posted 10 days ago on techdirt
It's no secret that the DMCA's section 1201 is extremely problematic. It's the "anti-circumvention" part of the law, that makes it illegal to circumvent "technological protection measures" even if it's for non-infringing purposes. This is a mess -- especially in an age of DRM trying to lock up everything. Try to get around it, and it's a violation of the law -- even if you're not trying to infringe on the underlying material. This is why Cory Doctorow is running a new effort to eradicate DRM with a target placed firmly on Section 1201. So it's great to see Senator Ron Wyden and Rep. Jared Polis team up to introduce a bill to try to reform Section 1201. The full text of the bill (called the "Breaking Down Barriers to Innovation Act of 2015") has a lot of good things in it. It says that circumventing DRM or other technology protection measures for non-infringing reasons should no longer be considered against the law. It also expands other exemptions for things like security research and testing and reverse engineering. It also would automatically renew the exemptions the Librarian of Congress issues every few years so we don't have a repeat of the mess from a few years ago where the Librarian of Congress used the "triennial review" process to first grant an exemption to 1201 for unlocking mobile phones... and then to take that exemption away six years later. Overall it's a good bill -- and I'm curious to understand how anyone could possibly push back on it, though Hollywood absolutely refuses to consider any changes to Section 1201. Unfortunately, it also seems unlikely that the bill has enough support to actually go anywhere. It seems a bit telling that Wyden released this bill the same day as the fast track bill, suggesting that it's a signal of some sort to people that he's not giving up on fixing copyright law. It's unlikely, however, that this gesture will mollify the folks who are upset that Wyden allowed the fast track bill to move forward in its current form.Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
California hasn't seen much rain over the past few years, and this drought is really serious now. Culprits of high water usage are popping up in various news stories: almond growers, farmers in general, swimming pools, golf courses, fracking, green lawns, car washes, wineries, etc, etc... Multiple billion-dollar infrastructure plans are underway to try to distribute water more efficiently or make more water available to major cities and key locations. However, the environmental impact studies for some of these huge water projects aren't complete -- and the requirements for them are being relaxed. Will Californians regret spending billions on some giant water tunnels? California is running dangerously low on water now that it's in its fourth year of drought. Various kinds of rationing rules could start to kick in soon -- with pricing schemes that will encourage everyone to take shorter showers and get rid of grassy lawns. [url] Why can't California try desalination to solve its drought problems? San Diego is building a giant desalination plant, but it won't be ready until 2016 -- and the resulting water is expensive.. and the water produced can only supply a small fraction (~7%) of the state's water needs. (Plus, the salt has to go somewhere....) [url] Desolenator is a solar powered device to turn seawater into fresh water, and it's already achieved its Indiegogo funding goal. This isn't a large scale device. It only produces about 15 liters of clear water per day, and it's really only practical for people who live near the ocean (or on a boat). If it works, it'll be interesting to see what happens to all the salt and/or brackish water waste from these things. [url] After you've finished checking out those links, take a look at our Daily Deals for cool gadgets and other awesome stuff.Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
We've mentioned many times the importance of anti-SLAPP laws in protecting people who are being sued solely to try to shut them up. It's still a travesty that we don't have a federal anti-SLAPP law but are reliant on various state anti-SLAPP laws. In case you're not familiar with them, SLAPP stands for "Strategic Lawsuit Against Public Participation." Anti-SLAPP laws basically allow people who are sued to quickly get lawsuits dismissed when it's obvious that the entire point of the lawsuit is to silence whoever is being sued, rather than for any legitimate legal purpose. For years, California was seen as having one of the best anti-SLAPP laws, but in recent years both Texas and Nevada upped the ante in anti-SLAPP laws, making them even stronger. Nevada's had a particularly useful feature: it would award "reasonable costs, attorney's fees and monetary relief" for defendants who were wrongfully hit with SLAPP suits. Basically, it provided a real deterrent against SLAPP suits. However, just two years after unanimously passing that bill, the Nevada Senate has just unanimously repealed that important provision, in the form of SB 444. If you take a look at the bill, you'll see it explicitly repeals the fee shifting section. Apparently, some people didn't like the fact that they might have to pay up for filing bogus lawsuits trying to stifle speech. If that were all it did it, it would be tragic enough, but as Popehat clearly describes, the bill also undermines the rest of the anti-SLAPP law in pretty nefarious ways, making the existing rules toothless. The bill still needs to go through the state assembly and be signed by the governor, but it's really disappointing to see Nevada move backward on anti-SLAPP laws just as much of the rest of the country is moving forward. Nevada provided a useful anti-SLAPP model, but apparently someone wasn't happy about that.Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
For those of us that think certain intellectual property laws have become overbearing and overly burdensome, one of the fun little exercises is to try and figure out where the best battlegrounds are for the fight against them. For instance, if you think cable television has become expensive, unfriendly, and overtly insane, you want to pay special attention to how professional sports are broadcasted now and in the future. If you want to find ground to battle expanded trademark protections and the crazy ways some companies interpret their rights, perhaps the alcohol and beer industry is a good place to draw a line in the proverbial sand. And for copyright? Well, there has always been a ton of focus on music and movies, but we may be seeing the world of video games emerge as the best ground from which to push back against the restrictions of antiquated copyright in the digital age. Recently, we covered the spiderweb of nonsense one company had to go through just to try to publish a decade-old game, an attempt that was ultimately given up because the web proved to be too convoluted to navigate. Now, a Consumerist post explains how the DMCA and game publishers have (perhaps) unwittingly conspired to keep video games from claiming their rightful place within our cultural lexicon. The focus in the post is on section 1201 of the DMCA. Section 1201 of the DMCA prohibits consumers from circumventing copyright protection measures put in place on games or any other digital media. So even if you can figure out a fix that will make a game work offline — much like the Sim City player who discovered a work-around against the disastrous always-online requirement — it’s against the law to do so, even if you’re not otherwise violating the copyright and even if this is the only way to make an abandoned game viable again. Yes, somehow keeping it illegal to fix broken, abandoned games aids in this innovation; perhaps by forcing people to keep buying newer releases. The piece then draws up two conflicting sides on section 1201 with regards to video games: the Entertainment Software Association on one side and the EFF on the other. The EFF has filed a request to have exemptions put in to section 1201 for gaming enthusiasts and, more importantly, for museums who would need to alter the game in order to make it in any way useful for exhibit. Take, for instance, any of the games that Electronic Arts, member of the ESA, decides to torpedo in whole or in part by shutting down game servers that support or check-in with the software. Or, perhaps more apropos, take any of the myriad of recent games that have been released as "always online," with copyright protections essentially amounting to a check in with servers not in the consumer's control. What happens when those servers are no longer worth supporting and are shut down? Well, some or all of the game becomes un-playable. Now, let's leave aside the question of whether or not a consumer truly owns the game they buy under these scenarios. Let's also leave aside whether this kind of DRM or copyright protection is worthwhile at all. Instead, let's focus on how curators of games can handle this kind of thing in a world where DMCA section 1201 forbids the kind of tampering that would get around these restrictions. Should the ESA get its way and keep 1201 exemption-free, so-called abandoned games or abandonware becomes abandoned culture. And not, by the way, abandoned by the consumer or the public, which might include museums or academics with a strong interest in curating older games. No, the abandonment is committed by the game company itself, leaving a giant cultural hole that cannot be filled in because of a copyright law section those same companies are defending. I've long argued that video games should be considered every bit the equivalent of movies and music. Try to find an equivalent to this problem with either music or movies, however, and you'll be at it quite a long time before you find anything meaningful. Netflix doesn't count, because you aren't buying a movie in Netflix. Same with music streaming services. The closest thing to it is probably how some e-readers can disappear books the consumer has purchased. The difference there is that the entire cultural deposit with a literary work likely isn't lost when that sort of thing happens, as it can be found and curated in other forms. That's not the case with old and classic games. You want to find a place to take a stance against expanded copyright in favor of greater culture? That place is with games. The ESA knows this, which is why it is staunchly defending section 1201. The gaming industry argues that allowing these modifications would “undermine the fundamental copyright principles on which our copyright laws are based,” and send the message that “hacking… is lawful.” In fact, as the EFF points out, “hacking” in and of itself is completely legal. “Most of the programmers that create games for Sony, Microsoft, EA, Nintendo, and other ESA members undoubtedly learned their craft by tinkering with existing software,” writes the EFF. “If ‘hacking,’ broadly defined, were actually illegal, there likely would have been no video game industry.” And no cultural boon from games as a result. Section 1201, within the framework of gaming, can be said to be firmly anti-culture. No two ways about it. Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
