government and EU to stop Google News shutting down as it realizes how much its members depend on Google for traffic to newspaper sites. To bring home just how stupid the new Spanish copyright law is, the online site Hipertextual.com is now calling for a boycott of all titles owned by AEDE (original in Spanish): Are you too against the new copyright law and the AEDE tax on media and aggregators? The first step you can take right now is to begin a boycott of AEDE titles: don't visit them, don't link to them, don't give them traffic or relevance. The Hipertextual.com article also recommends installing add-ons for the Chrome and Firefox browsers that automatically block all links to AEDE titles, and provides lists of international, national and regional alternatives. Even if it is well supported, the boycott on its own probably wouldn't have much effect, but combined with the devastating loss of traffic that Google News closing will cause, it will certainly add to the pressure on the AEDE publishers. Just as importantly, it will also show that whatever the Spanish government may think, the country's new copyright law is not just about squeezing money from a rich US company, but also represents a serious threat to the basic glue that holds the Web together -- the hypertext link. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
A long time ago, in a Techdirt far, far away...well, okay, it was only three years ago and it was right here at the same Techdirt, but Mike wrote about Chik-Fil-A, known purveyors of de-feathered chicken bits, opposing a trademark registration by an artist in Vermont for "Eat more kale." Why a company that sells dead fowl thought it had an issue of customer confusion on its hands over some t-shirts that suggest people consume more tasteless leaves is beyond me, but it happened. And, now, three damned years later, the legal battle is over and kale has defeated chickens. Bo Muller-Moore said Thursday that the U.S. Patent and Trademark Office granted his application to trademark "eat more kale," a phrase he says promotes local agriculture. He silk-screens the phrase on T-shirts and sweatshirts and prints them on bumper stickers that are common in Vermont and beyond. When asked what he felt caused the trademark office to approve his application, Muller-Moore, of Montpelier, said, "Your guess is as good as mine." The news was posted on the office's website Tuesday. "I'd like to think that maybe some persistence and polite defiance, you know, and proving to them that we were in it for the long haul," he said. "If it took us a decade, we're going to fight for a decade." Instead, it only took a 3rd of a decade, which sounds better, but renders me to the exact same frustrating question of what the hell? Chicken is meat and kale isn't. Anyone confused by the concepts of chicken and kale is not a moron in a hurry, they're criminally insane. For it to take years to resolve this is absolutely asinine. It's quite nice to hear that Muller-Moore was willing to stand on principle rather than cave to the demands of a corporate entity, but come on, this can't be what the framers of trademark law had in mind. "In our case, we said we're not going to cease and desist until a federal judge tells us to and as far as the trademark goes, I never wavered from the idea that I deserved protection from copycat artists," Muller-Moore said. Easy, champ, we were just starting to like you. One wonders how much money was spent on the legal process to get us to a 3-year-conclusion that kale and chicken are significantly different? Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
Some crowdfunding projects are really impressive and have gotten a lot of attention and praise that is well deserved. However, there are also quite a few projects that haven't quite lived up to their promise. It's disappointing to say the least when a project gets over a million bucks and still fails to deliver a working product to its backers. Some backers get upset when their favorite crowdfunded project sells out to Facebook. How can companies like Kickstarter and Indiegogo and the like deal with these problems? There might be escrow schemes or insurance policies that could help, but in the end, it seems like buyer beware is the ultimate answer. Here are just a few links on this situation of dealing with crowdfunding disappointments and outright scams. Indiegogo is trying out an optional insurance feature that would provide a refund if the project fails to deliver its product within 3 months of its estimated delivery date. So far, this insurance policy is in testing and costs $15, so it doesn't apply to every (or even many) campaign on Indiegogo, but it's an interesting way to provide backers with some kind of guarantee that their faith/money is not being completely misplaced. However, it looks like only 3 people have tried it, and we'll have to wait until early 2016 to see if those folks will qualify for a insurance claim. [url] Kickstarter is generally seen as dominant crowdfunding platform, and the company behind it wants to be known as a responsible corporation. Will being named a Certified B Corporation boost Kickstarters reputation at all? Or will its certification simply be taken away if more backers are dissatisfied when projects don't deliver as promised? [url] It's not hard to find crowdfunding projects that just won't work.. because physics or the second law of thermodynamics. Maybe crowdfunding platforms need to crowdsource some peer review for a project approval process? [url] If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
