posted 10 days ago on techdirt
Thanks to the internet, more law enforcement agencies are exceeding jurisdictional limitations than ever before. The FBI's Network Investigative Technique (NIT) -- deployed during a child porn investigation to strip Tor users of their anonymity -- travelled all over the United States and the world beyond. IP addresses and computer information harvested by the FBI were turned over to Europol and details obtained by Motherboard suggested at least 50 computers in Austria alone had been compromised by the FBI's hacking. Rule 41 imposes jurisdictional limitations on the FBI's hacking attempts -- something the DOJ is trying (and succeeding, so far) to have changed. But the hacking goes both ways. Not only does the FBI go cruising past US borders while tracking down Tor users accessing seized child porn servers, but law enforcement agencies in other countries are doing the same thing -- and raising the same questions. Australian authorities hacked Tor users in the US as part of a child pornography investigation, Motherboard has learned. [...] In one case, Australian authorities remotely hacked a computer in Michigan to obtain the suspect’s IP address. “I think that's problematic, because they've got no jurisdiction,” Greg Barns, an Australian barrister who practices criminal and human rights law who's also a former national president of the Australian Lawyers Alliance, told Motherboard in a phone call. It might be problematic, but no one seems all that interested in doing anything about it. No defendants garner less sympathy than those viewing child pornography, and law enforcement partnerships fighting the problem span the globe. No law enforcement agency is going to turn down child porn tips from another agency -- no matter where that agency is located or how it obtained this information. The issues raised by these extraterritorial searches are likely to only be addressed (inconsistently) by local courts. Legislators aren't interested in restricting the pursuit of child pornographers, and as long as cases are handled locally and setting aside any chances of extradition demands, there's really no compelling reason for them to head off these abuses before they get worse. The technique deployed by Australian law enforcement does raise a few questions of its own, though. It appears the agency deployed a phishing attack that prompted recipients to click a malicious link that phoned home with user info. The link, though, turned the agency into an actual distributor of child porn, rather than the more passive technique the FBI used when it took over hosting duties for a few weeks after seizing a child porn site's server. Details on how exactly this was achieved are limited, but according to a court document from another case, “When a user clicked on that hyperlink, the user was advised that the user was attempting to open a video file from an external website. If the user chose to open the file, a video file containing images of child pornography began to play, and the FLA [foreign law enforcement agency] captured and recorded the IP address of the user accessing the file.” The file was configured in such a way as to route the target’s traffic outside of the Tor network, the document explains. Seems like a somewhat dubious use of law enforcement resources, but considering undercover officers are able to distribute other contraband (like drugs) in sting operations, it's likely this child porn distribution will be viewed as a lawful part of the agency's investigation. Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
The Sixth Circuit Court of Appeals has decided a man whose communications were snagged by commercial spyware can sue the software's maker for violating federal wiretap law. The plaintiff, Javier Luis, became involved in an online relationship with an unhappily married woman. Her husband, Joseph Zang, installed Awareness Technologies' "WebWatcher" on his wife's computer in order to keep tabs on her online communications. After discovering his communications had been intercepted, Luis sued the software's maker (along with the husband, who has already settled with Luis and is no longer listed as a defendant). The Appeals Court doesn't form an opinion on the strength of Luis's claims -- only noting that they're strong enough to survive dismissal. Awareness Software will be able to more fully address the allegations in the lower court on remand, but for now, the Appeals Court finds [PDF] the software's "contemporaneous interception" of electronic communications to be a potential violation of the Wiretap Act. Two allegations in the complaint support this inference. First, Luis alleges that the communications at issue “were not originally stored on the computer’s hard drive.” The communications were instead acquired by Awareness “as [they were] being written and communicated between senders and recipients.” This allegation directly supports the proposition that the communications were still “in flight” for the purposes of 18 U.S.C. § 2511. [...] Second, Luis alleges that “WebWatcher immediately and instantaneously rout[e]s the intercepted communications to their [i.e., Awareness’s] servers located in California.” (Emphasis in original.) This allegation directly supports an inference of contemporaneous interception because, if WebWatcher does in fact “immediately and instantaneously” copy and send communications “as [they are] being written,” then the acquisition of the communications likely occurs before the communications have come to rest in electronic storage. Somewhat illogically, Awareness suggested that the supporting evidence provided by Luis could have referred to a different product (not made by Awareness) that has an identical name. Awareness is of course correct that some possibility exists that the marketing materials might refer to another device carrying the trademark “WebWatcher” that is unaffiliated with Awareness’s own WebWatcher. This argument, however, is far-fetched at best, and the more “plausible inference,” see id. at 682, is that the materials do in fact apply to Awareness’s WebWatcher that Joseph allegedly used. Slightly more logically, it suggested that it cannot be held liable under the Wiretap Act because it's the end user that actually violates the Act when they install the software and put it to use. This is what the lower court found in its decision, based on a Report and Recommendation (R & R) put together by a magistrate judge. With respect to the claimed violation of 18 U.S.C. § 2511, the R&R concluded that Awareness itself did not “intercept” Luis’s communications because it was Joseph [Zang]—not Awareness—that installed the WebWatcher program on the computer used by Catherine. And with respect to the claimed violation of 18 U.S.C. § 2512, the R&R concluded that Awareness could not be held liable simply for manufacturing a product that others—such as Joseph—used to violate the Wiretap Act. Awareness also argued that WebWatcher's interception of communications wasn't "contemporaneous" and therefore isn't a violation of the Wiretap Act. Instead, it claimed it grabbed communications in "near real-time" and stored a copy on its servers for access by users. The Appeals Court notes that Awareness's own promotional efforts seem to tell a different story. The marketing materials attached to Luis’s complaint support this conclusion. As Luis notes, the materials state that WebWatcher lets its users review a person’s electronic communications “in near real-time, even while the person is still using the computer.” The materials further note that any deviation from real-time monitoring results not from delays regarding when the communications are acquired, but from variations in “the Internet connection speed of the computer being monitored.” This near real-time monitoring is significant. If a WebWatcher user can in fact review another person’s communications in near real time, then WebWatcher must be acquiring the communications and transferring them to Awareness’s servers as soon as the communications are sent. The program, in other words, does not wait for the communications to be stored; instead, the program as described captures and reroutes the communications so that a WebWatcher user can review the communications at nearly the same time as they are being transmitted. In addition, the marketing materials state that “[e]ven if a document is never even saved, WebWatcher still records it.” This feature indicates that WebWatcher does not wait for electronic communications to be saved in a computer’s electronic storage. Rather, the product records the communications as they are being sent, without regard for whether a copy is ever placed in the storage of the affected computer. This aspect of WebWacher’s operations thus implies that the alleged acquisition of Luis’s communications indeed occurred while the communications were still “in flight.” The court also notes that Awareness's own marketing materials suggest there are few wholly-legal uses for its WebWatcher software. Given its function, most end user deployment is almost certain to violate federal or state wiretap laws. (This explains the following disclaimer on the WebWatcher site: "Awareness Technologies Terms of Use and End User Licensing Agreement require that you only install its software on computers that you own or have permission to monitor and that you inform all users of those computers that they are being monitored.") Because of this, the court finds that Awareness cannot dodge civil liability simply because it performs no interception of communications until a purchaser installs and deploys its software. [W]e today hold that a defendant such as Awareness—which allegedly violates § 2512(1)(b) by manufacturing, marketing, and selling a violative device—is subject to a private suit under § 2520 only when that defendant also plays an active role in the use of the relevant device to intercept, disclose, or intentionally use a plaintiff’s electronic communications. So even though Awareness itself did not initiate the specific action that “intercepted, disclosed, or intentionally used” Luis’s communications in violation of the Wiretap Act, it is alleged to have actively manufactured, marketed, sold, and operated the device that was used to do so. This is enough to establish that Awareness was “engaged in” a violation of the Wiretap Act in a way that defendants such as those in Treworgy and Amato—who simply possessed wiretapping devices—were not. The dissenting opinion, however, points out that allowing the plaintiff to pursue Awareness under the Wiretap Act not only shifts some responsibility off the shoulders of the person who initiated the interception (the aggrieved husband) but also more than "liberally construes" the content of Javier Luis's pro se filing. The majority accepts Luis’s argument on appeal that the complaint directly implicates Awareness in paragraph 77. But this reading is much more than just charitable—it grasps at straws. In describing how WebWatcher operates, Paragraph 77 uses only a possessive pronoun that lacks any antecedent: “WebWatcher immediately and instantaneously routs the intercepted communications to their servers located in California to be stored for their subscribers to later retrieve at their leisure.” Awareness is neither named nor the subject of the action. This paragraph, located amidst Luis’s allegations against the other defendants, does not give rise to the plausible inference that Awareness intentionally intercepted Luis’s communications. [...] It does not put Awareness on notice that it—the manufacturer and seller— could be liable for anonymous customer Joseph Zang’s misuse of the WebWatcher. Luis’s novel theory of liability does not appear even to have been tried, much less to have been successful, in any previous case. Neither Awareness nor the district court should have been expected to divine it from Luis’s allegations against the other defendants. I would affirm the district court’s dismissal of Luis’s § 2511 claim against Awareness. I would affirm the dismissal of Luis’s state-law claims for the same reason. That's the downside of this reversal by the Appeals Court: manufacturers and developers will now face an increased risk of civil litigation if their products could possibly be used to violate laws. This negative side effect is diminished somewhat by Awareness's participation in the interception -- the storage of communications on its servers -- but it's still the sort of thing that could encourage speculative litigation aimed at the target with the deepest pockets, rather than the entity that actually broke the law. Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
Grab a Lifetime License for only $29 to Droplr Pro and be able to share your files anywhere with anyone. Simply drag a file to the Droplr icon on your desktop or hit the short cut, and you'll automatically upload it to a remote server. Then, anyone on your team attached to your account will be able to access and work on the content. You can share securely with password protection, self-destruct times and obfuscated URLs. Filled with useful features to make teamwork more efficient, this app will pay for itself in productivity. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
