posted 14 days ago on techdirt
We've talked plenty about the near total failure of the NSA and others in the intelligence community to consider the costs associated with their "collect it all" mentality. Much of the intelligence community's views seem based on the idea that the surveillance efforts would always remain totally secret. The NSA, in particular, appears to have never thought it possible that something like the Snowden revelations might happen, and the intelligence community still seems to be scrambling to figure out what to do in response. In the meantime, however, the impact on the internet has been very real and ongoing. Senator Ron Wyden -- who was one of very, very, very few politicians in DC to be talking out (loudly) about this prior to Snowden -- is coming to Silicon Valley tomorrow for what looks to be quite a discussion with some top execs from the tech industry about the "impact of mass surveillance on the digital economy." With Senator Wyden will be Google chairman Eric Schmidt, Microsoft General Counsel Brad Smith, Facebook General Counsel Colin Stretch, Dropbox General Counsel Ramsey Homsany and Greylocks' John Lilly (former Mozilla CEO). In other words, it's a pretty high level gathering -- and it's open to the public. I'll be there to cover it for Techdirt, but for anyone in Silicon Valley, feel free to register to attend.Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
Cloaking devices have been a part of science fiction and fantasy for ages, but so far, no one has really developed an invisibility cloak that works "like magic" without using some tricks that limit the effect to novelty illusions. Researchers are working on the problem, and there have been a few significant advances that are definitely getting better. Check out these videos to see how advanced physics is creating things that aren't quite indistinguishable from magic (yet). You can achieve some pretty nifty optical illusions with just a few standard lenses, such as this cloaking setup that looks almost too simple to work. There are also some simple things you can do with mirrors, but they're not quite as impressive because they only work under certain narrow conditions. [url] Metamaterials are getting some attention for their ability to create curious optical effects. Some metamaterials are nanocomposites that have been known since ancient times, but newer materials (with a negative index of refraction and other artificial properties) can be designed to create more controlled optical illusions. [url] Controlling light refraction can create a "cloaking" device of sorts that doesn't rely on lenses or mirrors or strange metamaterials. Simple prisms can be set up like mirrors and lenses, but the drawback for these kind of devices is also a limited range of viewing angles. [url] If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
If anything, the anonymous student should have been investigated for the egregious use of outdated slang. There’s no danger at Snow College after an anonymous former student threatened the school on Facebook, state officials said. No danger, because there was no threat. So, the past tense usage by "state officials" is completely wrong. Police believe the out-of-state male author of the post did not plan to hurt anyone, said Derek Walk, a campus police officer. Here's what was posted: Let's just say, homecoming weekend is gonna go out with a bang. And the football game is gonna be one no one is ever gonna forget. If you're like me, you're probably picturing lots of heavily drinking, possibly culminating in some gametime streaking. If you're like a lot of the commenters in this screenshot, you're apparently picturing a DHS-suspicion-raising shopping trip for pressure cookers and other fine explodables, followed by the opening scene of "The Last Boy Scout." Ultimately, no one was charged and locked up with insurmountable bail. Officers did serve a warrant to Google, which coughed up the IP address and ultimately tracked down the suspect. (Yes, I was also confused by this turn of events, but apparently one of the few roads to Facebook anonymity leads directly through Google Docs.) The only thing noticeably different was a larger police presence during that week, which went as routinely un-bombed as the countless weeks preceding it. No charges have been filed, nor does it appear there will be. Attorney General Sean Reyes praised the work of local officers. "We are pleased to have been part of this successful outcome," Reyes said in a prepared statement. Snow College President Gary Carlston added he’s happy no one was harmed over the weekend and is grateful for the officers’ quick response. Presumably, the student was fully cleared of any potential wrongdoing and mocked gently for his use of the phrase "going out with a bang" by an officer drawing the shape of square with his opposing index fingers. As usual, the thought process is: you can never be too careful. And while I appreciate the fact no one wants to be the one who ignores a potential threat because it doesn't sound scary enough, there's something to be said for not allowing a perpetual fear of rare, highly-isolated incidents to govern your official responses, much less your Facebook interactions. I personally think the anonymity aspect of the posting made it seem more threatening than one made by someone easily identifiable by other students -- something that would have allowed the use of context to frame the "confession." (And while we're on the subject, these same students don't seem too moved to report anonymous comments containing an actual specific threat, admissions of criminal behavior or use of slang even more outdated than "out with a bang.") I am, however, pleased that this incident didn't turn out like others have -- with someone arrested and/or facing excessive bail -- simply because panic has become the default mode in all school settings. Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
As you may recall, in the wake of the Snowden revelations, various tech companies got into a bit of a spat with the US government over the right to disclose FISA orders received under Section 702 of the FISA Amendments Act. These orders are what made up the PRISM program that got so much early attention, with some early reports implying, incorrectly, that the tech companies had given the NSA full access to their systems under the program. The reality is that the 702 program includes specific FISA court orders for access to specific information, not blanket access. What's unknown is just how narrow or broad those orders are, and that's partly because of a gag order that comes with any of those FISA court orders. In response, a bunch of those tech companies filed a lawsuit arguing they had a First Amendment right to reveal the number of orders they had received. Further, they noted that due to the early, misinterpreted reporting, they needed to be able to reveal how many orders they received, and how many people it impacted, to correct the faulty record on their level of sharing with the NSA. In January, the tech companies and the DOJ settled the lawsuit, with the US government agreeing to specific ways in which tech companies could reveal some information on those orders, but in a very limited way. Basically they could reveal some information in "bands." Depending on how they revealed the info, it could be in bands of 250 people or bands of 1,000 people -- but if you chose the 250 option, you also had to lump in National Security Letters (NSLs), making the information even harder to parse. While this was progress over nothing, it was a pretty small step forward. That's why we were happy to see Twitter come out in February and say that, while those other companies (including Google, Facebook and Microsoft) had agreed to that settlement, it was not good enough for Twitter, and that the company would keep pushing for the right to say how many FISA orders it had received. Apparently those negotiations with the DOJ haven't gone very well, as the company has now sued the US government over the issue. Twitter claims that it even asked for the ability to publish a redacted transparency report, but the DOJ even tried to block that. The full filing is worth reading. Twitter seeks to lawfully publish information contained in a draft Transparency Report submitted to the Defendants on or about April 1, 2014. After five months, Defendants informed Twitter on September 9, 2014 that “information contained in the [transparency] report is classified and cannot be publicly released” because it does not comply with their framework for reporting data about government requests under the Foreign Intelligence Surveillance Act (“FISA”) and the National Security Letter statutes. This framework was set forth in a January 27, 2014 letter from Deputy Attorney General James M. Cole to five Internet companies (not including Twitter) in settlement of prior claims brought by those companies (also not including Twitter) (the “DAG Letter”). The Defendants’ position forces Twitter either to engage in speech that has been preapproved by government officials or else to refrain from speaking altogether. Defendants provided no authority for their ability to establish the preapproved disclosure formats or to impose those speech restrictions on other service providers that were not party to the lawsuit or settlement. Twitter’s ability to respond to government statements about national security surveillance activities and to discuss the actual surveillance of Twitter users is being unconstitutionally restricted by statutes that prohibit and even criminalize a service provider’s disclosure of the number of national security letters (“NSLs”) and court orders issued pursuant to FISA that it has received, if any. In fact, the U.S. government has taken the position that service providers like Twitter are even prohibited from saying that they have received zero national security requests, or zero of a particular type of national security request. These restrictions constitute an unconstitutional prior restraint and content-based restriction on, and government viewpoint discrimination against, Twitter’s right to speak about information of national and global public concern. Twitter is entitled under the First Amendment to respond to its users’ concerns and to the statements of U.S. government officials by providing more complete information about the limited scope of U.S. government surveillance of Twitter user accounts—including what types of legal process have not been received by Twitter—and the DAG Letter is not a lawful means by which Defendants can seek to enforce their unconstitutional speech restrictions. It will be interesting to see how far this lawsuit goes. Unfortunately, the courts are often willing to give great deference to the government when it insists things need to be secret, but there's always a chance that a court may recognize the problematic nature of how the government gags companies in this manner.Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
Back in June, we wrote about an important ruling from a court in Oregon that found the process of getting off the Homeland Security "no fly list" to be unconstitutional. The government has continued to try to stall over this, but the judge has basically told the Justice Department to speed things up and to tell the plaintiffs whether or not they're still on the list, so that further legal action can move forward, if necessary (and, yes, it's likely necessary). From the official ruling: No later than October 10, 2014, Defendant shall identify to the Court and Plaintiffs which Plaintiffs, if any, will not be precluded as of that date from boarding a commercial aircraft flying over United States airspace. The court tells the US government that as soon as it realizes any of the plaintiffs shouldn't be on the list it needs to inform them of that fact, and for those that remain on the list, it needs to give a detailed reason: If Defendants determine after the interim substantive review of a Plaintiff's status that such Plaintiff is not presently eligible to fly over United States airspace, Defendants shall promptly and consistent with the Court's Opinion and Order of June 24, 2014: (a) give such Plaintiff notice of that determination; (b) give such Plaintiff an explanation of the reasons for that determination sufficient to permit the Plaintiff to provide Defendants relevant information responsive to such reasons; and (c) consider any such responsive information provided before completing the substantive reconsideration of such Plaintiff's DHS TRIP redress inquiry as ordered herein. It's pretty clear the judge finds the whole no fly list situation to be ridiculous, and the fact that these people haven't been able to fly for years with no recourse problematic: The Court notes the importance, complexity, and sensitivity of the issues raised and the remedies to be implemented in this matter preclude proceeding with undue haste. Nevertheless, in light of the fact that each Plaintiff has presumably been prevented from flying internationally and otherwise over United States airspace during the four years this matter has been pending, the Court concludes the time has come to resolve the claims of each Plaintiff on an individualized basis as soon as practicable. It seems entirely likely that the DOJ and DHS will continue to try to stall and delay, but Judge Anna Brown makes it fairly clear in her ruling that she's not interested in stalling attempts and will not treat them kindly.Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
