posted 11 days ago on techdirt
The Ninth Circuit Appeals Court has handed down a decision which appears to lower the bar for probable cause. The government's evidence -- obtained via a warrantless search -- will remain unsuppressed. Here's the summary of the decision [PDF]: The panel affirmed the district court’s order denying the defendant’s motion to suppress contraband seized during a warrantless search of the defendant’s truck. The panel held that under the totality of the circumstances, there was probable cause to believe that contraband would be found in the truck, and that the search was therefore permissible under the automobile exception to the warrant requirement. It's the "totality of the circumstances" that's the problem. The court did a lot of scribbling in the margins to help the government's probable cause math add up. The DEA had lots of stuff that was almost proof of something, but lots of key elements were missing. The opinion is riddled with details of agents verbally filling in gaps in their surveillance with assumptions. [A]gents intercepted another call between Penitani and Faagai, in which Faagai was attempting to locate Penitani at the Pearlridge Shopping Center for what appeared to be a pre-planned meeting. Drug Enforcement Administration Special Agent Clement Sze (“Special Agent Sze”) testified that he believed that although agents were not able to conduct surveillance of that meeting, they believed, based on the entirety of their investigation, that Penitani and Mitchell were meeting Faagai to supply him with methamphetamine. The beginning of the DEA's bad math: a meeting agents did not actually hear or see. More fuzzy math follows. On November 5, 2012, agents intercepted a text message from Faagai to Penitani in which Faagai said that he was going to Costco in Kapolei “to buy food for [his] house” and that if Penitani “gotta buy food for [Penitani’s] house,” they should meet at Costco. Special Agent Sze testified that he believed that Faagai was using “food” as a code word for “money.” Or it could just be food. Since the defense didn't challenge these assertions, the Appeals Court decides to take the agent at his word. Agents attempted to catch the dealers in the act, but missed an opportunity. Agents traveled to the Costco in Kapolei and observed Penitani and his then girlfriend, Keschan Taylor, exit Costco and drive away. Agents did not see Faagai in the area, but Special Agent Sze testified that the agents believed that the meeting between Faagai and Penitani had already taken place. Another unobserved meeting, presumed by the government to have taken place and, presumably, been of an illicit nature. Having intercepted another conversation about "food" and "tools" to take place at a local restaurant, agents headed out to observe the hand-off. Again, they missed their marks. Law enforcement agents conducted surveillance at the Jack In The Box and did not see Faagai or Penitani. At 8:14 p.m., agents intercepted a text message from Penitani to Faagai changing the location of the meeting to a 7-Eleven. The agents drove to the 7-Eleven at 8:30 p.m., where they saw Faagai in the parking lot, leaning into the passenger side window of Penitani’s car. Penitani and Faagai had already been there for approximately 15 minutes. Once again, Special Agent Sze makes an assumption and, once again, the court finds it credible. Special Agent Sze testified that he believed that the drug transaction had already occurred by the time agents arrived on scene. Based on this wealth of horseshoe/hand grenade information, agents performed a pretextual stop and proceeded to search Faagai's vehicle without a warrant. A half-pound of methamphetamine was discovered along with the usual paraphernalia. The Appeals Court says all the gaps in info and all the assumptions made about unobserved meetings and unheard conversations is fine. It all adds up to Faagai's vehicle being the "more than likely" final resting spot of drugs no DEA agent actually saw change hands. At the 7-Eleven, agents observed Faagai walk away from Penitani’s car and toward his own truck without anything in his hands. Agents did not observe the entirety of the meeting, which lasted roughly 15 minutes. Because the circumstances indicate the purpose of the meeting was to engage in a drug transaction, there is probable cause to believe that Penitani had delivered drugs (the promised “tools”) to Faagai, and that these drugs could be found in Faagai’s truck. Why in Faagai’s truck? We know that there was probable cause to believe Penitani brought the “tools” (the drugs) so that Faagai could “get back to work” and not “lose [his] job” (deal the drugs). We know that Faagai arrived at the 7- Eleven in a vehicle, because he drove away in his truck. When the police saw Faagai leaning into the window of Penitani’s car, he had nothing in his hands. Where could the “tools” (drugs) be located? In Penitani’s car? Unlikely, because the purpose of the meeting was for Penitani to deliver drugs to Faagai and Faagai left the scene in his truck. On Faagai’s person? Perhaps, but unlikely given that in prior transactions, Penitani had dealt in pounds of methamphetamine. Hidden in the environs of the 7- Eleven? Unlikely, given the high value of the drugs. In Faagai’s truck? More likely than not. Judge Kozinski's dissent illustrates the dangers of allowing the government to substitute expertise for observation when it comes to commonly-used terms and meetings no one saw take place. The government’s entire case rests on four meetings between Faagai and John Penitani, a suspected meth dealer. Despite observing most of these meetings and assiduously wiretapping Penitani’s phone, officers never saw a handoff of money or contraband, nor heard an explicit mention of drugs. In fact, they saw and heard nothing objectively suspicious. The most probative evidence supporting the search was a conversation between Penitani and Faagai where they discussed meeting at Costco to buy food. Agents testified that they “believed [food] to be a code” for drugs. But there was no expert testimony or any other evidence supporting the speculation that food stood for drugs. See United States v. Bailey, 607 F.2d 237, 240 & n.6 (9th Cir. 1979) (discussing expert’s testimony on the meaning of alleged code words). Many people go to Costco to buy food. If talking about shopping for food at Costco were sufficient to justify a search, many of us would be searched by the police twice a week—thrice right before Thanksgiving. Nor does it make any sense to substitute food for drugs when talking about where to meet. If Penitani and Faagai were meeting up to conduct a drug deal, why specify the purpose of the meeting? Why say “Let’s meet at Costco for a drug transfer” rather than just “Let’s meet at Costco,” with the purpose of the meeting understood? A few judges have called out the government for this behavior, making claims that would turn a large number of non-criminals into potential suspects. Drug dealers are humans and do human things just like millions of non-drug dealers. They shop at Costco just like innocent people do. But the government would have us believe -- "based on training and expertise" -- that common activities are suspicious, especially when the government is already engaged in an investigation. Even the most innocuous actions become sinister when the government is seeking to reach a foregone conclusion. But there's more to it than that. Kozinski also points out the DEA's "training and expertise" statements often paint contradictory situations as equally suspicious. If the government wants to keep making arguments about common activities being the height of criminal suspicion, the least it could do is be consistent. The fact that the two men decided to meet in a place with “hardly any people” cuts the wrong way. The government commonly argues that drug dealers intentionally seek out busy locations because a “high volume of pedestrian and vehicle traffic can mask drug-dealing activity.” United States v. Ruiz, 785 F.3d 1134, 1138 (7th Cir. 2015). Here, the government claims the opposite, evidently trying to have it both ways. At best, this fact is irrelevant: There was nothing incriminating about the two men’s preference for a quieter location. Kozinski sums up his dissent this way: The majority strings together a sequence of events like beads on a strand, but doesn’t explain how any of them provide probable cause that Faagai was carrying drugs in his car when he was stopped. And here's the inevitable outcome of this decision, which is published and precedential: Here’s what this case boils down to: Officers had a hunch that a drug transaction was going down. They saw nothing obviously suspicious, but got tired of waiting, watching and wiretapping. They then jumped the gun by executing a warrantless search. Until today, this was not enough to support probable cause, but going forward it will be. This is a green light for the police to search anyone’s property based on what officers subjectively believe—or claim to believe—about someone’s everyday conduct. That puts all of us at risk. Accordingly, I dissent, and I’m off to Costco to buy some food. Edge cases like these need to be watched closely by judges. The courts have greatly expanded law enforcement power over the years at the expense of the Bill of Rights. Lowering probable cause to possible cause just makes it easier for officers to have their illegal search and their evidence too. Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
In the lead up to Hurricane Irma hitting Florida over the weekend, Tesla did something kind of interesting: it gave a "free" upgrade to a bunch of Tesla drivers in Florida, extending the range of those vehicles, to make it easier for them to evacuate the state. Now, as an initial response, this may seem praiseworthy. The company did something (at no cost to car-owners) to help them evacuate from a serious danger zone. In a complete vacuum, that sounds like a good idea. But there are a variety of problems with it when put back into context. The first thing you need to understand is that while Tesla sells different version of its Model S, with different ranges, the range is actually entirely software-dependent. That is, it uses the same batteries in different cars -- it just limits how much they'll charge via software. Thus, spend more on a "nicer" model and more of the battery is used. So all that happened here was that Tesla "upgraded" these cars with an over the air update. In some ways, this feels kind of neat -- it means that a Tesla owner could "purchase" an upgrade to extend the range of the car. But it should also be somewhat terrifying. In some areas, this has lead to discussions about the possibility of hacking the software on the cheaper version to unlock the greater battery power -- and I, for one, can't wait to see the CFAA lawsuit that eventually comes out of that should it ever happen (at least some people are hacking into the Tesla's battery management system, but just to determine how much capacity is really available). But this brings us back to the same old discussion of whether or not you really own what you've bought. When a company can automagically update the physical product you bought from them, it at least raises some serious questions. Yes, in this case, it's being used for a good purpose: to hopefully make it easier for Tesla owners to get the hell out of Florida. But it works the other way too, as law professor Elizabeth Jo points out: This sounds great until you realize the power to brick a car useful to corporations and the police: https://t.co/rbcfBr1HsF — Elizabeth Joh (@elizabeth_joh) September 10, 2017 And, of course, there's the possibility that one of these over-the-air updates goes wrong in disastrous ways: "oops sorry we bricked all the Teslas in the vicinity of the hurricane. Please accept our condolences and a year of free credit monitoring" — Pwn All The Things (@pwnallthethings) September 10, 2017 So, yes, without any context, merely upgrading the cars' range sure sounds like a good thing. But when you begin to think about it in the context of who actually owns the car you bought, it gets a lot scarier. Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
