posted 15 days ago on techdirt
There's a fairly long history of lawsuits over songs sounding too "similar" -- from the lawsuit over George Harrison's "My Sweet Lord" sounding too much like "He's So Fine" to the Verve getting sued by The Rolling Stones for the hit "Bittersweet Symphony" sounding similar to the Stones' "The Last Time." But after last year's verdict in favor of Marvin Gaye's estate in the "Blurred Lines" case, the floodgates seem to have opened, with a bunch of similar lawsuits over songs that sound vaguely similar, but not much more. A couple of months ago, in a bit of a surprise, Led Zeppelin actually won its case over whether or not it had infringed on someone's copyright in "Stairway to Heaven," so there's at least some hope that not every "similar sounding" song will face a copyright lawsuit -- but even then the arbitrariness of these decisions seems problematic. It's especially problematic when the songs are clearly different, even if one was inspired by the other, or was written as sort of an homage to the original. It used to be that this kind of building on the works of others was a sign of flattery and something people should be happy about. But with millions of dollars being thrown around thanks to statutory damages, big lawsuits seem to be the answer instead. Earlier this week, hit pop singer Ed Sheeran was hit with a new lawsuit also claiming that he infringed on an old famous Marvin Gaye tune, "Let's Get It On." This time, it's not the Gaye Estate that's suing (as in the "Blurred Lines" case), but rather the estate of a songwriter on that song, Ed Townsend. The accusation is that Sheeran's hit "Thinking Out Loud" infringes on "Let's Get It On." Here are both tracks: The bass lines are definitely similar, but that's really about it. They're pretty different songs in almost every other aspect. And that bass line is not exactly the most complex or inventive bass line. Of course, people definitely noticed similarities in the bass lines early on. Many reviews mentioned it, and (of course) someone created a YouTube mashup (which I think is actually better than the Sheeran original, but that's a personal preference...). But of course you can mashup lots of songs that way and it hardly means copyright infringement. Since no one else reporting on this has actually shared the filings, I thought I'd fix that. You can read it here or embedded below. There's not much detail in there other than the claim that "Thinking Out Loud" has copied "the heart" of "Let's Get It On." It claims that "the melodic, harmonic and rhythmic compositions" are "substantially and/or strikingly similar" between the two songs. They are, of course, demanding statutory damages, because why not? Meanwhile, this is the second lawsuit of this nature against Sheeran in just the last few months. In early June, he was sued over another one of his hit songs, "Photograph," with the lawsuit claiming it was a note-for-note copy of the song "Amazing" by Matt Cardle (written by the plaintiffs in that lawsuit, Martin Harington and Thomas Leonard). In that case, again there are similarities between the two, but they're basically both just guitar ballads, not all that unlike tons of singer/songwriter guitar ballads with pretty basic progressions. But, really, this whole focus on these kinds of lawsuits seems really damaging to the way music is created. Being inspired by other musicians or wanting to write something that "feels like" another artist is pretty standard. And it should never be copyright infringement. These are all different songs and they should stand and fall on their own power, not because of some stupid copyright claim. But, of course, thanks to the recording industry ranting on and on about "ownership" of "intellectual property," combined with the massive rewards for winning a copyright lawsuit (thanks to statutory damages), this is what we end up with -- a world where being creative in a manner that is inspired by someone else, or in homage to them, is called "theft" by some. That seems like it's going to create a massive chilling effect on musicians and songwriters and the way they create music.Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
This is not a surprise, but the judge overseeing the case where Twitter was sued by a woman because her husband was killed in an ISIS attack has been dismissed. We fully expected this when the lawsuit was first filed, and the judge was clearly skeptical of the case during a hearing on it back in June. The order dismissing the case comes in at slightly longer than 140 characters, but you get the feeling that was really about all that was needed to point out how ridiculous this case was. As we expected, Twitter pointed to CDA Section 230 to say it's simply immune from such a claim and the judge agrees: As noted above, courts have repeatedly described publishing activity under section 230(c)(1) as including decisions about what third-party content may be posted online.... Plaintiffs’ provision of accounts theory is slightly different, in that it is based on Twitter’s decisions about whether particular third parties may have Twitter accounts, as opposed to what particular third-party content may be posted. But it is not clear to me why this difference matters for the purposes of section 230(c)(1). Under either theory, the alleged wrongdoing is the decision to permit third parties to post content – it is just that under plaintiffs’ provision of accounts theory, Twitter would be liable for granting permission to post (through the provision of Twitter accounts) instead of for allowing postings that have already occurred. Plaintiffs do not explain why this difference means that the provision of accounts theory seeks to treat Twitter as something other than a publisher of third-party content, and I am not convinced that it does. Despite being based on Twitter accounts instead of tweets, the theory is still based on Twitter’s alleged violation of a “duty . . . derive[d] from [its] status or conduct as a publisher.” Even if Section 230 wouldn't have resulted in the case being tossed, Judge William Orrick notes a number of other problems with the lawsuit, including that the claims in the lawsuit don't even make sense (that seems like a big problem). The judge first focuses on how the plaintiffs' arguments shift back and forth between whether it's the mere providing of service to ISIS members that's the problem or the failure of Twitter to prevent the spread of ISIS content. These two things are different, but the lawyers for the plaintiff don't do much to distinguish the two from one another. Plaintiffs characterize these allegations as “focus[ed] on [Twitter’s] provision of . . . accounts to ISIS, not the content of the tweets.” ... But with the exception of the statement that “ISIS accounts on Twitter have grown at an astonishing rate,” ..., all of the allegations are accompanied by information regarding the ISIS-related content disseminated from the accounts. Plaintiffs allege not just that ISIS had approximately 70,000 Twitter accounts, but that ISIS used those accounts to post at least 90 tweets per minute, ... not just that Al-Furqan maintained a Twitter page, but that it maintained one “where it posted messages from ISIS leadership as well as videos and images of beheadings and other brutal . . . executions to 19,000 followers,” ... not just that Twitter failed to stop an ISIS-linked account from “springing right back up,” but that an inflammatory message was tweeted from this account following the shooting attack in San Bernadino, California in December 2015.... The rest of the FAC is likewise riddled with detailed descriptions of ISIS-related messages, images, and videos disseminated through Twitter and the harms allegedly caused by the dissemination of that content. The FAC also includes a number of allegations specifically faulting Twitter for failing to detect and prevent the dissemination of ISIS-related content through the Twitter platform. That issue is a big part of the reason why Twitter's Section 230 defense works. The lawyers for the plaintiff argued that it wasn't a 230 issue because it's about the provisioning of services, not the content of the tweet, but their complaint focuses almost exclusively on the content, which clearly keeps liability off of Twitter. And then there's the other big, non-230, problem with the lawsuit: there's nothing whatsoever in the lawsuit arguing that Twitter had anything directly to do with the ISIS attack that killed Lloyd Fields. The third problem with the provision of accounts theory is that plaintiffs have not adequately alleged causation. Although the parties dispute the exact formulation of the appropriate causal test for civil liability under the ATA, they agree that the statute requires a showing of proximate causation.... Even under plaintiffs’ proposed “substantial factor” test, ..., the allegations in the FAC do not support a plausible inference of proximate causation between Twitter’s provision of accounts to ISIS and the deaths of Fields and Creach. The only arguable connection between Abu Zaid and Twitter identified in the FAC is that Abu Zaid’s brother told reporters that Abu Zaid had been very moved by ISIS’s horrific execution of al-Kassasbeh, which ISIS publicized through Twitter.... That connection is tenuous at best regardless of the particular theory of liability plaintiffs decide to assert. But the connection is particularly weak under the provision of accounts theory because it is based on specific content disseminated through Twitter, not the mere provision of Twitter accounts. The plaintiff, Tamara Fields, can still file an amended complaint that tries to fix these problems, but it's not clear how she'll get past them. I imagine that the various copycat lawsuits that have been filed against Twitter, Facebook and Google in the past few months will all face similar fates.Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
Smart refrigerators that leak your e-mail credentials. Smart TVs that collect but then fail to secure your living room conversations. Smart thermostats that can be loaded with ransomware. Smart vehicles that can be hacked and potentially kill you. This is the end result of "Internet of Things" evangelists and companies that for the last half-decade put hype and profit (the cart) well ahead of consumer privacy and security (the horse), in the process exposing us all to thousands of new attack vectors in homes and businesses around the world. Not a week now goes by without the Internet of Things revealing a new layer in the dysfunction onion. The latest: researchers have discovered that the majority of Bluetooth-enabled smart locks include broken security, free of charge. Researchers Anthony Rose and Ben Ramsey recently tested 16 Bluetooth smart locks, and found that 12 of them opened when attacked. Like so many IoT products, the companies building these devices failed to take even standard precautions to protect user security: "The problems didn't lie with the Bluetooth Low Energy protocol itself, Rose said, but in the way the locks implemented Bluetooth communications, or with a lock's companion smartphone app. Four locks, for example, transmitted their user passwords in plaintext to smartphones, making it easy for anyone with a $100 Bluetooth sniffer to pluck the passwords out of thin air. "And when manufacturers could be bothered to use encryption, they didn't do a very good job of it:"Other lock manufacturers said they encrypted the user password for Bluetooth transmissions, Rose said. Technically, they did. But with at least one, Rose discovered that he could simply grab the encrypted password out of the air, then send it back to the lock — and the lock would unlock without the password ever being decrypted."The hackers, which demonstrated the attacks at Defcon, noted that owners can help protect themselves by turning off Bluetooth on their smartphones when not in use (or revert to higher quality "dumb" locks). But it's worth noting that forgetting to include basic security on your device is one thing. But time and time again when these companies are informed of the vulnerabilities in their products, they double down on their incompetence and apathy, making it abundantly clear that they don't actually care if their security products are actually secure:"We figured we'd find vulnerabilities in Bluetooth Low Energy locks, then contact the vendors. It turned out that the vendors actually don't care," Rose said. "We contacted 12 vendors. Only one responded, and they said, 'We know it's a problem, but we're not gonna fix it.'"It's worth reading that last bit again, so when Bruce Schneier's Internet-of-Things-induced cyber apocalypse occurs we can't pretend we weren't warned.Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