With fifteen years under my belt writing about astroturf, think tanks, fauxcademics, and other dirty lobbying and policy tricks, I've always had a hobbyist's fascination with propaganda, especially online. When done "correctly," disinformation or guerrilla marketing is utterly invisible. When done poorly -- you get more comedic, ham-fisted attempts at information control, like Scientology's personal website's attacks on the new HBO documentary "Going Clear" or, well, ISP-paid sockpuppets who insist they fight net neutrality because they just love internet freedom so very much. Of course, the one-two punch of violence and propaganda has for some time put Putin's Russia on another level of intellectual aggression. The Guardian recently penned a pretty fascinating interview with several members of Putin's internet troll army, paid to spam forums, websites, and social networks around the globe with pro-Putin propaganda. Working in twelve-hour shifts in a nondescript building marked "business center," hundreds of writers work in "humourless and draconian" teams dedicated toward supporting Putin's worldview for 45,000 rubles ($790) a month. And it often works:"The scariest thing is when you talk to your friends and they are repeating the same things you saw in the technical tasks, and you realize that all this is having an effect,” the former worker said. Marat, 40, worked in a different department, where employees went methodically through chat forums in various cities, leaving posts. "First thing in the morning, we’d come in, turn on a proxy server to hide our real location, and then read the technical tasks we had been sent,” he said. The trolls worked in teams of three. The first one would leave a complaint about some problem or other, or simply post a link, then the other two would wade in, using links to articles on Kremlin-friendly websites and “comedy” photographs lampooning western or Ukrainian leaders with abusive captions.The staffers work around the clock creating and maintaining proxied, viable fake personas, sure to discuss their favorite music and recipes, peppered authentically with rants about the Kiev government being fascist. Hand in hand with tens of thousands of Twitter bots, they create a massive sound wall that makes Apple's reality distortion field look like a nineteenth century circus performance. The Guardian points to websites like this one set up with Internet memes to make mocking Putin opponents that much easier:"Many of them have obvious racist or homophobic overtones. Barack Obama eating a banana or depicted as a monkey, or the Ukrainian president, Petro Poroshenko, in drag, declaring: “We are preparing for European integration.” The trolls have to post the photographs together with information they can pull from a website marketed as a “patriotic Russian Wikipedia”, featuring ideologically acceptable versions of world events." Of course, as Glyn noted earlier this week, the Russian government has moved to "clarify" existing law and is now declaring all internet memes illegal -- unless of course you're paid by the government to twist and distort the very fabric of online reality. It probably goes without saying that the United States certainly is no saint on this front (industry astroturfing or the media coverage of the Iraq war quickly leap to mind), but Putin's frontal-assault on the internet is starting to make Orwell's darkest predictions seem like playful childhood fiction.Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
Take to the skies with your own drone (why should governments and big corporations have all of the fun?). Grab the Extreme Micro-Drone 2.0 with Camera at 46% off in the Techdirt Deals store and you'll be flying high soon. This mini drone weighs just over 1 ounce, comes with a 640 pixel micro camera for taking pictures and videos and has a flight range of 400 feet. It's small enough to fly indoors as well as outside and comes pre-programmed with algorithms for flips and self-stabilization so that even novice fliers can look like experts. This deal ends very soon! Here's some video we found of someone testing out the Micro-Drone 2.0 and its camera so you can get a better idea of its capabilities. Note: We earn a portion of all sales from Techdirt Deals. The products featured do not reflect endorsements by our editorial team.Permalink | Comments | Email This Story

Read More...
posted 10 days ago on techdirt
As you may recall, at the height of the SOPA fight fallout, MPAA boss Chris Dodd went on television and threatened to stop funding the politicians who didn't support the MPAA's copyright agenda: "Those who count on quote 'Hollywood' for support need to understand that this industry is watching very carefully who's going to stand up for them when their job is at stake. Don't ask me to write a check for you when you think your job is at risk and then don't pay any attention to me when my job is at stake." Given that statement, this little tidbit from the Sony email archives is interesting. It's Chris Dodd more or less demanding that all of the member studios donate $40,000 to Rep. Bob Goodlatte's re-election campaign. As you may know, Goodlatte is the head of the Judiciary Committee in the House of Representatives, and copyright falls under that committee. Even more to the point, despite the fact that there's an "Intellectual Property Subcommittee" (headed by Rep. Darrell Issa), Goodlatte has made it clear that copyright reform remains under his own personal mandate. In this email, Dodd notes that Goodlatte is coming to LA and there's a fundraiser -- and he asks each of the member studios to see if they can put together $40,000 for Goodlatte's campaign: Subject: Goodlatte Victory Committee As you know, for a number of months we have been discussing the political event that Chairman Goodlatte has asked our industry to host in Los Angeles. The event has now been scheduled for November 22. A copy of the invitation is attached. The Goodlatte staff is currently securing a location and I will send that information as soon as it is confirmed. The event will be in support of the Joint Committee established by the Congressman called the “Goodlatte Victory Committee.” This event is important and in the best interests of our industry. A number of you have had an opportunity to speak directly with the Chairman in the past few months, and I know you share my view that he is a good man and we are fortunate to have him at the helm of the House Judiciary Committee for the foreseeable future. TIME IS OF THE ESSENCE and it is now incumbent upon us to work together to make this event a success. I need each of you to commit to attending the event and I would request that each studio raise $40,000 for the Victory Committee at this event. So, please confirm that you plan to attend on the 22nd in Los Angeles, and that you will meet the per studio target of $40,000. It is incredibly important, in my view, that this event be a success and that we have a broad representation of studio executives in attendance. I will reach out to you later this week, but look forward to hearing from you in the meantime. Best, Chris Now, to be clear, this sort of thing happens all the time. It's more a function of how money in politics works today. It wouldn't surprise me to find out that plenty of other companies in other industries do the same sort of thing -- though, generally speaking, it would be done by the companies themselves, not at the direction of a trade organization. Still, it's a bit of insight into how the process works that I figured some of you might find rather revealing.Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
There's been lots of talk lately about China's "Great Cannon" -- the DDoS tool that China used to launch a massive attack on GitHub a few weeks ago. Much of the research on this tool was provided by Citizen Lab. That report is great and interesting. And then, the Wall Street Journal -- still a respected news source -- jumps in to speculate wildly based on nothing in particular, that Ed Snowden gave China NSA source code to build the Great Cannon. Edward Snowden sabotaged the intelligence capabilities of the U.S. and its allies, and now we learn he may have given the Chinese regime a weapon to spread Internet censorship across the planet. The Great Firewall, the unofficial name for a suite of blocking tools, stops Chinese citizens from accessing outside information. In the past few weeks Beijing has deployed a new offensive capability, dubbed the Great Cannon. First of all, Snowden didn't "sabotage" any intelligence capabilities at all. He revealed to journalists how the NSA and its partners were abusing certain powers, likely breaking the law. That's not "sabotage." Second, the "we learn" is not based on anything the WSJ's nameless author of the opinion piece actually "learned." It's based on wild speculation by stringing some misleading and unrelated ideas together. So we're already off to an inauspicious start to the piece. According to a report from the University of Toronto’s Citizen Lab, the Great Cannon is similar to Quantum, a tool developed by the U.S. to track potential terrorists and criminals abroad. Snowden, a former system administrator for the U.S. National Security Agency, revealed the existence of Quantum for the first time in 2013 when he fled to Hong Kong and then Moscow. Loose connection #1. Did Snowden give the Chinese the code for the Great Cannon? He denies sharing anything with foreign governments. But then he’s an admitted liar, and we don’t know what the Chinese and Russian spy services have been able to copy from what he stole. In any event he alerted them to a weakness that could be exploited. Wait, what? How is he "an admitted liar?" That seems like a stretch already, and seems like the kind of line you'd find in a conspiracy website, not the pages of the Wall Street Journal. Second, the idea that the Chinese didn't already recognize how to do online attacks via such methods until Snowden revealed it seems especially questionable. Among the other things that Snowden revealed: the NSA knows that the Chinese are among the most sophisticated in building tools for mounting online attacks. The idea that they would be totally ignorant of methods like these until Snowden's revelations came out seems difficult to believe. A South China Morning Post report that the Great Cannon has been under development for about a year is suggestive. This means China’s hacking bureaucracy geared up to produce this new product soon after the Snowden leaks. Loose connection #2. Also, notice that the WSJ doesn't actually link to the SCMP story, so we'll do that for you. It actually doesn't say it was in development for a year. It says that it's "been in operation for about one year." I guess the timing still sorta works if you're making loose connections, but it seems like a pretty big leap to argue that's somehow evidence that Snowden gave the info to the Chinese during his brief stay in Hong Kong. It also means that in the name of “transparency,” Snowden and his media accomplices may have empowered one of the world’s worst censors. Uh, no, it doesn't. If the WSJ's editorial board knew the first thing about technology, they'd know that it didn't require Ed Snowden to teach the Chinese how to build a giant DDoS machine. This is another example of how the Western left fails to distinguish between the secrecy and surveillance required by democracies to preserve freedom and that used by dictators to quash it. Huh? That sentence doesn't even make sense. Either way, as one commenter noted, you'd think that the WSJ might realize that even if China modeled the Great Cannon on the NSA's Quantum, it really says something that we're building tools that can be used to censor the internet. And they should realize that's a problem. Instead, they try to blame the whole thing on Snowden, because... well, actually not for any actual reason that I can see -- just pure speculation. That's the kind of thing we'd expect to see on conspiracy theory websites. Not the Wall Street Journal.Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