A year and a half ago, we wrote about how the same team of lawyers who successfully got "Happy Birthday" recognized as being in the public domain (despite decades of Warner Chappell claiming otherwise, and making boatloads of money) had set their sites on a similar fight over the copyright status of the song "We Shall Overcome." There were a lot of details in the original lawsuit that we wrote about -- all suggesting very strongly that the song "We Shall Overcome" was way older than the copyright holder claimed, and it was almost certainly in the public domain. There's been some back and forth in the case, but a new ruling on summary judgment motions effectively says key parts of the song are not under copyright. Specifically at issue is whether or not the first and fifth verse of the song are "sufficiently original" to qualify for copyright. And here, Judge Denise Cote says "nope." The verse in question is probably the part of the song you know: We shall overcome, We shall overcome We shall overcome some day Oh deep in my heart I do believe We shall overcome some day. Here, basically no one denies that there are extraodinarily similar songs that predate the 1960 and 1963 copyrights. The real question is whether there was some sort of substantial difference in the new copyrighted versions from the original -- enough to grant a new copyright. There's a LOT of history that the ruling digs into, and I'm not going to repeat it all here. Suffice it to say it appears that those registering the copyright were well aware that they were registering the copyright on a song that had been around for ages. Pete Seeger, who is on the copyright -- but apparently asked to have his name taken off later (which never happened, and it's now revealed that others hoped he would "forget" he asked about it) -- has said many times that the song was much older. The admission is that they filed for the copyright to prevent the song from being commercialized (which is, in some ways, kind of the opposite of the purpose of copyright, but...). And that's copyfraud. That's not the purpose of copyright and filing for such a registration is not supposed to be allowed. Here, the court doesn't reach a decision on whether or not the registration was fraud on the Copyright Office -- that issue may move on to trial. However, the judge does make it clear that the copyright here doesn't seem legit. Specifically, in this case, the question being decided is who has the burden here. The holders of the copyright wanted to force the plaintiffs to prove that the copyright is invalid, arguing a "presumption of validity" in their registered copyright. But the court notes that enough evidence has presented to raise serious questions about the legitimacy of that copyright that the burden falls on the defendants to prove that the copyright (specifically on those two identical verses) is legit: Without a sufficiently original contribution to Verse 1/5, the Song’s Verse 1/5 does not qualify for copyright protection as a derivative work. This similarity, coupled with the failure to clearly identify the PSI Version of the Song as the Song’s antecedent is also sufficient to rebut the presumption of validity. Therefore, the Defendants may not rest on a presumption that their copyrights are valid and they bear the ultimate burden of showing the validity of those copyrights without the weight added by that presumption. So that's not a complete "this is in the public domain." But... it's a pretty strong indication of where we're heading. On a separate note, I'm pleased to see the following discussion on how copyright is not (as some try to argue) some sort of "natural right" or one that "confers absolute ownership.": The Constitution provides that “Congress shall have Power . . . [t]o promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries”. U.S. Const. art. I, § 8, cl. 8. This constitutional grant of authority to create a copyright is given in express recognition of the primacy of the public interest. See TCA Television Corp. v. McCollum, 839 F.3d 168, 177 (2d Cir. 2016). “[T]he primary purpose of copyright is not to reward the author, but is rather to secure ‘the general benefits derived by the public from the labors of authors.’” New York Times v. Tasini, 533 U.S. 483, 519 (2001) (Stevens, J., dissenting) (citation omitted). “[T]he authorization to grant to individual authors the limited monopoly of copyright is predicated upon the dual premises that the public benefits from the creative activities of authors, and that the copyright monopoly is a necessary condition the full realization of such creative activities.” Melville B. Nimmer & David Nimmer, 1 Nimmer on Copyright § 1.03[A] [hereinafter “Nimmer”]; Barton Beebe, Bleistein, the Problem of Aesthetic Progress, and the Making of American Copyright Law, 117 Colum. L. Rev. 319, 341 (2017) (“The Framers likely included the Progress Clause both to justify and to limit in some way the extraordinary grant of monopoly rights provided for by the Exclusive Rights Clause.”). As the Honorable Pierre Leval has explained, “[t]he copyright is not an inevitable, divine, or natural right that confers on authors the absolute ownership of their creations. It is designed rather to stimulate activity and progress in the arts for the intellectual enrichment of the public.” Pierre N. Leval, Toward a Fair Use Standard, 103 Harv. L. Rev. 1105, 1107 (1990). That's not necessarily a key point in the ruling, but I think it's important to remind some people of this fact, since it's one that's frequently confused by copyright system supporters. Either way, it's worth reading the full ruling. This is not a complete victory, but it's a good start. In the long run, it certainly seems likely that the barrier of a fake copyright on "We Shall Overcome"... shall be overcome. Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
No job too small. That's asset forfeiture for you. But small jobs are the safest jobs when it comes to the government keeping someone else's property. Keeping the seizures small makes it less likely they'll be challenged by those whose property was taken. The year-end totals may look impressive, but behind those totals are lots and lots of tiny cash grabs. In the cases where agencies' forfeitures have been itemized and examined (which is a rarity -- there's a ton of opacity in forfeiture reporting), the largest number of forfeitures are for the smallest amounts, usually well under $1,000. Officers take what they can because they can. A video going viral on Twitter shows a California police officer rummaging through the wallet of an unlicensed street vendor and taking the vendor's cash and debit card. A citation and a shutdown of the hot dog stand should have been enough. But it wasn't. Officer Sean Aranas decided -- with the only citation handed out during the football game -- to take the man's earnings. UC Berkeley Police 👮🏼 y'all some punk ass bitches a ticket is understandable but to take his money away fuck the police pic.twitter.com/B8j2UcvREG — Moreno (@Moreno) September 10, 2017 The backlash has been swift. A crowdfunding page for the vendor -- identified only as "Juan" -- has already raised more than $30,000. A petition demanding the firing of Officer Aranas has gathered 11,000 signatures. And it's gotten the attention of his employer: UC Berkeley spokesman Dan Mogulof offered a brief statement Sunday evening: “We are aware of the incident. The officer was tasked with enforcing violations related to vending without a permit on campus. UCPD is looking into the matter.” The UCPD says the money taken from the vendor has been booked into evidence. If so, it's just another way the PD can keep Juan's money, even after he's paid his fine and obtained a permit. This can happen even if the citation is dropped. Money booked into evidence just stays there unless someone's willing to fight uphill against a system designed to keep citizens from their seized property. It's not quite as difficult or expensive as fighting a forfeiture in court, but it's still an arduous process involving a lot of people (cops, prosecutors) with zero interest in returning people's property. There will be a number of people pointing out Juan should have just secured a permit. True, that would have prevented this from happening, but it's a bit like saying cops are justified in taking cash from anyone at any time if a law has been violated. Juan's violation is a misdemeanor. It's like saying a cop should be able to take cash/debit cards from people who've been cited for traffic violations. It's unnecessarily punitive and far more of a punishment than a misdemeanor should warrant. The outrage won't budge the needle at the University of California Police Department. Everything done here likely has a corresponding policy allowing it. Calling it "evidence" rather than a forfeiture may make it feel a bit more legit, but it's still just policy-enabled theft that allows the government stack punishment on top of punishment and possibly enrich itself in the process. Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
The $119 Roqos Core is the first home internet security service that provides cybersecurity, parental controls, a VPN service, Dynamic DNS, and a home network. It provides protection for any IoT device on your network and has an open source platform that allows new security features to be developed often. The router features simultaneous dual WiFi 3x3 802.11 AC and 2x2 802.11, 5-port Gigabit switch, 4 2GHz cores, 2GB RAM, and 8 GB local storage. You can get real-time notifications on suspicious activities or network problems via phone or email Today's deal includes first month of cybersecurity, parental controls, dynamic DNS, and VPN services free ($17/month thereafter). Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team. Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
We've pointed out time and time again that one of the problems with setting up any rules that allow for content to be taken down online is just how widely they will be abused. This is one of the reasons why we think that CDA 230's immunity is much better than the DMCA 512 safe harbors. Under CDA 230, if a platform receives a takedown over content that is, say, defamatory, they get to decide how best to act, without a change in their own legal liability. They can take it down, or they can leave it up, but there's no greater legal risk in either decision. With the DMCA, it's different. If you, as a platform, refuse to take down the content, you then risk much greater legal liability. And, because of this, we regularly see the DMCA abused by anyone who wants to make certain content disappear -- even if it has nothing to do with copyright. Take this latest example of game developer Sean Vanaman, who has promised to issue DMCA takedown notices for YouTube star PewDiePie's (Felix Kjellberg) videos featuring Vanaman's video game, Firewatch: We're filing a DMCA takedown of PewDiePie's Firewatch content and any future Campo Santo games. — Sean Vanaman (@vanaman) September 10, 2017 The issue is, more or less, that PewDiePie is, well, kind of a jackass and possibly a bigot (there's some dispute over whether he's really a bigot or just "proving a point," but I'm going with Popehat's famous Goatfucker Rule on this one). And PewDiePie did one of his awful, insensitive PewDiePie things, which has reasonably pissed off some people. One of those people is Vanaman, who is pointing directly to this episode as the reason why he's going to issue DMCA takedowns and is urging other game developers to do the same: And, look, it's completely reasonable to dislike PewDiePie. And it's completely reasonable to be upset that someone you dislike and believe is toxic has done videos showing your games. But what's not reasonable and also not allowed under the law is to abuse the DMCA to take down content, just because you don't like how someone's using it. PewDiePie's videos are almost certainly fair use. While we've seen some debate over "Let's Play" videos like PewDiePie's over the years, in general most copyright experts who've discussed the matter seem to feel that the standard Let's Play video is very likely to be protected by fair use. Having seen some of PewDiePie's Firewatch let's play video, it definitely would appear to be protected by fair use. The fact that Vanaman directly and publicly admits that he's not taking the video down for any valid copyright reason, but rather because he thinks PewDiePie is "a propagator of despicable garbage" doesn't help Vanaman's case at all. Rather, it gives PewDiePie a lot more leverage to claim that any such takedown would be abusive, and possibly even a violation of the DMCA's 512(f) against misrepresentations. But the larger point remains: no matter what you think of PewDiePie or Vanaman, the issue here is that when we create laws that give people the power to take down content, it will be abused for a variety of reasons. Often -- as is the case here -- those reasons will have absolutely nothing to do with copyright. Vanaman spouting off about his non-copyright reasons for wanting to issue a takedown only makes that so much clearer in this case. Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