Nothing's going to stop Louisiana sheriff Jerry Larpenter from defending his good name. If you "print lies" about the sheriff, he'll "come after you." He'll have to use a criminal complaint filed by someone else (insurance agent Tony Alford) and an unconstitutional law to do it... but he's still coming after you. The "you" in this case is a local police officer who allegedly runs a blog that allegedly made defamatory comments with claims of corruption involving the sheriff, his wife, and the insurance agency she works for. Defamation isn't normally a criminal offense. Louisiana, for some reason, still has a criminal defamation statute on the books, but it only applies to non-public figures, which the sheriff -- and the parish's insurance agent, Tony Alford -- are not. Alford, who filed the complaint, not only holds two government positions but his agency also secured a no-bid contract to provide insurance services to the parish. Never mind all that, though. Sheriff Larpenter found an off-duty judge to sign a search warrant and raided Officer Wayne Anderson's home, seeking evidence that he was the author of the posts. Anderson denies having anything to do with the blog posts, not that it matters. Larpenter's deputies have already made off with five electronic devices, including a laptop belonging to the officer's kids. It would seem that after the initial raid and seizure, cooler judicial heads might prevail. No luck here. Abusing power to oppress speech is something embraced by at least two-thirds of the governmental checks-and-balances system. The judge (Randall Bethancourt) presiding over the case is none other than the judge Larpenter sought to sign his questionable search warrant -- a judge who wasn't on duty for criminal cases when the sheriff pushed his affidavit through. A Terrebonne Parish judge on Friday stood by his decision to authorize the sheriff's office to seize a Houma police officer's computers earlier this week under the theory they were used to post a blog that may have defamed the sheriff. I'm sure the judge was in no hurry to invalidate a warrant he signed. Anderson's lawyer argued there was no basis for it because the statute used to obtain it is unconstitutional as applied to the allegedly-defamatory blog posts. Judge Bethancourt, however, feels none of this is really a big deal. Bethancourt said [the sheriff] had to stay within the "four corners" of the warrant and affidavit and said he couldn't tell if Alford was a public official. Frustrated, Ardoin pointed out that Alford is on the Levee Board, but what's relevant is that the comments in the complaint were about public affairs and should be protected speech. Apparently, Bethancourt will know whether or not the Constitution applies after the sheriff's office has already examined the devices. And why not, because the statute being used can be interpreted many ways, especially with Bethancourt reading it. Bethancourt countered that Louisiana’s criminal defamation statute is "pretty broad" and said he would allow the state to "take a look-see at these computers that might have defamatory statements on them." Gotta love that down-home spin on possible First and Fourth Amendment violations. Law enforcement will just be performing a "look-see" within the "four corners" of a likely-invalid search warrant… all with the blessing of a judge who was apparently in jeans and a T-shirt when approached by someone from the sheriff's office during his day off. The DA's office isn't much help either, stating that the warrant is "presumed valid" until ruled otherwise and "speaks for itself." The DA did not elaborate on what the warrant said when speaking on its own behalf, but WWLTV notes District Attorney Joe Waitz, Jr. is also mentioned in the blog as being part of a parish-wide web of corruption. At least one member of the parish government has decided to take the litigation route, as one normally does when confronted with possible defamation. Alford owns multiple businesses with Parish President Gordon Dove, who, the parish acknowledges, engaged Alford as the parish’s new insurance agent-of-record without any public bid. Dove told WWL-TV that he is considering suing whoever posted the website, in part because it mentions his daughter, who is married to an assistant district attorney. He also defended the hiring of Alford because his insurance agency is local and would replace an out-of-parish consulting firm. This thicket of incestuous business/government intermingling, along with people marrying into the family business (and sometimes the "business" is government) isn't exactly going to persuade outsiders that the blog's allegations of government corruption are likely to be false. From the look of things, it will be almost impossible to find anyone without a conflict of interest to investigate, prosecute, or adjudicate this case. Meanwhile, Officer Anderson has been suspended indefinitely by the Houma Police Department and his electronics remain in control of the clerk of courts while Bethancourt's assertion of warrant validity is taken up the judicial ladder by his lawyers. And Sheriff Larpenter continues to look like someone who's willing to interpret the laws he's paid to enforce as broadly as needed to silence criticism of him and his office. Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
Cameras have been referred to as "unblinking eyes." When operated by law enforcement, however, they're eyes that never open. Dash cams were supposed to provide better documentation of traffic stops and other interactions. So were lapel microphones, which gave the images a soundtrack. Officers who weren't interested in having stops documented switched off cameras, "forgot" to turn them back on, or flat out sabotaged the equipment. Body cameras were the next step in documentation, ensuring that footage wasn't limited solely to what was in front of a police cruiser. Cautiously heralded as a step forward in accountability, body cameras have proven to be just as "unreliable" as dash cams. While some footage is being obtained that previously wouldn't have been available, the fact that officers still control the on/off switch means footage routinely goes missing during controversial interactions with the public. The on/off switch problem could be tempered with strict disciplinary policies for officers who fail to record critical footage. Or any disciplinary procedures, actually. Chicago, Dallas, Denver, New Orleans, New York, Oakland and San Diego are among the cities that don't specify penalties when officers fail to record, according to the Brennan Center for Justice at New York University's School of Law. Body cameras aren't just for big cities anymore, which means countless smaller towns are just as lax when it comes to ensuring body cameras are rolling during stops and arrests. Samuel Walker, a retired criminal justice professor, notes the problem isn't just limited to body cameras. It's any camera an officer controls. [Walker] pointed to a study that showed across-the-board low compliance rates of officers in one high-crime Phoenix neighborhood between April 2013 and May 2014, the most recent information available. Officers only recorded 6.5 percent of traffic stops even though the department's policy required cameras to be activated "as soon as it is safe and practical," according to the study, conducted by Arizona State University's Center for Violence Prevention and Community Safety. With body cameras, the default mode of operations for police officers was supposed to be "always on," with a few exceptions for privacy concerns. Instead, the default mode appears to be "only when an officer feels like it." The Alameda County Sheriff's Department changed its body-camera policy following a highly publicized incident last November where two deputies were caught on surveillance video using their batons to beat a car theft suspect in the middle of a street in San Francisco's Mission District. Eleven officers in all responded and 10 failed to turn on their body cameras. The one who did activate his did so by accident. The problem is endemic. Law enforcement agencies have long felt no one should need more evidence than an officer's word and, for far longer than that, have felt that deployments of force shouldn't be second-guessed by outsiders. Recorded footage far too often runs counter to police reports and official narratives. The problem that needs to be fixed, apparently, is the recording devices. During a six-month trial run for body cameras in the Denver Police Department, only about one out of every four use-of-force incidents involving officers was recorded. Cases where officers punched people, used pepper spray or Tasers, or struck people with batons were not recorded because officers failed to turn on cameras, technical malfunctions occurred or because the cameras were not distributed to enough people, according to a report released Tuesday by Denver’s independent monitor Nick Mitchell. What happens when disciplinary procedures are in place for failing to activate cameras? For one, compliance with camera policies goes way up. According to data from the Oakland Police Department, of the 504 use of force incidents last year, 24 were not captured on camera. That puts the department a 95 percent success rate of recording use of force incidents. The other thing that happens is better quality policing. The Oakland Police Department has seen a 66 percent decrease in use of force incidents since the department started issuing body cameras to all of its officers in 2011. Agencies that aren't willing to hold officers accountable aren't just (often literally) hurting the public they serve. They're also hurting themselves. They may not care what the public thinks when spokespeople deliver the news that all nine dash cams coincidentally malfunctioned during the beating of an arrestee, but they've also got legislators to answer to -- many of whom are tiring of dumping public funds into lawsuit settlement sinkholes. Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
The NFL is almost a perfect study in how the combination of an attempt at strict control of its content and a complete lack of understanding of the Streisand Effect will produce the opposite of the intended result. Past versions of this have included the NFL's insane claim of copyright on the only footage that exists of the original Super Bowl, meaning nobody actually gets to see the footage, as well as the league's attempt to bury an ESPN documentary about head trauma as it relates to football. In both cases, the NFL comes out looking petty at best, and much worse in the case of trying to hide the negative health effects of the game from the parents of children who might otherwise play it. But even that kind of evil and petty takes a back seat to the NFL deciding to cut out a portion of Orlando Pace's Hall of Fame induction speech in which he gives a shout-out to the city of St. Louis, former host of the Rams. St. Louis football fans who hoped to see a shout-out from the Rams’ newest Hall-of-Famer Orlando Pace might have been disappointed if they watched the version of his speech uploaded to the NFL’s YouTube channel. While the other inductees’ speeches from last night’s event are presented unedited by the NFL—including Brett Favre’s 37-minute misunderstanding of “go long”—Pace’s speech is cut off before he gets to the portion where he tells St. Louis fans that “nothing can ever take [our championship] away from you.” The Rams, of course, just recently bailed on St. Louis for Los Angeles, to the tune of much strife and controversy. And as much as I love digging at St. Louis sports fans, the NFL's attempt to control its brand message by removing a short, innocuous tip of the cap to a city that a Hall of Fame player called home for so long is almost hilarious in its petty cruelty. And, as per usual, it didn't really work anyway. That Streisand Effect will get you every time. When people noticed that the NFL's official upload had the shout-out to St. Louis edited out, that editing was reported on, and the portion of the speech that had been omitted suddenly became share-worthy. Nice try, guys. Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