Two years ago, we were among those who noted how odd it was to see the MPAA in court arguing in favor of fair use, since the MPAA tends to argue against fair use quite frequently. The legal geniuses at the MPAA felt hurt by our post and some of the other news coverage on the issue, and put out a blog post claiming that the MPAA and its members actually love fair use. According to that post, the MPAA's members "rely on the fair use doctrine every day" and the idea that it "opposes" fair use is "simply false, a notion that doesn't survive even a casual encounter with the facts." Now, as you may have heard, Wikileaks has put the leaked Sony emails online for everyone to search through for themselves. I imagine that there will be a variety of new stories coming out of this trove of information, now that it's widely available, rather than limited to the small group who got the initial email dumps. In digging through the emails, one interesting one popped up. It's Chris Dodd revealing the MPAA's true view on "fair use" in an email to Michael Froman, the US Trade Rep in charge of negotiating agreements like the Trans Pacific Partnership (TPP) agreement and the Transatlantic Trade & Investment Partnership (TTIP). You see, about a year ago, Froman gave a speech where he made a very brief mention of the importance of fair use, and how, for the first time, the USTR would be including fair use in agreements. Here's what Froman said: And, for the first time in any trade agreement, we are asking our trading partners to secure robust balance in their copyright systems – an unprecedented move that draws directly on U.S. copyright exceptions and limitations, including fair use for important purposes such as scholarship, criticism, news commentary, teaching, and research. Nothing major. Nothing controversial. In fact, as we've pointed out, the actual text in the various leaks of the TPP show that while it is true that the USTR has, for the first time, mentioned concepts related to fair use, it has only done so in a manner that would limit how fair use could be implemented. And that brings us to Dodd's email to Froman, in which he reveals that, contrary to the MPAA's "we love fair use" claim in its public blog post, the MPAA is actually quite fearful of fair use and the idea that it might spread outside of the US to other countries: Dear Ambassador Froman: I am writing to you today regarding your Wednesday remarks at the Center for American Progress. I am concerned about your suggestion that previous free trade agreements’ copyright provisions were unbalanced and that USTR has addressed this lack of balance by including “fair use” in the TPP. Quite to the contrary, the recently ratified US-Korea FTA was supported by a broad cross-section of US industry, from tech and the internet community to the copyright community, and furthermore has been held up as a model agreement. As I know you are aware, the inclusion of “fair use” in free trade agreements is extremely controversial and divisive. The creative community has been, and remains, a strong and consistent supporter of free trade, but the potential export of fair use via these agreements raises serious concerns within the community I represent. Over the last 24 hours, I have received calls from my member companies questioning what they perceive as a significant shift in US trade policy and, as a consequence, the value of the TPP to their industry. It may be that people are reacting to the subsequent press releases by private groups following your remarks. I am certain these concerns have been elevated by indications from the US government that the ISP liability provisions in the TPP are going to be weakened. Nonetheless, this issue is of enough significance that I felt I must reach out to you directly prior to your departure for Singapore to register our deep concerns. I am hopeful that I can report back to my members that that US trade policy has not changed, that USTR is committed to securing strong copyright provisions in the TPP. But, there is no question Wednesday’s speech is reverberating in the content community, and I would be remiss if I failed to raise these concerns to you personally. I would be very grateful if you would respond to these concerns at your earliest convenience. I realize you will be traveling, but this is a sense of urgency surrounding our concerns. Regards, Christopher J. Dodd Motion Picture Association of America So, the MPAA loves fair use... but the very idea that the USTR might include fair use in a trade agreement (as it had announced years earlier, and which it is doing in very limited -- and limiting -- ways) is "controversial and divisive"? All the way to the point that the MPAA is concerned about whether it can still support the effort? That does not sound like an organization that really does support fair use at all. In fact, it sounds like an organization that actively does "oppose" fair use, contrary to the claims in its blog post. Funny how the MPAA's public statements appear to completely disagree with what it says directly to politicians, huh?Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
It's actually been a pretty long time since we last wrote about electronic voting machines and how insecure they are. Back in the 2005 to 2010 time frame, it was a regular topic of discussion around here, but there really hasn't been that much new information on that front in a while. However, earlier this week, Virginia decided to decertify a bunch of electronic voting machines after noting that the security on them was abysmal. As Jeremy Epstein notes in a detailed blog post about this issue: If an election was held using the AVS WinVote, and it wasn’t hacked, it was only because no one tried. The vulnerabilities were so severe, and so trivial to exploit, that anyone with even a modicum of training could have succeeded. They didn’t need to be in the polling place – within a few hundred feet (e.g., in the parking lot) is easy, and within a half mile with a rudimentary antenna built using a Pringles can. Further, there are no logs or other records that would indicate if such a thing ever happened, so if an election was hacked any time in the past, we will never know. It's that bad. The headline grabbing line that many news sites have run with is the unchangeable WEP encryption key used on the machines was "abcde." Meaning it was crazy easy for people to hack into (even if you didn't know the password originally, it would not be difficult to figure that out just by monitoring the system). But that's just the start. Other massive problems, explained by Epstein: The system hasn’t been patched since 2004 (which we knew). What we didn’t know is that the system is running a whole bunch of open ports with active services. The report specifically notes that ports 135/tcp, 139/tcp, 445/tcp, 3389/tcp, 6000/tcp and 16001/tcp are all running unpatched services. (Layman’s explanation: the voting machines aren’t just voting machines, they’re also servers happy to give you whatever files you ask for, and various other things, if only you ask. Think of them as an extra disk drive on the network, that just happens to hold all of the votes.) (Obdisclosure: In retrospect, I *probably* could have figured this out a few years ago when I had supervised access to a WinVote with a shell prompt, but I didn’t think of checking.) The system has a weak set of controls – it’s easy to get to a DOS prompt (which we knew). What we didn’t know is that the administrator password seems to be hardwired to “admin”. The database is a very obsolete version of Microsoft Access, and uses a very weak encryption key (which I knew a couple years ago, but didn’t want to disclose – the key is “shoup”, as also disclosed in the VITA report). What we didn’t know is that there are no controls on changing the database – if you copy the database to a separate machine, which is easy to do given the file services described above, edit the votes, and put it back, it’s happy as can be, and there are no controls to detect that the tampering occurred. The USB ports and other physical connections are only marginally physically protected from tampering. What we didn’t know is that there’s no protections once you plug something into one of these ports. What this means is that someone with even a few minutes unsupervised with one of the machines could doubtless replace the software, modify results, etc. This is by far the hardest of the attacks that VITA identified, so it’s almost irrelevant given how severe the other problems are. And, as Epstein notes, the Virginia Information Technology Agency figured all of this out on its own -- in other words, it wasn't given the source code for these machines. That means, pretty much anyone probably could have figured out the same things. Epstein makes it clear just how easy this process is: Take your laptop to a polling place, and sit outside in the parking lot. Use a free sniffer to capture the traffic, and use that to figure out the WEP password (which VITA did for us). Connect to the voting machine over WiFi. If asked for a password, the administrator password is “admin” (VITA provided that). Download the Microsoft Access database using Windows Explorer. Use a free tool to extract the hardwired key (“shoup”), which VITA also did for us. Use Microsoft Access to add, delete, or change any of the votes in the database. Upload the modified copy of the Microsoft Access database back to the voting machine. Wait for the election results to be published. As he points out, the only bits that might take some sort of technical expertise is extracting the passwords, but that's not that hard, and the kind of thing that lots of script kiddies have figured out how to do with free online tools for ages. Epstein points out that the Diebold machines that everyone mocked a decade ago were "100 times more secure" than these WinVote machines. Because there's an election coming up, apparently some election officials were against decertifying these machines: Richard Herrington, secretary of the Fairfax City Electoral Board, said he was unconvinced that WINVote machines were risky enough to warrant decertification. “No matter how much time, money and effort we could put into a device or a system to make it as secure as possible, there is always the possibility that someone else would put in the time, money and effort to exploit that system,” he said. Richard Herrington is both right and wrong. Yes, it's true that almost any system will have security vulnerabilities, but he's ridiculously, laughably wrong, in suggesting that these machines are likely secure enough. These machines don't require a sophisticated hacker (especially now that the VITA revealed all the necessary passwords). Basically anyone can change the votes however they want based on the information that has been revealed. For years, whenever we'd point to concerns and problems with e-voting machines, people would argue that it was just conspiracy theories and that these machines were mostly "secure enough." Yet, time and time again, we've discovered that the machines weren't even the tiniest bit secure -- and this is just the most egregious example so far.Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