Between the company's general disposition and the incredible failure of the SimCity launch, Electronic Arts is becoming a name associated directly with digital rights management. The most infamous DRM platform the company has used is probably SecuROM, which was noteworthy for being equal parts mega-annoying to paying customers, as well as being so massively ineffective that games employing SecuROM later became amongst the most pirated video games of all time. But, results aside, EA would tell you that it needed to use DRM to protect the company from piracy. Even if SecuROM failed, the company had to at least try, or else the freeloaders that live the highlife getting around intellectual property laws would win. Violating IP laws is wrong, damn it, and EA was going to do everything in its power to right that wrong. Including violating a notorious patent troll's intellectual property to do so, apparently -- at least, according to an East Texas court, which awarded Uniloc nearly $5 million after determining that EA violated the patent troll's patent with the SecuROM platform. Uniloc Luxembourg S.A. sued in 2013, claiming EA's SecuROM video game activation system infringes on U.S. Patent No. 5,490,216. The system allows EA customers to activate and register their video games and is aimed at reducing piracy and "casual copying," Uniloc alleged. SecuROM restricts the number of devices a customer can simultaneously activate a game on with the same key. EA games that use the system include "Alice: Madness Returns," "Dragon Age II" and "Darkspore: Limited Edition," the complaint stated. Uniloc asked the court to for compensatory damages and "a reasonable, on-going, post judgment royalty." A federal jury agreed with Uniloc and awarded over $4.86 million in compensatory damages on Friday. I have to admit, I feel a bit like the characters at the end of the original Jurassic Park movie, who were being attacked by velociraptors only to be saved at the last moment by the tyrannosaurus rex that had nearly murdered them all earlier. You don't really root for either side; you can only pray they tear each other apart. That said, schadenfreude is one of my failings, and enjoying it with the healthy dose of irony that comes along with EA infringing on a patent with its anti-piracy software is so good, it's likely fattening. But, hey, live the IP sword, die by the IP sword, right?Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
Despite arguments otherwise, most of them broached by government lawyers, what can be viewed by the public may also contain a reasonable expectation of privacy. A federal judge has just thrown out evidence obtained by law enforcement without a warrant. The case, which dates back to last year, involves Washington police and Leonel Vargas, an immigrant who law enforcement suspected of drug trafficking. Without a warrant, police installed a video camera on a nearby utility pole and aimed it at Vargas' front yard. After over a month of recording, the police got lucky: Vargas, an undocumented immigrant, decided to perform target practice in the front yard of his rural Washington home. This gave officers the probable cause they needed (illegal weapons possession) to search Vargas' house. The resulting search uncovered drugs and guns, leading to his arrest and indictment. Vargas objected to this violation of his privacy. The government argued that Vargas' publicly-viewable front yard and door couldn't be considered private. This argument waged back and forth for several months, with the EFF entering an amicus brief on behalf of the defendant at the invitation of the court late last year. The EFF has some good news to report, and it's all contained in a minute order by Judge Shea. Law enforcement's warrantless and constant covert video surveillance of Defendant's rural front yard is contrary to the public's reasonable expectation of privacy and violates Defendant's Fourth Amendment right to be free from unreasonable search. The video evidence and fruit of the video evidence are suppressed. As the EFF points out, even public areas have privacy implications. While no one reasonably expects the front of their house to be a private area in the strictest sense, they do reasonably expect that no one will place it under uninterrupted observation for extended periods of time… at least not without a warrant. The hitch, of course, is that the privacy violation is tied to the length of time and the type of the surveillance. There's no specific point at which privacy protections kick back in (so to speak), so decisions like this are being made on a case-by-case basis. Given the courts' general slack-cutting when it comes to law enforcement and intelligence agencies, this is probably the best we can expect for the time being. Considering how much time elapsed between the installation of the camera and the capture of incriminating footage, it's hard to see why local law enforcement didn't pursue other investigative methods or obtain a warrant. Now, because it opted for warrantless, long-term surveillance, its most incriminating evidence can't be used against the suspected drug trafficker. Law enforcement agencies often claim that the securing of warrants takes too much time and allows criminals to escape arrest, but in far too many cases, the actual facts contradict these arguments.Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