At long last, the federal government is getting serious about tracking the use of deadly force by law enforcement officers. For most of the last two decades, the DOJ has been collecting this information from local law enforcement agencies, but only on a voluntary basis. As a result, the federal numbers have nearly no relation to the real numbers -- which have been compiled by a handful of private actors, including The Guardian, a UK-based journalistic entity. Last June, legislators introduced a bill (that promptly went nowhere) which would replace voluntary reporting with mandatory reporting. The FBI expressed its concern about the government's inability to collect accurate information on citizens killed by police officers, offering on multiple occasions to replace its voluntary system with a better voluntary system. The Guardian is reporting that the voluntary system is finally being replaced with something that will create actual accountability. Police departments will be required to give the US justice department full details of deadly incidents involving their officers each quarter, under a new government system for counting killings by police that was influenced by the Guardian. Announcing a new program for documenting all “arrest-related deaths”, federal officials said they would actively work to confirm fatal cases seen in media reports and other open sources rather than wait for departments to report them voluntarily. This still lets local PDs off the hook in terms of immediate self-reporting. But that's probably ok, as there's nothing in the reporting of deaths at the hands of police officers that encourages urgency or transparency from law enforcement agencies. With the feds independently verifying reported deaths -- i.e., those reported by journalists -- delays between reports and their addition to the federal numbers will be decreased dramatically. Law enforcement agencies aren't completely off the hook, however. They'll still be required to report in custody deaths to the Justice Department. The difference is that the DOJ will no longer wait around for agencies to self-report. Local agencies heavily reliant on federal funding will probably be the agencies filling out these reports the fastest. In their Federal Register article, officials cited their authority under the death in custody reporting act – a law that states local departments must report all deaths in custody to the justice department or lose 10% of their federal funding. The law has been largely ignored since being reauthorized in December 2014. The other change of note is that this will no longer be a year-end tabulation after all the self-reporting is completed. Agencies can fill out one form for 2016's total deaths, but going forward will be required to hand these in quarterly. Agencies will also be responsible for collecting a lot of data they've never had to previously. Details about the deadly incident will need to be provided, along with demographic data on the deceased. Coroners and medical examiners serving law enforcement agencies will also need to turn over information to the government and will be asked to confirm local news reports on officer-involved deaths. This is a huge step forward for a federal agency that has long relied on voluntary reporting from compliant law enforcement agencies to tabulate the use of deadly force by officers. It's a sign that the federal government finally realizes the good people in law enforcement can't be relied on to hand over data on incidents that make them look less that perfect on a voluntary basis. Targeting federal funding is a smart move because that's the sort of money that gets spent on surveillance tools and 1033 acquisitions that agencies normally couldn't afford without it. The real test will come when it's implemented, as it often takes more than federal mandates to alter entrenched cultures where accountability and transparency are considered weaknesses. Permalink | Comments | Email This Story

Read More...
posted 16 days ago on techdirt
For years we've discussed how incumbent broadband providers protect their duopoly by writing and lobbying for awful protectionist state laws. These laws, passed in nineteen different states, either significantly hamstring or outright ban towns and cities looking to build their own networks, or strike public/private partnerships with companies like Google Fiber. In most instances, these towns and cities only jumped into the broadband business after being under-served for a decade -- if they were able to get broadband in the first place. While it was overshadowed by the net neutrality vote at the time, back in February the FCC voted 3-2 to try and take aim at the most restrictive parts of these laws. The FCC argued that it could use its authority under Section 706 of the Communications act -- which requires the FCC to ensure "reasonable and timely" deployment of broadband access -- to pre-empt these restrictions working in contrast to that goal. But North Carolina and Tennessee quickly sued, arguing that preventing them from letting AT&T and Comcast write awful state laws violated their state rights. In a huge blow to the FCC, the US Court of Appeals for the Sixth Circuit (pdf) has ruled that the FCC's pre-emption of these state restrictions must be reversed, because Section 706 doesn't clearly provide the FCC with the proper authority. While the FCC may have been well intentioned, all three Judges noted that the law simply doesn't give the FCC the authority to strip out chunks of state law:"Section 706 does not contain a clear statement authorizing preemption of Tennessee’s and North Carolina’s statutes that govern the decisions of their municipal subdivisions. Section 706(a) instructs the FCC to utilize “measures that promote competition in the local telecommunications market, or other regulating methods that remove barriers to infrastructure investment.” Subsection (b) is a similar but broader instruction—it directs the FCC to “remov[e] barriers to infrastructure investment and . . . promot[e] competition in the telecommunications market."The ruling continues, reiterating that the Communications Act language is simply too murky to be applied by the FCC in this fashion:"Remove barriers to infrastructure investment” is unclear regarding whether it applies to public and private infrastructure investment or only private infrastructure investment. “Infrastructure,” by itself, is not specific to the public sphere. Furthermore, nowhere in the general charge to “promote competition in the telecommunications market” is a directive to do so by preempting a state’s allocation of powers between itself and its subdivisions."While the FCC may have gotten too creative under the scope of the law, the end result of the ruling is unfortunate all the same. For more than a generation, phone and cable companies like AT&T and Comcast have all but owned many state legislatures, who in turn make it their unrelenting mission to protect regional, geographical monopolies (duopolies, if you're "lucky") from any evolution or competition whatsoever. And while Tennessee and North Carolina were quick to breathlessly accuse the FCC of violating states rights, state leaders haven't been concerned in the slightest that letting AT&T and Comcast write bad state laws consistently hurts consumers, businesses, and the state itself. Tennessee remains a broadband backwater for just this reason, so this shouldn't be a ruling anybody in the state (or in policy circles) is popping champagne corks over. It remains unclear what the FCC will do now, though in a statement FCC boss Tom Wheeler said he intends to continue fighting these restrictions, one way or another:"In the past 18 months, over 50 communities have taken steps to build their own bridges across the digital divide. The efforts of communities wanting better broadband should not be thwarted by the political power of those who, by protecting their monopoly, have failed to deliver acceptable service at an acceptable price. The FCC’s mandate is to make sure that Americans have access to the best possible broadband. We will consider all our legal and policy options to remove barriers to broadband deployment wherever they exist so that all Americans can have access to 21st Century communications. "Should states seek to repeal their anti-competitive broadband statutes, I will be happy to testify on behalf of better broadband and consumer choice. Should states seek to limit the right of people to act for better broadband, I will be happy to testify on behalf of consumer choice."The agency could appeal, could try its luck in a different jurisdiction and hope for better results, or it could wait on Congress to properly give it the authority it needs to fight broadband corruption and dysfunction of this type (chortle, guffaw). Unfortunately for consumers, Wheeler's running out of time if, as tradition encourages, he's going to step down with the election of a new President. While we wait, the onus once again rests squarely on the shoulders of voters to be informed, and to kick cash-compromised telecom sector sycophants out of office.Permalink | Comments | Email This Story

Read More...
posted 16 days ago on techdirt
When it comes to intellectual property bullying, the unholy alliance between the USOC and NBC seems to be trying to see exactly how far it can push things. Between NBC's "most live ever" broadcast of the games that still has unnecessary delays in both its television and streaming product and the USOC's strange belief that companies that sponsor athletes year-round somehow can't tweet out factual results or news images of those athletes as it relates the games due to trademark law, it's enough to make you laugh. But it's not only the antics of the USOC and NBC that is chuckle-worthy. Local sports coverage of the Olympics is too, thanks to the laughable restrictions NBC has put in place. Here's my hometown sports anchor, for instance, who came up with a creative way to cover the Olympics by not covering them at all in protest. Yes, instead of actually reporting on the games at all, Pat Tomasulo of Chicago's WGN decided to relay just how insane NBC is with its demands for how its footage is used and how other news groups are allowed to cover the Olympics. He decided to cover a different international competition run by "one of the most corrupt organization's in the world", whose logo is a series of interconnected triangles and whose theme song is Bump and Grind by R. Kelly. Then he read some Olympics results over footage of his own high school wrestling days, fully crediting his own mother. Now, this isn't just funny, it's also a wonderful little push back against NBC for its frankly insane restrictions on Olympics coverage. As a reward for being that restrictive, at least one local news organization decided not to report on the Olympics at all. So, NBC... mission accomplished? Permalink | Comments | Email This Story

Read More...