Okay. I've heard lots of crazy arguments from the record labels, but I may have found the craziest. We've discussed how ridiculous it is that the TPP includes a provision saying that every country that signs on must make sure the minimum copyright term is life plus 70 years. This will impact many of the countries that negotiated the agreement, which currently have terms set at life plus 50. This was a key point that the recording industry and Hollywood fought hard for. When even the Copyright Office recognizes that life plus 70 is too long in many cases, the legacy industries recognized that getting copyright term extension through Congress in the US might be difficult -- so why not lock stuff in via international agreements? And, of course, the USTR was fine with this, because the USTR goes along with basically everything that Hollywood asks for. But here's the crazy part: having gotten such a ridiculous thing, the recording industry is whining about its own victory. As Kimberlee Weatherall points out, the recording industry in New Zealand is bitching about the fact that the change doesn't go into effect immediately because it's "too costly" for copyright holders. That's because the TPP has a "phase-in period" that allows countries to adjust and gradually move copyright terms upwards. But the record labels are having none of that: Meeting before a parliamentary committee this week, Recorded Music chief executive Damian Vaughan said his advocacy group supports an article in the TPP deal that standardizes the terms of protection of a work to the life of an author plus 70 years. (New Zealand is one of several participating nations that currently has a term of 50 years after death.) However, Vaughan thinks a proposed phase-in period for nations upgrading to 70 years is unnecessary and a costly burden for rights holders. "It's not making copyright simple or easy to understand to the music user or the public whatsoever," he said, according to RadioNZ. "It is making the process significantly more complicated, and it's the rights organizations and the copyright holders who will be forced to administer this… We note the cost we incur will be far higher than any perceived cost savings." Now, think about what Vaughan is really saying here. Let's be clear: copyright term extension is deliberately removing these works from the public domain. When they were created, a deal was struck between the public and the content creator. That deal said "this work goes into the public domain, but to give you incentive to create it in the first place, we'll give you some limited exclusive rights for this amount of time." That's the deal that was struck. But, now, with copyright term extension, that deal gets thrown out, screwing over the public. They don't get anything back despite the fact that material that was destined for the public no longer is. So there's a massive cost to the public and no payment whatsoever. That's problematic alone. And to make things even more obnoxious, Mr. Vaughan is whining that not being able to fuck over the public fast enough is unfair because it puts too much "cost" on the record labels? REALLY? Boo fucking hoo. You were the ones who pushed for extending copyright terms, and now you want to whine that it might be too costly to administer the process? Fine, fuck it. Let's just toss out the extension and maybe consider decreasing copyright terms overall. That'll give the record labels a lot less to administer, saving them lots and lots of money. Oh, and also giving the public what they were promised. Seems like a good deal all around.Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
When last we left John Steele, one of the dynamic duo behind the massive copyright trolling scam once known as Prenda Law, he was being scolded by the 7th circuit appeals court (not the first appeals court to do so), for failing to abide by the court's own advice to "stop digging." But digging a deeper and deeper hole has always been in John Steele's nature, it seems. As we've mentioned in the past, Steele reminded me of a guy I once knew, who incorrectly believed that he was clearly smarter than everyone else, and thus believed (incorrectly) that he could talk and lie his way out of any situation if he just kept smiling and talking. That generally doesn't work too well in court -- especially when you're not actually that smart. In that July ruling, the court upheld most of the money Steele and Paul Hansmeier were told to pay, and scolded them for directly lying about their ability to pay. It referred to Steele's "entire pattern of vexatious and obstructive conduct." However, as we noted, Steele kinda sorta "won" on one point, though even that win was a loss. One of the arguments that Steele's lawyer had made was that on the fine that the lower court gave him for contempt, the basis for that fine appeared to be under the standards for criminal contempt rather than civil contempt. Way back during oral arguments, the judges on the panel had asked Steele's lawyer, somewhat incredulously, if he was actually asking the court to push this over to be a criminal case rather than a civil one, and Steele's lawyer answered affirmatively. And so, the court notes that the contempt fine "falls on the criminal side of the line," because "it was an unconditional fine that did not reflect actual costs caused by the attorneys’ conduct." So it tossed out the $65,263 fine, but noted that criminal contempt charges might still be filed (out of the frying pan, into the fire). Oh, and of course, it left open the idea that the lower court might go back and actually justify civil contempt fines. And it appears that's exactly what Judge David Herndon in the Southern District of Illinois has done. He's ordered Steele to show cause for why he should not be fined, and then details the basis for such a fine. As a direct result of Steele’s misrepresentations, between January 29, 2014 and June 5, 2015, this Court expended a significant amount of time and effort addressing matters relating to Steele’s ability to pay the Fee Order. This includes the following: (1) reviewing, researching, and issuing orders resolving and/or reconsidering numerous motions stemming from the misrepresentations; (2) preparing for and holding hearings on February 13, 2014 (Doc. 123) and November 12, 2014 (Doc. 187); and (3) reviewing asset statements submitted by John Steele in support of his inability to pay claim. Steele’s choice to make misrepresentations to this Court and to continue to press the issue of inability to pay necessitated all of the above. Steele’s misconduct resulted in an actual loss to this Court and, more importantly, to the tax payers. It is the tax payers who ultimately bear the cost of adjudicating Steele’s misrepresentations. See U.S. v. Dowell, 257 F.3d 694, 699-700 (7th Cir. 2001). Considering the real cost to this Court and to the tax payers, the Court may impose a sanction that compensates the taxpayers for the Court’s time.... The Court intends to impose a remedial sanction for the Steele’s misconduct, outlined in this Court’s June 5, 2015 Order (Doc. 199). The remedial sanction shall be a fine in an amount necessary to reimburse the Court for the costs incurred as a result of Steele’s misrepresentations to this Court.... So, yes, the tiny "victory" for Steele in having the contempt fine tossed out was short lived, as a new civil contempt fine appears likely to be on the way. And, who knows, perhaps criminal charges as well. Can't wait to see Steele try to talk himself out of this one too.Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
The NSA's exploit stash is allegedly for sale. As mentioned earlier this week, an individual or a group calling themselves Shadow Brokers claims to be auctioning off parts of the NSA's Tailored Access Operations (TAO) toolkit, containing several zero days -- including one in Cisco's (a favorite NSA TAO target) Adaptive Security Appliance which allows for remote code execution. The thing about these vulnerabilities is that they aren't new. The exploits being hawked by Shadow Brokers date back to 2013, suggesting the agency has been sitting on these exploits for awhile. The fact that companies affected by them don't know about these flaws means the NSA hasn't been passing on this information. Back in 2015, the NSA declared that it passed on information about vulnerabilities to affected companies "90% of the time." Of course, this statement contained very few details about how long the NSA exploited vulnerabilities before allowing them to be patched. The White House told the NSA to make disclosure the preferred method of handling discovered vulnerabilities, but also gave it a sizable loophole to work with -- "a clear national security or law enforcement need." Ellen Nakashima and Andrea Peterson of the Washington Post spoke to former NSA personnel. The statements they gave suggest there's almost always a "need" that outweighs the general public's security and safety. Former NSA personnel who worked with the tool cache that was released say that when they worked at the agency, there was an aversion to disclosure. “While I was there, I can’t think of a single example of a zero-day [flaw]” used by the agency “where we subsequently said, ‘Okay, we’re done with it and let’s turn it over to the defensive side so they can get it patched,’ ” said the former employee, who worked at the agency’s Tailored Access Organization for years. During that time, he said, he saw “hundreds” of such flaws. He added: “If it’s something in active use, my experience was they fight like all get-out to prevent it from being disclosed.” Said a second former employee, who also spoke on the condition of anonymity to describe sensitive government operations: “It’s hard to live in a world where you have capabilities and you’re disclosing your capabilities to your defensive team.” So, there's no presumption of disclosure, not even with a Vulnerability Equities Process in place. If the NSA has a vulnerability to exploit, it will continue doing so until it's no longer effective. The agency's name alone grants it a presumption of secrecy because, after all, nothing has more "national security needs" than the National Security Agency. This undercuts everything the disclosure process was supposed to do: allow developers to close holes in their software. With its TAO secrets out in the open, the government can no longer pretend stockpiling exploits is a good idea. Nor can it claim it's OK because it's only the "good guys" doing good things with them. The exploits will be sold to the highest bidder -- whether that bidder is a criminal or just another private company stockpiling exploits so it can sell those to highest bidder -- which in some cases may be UN-blacklisted countries with totalitarian governments and long histories of human rights abuses. Matt Blaze -- referring to the just-disclosed Cisco zero day -- wonders if the NSA only just discovered hackers had made off with its stuff. And if it actually knew for three years these exploits had been compromised, why didn't it disclose the vulnerabilities to affected developers? I wonder if NSA discovered that they lost the TAO exploit trove in 2013 or just now? If in 2013, why didn't they report the Cisco 0day? — matt blaze (@mattblaze) August 18, 2016 I wonder if NSA discovered that they lost the TAO exploit trove in 2013 or just now? If in 2013, why didn't they report the Cisco 0day? Neither scenario is particularly flattering. Although it's presumed the hackers didn't actually crack an NSA server (theory is the exploits were harvested from a compromised server the NSA was running), not knowing that these vulnerabilities had been obtained by outsiders until possibly three years after it happened is not exactly a flattering look for a security agency. The alternative is actually worse: that the NSA knew its exploits had been taken but STILL chose not to disclose the vulnerabilities to software developers. In this scenario, there's no longer any "what if" about it. The NSA knew exploits were in the "wrong" hands but withheld this info to continue utilizing the exploits. If that's the case, the NSA is complicit in any exploitation by the "wrong" people because it chose to withhold, rather than disclose, major vulnerabilities even after it knew it had been compromised. It may be that the NSA truly didn't know about this hacking until the hackers started passing out parts of its exploit hoard, but that's not exactly comforting considering the agency's efforts to be declared the overseer of the US government's CyberWar. Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