So you may have noticed this already, but giant telecom conglomerates don't much like having to upgrade their networks, especially in lower ROI areas. And while that's understandable from a purely-financial perspective, this practice is creating some major, notable broadband deployment holes where poor people tend to live. With telcos specifically refusing to upgrade lagging DSL networks at any real scale, that's also creating an emboldened cable broadband monopoly in many areas. That by proxy keeps prices high, speeds low, and allows the introduction of things like bullshit usage caps and overage fees. By and large, localized efforts to do something about this generally run face-first into brick walls, thanks in large part to the almost comical stranglehold most ISPs have over state legislatures and regional telecom regulators. In many instances this culminates in ISPs not only refusing to expand their networks into under-served areas, but quite literally writing protectionist state laws to make sure nobody else can, either. This cake and eat it too mentality persists in countless states that have prioritized campaign contributions from the likes of AT&T and Comcast over the general welfare of their public constituents. Despite the broadband industry consistently whining about "burdensome regulation," the reality is there's little to nothing passing for real oversight in many of these areas, and the regulation that is written -- is often focused primarily on protecting these duopolies' uncompetitive geographical fiefdoms. In Vermont, the Vermont Public Utility Commission (VPUC) recently tried to buck this trend by including provisions in Comcast's 11 year permit (pdf) with the state requiring it to not only retain public access programming in the state, but expand "no less than" 550 miles of additional cable into under-served Vermont communities over 11 years. To be clear, deploying that much cable over more than a decade is a pittance to a company that sees $21 billion in quarterly revenues. But instead, Comcast decided to sue the state, claiming that doing this extra work violates the company's First Amendment rights: The VPUC claimed that it could impose the blanket 550-mile line extension mandate on Comcast because it is the "largest" cable operator in Vermont and can afford it. These discriminatory conditions contravene federal and state law, amount to undue speaker-based burdens on Comcast's protected speech under the First Amendment of the United States Constitution... and deprive Comcast and its subscribers of the benefits of Vermont law enjoyed by other cable operators and their subscribers without a just and rational basis, in violation of the Common Benefits Clause of the Vermont Constitution. ISPs love to trot out the First Amendment complaint wherever and whenever possible, similarly insisting that net neutrality protections somehow curtail their free speech rights (arguments that traditionally don't see much traction in the courts). But Comcast is also busy telling local Vermont news outlets that it's spending money on lawyers instead of more cable because it's just really worried about how much Vermont residents pay for broadband and TV service: Comcast declined to talk about the case. But in a written statement company spokeswoman Kristen Roberts said the new state permit would, "cost millions of dollars, place discriminatory burdens on Comcast and its customers, and arbitrarily increase their costs for cable service. While that's very sweet of Comcast, the fact is that Comcast enjoys an effective monopoly over broadband in countless areas; the closest it comes to competition in Vermont being a relatively pathetic telco by the name of Fairpoint Communications. Fairpoint acquired Verizon's unwanted DSL networks in the state several years back, bungled the acquisition, stumbled into bankruptcy, and struggles to offer 3 to 6 Mbps DSL across wide swaths of the state. This is, again, thanks to a generation of lawmakers and regulators that have effectively allowed giant duopolists to write state (and often federal) telecom law. In a working, competitive market, Comcast wouldn't need to be prodded and cajoled by the state to actually upgrade and expand its network. But there's simply no organic market pressure forcing Comcast's hand because the U.S. telecom market is painfully, obviously broken. As a result, there has been a growing push to explore more creative public/private partnerships to help bring connectivity to long-neglected areas. But Comcast consistently supports laws hamstringing those efforts too, allowing Comcast to have its cake (not deploy broadband) and eat it too (erecting regulatory barriers preventing others from doing so either). Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
How private are your medical records? You'd think they'd be pretty damn private, considering Congress specifically passed a law regulating the disclosure of these sensitive records. Some states feel the same way, extending even greater privacy protections to things like prescription records. Not only are medical entities prevented from passing on sensitive info without patients' consent, local law enforcement agencies aren't allowed to obtain third-party records like prescription data without a warrant. Seems pretty locked down, but as Leslie Francis and John Francis point out at the Oxford University Press blog, federal law enforcement agencies have undone both Congressional protections and state protections. Utah’s requirement for a warrant conflicts with the federal Controlled Substances Act (CSA), which permits the DEA to issue administrative subpoenas for information relating to individuals suspected of violations of the CSA. According to a US Department of Justice report, administrative subpoenas may be issued by the agency without judicial oversight and without the showing of probable cause that would be required for a warrant. When states provide more protections to residents than the federal government's willing to grant, it's often the state laws that lose, especially when controlled substances are involved. Such is the case here, at least so far. The DEA demanded the release of patient info/prescription records without a warrant, something forbidden by Utah law. The state objected to the DEA's records demand. The DEA responded by flexing its considerable federal muscle. The DEA countered with the Supremacy Clause: valid federal laws are superior to conflicting state laws. The court ended up agreeing with the DEA: patient info and prescription records aren't afforded additional privacy protections, no matter what HIPAA/state laws have to say about the matter. The court's rationale was that prescription medicine is part of a "closely regulated" industry, which lowers the bar for government access. This lumps pharmacies and hospitals in with pawn shops, gun dealers, and adult filmmakers. The Francis' point out this reading of close regulation and the DEA's Supremacy assertions is incredibly broad. It proposes nearly no limits to what the government can grab without a warrant. While the court discussed the possibility this should be limited to prescriptions containing controlled substances, it drew no precedential conclusions that may have shortened the government's reach. And, indeed, there are no court decisions that grant reasonable privacy expectations to records most members of the public feel should be accessed only by them and their healthcare providers. The blog points to the last Supreme Court ruling related to patient privacy -- one that's nearly 40 years old at this point. All the Whalen v. Roe decision did was indicate the Court believed New York state's statutory privacy protections were enough and that there was no need to drag the Fourth Amendment into this. As we can see from the DEA's actions and assertions, statutory privacy protections mean nothing, not if the federal government can step in and override protections put in place by state and local governments. Permalink | Comments | Email This Story

Read More...
posted 12 days ago on techdirt
This week, we're going to go out of order again, since we've got a good discussion with our first place winner in the middle — sandwiched by two good editor's choices. On our post about friend-of-patent-trolls Judge Rodney Gilstrap crafting an incredibly broad set of conditions for having patent cases heard in East Texas, aerinai offered up our first editor's choice for insightful with some thoughts on the impact this will have: Goodbye East Texas Jobs So let's assume for a second this is allowed to stand.... All I'm hearing is it is dangerous as a company to have business dealings or employees in East Texas... Assume for a moment that you are a tech company that has to litigate this nonsense. Wouldn't it make more sense for me to lay off my East Texas workforce (especially in remote instances like this) to lower my risk? Be cheaper to fly in a sales person every week than 'establish residence'. If you live in East Texas, say goodbye good paying jobs, courtesy of your one and only Judge Gilstrap! In response to that, we've got our first place winner for insightful — Anonymous Anonymous Coward going ahead and taking the idea one step further: Not only that, but websites will probably block IP addresses assigned to East Texas because Judge Gilstrap will interpret that that constitutes having a business in East Texas. He appears to be quite imaginative in not only his patent case rulings, but in his interpretation of SCOTUS rulings. Funny what power does to logic. Or, maybe not so funny. And then, in response to that, we've got our second editor's choice for insightful from Paul Brinker, offering a capper to the discussion: I have to agree with this. As a business owner I would restrict all travel, business, and customers from East Texas. I would go so far as make this a public corporate policy. This way they would have to make some new test like "My Website can be seen from Texas" which will quickly fail in higher courts. And now all that remains on the insightful side is our second place winner, a very simple anonymous comment in response to this week's good news about the dismissal of Shiva Ayyadurai's lawsuit against us: Congratulations! Over on the funny side, our first place winner comes yet again in response to that very first comment about Judge Gilstrap's patent test, anonymously chiming in: What is this east texas you speak of? It seems I can't find it on google maps any longer. In second place, we've got a response from TechDescartes to the convoluted nightmare of Spotify streaming licensing: Troll-kien One license to rule them all, one license to find them, One license to bring them all and in the darkness bind them. For editor's choice on the funny side, we've got a pair of anonymous comments. The first came in response to the Screen Actors Guild's strained attempts to stop IMDB from publishing facts about actors, offering a possible explanation: Explanation for illogical arguments "I'm not a competent legal scholar, but I play one on TV." And the second was a very British response to UK terrorism law reviewer Max Hill's anti-encryption comments: Had to check twice, but Mr. Hill's first name is indeed Max, not Benny. That's all for this week, folks! Permalink | Comments | Email This Story

Read More...
posted 13 days ago on techdirt
Five Years Ago This week in 2012, as the election drew near, we noted that both the Democrats and Republicans were in deep denial about the need for copyright reform — even as the tide seemed to be turning on bad copyright laws in some other countries. Meanwhile, the copyright takedown game was going nuts as usual, with rightsholders issuing takedowns over content that has been gone for months, and automated bots managing to take down the live-stream of the Hugo awards (for showing clips from an award-winning show) and even the official stream of the Democratic National Convention (with claims from a shockingly long list of media companies). Ten Years Ago Ironically for sci-fi fans who couldn't watch the Hugos in 2012, this same week in 2007 it was a sci-fi writers group abusing the DMCA to take down content. Meanwhile, Ridley Scott gave as an interlude from Hollywood's usual complaints about technology being used for piracy (like the MPAA's new crusade against camcording in UK cinemas) to complain about small screens killing the art form. This was also the week that Apple made major updates to its iPod line including the introduction of the iPod Touch, and we noted that the excitement around the technology was itself a good argument against music industry business models. Fifteen Years Ago This week in 2002, record labels were actually backing away from copy protection, although their official music download sites were still languishing in obscurity. The industry was fresh off an insane attempt to stop piracy with a lawsuit against internet backbone providers, and Duke University had just received a curious anonymous $1-million donation to fight abuse of the DMCA. This was also the week that Greece passed a somewhat-infamous anti-gaming law that, due to its vague wording, effectively banned all video games. Permalink | Comments | Email This Story

Read More...