posted 16 days ago on techdirt
In a recent ruling in a child porn investigation case, a judge declared that the FBI's Network Investigative Technique (NIT) -- which sent identifying user info from the suspect's computer to the FBI -- was the equivalent of a passing cop peering through broken blinds into a house. [I]n Minnesota v. Carter, the Supreme Court considered whether a police officer who peered through a gap in a home's closed blinds conducted a search in violation of the Fourth Amendment. 525 U.S. 83, 85 (1998). Although the Court did not reach this question, id at 91, Justice Breyer in concurrence determined that the officer's observation did not violate the respondents' Fourth Amendment rights. Id at 103 (Breyer, J., concurring). Justice Breyer noted that the "precautions that the apartment's dwellers took to maintain their privacy would have failed in respect to an ordinary passerby standing" where the police officer stood. What would normally be awarded an expectation of privacy under the Fourth Amendment becomes subject to the "plain view" warrant exception. If a passerby could see into the house via the broken blinds, there's nothing to prevent law enforcement from enjoying the same view -- and acting on it with a warrantless search. Of course, in this analogy, the NIT -- sent from an FBI-controlled server to unsuspecting users' computers -- is the equivalent of a law enforcement officer first entering the house to break the blinds and then claiming he saw something through the busted slats. The DOJ may be headed into the business of breaking blinds in bulk. Innocuous-sounding legislation that would allow the FBI to shut down botnets contains some serious privacy implications. Senators Whitehouse (D-RI), Graham (R-SC), and Blumenthal (D-CT) introduced the Botnet Prevention Act in May, which (among other things) amends the portion of federal law (18 U.S.C. § 1345) that authorizes these injunctions. The bill would expand § 1345 by adding violations of a section of the Computer Fraud and Abuse Act (“CFAA”) that covers botnets (and more) to the list of offenses that trigger the DOJ’s ability to get an injunction. More specifically, it would allow injunctions in all violations or attempted violations of subsection (a)(5) of the CFAA that result or could result in damage to 100 or more computers in a year, including any case involving the “impair[ment of] the availability or integrity of the protected computers without authorization,” or the “install[ation] or maintain[nance of] control over malicious software on the protected computers” that “caused or would cause damage” to the protected computers. It only sounds like a good idea: the government riding to the rescue of unaware computer users whose devices have been pressed into service by malware purveyors and criminals. But, as Gabe Rottman of CDT points out, there's some vague wording in the existing law that would undercut important Fourth Amendment protections when used in conjunction with the DOJ's botnet-fighting powers. Buried deep within § 1345(b) is a single phrase that could open up a number of thorny issues when this injunctive authority is applied to botnets. The section not only allows the government to obtain a restraining order that stops someone from doing something nefarious, but also an order that directs someone to “take such other action, as is warranted to prevent a continuing and substantial injury . . . .”' Rottman points to the FBI's 2011 shutdown of the Coreflood botnet. After obtaining a restraining order under the federal rule, the FBI used its own server to issue commands to infected computers, halting further spread of the malware and shutting down the software on infected host devices. Again, this seems like a good use of the government's resources until you take a closer look at what's actually happening when the FBI does this sort of thing. The court hearing the Coreflood case accepted the government’s argument that the “community caretaker” doctrine allowed the transmission of the shutdown order, as the action was “totally divorced from the detection, investigation, or acquisition of evidence relating to the violation of a criminal statute.” At the time, the government likened its actions to a police officer who, while responding to a break-in, finds the door to a house open or ajar and then closes it to secure the premises. The "community caretaker" function is one exception to warrant requirements. Accessing peoples' computers without their permission under these auspices allows the FBI to avail itself of a second warrant exception. In order to scrub private computers for malware, the government would, by necessity, have to search the computer and its contents for the malware. Once the door is ajar, rather than closing it, the police would actually “walk in” to the computer. And anything they find in “plain view” can be used as evidence of a crime. Nothing in the current version of the bill would prevent such a search or collection, giving the government the potential means to search countless computers of victims of the botnet (not the perpetrators) without a warrant. While these are both valid exceptions to warrant requirements, they've never been deployed on this sort of scale. Officers can perform community caretaker functions that may result in contraband being discovered in plain view. When the FBI takes on a botnet, however, it will have access to potentially thousands of computers at a time and the legislated permission to not only "enter" these computers, but to take a look around at the contents. The Fourth Amendment was put into place to end the practice of general warrants. The FBI's botnet-fighting efforts turn court-ordered injunctions into digital general warrants, only without the pesky "warrant" part of the phrase. And, unlike other warrants, the proposed legislation would do away with another Fourth Amendment nicety: notification. As CDT noted in its comments on the Rule 41 change mentioned above, potentially as many as a third of computers in the United States are infected with some form of malware. And, botnets are extremely hard to clean up, especially when you depend on victims to voluntarily submit their computers for cleaning. Given this reality, unless notice is required by statute, law enforcement would have an incentive to dispense with notice in the much wider array of shutdowns permitted under the Graham-Whitehouse bill. The bill has only been introduced and there's no forward motion as of yet. It's in need of serious repair before it heads further up the legislative chain. As it's written, there's nothing standing between people's personal files and a host of digital officers wandering through virtual houses in search of malware and searching/seizing anything else that catches their eye. Permalink | Comments | Email This Story

Read More...
posted 16 days ago on techdirt
The Developer's AWS Mastery Bundle will help you master Amazon's popular cloud computing platform. The first course prepares you to take the AWS Certified Developer Associate Exam with 64 lectures and practice exams to test your knowledge. The second course is an introduction to AWS Lambda and will teach you how to write, deploy, scale and manage lambda functions, so you can architect solutions from microservices that scale massively and respond almost in real time. Learn all about Git and GitHub and how to integrate GitHub with AWS in the third course. The fourth course in the bundle covers AWS CloudFormation which allows you to deploy resources in Amazon Web Services quickly across multiple regions. All four courses are available for only $29 in the Techdirt Deals Store. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.Permalink | Comments | Email This Story

Read More...
posted 16 days ago on techdirt
For nearly two years now, we've been following an important DMCA-related case between music publisher BMG and the ISP Cox Communications. While the issues are a bit down in the weeds, what it really comes down to is a question of whether or not internet access providers are required to have a "repeat infringer" policy that removes customers who are seen to have been engaged in too much copyright infringement. Most people had assumed that the DMCA's requirements for a repeat infringer policy only applied to hosting providers -- i.e., those who help people host content -- as opposed to transit providers, who are merely providing the connectivity. In this case, though, that important nuance seemed to have gotten lost in the shuffle, mainly because of some stupid behavior on the part of Cox. Amazingly, Cox is basically the only major ISP out there that has a history of actually kicking people off its service for infringement. Most others have historically refused to do so. But Cox's policy is ridiculously complex, and involves something around 13 steps... and, on top of that, Cox admitted that once it's kicked people off they can just sign up for new service. Seeing all that, the court basically decided that Cox was acting in bad faith, and thus jumped right over the question of whether or not the repeat infringer policy even applied to Cox. The judge in the case, Judge Liam O'Grady (who is also handling the Kim Dotcom case...) is not exactly known for his love of the internet. Earlier in the case, he had mocked the idea that there was any harm in kicking people off the internet. Responding to an attempt by Public Knowledge and the EFF to file an amicus brief, the judge mocked both organizations and the proposed brief itself: It is a combination of describing the horrors that one endures from losing the Internet for any length of time. Frankly, it sounded like my son complaining when I took his electronics away when he watched YouTube videos instead of doing homework. And it's completely hysterical. Up against that, it's no surprise that Cox found itself on the losing side. We explained why this ruling was so problematic and it goes way beyond the $25 million Cox was told to pay BMG. As part of the process of moving on to appeal, Cox asked Judge O'Grady to reconsider his original ruling as a matter of law, and he's now rejected that plea with a fairly long and detailed opinion. Cox raised three specific concerns about the original ruling, saying that BMG failed to show actual direct infringement, that it failed to provide evidence of Cox's liability and that it also failed to show evidence of willfulness. O'Grady is not impressed. On the question of direct infringement, Cox pointed out all of the problems with Rightscorp's system (which is what BMG was using) in identifying infringement -- and also argued that Rightscorp's own downloads aren't evidence of infringement. BMG responded that they tested Rightscorp's system and it seemed accurate to them. O'Grady says that Rightscorp's downloads are perfectly good evidence and doesn't go much deeper than that. On the question of Cox's liability is where things really go off the rails. Cox points to the famous (and important) ruling in the Sony Betamax case that said that VCR devices are legal thanks to "substantial non-infringing uses." BMG then tried to use the Grokster ruling on inducement to undermine what