A few years back, we wrote a series of articles about an operation called Vision Media TV (and a variety of other rapidly changing names, including WJMK, United Media, World Progress Report, and Great America HD, among many others). The basic "business" of this operation was to get a semi-famous TV personality to be the "host" of a TV show, then go around pitching gullible businesses that it was a legitimate TV show on "public broadcasting TV" or "national public television" and that they wanted to do a profile on that small business. The scam was you just had to pay a "small fee" (usually upwards of $20,000). Oh yeah, and the claims of being on TV were somewhat dubious as well. Among the "hosts" we had mentioned back then, there had been Joan Lunden, Walter Cronkite (!?!) and Hugh Downs -- all three of whom backed away after they were called out for participating in a scam. You can see a legal filing from a few years ago that goes through this scam in rather great detail. The scam continued to morph. A few years ago, under the name "In Focus," it was "hosted" by Martin Sheen, until that got called out and was shut down. Then it was "Outlook with Ben Kingsley." But the basics of the scam were the same. The semi-famous or famous "host" obviously just comes in for like a day of reading intros on a cheap TV set, and then they show a "profile" on the company who paid big bucks. The claims of being on "public TV" are massively exaggerated to downright bogus. The NY Times did a big expose on this scam back in 2008. NPR did a detailed takedown in 2010. PBS itself has put out a warning to people not to believe the claims from these ever-rotating operations about their shows being on "public television." It notes that it has no association with any such show and PBS never solicits money from organizations to be on TV. But it keeps morphing, as evidenced by the Martin Sheen and Ben Kingsley versions, both of which happened long after those stories. The latest version uses the same basic playbook -- and this time the "talent" is famed football coach Jimmy Johnson, and the show is called "Leading Edge with Jimmy Johnson." The reason I know about this is because the somewhat clueless folks who work there decided to pitch Techdirt/Floor64 to be on the program (apparently unaware that we'd written about scammers like themselves before): My name is Barbara Rock, I'm the assistant to Mr. Bill Thomas who is the Sr. Producer for Leading Edge on National Public Television. If you're not familiar with the program, it's an interstitial news break that airs prime time in the U.S. on National Public Television just after The Nightly Business Report. The reason for my contact Mr. Thomas will be producing a few segments for our upcoming season highlighting innovative breakthroughs and solutions that are changing the way we live and work, and our research department has forwarded to Mr. Thomas a general profile on Floor64 as a possible invite to the program for this segment. If you have a few minutes one day next week, Mr. Thomas would like to discuss this with you in more detail, to learn more about Floor64 and to see if the organization would be a good fit for this segment. Note the careful word choice. "National Public Television," not PBS (though, a neat attempt to confuse with National Public Radio). Also, whoever is behind "Leading Edge" also is doing some fairly dodgy SEO work. They've registered a ton of domain names like "leadingedgeseriespbs.com" (and .org and .biz and many more) trying to imply an association with PBS that isn't really there. According to the Washington Post article linked above, they did the same with the Martin Sheen show, with numerous sites using combinations of "Martin Sheen" and "PBS" in the URLs, but with small disclaimers elsewhere saying they're not associated with PBS. That article also notes that the actual contract terms say that the videos "will be distributed" to "public Television stations in all 50 states," with potential "estimated viewership and reach for one year [of] 60 million households." Yes, again, carefully ambiguous language. By saying "distributed" it just means they'll send them out -- not that anyone will air them. I sought more information from "Barbara Rock" and she was rather straightforward in admitting that we would have to pay -- though she insisted that it wasn't a fee to be on the show, even though it clearly was: For starters this is not a “pay-for-play” where we would be asking Floor64 to buy airtime. As a matter fact Public TV does not sell commercials. An interstitial news break is the 5 min. between programs on Public Television. The only costs associated is a pre-production/underwriting fee of $18,900 plus travel. In addition to being featured on The Leading Edge program Floor64 would also receive a fully produced 5 min. corp. demo and a fully produced 1 min. commercial that would air primetime on CNBC 50 times in the markets of your choice. All production and distribution is included in the fee. Again, note the careful choice of words. You're not "buying airtime" -- just "pre-production, underwriting." Real TV programs don't do that. She also followed up on the claim about PBS/public television saying: Our program airs across the country on Public Television, some of which are PBS affiliated, however our segments run on all Public TV stations not just the ones that are PBS affiliated. Our presenting station is KRCB in San Francisco. So she claims they run on "all Public TV stations" which is clearly a bogus claim. Furthermore, if you click on that KRCB link, the URL suggests it was once about "Leading Edge" but now takes you to a "page not found" link, so if KRCB ever did show Leading Edge, that appeared to have gone away. I asked Barbara about this missing link, and she apparently decided I was asking too many questions, refusing any further responses. I also reached out multiple times to KRCB's senior executives, Nancy Dobbs and Larry Stratton, both of whom refused to respond to email and phone requests for comments. I'm not sure why, but that certainly seems fairly sketchy. However, before Barbara stopped responding to me, she did offer two examples of companies that had participated in the Leading Edge series as enticements as to why I might be interested: GigaOm and DocuSign. Now, I know folks at GigaOm, and they're not ones to be taken in by a scam like this. But, indeed, there they are, featured on the Leading Edge site. I reached out to people from GigaOm, and was told it was a video that was recorded years ago, and not for "Leading Edge." However, their response does suggest that, perhaps, GigaOm got taken in by a different version of the scam a few years back. They told me that "the video was produced and licensed to Public Television for limited distribution through May 2013." However, GigaOm "did not have any knowledge it was being used by Leading Edge nor did we authorize or condone its use for this purpose." The company further said that it is looking further into the matter and may "take legal action to prevent it from being used by Leading Edge in the future." No matter what, this seems like another version of the same old scam, tricking businesses into paying big bucks for questionable claims of being on "public television" on a show hosted by some celebrity. Indeed, if you do a search, you can find a bunch of businesses in press releases about how "Leading Edge with Jimmy Johnson" will "host an upcoming segment" on whatever it is that business is doing. Hopefully, with a bit more attention, Jimmy Johnson will back away from this, the same way Walter Cronkite, Hugh Downs, Joan Lunden, Martin Sheen and Ben Kingsley did in the past. But, of course, it seems likely the deal will just morph and be back with another semi-famous "host" soon after.Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
Last week, the UK Home Secretary pitched the current UK government's plan to ramp up anti-terror laws to further stamp out privacy and free speech rights in the UK. This week, Keith Bristow, director general of the National Crime Agency, doubled down by arguing that he needs to teach the public that of course they need to give up liberty if they want security. He argues that "public consent" is necessary, but that legislation is "public consent" and thus he needs to help convince the public (or, really, Parliament) to cough up some liberty. He said: “If we seek to operate outside of what the public consent to, that, for me, by definition, is not policing by consent … the consent is expressed through legislation.” He added that it was necessary to win “the public consent to losing some freedoms in return for greater safety and security”. And while the famed Ben Franklin quote on "safety" v. "liberty" is mostly used out of context, that doesn't lessen the importance of the premise behind it. Giving up liberty for the sake of presumed (without evidence) security is a very dangerous game, often used by those who just wish for more control and power, not any actual concerns with safety and security.Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
Ebooks have many advantages, but as Techdirt has reported in the past, there are dangers too, particularly in a world of devices routinely connected to the Net. Back in 2010, we wrote about how Amazon was remotely uploading information about the user notes and highlights you took on your Kindle. More recently, we reported on how a school was using electronic versions of textbooks to spy on students as they read them. Against that background, you would have thought by now that companies would be sensitive to these kinds of issues. But if Nate Hoffelder is right, there's a big privacy problem with Adobe's Digital Editions 4, its free ebook reading app. Here's what Hoffelder writes on his blog, The Digital Reader: Adobe is tracking users in the app and uploading the data to their servers. (Adobe was contacted in advance of publication, but declined to respond.) Specifically: Adobe is gathering data on the ebooks that have been opened, which pages were read, and in what order. All of this data, including the title, publisher, and other metadata for the book is being sent to Adobe’s server in clear text. Yes, not only is the app spying on you, but it is sending personal information unencrypted over the Net. And it seems that this is not just about the ebook you are currently reading: Adobe isn't just tracking what users are doing in DE4; this app was also scanning my computer, gathering the metadata from all of the ebooks sitting on my hard disk, and uploading that data to Adobe’s servers. These are all serious accusations, and completely unacceptable if confirmed. At the very least, an independent investigation by Ars Technica has now confirmed all of the important details, though Adobe has still stayed silent. However, this also highlights why many people prefer to use pirated editions without DRM, which can be read on any suitable software: not because they're free, but because they're better products in just about every way -- for example, in respecting your privacy. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
A district court in Missouri has granted an injunction filed against the police in Ferguson for their ridiculous "5 second rule" that was used to arrest numerous protestors. The rule was that if you stood in place for more than 5 seconds, you could be arrested -- with the goal of (a) keeping protestors moving and (b) having an excuse to arrest a bunch of protestors. Mustafa Abdullah, with help from the ACLU, sued over this and the court has agreed that the rule is clearly unconstitutional, and thus a preliminary injunction has been granted. The court notes that standing in place for 5 seconds is not a legitimate standard to be used for Missouri's "failure to disperse law" (or any other law). First, the court doesn't buy the police's claim that the 5 second rule matches up with the failure to disperse law: This statute provides no defense to this suit for several reasons. First, people were not told to “disperse” – in other words, to leave the area. Instead they were told to keep moving. Second, the order was given even when there were fewer than six people gathered. The evidence included examples where the order was given to one person alone, to three people attempting to pray, to a reporter and one other person, as well as to larger groups. And the order was given to people who were doing nothing to indicate they intended to violate laws of any sort, much less to engage in violence. In fact, nearly all of plaintiff’s fact witnesses testified that despite gatherings that were peaceful and law-abiding at the time, officers told people they must keep moving or they would be arrested. Then there's the question of due process. And, once again, the 5 second rule is problematic: Plaintiff is likely to succeed on the merits of showing that the keep-moving policy violates due process in both ways. Of course, in this situation there is no statute or ordinance being challenged. Rather, it is an unwritten policy, given to officers at their roll calls, instructing them to order people to keep moving whenever the officers thought it was appropriate to do so. Some officers told everyone to keep moving, so if plaintiff was unlucky enough to be standing in the vicinity of those officers, he would be told to move. Some officers told people they would be arrested if they did not move, but at least one officer told people that they had to keep moving but probably would not be arrested if they failed to comply. Some officers interpreted the policy to mean that people had to walk at a certain speed, others told people that they could not walk back and forth in a certain-sized area. Some officers applied it to members of the press, while others did not. Plaintiff and his other witnesses testified that they could not tell what would or would not be allowed at any given moment. The rule provided no notice to citizens of what conduct was unlawful, and its enforcement was entirely arbitrary and left to the unfettered discretion of the officers on the street. This policy “necessarily entrusts lawmaking to the moment-to-moment judgment of the policeman on his beat.” See Kolender, 461 U.S. at 360 (brackets and quotation marks omitted). Like the gang loitering ordinance found unconstitutional in Chicago v. Morales, 527 U.S. 41 (1999), the keep-moving policy cannot meet constitutional standards for definiteness and clarity. And then the good old First Amendment: I conclude that it is likely plaintiff will prevail on the merits of his First Amendment claim, and given my conclusions about the Due Process claim, I need not at this time discuss the First Amendment issues in detail. The keep-moving policy – as it was applied to plaintiff and others – prohibited citizens from peacefully assembling on the public sidewalks. Although the state has a valid interest in maintaining order on its streets and sidewalks and in preventing violence by crowds, this interest is not sufficient to apply such a blanket rule to people assembling peacefully.... The evidence showed that the strategy burdened substantially more speech than was necessary to achieve its legitimate goals. In fact, one of the police witnesses testified that it only worked well during the daytime when there were no large crowds and no threats of violence – when the crowds grew unruly, telling them to keep moving was not an effective strategy. Thus, defendants’ own evidence shows that this strategy fails the requirement that “the means chosen are not substantially broader than necessary to achieve the government’s interest,” Nice to see this ruling, though it would have been nicer to have this earlier -- but hopefully it will at least prevent future such actions.Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