posted 13 days ago on techdirt
Okay, chances are you've already heard about the massive security breach at Equifax, that leaked a ton of important data on potentially 143 million people in the US (basically the majority of adults in America). If you haven't, you need to pay more attention to the news. I won't get into all the details of what happened here, but I want to follow a few threads: First, Equifax had been sitting on the knowledge of this breach since July. There is some dispute over how quickly companies should disclose breaches, and it makes sense to give companies at least some time to get everything in order before going public. But here it's not clear what Equifax actually did. The company has seemed almost comically unprepared for this announcement in so many ways. Most incredibly, the site that Equifax set up for checking if your data has been compromised (short answer: yeah, it almost certainly was...) was on a consumer hosting plan using a free shared SSL certificate, a funky domain and an anonymous Whois record. And, incredibly, it asked you for most of your Social Security Number. In short, it's set up in a nearly identical manner to a typical phishing site. Oh and it left open the fact that the site had only one user -- "Edelman" -- the name of a big PR firm. Not surprisingly, it didn't take long for various security tools to warn that the site wasn't safe. Said site is now unsurprisingly being flagged as suspicious by OpenDNS (and probably others) 🤦‍♂️🤦‍♂️🤦‍♂️ pic.twitter.com/JZOIgSQpRo — John Kelly (@mrjohnkelly73) September 8, 2017 Google have now marked the Equifax breach notification SSN check as phishing. pic.twitter.com/zb2dDQEwip — Kevin Beaumont (@GossiTheDog) September 8, 2017 And, when Equifax pushed people to its own "TrustedID" program to supposedly check to see if you were a victim of its own failures... it just started telling everyone yes no matter what info they put in: Just wow. If you enter "Test" and "123456" on Equifax's hack checker page, it says your data has been breached. pic.twitter.com/cTjTs7Frjv — Zack Whittaker (@zackwhittaker) September 8, 2017 So, yeah, what the hell did Equifax do during those six weeks it had to prepare? Oh, well, a few of its top execs used the delay to sell off stock, which may put them in even more hot water (of the criminal variety). Also, just days before it revealed the breach, and long after it knew of it, the company was talking up how admired its CEO is. This is literally the last tweet from Equifax prior to tweeting about the breach (screenshotted, because who knows how long it'll last): I can't see any scenario under which Smith keeps his job. And it seems likely that many other execs are going to be in trouble as well. Beyond the possible insider trading above, there's already scrutiny on its corporate VP and Chief Legal Officer, John J. Kelley, who made $2.8 million last year and runs the company's "security, compliance, and privacy" efforts. And despite six weeks to prepare for this, the following was Equifax's non-apology: We apologize to our consumers and business customers for the concern and frustration this causes. That's a classic non-apology. It's not apologizing for its own actions. It's not apologizing for the total mess it's created. It's just apologizing if you're "concerned and frustrated." Oh, and did we mention that the very morning of the day that Equifax announced the breach, it tweeted out about a newsletter it published about how "safeguarding valuable customer data is critical." Really (again, screenshotted in case this disappears): What the fuck, Equifax? Should we even mention that Equifax has been a key lobbying force against data breach bills? Those bills have some problems... but, really, it's not a good look following all of this. And while there was some concern that signing up to check to see if you were a victim (again: look, you probably were...) would force you out of being a part of any class action lawsuit, that's since been "clarified" to not apply to any class action lawsuits over the breach. And you better believe that the company is going to be facing one heck of a class action lawsuit (a bunch are being filed, but they'll likely be consolidated). That's all background of course. What I really wanted to discuss is how this will almost certainly get worse before it gets better. More than twelve years ago, I wrote that every major data breach is later revealed to be worse than initially reported on. This has held true for years and years. The initial analysis almost always underplays how serious the leak is or how much data is leaked. Stay tuned, because there's a very high likelihood we'll find out that either more people were impacted or that more sensitive information is out there. And that should be a major concern, because what we already know here is stunning. As Michael Hiltzik at the LA Times noted, this is the mother lode of data if you want to commit all sorts of fraud: The data now at large includes names, Social Security numbers, birthdates, addresses and driver’s license numbers, all of which can be used fraudulently to validate the identity of someone trying to open a bank or credit account in another person’s name. In some cases, Equifax says, the security questions and answers used on some websites to verify users’ identity may also have been exposed. Having that information in hand would allow hackers to change their targets’ passwords and other account settings. Other data breaches may have been bigger in terms of total accounts impacted, but it's hard to see how any data breach could have been this damaging. For over a decade, we've pointed out that credit bureaus like Equifax are collecting way too much data, with zero transparency. In fact, back in 2005, we wrote about Equifax itself saying that it was "unconstitutional and un-American" to let people know what kind of information Equifax had on them. The amount of data that Equifax and the other credit bureaus hold is staggering -- and as this event shows, they don't seem to have much of a clue about how to actually secure it. At some point, we need to rethink why we've given Equifax, Experian and TransUnion so much power over so much of our everyday lives. You can't opt-out. They collect most of their data without us knowing and in secret. You can't avoid them. And now we know that at least one of them doesn't know how to secure that data. Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
RESOLVED: this nation's intelligence oversight is indisputably useless. It's about 99% joke and 1% Ron Wyden dog-whistle questions that go unanswered for months or years. Committees on both sides of the legislature are composed mostly of surveillance cheerleaders and flak catchers profoundly uninterested in performing actual oversight. Reform efforts tend to take place despite the intelligence committees, rather than because of them. Every so often, positive changes are made for purely partisan reasons. Super-friendly "oversight" committees aren't helping hold our nation's multiple intelligence agencies accountable. But it goes deeper than lawmaking fanboys/girls holding prominent positions in intelligence committees. The desire to limit accountability traces back further than the front-mouths lobbing softballs to IC leaders at Congressional hearings. As Tim Johnson and Ben Wieder report for McClatchy News, the intelligence community has been stocking committees with home teamers for years. Lawmakers assigned to oversee the sprawling U.S. intelligence apparatus rely strongly on a staff that in recent years has included scores of onetime spooks, analysts and lawyers who previously worked at the spy agencies under scrutiny. According to a comprehensive analysis by McClatchy, at least one-third, and perhaps far more, of the professional staff members who carry out the work of the House and Senate intelligence committees are themselves veterans of the agencies that the two panels oversee. Really not a problem, I suppose, if the other two-thirds are staunch civil rights defenders and privacy advocates. But of course they're not. They're just more government employees, many of whom find defending the status quo to be a more sensible career path, one that starts with idealism (sometimes) and ends with a pension, with very little forward momentum during the intervening years. The "intelligence community" term attempts to humanize a hulking behemoth bristling with surveillance apparati, currently hoovering up $80 billion every year. And that estimate is likely on the low end, as these agencies have another, entirely-opaque budget to utilize on top of this. The other low estimate at work here is McClatchy's guess at the number of former agency employees currently working for the intelligence oversight committees. It's not always easy to sniff out the origins of staffers, especially if they've possibly spent some time engaged in clandestine activities. McClatchy’s analysis determined the staffers’ backgrounds based on searches of LinkedIn profiles, congressional records, executive profiles and in a handful of cases, press reports, obituaries or personal interviews in which the former or current committee staff members publicly acknowledged their own intelligence background. In dozens of cases, McClatchy could not determine whether a given staff member had worked in intelligence. Some have left almost no trace on the internet, itself perhaps a telling sign of a sensitive prior professional life. According to staffers who spoke to McClatchy, the one-third estimate is way, way off. One said "all but a couple" of staffers he worked with came from intelligence agencies. Others estimated IC oversight market saturation to be 50-75%. Obviously, a dearth of intelligence experience would be less than useful for oversight committees. Experience is extremely useful but in cases where oversight is already severely lacking, stuffing the roster with IC picks is guaranteed to result in the sort of non-oversight we've become accustomed to. Not only are staffers likely to advise against additional accountability and lobby against reform efforts, they're also likely to know how to ensure any reform efforts are shot full of exploitable holes by the time they hit the president's desk. And there's no good way of fixing this that won't leave other government committees tied up in policies that prevent them from hiring anyone with subject matter expertise. Pretty much the only thing that can be done is sitting back and marveling at the breadth of the intelligence community's regulatory capture. Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
The Massachusetts Supreme Court has reaffirmed the fact that students (and other people on school campuses) don't have location-based Constitutional rights. A pat-frisk of a nonstudent by a police officer on a school's campus resulted in the warrantless search of his backpack and the discovery of marijuana, a scale, and a handgun. All of these items may as well have never existed at all, thanks to the officer having zero reasonable suspicion to perform the frisk, much less the probable cause to search the backpack. Police investigating a suspicious person in a school must have evidence the person committed a crime before they can conduct a pat-frisk, and must have a warrant before searching a backpack for firearms, the state’s highest court ruled Tuesday. The issue split the Supreme Judicial Court, 5 to 2, with now-retired Justice Geraldine S. Hines, a former defense attorney, writing for the majority that the right to privacy under both the state and federal constitutions is undiminished in a school setting, even when it comes to people who are not students. “We do not underestimate the threat of violence in schools and other public places. Recent history bears out the folly of doing so,’’ Hines wrote. But “nothing in the Fourth Amendment or our [Article 14 of the state Constitution] jurisprudence supports such limitations on a person’s reasonable expectation of privacy.” The decision [PDF] details the events leading to the unconstitutional search. Basically, school officials detained a nonstudent, acting on their hunches, which they conveyed to the officer. The officer - who had no contact with the subject before being placed in the same room as him -- proceeded to frisk him and search his bag. We acknowledge that the defendant, a nonstudent, was on school property surrounded by school officials who believed he possessed contraband of some sort. When Murphy arrived, however, she knew only that school officials had a male nonstudent detained in the conference room and that the police had been called for assistance in the matter. See Commonwealth v. Mendez, 476 Mass. 512, 515 (2017). The principal voiced his strong suspicions of the defendant, but neither he nor the vice-principal reported any conduct suggestive of criminal activity. The odor of marijuana, which Murphy appreciated upon her entry into the conference room, also was not sufficient to support reasonable suspicion of criminal activity. The court notes Fourth Amendment protections are lowered when students are detained and searched by school officials. But the same standards that apply off school grounds apply to law enforcement officers searching students/nonstudents on school grounds. The court also points out the smell of marijuana indicates nothing about whether or not a person is armed, thus eliminating warrant exceptions arising from officer safety. The principal's unsubstantiated hunch that the defendant "had something on him," alone, was insufficient for a reasonable belief that the