the Supreme Court said in Sony. Here, O'Grady decides that the Sony ruling was a narrow one. That's a problem. O'Grady says that because Cox has an ongoing relationship with potential infringers, rather than ending that relationship at the point of sale, the Sony standard doesn't apply. Such a claim is possible here because, unlike in Sony, Cox maintains an ongoing relationship with users of its service. Sony's last point of contact with users of the VTR was at the point of sale.... An ongoing relationship between a defendant and direct infringers presents a potential for culpability quite beyond distribution or design.... The judge also rejects the "in the alternative" argument presented by Cox that even if Sony doesn't apply, under Grokster the only way to apply liability is if Cox was found to have induced infringement (remember, the Supreme Court in the Grokster case made up -- out of thin air -- an "inducement" standard to explain why Grokster's file sharing system wasn't protected by the Sony ruling). Here, however, O'Grady takes the Grokster ruling to mean not just that there's an inducement standard, but rather as open season to come up with reasons why the Sony standard doesn't apply. Yikes. Cox also argues that if Sony does not provide immunity, the Grokster Court made clear that BMG's only path to liability was through an inducement claim. The Court again disagrees. It bears noting that adopting Cox's reading of Sony and Grokster would greatly simplify this area of law. Sony would be a complete bar to contributory infringement whenever a defendant's product or service is capable of commercially significant noninfringing uses, and that safe harbor would be removed for only a distinct subset--those that actively induce infringement. Well... yeah. That's what the courts have said. What's so terrible about that reading of the law? It makes perfect sense. Instead, O'Grady wants the law to be something different -- allowing courts to shut down services with substantial non-infringing uses by pinning liability based on... vague other claims. That's problematic on a number of levels as it almost writes the Sony ruling out of existence. (As an aside, in a footnote, O'Grady notes that if the appeals court disagrees with him on this point, the case is effectively over, as BMG didn't claim that Cox engaged in inducement until after the case was over, which he notes, correctly, "is far too little and far too late." Finally, on the question of whether or not Cox was "willfully" blind to infringement on its network, O'Grady again takes a very expansive and troubling view of what he believes the law says. While multiple courts have taken the quite reasonable view that "willful" blindness requires actual knowledge of infringing behavior, O'Grady goes with a broader definition, and takes jokey emails from Cox's abuse team as "proof" that it knew of infringement, and then combined that with the fact that Rightscorp bombarded Cox with notices (whose sole purpose was not to stop the infringement, but rather in hopes that Cox would pass them on to subscribers to get those subscribers to cough up money). But Judge O'Grady takes Cox's decision to treat Rightscorp notices more like spam as a sign of willful blindness: There was a significant amount of evidence of Cox's general knowledge of infringement on its network. Cox received notices from other copyright holders complaining of infringement. Cox knew from its traffic analysis that subscribers were using BitTorrent.... There was evidence from industry reports that the overwhelming majority of traffic on BitTorrent was infringing, and emails among members of the Abuse Group indicated Cox's knowledge of that fact.... ("Bittorrent is used for one thing only... and I would know. ;-)")... ("99% of DMCA violations is from people using P2P on purpose and not Trojan activity.") While generalized knowledge of infringement occurring on its network is not sufficient standing alone, it did provide the backdrop for Cox's decision to continuously ignore and take no action in response to the 1.8 million notices, weekly letters, and dashboard from Rightscorp. There was also evidence that Cox had configured its graduated response system in such a way as to reduce both the total number of notices that entered the system and the amount of customer-facing action that may be required. Moreover, internal Cox communications, which were admitted over Cox's objections, signaled that Cox's decision not to process Rightscorp's notices may have been due to more than just the presence of the settlement language and instead reflected a general disdain for any enforcement responsibilities. Again, O'Grady reads this in the worst possible light. But an ISP should have disdain for copyright holders trying to lump all the liability on them. The whole idea that everyone thinks ISPs should be Hollywood's private police force is silly, and it's why the safe harbors of the DMCA are designed to keep most of the liability off of the ISPs. Not surprisingly, O'Grady also rejects all of Cox's complaints about the jury instructions and the exclusion of certain evidence. This included O'Grady's decision to block evidence of Righscorp's seriously scammy behavior -- such as its phone script telling people who said they hadn't infringed that they needed to hand their computers over to the local police to search the hard drives. O'Grady says he was right to exclude that evidence because it might unfairly prejudice or confuse the jury. Basically the only thing that goes Cox's way is O'Grady's decision to deny BMG's request for a permanent injunction At the outset, the Court notes that BMG's brief in support of an injunction relied heavily on a statement of fact that was not true. Specifically, BMG alleged that, following the jury verdict, Cox had continued to ignore Rightscorp's detection of "massive infringement" on its network.... ... In fact, Cox provided notice to BMG shortly after trial that Righscorp was no longer blacklisted. The court goes on to note that BMG's request for an injunction is overly broad and extreme, and would basically allow Rightscorp to kick people off of Cox's service with little oversight. Hilariously, BMG also demands that Cox "hand over the identity, email address, mailing address, and telephone number of every subscriber that BMG identifies...." Which is basically "please let us let Rightscorp play its shakedown game." Thankfully, the court rejects that too and laughs off BMG's claim that this is necessary for "transparency." Quite obviously, if that were the reason, there would be numerous ways to anonymize subscribers and still track Cox's actions. There certainly would never be a need for an email address, mailing address, and telephone numbers. When asked, counsel conceded that the infromation would be given to Rightscorp... Anyway, all of this is just prelude anyway. It seems highly likely that Cox will appeal this decision (though, it's also possible that it will come to some sort of settlement agreement with BMG). It's the appeal where all of this will become especially interesting.Permalink | Comments | Email This Story

Read More...
posted 16 days ago on techdirt
For years we've noted how as a product of the cable and broadcast industry, Hulu has often gone out of its way to avoid being truly disruptive. Owners 21st Century Fox, Disney and Comcast/NBC have worked hard to ensure the service is never too interesting -- lest it cannibalize the company's legacy cable TV cash cow. So Hulu has been doomed to walk the halls of almost but not quite compelling purgatory, a rotating crop of execs for years trying to skirt the line between giving consumers what they actually want -- and being a glorified ad for traditional cable television. Fast forward to this week, when Hulu announced that the company is backing away from free as a core component of its business model. While Hulu began as a free option, it has slowly but surely been making free content harder to come by. Instead, users now have the option of paying either $8 per month for a streaming service with ads, or a $12 per month service (mostly) free of advertising. As such, the company proclaims that offering anything for free is no longer part of the company's vision of the ideal "Hulu experience":"For the past couple years, we’ve been focused on building a subscription service that provides the deepest, most personalized content experience possible to our viewers,” Hulu senior VP and head of experience Ben Smith said in a statement. “As we have continued to enhance that offering with new originals, exclusive acquisitions, and movies, the free service became very limited and no longer aligned with the Hulu experience or content strategy."Instead, Hulu intends to focus on its subscription services, and the launch of a live TV subscription platform sometime in early 2017. It will offer some free content 8 days after a program's air date, but only via a new Yahoo/Verizon web portal that may or may not even exist next year at this time. Thanks to intentional release delays, a shrinking catalog of free options and other restrictions you'll note Hulu can't specifically claim that the free business model failed, because it was never truly given a chance to succeed. And because this is the cable and broadcast industry, Hulu's "content strategy" will remain hamstrung by all manner of unnecessary restrictions. Time Warner, which recently paid $583 million for a 10% stake, has been pushing to pull all current seasons of shows from the service. It's also worth remembering that the 2011 NBC Universal merger conditions blocked Comcast from meddling in Hulu management (not that this always stopped Comcast) to prevent anti-competitive shenanigans. But those restrictions will sunset in early 2018, at which point ownership pressure to ensure Hulu isn't too disruptive will only grow. So on one side, you have Hulu claiming it wants to become disruptive and profitable. On the other side, you have its owners intentionally doing things to ensure it never becomes too disruptive and profitable. And offering free services as part of your business model certainly doesn't line up with the goal of keeping the legacy cable industry cash cow happily mooing for another decade. As we've long noted, most cable and broadcast companies think this whole cord cutting thing is a fad that ends when Millennials start procreating. As such the focus is on the illusion of innovation while they wait for the storm to pass. While ditching free may not be a great idea, the real threat to the viability of a streaming revolution remains exclusive licensing and fractured content availability. As broadcasters increasingly focus on their own streaming services, exclusive arrangements (like CBS with Star Trek) are flourishing. In Hulu's case, it means losing access to the CW network, now exclusive to Netflix. It also means losing access to the Criterion Collection of films, now the streaming exclusive of a new Turner-owned streaming platform called Filmstruck. This fractured availability only frustrates and confuses customers, many of which will simply return to piracy.Permalink | Comments | Email This Story

Read More...