Aside from the extraordinary information that he revealed about massive yet unsuspected surveillance programs, Edward Snowden has produced several other collateral benefits through his actions in 2013. For example, recently we learned that the DEA's phone tracking program was cancelled as a direct result of the revelations and the ensuing uproar. Other leakers have started to come forward, apparently inspired by his actions. And as the press has pored over Snowden's actions, it has become clear that support for government whistleblowers is woefully inadequate -- indeed, that they are regarded by the Obama administration pretty much as traitors. More generally, the debate around Snowden has highlighted the important part that whistleblowers play in sustaining the rule of law and defending democracy. Now a group of whistleblowers has written a letter calling on the United Nations to recognize that role (pdf), and to improve protections within the organization (via Intellectual Property Watch): As our experience shows, retaliation against whistleblowers affects the entire UN system and goes largely unchecked at all levels, including in the Executive suites. Some UN whistleblowers have been fired or demoted; others have been subject to more subtle forms of abuse like non-renewal of contracts or sudden transfer to duty stations on the other side of the globe; many face plain, simple harassment and intimidation. The problems they have to deal with are very similar to those encountered by Snowden when he sought to use official channels to raise his concerns: UN whistleblowers are forced to go through lengthy, and often expensive, internal appeal processes in which the burden of proof, as a practical matter, rests on the whistleblower to demonstrate retaliation (the usual standard in national systems requires the employer to justify their actions were not retaliatory). As a result, they often end up taking the same route that he did: Put simply, the UN system of justice fails whistleblowers, and most of us have been forced to leave the UN to save our livelihoods, our health and our reputations. The letter's signatories go on to call for the UN to review whistleblower protection at the organization, and they make concrete suggestions on improving the lot of those revealing abuses, including recognizing that: Whistleblower rights are human rights, which must be promoted and protected within the UN, as well as in affiliated specialized agencies and international organisations with immunity from national laws. And extending whistleblower protections to: UN peacekeepers, police officers, contractors, victims and any other person who provides information about misconduct that could undermine the organisation’s mission. The key to receiving protection should be the content of the information disclosed, not the identity of the person disclosing it. Like much of the letter, that last point is applicable generally. It underlines the fact that a completely new framework for whistleblowers is required at every level, both nationally and internationally. The letter to the UN is part of an important move towards making that happen, in what could prove to be a key aspect of Snowden's long-term legacy. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
Publicity rights have managed to intersect with the video game world more frequently recently. Typically, what appear to be loose general characterizations and/or homages within games have, for a variety of reasons, ruffled the feathers of the celebrity elite. One needs only look back at the disputes raised by Lindsay Lohan over a character in the Grand Theft Auto series which she, wrongly, declared to be based solely upon her. The question I always have in these cases is one of motive. Are these celebrities unhappy about the portrayal they think they see in a character, is there some competing interest, or is it all just a mindless money-grab? In the latest case we'll cover, I'm at a loss if this isn't a money grab. The whole thing centers on the latest iteration of Mortal Kombat and one character's likeness, perhaps, to a mixed marshal arts fighter name Felice Herrig, who thinks the Cassie Cage character is based off of her likeness. Herrig, who fights on this weekend’s UFC on FOX 15 card, was first made aware of Cassie Cage a few months ago. Back then, she found the resemblance to be a bit odd, but she didn’t have a whole lot to go on. In recent days, however, more footage and promo materials have surfaced, and Herrig doesn’t like what she sees. Her complaints, posted to her social media account, center on the Cassie Cage character notably chewing bubblegum and taking selfies. If you go hunting for side-by-side comparisons, they can be somewhat striking. Except we need to keep a couple of things in mind here. Both women, one real and one fictional, portray combat fighters and there are only so many ways those folks are going to be portrayed. Flexing with clasped fists is a common posed shot in this world. As for chewing bubble gum and taking selfies, both of those are so common that entire industries are built around them, so that is about as unique as having blonde hair. Is there an homage here? I don't know, maybe. If there is, it's a subtle one, and built off a real-life person who isn't exactly a household name outside of the MMA scene. But what's the point of getting upset over a maybe-possibly-kinda-sorta nod in your direction? I mean, it is an option to be flattered or to use it to promote yourself, whether the whole thing is an homage or not. What's to be upset about? Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
Paying for college has never exactly been easy, but it's been getting increasingly difficult over time. On top of that, it's getting more difficult to get into some of the more selective schools. CA Gov. Jerry Brown remarked that "normal" people can't get accepted to Berkeley anymore (hold the jokes on how normal the students at Berkeley have ever been, okay?). Proposals for free community college tuition (with fine print attached) might make higher education more accessible and certain colleges more socio-economically diverse, but what's going on with the costs of tuition? All the Ivy League universities and a bunch of prestigious schools like MIT and Stanford offer free tuition for students from families earning less than specified income levels. However, if the goal of these kinds of programs is really to achieve higher socio-economic diversity of student populations, perhaps efforts to level the playing field should start far earlier than college. [url] The putative reason for the increasing college tuition is related to slashed government funding, but the conventional wisdom seems to ignore the growth of the student population, as well as the administrative expansion which has been roughly ten times the rate of growth of tenured faculty positions. Some folks point to the seven-figure salaries for high-ranking university executives as a scapegoat, but the situation seems to be much more complex. Is there a more efficient way to deliver higher education and reliably recognize student achievements? [url] Government subsidized higher education isn't going to lower the costs of educating -- it'll just obscure the relationship between that cost and tuition. Reducing administration costs for colleges and universities seems like the place to start, but it's not clear how the cuts there would begin... or why they would be initiated by the very people who are in charge of the administration budgets. [url] After you've finished checking out those links, take a look at our Daily Deals for cool gadgets and other awesome stuff.Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
For the past few months there have been rumors every few weeks that Congress was finally going to push out a "fast track" or "trade promotion authority" bill. As we've explained, these bills are Congress giving up their Constitutional right to regulate international trade, and handing the power over the USTR, a part of the executive branch. While some supporters of this argue that it actually gives Congress more power, by laying out the conditions of a trade deal it will approve, that's ridiculous. That might be true if fast track authority were granted prior to a deal being done, but with the TPP and TTIP pretty far along, it's clearly not true. Either way, despite massive opposition from the President's own party, an agreement has been reached between Senator Hatch and Senator Wyden and a trade promotion bill has been released. Back in February, we presented a simple litmus test concerning whether or not any such effort would actually be reasonable on intellectual property issues: would the text of the bill concerning intellectual property be any different than the last fast track authority bill from 2002 (or an attempt to update it in 2014). Both of those bills had nearly verbatim text. And... as we feared, so does this new bill. Given just how much the internet has changed since 2002, it is simply inconceivable to suggest that the same intellectual property rules that made sense then would continue to make sense now. In other words, despite the involvement of Senator Wyden, it appears that little has been done here to make it clear to the USTR that bad IP rules in the TPP or TTIP agreement are unacceptable. That's a disappointment. Here are the key provisions on intellectual property. Note that they are basically all about enforcement (i.e., protectionism) rather than the free flow of information (which is what you'd expect a trade deal to be about). providing strong protection for new and emerging technologies and new methods of transmitting and distributing products embodying intellectual property, including in a manner that facilitates legitimate digital trade; preventing or eliminating discrimination with respect to matters affecting the availability, acquisition, scope, maintenance, use, and enforcement of intellectual property rights; ensuring that standards of protection and enforcement keep pace with technological developments, and in particular ensuring that rightholders have the legal and technological means to control the use of their works through the Internet and other global