defendant was armed and dangerous, especially where the principal had invited the defendant to return to the school, the defendant had already emptied his pockets at the principal's direction, and the reasonable inference was that the principal believed that the defendant had marijuana or some other controlled substance on his person based on the strong odor of marijuana present in the room. In conclusion, hunches from non-law enforcement personnel can't morph into probable cause for a search just because they've been relayed to an officer. Moreover, the principal's hunch combined with Murphy's observations of the defendant's nervousness and Murphy's testimony that both the principal and the vice-principal appeared to be "rattled" still did not establish a reasonable belief that the defendant was armed and dangerous where the defendant was compliant and did not make any furtive gestures or reach into his pockets in a manner that would suggest that he was carrying a weapon. What this decision does is remind school police officers the Fourth Amendment is still a viable thing, even on school campuses. Fortunately, the department whose officer performed the illegal search appears to be supportive of the Supreme Judicial Court's findings Milton Police Chief John E. King credited his officers and school officials for “acting in the best interest of students and staff safety. They had to make a quick decision based on facts known to them at the time.” He said in an e-mail that their instincts turned out to be correct “as this individual did in fact possess alcohol, drugs, and a loaded firearm inside a school building.” But he also said he recognized “that the end does not justify the means. I fully respect the legal process and the SJC’s decision.” The Commonwealth can still attempt to obtain a conviction. But it won't be able to use the evidence it obtained unconstitutionally. Considering that's pretty much all of it, the decision to bypass the Fourth Amendment has effectively allowed a nonstudent to walk onto campus with a handgun and drugs and get away with it. The court recognizes schools have a compelling interest in providing safe campuses, but if they're going to bring outside help in to police the school, many of the outside rules will apply. Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
If the ongoing battle between copyright infringers and copyright holders could be described in any simple term, that term would have to be whac-a-mole. Since the early days of piracy on the internet, the copyright industries have used their legal mallets to smack down any site or service whose head managed to rise out of obscurity. Napster was pushed into irrelevance, as were other similar apps. Then websites that hosted infringing files were slammed. At present, we are in the midst of a crackdown on torrent sites, with the copyright industries blaming them for widespread infringement. However, those who are dedicated to sharing content illicitly are indeed dedicated. And so the game will continue into avenues of piracy that are fairly creative. As crackdown on torrent sites continues around the world, people who are pirating TV shows and movies are having to get a little more creative. Cloud storage services such as Google Drive, Dropbox, and Kim Dotcom's Mega are some of the popular ones that are being used to distribute copyrighted content, according to DMCA takedown requests reviewed by Gadgets 360. Google Drive seems most popular among such users, with nearly five thousand DMCA takedown requests filed by Hollywood studios and other copyright holders just last month. Each DMCA requests had listed a few hundred Google Drive links that the content owners wanted pulled. But what's notable about many of these DMCA takedown requests is that they target Google Drive links that don't actually host any content themselves, but instead have embedded YouTube videos within them. YouTube has long been accused of hosting copyright infringing content, but few people consider it a serious vector for pirating movies or television shows. That's because YouTube cracks down on piracy itself, and it is easily searchable, meaning that copyright holders can find their content and send takedown requests. Most infringing content is taken down quickly because of this, so what would be the point of these embedded videos? It turns out that the pirates found a simple workaround - the videos are simply uploaded as unlisted, so they don't turn up in search results. The links to these videos are then shared as Google Drive links through discussion forums and other channels so it's difficult for the content owners to find the videos and get them taken down. Popular video sites YouTube, Vimeo, and Dailymotion are also being abused by distributing and hosting illicit content, DMCA takedown requests reveal, but the volume of such requests again implies that they are not being as widely used. Some pirates, getting creative, also turned to another streaming venue which is not used as widely - porn sites. For example, last year, news outlets reported an instance where all the songs of Kanye West's The Life of Pablo album were uploaded as a video to the popular website PornHub. You can still find a number of movies on the site, and oddly enough, also things like game trailers and music videos that could safely be posted on other sites as well. While nobody would want to cheer this sort of infringement on, there is a certain aspect of creativity to it. That creativity nicely demonstrates the axiom: the internet is designed to route around obstructions. So too, it seems, are the communities dedicated to sharing copyrighted content. It seems that this war on piracy is whac-a-mole by nature, but it's actually worse than that. What if the moles were hydras and every time you hit one on the head, two or more heads sprouted out as a result? Because it should be noted that the above strategy using Google Drive and YouTube to distribute infringing content isn't the only creative strategy that's sprouted out of the crackdown on torrent sites. The most unusual service that is being abused for distributing content that we came across is My Maps. It's a feature Google introduced in 2007 to enable users to create custom maps. Anyone can visit the My Maps website, and create a custom map by pointing to a location on the map, adding a title, and filling up a description box. Google doesn't verify what kind of information users are sharing in description, so you can again easily share links to unlisted YouTube streams, or Google Drive files to download. What this means is that people can then share locations on maps, which lead to the pirated movies. While Google's services are only the most abused of many for this sort of thing, you can already hear the content industries warming up their voices to sing a tune of how Evil Google is the pirate's tool of choice for copyright infringement. It's worth noting that all of this, however, has emerged despite Google's efforts at complying with copyright laws. It's also emerged as a result of this ongoing arms race waged primarily by the content industries, who could have expended this effort in figuring out new business models on which to make money from their content. Instead, we can mark time in the modern era by what the "piracy threat vector" du jour is. It seems tomorrow it may become Google Drive. Or My Maps. More years on it will be something we haven't even thought of yet. Them moles keep coming, after all. Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
Because ageism is allegedly rampant in Hollywood, California legislators have decided to address the problem head on not at all. Instead of enforcing on-the-books laws against employment discrimination, the legislature -- backed by the Screen Actors Guild -- has decided some of the First Amendment has to go. It has crafted a new law to fight ageism in Hollywood studios… by targeting a popular movie database. In California, A + B = WTF. The law -- currently blocked by an injunction -- forbids third-party sites with paid subscribers from publishing certain facts about actors and actresses. The only fact at issue is their age. And, despite lawmakers pretending the stupid, unconstitutional law targets a variety of websites, it's really only having an effect on one: IMDb. This failure of a law stems from a failure of a lawsuit brought by actress Junie Hoang, who blamed her lack of starring roles on IMDb publishing her real age. She wanted $1 million in damages, apparently expecting IMDb to subsidize her next 500 years of denied acting opportunities. (Discovery during the suit revealed Hoang made less than $2000/year from acting.) The Fail Train rolls on with the Screen Actors Guild offering its full-throated approval of First Amendment limitations, as Elizabeth Nolan Brown reports. In its own motion, SAG-AFTRA complained that IMDB "contends it has an absolute First Amendment right to disseminate the ages of everyone in Hollywood, consequences be damned, and no matter how much or little value such expression has in the marketplace of ideas." But "so long as the communication of the age of persons in the entertainment industry writ large facilitates illegal age discrimination, such expression may be regulated consistent with the First Amendment even though specific communications might not be discriminatory." Note that the Actors Guild doesn't claim that IMDb publishes age information that's false, nor that it publishes true information obtained in an illegal manner. Rather SAG-AFTRA asserts that IMDb somehow has a legal responsibility to help actors obtain work by concealing their ages; that the state has the ability to judge what kinds of content have "value" in the "marketplace of ideas"; and that information of "little value" can be banned. The motion is filled with terrible arguments. But considering its conceit, where else could it go? When you start with the premise the best fix for ageism at movie studios is targeting a third-party website, there's really no room for logic or coherent arguments. Add to that the fact that actors are actively calling for free speech restrictions, and you've got an elliptical mess on your hands -- one that makes the argument the state can be trusted to determine what speech has "value." SAG's opening salvo names and shames the real parties responsible for ageism… Plaintiff's website publishes everyone's age regardless of whether it is relevant to any public issue at all, and does so without any comment or context. This is not an invitation to public debate. Rather, it is an open invitation for casting directors to engage in illegally discriminatory conduct… ...before moving on to spend the rest of the brief arguing that its IMDb's fault casting directors engage in illegal discriminatory conduct. As set forth in the Declaration of Marilyn Szatmary filed concurrently herewith, there is massive age discrimination in the entertainment industry and IMDb.com facilitates that discrimination as the go-to website for casting decisions. Publishing ages doesn't "facilitate discrimination." Nothing forces studios to participate in discriminatory hiring practices… at least nothing outside the studios themselves. Other sites without paid subscribers are still free to publish actors' ages. At least with IMDb, paid subscribers can ask to have this information removed. Other sites not targeted by this legislation (which, in reality, is every other site but IMDb) have no obligation to remove factual information from their sites. The brief does nothing to convince anyone the law is Constitutional. All it does is make it clear SAG would rather bite the hand that feeds info to studios than the hand that feeds its members acting jobs. It's bad legislation lawmakers allowed themselves to be talked into and it should be struck down permanently by the time this is all said and done. SAG's support for the blocked bill is intellectually dishonest. The problem lies in the studios, not outside websites, no matter how much studios may rely on IMDb to do its hiring homework for them. Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
Get a detailed introduction to DevOps with the $40 Complete DevOps & Deployment Technologies Bundle. The 7 courses will cover Vagrant, an open-source product lets you build and maintain portable, cost-effective virtual development environments for developing your project, Chef, a collection of configuration management tools, Ansible, an IT automation program, and Jenkins, an automation server that can help with continuous integrating. You'll also learn about Docker, GitHub and NGINX. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team. Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