Back in August, we noted that Google had started adjusting its search algorithm to give a slight boost to sites that are encrypted. That is, all else equal, sites that use HTTPS will get a slight ranking boost. The company made it clear that the weight of this signal will increase over time, and this is a way of encouraging more websites to go to HTTPS by default (something that we've done, but very few other sites have done). Now it appears that the Chrome Security Team is taking things even further: suggesting that all HTTP sites be marked as non-secure: We, the Chrome Security Team, propose that user agents (UAs) gradually change their UX to display non-secure origins as affirmatively non-secure. We intend to devise and begin deploying a transition plan for Chrome in 2015. The goal of this proposal is to more clearly display to users that HTTP provides no data security. More specifically: UA vendors who agree with this proposal should decide how best to phase in the UX changes given the needs of their users and their product design constraints. Generally, we suggest a phased approach to marking non-secure origins as non-secure. For example, a UA vendor might decide that in the medium term, they will represent non-secure origins in the same way that they represent Dubious origins. Then, in the long term, the vendor might decide to represent non-secure origins in the same way that they represent Bad origins. This seems like it could have quite an impact in driving more sites to finally realize that they should start going to HTTPS by default. There's really no excuse not to do so these days, and it's good to see the Chrome Security Team make this push. The more encrypted traffic there is, the better.Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
As a string of whistle blowers like former AT&T employee Mark Klein have made clear abundantly clear, the line purportedly separating intelligence operations from the nation's incumbent phone companies was all-but obliterated long ago. As such, it's relatively amusing to see Verizon announce this week that the company is offering up a new encrypted wireless voice service named Voice Cypher. Voice Cypher, Verizon states, offers "end-to-end" encryption for voice calls on iOS, Android, or BlackBerry devices equipped with a special app made by Cellcrypt. Verizon's marketing materials for the service feature young, hip, privacy-conscious users enjoying the "industry's most secure voice communication" platform: Verizon says it's initially pitching the $45 per phone service to government agencies and corporations, but would ultimately love to offer it to consumers as a line item on your bill. Of course by "end-to-end encryption," Verizon means that the new $45 per phone service includes an embedded NSA backdoor free of charge. Apparently, in Verizon-land, "end-to-end encryption" means something entirely different than it does in the real world: "Cellcrypt and Verizon both say that law enforcement agencies will be able to access communications that take place over Voice Cypher, so long as they're able to prove that there's a legitimate law enforcement reason for doing so. Seth Polansky, Cellcrypt's vice president for North America, disputes the idea that building technology to allow wiretapping is a security risk. "It's only creating a weakness for government agencies," he says. "Just because a government access option exists, it doesn't mean other companies can access it."Just because we put a backdoor in a product, doesn't mean those backdoors will be abused, right guys? Right? Of course this is the same Verizon that has mocked Internet companies for "grandstanding" when it comes to their latest encryption push. But while those companies have refreshingly started competing over who can respect your privacy more, Verizon's making it clear that privacy is an afterthought, even when pitching privacy services. Perhaps someday Verizon can see fit to offer "end-to-end encryption" that actually is.Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
The US Supreme Court recently ruled -- despite panicky DOJ arguments otherwise -- that cell phones are unlike someone's pant pockets or little black book and can't be simply searched incident to arrest just because the arrestee (like nearly every American) happens to have one on their person. The decision noted that the capability and capacity of modern cell phones makes them incomparable to other items cited in previous decisions on warrantless searches. One of the most notable distinguishing features of modern cell phones is their immense storage capacity. Before cell phones, a search of a person was limited by physical realities and tended as a general matter to constitute only a narrow intrusion on privacy.... Most people cannot lug around every piece of mail they have received for the past several months, every picture they have taken, or every book or article they have read—nor would they have any reason to attempt to do so. And if they did, they would have to drag behind them a trunk of the sort held to require a search warrant in Chadwick, supra, rather than a container the size of the cigarette package in Robinson. This description of today's smartphones is universal. The leap in technological capability and storage capacity should give any judicial system pause when considering law enforcement's general assertion that they should be able to fully