communication media, and to prevent the unauthorized use of their works; providing strong enforcement of intellectual property rights, including through accessible, expeditious, and effective civil, administrative, and criminal enforcement mechanisms; and preventing or eliminating government involvement in the violation of intellectual property rights, including cyber theft and piracy; These are basically word for word the same from 2002. In other words, despite over a decade of seeing how the USTR has used trade deals to browbeat other countries into bad intellectual property laws, this new trade promotion authority is saying "go ahead and continue doing just that, no matter what harm it may do to the internet and all of the economic growth it creates." Unlike some who are totally against any trade deals, I believe there are ways in which increasing actual free trade can be helpful. I had held out hope that the new trade promotion agreement would be more reasonable than what we'd seen in the past. But just looking at the intellectual property section alone, and the fact that it has remained unchanged since the 2002 version -- despite over a decade of seeing how bad IP policy can hurt internet innovation and economic growth -- suggests that this TPA agreement continues the mistakes of the past, rather than fixes them. That's unfortunate. And so, now comes a very, very weird fight in Congress. With nearly all Democrats opposed to this bill even including the surprise change in position by Senator Chuck Schumer, we'll have a situation where Congressional Republicans try and convince their colleagues to give President Obama more power, by removing the Constitutional authority from Congress, while Congressional Democrats push back against giving their own President that power. It's a really weird fight in oh so many ways.Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
There's a story in Business Insider that's been getting a lot of attention thanks to the click-baity headline of: The founder of a $50 million startup just sold his company — and he didn't make a dime by reporter Alyson Shontell. Almost everything about the headline is misleading. The company, Get Satisfaction, was once valued at $50 million, at its peak back in 2011. But from what I've heard, the final sale, to Sprinklr, that went down recently was for $8 million (and it's possible that not all of it was cash, making the valuation even more questionable). So, the whole $50 million bit is meaningless, because that's not what the company was worth. And, considering the company had raised at least $21 million (and possibly more), the fact that it eventually sold for less than half the money raised means that it shouldn't even be remotely surprising that the company's founder, who had been pushed out years earlier, got nothing out of the deal. This is how it works. The early shareholders/founders were diluted and pushed out, the company basically tanked and sold off in a firesale. It's no surprise that the early players got basically nothing -- it's how things are done. What struck me as more interesting about this, however, was the fact that the founder who kicked off the story, Lane Becker, was actually willing to come out and say the truth: that it was a firesale designed to make people look good, rather than actually make anyone any real money. This is Silicon Valley's stupid secret that really should be discussed more openly. Lots of startups fail. It happens all the time. And Silicon Valley prides itself on supposedly being a lot more accepting of failure. You hear it all the time. But the reality is that we often try to hide failures behind fake success stories. High profile startups rarely just disappear -- they find someone to buy them for next to nothing so they can pretend to have successfully exited. The truth is, many of those companies were out of money and the "acquisition" was nothing more than an attempt to "create good optics" and pretend to the outside world that there was a successful conclusion to the startup. If Silicon Valley were truly accepting of failure, it would be much more willing to openly discuss its failures. It happens, but it's rare. The one I remember most clearly is Chris "moot" Poole from about a year ago writing about the failure of his startup Canvas/DrawQuest: I’m disappointed that I couldn’t produce a better outcome for those who supported me the most—my investors and employees. Few in business will know the pain of what it means to fail as a venture-backed CEO. Not only do you fail your employees, your customers, and yourself, but you also fail your investors—partners who helped you bring your idea to life. In my case, I am extremely lucky and grateful to be partners with people who are simply the best. What separates the best investors is not how they help you when you’re a rocketship, but when your ship is on fire and you’re venting atmosphere. In this case, our investors have demonstrated what sets them apart from the rest—they’ve supported me throughout the ups and downs, and especially the downs. There's a lot more to that post and it's well worth the read. It talks about the kind of things that lots of Silicon Valley entrepreneurs talk about privately, but almost never publicly. Yes, Silicon Valley is relatively accepting of failure. Compared to other industries and other areas, Silicon Valley is much more open to second (and third and fourth) chances for those who have failed -- but we're terrible about exploring why things fail and the impact of those failures. Being a part of a failing startup is no fun at all -- but the end of the story tends to be pretty typical: if it's not high profile, it just disappears. If it is high profile, it does what Get Satisfaction did here and finds a firesale option where people can pretend it was a success, thereby hiding the reality and keeping the important lessons from being learned more widely. The interesting thing about Becker's statement was not -- as Business Insider assumed -- that a founder didn't get to cash out on a firesale of his former company. It was that Becker wasn't willing to play the usual game and pretend a failure was a success. Rather he was direct about how the company had flopped and how. And that's something that we need more of, rather than silly stories that try to make it look like something "unfair" or "wrong" happened. What happened is totally normal in Silicon Valley. It happens every week around here, and we should be more open to talking about companies that fail and why they fail -- not to revel in the schadenfreude, but to learn the lessons from those who ran into trouble along the way.Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
Public WiFi hotspots can be unreliable, and you can never be too sure of how secure they are. You can solve those issues by taking your internet with you in a portable hotspot. The MiFi 2 Unlocked Global Hotspot is available today for 50% off in the Techdirt Deals store. This MiFi is unlocked (you'll need a SIM card from your carrier), can connect up to 10 devices (laptops, cell phones, and tablets) and can keep you online for up to 16 hours with its large battery life. It's compatible with most networks (LTE on AT&T and T-mobile only, but works with 3G on others) and operating systems, allows you to control which devices can connect and uses a VPN pass-through and WiFi protected set up to help secure your connection. The touchscreen display helps you track your battery life, signal strength and data usage so you can stay under those infuriating data caps. You can also place up to 32GB on a microSD card and provide instant access to the files from the connected devices. This little device can keep you connected and secure in over 150 countries. Note:We earn a portion of all sales from Techdirt Deals. The products featured do not reflect endorsements by our editorial team.Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
As you might have read, the American Legislative Exchange Council (ALEC) has been losing some major clients lately, including Google, T-Mobile and Microsoft. Those companies have been quietly distancing themselves from ALEC, after critics have illustrated its ties to legislative assaults on climate change science and meaningful pollution standards. Before Google announced it was leaving the group last fall, chairman Eric Schmidt went so far as to accuse the legislative grist mill of "literally lying" about its role in climate change denial. In a response letter to Google, ALEC proclaimed Google's departure was "based on misinformation from climate activists who intentionally confuse free market policy perspectives for climate change denial." With T-Mobile, AOL, and Facebook quietly following in Google's footsteps (but not publicizing the reason for their departures), ALEC has apparently decided that its best course of action is to threaten lawsuits against those claiming ALEC denies climate change. ALEC has sent cease and desist letters (pdf) to a number of critics like Common Cause, the letters directing groups to the ALEC website where the organization insists it's not a opposed to climate change -- it's simply a "market environmentalist" dedicated to the "betterment of human health and well-being." Apparently climate change isn't the only sensitive topic for ALEC as the outfit tries to stem the flow of client departures. The group has also been sending cease and desist letters to companies like wirelesss MVNO Credo Mobile, which in recent months has been sending its subscribers missives hammering ALEC for its role in fighting community broadband. The small company markets itself as having an activist, pro-consumer edge, and has scored exceptionally well on the EFF's privacy report card. Credo's been busy pointing out to its subscribers how ALEC's model legislation, clearly visible on ALEC's website, has been used as the framework for roughly twenty state-level protectionist broadband bills nationwide. As we've frequently discussed, these bills are the worst sort of protectionist dreck, shoveled into the legislative bloodstream by the likes of AT&T, Comcast, Time Warner Cable and CenturyLink to protect its duopoly power from communities desperate for something better. Credo frames ALEC's participation in these efforts this way in a recent notice to subscribers:"The American Legislative Exchange Council—a shadowy corporate front group that works to enact discriminatory voter ID laws, weaken gun safety laws and eliminate environmental regulations—is now pressuring state legislatures around the country to ban cities from offering broadband Internet access. ALEC is pushing its anti-municipal broadband agenda through model legislation it has developed, which one municipal broadband advocate described as “the kind of language one would expect to see if the goal is to protect politically powerful cable and telephone company monopolies.” Many perennial funders and members of ALEC, including AT&T, Verizon, Comcast and Time Warner [Cable], stand to gain financially from these state laws because they eliminate the possibility of competition from city-run broadband services."In its cease and desist letter to Credo, ALEC first proclaims