Oh, Charles Harder. Fresh off losing the lawsuit he filed against us on behalf of Shiva Ayyadurai, lawyer Charles Harder is right back at it. The NY Post was the first to report that Harder has filed a lawsuit in New York state court against Gizmodo Media Group and two of its employees: Anna Merlan and Emma Carmichael. Gizmodo Media Group is basically what used to be Gawker. After Harder sued Gawker into bankruptcy and Univision bought many of Gawker's assets, it put them into a new entity called GMG. Obviously, we have some opinions concerning Harder and his increasingly long list of lawsuits against media properties -- so feel free to take our analysis with however many grains of salt are necessary -- but this appears to be a pretty clear SLAPP suit designed to create more chilling effects on free speech. There are many, many reasons why this lawsuit is almost certainly a total and complete dud. But, that doesn't mean it won't be costly and annoying for GMG (even with Univision's help) and the two named individual defendants. The lawsuit is a response to an article on the site Jezebel entitled Inside Superstar Machine, Which Ex-Members Say Is a Cult Preying on New York’s Creative Women. The lawsuit is filed on behalf of Greg Scherick and his company "International Scherick" -- which is also called "Superstar Machine." You can read the article, written by Merlan, which details claims by multiple young women about how they were a part of an organization of sorts, run by Scherick, that was part motivational group and part... something else. Multiple women are quoted using the word "cult." Here's one clip, quoting a woman named "Rose": “It seemed scary. Like something that somebody who doesn’t have a degree or an ability to diagnose people should be doing to someone. And I really wanted her out, too. I freaked out and called her boyfriend and was like, ‘We’re in a cult. You need to get [her] out.’ And she called me and screamed at me and told me I was never allowed to call her boyfriend.” The article is detailed, and has many sources. The actual lawsuit doesn't seem to have much of a chance for a whole host of reasons. Many of the statements appear to be statements of opinion. Things like using the word "cult" have been held in other cases not to be defamatory. Not only that, but for the most part, the article was quoting others giving their opinions on International Scherick and "Superstar Machine." There are some other problems with the lawsuit as well. It claims that the article was published by GMG on September 10, 2016. This is important, because New York has a one year statute of limitations on defamation. But... what's the date on the article? Why yes, you're right. It says May 10th. That's past the statute of limitations. What Harder is trying to argue is that when Univision took over Jezebel following the purchase of Gawker's assets, it "republished" the item. September 10th, 2016 was day that the deal apparently became official. Except... that's not how this works at all. New York, like many states, has a "single publication rule" which says that the statute of limitations is from the original publication. There are some narrow exceptions where "republication" can restart the clock, but changing owners doesn't appear to be one. Some other oddities in the lawsuit: despite claiming that Scherick was a bigtime "life coach" who nicknamed himself "International" and runs an organization called "Superstar Machine," Harder tries to argue that Scherick is not a public figure, and therefore a lower standard of defamation should apply. Separately, as we've seen in other Harder lawsuits, the complaint tries to smear the reporter and the editor -- repeatedly focusing on (for example) comments made by the editor Emma Carmichael in the Hulk Hogan case against Gawker (again, where Harder represented Hogan). Eric Turkewitz, a NY-based lawyer we've quoted before, calls the complaint "odd" and points out that the only way he sees that Harder can win the overall case is if Harder/Scherick can prove the quotes in the article (listed in paragraph 27 of the complaint) were fabricated. And that's only if they can actually make the "republication" claim stick. But, again, as we know all too well, sometimes the point of these sorts of defamation lawsuits appears to be more about creating a chilling effect for reporters and dragging them through the legal system. And, once again, this is why it's absolutely crazy that New York still has a very weak anti-SLAPP law. It's the media capital of the world, and it's incredible that the state has failed to update its anti-SLAPP laws to prevent these sorts of lawsuits. Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
Back in 2015, the FCC raised the standard definition of broadband from 4 Mbps down, 1 Mbps up, to an arguably-more-modern 25 Mbps down, 4 Mbps up. Of course the uncompetitive broadband industry (and the lawmakers who adore them) subsequently threw a collective hissy fit about the change, because they realized a higher bar would only highlight their failure to deliver next-generation broadband to vast swaths of America. And highlight it did: by this new metric, two-thirds of the country lack access to what's technically broadband from more than one ISP. We've explored repeatedly how this is due to a refusal by the nation's telcos to upgrade lagging DSL connections, leaving cable companies with a growing broadband monopoly across huge swaths of the country. With this reduction in competition comes a growing apathy to customer service, as well as the ability to impose new unnecessary and arbitrary usage caps (read: price hikes) without any competitive reaction by the broken market. Normally, this is where regulators would step in with policies aimed at shoring up this lack of competition. Under the Telecommunications Act, the FCC is required by law to track broadband deployment and competition and -- if things aren't up to snuff -- the agency is mandated to "take immediate action to accelerate deployment of such capability by removing barriers to infrastructure investment and by promoting competition in the telecommunications market." But if you fiddle with how precisely broadband penetration and competition is measured, you can avoid having to admit there's a problem, or do anything about it. With industry-ally Ajit Pai now in charge of the FCC, the telecom industry has been lobbying to weaken the standard definition of broadband to help mask the sector's shortcomings. As if on demand, a new FCC proposal would lower the definition of broadband by declaring a region covered if it has access to wireless data connections at speeds of 10 Mbps. The goal: lower the goalposts for the express benefit of lazy telecom duopolies. Duopolies that talk a good game about "closing the digital divide," but refuse to upgrade their networks -- and that write and lobby for protectionist state laws preventing anybody else from doing so either. Of course the FCC isn't framing their decision as the industry-coddling myopia it is, instead declaring this a "modernization" of FCC policy, in some instances fooling media outlets into thinking this is about "reclassying wireless broadband for some noble policy purpose. But a handful of Senators this week criticized the FCC's new plan, highlighting correctly how lowering the broadband deployment bar to ankle height is a disservice to those waiting for, or trying to deploy, better broadband: "At this time, such a striking change in policy would significantly and disproportionately disadvantage Americans in rural, tribal, and low-income communities across the nation, whose livelihoods depend on a reliable and affordable broadband connection... In reading this notice of inquiry, it appears that the FCC, by declaring mobile service of 10Mbps download/1Mbps upload speeds sufficient, could conclude that Americans' broadband needs are being met—when in fact they are not. By redefining what it means to have access, the FCC could abandon further efforts to connect Americans, as under this definition, its statutory requirement would be fulfilled." AT&T, Verizon and the current FCC will tell you that mobile broadband is a perfect substitution for quality fixed-line broadband. And while that might be true by 2030 or so, that's certainly not the case now. Wireless networks certainly can offer comparable speeds to lower-end fixed-line connections, but traditionally at much higher prices -- and often with notable restrictions on usage (more so with the looming death of net neutrality). So these Senators are also right in highlighting how wireless is far from being a suitable-replacement for fixed-line connectivity: "We believe that mobile broadband service cannot adequately support the same functions as does fixed service currently and, therefore, cannot be a substitute at this time. A small business owner who wants to begin a new venture today would not be adequately supported by mobile-only service. Should the decision to change current policy be made with the technology currently available, it would signal a strong departure from the Commission's mission, while also implying that certain consumers must accept lower-quality connectivity." Unfortunately, like net neutrality, the quest for the basest of standards will somehow be framed as a "partisan" debate, causing many to lose the plot. And pandering to the Comcast status quo will be framed as some sort of heroic pledge to phony free market ideals none of the regulators or companies backing this effort actually believe in. But lowering the bar to obfuscate the fact U.S. broadband is an uncompetitive market rife with regulatory capture (especially on the state level) isn't some panacea, it's the kind of weak-kneed regulatory apathy that gave us the customer-service abomination we call Comcast in the first place. Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
At long last, Uganda's anti-porn "machine" has arrived. As The Next Web notes, the country's government placed an order for a porn-blocking machine last year, following on the heels of yet another anti-porn law. A company in South Korea has helpfully cobbled this together and presumably the Ugandan government will be deploying it shortly. How does it work? No one knows for sure, possibly not even those in the government who spent $88,000 for it. TechZim has a theory. The machine will detect pornographic pictures, videos or graphics taken or saved on phones, computers or cameras. Quite the super machine it seems. The minister did not however give details of exactly how the machine works, which makes sense as the machine will probably work better if people do not know exactly how and what it looks for. How does the pornography detection machine work though? This machine is not the first attempt at detecting porn on devices. There are several products already available, the Paraben Porn Detection Stick being an example. The Stick uses advanced image analysing algorithms to identify facial features, flesh tones and body parts that are potentially pornographic among other things. The Stick actually works to a certain extent. It errs on the side of over-zealousness as it flags normal photos as pornographic more frequently than the opposite. The Stick however only scans for images and not videos which are harder to scan. Uganda’s machine does both, which it should at $88,000 because the Paraben Porn Detection Stick costs around $129. Why does it even exist? Well, one reason a porn-detecting machine might be put in place is to generate revenue, turning easy busts of easy bust-oglers into easy cash. Users caught looking at porn face steep fines (up to $3,000) and imprisonment. Another revenue stream would be helpful since the country's government is pretty much insolvent, even before shelling out $88,000 for a machine that might not actually do what the government thinks it will. But it's not just about the revenue. There are other issues at play. On the surface, making porn illegal makes fiscal sense, thanks to the nation's cellphone users being tied to their SIM cards via government mandate. Other devices will remain relatively unsurveilled, but it's assumed the government's anti-porn committee will be pushing the nation's internet service providers to route their traffic through its anti-porn machine. Rev. Fr. Simon Rokodo heads the government's ethics committee and has offered up an explanation of sorts for the technology's existence and deployment -- one that sounds like a statement from the Westboro Baptist Church. We are going to attack and attack. I have fresh tactics. One of them is a censor gadget or machine. We are going to procure this machine and it will detect homos and porn actors, especially those misusing applications like Whatsapp with sex acts. The South Koreans are programming it. And very soon we will ship it into the country and all the evil will be busted. This is a very cheery prognosis for a machine likely to develop a false positive problem, if it isn't defeated by quick and dirty workarounds immediately after deployment. And try as he might, Rokodo's anti-XXX-box isn't going to stand in the way of encrypted messages. Of course, the endgame might include banning encrypted messaging services and letting some form of deep packet inspection loose citizens' communications under the guise of running a superficially-clean country. But once the government has become the censorious man-in-the-middle, all sorts of nasty things can happen. Criticism of the government might suddenly vanish along with the critics. Other entertainment sources not directly approved by the Rev might become inaccessible. Dissidents, journalists, and others with prior reason to fear their government might have their communications exposed. This may be the real endgame, with porn being the wedge. iAfrikan notes the machine reportedly traces VPN and Tor connections, which would allow it to block access to those seeking to keep their internet activity out of the government's hands. Local reactions have ranged from outrage to ridicule with a few puritanical supporters speaking up for the government's plan to intercede on their behalf by making moral judgments calls for the entirety of the nation. Whatever it is Uganda is actually putting in place isn't just about porn. It's about government control of communications and access to information. It may be wearing a borrowed halo at the moment, but it's only a matter of time before mission creep sets in. Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