Techdirt has been covering the "Comprehensive Economic and Trade Agreement" (CETA) between the EU and Canada for a while now. Or rather, trying to, given the obsessive secrecy that has surrounded the negotiations, just as it does for TAFTA/TTIP and TPP. However, the agreement's text has now been officially released (pdf) -- on the day that those negotiating it declared it finished. This means that at precisely the moment when the people most impacted get to see what has been agreed to in their name, there is no point in expressing their views, since nothing can be changed. This is the shabby trick that governments routinely pull for these kinds of deals: the public is promised that it will have its say once the final text is available, but when that moment comes, people are informed that obviously no changes can be made since it has already been finalized. However, in CETA's case, it's not quite so simple. During the ceremony marking the end of the negotiations, the leaders of Canada and the EU declared: Today marks a truly historic moment in the evolution of the Canada-EU relationship as we celebrate the end of negotiations of the Canada-EU Trade Agreement. Not "sign", but "celebrate". That's because Germany is threatening to withhold its support for CETA, as reported here by The Star: New doubts about the fate of Canada’s long-sought free-trade deal with the European Union have cast a shadow over a meeting Friday where Prime Minister Stephen Harper and senior EU officials were to celebrate the completion of five years of negotiations. A day before the Canada-EU summit in Ottawa, Germany signalled it won’t approve the landmark trade pact in its current form because of objections to the investor-protection measures included in the Comprehensive Economic and Trade Agreement (CETA). It turns out that CETA contains many other deeply worrying aspects. That's doubtless why the negotiators were so keen to keep the text secret, but now that we have it, detailed analyses are coming through. The first in-depth look at what's lurking among CETA's 1500 pages comes from the Canadian Centre for Policy Alternatives (CCPA), which has produced a document called "Making Sense of the CETA: An analysis of the final text of the Canada–European Union Comprehensive Economic and Trade Agreement". Even that runs to over a hundred pages; what follows are some of the key points that it highlights. Significantly, CCPA's analysis begins with the most contentious aspect of CETA, the investor-state dispute settlement (ISDS) chapter. It's crucially important not just because Germany is refusing to accept it, but also because it is likely to form the basis of a similar chapter in TAFTA/TTIP -- the European Commission included a draft version of the chapter as part of its public consultation on corporate sovereignty, offering it as a blueprint. One of the European Commission's repeated claims is that it will "fix" ISDS by making it clear that governments always retain the right to regulate, and that corporate sovereignty does not overrule that right. But CCPA's analysis shows why that is not true in CETA, despite similar claims there: The 'right to regulate' is mentioned three times in the agreement. In the preamble, the parties simply 'recognize' that the CETA protects the right to regulate ("RECOGNIZING that the provisions of this Agreement preserve the right to regulate..."), yet the text fails to clearly and unequivocally confirm this right, especially in the investment chapter. The other mentions are to be found in the labour and environment chapters, so that, in effect, the CETA shields the right to regulate from any international obligations to protect labour or the environment but not from all the detailed obligations in the investment chapter. Also in the environment chapter, the right to regulate is limited by formulations which require environmental policies to be implemented “in a manner consistent with the multilateral environmental agreements to which they are a party and with this Agreement,” meaning that environmental policies have to be consistent with the CETA -- not the other way round. CETA also includes a definition of "investor" that will make it easy for US companies to sue the EU using CETA and "treaty shopping", just as Philip Morris is suing Australia via its Hong Kong subsidiary: For the purposes of this definition an 'enterprise of a Party' is: (a) an enterprise that is constituted or organised under the laws of that Party and has substantial business activities in the territory of that Party”). The reference to 'substantial business activities' is not enough to prevent 'treaty shopping.' For example, U.S. investors in Canada would be able to use the CETA investment provisions and ISDS to challenge European state measures. One major surprise is found in the chapter covering regulation. Like ISDS, this is already a hot issue for TAFTA/TTIP, where many fear that national sovereignty will be sacrificed to the corporate kind. CETA shows another way in which this can happen -- and which is likely to be adopted in TAFTA/TTIP as well: Parties to the agreement have to ensure that the licensing and qualification requirements and procedures are based on particular criteria to preclude regulators from acting in “an arbitrary manner” (Article 2.1). Specifically, covered regulations will have to be: “a) clear and transparent; b) objective; c) established in advance and made publicly accessible” (Article 2.2). Parties have to ensure “that licensing and qualification procedures are as simple as possible and do not unduly complicate or delay the supply of a service or the pursuit of any other economic activity” (emphasis added) (Article 2.7). Making licensing procedures "as simple as possible" sets an absolute value on the ease with which corporations can get their projects approved to the detriment of all other considerations. The CCPA report explains how this new requirement could have a major impact on regulation: If a dispute panel interpreted "objective" to mean "not subjective," regulations could be overturned if they are based on the regulator's necessarily subjective balancing of different factors such as public input, the scenic impacts of a development and environmental considerations. For example: Dispute panels could determine that public input, environmental assessments and archaeological studies do not constitute a process that is "as simple as possible." CETA also provides some hints about the shadowy Regulatory Council that TAFTA/TTIP is likely to set up in order to ensure the convergence of future US and EU regulations. The danger here is that such a council will effectively vet or change new regulations before they are made public, and allow corporations with privileged access to government sources to prepare their lobbying well in advance. Indeed, that's exactly how CETA's "Regulatory Co-operation Forum" will work: Parties will endeavor to share "proposed technical or sanitary and phytosanitary regulations that may have an impact on trade with the other Party at as early a stage as possible so that comments and proposals for amendments may be taken into account." This means that information on future legislation could be shared with the other Party even before it has been shared with their Parliaments. If that were the case, the other Party could make amendments and comments before the country's own parliament got their hands on the draft legislation. These are just a few of the awful things that are starting to crawl out of the CETA text now that it has been exposed to some sunlight. CCPA's excellent analysis is grim but required reading, not just in order to understand what is in CETA, but also as a taster for some of the bad stuff that is likely to turn up in TAFTA/TTIP too. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
Over the weekend, the NY Times revealed that it is the latest publication to receive notification from Google that some of its results will no longer show up for searches on certain people's names, under the whole "right to be forgotten" nuttiness going on in Europe these days. As people in our comments have pointed out in the past, it's important to note that the stories themselves aren't erased from Google's index entirely -- they just won't show up when someone searches on the particular name of the person who complained. Still, the whole effort is creating a bit of a Streisand Effect in calling new attention to the impacted articles. In this case, the NY Times was notified of five articles that were caught up in the right to be forgotten process. Three of the five involved semi-personal stuff, so the Times decided not to reveal what those stories were (even as it gently mocks Europe for not believing in free speech): Of the five articles that Google informed The Times about, three are intensely personal — two wedding announcements from years ago and a brief paid death notice from 2001. Presumably, the people involved had privacy reasons for asking for the material to be hidden. I can understand the Times' decision not to reveal those articles, but it still does seem odd. You can understand why people might not want their wedding announcements findable, but they were accurate at the time, so it seems bizarre to have them no longer associated with your name. The other two stories, however, again reveal the more questionable nature of this process: One Times article that is being shielded from certain searches in Europe is a report from 2002 about a decision by a United States court to close three websites that the federal government accused of selling an estimated $1 million worth of unusable Web addresses. The complaint named three British companies, TLD Network, Quantum Management and TBS Industries, as well as two men who it said controlled the companies: Thomas Goolnik and Edward Harris Goolnik of London. The case was later settled. Thomas Goolnik did not respond to messages left via social networking sites. Now, if the request was sent in by one of the Goolnik's, it seems especially questionable. The fact that they were involved in a legal dispute is relevant factual information, even if it was eventually settled. As for the other article... In the last of The Times articles, a feature about a 1998 production of “Villa Villa” by the ensemble called De la Guarda, it was much harder to divine the objection. Not a review, the article explored how the antic, acrobatic show was managing “to get a generation raised on MTV interested in seeing live theater.” It's unclear from that article what someone is upset about. There are a few people named (though many are Americans who aren't supposed to be filing for such requests). And, even with the quotes it's difficult to see how any of them could upset someone. The only thing that caught my eye is that the story quotes a "27-year-old art student" named Feliz Skamser. Skamser's quote is innocuous "It was like a dream, only more intense," but the very same sentence awkwardly inserts a quote from The Guardian (not from Skamser) calling the show "theater as good as sex." If people read the sentence quickly, perhaps some might think that Skamser said that latter quote -- and perhaps she was annoyed that people were associating her with a quote about sex? Or maybe she just doesn't want people to know she went to the theater? A search on her name will turn up that story on the American Google, but not the UK Google. Once again, though, we're left wondering how this setup makes any sense at all. If the information was accurate at the time, then why should it be removed?Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
If you look closely enough at nearly anything, you're bound to find some fascinating details. With the right tools, you can see single-celled organisms are literally everywhere (and viruses are even more ubiquitous). The biodiversity of soil is obviously important to farmers, but there are other interesting things we can find out when we quantify the dirt under our feet. If you've ever wondered what's in dirt, check out these links on soil. Soil ecologists checked out some 600 samples of dirt from Manhattan's Central Park and discovered, surprisingly, that the soil contained almost 170,000 different kinds of microbes -- a similar biodiversity to soils found in far less urban locations. These soil researchers also found about 2,000 species of microbes unique to Central Park. [url] Prospecting for oil by looking for certain microbes in soil samples is a technique that's been around since the 1930s. With improving biotech, identifying microbes in oil fields could lead to faster and more accurate prospecting for energy-rich deposits. [url] There's a lot of life going on in soil (aka the pedosphere) with millions to billions of microbes in each gram of dirt. Additionally, fungi, protozoa, earthworms and nematodes are hopefully thriving in healthy soil that we just see plants growing. [url] If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