search anything carried by an arrestee. Unfortunately, Canada's Supreme Court has weighed the same factors and arrived at the opposite conclusion. (via Reason) In a crime ruling that earned it rare praise from the federal government, the Supreme Court of Canada said police may search cellphones without a warrant when they make an arrest. Much like in the US, the impetus for warrantless searches is (and has been for quite some time) the eternal War on Drugs. Cellphones are the bread and butter of the drug trade, the majority said in a 4-3 ruling. It said police have been given the “extraordinary power” to do warrantless searches during an arrest, under common-law rules developed by judges over centuries, because of the importance of prompt police investigations. "Prompt police investigations" that apparently would be derailed by the "rigors" of warrant approval. These words would carry more weight if the warrant approval process wasn't generally the epitome of ease and efficiency. This also seems to ignore a crucial aspect of the issue under discussion: the arrestees affected are detained, along with all their belongings, until law enforcement decides to free them. There's plenty of time to obtain a warrant because the person and his/her cell phone aren't going anywhere. (Not to mention the fact that cell phones are the "bread and butter" of pretty much everybody, not just those in the drug trade.) The majority echoed law enforcement's narrative of forever being behind the technological curve. “Prompt access by law enforcement to the contents of a cellphone may serve the purpose of identifying accomplices or locating and preserving evidence that might otherwise be lost or destroyed,” Justice Thomas Cromwell wrote for the majority, joined by Chief Justice Beverley McLachlin and Justices Richard Wagner and Michael Moldaver. Law enforcement personnel act as though every arrestee's cell phone contains a self-destruct switch, even though there's been very little evidence produced that even suggests this is a common occurrence. Even if true, there are ways of circumventing this while obtaining a warrant. What law enforcement agencies really want (but never say in so many words) is the opportunity to image a phone's contents without a warrant -- something that gives them access to far more data and communications than any warrantless search performed previous to the ubiquity of smartphones. Because of this, rules should be stricter, not looser. But the majority decision ignores this, handing out a small list of stipulations that will do next to nothing to prevent abuse. The majority said the search must be tailored to its purpose, which will generally mean that only recent e-mails, texts, photos and the call log will be available. Define "recent." Somebody needs to because the decision does not. It simply says that only "recent" documents should be accessed. Once again, the court defers to the judgement of law enforcement officials to follow the (loose) guidelines and only access what it's permitted to… whatever that time period actually is. It could be two weeks. It could be two months. It could be everything on the phone because it's only six months old. This stipulation narrows things down a bit, but still leaves it in the hands of officers to perform warrantless searches in accordance with the spirit of the ruling. (Because the letter of the ruling doesn't actually exist.) Finally, the police must take detailed notes of what they have examined on the device and how they examined it. The notes should generally include the applications searched, the extent of the search, the time of the search, its purpose and its duration. The record‑keeping requirement is important to the effectiveness of after‑the‑fact judicial review. It will also help police officers to focus on whether what they are doing in relation to the phone falls squarely within the parameters of a lawful search incident to arrest. Again, this is a deferral to law enforcement. The decision simply asks officers to be honest about searches and record everything accessed. Like many rulings of this type, there is no deterrent, only a handful of post facto remedies to be pursued at the violated person's expense. At best, all someone can hope for is that evidence will be excluded without an extended legal battle. But that's a very slim hope. Even in the case being addressed here, the Supreme Court declared the search violated the appellant's rights, but still refused to exclude the evidence. The only bright spot of the majority's decision -- which is at odds with last year's Supreme Court decision stating that additional warrants were required to search computers and cell phones found on searched premises -- is the following, as highlighted by Michael Geist: I pause here for a moment to note that some courts have suggested that the protection s. 8 affords to individuals in the context of cell phone searches varies depending on whether an individual’s phone is password-protected. I would not give this factor very much weight in assessing either an individual’s subjective expectation of privacy or whether that expectation is reasonable. An individual’s decision not to password protect his or her cell phone does not indicate any sort of abandonment of the significant privacy interests one generally will have in the contents of the phone. Cell phones – locked or unlocked – engage significant privacy interests. So, at least there's that -- the