It's no secret that Uber has been interested in self-driving vehicles and how they might change its business. Lots of people have predicted futures in which Uber basically runs a fleet of self-driving cars and Uber itself has commented on the idea in the past as well. But I'm not sure anyone expected it to happen this soon. The company is apparently starting a test-run with driverless vehicles in Pittsburgh: Starting later this month, Uber will allow customers in downtown Pittsburgh to summon self-driving cars from their phones, crossing an important milestone that no automotive or technology company has yet achieved. Google, widely regarded as the leader in the field, has been testing its fleet for several years, and Tesla Motors offers Autopilot, essentially a souped-up cruise control that drives the car on the highway. Earlier this week, Ford announced plans for an autonomous ride-sharing service. But none of these companies has yet brought a self-driving car-sharing service to market. Uber’s Pittsburgh fleet, which will be supervised by humans in the driver’s seat for the time being, consists of specially modified Volvo XC90 sport-utility vehicles outfitted with dozens of sensors that use cameras, lasers, radar, and GPS receivers. Volvo Cars has so far delivered a handful of vehicles out of a total of 100 due by the end of the year. The two companies signed a pact earlier this year to spend $300 million to develop a fully autonomous car that will be ready for the road by 2021. Separately, the company announced that it has bought a self-driving startup, Otto, and put its co-founder, Antohony Levandowski, in charge of Uber's self-driving efforts. We've already noted that Tesla has Uber-like plans as well, but this could certainly get interesting. Lots of people (including us!) have speculated on what the world will look like as autonomous vehicles become more prominent, but it's somewhat amazing how quickly this is happening. While it's not a huge surprise that Uber may be leading the way, it does still raise some interesting questions. Obviously, lots of people say that Uber wants to do this so that it won't have to pay drivers any more (though in these tests a human is still in the driver's seat and, one assumes, getting paid). But part of the genius (or problem, depending on your point of view...) of Uber was that it was just a platform for drivers who brought their own cars. That is, Uber didn't have to invest the capital in buying up cars. It just provided the platform, drivers brought their own cars, and Uber got a cut. If it's moving to a world of driverless cars, then Uber is no longer the platform for drivers, it's everything. It needs to make the investment and own the cars. That's actually a pretty big shift. That's not to say that it won't work -- and there's an argument that Uber's real power these days is in its operations software figuring out which cars should go where -- but it is an interesting shift in the business. And given that, it's also interesting to see how Tesla is entering the market from the other direction -- a direction that is more like Uber's original concept, where individuals own their own cars, but then lease them back to Tesla to act as for-hire cars for others. I guess it's possible that Uber could do the same thing too, where any car owner could provide their vehicle back to Uber to earn money, but without having to drive it -- just making it a productive resource. Who knows how this will turn out -- and I'm sure some people will inevitably freak out when there's a self-driving car accident -- but the future is getting really interesting really fast.Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
Three years ago, we wrote about the Getty Museum's wise decision to fully support open content (it's important to note that this is the Getty Museum, and not the unrelated stock photo company, Getty Images, a known copyright troll). We were excited to see the museum embracing open access, and taking a principled moral stand on the issue: Why open content? Why now? The Getty was founded on the conviction that understanding art makes the world a better place, and sharing our digital resources is the natural extension of that belief. This move is also an educational imperative. Artists, students, teachers, writers, and countless others rely on artwork images to learn, tell stories, exchange ideas, and feed their own creativity. In its discussion of open content, the most recent Horizon Report, Museum Edition stated that "it is now the mark -- and social responsibility -- of world-class institutions to develop and share free cultural and educational resources." This is why we were similarly excited about the NY Public Library embracing the public domain, while disappointed in institutions like the UK's National Portrait Gallery try to lock up content behind questionable copyright claims. Making art and culture more widely available is an important moral imperative. So it's interesting to see an update from The Getty about how its efforts to embrace openness are going. So far, so good, but they've discovered that actually implementing openness runs into some challenges that are interesting to discuss. But, first the good news: since 2013 the Getty has released over 100,000 more images through the Open Content Program, and we are increasingly using open licenses for Getty-developed content including selected digital publications, Research Institute archival finding aids, Getty Museum online collection data, Getty Conservation Institute teaching and learning resources, and even the very blog you are reading right now. Throughout, our priority in developing openly licensed resources has been to make the Getty’s work as widely available and usable as possible, while retaining the right to attribution. The article includes two specific case studies which highlight how tricky this can be and the case of freeing up access to Pietro Mellini's Inventory in Verse, from 1681 is an interesting example. At first glance, it seems like it should be easy. It's from 1681. The work is in the public domain. They also note that the original is in their collection so they don't need anyone else's permission in terms of digitizing it (and they agree that the digitization is in the public domain as well). The essays and translations that go with it were all done by Getty or Getty contractors so it holds whatever copyright there might be. And yet... there were still issues, in that some of the related images were from third party sources, and that created some concerns: The only sticking points were the handful of images from third-party sources, for which permission had been sought and granted before the decision was made to make Mellini open access. In other words, the original permissions requests were simply for a digital publication, without any mention of CC-BY licensing, and thus contractual considerations prevented us from openly licensing the material. So even in trying to provide wider access to a public domain work, there were issues around related information that had been licensed under different terms. As the Getty notes, this is why it's kind of important for more museums (and others) to embrace a kind of "open first" principle -- so that they're taking care of these issues from the start, rather than having to back into them later. it’s much easier to build an openly licensed project from the ground up than it is to make a project open after the fact. When open access is a project goal from the outset, it helps guide decision-making, especially with respect to contracts with collaborators and consultants, and the sourcing of images and code. There's some other good stuff in there as well, including the fun of trying to open source software that involves modules from different sources with different kinds of open source licenses, but it's good to see this kind of knowledge sharing even on how to be better about knowledge (and culture) sharing...Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
Twitter's had a bit of a busy day. It made two big announcements within an hour, first saying that it had suspended 235,000 accounts since February for "promoting terrorism." It followed that up by announcing that it was opening up its "quality filter" for everyone. The quality filter used to only be available to "verified accounts" and was apparently one of the few actual benefits for being a "verified" account. Here's how Twitter explains it: When turned on, the filter can improve the quality of Tweets you see by using a variety of signals, such as account origin and behavior. Turning it on filters lower-quality content, like duplicate Tweets or content that appears to be automated, from your notifications and other parts of your Twitter experience. It does not filter content from people you follow or accounts you’ve recently interacted with – and depending on your preferences, you can turn it on or off in your notifications settings. From people who have it, they've indicated that it can do a decent, but not perfect, job in blocking purely trollish behavior. However, I still think that my own suggestion from last week makes more sense: rather than building a universal algorithm like this, give every user the tools to build their own quality filters (and to share the "recipes" of those filters). Not everyone has the same determination of what "quality" is. It's fine if Twitter wants to offer its own such filter, but why not open it up and let anyone create quality filters to use and share? As for the removal of terrorist accounts, this still feels kind of pointless. Twitter talks about how it's getting faster at removing these accounts, and they're not able to build up many followers before they're shut down again, making Twitter a less useful platform for terrorist or terrorist supporters to use. But, again, if we think about Twitter as a protocol like email or a system like the telephone, this feels... weird. No one's clamoring for "we must stop ISIS from making phone calls." Besides, the intelligence community has said, repeatedly, that they get good intel from watching ISIS' social media activity. Shutting down their accounts may seem like a good thing (no one wants ISIS using their technology...), but what if it's actually making it more difficult for the intelligence community to track them?Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
We've pointed out before how topsy turvy things have become with the Trans Pacific Partnership (TPP) agreement lately, and it seems to be getting even more weird, but not for any good reason. As we've pointed out dozens of times now, actual free trade is a good thing for the world -- but the TPP agreement has very, very little to do with free trade. There are certainly some good things in the TPP when it comes to trade, including some stuff on helping protect the free flow of information on the internet, but it is significantly outweighed by numerous problems with the agreement that seem to have little to do with actual free trade and plenty to do with certain industries putting in place protectionist/mercantilist programs that are, in many ways, the opposite of free trade. The two areas that we've discussed at great length are the intellectual property section, which will force countries to ratchet up their laws (which runs against free trade) and the problematic corporate sovereignty provisions, that allow foreign companies to effectively block regulations that may make perfect sense for certain countries. Historically, the way political support for trade deals in the US works breaks down as follows: Republicans support the deals strongly, with a simplistic mantra of "free trade is good, any free trade agreement must be good." They don't care much about the details (other than if a big company in their region wants some protectionist nugget in the agreement). Meanwhile, the majority of Democrats oppose the agreements, but again, often for simplistic and protectionist reasons. But, there are always a few "moderate" Democrats (i.e., Democrats who recognize free trade is actually a good thing overall) who support free trade and that's enough to get the deals past. That's mostly how the TPP situation played out for the past few years. Then the insanity of the 2016 Presidential election hit and everything went sideways. On the Republican side, you've got Donald Trump, who is opposed to the TPP, but mainly because he doesn't understand international trade at all, and ridiculously seems to believe that everything is a zero sum game, and any trade agreement that helps other countries means we're "losing." The TPP is bad, but not for the reasons Trump thinks. And then you have Hillary Clinton, who had always been in the Democratic clump that supported free trade agreements, and who has always supported the TPP, despite now pretending not to. That's because Bernie Sanders was very much against it (also for mostly the wrong reasons!) and feeling pressure from the success of his campaign, she felt the need to come out against the TPP to avoid losing to Bernie. So, you have both candidates claiming to be against TPP, but for weird reasons, and no one believing the Dem candidate, while no one quite understanding the GOP candidate. Meanwhile, the sitting President continues to push for the TPP even as the only two people likely to have his job in a few months insist they won't support it. Now, throw into this mix the fact that Trump's railing against the TPP (again, for dumb reasons) is suddenly getting Republican voters to hate the TPP, and down ticket Republicans who have long supported the TPP are suddenly changing their tune. Senator Pat Toomey, a long time supporter of the TPP has now announced it's a bad deal and he's opposed to it. Of course, he actually spends most of his opinion piece (correctly!) lauding the benefits of free trade, but then