The CIA's spying on Senate staff members during the compilation of the "Torture Report" (last seen delayed until late October) provoked some righteous (but hypocritical) indignation from political figures who were otherwise fans of government surveillance of American citizens. Dianne Feinstein's dismay may have been genuine, but it was also completely tone-deaf. CIA director John Brennan said no spying occurred while also admitting some spying had occurred. Further details revealed by an Inspector General's investigation noted that spying continued after Brennan finally told everyone to knock it off, using a classified "hacking tool" to peer into Senate staffers' email accounts. Nothing further has been forthcoming about the subject. The DOJ said it wouldn't investigate the issue and calls for Brennan's resignation have been ignored. The Office of the Inspector General obviously has a deeper read on the tactics used and who was involved, but all the CIA's been willing to part with is a one-page summary. The one-page document points at impropriety but doesn't fill in the blanks. “That doesn’t give you any information about what actually happened, how purposeful this was, how high-level these people were,” EPIC associate director Ginger McCall told The Hill. “Were these high-level agency officials versus just minions down at the bottom?” “There’s not a lot of information in this and it certainly doesn’t say anything about what they’re doing to remedy the problem or how these people are being dealt with,” she added. “That’s what we’re interested in finding out.” EPIC is now suing the CIA over its refusal to respond to a FOIA request for the full report. The lawsuit [pdf link] notes that the group has "exhausted all remedies," which is certainly true if the "responding agency" doesn't bother to respond. EPIC is also asking for several more stipulations to be granted along with the release of the requested document. WHEREFORE, Plaintiff prays that this Court: A. Order Defendant to conduct a reasonable search for all responsive records; B. Order Defendant to promptly disclose to EPIC responsive records; C. Order Defendant to produce a Vaughn Index identifying any document or portion of a document withheld, stating the statutory exemption claimed, and explaining how disclosure would damage the interests protected by the claimed exemption; D. Order Defendant to grant EPIC news media status; E. Order Defendant to grant EPIC a fee waiver; F. Order Defendant to grant EPIC expedited processing; G. Award Plaintiff its costs and reasonable attorneys’ fees incurred in this action pursuant to 5 U.S.C. § 552(a)(4)(E) (2013); and H. Grant such other relief as the Court may deem just and proper. It may seem like EPIC is jumping the gun by pulling the trigger* on an FOIA lawsuit a mere two months after requesting the documents. But look at it this way: it could have waited for six months… or a year… and still have been ignored or denied. Leading with a lawsuit is nothing more than playing the FOIA game efficiently. If the responding agency doesn't bother to respond within the statutory deadlines, you may as fire off a lawsuit to get the process moving. *Shoutout to Thomas Friedman, yo! Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
FBI Director James Comey was on 60 Minutes on Sunday, in a segment that will continue next week as well. Apparently next week is when we'll find out his views on mobile encryption and whether or not the FBI is spying on all of us, but this week, he gave us a tiny hint towards the end of the segment, in which he discusses why the internet is so dangerous. As far as I can tell, the summary is "don't open attachments" (i.e., the same advice that you've been hearing for a decade, and which has little to do with many internet threats today): Scott Pelley: Do people understand, in your estimation, the dangers posed by cybercrime and cyber espionage? James Comey: I don't think so. I think there's something about sitting in front of your own computer working on your own banking, your own health care, your own social life that makes it hard to understand the danger. I mean, the Internet is the most dangerous parking lot imaginable. But if you were crossing a mall parking lot late at night, your entire sense of danger would be heightened. You would stand straight. You'd walk quickly. You'd know where you were going. You would look for light. Folks are wandering around that proverbial parking lot of the Internet all day long, without giving it a thought to whose attachments they're opening, what sites they're visiting. And that makes it easy for the bad guys. Scott Pelley: So tell folks at home what they need to know. James Comey: When someone sends you an email, they are knocking on your door. And when you open the attachment, without looking through the peephole to see who it is, you just opened the door and let a stranger into your life, where everything you care about is. Scott Pelley: And what might that attachment do? James Comey: Well, take over the computer, lock the computer, and then demand a ransom payment before it would unlock. Steal images from your system of your children or your, you know, or steal your banking information, take your entire life. About the only thing I get from all this is that FBI Director James Comey is bad at analogies. Yes, you shouldn't click on attachments from unknown people, and you should even be careful about attachments from known folks. But that makes the internet the "most dangerous parking lot imaginable"? Perhaps the other thing I've learned is that James Comey doesn't have a very strong imagination.Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
When Apple first launched the iTunes store for music, it had DRM deeply embedded in it. According to reports around the time, this DRM was a key part of allowing Apple to get into the business of selling music. The labels demanded strong DRM. It didn't take long for most people to recognize how the labels' own demands for DRM actually gave Apple tremendous leverage over the record labels by basically handing the market over to Apple while making it that much more difficult for a competitor to jump into the space. While, years later, Apple and the labels finally ditched the DRM on music, one of Apple's competitors, Real Networks had tried to hack its way around Apple's DRM, which was called FairPlay, with its own DRM, called Harmony, that more or less reverse engineered Apple's DRM. Apple responded by changing things so that Real's music wouldn't work on iPods (yes, this was back in the day of iPods). Real adjusted... and Apple broke it again. While all that went on a decade ago, a lawsuit over whether or not Apple's use of FairPlay to keep out Real's music violated antitrust laws appears to finally be heading to trial: In this lawsuit, plaintiffs are claiming the anti-Harmony measures in iTunes 7.0 broke antitrust laws, because it had the effect of illegally raising the price of iPods. Users were continually forced to either stop playing any songs they had bought from the Real store, or convert them to a non-DRM format, for example by burning the music to CD and then ripping the CD to their computer. That produced "lock-in" to the iTunes environment and increased consumers' "switching costs," the plaintiffs argue. Apple sought to have the lawsuit tossed out, but the judge is letting it go forward. While the specifics of this case now seem like ancient history, the eventual results, should it get very far, could be interesting for other makers and users of DRM (Amazon might want to pay particular attention). From the judge: That theory is intricate, but ultimately it amounts to a charge that Apple's release of 7.0 unlawfully maintained Apple's monopoly in the market for portable digital media players by making demand for iPods less elastic. Specifically, plaintiffs claim that 7.0 resulted in an increased "lock-in" effect for iPod owners who purchased songs online. Lock-in, according to plaintiffs' principal economics expert, "is a form of foreclosure that arises from actions that increase the cost to consumers of switching to a product that has better quality and/or a lower price.".... Plaintiffs offer expert opinion that Apple, by counteracting Harmony, "raised the cost of switching from iPods to competing portable digital media players by eliminating the ability of consumers to collect a library of downloads that could be played on all players." (Id.) That is, 7.0 made iPod owners unable to play songs purchased from iTS competitor Real and thus pushed them to make their online song purchases only on the iTS. As a result, it discouraged iPod owners from buying a competing, non-iPod digital portable music player when it came time to replace their iPods due to loss, breakage, or a desire to upgrade. (Id.) Such owners would have to either forego use of the songs they had purchased through Real (as well as any other online music store besides iTunes, though that is not part of the damages alleged in this case), repurchase such songs through other, iPod-compatible means (for instance, iTS or physical CDs), or convert music bought from Real into a non-DRM format, for example, by "burning" that music to a CD and then "ripping" the CD onto their computers in a file format with no DRM, from whence the songs could then be loaded on their iPods. These increased "switching costs," plaintiffs argue, locked iPod owners into continuing to purchase iPods, notwithstanding the allegedly similar or better quality of and lower prices of competing products. They also locked out owners of non-iPod portable digital media players who had downloaded songs from the Real store. The effect of both lock-in and lock-out, plaintiffs say, was to reduce competition in the market for digital portable music players and to reduce the price elasticity of iPods, which permitted Apple to charge a supracompetitive price therefor. While other DRM situations may not be quite as involved, the idea of using DRM as a form of lock-in, increasing switching costs is clearly a legitimate concern. Having DRM present a potential antitrust concern could make for some interesting situations for companies today who rely on DRM.Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
A few weeks ago, we wrote about "Walter O'Brien," the guy who is supposed to be the basis of the CBS TV show Scorpion. The problem we had was that O'Brien made a ton of absolutely fantastical claims and, after doing a little fact checking, none of them seemed to check out. At all. Since a few people brought this up, let me make it clear: I have no issue with exaggerating on a TV show for the sake of good entertainment. I don't even mind bogus claims like "based on a true story" because, hey, Fargo was pretty awesome. If that's all that was going on, it wouldn't be a big deal and everyone could get on with their lives. What concerns me about the bogus Walter O'Brien story is twofold: (1) Gullible reporters simply repeat his claims without even the slightest bit of skepticism, which is just shameful reporting and (2) O'Brien and his friends aren't just making a TV show: they're trying to spin the TV show (which, as far as we can tell has close to no basis in reality) into a way to promote O'Brien's "business" with claims that are wholly unbelievable -- in that, literally, I don't think most of the claims are true. It worries me that some people will take the TV show's inflated claims at face value and think that throwing gobs of money O'Brien's way will get them the clearly exaggerated solutions the show is pitching. Last week, O'Brien appeared with Scorpion producer (and Justin Bieber manager) Scooter Braun at the "Techmanity"* conference in San Jose, and I went to the show hoping to talk to O'Brien and/or the producers of the show to see if they could help clear up the inconsistencies in his story (many of which we detailed in the original post). Instead, despite multiple requests, I was denied an opportunity to interview them before or afterward. They did appear to show up right before going on stage, and then I was told they had to leave immediately after (though, at least one other conference attendee posted a selfie with O'Brien well over an hour after O'Brien got off stage). Despite the agenda specifically promising a Q&A with O'Brien and multiple producers, there was no Q&A (and those other producers weren't even there). A microphone stand that had been present for Q&A during earlier sessions was removed prior to the panel, so it was clear that there was no intention of a Q&A at all. Instead, there were just more questionable claims from O'Brien, on a panel moderated by Fast Company's Chuck Salter, an "award winning" reporter who didn't seem interested in challenging a single claim from O'Brien, taking them all at face value. Fast Company, which co-produced the conference, and thus, perhaps, had business reasons for suppressing all skepticism, also wrote a big article again repeating the O'Brien myth, though that article appears to have been dropped behind a paywall. O'Brien tells some of the same stories he's told before -- claiming the company only hires people with IQs over 150 and that people with high IQs have "low EQs" and they try to help them on that front. This leaves aside the whole fact that the concept of "EQ" is pretty questionable in the first place and that even IQ is a pretty limited and misleading tool, which may be useful for determining some innate problem solving skills in kids, but