Utah and Idaho -- two states with more in common than a border -- have been enforcing First Amendment-trampling liquor laws preventing adults viewing certain films from enjoying adult beverages while doing so. I'm not talking about porn theaters, although the use of the word "adult" certainly leads the mind in that direction. No, I'm talking about regular, old-fashioned R-rated films no one really has much objection to adults viewing, even those who often object to adults viewing films rated X and up. In a clear waste of public funds and law enforcement resources, officers are sneaking off to R-rated films at movie houses serving alcohol in hopes of catching them engaged in double-devilry. The movie houses have been fighting back, noting (in lawsuit form) the enforced laws are unconstitutional and inconsistently enforced. Theaters in Utah and Idaho could expect visits from undercover prudes for films like "50 Shades of Grey" and, apparently, "Deadpool." Theaters in both states sued their respective state alcohol boards. Brewvies -- the theater suing the state of Utah -- has been handed a win. Elizabeth Nolan Brown reports on the federal court's decision in the delightfully-titled article "First Amendment Protects Cinema's Right to Show Unicorn Masturbation Scene While Serving Alcohol, Says Judge." A Utah movie theater that dared to serve alcohol during a sexually explicit movie has won its legal battle against the state's Department of Alcoholic Beverage Control (DABC). "The State has violated the First Amendment by bringing an administrative enforcement action against a mainstream motion picture theater showing an R-rated movie," U.S. District Judge David Nuffer wrote for the court Thursday. The decision [PDF] details a lot of the backstory, which includes state officials singling out Brewvies to score cheap wins for the state alcohol board. It also shows the state, after harassing Brewvies multiple times, suggesting it could preview all movies before showing (the court calls this "untenable"), alter the movies it shows to edit out "obscene" content (forbidden by contracts with motion picture studios), or just stop serving alcohol (lose a great deal of its profits). It also shows an attorney at the state's attorney's office was the source of the sole complaint against Brewvies' showing of Deadpool -- the end result of which was even more harassment of the theater and, consequently, this lawsuit. Between February 12, 2016, and March 24, 2016, Brewvies showed the movie Deadpool on one of its screens. A friend of Sheila Page, the attorney at the Attorney General’s Office who represents the DABC in enforcement proceedings, mentioned to Ms. Page that Brewvies was showing Deadpool. Once Ms. Page received the information from her friend, she sent an email to Defendant Margaret Hardie, who has been the DABC Compliance Officer assigned to Brewvies since 2014. In her email to Ms. Hardie, dated February 22, 2016, Ms. Page wrote: “I hate to bring this up, but it is just too blatant to ignore. Brewvies is showing Deadpool. The reviews describe explicit sex scenes and male and female frontal nudity. I know some people who have seen it, and they confirm that it is very raunchy amid the bloody violence. Perhaps you should refer it to [the State Bureau of Investigation].” That email, which was the only complaint received by the DABC about Brewvies showing Deadpool, triggered a referral to the State Bureau of Investigation. Undercover officers were sent to "investigate." It would have been cheaper to keep them home. All three had already seen the movie, one of them multiple times. But their attendance generated an inadvertently-hilarious report on all the naughtiness contained in Deadpool... and gave Brown's article its unforgettable title. Officer Bullock’s report describes certain scenes of the movie in terms of the prohibitions of Subsection 7. For instance, he states that the male and female characters were “shown numerous times engaging in acts or simulated acts of sexual intercourse” and that the male character “is shown on his back under bed sheets briefly engaged in masturbation or simulated masturbation using a stuffed unicorn toy.” He also describes a scene where the woman was wearing a leather bikini, with an imagined strap-on penis “that isn’t shown,” and “has her groin area pressed against the man’s posterior,” and she tells him to relax as he is sweating and grimacing. She then bends down and says, “Happy Women’s Rights Day” during what Officer Bullock calls “the sodomy or simulated sodomy scene.” Officer Bullock also says that during one sex scene, the male character fondled the woman’s bare breasts and, finally, during the credits, Officer Bullock describes “a drawing of the main character (male) . . . ‘as he rides on the back of a unicorn, he rubs its horn briefly until the horn shoots out rainbows (simulating orgasm).” Officer Bullock (along with Officer Cannon -- Utah's pro prudes seem to have the porniest of surnames…) presented their "findings" and the state went to work getting itself sued. In the end, it's the state hearing a judge whisper "It's First Amendment Day every day!" in its ear as it drives its point home. The State offered only one governmental interest in support of Section 7’s restrictions: avoiding potential negative secondary effects from combining sexually explicit images with alcohol. Though this may be a compelling governmental interest, Section 7 is not the least restrictive means for accomplishing it. Section 7 is overinclusive. A statute is overinclusive, and thus facially invalid, if there is a showing that the “law punishes a substantial amount of protected free speech, judged in relation to the statute’s plainly legitimate sweep.” If the statute is found to be overinclusive it will “invalidate all enforcement of that law, until and unless a limiting construction or partial invalidation so narrows it as to remove the seeming threat or deterrence to constitutionally protected expression.” Section 7 is overinclusive because it captures mainstream content. The court continues, pointing out how the state's alcohol regulations serve to unconstitutionally regulate speech, a definite forbidden (government) act. Section 7 reaches “many films that are far removed from what is colloquially termed ‘hard core,’ or even ‘soft core,’ pornography.” The State admits this. It makes no contention that Deadpool is pornography. The State only argues that by analogy short portions of Deadpool are like the films typically found in an adult theater. Unlike the statute in Baby Dolls Topless Saloons, no language limits Section 7’s application to those businesses that are characterized by regularly showing sexually explicit material, who make that their essential nature. The State has violated the First Amendment by bringing an administrative enforcement action against a mainstream motion picture theater showing an R-rated movie. That demonstrates the breadth of Section 7’s reach. Section 7’s restrictions impose unacceptable limitations on speech that the State admits should be accorded full First Amendment protection. State booze regulators will have to go back to the drawing board. The statute needs to be severely narrowed before it can be considered constitutional. Undercover officers Bullock and Cannon will have to start watching R-rated movies on their own time, on their own dime, and presumably without a notebook in one hand and a hard on for free speech oppression in the other. Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
Good news, citizens. The police are here to tell you who the real journalists are. Sheboygan's Police Chief, Chris Domagalski, corrects errors in a story circulating on social media this week, accusing his department of withholding information from the community. The story involved the arrest of a Sheboygan man facing several felony drug charges, resisting arrest, and biting an officer at Erie and North 14th Street. [...] Domagalski, armed with facts, and the law, spoke out about the accusations, encouraging the community to be very careful about where they get their news - saying "Because you have a website and a facebook page, does not make you a journalist. When you engage in repeated unethical conduct, your character is revealed, and people should weigh that in their decision about whether they rely on you for news." This is true… partly. A website and a Facebook page does not automatically make someone a journalist. But having only a website and a Facebook page does not disqualify someone from being a journalist. There are plenty of journalists out there who've never written anything on a printed page. There are plenty of people committing journalism without ever intending to, and a lot of that revolves around requesting public records. The journalist, who Chief Domagalski says isn't one, wrote an article about this arrest, suggesting the refusal to turn over recordings of the arrest was a sign of more widespread misconduct within the force. There's not enough information out there to state definitively which side of the story is more credible. It must be noted there's no love shown for the unnamed "non-journalist" in this article's comment thread, suggesting someone who has aimed for muckraker but settled for constant annoyance. Unfortunately, the writer for WHBL Radio seems inclined to consider only those who show tons of deference to police officials to be real journalists. Those that question the actions and motives of government entities are nothing more than non-journalist interlopers. Some of that sentiment can be picked up in the first sentence of the second quoted paragraph: Domagalski, armed with facts, and the law… That's some credible stenography right there. Then again, someone without even a Facebook page or a website could have transcribed Domagalski's statement without pausing to infer the chief was wholly in the right. There's more, though. The Sheboygan Police Department has a number of different ways to communicate factual, verified information to the public, including services like Nixle, which will push information out as text messages or email, AND a service powered by LexisNexis, which provides real-time mapping of police calls within the city.    They also maintain a social media presence on facebook and twitter, and communicate regularly with credible journalists in Sheboygan, who can accurately communicate important information about the community with the public. Apparently, people employed by WHBL will also be determining who is or isn't a "credible journalist." Defined in these surrounding terms, it will be those who publish whatever the PD provides, even if it appears to contradict what has been captured on video or gleaned from public records. I prefer my journalists to show distance, rather than deference, when covering controversial incidents involving public servants. And I don't give a damn if the journalists I read have nothing more than a Wordpress blog and a Muckrock account. What I find less than credible is coverage of police press conferences that read like low-key fan fiction -- especially ones that idolize authority figures while trotting out self-congratulatory prose. The police chief is implying he prefers deference in his journalists, and WHBL is only too happy to comply. Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
We've long talked about the problems that come along with government mandating ISPs to act as copyright police by blocking so-called "pirate" websites. The issues with these attempts are many, ranging from their muted impact on piracy to concerns over just how a website is deemed to be a "pirate" website to the inevitable collateral damage sustained by non-infringing sites. With the last of those, you can pretty much set your watch to the stories of innocent sites being caught up in this sort of censorship. Still, the breadth of this particular problem likely escapes many people. To get a handle on the sort of scope we're talking about, we can take a look at Russia. In response to international accusations of the government being lax on matters of copyright infringement, Russia enacted legislation in 2013 that tasked ISPs and hosting providers with blocking pirate websites. It's been nearly half a decade, so let's check in and see what sort of impact that legislation has had. More than four years on, Russia is still grappling with a huge piracy problem that refuses to go away. It has been blocking thousands of sites at a steady rate, including RuTracker, the country's largest torrent platform, but still the problem persists. Now, a new report produced by Roskomsvoboda, the Center for the Protection of Digital Rights, and the Pirate Party of Russia, reveals a system that has not only failed to reach its stated aims but is also having a negative effect on the broader Internet. According to that study, the numbers come out to roughly 4,000 sites blocked that are the actual sort of website the Russian government meant to target and 41,000 sites that are essentially purely collateral damage. The reason for this is that the nature of the legal proceedings in these sorts of cases is such that the actual site operators basically never show up in court. Instead, the ISPs and hosting providers do, and are then ordered to block these pirate sites by IP addresses, among other methods. These IP addresses can be shared, however, meaning that any third party sharing an IP address with the target of a block order from the courts are caught up and likewise censored. Due to the legal requirement to block sites by both IP address and other means, third-party sites with shared IP addresses get caught up as collateral damage. The report states that more than 41,000 innocent sites have been blocked as the result of supposedly targeted court orders. But with collateral damage mounting, the main issue as far as copyright holders are concerned is whether piracy is decreasing as a result. The report draws few conclusions on that front but notes that blocks are a blunt instrument. While they may succeed in stopping some people from accessing ‘pirate’ domains, the underlying infringement carries on regardless. “Blocks create restrictions only for Internet users who are denied access to sites, but do not lead to the removal of illegal information or prevent intellectual property violations,” the researchers add. So, the blunt instrument of censorship has been fairly bad at stopping copyright infringement, it's stated goal, but quite good at censoring innocent sites at a factor of ten to one compared with the actual targets of the censoring. That's the kind of failure that's so bad it's impressive. One would think the Russian government would be looking to overhaul the legislation and censorship program to start driving these numbers back into the realm of reason. But this is Russia we're talking about, so instead the country is ramping up its censorship efforts, with requirements for search results to omit "pirate" sites and by criminalizing VPNs. It's enough that you start to wonder just how many websites the average Russian citizen will be able to access at all before long. Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