it's a respected think tank, not a lobbying apparatus. It also insists it doesn't "block" municipal broadband, the group simply advocates encumbering towns and cities with "certain steps," should they be interested in building their own broadband:"We demand that you cease making inaccurate statements regarding ALEC, and immediately remove all false or misleading material from the Working Assets and Credo Action or related websites and action pages within five business days," the letter, dated March 5, reads. "Should you not do so, and/or continue to publish any defamatory statements, we will consider any and all necessary legal action to protect ALEC." ALEC contends that it does not oppose city broadband but only advocates that certain "steps" be required before a municipality can provide telecom services. Additionally, ALEC takes issue with Credo labeling it as an organization that lobbies state legislatures at all, arguing that it is merely a "think-tank for state-based public policy issues and potential solutions."How exactly can you claim you don't oppose municipal broadband when you've played a starring role in opposing municipal broadband? Because many of the bills ALEC helps pass don't technically "block" municipal broadband. They are however usually saddled with language by ISP lawyers that effectively does the same thing. For example most of the bills prohibit communities from getting into the broadband business if their market is "served" by an existing provider. They then go on to define "served" to include satellite and cellular connections, while using extremely generous versions of zip code coverage analysis. Similarly ALEC doesn't lobby to pass these bills directly, their incumbent ISPs client do that. Regardless, Credo Mobile doesn't appear to be too worried about ALEC's threat, sending the organization a response letter (pdf) illustrating that not only does ALEC's own website document its opposition to municipal broadband, but so have numerous news outlets:"Not only does ALEC attempt to influence legislative outcomes, it clearly succeeds in doing so. As recounted in a 2011 Bloomberg News article, ALEC's model legislation on municipal broadband was the principal reason why cable companies were able to block Lafayette, Louisiana from offering high speed Internet access to its citizens (editor's note: Lafayette was ultimately able to offer gigabit connections via LUS Fiber, but only after a protracted legal fight against regional incumbents Cox and BellSouth (now AT&T)). "Under these circumstances, the language used in the statements you challenge -- "working to make sure it never happens" and "pressuring state legislatures" -- is well within the bounds of political discourse in making the point that ALEC's model legislation and positions have the intent and effect of encouraging enactment of state legislation effectively banning cities from offering broadband Internet access."It's not entirely clear what ALEC hopes to accomplish here, as its role in both climate change and municipal broadband is pretty clearly established by documentable history, news reports, and the legislative process itself. It's kind of like the town drunk, after months of being videotaped punching clowns in the face, becoming foul-mouthed and indignant at the mere mention of the odd number of clown black eyes around town. In fact the behavior is only bringing additional critical attention to ALEC's longstanding role as an organization that's useful to corporations looking to quietly shovel bad legislation through financially compromised state legislatures with the bare minimum of fuss or actual public debate.Permalink | Comments | Email This Story

Read More...
posted 11 days ago on techdirt
If you (lucky you!) don't pay attention to the latest craze among the internet media, you may have missed the mid-to-late-March hype cycle around two livestreaming apps that are available via Twitter. The initial darling was Meerkat, which became this year's annual darling-for-a-week at SXSW. Soon after, it was eclipsed by Periscope, a startup that Twitter bought, just about the same time it pulled Meerkat's ability to push notifications out to users. Both offer the same basic idea: enabling Twitter users to easily livestream video to their followers. Of course, livestreaming is not a new concept. It's been around for ages, and things like Ustream and JustinTV are well-known. Even BitTorrent has tried to get into the livestreaming game. Not surprisingly, livestreaming technology has been particularly useful for newsworthy situations -- and have been used extensively in violent clashes around the globe or at protests like in Ferguson, Missouri last summer. But, of course, Hollywood absolutely hates such things. For years, they've argued that Ustream and JustinTV were destroying their businesses because some people would turn on a television and set up their phone or computer to livestream whatever they were seeing. So it should come as little shock that right after the media hype cycle around Periscope and Meerkat, a whole series of silly articles started appearing about the copyright consequences of livestreaming. The Guardian warned that these new livestreaming apps "could cost unwary brands dear." Billboard warned that these two new apps created a "legal minefield" because a song playing in the background might (*gasp*) infringe on someone's copyrights. The Atlantic warned that these apps were enabling "a new kind of internet pirate." And, CBS really went the distance with a fearmongering headline about how Periscope and Meerkat "threatened" the "multi-billion dollar sports broadcast copyrights," even though they do no such thing (and, in fact, that article speaks to no actual sports officials, whereas when Major League baseball was asked, it noted that it sees no real threat). And, rather than admit that (1) livestreaming has been around for ages and hasn't really been a serious drag on revenue, and (2) it's not a particularly good user experience for watching broadcast content anyway, various folks in Hollywood lost their minds about these two new services. The main culprit? HBO. After there were a few scattered reports of various Game of Thrones fans using Periscope to broadcast the latest episode of the popular show, HBO decided that it's all Twitter's fault, and who cares about DMCA safe harbors, something must be done, and Twitter has to do it: "We are aware of Periscope and have sent takedown notices," an HBO spokeswoman said in a statement. "In general, we feel developers should have tools which proactively prevent mass copyright infringement from occurring on their apps and not be solely reliant upon notifications." There are two issues there. First are the takedowns -- which is a part of the DMCA. But the second part is asking for Twitter to go Beyond the DMCA and to start proactively reviewing and policing the content that is streaming over Periscope. This is a bad idea for a whole variety of reasons that both Twitter and HBO should already understand. First, such efforts inevitably lead to takedowns that block important, legitimate, non-infringing speech. Considering how Periscope and Meerkat are designed for livestreaming events right now, blocking those could lead to important content never seeing the light of day at all. The chilling effects could be massive. On top of that, there is little to no evidence that unauthorized streams of Game of Thrones are doing any harm whatsoever. In fact, Game of Thrones is often the prime example of how unauthorized streams have helped certain content get more attention and more long-term committed fans. Both a director on the show and Time Warner's CEO (who owns HBO) have admitted as much. So why the collective freakout about these new apps? It seems, as is the tradition among some in Hollywood, any new technology that might possibly be used for some amount of infringement must be loudly condemned and shamed. Despite the fact that this policy never works, and tends to just lead to widespread ridicule, it is the only gameplan that the old guard in Hollywood have. They could embrace these things. HBO execs -- especially with the launch of HBO's new streaming services -- could be highlighting how much better the official streaming experience is than the crappy Periscope/Meerkat experience. But, what fun is that? That, apparently, takes work.Permalink | Comments | Email This Story

Read More...
posted 12 days ago on techdirt
I love chess. As the original multi-player turn-based strategy game, chess serves as the backbone for many a modern era game, for which it has my respect. Despite this love I have for the game, I happen to be quite horrible at it, but that only makes me all the more reverent of those that master its wily machinations. Kasparov is a name I know solely because he was a grand champion, one of those faces of chess that spurred on so much intrigue as people wondered just how he was able to dominate his opponents so completely. Gaioz Nigalidze was one of those folks, too, having attained the title of grandmaster, but now he isn't. He might actually be as good as advertised, but we can't trust that he is any longer because he was found to be using a iPhone to cheat his way through a match. The plot begins and ends, as all good plots do, in the toilet. On Saturday, Nigalidze, the 25-year-old reigning Georgian champion, was competing in the 17th annual Dubai Open Chess Tournament when his opponent spotted something strange. “Nigalidze would promptly reply to my moves and then literally run to the toilet,” Armenian grandmaster Tigran Petrosian said. “I noticed that he would always visit the same toilet partition, which was strange, since two other partitions weren’t occupied.” Yes, the strange part was which toilet Nigalidze used, not the fact that his bladder decided to punctuate each move with a potty trip. As it turns out, Nigalidze had hidden an iPhone in one of the restrooms, wrapped in toilet paper because there ain't no stealth in chess, and had been running the game he was playing through an application that analyzed and suggested moves. In other words, he totally h4x0red that chess tournament, ya'll! It turns out that being the Barry Bonds of chess isn't great for one's career and Nigalidze's past and future have both been placed in jeapordy. Nigalidze was expelled from the tournament, which is still ongoing and features more than 70 grandmasters from 43 countries competing for a first-place prize of $12,000. The Georgian’s career is now under a microscope. His two national titles are under suspicion. And under recently tightened rules against cheating, he could be banned for up to 15 years. This has reportedly sent the chess world into some kind of insane tailspin over concerns that, now that someone has proved that cheating in tournaments with a small device such as a phone is doable, who knows how many other of our revered grandmasters are big, steaming, salty cheat-burgers? The ancient game is now understood to be relatively easy to master with something as common as a smartphone, which means chess tournaments are about to get way more TSA-like with security, I guess. Permalink | Comments | Email This Story

Read More...