means little once they reach adulthood. Once you're an adult, however, IQ is somewhat meaningless. That doesn't stop O'Brien from continuing to assert that he has an IQ of 197, and multiple publications to claim that he's either the "fourth smartest man" in the world or has the "fourth highest IQ ever recorded." As we noted in our original post, there is no public evidence that O'Brien actually even has such an IQ, let alone that it's the 4th highest ever recorded. In his Reddit AMA, Walter admits that the "4th highest" claim comes from just getting a 197 (still no proof shown) and using this table on the distribution of IQ to assume that he must be the 4th because a 197 IQ only should occur in 1 out of every 1.5 billion people, and then he estimated based on the number of people on the planet. Of course, for someone with such a high IQ, that shows a surprising lack of understanding how IQ actually works. He also notes that he took the Stanford-Binet IQ test, though he doesn't say when. If it was while he was a child (as suggested by his claim to have been "diagnosed" as a "child prodigy") then it's likely he took an earlier version of the Stanford-Binet test -- either the SBIV or the L-M, depending on when he took the exam. It seems noteworthy that modern research has noted that scales on the results of those two versions of the test should equal lower scores on the current SB5. The 197 score (assuming it's true), strongly suggests he took the L-M, which used a ratio scoring system, as opposed to the IV, which was standardized. As such, it also would mean that using the deviation chart Walter uses would be inaccurate, since the ratio score wasn't based on the same scoring system (you'd think someone with such a high IQ would recognize that). And, about all that would suggest was that, at a young age, he was likely far ahead of his peers, but that's about it. Either way, the whole "4th smartest man" in the world claim is clearly ridiculous. After some other chatter, O'Brien talks (again) about hacking NASA at age 13 (he still hasn't explained how Homeland Security came to get him at the time considering Homeland Security didn't exist and wouldn't be operating in Ireland, but details, details) and then hacking into banks at age 16. Then he says he was developing some software "image recognition software" which he notes he developed "for peaceful purposes" related to autonomous vehicles around that time "for the government and a private contracting group underneath the government" (not sure what that even means). Then he says that project got scrapped, and "the software got reused, without my permission, in the Gulf War" leading to "2600 casualties for civilians, because it was built for speed over accuracy." He notes that he "took that pretty hard." He then says he "didn't talk to anyone for about 18 months, I became scared of my own abilities." I can't see how any of that is even close to accurate. The timing of the first Gulf War would have coincided with Walter being in high school, which matches his story about being recruited by the non-existent DHS, but even if he was developing image recognition software at the time, from Ireland, for the US government (really?), the idea that even after his project would be scrapped that he'd then be told (as an Irish high schooler) that the same software was misused leading to 2,600 casualties? That's not happening. That leads to a discussion about how his company, Scorpion Computer Services came about. He claims he was just being asked to do usual computer things -- set up computers, install operating systems, set up printers, etc and the business just grew -- to the point that he was doing work on "localization." Of course, to some extent much of that might be accurate, and Walter's own LinkedIn page suggests he was working on a bunch of fairly straightforward (i.e., no "genius IQ" required) projects around localization. This is further supported by the "references" page on the Scorpion Computer Services website, which is basically just a bunch of reference letters from the late 90s referring to what appear to be fairly mundane computer jobs he held -- often with fairly muted praise. My favorite is this one in which a development manager merely "confirms" that Walter O'Brien worked there. Not explained is why the genius who is building amazing image recognition software for the US military is now working on Word Basic and Visual Basic for projects in Ireland... and apparently desperate for references to get a new job. Something doesn't add up. And of course, Walter still posts this letter from Steven Messino, claiming Messino is a "co-founder of Sun Microsystems." Yet, as we noted last time, Messino joined Sun years after it was a public company, and then as a "regional sales manager." O'Brien also leaves out the fact -- as seen on his own LinkedIn page, that he was a QA guy at The Capital Group from 2002 to through March of 2009 -- at which point, in the storyline, we're supposed to be believing that he was saving the world at Scorpion Computer Services. But, no matter, at the conference, O'Brien lists out the kinds of "projects" Scorpion was supposedly handling around this time: "Handle my divorce, put a shark tank in my office, build a casino overseas, choose winning race horses based on their DNA." I'm guessing these are plotlines for future episodes of the TV show. How much they're based in reality, well, that's anyone's guess. In past interviews, O'Brien has shied away from saying how much of the actual show is true, pretending that he can't really reveal it. Yet here, he at least suggests that the plots of the shows are almost entirely fictional (which makes sense, given the pure ridiculousness of the plots). So, for example, after a clip is shown of the TV version of Scorpion making a bunch of ridiculous assumptions to find a guy on an airplane with an analog phone turned on, O'Brien just says that "out in the desert" doing some testing they have to use "old Nokia analog phones, because it's the only thing that will pick up a signal -- so I knew that those old phones have a stronger signal." So, first of all, he seems to be admitting that the whole premise of calling the guy in the plane is made up -- it's just based on his personal experience with old analog phones out in the desert. Second, for a technical genius problem solver, he doesn't seem to have the faintest idea why analog works better out in the desert, or have much knowledge about wireless frequencies and the different ways in which analog and digital phones work. He later admits that the story of the plane flying low with the car driving under it was his "idea" (not based on reality) and that the director added the ethernet cable concept to make it "more exciting." In other words, Walter appears to reveal that he just tosses out some ideas about technologies, and then the writers create these crazy scenarios that have almost no basis in reality (the second show appears to have been equally as unreal, focusing on a "personalized virus" that was designed for a single person. Uh, yeah). Basically, this whole thing just continued to enforce the idea that Walter O'Brien's claims appear to be a Walter Mitty-esque imagining of the world he wants to live in, rather than one based on reality. Other stories claim that Scorpion Computer Services has "2600 people in 20 countries and over $1.3 billion in revenue" (that's from the Fast Company story). Yet, on LinkedIn I can find only 10 people who list Scorpion as an employer -- and some are merely "advisors." No, you don't expect everyone to list Scorpion or even be on LinkedIn, but 10 out of 2600 people? That's not particularly believable. Then there's the fact that the company's address is a UPS Store in Burbank, and the building shown on its website is actually a photoshopped image of the headquarters of German glass manufacturer, Glaskoch, based in Bad Driburg, Germany: In other interviews, he's directly said -- or often coyly implied -- that his work helped "stop two wars" (at 3:09 in this video), caught the Boston bombers (though this video just says the FBI used "the kind of technology" that was developed by O'Brien -- not that he actually developed, and presents no evidence the FBI even used similar tech, let alone O'Brien's), and searched for the downed Malaysian Airlines plane, saying his software was used "to make sure the crash site wasn't tampered with." O'Brien frequently plays up the fact that he's in the US on an EB1-1 visa, which he always notes is the "same one given to Albert Einstein and Winston Churchill." That may be true, but he makes it out like he and those two are the only ones who got this visa. Actually, thousands of people get one every year. In O'Brien's visa application he claims "he placed among the top programmers in the world in several international high-speed programming competitions, including a sixth-place finish in the 1993 Information Olympics, and first-place showings in the 1991 and 1992 Wisconsin International Computer Problem Solving Competition." Except, elsewhere reports have him coming in 90th in the 1993 Informatics Olympiad and sixth (not first) in Wisconsin. So, did he lie on his visa application too? The various companies that O'Brien is associated with have websites that are filled with gibberish rather than actually supportable claims. "We saved $43 billion in opportunity risks over a five-year period." That doesn't make any sense. "We invented an efficiency engine that performs 250 human years of work every 1.5 hrs with over 99% improvement over human error." An old, now deleted, part of the Scorpion website hilariously claimed that Scorpion Computer Services was a venture fund with $204 billion (with a b) under management. It also claims that it had a 7200% return in 1999. This was on his website in 2003 -- the very same time he was doing QA for The Capital Group. Odd. The "ScenGen" software that Walter frequently touts as being able to "exhaustively... think of" and then "execute... all user actions" appears to just be a rather straightforward system for inputting a bunch of variables and brute forcing every possible combination. The documentation on it suggests that you can solve NP-complete problems, like the traveling salesman problem, just by running every possible solution through a computer program. While you, of course, could run through all possible scenarios, that's... not a particularly useful or intelligent way to solve complex problems. Walter has hinted that one of the reasons he "went public" now is because Wikileaks revealed some of the projects he's worked on. Indeed, there is this page on Wikileaks from the hacked and leaked Stratfor emails, showing Walter trying to reach out to the founder of Stratfor, George Friedman, in 2009 saying "we should talk" and including a PowerPoint about ScenGen... and a resume for Walter which does not mention Scorpion Computer Services (and also lists himself as a "tech specialist" at Capital Group, rather than "Tech Executive" as his LinkedIn now claims). In 2009 -- at which point we're now supposed to believe Scorpion has been in business for 25 years. Yet, the email is sent from Walter's MSN.com email address. It also says nothing of his supposed image recognition skills, but focuses on his QA, compliance and globalization work. It also includes the same 1990s press clippings that Walter promotes on his website. There doesn't appear to be any reply or any other Walter-related info on Wikileaks. In the presentation, though, we learn that this masterful bit of programming called ScenGen is less than 200kb in size and produces output like this: The more you dig, the more of the same you find. Former co-workers of O'Brien's have shown up in comments or reached out to me and others directly -- and they all say the same thing. Walter is a nice enough guy, works hard, does a decent job (though it didn't stop him from getting laid off from The Capital Group), but has a penchant for telling absolutely unbelievable stories about his life. It appears that in just repeating those stories enough, some gullible Hollywood folks took him at his word (and the press did too), and now there's a mediocre TV show about those made up stories. Again, I'm all for fictionalized TV. And O'Brien, Braun and others associated with the show keep claiming that they're doing this to help "smart kids" not feel like outcasts (though, I'd think the success of Silicon Valley and the internet in general, is doing a much better job of that...). And that's great. But, telling highly questionable stories that seem easily debunked doesn't seem like a good way of helping people. It just feels... like a fraud. In fact, the story continues to remind me of the similar case of Shiva Ayyadurai. In both cases, you seem to have guys who had a certain amount of fame about their computer programming prowess as teenagers, and where both of them still keep those newspaper clippings from their youth around and frequently highlight them and show them off as if it's proof that they did, in fact, amount to something great later in life even if the actual details of their lives don't quite match the hype. They both seem to cling to those predictions of their youth as if they had to come true. In both cases, they successfully convinced some folks -- notably, a gullible press -- to spin the fictionalized account as being something more. I have no problem with people exaggerating and puffing up their own stories -- that's pretty common. But when it's being used in a way to fool the press and the public and take credit where little is deserved, often with ulterior motives in mind, that seems problematic. Side note: in nearly 20 years of conference attending, Techmanity appeared to be one of the worst organized events I've ever attended. In many ways, it felt like the Walter O'Brien of conferences -- making lots of fantastical claims that didn't hold up to much scrutiny ("Silicon Valley's Biggest Annual