says he's opposing it for a few reasons. His reasons are silly, though. It's mainly because the pharma industry has convinced him that the IP provisions in the TPP are too lax. Pharma pushed heavily for more ability to basically lock up their data and discoveries for a very long time, and thanks to Australia pushing back, there was a compromise here. So Toomey insists that's why he's now opposing: About 46,000 Pennsylvanians have jobs in the life science and pharmaceutical sector, making it one of our state’s largest industries. TPP will make it too easy for other countries to steal innovations that we create in Pennsylvania and take the jobs tied to those innovations. That's not true at all. What the TPP will do is actually mean that pharma will have an exclusive monopoly on certain things for not quite as long as they'd like. It won't make "stealing innovations" any easier. Of course, the real reason for Toomey's about-face may have more to do with his re-election campaign: Toomey's remarks arrive as public polls show him falling behind Democratic challenger Katie McGinty in one of the country's most crucial Senate races. They also come after months of rage against international trade fueled support for Trump and Bernie Sanders, and forced Democratic nominee Hillary Clinton to reverse course on the pending deal. McGinty has opposed the TPP and blasted Toomey over his stand on it. "Pat Toomey has spent his entire career pushing bad trade deals and policies that ship Americans jobs overseas, so nobody is buying this ridiculous flip flop," McGinty said in a statement. So, this topsy turvy election year, it's becoming increasingly clear that the TPP might not actually have the support it needs to get ratified in the US. If Republicans are bailing on it (and the top of the ticket screaming about how horrible it is), it's difficult to see how it can gain enough support. There is the popular theory that no matter what happens, in the lame duck session after the election, everyone will revert to their earlier positions and push the damn thing through, but if trade continues to be an issue in the election, doing so will create a huge amount of public anger. So, in the end, there are a lot of reasons why the TPP may die on the vine... even if all of the reasons for it doing so will be pretty bad.Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
We're back again with another in our weekly reading list posts of books we think our community will find interesting and thought provoking. Once again, buying the book via the Amazon links in this story also helps support Techdirt. I've been going back through various books from the past and came across Tarleton Gillespie's amazing Wired Shut: Copyright and the Shape of Digital Culture from almost a decade ago. However, it's still very, very relevant today, especially as we're constantly discussing how DRM is impacting the way physical products are built and while there is a big debate happening about Section 1201 of the DMCA. Gillespie saw all of this pretty early on, using many of the early examples of how 1201 basically enabled companies to force certain product design decisions that really had nothing to do with stopping "piracy," but were very much about locking out competition or holding back innovation. The book pulls together the thread on three of the biggest fights from the 2000s around these issues: (1) The silly fight over SDMI, the RIAA's preferred DRM that was so bad that they had to threaten professor Ed Felten for showing how bad it was. (2) The similarly stupid freakout over DeCSS encryption for DVDs. (3) And the attempt to lock down television with a needless broadcast flag. While the specific technologies may have changed, the fights are pretty damn similar a decade later, and it's worth reading (or rereading) Wired Shut to remind you of the past as we prepare to fight for the future.Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
Earlier this year, we discussed how a Treasury Department watchlist under the purview of the Office of Foreign Assets Control was mucking up all kinds of legitimate business because some partakers in said business had scary sounding (read: Islamic) names. Everyone began referring to this watchlist as a "terrorist watchlist", as most of the stories concerned people, including American citizens, who either have names that are close to the names of terrorist suspects worldwide or because certain banks can't tell when someone is writing the name of their dog in the memo section, mistaking that name for the name of an Islamic terror group, because why not? But as it turns out, this hilariously frustrating example of bureaucratic ineptitude isn't limited to global terrorism. It also apparently applies to decades old embargo rivalries, too. Mark Frauenfelder details a wonderful story about how his wife, a book editor, used PayPal to pay for a book review about Cuba, only to have the payment suspended and the notices from PayPal begin to fly. Carla included a message to Ben in the Paypal transaction, which read, "Hi Ben - Your Castro's Cuba review is up! Thanks so much! Carla." As soon as she pressed the send button, she got a pop-up message on the PayPal site that informed her that the payment was being held for review. This had never happened before and she had no idea why PayPal was holding up the transaction. Last night, an email arrived from PayPal. It turns out, the problem arose because Carla's message included the forbidden word "Cuba" (and/or possibly "Castro"). Mark embedded the entire email PayPal sent in his post, but you're not going to find much useful within it. It basically just says that using words like "Cuba", which is a country oft discussed in the United States, and "Castro", which is a crazy common last name, triggered the company's compliance controls to meet OFAC requirements. As such, PayPal is asking Carla to write an essay for the class explaining why she would dare write those words in a payment for a book review. To ensure that activity and transactions comply with current regulations, PayPal is requesting that you provide the following information via email to [email protected]: 1. Purpose of payment 0B463347YT949791N attempted on August 16, 2016 in the amount of $30.00USD, including a complete and detailed explanation of the goods or services you intended to purchase. Please also explain the transaction message: "Hi Ben - Your Castro's Cuba review is up! Thanks so much! Carla." Read that part of PayPal's email. Now read it again. This is bureaucracy at its finest, with a $30 payment triggering all kinds of alarms because of a friendly message about a review. Two things stand out to me. First, exactly what kind of nefarious deeds are both carried out for thirty dollars and then signed off with a friendly memo in the payment section like this? Second, if PayPal is really concerned here, exactly what are they expecting to learn from the "complete and detailed explanation" they are requesting from Carla? Would a Cuban operative using their system do anything other than lie in this explanation? Is the OFAC so strict that it requires these checks, but so lax that the checks amount to the honor system? Or is it possible that government oversight has reached a level at which it does no good other than to serve as a useful reminder of what a pain in the ass it is? Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
When first responder communications networks failed after 9/11, the government decided to build a nationwide wireless emergency communications network that would actually work. It took a decade of general histrionics and dysfunction by Congress, but in 2012 the Middle Class Tax Relief and Job Creation Act formally created the First Responder Network Authority (FirstNet). FirstNet is an entirely new federal agency tasked with coordinating the build of a 700 MHz LTE-based coast-to-coast emergency broadband network. But since its creation the effort (tell us if you've heard this one before) has been plagued with dysfunction, allegations of incumbent carrier cronyism, and stories of people getting paid a significant sum of money despite not actually producing anything of note. Fifteen years after 9/11 and four years after FirstNet was formally created, the program is showing only modest signs of progress. According to a new report in The Atlantic, completion projections for the project are now reaching $47 billion, without much of anything to show for it so far: "It took FirstNet two years just to recruit a skeleton staff, only to be hit by an inspector general’s report that found potential conflicts of interest and problems with the awarding of initial consulting contracts. It then took another two years to issue a request for proposal (RFP) asking contractors to bid on the work to build and operate the system." That RFP finally emerged in January, with the two most likely contenders being AT&T and Verizon, both already firmly entrenched in our domestic intelligence gathering efforts: "The FirstNet RFP, which finally emerged in January, seeks one company to operate the nationwide system. (Verizon, AT&T, and one or more firms that would gather dozens of regional partners into a consortium are the likely players.) The bidders have to offer to pay FirstNet at least $5.6 billion spread over 25 years in return for the bandwidth that FirstNet would make available to them. The winner (presumably, whichever company bids the most above $5.6 billion, while also demonstrating it can do the job) can then sell the FirstNet network to police and fire departments, hospitals, and other first responders, one by one."If you've been playing along at home, you'll recall that both AT&T and Verizon have a long, proud history of taking billions in subsidies and tax breaks for next-generation networks repeatedly left half completed. AT&T, as we've well documented, has a prodigious history of fraud, whether it's ripping off low-income families, the hearing impaired, various school districts or the company's own customers. While the nation's top two wireless carriers make sense as the best positioned to win the contract, they're also the most likely to milk the program for every extra penny it's worth while doing the bare minimum required. Not too surprisingly, the Atlantic article has reportedly upset those working on FirstNet, even though it's far from the first report of this kind. The above-cited report by the Office of Inspector General of the Department of Commerce initially found numerous conflicts of interest on the FirstNet board, with many board members playing fast and loose with conflict reporting rules. It's worth noting that many of these original board members (like FirstNet GM and former Verizon exec Bill D'Agostino) have already moved on, but these problems set the stage for the kind of dysfunction we've seen time and time again in telecom. Estimates suggest the contract will be worth around $100 billion to the company that wins it, with the winner grabbing not only the lion's share of fees paid by state customers, but the right to sell off excess capacity to private companies and consumers. Winners are expected to be announced in November. And while the project may be well-intentioned and even necessary, it's painfully unclear if the U.S. government is actually capable of completing it without giving a master class in telecom waste, fraud and abuse. History, quite simply, just isn't on the project's side.Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
Enhance your data processing skills with the $45 Big Data Bundle. The 9 courses cover Hadoop, Spark, MapReduce, Scala and more to help you learn how to process and manage large amounts of data with ease. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