posted 12 days ago on techdirt
Hey, budding adults! Welcome to college! Now, kindly shut up for the next few years. Cal Poly Pomona’s campus policies impose a web of restrictions before students can distribute literature on campus: They must check in with the Office of Student Life, allow the school to copy their IDs, and wear badges signed by an administrator. Even then, would-be speakers are relegated to the so-called “free speech zone.” Badges can only be issued from 8 a.m. to 5 p.m. on weekdays, although the Office of Student Life pledges to “work with” any student who wishes to engage in expressive activity on evenings or weekends. Additionally, students must register in advance for outdoor events, and the Office of Student Life must approve all flyers and posters. That's what the First Amendment has been reduced to at Cal Poly Pomona: asking permission, wearing "free speech" badges and a standing-room-only patch of ground. These restrictions have prompted a lawsuit from student Nicolas Tomas, who alleges campus police prevented him from handing out pro-vegan fliers on a campus sidewalk and directed him to jump through the college's many speech-curbing hoops before exercising his First Amendment rights. Despite being a public college -- which should encourage it to keep its free speech meddling to a minimum -- Cal Poly Pomona continues to issue policy-related "Presidential Orders" that strip away students' First Amendment rights. Because some of these orders haven't been made public, they're open to abuse, as Tomas points out in his lawsuit. Together, the policies establish an unconstitutional “free speech zone” and impose unconstitutional prior restraints on expressive activities that limit free expression at Cal Poly Pomona. The policies are contradictory, confusing, and do not provide adequate notice to students regarding Cal Poly Pomona’s policies on free expression. For example, the Student Life webpage on the Cal Poly Pomona website provides links to the Interim Freedom of Expression Policy (dated 2002) and the 2008 Presidential Order policies, but not the 2014 Presidential Order. The inconsistent policies allow administrators to pick and choose provisions that they are going to enforce, allowing them unlimited discretion to promote or silence speech based on its content or the identity of the speaker. At some point between March 5th and today's date, CPP personnel updated the site to include the missing 2014 Presidential Order. No new link is provided, nor has the title of the existing link ["New Presidential Order: Use of University Buildings, Facilities, or Grounds (PDF)"] been altered. Only the destination document has. Instead, whoever was in charge of this simply swapped out the 2008 Order for the 2014 Order without any indication this change had taken place. Crafty. Cal Poly Pomona vows to respect your free speech rights, provided you inform the administration 10 days in advance, are granted permission to speak and are willing to wear a speech permit while remaining in the properly-designated area. That's just not how free speech works. Tomas is hoping his lawsuit will result in the school's policies being found unconstitutional. Even if Tomas can't get the constitutionality declaration and permanent injunction he's requesting (along with damages and costs), maybe his efforts will push the school to reconsider its policies. Permalink | Comments | Email This Story

Read More...
posted 12 days ago on techdirt
With it now relatively clear that nobody will tolerate outright throttling or blocking of services, we've noted repeatedly how ISPs have turned their gaze toward other, more subtle ways of abusing their gatekeeper mono/duopolies on the net neutrality front. The most notable being interconnection -- or intentionally degrading service to extract new tolls from content companies, and zero rated apps -- or letting some content bypass the cap if a content or service company is willing to pay ISPs a premium. Both battlefields obviously benefit the ISPs and content companies with the deepest pockets. One of the major reasons Facebook and Google were so quiet during the latest round of the net neutrality fight is because they were happy with the original 2010 rules, given they didn't cover wireless whatsoever. But they were also happy about the loopholes regarding zero rated apps, which play a starring role in the companies' future global ambitions. Zero rating is particularly important to the companies overseas, where both offer free, walled-garden internet access where their services get preferential treatment from wireless carriers (see Facebook Zero or Google Free Zone). With the neutrality debate taking root globally, both Facebook and Google are taking increased criticism for "supporting net neutrality in the US" (though, as we've noted, they really haven't) while pushing for zero-rated models that trample neutrality overseas. In India for example, regulators are now being bombarded with comments from a public that's realizing just how badly these models tilt the entire massive playing field toward the gaping maws of industry giants, whether that's the regional wireless company, Facebook, or both: "Reliance’s deal with Facebook, called Internet.org, effectively gives you one social network at no cost, while forcing you to pay for others like LinkedIn. It might seem like the company being generous, but it only works because Facebook and Reliance were able to strike a deal. A smaller social networking firm that doesn’t have Facebook’s resources or influence would find it harder to build an audience, because they’re competing with a free service....Pahwa pointed out that this strategy could result in dominance of major players in the market and crowding out of others who can’t afford to “strike deals or pay up for getting access to the fast lane". Indian Internet users aren't alone in realizing the problems inherent in zero rated apps. A growing chorus of Internet content companies have started backing away from zero rated efforts like Airtel Zero or Facebook's Internet.org deal with Reliance. The Times Group, India Today, NDTV, IBNLive, NewsHunt, and BBC have all pulled out of the initiatives citing the bad precedent set in cherry picking which content gets a free ride. Flight, hotel and travel price tracking website Cleartrip also dropped out, posting to their blog that such exclusionary practices are against the company's DNA: "...the recent debate around #NetNeutrality gave us pause to rethink our approach to Internet.org and the idea of large corporations getting involved with picking and choosing who gets access to what and how fast. What started off with providing a simple search service has us now concerned with influencing customer decision-making by forcing options on them, something that is against our core DNA." While the neutrality debate in India may be fresher, the public and industry there are already more in tune to the threat posed by zero rated apps than many U.S. customers and companies are. And the U.S. and India are obviously seeing more conversation on this issue than, say, markets in Africa. There, in many markets, users are happy to get access no matter what it looks like, and Google and Facebook are aggressively jockeying for pole position over billions in new advertising eyeballs. These services in particular are a two-sided coin. On the one side, both companies are correct in noting that the services deliver limited web access (and all the great things that entails) to those who currently don't have service. On the other hand, as Susan Crawford highlighted a few years ago, what these users are getting is a notable bastardization of the internet: "For poorer people, Internet access will equal Facebook. That’s not the Internet—that’s being fodder for someone else’s ad-targeting business," she says. "That’s entrenching and amplifying existing inequalities and contributing to poverty of imagination—a crucial limitation on human life." If you're building internet access from the ground up dominated by a few ISPs and a few content gatekeepers, it certainly makes you wonder what kind of strange monstrosities these models evolve into. When the internet starts from a place of openness, companies have a steeper uphill climb. Here in the States, both AT&T and T-Mobile have struggled to convince the public that these models heavily benefit consumers. AT&T has been setting a horrible precedent by allowing deep pocketed companies to bypass usage caps, pitching the concept as "1-800" or "free shipping" for data. T-Mobile's had better luck convincing users that exempting only the biggest music services is a consumer boon for the ages (it's not, because it puts non-profits, independents and smaller companies in an immediate competitive hole). While zero rated apps are now banned by net neutrality rules in a growing list of countries (Chile, Slovenia, The Netherlands and Canada), the FCC's new rules appear to take a hands off approach to zero rating. That's a decision you can be sure Facebook and Google -- both still frequently praised in the media as champions of net neutrality -- had notable input on.Permalink | Comments | Email This Story

Read More...