Gathering"? Not even close. They held the "Techmanitarian Awards" which was described as an "Exclusive, VIP celebration" yet anyone could have just wandered in -- and, even then not too many people did, "the most dangerous and disruptive startups on the planet" not even close). The event organizers appeared to figure out a way to get a few famous Hollywood/music industry folks (Jared Leto, Weezer, Troy Carter, Scooter Braun, Thievery Corporation), but very few actual tech minds. The whole thing seemed designed to get as much money out of sponsors as possible, with little thought to the actual content of the event, beyond "ooh, famous people, the sponsors will love that!" There was lots of talk about "bottom up" creations and the end of powerful top down efforts, yet almost no sessions had any interactions (only a few even had basic Q&A). The pinnacle of poor organizing was highlighted by the scheduled promise of a free showing of Brian Knappenberger's documentary on Aaron Swartz, The Internet's Own Boy, at a local movie theater in San Jose. A bunch of attendees trekked over to the theater only to be told the theater had no idea what any of us were talking about. On contacting the media relations people at the conference we were told that someone "forgot" to actually set that up, despite it being on the agenda. A bunch of angry conference-goers were left pondering what to do outside the theater. I feel particularly bad for the various startups who must have paid a pretty penny to be part of "Startlandia" a bunch of startup kiosks that went mostly ignored. Some I spoke to flew in especially for this event, expecting something with a lot more substance. Instead, they got a Potemkin Village of a tech conference. Finally, at least the "media" side of the event was organized by Racepoint Group. I knew the name sounded familiar -- and then remembered that the CEO of Racepoint is Larry Weber, the PR "guru" behind the Shiva Ayyadurai story. I don't know if/how Racepoint is connected to the whole Scorpion thing, but at the very least, the connection is an amusing coincidence. Perhaps there's a PR business to be built in building up fake tech heroes.Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
In the past, we'd been fairly worried about governments seizing website domains with little or no notice, but it's perhaps equally, if not more, troubling when it's done by private individuals and companies. This was one of our concerns with the original version of SOPA, which included a "private right of action." But, even though SOPA never became law (and the private right of action was dropped fairly early on), it appears that some courts are still allowing this to happen. Just a couple of months ago, we wrote about a troubling ruling in an Oregon district court that let a Filipino entertainment company seize a bunch of domains, in a process that was done under seal. In the past, we've seen other brands, like Chanel do the same thing. Louis Vuitton has also tried seizing domains. The latest such example seems especially troubling because no one has any idea what's fully happening, but it appears to involve Chan Luu, a jewelry and clothing retailer. The Internet Commerce Association notes that approximately 5,000 domains appear to have been seized, handed over to a private "receiver" who is now trying to sell those domains -- for no clear reason. One of the victims, Michael Berkens, who lost some of his domains, has explained what little details he's been able to find out: Overnight I received a notice that several domain names I owned were transferred by a sealed court from Verisign without notice and of course without the court order. The domain names just were transferred by Verisign to another domain and are now listed for sale at another marketplace. Another domainer sent me an identical notice he received overnight on domain names he owned. The Domain names are now all owned by COURT APPOINTED RECEIVER – ROBERT OLEA and have been moved to Uniregisty as the registrar and are now listed for sale at domainnamesales.com The only information that Berkens received was the following email: Please be advised that Verisign has changed the registrar of record for certain domain names pursuant to a ***SEALED*** court order. The domain names identified below were affected by this action. Alexander the Great, LLC —————————————————————————– RETRACTIT.COM If you have any questions relating to these actions, please contact: David J. Steele Partner, Christie, Parker & Hale LLP Adj. Professor of Law, Loyola School 18101 Von Karman Ave, Suite 1950 Irvine, CA 92612-0163 office: +1 (949) 476-0757 direct: +1 (949) 823-3232 fax: +1 (949) 476-8640 email: david.steele@cph.com Thank you very much, The Verisign Transfer Dispute Team”” transfers@verisign-grs.com Others have tracked down that it has something to do with this case, but with the details under seal, it's all a bit of a mess. Here's Phil Corwin from the Internet Commerce Association: The only other available facts that we are presently aware of are that a copy of the “Clerk’s Certification Of A Judgment To be Registered In Another District” issued by the U.S. District Court for the Central District of California in the case of Chan Luu Inc. v. Online Growth, LLC et al is available at the Justia website, and the order was registered in the Florida Middle District Court. The other defendants in the case are “Grant Shellhammer et al”. There was a considerable time lag in this proceeding, with the original judgment entered in California on May 23rd, the certification dated September 8th, and the domain transfers occurring around October 2nd. The damages granted to plaintiff are $200,000 plus interest, court costs and attorney fees; we note that there is a strong possibility that the domains transferred in this case may have an aggregate market value far in excess of that total judgment, and that is likewise disturbing. The California court document covers domains that are identical or confusingly similar to Plaintiff’s CHAN LUU mark – but we’re not sure if the domain cited by Mike in his article, RETRACTIT.COM, or any of the other transferred domains fit in that category. Chan Luu is a retailer of jewelry, accessories, and ready-to-wear clothing based in Los Angeles, and so far as can be discerned makes no commercial use of the term “retractit”, so it is unclear why that domain was covered by the court order. This is problematic on many, many levels -- and is exactly why we've been so concerned about any process that allows for domain seizures without any sense of due process. In this case, with all the details under seal and the domain owners having their websites simply ripped away from them with no explanation at all, it should raise serious questions about why courts are allowing this to occur. To take domain names away from people who aren't even parties to a lawsuit, based on a sealed document, and then to immediately put them up for resale seems sketchy beyond belief.Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
The Washington Post editorial board has weighed in on the recent "controversy" over Apple and Google's smart decision to start encrypting mobile devices by default. The "controversy" itself seems pretty hyped up by law enforcement types who are either lying or clueless about the technology. Throwing a bunch of technically ignorant newspaper editors into the mix probably wasn't the wisest of decisions. Much of the editorial engages in hand-wringing about what law enforcement is going to do when they need the info on your phone (answer: same thing they did for years before smartphones, and most of the time with smartphones as well, which is regular detective work). It even repeats the bogus use of the phrase "above the law" that FBI director James Comey bizarrely keeps repeating (hint: putting a lock on your stuff isn't making you above the law). But the real kicker is the final paragraph: How to resolve this? A police “back door” for all smartphones is undesirable — a back door can and will be exploited by bad guys, too. However, with all their wizardry, perhaps Apple and Google could invent a kind of secure golden key they would retain and use only when a court has approved a search warrant. Ultimately, Congress could act and force the issue, but we’d rather see it resolved in law enforcement collaboration with the manufacturers and in a way that protects all three of the forces at work: technology, privacy and rule of law. Did you get that? No "back door," but rather a "golden key." Now, I'm not sure which members of the Washington Post editorial board is engaged in mythical "golden key" cryptography studies, but to most folks who have even the slightest understanding of technology, they ought to have recognized that what they basically said is: "a back door is a bad idea, so how about creating a magic back door?" A "golden key" is a backdoor and a "backdoor" is a "golden key." The two are indistinguishable and the Post's first point is the only accurate one: it "can and will be exploited by bad guys, too." That's why Apple and Google are doing this. To protect users from bad guys. In the meantime, just watch, and we'll start to see ignorant politicians and law enforcement start to echo this proposal as well, talking down "backdoors" and talking up "golden keys." The fact that we already had this debate in the 1990s, when the "golden key" was called "key escrow" and when having the government lose that was was fairly important in allowing the internet to become so useful, will apparently be lost on the talking heads. Still, a small request for the Washington Post Editorial Board: before weighing in on a subject like this, where it's fairly clear that none of you have the slightest clue, perhaps try asking a security expert first?Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
Ever since the government first declared it had located the Silk Road server linked to Dread Pirate Roberts (Ross Ulbricht) thanks to a leaky CAPTCHA, there have been questions about the plausibility of this explanation. Ulbricht's attorneys suggested it wasn't the FBI, but rather the NSA, who tracked the Silk Road mastermind down. This suggested parallel construction, something federal agencies have done previously to obscure the origin of evidence and something the FBI actively encourages local law enforcement agencies to do when deploying cell tower spoofers. Technical documents filed in response to discovery requests seem to solidify the parallel construction theory. Brian Krebs at Krebs on Security and Robert Graham at Errata Security have both examined the government's filings (the Tarbell Declaration [pdf]) and noted that what the government said it did doesn't match what's actually on display. Krebs' article quotes Nicholas Weaver, a researcher at the International Computer Science Institute at Berkeley, who points out that where the FBI agents say they found the leak doesn't mesh with the server code and architecture. “The IP address listed in that file — 62.75.246.20 — was the front-end server for the Silk Road,” Weaver said. “Apparently, Ulbricht had this split architecture, where the initial communication through Tor went to the front-end server, which in turn just did a normal fetch to the back-end server. It’s not clear why he set it up this way, but the document the government released in 70-6.pdf shows the rules for serving the Silk Road Web pages, and those rules are that all content – including the login CAPTCHA – gets served to the front end server but to nobody else. This suggests that the Web service specifically refuses all connections except from the local host and the front-end Web server.” Translation: Those rules mean that the Silk Road server would deny any request from the Internet that wasn’t coming from the front-end server, and that includes the CAPTCHA. Weaver says that FBI agents would have been served nothing at all when attempting to access the server without using Tor. The server simply wasn't leaking into the open web. The more likely explanation is that the FBI contacted the IP directly and accessed a PHPMyAdmin page. Robert Graham's analysis of the documents notes something slightly different than Weaver, but still arrives at the same conclusion. Brian Krebs quotes Nicholas Weaver as claiming "This suggests that the Web service specifically refuses all connections except from the local host and the front-end Web server". This is wrong, the web server accept all TCP connections, though it may give a "403 forbidden" as the result. Even with this detail being off, the parallel construction theory still fits. Graham notes that the Tarbell Declaration (the filing that contains the official explanation of how the Silk Road server was accessed) is noticeably light on supporting documentation -- like screenshots, packet logs or code snippets. Now that the government has been forced to hand over more technical documentation, it's original story is falling apart. Since the defense could not find in the logfiles where Tarbell had access the system, the prosecutors helped them out by pointing to entries that looked like the following: 199.170.71.133 - - [11/Jun/2013:16:58:36 +0000] "GET / HTTP/1.1" 200 2616 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36" 199.170.71.133 - - [11/Jun/2013:16:58:36 +0000] "GET /phpmyadmin.css.phpserver=1&lang=en&collation_connection=utf8_general_ci&token=451ca1a827cda1c8e80d0c0876e29ecc&js_frame =right&nocache=3988383895 HTTP/1.1" 200 41724 "http://193.107.86.49/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36" However, these entries are wrong. First, they are for the phpmyadmin pages and not the Silk Road login pages, so they are clearly not the pages described in the Tarbell declaration. Second, they return "200 ok" as the error code instead of a "401 unauthorized" login error as one would expect from the configuration. This means either the FBI knew the password, or the configuration has changed in