posted 16 days ago on techdirt
It's no secret that big publishing companies (especially academic publishing companies) really really dislike Sci-Hub. Sci-Hub, of course, is the quite interesting site that enables academics to access and share PDFs of published scientific research. We've written about it a bunch, including Elsevier's ridiculous legal crusade against the site, which has only served to act as a huge advertisement for the site. As we noted, using copyright to shut down Sci-Hub seemed to go entirely against the purpose of copyright, which was officially designed to promote "learning" and scientific knowledge. Nonetheless, the publishers really, really hate it. But even so, it seems pretty ridiculous for the Association of American Publishers (AAP) to freak out so much about an academic librarian just mentioning Sci-Hub while on a panel discussion, that it would send an angry letter to that librarian's dean. But, that's exactly what AAP did, in complaining about comments by librarian Gabriel Gardner to his dean, Roman Kochan, at the University Library for California State University. The letter, signed by AAP President Thomas Allen seems to suggest that any moderately positive comment about Sci-Hub should be banished from any academic discussion: I am disappointed to learn that a librarian from California State University, Long Beach, Gabriel Gardner, recently praised the notorious pirate site Sci-Hub and recommended that attendees at a session use the site. Mr. Gardner was a panelist at the American Library Association's session "Resource Sharing in Tomorrowland - a Panel Discussion About the Future ofinterlibrary Loan" at the association's annual conference in Orlando. On the panel he said, essentially, "Try it, you'll like it." Sci-Hub has been enjoined from further operation as an unlawful enterprise that has committed mass theft of copyrighted material. Sci-Hub should not be equated with any legitimate interlibrary loan or open access publishing practices. It goes on to whine about how horrible Sci-Hub is (yes, a tool for free access to scientific research and knowledge is being derided here...), and then whines about silly ideas like "academic freedom." As a member of the California State University system it is surprising that a CSU Long Beach librarian would promote the activities of an adjudicated thief who has compromised university computer systems and databases worldwide. Unfortunately, Sci-Hub supporters invoke academic freedom, freedom of speech, freedom of scientific inquiry, and encouraging universal access to the results of scientific research to justify the theft of intellectual property. Such rationalizations do not in my opinion justify providing public encouragement for unquestionably illegal activity to institutions and the scholarly communication system. I believe such public encouragement from one of your librarians is inconsistent with the university library's mission and its leadership in support of scientific research. The recipient of the letter, Dean Roman Kochan, was, to put it mildly, not that impressed with Allen's letter, and notes that Allen seemed to be freaking out over absolutely nothing. In fact, Kochan notes that most of Gardner's comments about Sci-Hub were actually focused on its illegal nature. And, he points out, that Gardner's comments were related to an article that Gardner had co-written pointing to problems with this kind of crowdsourced research sharing. Their article, "Fast and Furious (at Publishers): The Motivations behind Crowdsourced Research Sharing," is based on a survey of users of peer-to-peer research-sharing services on the frequency of, and the motivations behind, their use of these services. They conclude that these services "go beyond document delivery to the legal bedrock that is our current copyright and intellectual property systems." So, contrary to your allegations that the researchers provided "public encouragement" of services such as SciHub, their research points out the very real problems with this type of crowdsourcing. [....] Besides the legal cautions in the C&RL article, Mr. Gardner has been quoted on #icanhazPDF, and in the 2015 Conference Proceedings of the Association of College & Research Libraries as saying that such peer-to-peer sharing is "ethically dubious" and "often violate[s) commercial database terms-of-service (ToS) and/ or copyright." Specifically, regarding the ALA annual conference panel, "Resource Sharing in Tomorrowland a Panel Discussion about the Future of Interlibrary Loan," your paraphrase of Mr. Gardner's statements is taken very much out of context. If you listen to the recording of his presentation, he says that Sci-Hub's actions are "massive piracy" and "totally illegal." To an audience of librarians, he was suggesting that librarians need to try the service to see how easily Interlibrary Loan and authentication systems can be bypassed. In other words, not only did Allen and AAP send a really stupid letter, they picked the exact wrong target. This does not speak well of the AAP and its willingness to understand even basic nuances. Of course, now that Kochan has the AAP's attention, he figures it's probably not worth wasting, and goes on to point out the real problem: the fact that the publishers AAP represents are basically pricing everyone out of the market: However, the larger issue here is that the academic publishing model has become unsustainable. Like many university libraries, the library budgets at California State University Long Beach and the California State University generally cannot sustain annual price increases of 3% to 10% by many of your organization's members. Journal subscription prices are a key part of the reason that extra-legal services, such as Sci-Hub flourish. As you know, the music industry and the movie industry have faced similar challenges. One substantial difference with scholarly journal publishing, however, is that the "artists," the scholars who conduct the research and write the articles, receive no monetary compensation. As the Copyright Clause of the U.S. Constitution states, the purpose of copyright is "To promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries." Rarely do AAP members give their authors such rights. We would hope that AAP would want to be part of the solution to unsustainable academic publishing models. Instead of fighting legislation such as Fair Access to Science and Technology Research Act (FASTR), or criticizing researchers who are shining a light on a very real publishing dilemma, AAP could use its considerable clout to promote new scientific publishing models. After all, as AAP describes it, the organization's historic role is to "promote literacy, defend freedom of speech, advance scientific progress, and stimulate the intellectual and cultural discourse that is central to a healthy democratic society." Bravo. Though it will almost certainly fall on deaf ears. Still, what is it with organizations like the AAP so focused on "protecting" the way things used to be that they can't even bother to think about the way things are actually heading and how to adapt?Permalink | Comments | Email This Story

Read More...
posted 16 days ago on techdirt
The question the government doesn't want to answer is whether we're better off pursuing fake criminals or capturing the real ones. Law enforcement does both, but sting operations -- both of the terrorist and the drug variety -- have been increasing over the years, turning officers and agents into actors and stage directors. The FBI has been crafting "terrorists" from a collection of outcasts, retirees, and the developmentally disabled for years. Canada's law enforcement is just as willing to score on unguarded nets, traipsing happily over the line between "highly questionable" and "actual entrapment" in its own terrorist "investigations." The ATF and DEA have combined forces to drag weapons into drug dealing using elaborate sting operations to entice no small number of people to get prepped to rob a nonexistent stash house of imaginary drugs. This would be bad enough, as it often appears the ATF is willing to bust anyone that engages in speculation about stash house robberies. Adding insult to injury, the federal government recommends sentences based on the fake amount of fake drugs not actually found in the fake stash house suspects talked about robbing. Judge Otis Wright tore into the government for its willingness to craft imaginary stash house robberies and followed it up by asking for convicted suspects to be locked up for real years, based on nothing more than what the government told defendants would be located in the fake stash house. In these stash-house cases, the Government’s “participation in the offense conduct” is what makes them particularly repugnant to the Constitution. Everything about the scheme—and therefore almost everything bearing upon a defendant’s ultimate sentence—hinges solely on the Government’s whim. Why were there not 10 kilograms in the stash house? Or 100? Or 1,000? Why were the guards allegedly armed—necessitating that Defendants bring weapons along with them? All of these factors came down to the ATF and the undercover agent alone. That sort of arbitrariness offends the Constitution’s due-process demands. The government loves these cases because they're easy wins. There are no suspects to track down after a robbery. Instead, every suspect is safely housed in an undercover agent's vehicle, unwittingly waiting to be arrested. The suspects never lay low until the heat dies down, forcing the government to perform actual investigative work. Instead, the suspects are guided through the process of planning for a stash house robbery, including being given weapons to do so if they fail to provide their own. With massive sentences predicated on made-up drug quantities hanging over their heads, plea deals favorable to federal prosecutors are easy to obtain. Another federal judge has plenty of problems with the government's stash house stings. Pennsylvania's Gerald McHugh has just issued a memorandum [PDF] trimming back the sentence handed to Clifton McLean, mainly due to the government's sentencing recommendation being based on the amount of drugs it said would be found at the fake stash house, rather than on anything tangible. [h/t Brad Heath] Early last year, the judge took note [PDF] of the government's willingness to push people into actions they may not otherwise have taken. Initially, there is no indication that McLean was involved in an ongoing criminal enterprise to commit stash house robberies prior to his initial contact with the government informant, and there is also no indication that the government believed it was infiltrating an already-existing conspiracy to commit such a robbery. Rather, in the best case scenario for the government, a newly created conspiracy was hatched when McLean allegedly approached the CI for the first time, though this initiation is less than certain. This factor weighs in favor of McLean. [...] The third factor, and certainly one of the most important, is the nature of government instigation or origination of the crime. The outcome of this inquiry is less clear. The government has asserted that the paid CI in this case was initially approached by McLean, who then inquired about whether the CI knew of any stash houses that McLean could rob. There are many questions surrounding this initial engagement. The encounter was not recorded, which is to be expected since the government asserts that the meeting was not planned, and a CI cannot be expected to wear a wire at all times. However, what this means is that the only person, aside from McLean, who can speak to what occurred at that meeting is the CI, who was not present to testify at the evidentiary hearing. While this is certainly a valid trial strategy, and may reflect government concern over the informant’s safety, I am hesitant simply to adopt this second-hand account of what occurred at this meeting, as told by the agents to whom the CI reported. I certainly do not discredit the testimony of the agents, but all they can testify to is what the CI relayed to them and their impression of his credibility. On top of this, the determination of whether McLean was inquiring about a stash house robbery is based on the CI’s account of slang that McLean used and the CI’s personal interpretation of that slang, with no additional context provided. Unlike other stings the ATF has run, McLean showed more interest than most in pursuing a stash house robbery. But even though the judge didn't see enough to indicate entrapment, he's less pleased with the