For several years now DirecTV (now owned by AT&T) has been the focus of a series of lawsuits focused on the NFL's Sunday Ticket exclusive arrangement. More specifically, the lawsuits have claimed that the exclusive arrangement violates antitrust law, resulting in a monopoly that charges often absurd prices to small businesses. Sports bars in particular have to shell out payments of up to $122,895 per year for NFL Sunday Ticket, while those same bars pay significantly less for Major League Baseball's comparable offering. But a new lawsuit filed against DirecTV this week accuses the company of something notably different. Doneyda Perez, owner of Oneida's Beauty and Barber Salon in Garden Grove, has filed a RICO class action against DirecTV for intentionally selling businesses residential-class TV service, then hitting these customers with penalties of up to $15,000 several years later for failing to subscribe to business-class service. There's a lot to go through in this case, but before we start, it's at least worth pointing out that RICO class action cases are almost always ridiculous -- even if there does appear to be questionable behavior here. Since at least 2013 customers have complained that DirecTV salesmen and installers visit what they clearly see are businesses, sell them residential TV service, and don't even mention that DirecTV offers anything else. Then, a few years later, "investigators" employed by DirecTV show up snooping around, without making it particularly clear who they are or what they're doing. This was documented in a different 2013 Dallas Morning News Story about the same practice:"The man sitting at the counter at Zeke’s Kitchen restaurant in Garland is acting suspicious. He doesn’t want any food but takes a glass of water. He says he’s waiting on a friend, but no one shows up. He asks that the channel be changed on the restaurant TV. Then the man steps outside and begins taking pictures of the restaurant. When owner Brandon “Zeke” Roberson asks him what he’s doing, the man runs off. Roberson’s wife, Julie, thinks it’s suspicious enough that she makes a note of it on the restaurant office’s calendar: “Very strange acting man. Ran off when Brandon asked why he was taking pictures outside."Only later do the businesses realize that the investigator works for DirecTV, which then demands huge payments for unpaid back bills from what are often small and struggling companies:"The man is a fraud investigator for DirecTV, sent to find out if the Robersons are TV signal thieves. Did they sign up for a residential TV account but use it at their commercial establishment? In June, DirecTV cuts off the restaurant’s service. Then DirecTV’s collection lawyers notify the Robersons that they owe $15,000 in back bills. It’s the darkest day in the restaurant’s history. So much so that the couple have to close the place to catch their breath."Their lawyers dig in only to find this is a pretty common occurrence nationwide, citing "hundreds" of similar occurrences -- something seemingly supported by this latest class action. While it's possible that poorly trained subcontracted installers are playing a role in not adequately informing businesses of their options (one installer admits as much), DirecTV consistently decides to pursue massive penalties anyway. And AT&T, which bought DirecTV for $69 billion last year, isn't exactly trying hard to make things right, informing the media this week that this is just an issue of "basic fairness":"This is a matter of basic fairness for all of our customers,” AT&T said to FierceCable in a statement. “Businesses that are not paying commercial rates for programming are taking unfair advantage of neighboring businesses that do. We are confident these claims will be rejected."So yes, it's just "basic fairness" to sell a business one class of service, then turn around and demand they need to shell out $15,000 because your salespeople and installers are at worst part of a plan to defraud paying consumers, and at best clueless about the product they're selling.Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
Despite the obvious realities that ratings are down and consumers are cutting the cord, there's a vibrant and loyal segment of executives and analysts who still somehow believe cord cutting is a myth. Every few months, you'll see a report about how cord cutting is either nonexistent or overstated. Earlier this year, these voices were quick to argue that the industry had cord cutting on the ropes because several of the biggest cable providers saw modest subscriber gains in the fourth quarter (ignoring several that saw net subscriber losses for the year). Those folks have been pretty damn quiet the last few weeks as second quarter earnings show cord cutting is worse than ever. A new report by Leichtman Research notes that the pay TV industry collectively lost about 665,000 net video subscribers last quarter, a number some other analysts say was closer to 757,000. Dish Network alone lost 281,000 subscribers, while the new, larger Charter (after acquiring Time Warner Cable and Bright House Networks) lost 143,000 subscribers. "Phone" companies were hit particularly hard, telcos alone losing 500,000 subscribers in just one quarter. In fact, with AT&T and DirecTV now being one company, every single pay TV provider saw a net loss in TV subscribers during Q2: It's kind of hard to spin this kind of bloodshed, so cord cutting denialists are likely to remain quiet -- at least for a few months. Most analysts believe that these losses are due in large part to folks that are moving to a new home or apartment, and not bothering to sign back up for cable when they do. But if you factor in that these numbers aren't scaling alongside housing growth, things are even uglier than the numbers indicate. But because companies like Comcast occasionally see quarters with very modest subscriber gains (thanks in part to their monopoly over broadband and bundling), you'll still somehow see folks trying to argue that cord cutting is either non-existent or an over-hyped fad. But occasionally somebody will step back and take an intelligent big picture look at the numbers, making the overall trend pretty damn apparent:None of this is to say that cable providers couldn't quickly change the entire narrative by simply competing more seriously on TV service price (at the cost of higher broadband bills, of course). But instead, most cable sector executives still desperately cling to the narrative that cord cutting is a fad that stops once Millennials procreate. This is, they clearly believe, just a touch of cash cow indigestion that will magically resolve itself, so there's no reason to stop hitting consumers with biannual rate hikes for bloated bundles of unwatched channels.Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
With ISPs like AT&T now charging broadband customers a steep premium just to protect their own privacy, the FCC has begun looking at some relatively basic new privacy protections for broadband. This has, as you might expect, resulted in a notable bump in histrionics from the industry. Comcast, for example, quickly tried to inform the FCC that charging users a surcharge for privacy was ok because it would somehow magically lower broadband prices, and banning them from this kind of behavior would do a tremendous disservice to the internet at large. Anybody even marginally aware of the lack of competition in broadband understands this is just another attempt to take advantage of captive customers in a broken market. But the broadband industry quickly doubled down, using the usual assortment of payrolled think tanks to pollute the discourse pool. The Information Technology & Innovation Foundation (ITIF), for example, was quick to try and claim that charging all broadband users steep premiums for privacy would generate huge benefits for the entire "internet ecosystem," and that anybody who couldn't see the genius of such a practice was an "absolutist." But a think tank by the name of the Technology Policy Institute has doubled down on the already dumb double down, with an op-ed at the Hill that tries to claim that such a privacy surcharge would actually help the poor:"'Pay-for-privacy' plans disproportionately benefit lower-income individuals. Indeed, the notion that offering an additional option would be detrimental to any consumers, whatever their income, is misguided..."A plan that offers a discount in exchange for data may enable a lower-income consumer both to have internet service and pay for groceries. Depriving the consumer of that choice may put the internet connection out of reach."Pause with me to understand what's being claimed here for a moment. Mr. Thomas M. Lenard is actually trying to claim that adding a privacy surcharge to what's already some of the most expensive broadband in the developed world will somehow help the poor buy groceries. I've seen a lot of nonsense in sixteen years writing about telecom, but this latest storm of disinformation surrounding the FCC's new privacy push should qualify for some kind of award. Like AT&T and Comcast, these think tanks are violently misrepresenting what's actually happening here. AT&T charges its U-Verse broadband customers $528 to $792 more every year (up to $62 more per month) to opt out of the company's Internet Preferences program, which uses deep packet inspection to track your online behavior -- down to the second. Not only is that not anything close to a discount, but AT&T makes opting out as cumbersome as possible. The hope is to heavily penalize opting out and to actively punish broadband users that protect their own privacy. ISPs consistently try to argue that they shouldn't be regulated differently from Google and Facebook on privacy, and that argument surfaces again here:"AT&T is giving the subscriber the opportunity to allow advertisers to pay part of the subscription fee. What would be the rationale for allowing Google to offer advertising-supported service but not AT&T?(Raises hand) Because AT&T and Comcast enjoy a duopoly or monopoly over the last mile? Google or Facebook customers unhappy with their privacy policies can simply stop using these services (imagine the exodus by customers of either company if they tried to charge money to opt out of select privacy practices?). Broadband customers, in contrast, have nowhere to flee if one or both of their broadband options engages in hostile privacy practices the likes of which we're seeing here. Because AT&T, Verizon and Comcast are pushing harder into content and online ads doesn't change this underlying reality. Between privacy surcharges, Verizon's getting busted for covertly modifying user packets to track user behavior, and cable companies bragging how they provide worse customer service for low credit customers, most people should be able to understand why the FCC thinks it may be time for some basic broadband privacy rules. Given that an informed broadband subscriber with the tools to protect their privacy could potentially cost these companies billions, it should also be easy to understand why think tanks and the ISPs that fund them have ratcheted up attempts to derail the effort using some of the most ridiculous arguments imaginable.Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
Stingrays are now as common as cockroaches in the United States, but we haven't heard much about their use by Canadian law enforcement. A denial or a confirmation would be nice, but not strictly necessary. It's safe to assume anything US cops can get, Canadian law enforcement can obtain as well. Earlier this month, Vice's Motherboard revealed the first confirmation of Stingray use by a local law enforcement agency. (The Royal Canadian Mounted Police have owned and operated Stingray devices for most of the last ten years.) According to the BC Civil Liberties Association, which posted a blog announcing the news on Monday, the Vancouver police used an IMSI catcher once, nearly a decade ago, and without a warrant. “We sent a letter asking the Vancouver police if they’d ever used one of the RCMP’s IMSI catchers, and if they would again,” said Micheal Vonn, policy director for the BCCLA. “The answer to both questions was yes.” So just once? A decade ago? The Vancouver PD sounds about as credible as a presidential candidate being questioned about past drug use. Still, the Vancouver PD insists it has no files on Stingray use, despite admitting to using a Stingray. However, the Vancouver PD sounds way more credible than the Edmonton Police, which can't even get its spokespeople on the same page. On August 11, the Edmonton Police told Motherboard this: On Thursday afternoon, Edmonton police spokesperson Anna Batchelor sent me an email saying, “I’m able to confirm the Edmonton Police Service owns a Stingray device and has used the device in the past during investigations.” This was another first. Vancouver law enforcement -- according to what had been told to Motherboard -- didn't own the Stingray it used. It borrowed the device from the RCMP and was instructed on how to use it by a Mountie tech. Several hours later, the Edmonton PD wasn't so sure it owned and/or deployed an IMSI catcher. On Friday, I received a call from Superintendent Terry Rocchio of the Edmonton police, who delivered a frantic and conflicting message: the Edmonton police do not own a Stingray, he said, and Batchelor’s confirmation was the result of internal miscommunications. He was very sorry for the misinformation, he said. Combined with the previous statement, it appears as though Edmonton PD superintendent Terry Rocchio is apologizing for his own words, which certainly gives the appearance of being misinformation. Further statements released by the Edmonton PD claim the department does not own a Stingray but, again, this is at odds with the unexpectedly straightforward statement given to Motherboard in response to its original query. Now, it could be that Edmonton law enforcement did the same thing Vancouver's did and borrowed it from the nearest RCMP bug shop. Or it could be that this is just the Canadian version of playing along with non-disclosure agreements. Most agencies contacted by Motherboard refused to comment. Others refused to confirm or deny. And the one agency that DID say it had a Stingray now says it doesn't. Given the opacity surrounding local law enforcement use/ownership of these devices, it's probably safe to say they've been deployed without warrants and hidden from judges, defendants, and -- quite possibly -- local legislators. Months or years from now, Motherboard may have a more complete answer, but for now, this appears to be Canadian law enforcement scrambling to stave off some inevitable discoveries. Permalink | Comments | Email This Story

Read More...