the meantime, or something else is wrong with the evidence provided by the prosecutors. The NSA as the purposefully-missing link makes sense. First off, Ulbricht's back end server was located in Iceland. Graham points out basic authentication was provided by this server via Port 80. If the NSA was monitoring traffic in and out of Iceland (as it is legally able to do), it could easily have captured a password for this server. Furthermore, the front end server (located in Germany -- also within the NSA's established dragnet) would return "forbidden" errors when accessed outside of Tor, but would not when accessing PHP files (as Weaver noted). To get to the admin page, other possibly non-NSA-related tactics could have been used. (Graham suggests a couple of different methods well within the FBI's technical grasp and abilities -- "scanning the entire Internet for SSL servers, then searching for the string "Silkroad" in the resulting webpage" or doing the same but correlating the results with traffic traveling across the Tor onion connection.) However, none of the above is suggested by Tarbell's recounting of the events. In fact, the official narrative is vague enough that almost any explanation could fit. Tarbell doesn't even deny it was parallel construction. A scenario of an NSA agent showing up at the FBI offices and opening a browser to the IP address fits within his description of events. Graham calls the declaration from Special Agent Tarbell "gibberish" (and points out that Ulbricht's opsec "sucks"). Ulbricht's legal team is still pushing for the government to explain why its declaration doesn't match the details it's handed over during discovery. A new filing by his attorney, Joshua Horowitz, isn't much kinder, calling the declaration "implausible." [pdf link] The presiding judge has given the government until the end of Monday to respond to Horowitz's filing… if it wants to. [pdf link] Defendant has submitted a declaration from Joshua Horowitz in support of his motion and request for an evidentiary hearing. If the Government has any response to the factual statements (and/or relevance of the factual statements) asserted therein, it should file such response by C.O.B., October 6, 2014 (if possible). The government may not feel compelled to respond. A filing from earlier in September (but added to the docket on Oct. 1st) suggests it's pretty much done discussing Ulbricht's "NSA boogeyman." [pdf link] In light of these basic legal principles, the Government objects to the September 17 Requests as a general matter on the ground that no adequate explanation has been provided as to how the requested items are material to the defense. Most of the requests appear to concern how the Government was able to locate and search the SR Server. Yet the Government has already explained why, for a number of reasons, there is no basis to suppress the contents of the SR Server: (1) Ulbricht has not claimed any possessory or property interest in the SR Server as required to establish standing for any motion to suppress; (2) the SR Server was searched by foreign law enforcement authorities to whom the Fourth Amendment does not apply in the first instance; (3) even if the Fourth Amendment were applicable, its warrant requirement would not apply given that the SR Server was located overseas; and (4) the search was reasonable, given that the FBI had reason to believe that the SR Server hosted the Silk Road website and, moreover, Ulbricht lacked any expectation of privacy in the SR Server under the terms of service pursuant to which he leased the server. Particularly given these circumstances, it is the defendant’s burden to explain how the contents of the SR Server were supposedly obtained in violation of the defendant’s Fourth Amendment rights and how the defendant’s discovery requests are likely to vindicate that claim. The defense has failed to do so, and the Government is unaware of any evidence – including any information responsive to the defense’s discovery requests – that would support any viable Fourth Amendment challenge. Instead, the defense’s discovery requests continue to be based on mere conjecture, which is neither a proper basis for discovery nor a proper basis for a suppression hearing. The response document notes that it has already responded with several documents, won't be responding to a host of other requests, but most tellingly, says the government is "not aware" of any supporting documentation for Agent Tarbell's declaration. (As noted by Robert Graham, the declaration as written is "impossible to reconstruct," with the lack of technical details being a large part of that.) 5. The name of the software that was used to capture packet data sent to the FBI from the Silk Road servers. Other than Attachment 1, the Government is not aware of any contemporaneous records of the actions described in paragraphs 7 and 8 of the Tarbell declaration. (Please note that Attachment 1 is marked “Confidential” and is subject to the protective order entered in this matter.) 6. A list of the “miscellaneous entries” entered into the username, password, and CAPTCHA fields on the Silk Road login page, referenced in the SA Tarbell’s Declaration, at ¶ 7. See response to request #5. 7. Any logs of the activities performed by SA Tarbell and/or CY-2, referenced in ¶ 7 of SA Tarbell’s Declaration. See response to request #5. 8. Logs of any server error messages produced by the “miscellaneous entries”referenced in SA Tarbell’s Declaration. See response to request #5. 9. Any and all valid login credentials used to enter the Silk Road site. See response to request #5. 10. Any and all invalid username, password, and/or CAPTCHA entries entered on the Silk Road log in page. See response to request #5. 11. Any packet logs recorded during the course of the Silk Road investigation, including but not limited to packet logs showing packet headers which contain the IP address of the leaked Silk Road Server IP address [193.107.86.49]. See response to request #5. Parallel construction matters, but the government claims it doesn't. It will probably continue to declare it a non-issue so long as the courts agree that Ulbricht's Fourth Amendment rights weren't violated. Ulbright's Fourth Amendment defense is admittedly a disaster, making claims that have nearly no chance of holding up under judicial scrutiny. The Silk Road indictment is a lousy test case for challenging parallel construction. But parallel construction spills over into purely domestic investigations where Fourth Amendment rights are supposedly guaranteed. As long as the "expectation of privacy" isn't violated -- according to the government's definition of what does and doesn't enjoy this "expectation" -- the origin of the evidence isn't really up for discussion, according to the government's own filing. And what the government says here is that what was ultimately obtained matters more than how it was obtained. Parallel construction covers up invasive surveillance and investigative tactics, providing courts with evidence that looks clean but was illicitly gathered. Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
Compare and contrast: Product A Alerts for terms used in Chat or Texting. Access to videos as well as web, camera and cell phone images loaded on device. Review & delete images. Email, Print or Save results. View Internet History Log. Keystroke logging. Product B View sent/received text messages. Access chatlogs. Look at photos, videos, music stored on device. View visited sites and bookmarks. Alerts for suspicious words. One of these products is handed out by law enforcement agencies. One just had its creator arrested after an FBI investigation. Product A is ComputerCOP, a deeply-flawed set of tools that allows parents to spy on their children's computer activities, provided they don't mind getting hundreds of false positives returned during searches or having passwords stored as plaintext by the built-in keylogger. Product B is StealthGenie, a piece of software aimed at giving the inherently suspicious (or routinely cuckolded) person surreptitious access to everything on their significant other's phone. The full set of features included are astounding, including location info, email access, eavesdropping via the built-in mic and the perverse ability to lock or wipe someone else's phone. It's not that the FBI was wrong to shut down the sale of this software, even if it does sound like the sort of thing the agency wishes it could deploy rather than terminate. It's that the law enforcement-approved tool set overlaps so heavily with something aimed at tearing the digital roof off someone else's life. ComputerCOP -- unlike the more (necessarily) targeted StealthGenie -- doesn't ultimately care who's using the device it's installed on. You may just want to track your kids' internet activity, but anyone who uses it while it's activated will have their web history -- along with any keystrokes entered -- automatically logged. If anything, ComputerCOP is a cheap, legal alternative to StealthGenie, even if it's strictly limited to personal computers. But one of these is being handed out by law enforcement agencies without any oversight (and with loads of misinformation). The other was the subject of a federal investigation. There's a certain amount of disconnection here, similar to law enforcement's use of encryption to protect themselves from criminals but wanting to deny the public the same option. Just replace "StealthGenie" with "ComputerCOP" in these statements from the FBI's press release and see if it ultimately makes any difference. [h/t to Techdirt reader Will Klein] "Selling spyware is not just reprehensible, it's a crime," said Assistant U.S. Attorney General Leslie R. Caldwell. "Apps like StealthGenie are expressly designed for use by stalkers and domestic abusers who want to know every detail of a victim's personal life -- all without the victim's knowledge." “StealthGenie has little use beyond invading a victim’s privacy” said U.S. Attorney Boente. “Advertising and selling spyware technology is a criminal offense, and such conduct will be aggressively pursued by this office and our law enforcement partners.” “This application allegedly equips potential stalkers and criminals with a means to invade an individual’s confidential communications,” said FBI Assistant Director in Charge McCabe. “They do this not by breaking into their homes or offices, but by physically installing spyware on unwitting victims’ phones and illegally tracking an individual’s every move. As technology continues to evolve, the FBI will investigate and bring to justice those who use illegal means to monitor and track individuals without their knowledge.” Spyware is spyware, whether it's sporting a uniform and a badge or an orange jumpsuit and handcuffs. Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
So, as you probably heard last week, JP Morgan revealed more details of how it had been hacked, noting that the number of households impacted shot up to 76 million, thus impacting a pretty large percentage of Americans. The hack involved getting access to customer names, addresses, phone numbers and emails. It doesn't appear to have gotten anything else, but that's plenty of information to run some sophisticated phishing attacks that could lead to some serious problems. It's expected that the fallout from this could be quite long lasting. Almost immediately, politicians leapt into action... but not in any good way. They're cynically using this as an excuse to push questionable cybersecurity legislation. Specifically, Senator Angus King used it to push CISA, a bill that actually undermines privacy, rather than protect it, by giving companies incentives to share info more freely, opening up greater opportunities for leaks and breaches. CISA gives those companies a blanket get-out-of-jail-free card by taking away any liability in sharing such info. What no one explains is how something like CISA would actually have helped stop the JP Morgan hack. That's because it wouldn't have helped. Congressional supporters of cybersecurity legislation keep playing the "something must be done!" card, without ever bothering to explain how the something (CISA) will actually help. They just make vague promises that by somehow letting companies share info without liability, we'll magically all be better protected. Given the recent revelations about how government has regularly abused access to information, it's hard to accept the "just trust us" explanation for why companies should just hand over more information. Even worse is that King went for the FUD-based "cyber Pearl Harbor" claim -- one that's been trotted out regularly, usually by intelligence community folks who just want access to your data, when the reality is that even James Clapper has admitted that there's little real chance of such a thing happened. But that doesn't stop King: “Congress must work to pass legislation that will improve our capabilities and protect us against more attacks like these,” King added. “The next Pearl Harbor will be cyber, and shame on us if we're not prepared for it.” Okay, sure. Shame on us if we're not prepared, but how will this law help us prepare for it? This is a question that no one in Congress seems willing to answer. They just insist we have to "do something." King wasn't the only one: Sen. Ed Markey called the hack “yet another example of how Americans’ most sensitive personal information is in danger.” "It is time to pass legislation to protect Americans against these massive data breaches,” he added. Rep. Yvette Clarke tweeted that the U.S. “must keep up on cybersecurity.” Right, but again, how will the proposed law actually help? The problem is that no one answers because the truth is that it's unlikely to actually help keep companies and your data secure, though it might just make it easier for the intelligence community to get their hands on your data.Permalink | Comments | Email This Story

Read More...