government's sentencing recommendations. The structure of sting operations such as this is highly problematic. In practical terms, “sentencing discretion is delegated all the way down to the individual drug agent operating in the field.” United States v. Staufer, 38 F.3d 1103, 1107 (9th Cir. 1994). Although the Government defends the specified amount as necessary to protect its agents, I find that rationale troublesome on several levels. First, law enforcement’s tactical concerns should not control either the severity of charges against a defendant or the range of sentences. To the extent that the Government constructs a crime, its elements should be related to a defendant’s culpability. Here, where the record is clear that McLean was “in for a penny, in for a pound,” specifying such a high amount does not truly bear on his culpability. Once the Government established that McLean was willing to engage in an armed robbery of any quantity large enough to resell, its core law enforcement objective was met. [...] The Government clearly had an interest in exposing the scope of his capability and connections, and in seizing as great a quantity of drugs as possible. No similar interest exists where the crime itself is fictional. But if the objective is really to hit stash house sting suspects with the full force of sentencing guidelines, then the objective is "whatever nets the most years in prison." The judge here finds the government always conjures up a quantity of fake drugs that will generate the longest minimum sentence. From my review of reported cases nationwide, I have not identified any investigation where the specified amount of cocaine in the fictional stash house was less than 5 kilograms. By statute, 21 U.S.C. § 841(b)(1)(A), 5 kilograms is the amount that triggers exposure to a 20-year mandatory minimum sentence. [...] [B]y the Government’s reasoning, the very nature of this type of undercover operation necessarily requires, for the safety of its operatives, a scenario that automatically triggers mandatory minimum sentences, even if the target of the sting would otherwise have taken the bait, and regardless of whether the suspect had ever before dealt in quantities of this kind. The government's "evidence" of its fake drug amounts is nothing more than agents' testimony. They can swear they told the defendant there would be more than 5 kilos of drugs. It makes little difference that there were never any drugs to be stolen. The government then wraps itself in its "operative safety" blanket and hopes the judge won't question its inexplicable need to protect its agents by consulting drug sentencing guidelines. Judge McHugh, however, did take a look at it, and doesn't like what he sees -- a government agency pushing judges towards harsher sentences by insinuating anything less would be dangerous for law enforcement agents. Preliminarily, I have an institutional concern that the Government couches the justification for its techniques in terms of officer safety. Unquestionably, undercover operatives are individuals of great commitment and courage who take risks average citizens would find intolerable. Their safety must be of paramount concern. At the same time, however, tying the physical safety of an agent to a mandatory triggering quantity of drugs is problematic. Such a rationale cannot help but inhibit any judge who must consider the implications of sting operations because no responsible judicial officer would ever want to place agents in harm’s way. But without in any way jeopardizing the safety of any agent, a court can certainly ask why, even if it is necessary for purposes of “credibility” to specify certain amounts as part of an operation, why is it necessary to charge the target of the investigation with such high amounts in every case? [...] In short, nothing about the actual record in this case validates the proposition advanced by the Government that substantial amounts of cocaine are fundamental to the success of its operation. This not only prevents judges from exercising discretion, it also prevents the jury from doing its job properly. Absent some constitutional prohibition, because the jury found McLean guilty of conspiring to possess 5 kilograms or more of cocaine, I am bound to sentence him accordingly. This underscores the due process concerns at the heart of sting operations. Since no drugs existed, McLean was charged with conspiring and attempting to possess the amount of drugs the Government decided to offer him, after he had agreed to participate in a fictional robbery. The Government made a deliberate choice concerning which offenses and quantities to charge, a choice that then constrains the jury. The judge goes on to note the government even cited a decision finding against mandatory minimum sentences to support its argument for a mandatory minimum sentence. On top of that, it used the fake drug quantity to ensure it got the sentence it sought, leaving no room for meddling from troublesome judges or jurors. It is certainly true that the jury “found” the defendant guilty of a conspiracy to possess greater than 5 kg of cocaine, but the Government assured such a result in advance by the script that it wrote and the charges that it brought. In that sense, a stash house sting operation is the “perfect” crime, at least from the standpoint of the prosecution, in that it predetermines both verdict and sentence. In the end, Judge McHugh does what he can… which isn't much. He boots the government's mandatory minimum-triggering claim of five kilograms and uses a lower amount. In total, it only takes away five years of McLean's 19-year sentence. But McHugh shows his courtroom won't be a place where the government can expect easy wins with prosecutions where the fix is in from the moment the indictment drops. Some courts have suggested that so long as there is a “reasonable” explanation for the amount of drugs specified in an undercover operation the Government’s conduct will pass constitutional muster. I am not prepared to adopt such an approach where the Government’s premise cannot be tested in any meaningful way and is refuted by specific evidence of record... To the extent that principles of Due Process are meant to be a check on government power, there is no more fundamental interest than liberty. A sting operation that constructs a crime implicates liberty interests in a unique way, in that the Government seeks out its citizens for the purpose of testing their willingness to commit a criminal act. There can be no greater manifestation of the coercive power of Government than creating what is, in effect, a morality test, while specifying the penalty for failing that test in advance. A check on government power is what's needed. Very few courts have been willing to place themselves between defendants and law enforcement agencies that would rather create criminals than go after those already in circulation. Permalink | Comments | Email This Story

Read More...
posted 16 days ago on techdirt
The question the government doesn't want to answer is whether we're better off pursuing fake criminals or capturing the real ones. Law enforcement does both, but sting operations -- both of the terrorist and the drug variety -- have been increasing over the years, turning officers and agents into actors and stage directors. The FBI has been crafting "terrorists" from a collection of outcasts, retirees, and the developmentally disabled for years. Canada's law enforcement is just as willing to score on unguarded nets, traipsing happily over the line between "highly questionable" and "actual entrapment" in its own terrorist "investigations." The ATF and DEA have combined forces to drag weapons into drug dealing using elaborate sting operations to entice no small number of people to get prepped to rob a nonexistent stash house of imaginary drugs. This would be bad enough, as it often appears the ATF is willing to bust anyone that engages in speculation about stash house robberies. Adding insult to injury, the federal government recommends sentences based on the fake amount of fake drugs not actually found in the fake stash house suspects talked about robbing. Judge Otis Wright tore into the government for its willingness to craft imaginary stash house robberies and followed it up by asking for convicted suspects to be locked up for real years, based on nothing more than what the government told defendants would be located in the fake stash house. In these stash-house cases, the Government’s “participation in the offense conduct” is what makes them particularly repugnant to the Constitution. Everything about the scheme—and therefore almost everything bearing upon a defendant’s ultimate sentence—hinges solely on the Government’s whim. Why were there not 10 kilograms in the stash house? Or 100? Or 1,000? Why were the guards allegedly armed—necessitating that Defendants bring weapons along with them? All of these factors came down to the ATF and the undercover agent alone. That sort of arbitrariness offends the Constitution’s due-process demands. The government loves these cases because they're easy wins. There are no suspects to track down after a robbery. Instead, every suspect is safely housed in an undercover agent's vehicle, unwittingly waiting to be arrested. The suspects never lay low until the heat dies down, forcing the government to perform actual investigative work. Instead, the suspects are guided through the process of planning for a stash house robbery, including being given weapons to do so if they fail to provide their own. With massive sentences predicated on made-up drug quantities hanging over their heads, plea deals favorable to federal prosecutors are easy to obtain. Another federal judge has plenty of problems with the government's stash house stings. Pennsylvania's Gerald McHugh has just issued a memorandum [PDF] trimming back the sentence handed to Clifton McLean, mainly due to the government's sentencing recommendation being based on the amount of drugs it said would be found at the fake stash house, rather than on anything tangible. [h/t Brad Heath] Early last year, the judge took note [PDF] of the government's willingness to push people into actions they may not otherwise have taken. Initially, there is no indication that McLean was involved in an ongoing criminal enterprise to commit stash house robberies prior to his initial contact with the government informant, and there is also no indication that the government believed it was infiltrating an already-existing conspiracy to commit such a robbery. Rather, in the best case scenario for the government, a newly created conspiracy was hatched when McLean allegedly approached the CI for the first time, though this initiation is less than certain. This factor weighs in favor of McLean. [...] The third factor, and certainly one of the most important, is the nature of government instigation or origination of the crime. The outcome of this inquiry is less clear. The government has asserted that the paid CI in this case was initially approached by McLean, who then inquired about whether the CI knew of any stash houses that McLean could rob. There are many questions surrounding this initial engagement. The encounter was not recorded, which is to be expected since the government asserts that the meeting was not planned, and a CI cannot be expected to wear a wire at all times. However, what this means is that the only person, aside from McLean, who can speak to what occurred at that meeting is the CI, who was not present to testify at the evidentiary hearing. While this is certainly a valid trial strategy, and may reflect government concern over the informant’s safety, I am hesitant simply to adopt this second-hand account of what occurred at this meeting, as told by the agents to whom the CI reported. I certainly do not discredit the testimony of the agents, but all they can testify to is what the CI relayed to them and their impression of his credibility. On top of this, the determination of whether McLean was inquiring about a stash house robbery is based on the CI’s account of slang that McLean used and the CI’s personal interpretation of that slang, with no additional context provided. Unlike other stings the ATF has run, McLean showed more interest than most in pursuing a stash house robbery. But even though the judge didn't see enough to indicate entrapment, he's less pleased with the government's sentencing recommendations. The structure of sting operations such as this is highly problematic. In practical terms, “sentencing discretion is delegated all the way down to the individual drug