posted 12 days ago on techdirt
A precedential decision [PDF] by Ontario's Court of Appeals concerning the privacy of SMS messages sounds more worrying than it actually is. Here's Vice Canada's opening paragraph on the ruling: The texts you think you're sending in private can be used against you in court, according to a potentially precedent-setting new ruling from the Ontario Court of Appeal, which critics believe will have implications on privacy throughout the province. The government's comment on the decision makes it sound even worse. "The Crown's position ... is that once a person sends a message into the ether, he or she loses the requisite level of control over that message needed to challenge its subsequent acquisition by authorities from sources outside of that person's control," Nick Devlin, senior counsel with the Public Prosecution Service of Canada, told VICE News. But that's not what the ruling says. Text messages sent "into the ether" do not lose their expectation of privacy. That would make SMS message content open to interception or seizure without a wiretap order or warrant. The circumstances of the case undercut the claims made in these two soundbites. In no way does this create some sort of "Third Party Doctrine" governing the content of text messages. Instead, it simply confirms what should be obvious: that once messages are received, the recipient is free to discuss, expose, or otherwise provide the content to whoever asks for it. The sender is no longer in control of the sent message and cannot claim it is still a private communication. An investigation into the trafficking of illegal firearms resulted in the seizure of phones owned by the two suspects. Police performed forensic searches on both devices and found messages implicating both arrestees. One of the suspects challenged the search and seizure of the devices. For the most part, he won. 1. Mr. Marakah’s s. 8 Charter challenge to exclude from evidence the items seized by the police during the search of his residence on November 6, 2012 is allowed and the evidence is excluded pursuant to s. 24(2) of the Charter; 2. Mr. Marakah’s s. 8 Charter challenge to exclude evidence obtained from his phone that was seized from him by police at the time of his arrest on November 6, 2012 is also allowed and the evidence is excluded pursuant to s. 24(2) of the Charter; and 3. Mr. Marakah’s s. 8 Charter challenge to exclude the evidence of his text messages found by the police on Andrew Winchester’s phone on November 6, 2012, is dismissed. The last item on the list -- a dismissal of an evidence challenge -- is related to the messages found on Winchester's phone, which included Marakah's end of these conversations. The court ruled there is no expectation of privacy in messages sent to another person's phone. This is pretty much analogous to claiming an expectation of privacy in mail sent (and received, opened, read, etc.) by another party. The government can't intercept and read the mail without the proper authorization, but there's nothing stopping it from viewing the content if it's seized from the recipient. The same goes for phone calls, which are ostensibly private conversations, but both conversants are more than welcome to discuss the content of the phone calls with law enforcement without infringing on the other party's expectation of privacy. The failure here is operational security, not a lack of protections for Canadian citizens. The appellant cited a 2013 ruling that said sent messages are "private communications" and can't be obtained by the government without a wiretap order. As all parties acknowledged, it is clear that text messages qualify as telecommunications under the definition in the Interpretation Act. They also acknowledged that these messages, like voice communications, are made under circumstances that attract a reasonable expectation of privacy and therefore constitute “private communication” within the meaning of s. 183. Similarly, there is no question that the computer used by Telus would qualify as “any device” under the definitions in s. 183. The difference between the Telus decision and this one is that in Telus, law enforcement intercepted messages in transit, utilizing the telco's temporary storage of transmitted messages to obtain "continuous production" of messages sent between two numbers. It's the interception that's key, not whether or not the content can be afforded a reasonable expectation of privacy. The appeals court points out that the court in Telus did not actually reach the conclusions the appellant claims it reached. Abella J. expressly declined to decide the issue that is before the court in this appeal: [15] We have not been asked to determine whether a general warrant is available to authorize the production of historical text messages, or to consider the operation and validity of the production order provision with respect to private communications. Rather, the focus of this appeal is on whether the general warrant power in s. 487.01 of the Code can authorize the prospective production of future text messages from a service provider’s computer. That means that we need not address whether the seizure of the text messages would constitute an interception if it were authorized after the messages were stored. The court points out that a reasonable expectation of privacy is not automatically granted to all cases and incidents involving ostensibly private communications. Context factors into the equation -- both in determining the "reasonableness" of privacy expectations, as well as standing to challenge searches. Here, it finds the context does not help the appellant's case. In this case, the application judge’s analysis was guided by Edwards and, on the objective reasonableness of the expectation of privacy, the factors set out by Binnie J. in Patrick. Having regard to those factors, he found that the factors that weighed most heavily in his assessment of the totality of the circumstances were that: (1) the appellant had no ownership in or control over Winchester’s phone; and (2) there was no obligation of confidentiality between the parties. [...] He had no ability to regulate access and no control over what Winchester (or anyone) did with the contents of Winchester’s phone. The appellant’s request to Winchester that he delete the messages is some indication of his awareness of this fact. Further, his choice over his method of communication created a permanent record over which Winchester exercised control. The long dissent is worth reading as it challenges much of what the official opinion asserts -- mainly that a lack of control equals a lack of privacy expectations. Arguably, courts should treat text messages more carefully as they generate permanent records of conversations (phone calls don't) and are used far, far more often than email or snail mail (which also create permanent records of conversations). It's much more on point, however, when noting that the seizure and search of the other party's phone -- resulting in the collection of Marakah's messages -- was also ruled to be unreasonable and a violation of Winchester's rights. The denial of Marakah's request to have this evidence excluded means it's possible for Canadian law enforcement to obtain evidence illegally but still use it in court -- just as long as it obtains the incriminating messages it needs from someone other than the sender. [T]he text messages at issue are essential to the Crown’s case only because of this pattern of Charter infringements. The messages obtained from the appellant’s phone and evidence seized from his apartment are not admissible because the police infringed the appellant’s s. 8 rights when obtaining that evidence. The Crown abandoned reliance on the accused’s inculpatory statements and evidence obtained from them when faced with a challenge to their admissibility. And now the admissibility of the text messages obtained from Winchester’s phone is in issue because they too were obtained in a manner that infringed a Charter-protected right. Finally, while the search of Winchester’s phone, considered in isolation, may be classified as a less serious breach of the appellant’s Charter-protected interests, I would take into account the fact that the appellant suffered many serious breaches of his Charter rights. In this case the police intruded upon significant privacy interests by conducting a warrantless search of his home and conducting an unnecessary and unrestricted forensic analysis of the appellant’s phone. Refusing to exclude the text messages obtained from Winchester’s phone would, in effect, neutralize any remedy granted for those breaches. Considering that the court has already quashed the messages obtained from Marakah's phone due to the illegality of the seach, it only makes sense to do the same to the same messages that were obtained from Winchester's phone. Without evidence suppression, law enforcement will be encouraged to route around presumed privacy expectations (and warrant requirements) by choosing an alternate, "less private" source to obtain the same communications. Permalink | Comments | Email This Story

Read More...