posted 16 days ago on techdirt
We were disgusted with Eric Holder this week when he rolled out some egregious "think of the children!" pleas as part of an attack on phone encryption. Ninja won most insightful comment of the week with his thoughts on the matter: Excuse me mr Holder but I'd rather live with the dim risk of my kid falling in the hands of your fictional psychopath than having the very same kid live in a totalitarian, Police State future. The said child abuser is merely a small, statistically insignificant probability that law enforcement can maintain low by using basic investigative measures while the other is almost certain and will permeate all aspects of this kid life later. Over in the UK, Home Secretary Theresa May was looking for the ability to ban "extremists" from using social media or appearing on television, as long as they represent a threat to "the functioning of democracy". John Fenderson won second place for insightful by turning her words against her: Funny, that. As soon as you are barring people from speaking -- no matter how unpleasant you find the speech -- you are a threat to "the functioning of democracy" yourself. The functioning of democracy requires the ability for people to speak freely, especially unpopular speech. For editor's choice on the insightful side, we start with one more response to Eric Holder. This time it's Applesauce, reminding us that the issue of backdoors for spying on communications isn't just about how much you trust the US government: In all these comments, everyone seems to keep forgetting that if the NSA and/or the FBI has a back door key, they will be unable to keep it secure. The Russian FSB will have it, and so will the Russian Mafia. The Chinese PLA will have it and all their friends too. It will be a long list and the key will be available for sale to anyone with $$$ soon after. If anyone doubts this, remember: 1. The walker spy ring, which sold USA's most secure Navy codes to the Soviets (for mere pennies, BTW). 2. The Robert Hanssen case, where the FBI's top counterintelligence officer was a Soviet Spy. 3. All the ones who haven't been caught yet (Hanssen got away with it for 22 years). This week we also saw Grooveshark's unsurprising loss to the record labels in a copyright infringement lawsuit. Though there was no doubt that Grooveshark's actions were particularly egregious, there's a broader perspective from which this whole thing is yet another broken copyright farce. Ninja gets a second nod this week for exploring that side of things: They clearly are in the wrong side of the law but this whole issue begs much needed questions: 1- If the service was popular (and it was) why don't the labels set up similar services and monetize on them (and instead try to actively kill the existing stuff like spotify or pandora)? 2- If it was doing good, why not strike a deal anyway and demand some money as compensation for the unlicensed days? Everybody wins. 3- Why is Grooveshark so vilified when the MAFIAA in general had to resort to piracy and infringement in their early days to take off? Would Grooveshark reach such size if they went the legal, standard ways? Can any service aspire to get big using the standard paths? (The answer here is clearly almost always no) If no, what are they waiting to open opportunities to more startups thus increasing their revenue channels? We all know the answers and, sadly, they aren't good or reasonable. Over on the funny side, we start out with our post about a bizarre CIA redaction hiding the price they paid for a single Amiga computer in 1987. Though the agency later claimed it was a simple error, johnjac still deserves his win for funniest comment of the week: It doesn't make sense until you realize that this is the CIA security question for master password resets: What was the price of your first computer? In second place on the funny side, we've got Chris ODonnell playing the lonely supporter to Eric Holder: I'm with Holder. Who wants to return to the wild west days before smart phones, when all crimes went unsolved due to lack of evidence? For editor's choice on the funny side, we start out with a story that is kind of funny in itself: a company that claims to be algorithmically generating content, and copyrighting it, so that it basically controls everything. One anonymous commenter decided to play along and crunch some numbers (or maybe they just faked it, I didn't check): All joking aside, the number of possible variations of, say, a 256 color image 32 pixels wide by 32 pixels high would be: 1090748135619415929462984244733782862448264161996232692431832786189721331849119295216264234525201987 2239572917961570252731098708201771840636109797650775547990789062988421929895386098252280482051596968 5161359163819677188654260932456012129055390188630101790025253579991720001007960002653583680090529780 5880952350501630195475653911005312364560014847426035293551245843928918752768696279344088055617515694 3499454066778251408149006161059202564385045780133264935658360472424073824428122451315177575191648992 2636574372243227736807502762788304520650179276170094569916849725787968385173704999690096112051565505 0115561271491492515342105748966629547032786321505730828430221664970324396138635251626409516168005427 6234359963089216914461811874063953106654048857394348328774281674074953709935118687563599703901170218 2361674945862096985700626361208270671540815706657513728102702231092756491027675916052087830463241104 9364568754920967322982459184763427383790272448438018526977764941072715611580434690827459339991961414 2427414105991174260605564837637563145276113626586283833686211579936380208785376755453367899156942344 3395566631507008721353547025567031200413072549583450835743965382893607708097855057891296790735278005 4935621561090795845172954115972927479877527738560008204118558930004777748727761853813510493840581861 5986522116059603083564059418211897140378687262194814987276036536162988561748224130334854387853240247 5141941718301228107820972930353737280457437209522870362277636394529086980625842235514850757103961938 7449629866808188769662815778153079393179093143648340761738581819563002994422790754955061288818308430 0796486932321791587659180355652161571154029921202761556078731079374774668415283629877086994501520312 3186259420308569383894465706134623670423402682110295895495119708707654618662279629453645162075650935 1018906023773821539532776208676978589731966330308893304665169436185078350641568336944530051437491311 2988343672652385954049042734559287239495252271846174043678547546104743770197680255766058810380772707 0771794222197709038543858584409549211609985253890397465570394397308609093059696336076752996493841459 8185705963754561497355827813623833288906309004288017321424808663962671333528009232758350873059614118 7237814221014601986157473868550968960891891804413395585248228675411132126387936755676503403629700319 3002339782846531854723824423202801518968966041882297600081543761065225427016359565087543385114712321 4227266605403581781469090806576468950587661997186505665475715792896. Finally, since much attention has been paid to the Bendy iPhone Scandal recently, we'll close things out with DannyB and his summing up of Apple's gag-the-critics, sweep-it-under-the-rug strategy: Do not try to bend the iPhone, for that is impossible. Only try to realize the truth. There is no iPhone. That's all for this week, folks! Permalink | Comments | Email This Story

Read More...
posted 17 days ago on techdirt
Five Years Ago Last week, we revisited the Lily Allen incident of 2009. This week, we round that memory off with the most entertaining part of its legacy: Dan Bull's musical open letter, Dear Lily. Also in 2009 this week, we saw the debut of the North Face/South Butt dust-up, watched Disney prevent a Disney appreciation club from watching Disney movies, and discovered some complications in the rights battle over Spider Man. The US prosecutor from the Lori Drew case, ridiculously, started looking to appeal the ruling, while at the same time Congress was showing reluctance to pass any anti-cyberbullying laws. Meanwhile, we talked about the importance of establishing software ownership rather than software licensing, and later in the week were pleased to see the court in a case involving Autodesk do just that by defending the right of first sale. Ten Years Ago This week in 2004 we had a pair of DMCA-related rulings. One was good: Diebold was found guilty of abusing the DMCA to take down sensitive documents showing the company was aware of security flaws in its system. The other was not so good: some developers who reverse-engineered a game server were ruled to have violated the DMCA despite no clear act of infringement on their part. Tech panic was in full-swing, with the media telling one-sided stories about internet use at work, other media worrying about iPod use at work, and cops attacking people for using cellphones. But there was plenty of tech optimism happening too. It was also this week in 2004 that we first heard Tim Berners-Lee speak out about patents and the harm they do to the web. Meanwhile, SpaceShipOne made the first of the two flights that would win it the X Prize. Fifteen Years Ago Once again, this week in 1999 was a simpler time. The concept of paid product astroturfing online was new and uncertain. Traditional retailers were still struggling to get online, and Nike had just brought its products to the web.. Amazon started letting people set up their own stores for the very first time. Online bill payment was still somewhat arcane. We were still surprisingly tepid about smartphones. Biodegradable plastic grown from crops was brand new. And, for some reason, you could trade stocks with a Sega Dreamcast. Sixty-Three Years Ago On September 28th, 1951, CBS released the first commercial color television in an interesting moment from the history of innovation. CBS had been actively pursuing color broadcasts, and was making them available in many US cities, but it had a problem: nobody had color receivers, manufacturers didn't want to build them, and advertisers didn't want to pay for color ads when nobody would see them. So the network bought a TV manufacturer and starting building the sets itself. It was an utter failure, with only 200 sets ever shipped, only half those sold, and the operation shut down in less than a month. Three years later, NBC would do a much better job of getting America hooked on color TV. BONUS: Nine-Hundred And Forty-Eight Years Ago It's not exactly a Techdirt topic, but it has to be mentioned, because if you can so much as read this article, then this event impacted you. September 28th marked the beginning of the Norman conquest of England by William the Conqueror (or Bastard, depending on who you ask) in 1066, just three days after Harold Godwinson defeated the viking invaders at Stamford Bridge. The war lasted just over two weeks, and the Norman victory would set the course of all English culture (and its offshoots) forever, shape the English language, and consign the Anglo-Saxon kings to history. It's almost impossible to imagine the last thousand years of Western history (and much beyond) had the invasion never happened, or ended differently. Permalink | Comments | Email This Story

Read More...
posted 17 days ago on techdirt
My mind has been taken up by a lot of design projects lately, so for this week's awesome stuff we're looking at some excellent graphic design from the world of crowdfunding. Historic Robotic Spacecraft Though the majority of what we write about here at Techdirt is earthbound technology, I know there are plenty of space enthusiasts in our audience. If you're among them, you might like the idea of decorating your walls with elegantly designed posters of famous robotic spacecraft. The ultimate plan for this project is a series of three, but so far just one has been unveiled depicting the Voyager probe. If the others are as visually well-conceived and composed, it will be a very attractive set. New York City Subway Signs New York City's subway signage is some of the most identifiable graphic design work out there. Like all good functional design, the vast majority of people who see it make no conscious notice of it, but they would also instantly recognize it anywhere in the world and immediately notice it if it changed. These handmade wooden replica NYC transit signs let you bring some of New York's iconic visual language into your home. And for those who want to dig deep into the design philosophy of the world's most famous signs, there's another Kickstarter project selling a reissue of the 1970 NYCTA Graphics Standards Manual. The Art Of Sandwiches Well, this one's just for fun. The premise is pretty random and silly, but these Art of Sandwiches posters are definitely attractive. The decision to make them available without text was a smart one, and they'd make a nice set — unfortunately, as is often the case with international Kickstarter projects, the price for people outside (in this case) Australia is a touch prohibitive. Permalink | Comments | Email This Story

Read More...
posted 18 days ago on techdirt
Say what you want, but one thing has become abundantly clear since the whole Ferguson debacle began: the people running and policing that city aren't interested in your concerns. Throughout this entire process, the city and its police force have obfuscated the facts and people involved in the shooting of a civilian, they have cynically released information and videos when it suits them, and they've treated journalists covering the story with the kind of contempt they normally reserve for their own constituents. And now, utilizing a method previously beta-tested by both local and federal law enforcement agencies, they've decided the best way to respond to the ongoing outcry is to try to charge insane amounts for FOIA requests. Officials in Ferguson, Missouri, are charging nearly 10 times the cost of some of their own employees' salaries before they will agree to turn over files under public records laws about the fatal shooting of 18-year-old Michael Brown. The city has demanded high fees to produce copies of records that, under Missouri law, it could give away free if it determined the material was in the public's interest to see. Instead, in some cases, the city has demanded high fees with little explanation or cost breakdown. In one case, it billed The Associated Press $135 an hour — for nearly a day's work — merely to retrieve a handful of email accounts since the shooting. That fee compares with an entry-level, hourly salary of $13.90 in the city clerk's office, and it didn't include costs to review the emails or release them. Allow that to sink in for a moment and marinade in your brain juices: information that could be given for free if it was of public interest is instead being billed at ridiculously high rates. Does anyone seriously want to argue that more transparency out of the Ferguson government isn't in the public's interest? Of course not. This is all about intimidating journalists and trying to put roadblocks in front of likely damning information. Ferguson has a public relations problem in the truest form and their strategy appears to be to freeze out journalists trying to provide information to the public. That won't win them any friends. And don't think that this strategy is used rarely. The Washington Post was told it would need to pay $200 at minimum for its requests, including city officials' emails since Aug. 9 discussing Brown's shooting, citizen complaints against Ferguson officers and Wilson's personnel file. The website Buzzfeed requested in part emails and memos among city officials about Ferguson's traffic-citation policies and changes to local elections, but was told it would cost unspecified thousands of dollars to fulfill. Inquiries about Ferguson's public records requests were referred to the city's attorney, Stephanie Karr, who declined to respond to repeated interview requests from the AP since earlier this month. Through a spokesman late Monday, Karr said Missouri law can require fees but she didn't address why charges specific to the AP's request were nearly tenfold the lowest salary in the city clerk's office. Karr said searching emails for key words constitutes "extra computer programming" that can bring added costs. Searching emails by keyword now equals "programming?" Brilliant! Although I suppose it's not as egregious as suggesting shooting unarmed civilians equals "policing." Permalink | Comments | Email This Story

Read More...