instruction that just because someone doesn't take active measures to protect their phone's contents from others isn't an implicit suggestion that law enforcement officers are welcome to page through phones at their leisure. Of course, the lack of a warrant requirement does that for them, just so long as they remember to only look at "recent" stuff when searching an arrestee's phone. And there's a certain amount of incongruity in demanding a warrant for a cell phone found at someone's home, rather than for the one found in their pocket. A warrant requirement is far from onerous, especially considering the wealth of information contained in most smartphones. A warrant requirement is nothing more than a nod to the changing times. People carry personal computers in their pockets and the court needs to recognize that the old rules are no longer applicable. If you can't search a person's computers, personal files and other items without one, you shouldn't be able to do so just because these all reside in someone's pockets. As it stands now, Canada's Supreme Court stands in the awkward position of demanding warrants for access to ISP subscriber info, but not for an arrestee's cell phone contents.Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
Sony may have no idea how to how to run a secure enterprise, but it doesn't really take a whole lot of expertise or technical know-how to see that this particular gambit could only backfire. In a sharply worded letter sent to news organizations, including The New York Times, David Boies, a lawyer for Sony, characterized the documents posted online as “stolen information” and demanded that they be avoided, and destroyed if they had already been downloaded or otherwise acquired. The studio “does not consent to your possession, review, copying, dissemination, publication, uploading, downloading or making any use” of the information, Mr. Boies wrote in a three-page letter sent Sunday morning to the legal departments of media organizations. Somebody approved this -- someone higher up than David Boies. And that someone should probably step down and concentrate on staining his yacht deck or seeking to be nominated in the next Congressional election, or whatever it is studio execs do when they've outlived their usefulness. The letter's wording [pdf link] makes it sound as though the press outlets are doing something illegal (mainly through repetitive use of the word "stolen") but is careful never to make that actual claim. It tries to bluster its way towards legitimacy by inserting a list of "in case of 'stolen' information" requests (worded to look like legal demands) into the letter. As soon as you suspect that you may have possession of any of the Stolen Information*, we ask that you (1) notify us using the contact information provided below; (2) take all reasonable actions to prevent your company and any of your employees, independent contractors, agents, consultants, or anyone who may have access to your files from examining, copying, disseminating, distributing, publishing, downloading,uploading, or making any other use of the Stolen Information; (3) arrange for and supervise the destruction of all copies of the Stolen Information in your possession or under your control, particularly information protected under US. and foreign legal doctrines protecting attorney-client privileged communications, attorney work product, and related privileges and protections, as well as private financial and other confidential information and communications of current and former personnel and others, confidential personnel data, intellectual property, trade secrets andother business secrets and related communications; and (4) confirm that such destruction has been completed.** In addition, if you have provided the Stolen Information to anyone outside of your company, we ask that you provide them with a copy of this letter, and request the destruction of the Stolen Information by the recipient. [*"Stolen Information" being much more sensitive than your garden variety, lower-case "stolen information," obvs.] [**"Recycle Bin had little pieces of paper in it, but now appears to be empty."] I imagine the contact information provided is swiftly being bombarded with ridicule, fake tips, more ridicule, more fake tips and pictures of empty Recycle Bins. The only threat in the document (other than the overall tone) is this: If you do not comply with this request, and the Stolen Information is used or disseminated by you in any manner, SPE will have no choice but to hold you responsible for any damage or loss arising from such use or dissemination by you, including any damages or loss to SPE or others, and including, but not limited to, any loss of value of intellectual property and trade secrets resulting from your actions. OK. Good luck with that. The Supreme Court has already held that this sort of dissemination is protected by the First Amendment. (h/t to Marcia Hofmann) In a 6-3 opinion delivered by Justice John Paul Stevens, the Court held that the First Amendment protects the disclosure of illegally intercepted communications by parties who did not participate in the illegal interception. The only mitigating factor is the relative worth of the "stolen information" to the public interest. Much of what's been covered likely isn't and much of what's contained in the files that hasn't been disseminated by press outlets definitely isn't. But there are some revelations that are definitely matters of public interest, not the least of which is the MPAA's plan to throw money at elected officials in exchange for some Google-hassling. Sony appears to be in full panic mode, but it's tough to sympathize with a corporation that has been hacked 56 times in 12 years but still keeps passwords in a folder labeled "Passwords." This latest move won't earn it anything more than an internetload of derision.Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