posted 12 days ago on techdirt
For several years now we've documented the rise in websites that shutter their comment sections, effectively muzzling their own on-site communities. Usually this is because websites are too lazy and cheap to moderate or cultivate real conversation, or they're not particularly keen on having readers point out their inevitable errors in such a conspicuous location. But you can't just come out and admit this -- so what we get is all manner of disingenuous prattle from website editors about how the comments section is being closed because they just really value conversation, or are simply trying to build better relationships. NPR appears to be the latest in this trend du jour, with Managing Editor of digital news Scott Montgomery penning a new missive over at the website saying the comments are closing as of August 23:"After much experimentation and discussion, we've concluded that the comment sections on NPR.org stories are not providing a useful experience for the vast majority of our users. In order to prioritize and strengthen other ways of building community and engagement with our audience, we will discontinue story-page comments on NPR.org on August 23."Again, nothing says we "love and are engaged with" our community quite like preventing them from being able to speak to you on site (this muzzle represents my love for you, darling). The logic is, as Montgomery proceeds to proclaim, that social media is just so wonderful, on-site dialogue is no longer important:"Social media is now one of our most powerful sources for audience interaction. Our desks and programs run more than 30 Facebook pages and more than 50 Twitter accounts. We maintain vibrant presences on Snapchat, Instagram and Tumblr. Our main Facebook page reaches more than 5 million people and recently has been the springboard for hundreds of hours of live video interaction and audience-first projects such as our 18,000-member "Your Money and Your Life" group."And while those are all excellent additional avenues of interaction and traffic generation, it's still not quite the same as building brand loyalty through cultivating community and conversation on site. By outsourcing all conversation to Facebook, you're not really engaging in your readers, you're herding them to a homogonized, noisy pasture where they're no longer your problem. In short, we want you to comment -- we just want you to comment privately or someplace else so our errors aren't quite so painfully highlighted and we no longer have to try to engage you publicly. All for the sake of building deeper relationships, of course. Montgomery talked a little more about NPR's decision on Twitter, where Mathew Ingram (one of roughly three writers I've found who gives two flying damns about the negative impact of this trend) politely pondered if NPR really tried all that hard before giving up:@scottmdc I appreciate that. But do you think the scale shifted in part because you didn't prioritize them? — Mathew Ingram (@mathewi) August 17, 2016 Except as we've noted time and time again, studies show that it's not really that hard to cultivate a healthier on-site comment section simply by showing up and giving a damn. Just having a writer or editor show up and treat readers like human beings dramatically improves the overall tone of the conversation. This isn't something that requires all that much time and effort; it's just easier and cheaper to give up. Elsewhere on NPR's website user reaction to the news has been overwhelmingly negative, with many users saying they don't have social media accounts and appreciated the on-site ability to have vaguely intelligent conversation. Says one user:"They're getting rid of a great community of discussion. It's the best forum I've known, with people from all walks of life discussing the news with a moderate amount of intelligence, and a healthy dose of wit. I'm pretty upset. After the comments go, I won't visit NPR much anymore. There's not much content compared to other sites. It was the discussion that kept me coming back."Another reader offers a more blunt take:"And the "public" in public radio goes away, except for the pleas for money. There's no interaction any more, emails are ignored, Twitter is useless, and Facebook is a gross invasion of privacy. Sad NPR. And worse that the supposed advocate for the listener backs the decision. Perhaps if NPR had actually involved itself with the commenting instead of isolating and offshoring it, you would have found that things would have worked better for you."Sadly, like Bloomberg, Recode, Reuters, Popular Science, and other sites, NPR and Montgomery round out the announcement by claiming that muzzling your community somehow illustrates a love of "deeper relationships" and "conversation":"In the eight years since NPR first launched its online comment section, the world of social media has changed dramatically, as has NPR's digital presence. We're constantly asking ourselves where we can create the best dialogue with you and how we can deepen that relationship. It's a question we will keep asking because the way we communicate online will keep changing. We're looking forward to continuing the conversation."That sounds so much lovelier than "nobody in our writing or editorial staff wants to take the time to cultivate local on-site community," "we're lazily cutting corners" or "we don't like having our mistakes highlighted publicly right below our articles," don't you think?Permalink | Comments | Email This Story

Read More...
posted 12 days ago on techdirt
Enigma Software -- creator of the SpyHunter suite of malware/adware removal tools -- recently sued BleepingComputer for forum posts by a third-party volunteer moderator that it claimed were defamatory. In addition, it brought Lanham Act trademark infringement claims against the site -- all in response to a couple of posts that portrayed it in a negative light. The posts pointed out that the company had a history of threatening critics with litigation and had engaged in a variety of deceptive tactics, including triggering false positives to promote its spyware-cleaning products and placing paying customers on a periodic payment plan that ran in perpetuity under the guise of a one-time "removal" payment. A somewhat bizarre decision by the judge presiding over the case allowed Enigma's questionable complaint to survive BleepingComputer's motion to dismiss. In doing so, the decision also suggested the judge was willing to poke holes in Section 230 protections -- something that's been happening far too frequently in recent months. This bogus lawsuit should never have gotten this far. Enigma's original defamation claims contained wording found nowhere in the posts it didn't like, and the company had to make several inferences on behalf of the website it was suing to cobble together its complaint. The lack of a decent anti-SLAPP law in New York kept its defamation claims from being ejected on arrival. Faced with having to litigate its way out of this stupid mess, BleepingComputer has gone on the offensive. The assertions made in its countersuit suggest Enigma Computer has been -- for quite some time -- fighting speech it doesn't like (the forum posts it sued over) with more speech. Unfortunately, if the "more speech" deployed is just shadiness and bogus claims (the same sort of thing it's suing BC for), then "more speech" isn't really a remedy. Lawrence Abrams of BleepingComputer gives a brief overview of the latest filing at his company's website. (h/t The Register) Yesterday, BleepingComputer filed its Answer, Affirmative Defenses, and Counterclaims in response to Enigma Software's Second Amended Complaint. In our filing we stand by our statements that Bleeping Computer has done nothing wrong, that there is no smear campaign against Enigma Software, and that any of the statements posted by the site's volunteer, Quietman7, are either true or purely opinion. On the other hand, since being sued we have uncovered information that makes us believe that Enigma Software or their agents have been allegedly performing a long term campaign of attacks against BleepingComputer.com. Our counterclaim includes examples of the following: Defamation of Bleeping Computer. Using our trademark "Bleeping Computer" without our permission. Creating web sites and web pages that use the trademark "Bleeping Computer" to associate the site with malware and other unwanted programs. Registering at least one domain with our trademark "Bleeping Computer". Copying text from BleepingComputer.com and hiding it in non-viewable HTML on their sites for search engine optimization purposes. Actively stating that the BleepingComputer.com security utilities called Rkill and Unhide are viruses. Furthermore, in all of the above examples, the sites are or have been promoting Enigma's SpyHunter product. The filing [PDF] fills in the details. Enigma (or its agent) has been creating websites that funnel users to its SpyHunter product while simultaneously suggesting BleepingComputer and its tools are malware. One site is called Adware Bleeping Computer Removal, which hints that "Bleeping Computer" is something that is unwanted and in need of removal. Sure enough, the site offers instructions on how to remove adware while providing a handy link to download SpyHunter. Another Enigma software-pushing site uses the URL bleepingcomputerregistryfix.com. Others are hidden behind URLs a bit more innocuous. Enginemachinesupplyshop.com contains pages that claim two tools BleepingComputer has created -- RKill and Unhide -- are "malware/viruses" that "infect" users' computers and should be removed. Naturally, the site recommends SpyHunter. It also includes statements that seem far more defamatory than any of the allegations Enigma is suing BleepingComputer for. rkill.com is a dangerous computer virus which can destroy the infected computer and record your personal information. If you’re not careful when you visit websites or use online resources, your computer is vulnerable to virus attacks. It has the ability to slow down the computer performance seriously. The computer user’s personal information may be got by the virus makers through the virus, such as credit card or bank account details and social contacts’ information. Therefore, the best way to cancel the malicious behaviors of rkill.com is to get rid of it as soon as possible. This is what RKill actually does. RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running. BleepingComputer provides this utility free of charge to users. The entire filing is worth reading to see just how much Enigma has allegedly done in an attempt to do damage to BleepingComputer's reputation. From what's shown here, it looks as though Enigma's history as a shady, litigious pusher of dubiously-effective software isn't exactly history. It's still very much a part of its reputation management scheme -- one that does nothing to elevate Enigma's esteem and everything to drag critics in the same business down to its level. Permalink | Comments | Email This Story

Read More...
posted 12 days ago on techdirt
Earlier this year, we discussed how UC Davis detailed in a report that it spent $175k with a reputation management firm to try bury the 2011 pepper-spraying incident that has become so infamous, as well as to bolster the positive reputation and search results of its former Chancellor, Linda Katehi. While Katehi was still Chancellor, she had issued something of a mea culpa that was unfortunately riddled with excuse-making and vendor-blaming, but in which she also appeared to take responsibility for the report's contents. Students protested anyway, as they should have, given how the report detailed that Katehi was far more interested in her own reputation online than she was in any kind of reform of campus police. Which, if you'll remember, was what kicked off all of the negative reporting starting in 2011 to begin with. But now a new report has been issued that makes it clear that the $175k with the one reputation management vendor was just the tip of the iceberg, and that Katehi's obsession with her own online reputation was far more serious than anyone had known. Indeed, her attempts to meddle in her own online search results started long before the 2011 pepper-spraying incident. When she was appointed chancellor, news accounts questioned her tenure at the University of Illinois at Urbana-Champaign, where she was provost and allegations emerged that children of politically influential backers were given preference in admissions. Katehi denied knowing anything about those admissions. The report found that she was so concerned she would be tainted by the scandal that she called an aide at UC Davis, whose name was redacted from documents, and asked him to take quick action. “Though Chancellor Katehi was on vacation, she contacted and asked him to edit her Wikipedia page concerning her knowledge of the Illinois admissions scandal,” the report found. “(The aide) advised the Chancellor that they should not edit her online biography because Wikipedia would attribute any edits to UC Davis. Staff made the revisions under protest.” In 2011, after a campus officer strolled past a line of seated protesting students and calmly unloaded a pepper spray can directly at them, the ensuing backlash was met by Katehi primarly with an expanded effort to control what the wider internet thought of her. While the initial reporting indicated a single vendor had been paid $175k on Katehi's request to try to control messaging about the school and herself through a barrage of good, but trumped up, press, UC Davis actually hired three different reputation management firms to do this, all to the tune of over $400k. And she appears to have been more concerned with her own reputation than that of the school she was to be stewarding. Katehi and her staff sought out firms on the East Coast and in Sacramento, meeting with them and discussing how to create a LindaKatehi.com webpage, edit Wikipedia posts and submit op-eds under her name to publications that might crowd out negative press from others. The report noted that improving Katehi’s reputation also would improve that of the university’s. But documents show that she constantly sought help in what one aide recalled as her desire that they “get me off the Google.” “Linda wants to understand generally how we plan to address the lingering negative pepper spray-related online search content associated with her name,” reads a September 2012 email from Barry Shiller, who was brought in after the pepper-spray incident to handle her communications strategy. All three firms eventually hired by UC Davis at Katehi's request promised to bury the 2011 incident through editing in positive content to the Wikipedia pages of Katehi and the school, by creating a brand new website bearing Katehi's name and filled with positive coverage, and to create "listening reports" to detail any news coverage that mentioned her or the school so that coverage could be further addressed by the outside reputation consultant. Included in all of this was an investigation into those who were creating negative edits on these pages. What Katehi intended to do with that information is unclear, but it hardly seems like the information could be used for anything but retribution. It goes without saying that as we, the link above, and several other online media outlets are discussing these revelations, and placing them alongside the original 2011 incident for context, the work of the three vendors and the nearly half a million dollars paid to them has failed. Reputation management of this sort rarely works. And when it blows up, as it usually does, the cover-up is always viewed as even more horrendous than the original crime, which is now thrust back into public discussion. And this was really easier than making an honest apology and trying to reform campus police abuse? Permalink | Comments | Email This Story

Read More...