posted 12 days ago on techdirt
By now, you may have heard the story about how two TSA agents at Denver International Airport were fired recently after it was revealed that they had worked out a scam by which one agent was able to grope and fondle the genitals of male massengers he found attractive. The plan involved him signalling to a colleague who was working the scanning computer. That agent would tell the computer that the individual being scanned was female, which apparently would set off an "anomaly" alert for the groin area, allowing the male TSA agent to conduct a "pat down" of that area. Leaving aside the fact that these computers even have "male" and "female" settings and it can determine an "anomaly in the genital area" if they don't match -- this kind of thing was exactly what many insisted was going to happen when the TSA put in place these advanced screening procedures. And if you think that this is the only case of it happening, well, then, you probably think the TSA doesn't rifle through and steal stuff from your luggage as well. Now here's the thing: this only came out because the TSA agent blabbed about it to a colleague, who then reported it, leading to an investigation. Many people find it odd that the two TSA agents (who are still unnamed) merely lost their jobs, rather than got arrested for this activity. Chris Bray, over at TSA News (found via Amy Alkon -- herself no stranger to intrusive TSA searches), went and grabbed the actual Denver police report on the incident, revealing that it appears that the TSA set up its "investigation" in a manner to almost guarantee no criminal charges and that the names of the TSA agents would remain secret. Specifically, the TSA was first told about this scheme on November 18th of 2014. First, it took nearly two months for the TSA to do anything about it, and it did not contact the police during this time. Instead, on Feburary 9th, TSA investigator Chris Higgins observed the screening area and saw the signal/button push/grope of the genitals. Higgins made no attempt to speak with or identify the victim of this assault (this is important). Instead, he just spoke with the two TSA agents who were terminated at some later time (exact date not clearly indicated). The Denver police were not told about any of this until over a month later, on March 19th, 2015, at which point they noted that without a named "victim" there wasn't much they could do. On that same day, the inspector, Higgins, told the Denver police that he had also spoken with a deputy district attorney who had told him that without a victim, it was unlikely they could prosecute a case. It's unclear when that conversation took place, but it appears that the TSA had plenty of time to fire the TSA agents and make it basically impossible for the police to file a case before then telling the police what happened. As Bray notes, this all seems rather suspicious, as if the TSA's "investigation" was much more about covering up the TSA's misdeeds, rather than holding the agents responsible: So in November of 2014, the TSA was warned that two of its officers were currently, actively conspiring to commit sexual assault. But the TSA did not notify the police about that anonymous tip. The Denver Police Department is the agency that regularly polices Denver International Airport; the DIA Bureau is listed on this directory. If the TSA had notified the police about the tip in November, the police could have been watching the checkpoint to observe the groping incident that was instead witnessed by a TSA employee. But the police didn’t know about an allegation of active, current, ongoing sexual assault, because the TSA didn’t tell them. And so an act of sexual assault occurred right in front of a TSA investigator — and the investigator let the victim walk away without approaching him and identifying him. Then, in March 2015, the TSA informed the police of the allegation, and of the evidence of the event that a TSA investigator had personally witnessed more than a month before. But the TSA didn’t notify the police until both employees had been fired — in other words, until both participants in a scheme to commit sexual assault had been removed from the place in which they allegedly committed it. It’s as if someone called the fire department to report a pile of cold ashes. The TSA waited to call the police until the passengers were long gone, the TSA officers alleged to have committed the crime were long gone, and the crime witnessed by a TSA investigator was more than a month old. Isn't that convenient? Bray asked the TSA why it didn't contact the police earlier, and received a boiler plate response about how "intolerable" the actions were, but no substantive response to Bray's actual questions. Yes, the groping scheme is a scandal, but it seems like a much bigger scandal is how the TSA handled the case -- first allowing the criminal activities to go on for two months without notifying police, and then making sure that no one could be actually charged with a crime.Permalink | Comments | Email This Story

Read More...
posted 12 days ago on techdirt
One of the most interesting realizations in recent years is that done right, massive, open collaborations are not just an efficient way of working, but they scale in a way that can take us to entirely new levels. A good example -- and perhaps the first project to exploit this fact -- is Linux, which grew from a small bunch of hackers working together across the internet on some bedroom code into a global, distributed project that now dominates every sector of computing bar one (the desktop -- so far.) The open source methodology has inspired all kinds of cognate projects in different fields, including that of citizen science, which pools the efforts of large numbers of people working with simple tools to produce important results that can be published in academic journals. The best-known example of this is Galaxy Zoo, which asks members of the public to help classify some of the millions of images taken as part of the Sloan Digital Sky Survey, many of them unseen by any human previously. Adrian Bowyer, the man behind RepRap, an open-source project to construct a 3D printer that is capable of self-replicating -- that is, printing all of its parts -- has written a fascinating blog post about another application of citizen science. It involves hundreds of people taking a picture of the same patch of night-sky with their smartphones, and then uploading the digital image to the website of a BBC program, which coordinated the whole project. As Bowyer explains: Each individual picture was just a black rectangle -- not enough starlight had gone through the lens to make an image that could be seen. But some had gone through, and registered in the camera's pixels as a slightly less-dark patch of black. On its own, then, each image showed so little that it was impossible to make out anything. But this is what happens when you combine hundreds of them: A computer first matched them up by making sure that the centres of the prominent stars were all in the same place, and then added up the slightly-less-black bits to make the picture. Of course the pixels in all the cameras were not in the same place relative to the stars, which means that each camera pixel could be split into thousands of final-image pixels, which gives the fabulous resolution The resulting composite image (available as a 40 Mbyte tif file) looks like it was taken using a high-power telescope, and is a wonderful demonstration of how combining a large number of apparently insignificant contributions can create something unexpectedly impressive. Here's just part of the image: Typically, Bowyer wants to take this striking example of open, distributed collaboration even further: The human race is a species on which the stars never set. So let's make the Human Telescope. Set up a website to which anyone anywhere in the world can upload any sky images that they have taken with any digital camera, phone or telescope. The images will have a timestamp and a GPS location, and will be continually stacked by a computer in the background to give an exquisitely detailed evolving picture of the whole vault of the heavens. The world would become a great spherical insect eye looking at every star, galaxy, planet and nebula all the time. We would be automatically finding comets, supernovae and near-Earth asteroids. We would never miss an astronomical trick. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 12 days ago on techdirt
We've been pretty vocal about supporting the encryption of more and more web traffic. It's important for a variety of reasons, not the least of which is your privacy and security. A few months back, we were excited to see the Chrome security team suggest that it should start marking unencrypted web pages as non-secure. It appears that Mozilla is now joining in on the fun, proposing deprecating unencrypted HTTP web pages to encourage more web developers to go full on in support for encrypted HTTPS: In order to encourage web developers to move from HTTP to HTTPS, I would like to propose establishing a deprecation plan for HTTP without security. Broadly speaking, this plan would entail limiting new features to secure contexts, followed by gradually removing legacy features from insecure contexts. Having an overall program for HTTP deprecation makes a clear statement to the web community that the time for plaintext is over -- it tells the world that the new web uses HTTPS, so if you want to use new things, you need to provide security. It's a clever setup. Basically, if you want to take advantage of new features on the web, you'll have to encrypt. Meanwhile, it appears that Netflix has separately announced that it is moving forward with plans to encrypt all of its infrastructure with HTTPS to better protect your privacy as well: with our existing server infrastructure and the up to 50% capacity hit we had observed, driven by our traffic mix. At that time, we were uncertain of the gains we could achieve with software and hardware optimization and of the timescale for those. I'm pleased to report we have made good progress on that and we presented our FreeBSD work at the Asia BSD conference. We now believe we can deploy HTTPS at a cost that, whilst significant, is well justified by the privacy returns for our users. So, as we mention today in our investor letter, we intend to roll out HTTPS support over the coming year - for both our site and the content itself - starting with desktop browser tests at scale this quarter. In short, yes, deploying HTTPS at that scale is expensive, but the benefit to users is tremendous and worth it. It's still going to take a while, but we're getting closer to reaching that tipping point where an unencrypted web is a historical anomaly and that's a very good thing.Permalink | Comments | Email This Story

Read More...
posted 12 days ago on techdirt
Lots of cool materials have been inspired by biological materials -- like velcro and surfaces with lotus leaf-like structures. Nature has had a headstart of a few hundred million years to create some useful materials, so it's a great (and open) source of inspiration for new human-made materials that might further improve upon the stuff we already have. Here are just a few more examples of biomimicry that could be everywhere in the near future. There's a type of beetle (Tmesisternus isabellae) that has a color-changing ability based on the interaction of humidity with nanostructures on its forewings. A color-changing pigment inspired by this beetle can be made with colloidal photonic crystals, and these materials resist color fading or bleaching better than traditional dyes and pigments -- and could be used in anti-counterfeiting inks. [url] The Venus' flower basket sea sponge grows very strong cable-like hairs, called spicules, to anchor these creatures to the sea floor. These spicules are made of nested glass fibers and demonstrate the advantage of these microstructural details for optimizing material strength. [url] A new lightweight bulletproof vest design could look like fish scales, covering a body with a protective layer that allows the wearer to still move freely. Scale armor isn't new, but 3D printing the scales and coming up with optimal protective structures could make a better kind of personal armor. [url] After you've finished checking out those links, take a look at our Daily Deals for cool gadgets and other awesome stuff.Permalink | Comments | Email This Story

Read More...