To be sure, there is a large amount of schadenfreude contained within the hacking of Sony Pictures. To have your dirty laundry aired for the world to see is excruciatingly painful, but Sony Corporation's past actions have drawn a target on its back on multiple occasions. Rayne, a contributor to Marcy Wheeler's emptywheel blog, notes that Sony has been hacked 56 times in twelve years. And it has learned nothing. Passwords for Sony Pictures accounts were stashed away in a folder labeled "Passwords." The password for this folder? "Password." So, when Sony fights back, as it is now, it's far too late. It had several chances to shore up its defenses but it never made a serious effort to fix its security holes. Now, nearly everything has been exposed. Celebrities' personal data. Staffers' borderline racist opinions on Barack Obama's movie preferences. Its plan to join the MPAA in paying off states' attorneys general to go after Google. Sony has issued hundreds of DMCA notices in response to the leaked documents. It has seeded bogus torrents to thwart further distribution. Now, it's allegedly decided to take an even more aggressive approach to the continuing leaks. The company is using hundreds of computers in Asia to execute what’s known as a denial of service attack on sites where its pilfered data is available, according to two people with direct knowledge of the matter. Sony is using Amazon Web Services, the Internet retailer’s cloud computing unit, which operates data centers in Tokyo and Singapore, to carry out the counterattack, one of the sources said. Or not. Or possibly not at this moment. Re/code's updated post contains a denial from Amazon. “The activity being reported is not currently happening on AWS (Amazon Web Service),” Amazon said in an emailed statement to Re/code on Thursday. Amazon declined to comment further on whether the activity happened prior to Thursday. “AWS employs a number of automated detection and mitigation techniques to prevent the misuse of our services,” according to Amazon’s statement. “In cases where the misuse is not detected and stopped by the automated measures, we take manual action as soon as we become aware of any misuse.” Re/code's sources say "yes." Others say this isn't happening. CloudFlare, which offers denial-of-service protection and network monitoring, said it has not seen anything that would suggest Sony had conducted a counter-attack. The company said it would continue monitoring the situation. If Sony is indeed engaged in DDOS attacks, it's participating in the sort of behavior it's been quick to decry in the past. Sony Pictures may be relishing the chance to turn hackers' tools against them, but its history strongly suggests it really isn't in the position to be provoking further attacks. To pursue this option is pure hubris. It's hypocrisy and stupidity rolled into one. It may think it will escape this latest hack bowed but not unbroken, but whatever pride it has left at this point is delusional. It has opened everything up to criticism by failing to take proper precautions and destroyed its employees' trust that their employer would make the minimum of effort to keep their internal conversations internal. Permalink | Comments | Email This Story

Read More...
posted 12 days ago on techdirt
This week, all eyes were on the torture report and the government's response to it. After Dick Cheney attempted to dismiss it with some empty rhetoric, DaveK won first place for insightful by elegantly correcting him: Cheney is asking the wrong question: "How nice do you want to be to the murderers of 3,000 Americans?" The correct question is "How alike do you want to be to the murderers of 3,000 Americans?" Torture, while the most severe, wasn't the only exposed misdeed under scrutiny this week. We also saw leaked MPAA emails detailing plans to pay government officials to attack Google, who they called "Goliath". This led to a thread about the meaning of that codename, in which Mason Wheeler was the clear champion, winning second place for insightful: Historically, there was something of a rock-paper-scissors dynamic on ancient battlefields. There were three fundamental classes of warriors: cavalry, infantry, and archers. Cavalry beat archers, with their ability to close quickly and overrun them before they could get many shots off. Infantry beat cavalry, because they could use long spears to disrupt the heck out of a cavalry charge and panic the horses, throwing the whole group into disarray. Archers beat infantry, because, infantry being much slower to move than cavalry (especially if they wore heavy armor) they were left exposed to devastating projectile volleys for a long time. In the ancient tale of David and Goliath, we see the biggest, toughest guy around challenging the opposing army to a traditional rite of combat by champion: a "proxy battle" that avoided the wasteful slaughter of an actual battle. The record goes into great detail about his size and the size and weight of his weapons and