posted 12 days ago on techdirt
Cody Poplin at Lawfare points out that the Defense Department has just issued an update on rules governing its intelligence collection activities -- the first major update in over 30 years. These would directly affect the NSA, which operates under the Defense Department. The most significant alteration appears to be to retention periods for US persons data. While everything is still assumed to be lawful under Executive Order 12333 and DoD Directive 5240.1, the point at which a record is deemed to be "collected" -- starting the clock on the retention period -- has changed. Under the new rules, “collection” occurs “upon receipt,” whereas the previous manual defined “collection” as occurring when the information was “officially accept[ed] … for use.” The change ensures that all protections governing even the incidental collection of U.S. personal information (USPI) applies upon receipt of that information. The clock starts to run as soon as information is collected, meaning that collected information must be promptly evaluated to determine the proper retention period. This should result in better minimization of incidentally-collected US persons info as the determination must be made shortly after harvesting, rather than waiting until the collected data is queried. This likely means the NSA may be making more efforts to head off incidental collection, as leaving things the way they are will now result in additional logistics headaches. This doesn't necessarily mean incidentally-collected info will be swiftly disposed of. The DoD can still hold onto this data for five years. And, if the target of the incidental collection leaves the country during that retention period, the DoD can hold onto the data for a quarter-century. Info on US persons/entities (still located in the US) is also being granted additional protections, including enhanced minimization procedures for dissemination of collected data to other agencies and other countries. The NSA will also be expected to make additional trips to the FISA court. [T]he new manual incorporates new physical search rules that reflect changes to the Foreign Intelligence Surveillance Act since 1982. These include requirements to obtain a FISA warrant for nonconsensual physical searches conducted inside the United States and for targeted collection of U.S. person information outside the United States. Most of this appears to be changes for the better -- something that likely wouldn't have occurred without Snowden's leaked documents. The last change to these rules was made back in 1982 when no one had any idea the wealth of communications content and data that would be travelling around the globe in digital form. But a closer look at the details -- especially the part pertaining to "special circumstances" that alter the rules of collection and retention -- suggests there still may be a few exploitable loopholes that would allow the NSA to target US persons and entities. If DoD agencies wish to target a US person (whether at home or abroad), they're instructed to use the "least intrusive" method of surveillance: public sources. If the information sought can't be found there, the next step is to seek cooperation from other sources that may have the same info. This is basically a consensual search, but involving third parties. The last step is to seek top-level approval from the DoD's general counsel. This will provide some additional oversight, but still makes it a mostly "in-house" process -- something that's not exactly comforting. The additional restrictions on the collection of US persons in the US seem to limit potential abuse/misuse of surveillance tools. Other specific limitations apply to collection of USPI inside the United States, including that the information may be collected only if 1) the information is publicly available or 2) the source of the information is advised or otherwise aware that he or she is providing the information. But the list of exceptions to these limitations appears to directly remove these two stipulations. In the event that neither or the two previous requirements are met, the Defense Intelligence Component may employ collection methods that are directed at the United States if a) the foreign intelligence is significant and the collection is not undertaken for the purpose of acquiring information about a U.S. person’s domestic activities; b) the intelligence cannot be obtained publicly or from sources who are advised they are providing information to the DoD; or c) the Defense Intelligence Component head concerned or a single delegee has approved as being consistent with the manual and its outlined procedures the use of techniques other than the collection of publicly available information or from an informed source. Reading these both together suggests that if the DoD can't obtain the info it's seeking from public/advised sources, it can use that limitation as a reason to deploy supposedly foreign-facing surveillance methods against US persons. If that's the correct reading (and the "or" -- rather than an "and" -- in the list of requirements suggests it is), the limitations on domestic surveillance are mostly meaningless. Permalink | Comments | Email This Story

Read More...
posted 12 days ago on techdirt
Over the years, we at Techdirt have tended to resist the kinds of "audience growth strategies" that many other news publications have taken -- perhaps to our own detriment. I remember when Digg was the new hotness and generating lots of traffic for news sites. Someone approached us about getting our stories highly promoted on Digg and I told them I didn't want to game the system, and would rather let people find us organically. I know plenty of other news sites did play plenty of games. The same thing happened once everyone (and more) left Digg for Reddit. Reddit did drive a lot of traffic to us for a few years, though it's tapered off in the past few years. And, obviously, over the last couple of years, all the publications have been talking about Facebook and how it drives so much traffic. A year or so ago, I was at an event and chatting with a guy from another news site who nonchalantly tossed off the claim that "well, every news site these days now knows how to game Facebook for an extra 10 to 20 million views..." and I thought "huh, actually, I have no idea how to do that." All of this might make me very bad at running a media site (I certainly know of some other news sites that used gaming social media to leverage themselves into massive acquisition offers from legacy media companies). But, to me, it meant being able to focus on actually creating good content, rather than figuring out how to game the system or who I should be sucking up to for traffic. I'll admit to struggling with this issue at times -- sometimes wondering if we're missing out on people reading our stuff that would like it. And, every once in a while, we'll do little things here or there to focus on "optimizing" our site for this or that source of traffic. But it's never been a huge focus. As mentioned above, much of this is because focusing on creating good content takes quite a bit of time, and is much more interesting to me than figuring out how to game this or that algorithm. Part of it is because I think this also tends to build a more loyal -- if potentially smaller -- core audience. People come to Techdirt because they like Techdirt (well, for some of you, because you hate it) not because someone gamed an algorithm to get you here. Some of this is because I've always been a bit wary of relying too heavily on any third party who could suddenly rip the rug out from under you. And that seems to be happening with Facebook and some news sites. Back in June, the company announced a big change to its newsfeed, which suggested it would start downplaying "news" and promoting more stuff about your family and friends. And the latest reports suggest that many media sites took a massive traffic hit in July in response to those changes. This has some in the media pulling out their hair over what to do, but really, it's kind of what you get for chasing someone else's algorithm. As some have noted, the only really important lesson here may just be people who use Facebook actually prefer interacting with friends' baby pictures, rather than cheap clickbait. People get more satisfaction from interacting w friends' baby pictures than cheap clickbait? Facebook is so evil. https://t.co/nQpYorJnbK — Parker Thompson (@pt) August 17, 2016 Indeed -- I certainly don't go to Facebook for news. And over the last few months, I've noticed that I'm gravitating more and more to Snapchat as a preferred social media platform for personal stuff, as it just feels more comfortable there. A great column by Farhad Manjoo at the NY Times does a pretty good job explaining why this is and also explaining why Facebook-owned Instagram recently launched something of a Snapchat clone. The short version is: But when you open Instagram or Snapchat, Mr. Trump all but disappears. While Facebook and Twitter have lately become relentlessly consumed with news, on these picture-based services Mr. Trump is barely a presence; he (and his Democratic rival) are about as forgotten as GoTrump.com, Mr. Trump’s failed travel search engine. FWIW, if you followed Manjoo on Snapchat (as I do), you would have seen him make this point -- that there's very little Donald Trump on Snapchat -- earlier, before this column appeared. But it's true that something like Snapchat feels more actually social and less "news" based. And part of that is the fleeting nature of Snapchat: The differences are instructive. On Facebook, my friends will post about their promotions; on Snapchat, they tell you about their anxieties at work. On Facebook, they show off smiling photos of their perfect kids on some perfect vacation. On Snapchat, they show pictures of their kids in the midst of some disastrous tantrum, throwing food all over the floor, peeing in the tub, covered in mud and paint and food, because hey, that’s life, O.K.? But, of course, nowadays, all I keep hearing about is how media organizations need to "have a Snapchat strategy." And Snapchat itself is promoting this rhetoric as well. Lots of news organizations have jumped on board Snapchat in a big way, and we've heard that some are having great success with it. But as cool as I find Snapchat, I'm probably going to continue to stick with my general strategy of trying to create good content and hope that you continue to find it worthwhile. I'll leave the "gaming" of social media to everyone else.Permalink | Comments | Email This Story

Read More...
posted 12 days ago on techdirt
Learn all about the art of penetration testing and hacking with the pay-what-you-want White Hat Hacker Bundle. The first two courses in the bundle include tutorials on pentesting Node.js and how to prevent XSS attacks. If you beat the average price ($17.14 at the time of writing), you gain access to five more courses covering WiFi security, ethical hacking, Windows exploits, and more. Ten percent of the profits from your purchase will go towards charity to help make the world a better place. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.Permalink | Comments | Email This Story

Read More...