We've long talked about the problems that come along with government mandating ISPs to act as copyright police by blocking so-called "pirate" websites. The issues with these attempts are many, ranging from their muted impact on piracy to concerns over just how a website is deemed to be a "pirate" website to the inevitable collateral damage sustained by non-infringing sites. With the last of those, you can pretty much set your watch to the stories of innocent sites being caught up in this sort of censorship. Still, the breadth of this particular problem likely escapes many people. To get a handle on the sort of scope we're talking about, we can take a look at Russia. In response to international accusations of the government being lax on matters of copyright infringement, Russia enacted legislation in 2013 that tasked ISPs and hosting providers with blocking pirate websites. It's been nearly half a decade, so let's check in and see what sort of impact that legislation has had. More than four years on, Russia is still grappling with a huge piracy problem that refuses to go away. It has been blocking thousands of sites at a steady rate, including RuTracker, the country's largest torrent platform, but still the problem persists. Now, a new report produced by Roskomsvoboda, the Center for the Protection of Digital Rights, and the Pirate Party of Russia, reveals a system that has not only failed to reach its stated aims but is also having a negative effect on the broader Internet. According to that study, the numbers come out to roughly 4,000 sites blocked that are the actual sort of website the Russian government meant to target and 41,000 sites that are essentially purely collateral damage. The reason for this is that the nature of the legal proceedings in these sorts of cases is such that the actual site operators basically never show up in court. Instead, the ISPs and hosting providers do, and are then ordered to block these pirate sites by IP addresses, among other methods. These IP addresses can be shared, however, meaning that any third party sharing an IP address with the target of a block order from the courts are caught up and likewise censored. Due to the legal requirement to block sites by both IP address and other means, third-party sites with shared IP addresses get caught up as collateral damage. The report states that more than 41,000 innocent sites have been blocked as the result of supposedly targeted court orders. But with collateral damage mounting, the main issue as far as copyright holders are concerned is whether piracy is decreasing as a result. The report draws few conclusions on that front but notes that blocks are a blunt instrument. While they may succeed in stopping some people from accessing ‘pirate’ domains, the underlying infringement carries on regardless. “Blocks create restrictions only for Internet users who are denied access to sites, but do not lead to the removal of illegal information or prevent intellectual property violations,” the researchers add. So, the blunt instrument of censorship has been fairly bad at stopping copyright infringement, it's stated goal, but quite good at censoring innocent sites at a factor of ten to one compared with the actual targets of the censoring. That's the kind of failure that's so bad it's impressive. One would think the Russian government would be looking to overhaul the legislation and censorship program to start driving these numbers back into the realm of reason. But this is Russia we're talking about, so instead the country is ramping up its censorship efforts, with requirements for search results to omit "pirate" sites and by criminalizing VPNs. It's enough that you start to wonder just how many websites the average Russian citizen will be able to access at all before long. Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
You might recall that back in 2015, Lenovo was busted for installing a nasty bit of snoopware made by a company named Superfish on select models of the company's Thinkpad laptops. Superfish's VisualDiscovery wasn't just annoying adware however; it was so poorly designed that it effectively made all of Lenovo's customers vulnerable to HTTPS man-in-the-middle attacks that were relatively trivial for an attacker to carry out. More specifically, it installed a self-signed root HTTPS certificate that could intercept encrypted traffic for every website a user visits -- one that falsely represented itself as the official website certificate. That's hugely problematic for what should be obvious reasons, but Lenovo doubled down on dumb by issuing a statement initially claiming it didn't see what all the fuss was about and that it was just trying to "improve the shopping experience": "We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns." Security researchers didn't agree. Neither, apparently, did the FTC, which this week gave Lenovo what amounts to a stern talking to after the company settled allegations it had turned a blind eye to customer security concerns: "Lenovo compromised consumers’ privacy when it preloaded software that could access consumers’ sensitive information without adequate notice or consent to its use,” said Acting FTC Chairman Maureen K. Ohlhausen. “This conduct is even more serious because the software compromised online security protections that consumers rely on.” The full FTC complaint (pdf) against Lenovo makes it clear the Superfish adware used the same bunk security certificate for every user of the stealthware -- every time it covertly interupted secure traffic. And, of course, the complaint notes that Lenovo really couldn't be bothered to explain how any of this was happening to the company's customers: "Respondent did not make any disclosures about VisualDiscovery to consumers prior to purchase. It did not disclose the name of the program; the fact that the program would act as a man-in-the-middle between consumers and all websites with which they communicated, including sensitive communications with encrypted https:// websites; or the fact that the program would collect and transmit consumer Internet browsing data to Superfish." Yeah, whoops. One complaint exhibit highlights that while users had the option of opting out of this security-compromising, behavioral advertising effort, Superfish and Lenovo made doing so notably hard to spot: But again, nowhere was the encryption-compromising aspect of this software disclosed to the end user, even in the finest of fine print in the company's privacy policy. And opting out only prevented users seeing ads dictated by their previous browsing habits; doing so didn't stop the software from faking security certificates and compromising the end user's security. Lenovo won't be required to pay a dime to impacted users; FTC boss Ohlhausen (who downplayed the severity of the deception in her own statement (pdf)), claims the agency lacks the legal authority to obtain civil penalties for first-time violators under the FTC Act. As part of the settlement Lenovo is prohibited from misrepresenting "features of software preloaded on laptops that will inject advertising into consumers' Internet browsing sessions or transmit sensitive consumer information to third parties." Lenovo must also get explicit consumer opt-in consent before installing similar software in the future, and must implement -- for the next 20 years -- a software security program to more dutifully analyze the security impact of such programs. A day after Lenovo's settlement with the FTC, the company also struck a $3.5 million settlement (pdf) with a coalition of 32 states for violating user privacy and failing utterly to disclose the dangerous nature of the company's laptop bloatware. In a statement Lenovo proclaimed it had seen the error of its ways, and that "security, privacy and quality are top priorities at Lenovo." Of course this is the same company that shortly after the Superfish fiasco was caught stealthily installing bloatware via laptop BIOS, so hopefully Lenovo won't mind if people wait a little while before declaring the company truly reformed. Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
When faced with First Amendment activity they don't care for, some legislators attempt to gerrymander this right until it only contains the speech they like. This can take the form of cyberbullying bills, hate speech legislation, and, lately, anti-protesting laws. The problem with these efforts is they routinely run afoul of the Constitution. Some do better than others trying to stay within the confines of what can actually be controlled by the government, but in most cases, the proposed laws are badly-written rush jobs attempting to paper over the current issue du jour. Another anti-protesting law is in the works, prompted by oil pipeline demonstrations both in North Dakota and, closer to home, in the district of the state rep introducing the bill, Scott Martin of Lancaster County, Pennsylvania. Under the terms of the bill, “a person is responsible for public safety response costs incurred by a State agency or political subdivision as a result of the State agency’s or political subdivision’s response to a demonstration if, in connection with the demonstration, the person is convicted of a felony or misdemeanor offense.” In other words, they could be on the hook for costs, such as police overtime, medical or emergency response, or other basic public services associated with protests. Whatever felony or misdemeanor offense the protester was convicted of would come with its own independent penalty. Because the state's laws concerning damage to property and the usual assortment of rioting-related charges apparently isn't enough to deter people from complaining about stuff in Martin's district, a new law must be put in place to hold demonstrators responsible for the actions of others, as well as anything the state might want to add to the final post-protest invoice. The bill cites -- in support of its First Amendment-chilling efforts -- the millions of dollars spent by government agencies in response to the Dakota Pipeline protests. It's a slick move, one that might convince more bottom-line-oriented legislators to hop aboard despite the obvious Constitutional implications. In practice, this law could saddle someone picked up during a protest for blocking a sidewalk (a misdemeanor) with a sizable chunk of the costs incurred by the government during the protest. This will discourage most people from showing support for any controversial cause or, indeed, for any cause at all. Any protest of any size will result in additional expenditures by government agencies, all of which can now be passed on directly to the protest's participants. And it won't be spread evenly among participants. The costs will be borne only by those arrested, which creates an incentive to arrest as many protesters as possible to offset projected expenses. This, in turn, will push prosecutors towards ensuring even the most bullshittiest of charges sticks, as they'll have to answer to lawmakers waving ledger books filled with red ink if they don't. Sure, this bill won't survive a Constitutional challenge, but someone's going to have to spend their own money to correct the Pennsylvania government's error. Hopefully, the bill will get laughed out of the legislature immediately -- especially since Rep. Martin's intentions may be less than honorable. DeSmog Blog notes that Martin has close ties to pipeline lobbyists. Prior to joining the Pennsylvania Senate, Martin worked for a firm called Community Networking Strategies. CNS is a subsidiary of the lobbying firm, McNees, Wallace & Nurick — which lobbies for Gulf Oil Ltd, Industrial Energy Consumers of Pennsylvania, and Sunoco Logistics. If it does somehow become law, it will be a statewide embarrassment and a vehicle for government abuse. And it will give the state the ability to rob Peter twice to pay Officer Paul's protest-related overtime. Permalink | Comments | Email This Story

Read More...