armor. There's no doubt about it: Goliath was heavy infantry through and through. After much consternation on the other side, a self-selected champion stepped up. When the king tried to outfit him as a heavy infantryman to match Goliath, though, he demurred; it wasn't what he was trained for. No, David was an archer, and he intended to fight as an archer. He used a sling rather than a bow and arrow, but that's still an incredibly lethal ranged weapon. He stepped out onto the field, and Goliath's fate was sealed at that moment. People who don't understand the tactics involved call it a surprising victory on David's part, but in reality the only surprise here is that at no point did Goliath seem to understand just how screwed he was, until it was suddenly too late. There is one aspect of his description that doesn't fit the heavy infantry profile: he had a shield bearer go before him. But a guy used to fighting in close quarters doesn't need someone else to carry his shield; shield bearers were for archers! Between that, his physical description, and the fact that he claimed David was attacking him with "staves" (plural), when he was carrying a single staff, it's likely that he had severe problems with his vision--which is a known side effect of gigantism--and the "shield bearer" was actually a guide. Goliath died because he faced an opponent who was playing by different rules than what he was expecting, and he was too blind to notice until it was too late. Now who does that sound more like? Google, or the MPAA? For editor's choice, we start with a short comment from Violynne suggesting an even better solution for Keurig's "coffee DRM" than the scotch-tape circumvention: Ingenious, but I'm sticking with my way to circumvent the DRM: Not buy the damn product in the first place. Next, we'll loop back around to the post about Cheney's comments and that same question about "how nice" we want to be, where Rich Kulawiec offered up a beautiful statement of principles in response: I want to be as "nice" to them as the law, international treaties, and centuries of American principles demand that I be. I want to treat them humanely. I want to see that if they are accused of crimes, they are told of those accusations. I want to see if they are tried, that such trial is held in a timely manner and that they are provided with competent legal counsel and thus a robust defense. I want them to be able to confront their accusers via cross-examination and to be able to present witnesses in their favor. I want them to be fully accorded their rights under the Geneva Conventions and under international law and under American law at all times. Because that's how it's done. That's how civilized nations behave. That's how proud, strong nations that aren't afraid of a few trifling "terrorists" act. That's how countries who refuse to be cowed by a mere pinprick of an attack (which is all that 9/11 was) respond. They do not throw their principles out the window in panic and they do not whimper like frightened children at the threats of bullies. This isn't a matter of being "nice" to them or not -- although I'm sure war criminal Dick Cheney likes phrasing it that way. It's a matter of principle, pride and patriotism. It's a matter of truly being American, not in the flag-waving anthem-singing sense, but in the sense envisioned by those who founded this country. Not so long ago, the United States and allies tried and executed people for doing exactly what Dick Cheney did. Not so long ago, the United States decried renderings and mock trials and extrajudicial executions and mass surveillance and political persecution and torture and all the other things that we said the Germans did, the Japanese did, the Russians did, the Chinese did. Not so long ago, the United States said that it was important to defeat those countries -- either militarily or politically -- to stop those things from happening. And now we've done them all, thanks to men like Dick Cheney: weak, frightened, lying, sadistic and cowardly men in positions of power. History will not look kindly on them. Over on the funny side, we start out with Google News shutting down in Spain in response to the country's ridiculous copyright law. Dave Cortright won funniest comment of the week with his response: Spain? Never heard of it. Is that T-pain's son? I'd love to hear how the people and politicians in Spain react to this news, but that's not going to happen since my primary source is Google News. For second place, we've got a comment from our post about record labels releasing flimsy collections of old recordings just for copyright extension purposes, where Michael noted something familiar: Based on the Aereo case, I'm pretty sure that circumventing the law by following it to the letter means that these guys are a duck or something. Our first editor's choice for funny is nice and simple: after yet another story of theft by the TSA, ChurchHatesTucker said all that needs to be said: TSA They'll Steal Anything Last but not least, we've actually got a team effort of two comments, back on the post about Google News in Spain. There's one obvious joke that bubbles up whenever Spain is involved, and one anonymous coward gets props for making it... Nobody expects the Spanish news tax ...but Crusty the Ex-clown gets double props for perfecting it: Or: No one expects the Spanish Requisition!!! That's all for this week, folks! Permalink | Comments | Email This Story

Read More...
posted 13 days ago on techdirt
Five Years Ago Since this is a history post about the history of our posts, let's start with a post about history! This week in 2009 we looked at the history of the telegraph system and how it relates to modern net neutrality issues. We also took a look at more recent history — with the NBC/Comcast merger in the works, we reminded everyone of NBC Universal's vehement opposition to the AOL/Time Warner merger not long before. Recently, the band Pomplamoose caused a stir (and faced a lot of absurd attacks) by releasing its tour financials. This week in 2009, Pomplamoose made its Techdirt debut when we pointed to the band as an example of making a living as an indie artist in the digital era. We also had a similar post about Corey Smith detailing his successes as an independent musician. Meanwhile, artists continued to innovate, like the guy who chased down a Street View car to promote his band. Also in 2009 this week: the judge in the Tenenbaum case finalized the ruling and trashed the poor defense (who would then ask for a retrial); prosecutors who charged a young woman for filming her sister's birthday party and catching snippets of New Moon finally came to their senses and dropped the charges; Ron Livingston sued Wikipedia with a flimsy understanding of the law; music publishers attempting to sue Yahoo, Microsoft and Real saw their lawsuit tossed; and Hollywood, despite its fears of piracy, had another record year at the box office (as it has again every year since). Ten Years Ago This week in 2004, the Supreme Court agreed to hear the Grokster case, which would lead to the shutdown of popular P2P networks and absolutely no reduction in actual piracy or increase in revenues. Success! Even musicians were getting sick of the RIAA at this point. Despite rumours that they might enter some kind of deal with Apple, this week saw the near-confirmation that IBM would be selling its PC division to Lenovo; Google started testing out its now-ubiquitous Google Suggest feature for searches; and Starbucks was having real but limited success with its music program. 2004's holiday season was, as it is today, a big time for online shopping, and a time to notice trends therein. The auction competition mentality was starting to wane on eBay, we observed that all-night shopping was one of ecommerce's undersung advantages, and Woot was raking in the cash with its pioneering Daily Deals model. Next we'll be heading to 1999, but first, it looks like we already did that in 2004: after the holiday rush knocked several major retailers offline, we pointed out that the same thing was happening (and more excusable) five years earlier. Fifteen Years Ago Five years before the Grokster case hit the Supreme Court, we had the official commencement of the Napster lawsuit this week in 1999. We saw some foreshadowing of today's broadband woes in not-really-unlimited ISP offerings, and questioned the decision to credit Apple with the worst management mistake ever. IBM announced its new "Gene" supercomputer project, Amazon kept pushing into the mobile shopping game, and AOL showed incredible speed and dexterity in constantly blocking anyone who tries to integrate with its IM network. And there was plenty of discussion about the future, including the prediction that within ten years nobody would even talk about "the internet" since it would be so integrated with our lives. That didn't exactly come true, but it's still a meaningful observation: in 1999, the internet was still very much the "other" to many people, and the question "do you have the internet?" was not uncommon. Today, "the internet" is more commonly used to refer to the community of people online or simply to the concept of interconnectivity in larger discussions, since its prevalence in day-to-day life is old news. 54, 51 and 49 Years Ago This week, we've got three firsts from the world of television in the 1960s. On December 9th, 1960, Coronation Street debuted in the UK. It still airs today, making it the world's longest-running soap opera, and one of the most successful TV series of all time. A few years later was the first-ever use of instant replay on television. Though the concept of replays had started a few years earlier up here in Canada (for hockey, of course), it was highly limited, technically complicated and, of course, not instant. It was this week in 1963 that a CBS Sports Director invented a system for instant replay from videotape, and put it to use during an Army-Navy football game. The machine weighed 1300 pounds. Finally, two years after that on December 9th, 1965, and also on CBS, A Charlie Brown Christmas made its first appearance and kicked off the beloved tradition of Peanuts television specials. Permalink | Comments | Email This Story

Read More...
posted 13 days ago on techdirt
The holidays are almost here, so for this week's awesome stuff, we're looking at some innovative or just plain unconventional Christmas crowdfunding campaigns. AURA: Wireless Christmas Lights Wireless power could change the word, but it's still nowhere near that point — so for now, you'll have to settle for it changing your Christmas tree. The AURA system consists of a transmitter ring that hides near the base of the tree, and a set of wirelessly-powered LED baubles to hang on the rest of it. In a cool design choice, the ornaments showcase their internal circuitry rather than hiding it away. And, of course, the whole thing is controllable via smartphone. The Krampus Beer Stein Krampus — the Germanic folk monster that traditionally accompanies St. Nick, doling out punishment where gifts are undeserved — has been undergoing something of a cultural renaissance online, with a new generation latching on to the dark side of Christmas mythology. The Krampus Beer Stein is just one of several Krampus items I've seen around this season, but it's one of the coolest, featuring detailed original artwork by legendary illustrator Mitch O'Connell. Minimal Nativity Scene While the rebirth of the Krampus is a new trend in Christmas decor, the nativity scene is one of the oldest. This minimalist take on the classic might appear to be some sort of snide religious critique (and might raise more money from the online community if it were), but in fact it's design experiment inspired by the artist's lifelong fascination with popular depictions of Biblical figures in ornaments and consumer products. Why, he wondered, is Mary's dress always blue? Why is the baby Jesus always blonde? Why do the staple design choices change from country to country? Who makes these decisions, and how? His response: an ultra-simplified nativity scene consisting of ten labelled blocks of beech wood. Permalink | Comments | Email This Story

Read More...