agent operating in the field.” United States v. Staufer, 38 F.3d 1103, 1107 (9th Cir. 1994). Although the Government defends the specified amount as necessary to protect its agents, I find that rationale troublesome on several levels. First, law enforcement’s tactical concerns should not control either the severity of charges against a defendant or the range of sentences. To the extent that the Government constructs a crime, its elements should be related to a defendant’s culpability. Here, where the record is clear that McLean was “in for a penny, in for a pound,” specifying such a high amount does not truly bear on his culpability. Once the Government established that McLean was willing to engage in an armed robbery of any quantity large enough to resell, its core law enforcement objective was met. [...] The Government clearly had an interest in exposing the scope of his capability and connections, and in seizing as great a quantity of drugs as possible. No similar interest exists where the crime itself is fictional. But if the objective is really to hit stash house sting suspects with the full force of sentencing guidelines, then the objective is "whatever nets the most years in prison." The judge here finds the government always conjures up a quantity of fake drugs that will generate the longest minimum sentence. From my review of reported cases nationwide, I have not identified any investigation where the specified amount of cocaine in the fictional stash house was less than 5 kilograms. By statute, 21 U.S.C. § 841(b)(1)(A), 5 kilograms is the amount that triggers exposure to a 20-year mandatory minimum sentence. [...] [B]y the Government’s reasoning, the very nature of this type of undercover operation necessarily requires, for the safety of its operatives, a scenario that automatically triggers mandatory minimum sentences, even if the target of the sting would otherwise have taken the bait, and regardless of whether the suspect had ever before dealt in quantities of this kind. The government's "evidence" of its fake drug amounts is nothing more than agents' testimony. They can swear they told the defendant there would be more than 5 kilos of drugs. It makes little difference that there were never any drugs to be stolen. The government then wraps itself in its "operative safety" blanket and hopes the judge won't question its inexplicable need to protect its agents by consulting drug sentencing guidelines. Judge McHugh, however, did take a look at it, and doesn't like what he sees -- a government agency pushing judges towards harsher sentences by insinuating anything less would be dangerous for law enforcement agents. Preliminarily, I have an institutional concern that the Government couches the justification for its techniques in terms of officer safety. Unquestionably, undercover operatives are individuals of great commitment and courage who take risks average citizens would find intolerable. Their safety must be of paramount concern. At the same time, however, tying the physical safety of an agent to a mandatory triggering quantity of drugs is problematic. Such a rationale cannot help but inhibit any judge who must consider the implications of sting operations because no responsible judicial officer would ever want to place agents in harm’s way. But without in any way jeopardizing the safety of any agent, a court can certainly ask why, even if it is necessary for purposes of “credibility” to specify certain amounts as part of an operation, why is it necessary to charge the target of the investigation with such high amounts in every case? [...] In short, nothing about the actual record in this case validates the proposition advanced by the Government that substantial amounts of cocaine are fundamental to the success of its operation. This not only prevents judges from exercising discretion, it also prevents the jury from doing its job properly. Absent some constitutional prohibition, because the jury found McLean guilty of conspiring to possess 5 kilograms or more of cocaine, I am bound to sentence him accordingly. This underscores the due process concerns at the heart of sting operations. Since no drugs existed, McLean was charged with conspiring and attempting to possess the amount of drugs the Government decided to offer him, after he had agreed to participate in a fictional robbery. The Government made a deliberate choice concerning which offenses and quantities to charge, a choice that then constrains the jury. The judge goes on to note the government even cited a decision finding against mandatory minimum sentences to support its argument for a mandatory minimum sentence. On top of that, it used the fake drug quantity to ensure it got the sentence it sought, leaving no room for meddling from troublesome judges or jurors. It is certainly true that the jury “found” the defendant guilty of a conspiracy to possess greater than 5 kg of cocaine, but the Government assured such a result in advance by the script that it wrote and the charges that it brought. In that sense, a stash house sting operation is the “perfect” crime, at least from the standpoint of the prosecution, in that it predetermines both verdict and sentence. In the end, Judge McHugh does what he can… which isn't much. He boots the government's mandatory minimum-triggering claim of five kilograms and uses a lower amount. In total, it only takes away five years of McLean's 19-year sentence. But McHugh shows his courtroom won't be a place where the government can expect easy wins with prosecutions where the fix is in from the moment the indictment drops. Some courts have suggested that so long as there is a “reasonable” explanation for the amount of drugs specified in an undercover operation the Government’s conduct will pass constitutional muster. I am not prepared to adopt such an approach where the Government’s premise cannot be tested in any meaningful way and is refuted by specific evidence of record... To the extent that principles of Due Process are meant to be a check on government power, there is no more fundamental interest than liberty. A sting operation that constructs a crime implicates liberty interests in a unique way, in that the Government seeks out its citizens for the purpose of testing their willingness to commit a criminal act. There can be no greater manifestation of the coercive power of Government than creating what is, in effect, a morality test, while specifying the penalty for failing that test in advance. A check on government power is what's needed. Very few courts have been willing to place themselves between defendants and law enforcement agencies that would rather create criminals than go after those already in circulation. Permalink | Comments | Email This Story

Read More...
posted 16 days ago on techdirt
A couple of years ago, we noted that one lesson from Snowden's leaks was that the NSA and GCHQ were listening in to all the major pipes and nodes that go to make up the Internet. Mesh networks seemed one way to make things harder for the snoopers, but they have been slow to develop on a scale large enough to make a difference. A fascinating article on the Wireless Week site offers tantalizing glimpses of a new generation of wireless technologies that could make meshes easy to set up and hard to monitor. The basic technology is software-defined radio (SDR): Thanks to inexpensive open source software-defined radios (SDRs), innovators will now be able to design their own wireless protocols. These protocols will be easy to use and effective in solving concrete problems instead of broad generalizations or focusing on exceptional use cases. The Github generation of wireless engineers will be born. As their name suggests, the big breakthrough of SDRs is that many components that were previously implemented in hardware can be recreated in software. That means they can be easily changed, which allows wide-ranging and continuing experimentation. Couple that with plummeting costs, and we could be seeing SDRs built into practically everything: Digital signage, smart light poles, vending machines, ATMs, home appliances, and many more devices can all have an SDR in them and provide mobile broadband or other wireless solutions with licensed spectrum, as well. From that, it might seem that SDRs are just a superior, programmable form of the Internet of Things. But here's where things get interesting: Any device will be able to be part of a distributed ad-hoc, federated, self-organizing broadband network. Running a mobile network will be less about installing large antennas and more about automating the management of distributed networks that get built on top of third-party owned equipment. In other words, once SDRs are cheap and commonplace, and can be found in all kinds of everyday devices, they can then be turned into the ultimate mesh network simply by tweaking their software. That avoids the current problem with mesh networks, which is that they are often hard to set up -- a barrier to their widespread use. These SDR-based networks would have another big advantage. Since they could potentially be on a huge scale, with multiple nodes in a single home, there is potential for obfuscatory routing of the kind used by Tor. Another interesting possibility is to build the ultra-cheap SDRs into drones, and use them as part of the ad-hoc mesh networks too. None of these approaches is guaranteed to stop the NSA and friends from spying on everyone, but they certainly offer the hope of making it considerably more difficult. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 16 days ago on techdirt
Earlier this year, we noted that the federal government was looking to further embrace open source software in its process of contracting out for (or creating in house) code. It released a draft policy which was good, though we hoped the final product would be much stronger (for example, it pushed for a portion of any code to be released under an open source license, but didn't consider that to be the default. I was also concerned about it allowing software developed by federal government employees to be locked up by a license -- something that I'm pretty sure is not allowed, since works created by federal government employees are automatically in the public domain. On Monday, the White House's Chief Intelligence Officer, Tony Scott, revealed the finalized official "Federal Source Code" policy, and you can read the whole thing. Because the original was posted to GitHub, you can also easily see what's changed. On top of that, as part of this, the government also launched a new site at code.gov, which will act as a repository for open source code from the government. Much of the focus of the policy, understandably, is on enabling reuse of code within the government, so that different agencies and departments aren't reinventing the wheel (and paying hundreds of millions of dollars) for projects that others are already working on. Lots of people and agencies weighed in on the draft proposal, including some interesting/surprising ones. Homeland Security, of all organizations, worried that simply pushing government agencies to release 20% of their software as open source, without understanding how that might be most useful to the wider community, would be a waste. It preferred pushing government agencies to refactor code into reusable modules, with a focus on what would be the most reusable. Others, like the Consumer Financial Protection Bureau favored (as I suggested) a default open source policy, rather than the 20% solution. Unfortunately, the plan sticks with this "pilot program" of only having to open source 20% of code, and how well that works will be evaluated over time. It appears to have "fixed" the problem of lumping in-house developed code into the policy (since that code is public domain) by now focusing the policy solely on custom developed code by third parties (at least that's my read on the new policy). While it's still disappointing that the policy didn't move to a "default to open source absent a compelling interest" standard, at least it didn't go in the other direction either. And that's in the face of complaints from the likes of the Software Alliance (a major Microsoft lobbying group) that whined about the need for such a policy in the first place. In the end, this looks like a good step forward. It could have gone much farther, but it's still a step in the right direction. Hopefully the pilot program will lead to even bigger steps towards embracing more open source (and public domain!) software.Permalink | Comments | Email This Story

Read More...
posted 16 days ago on techdirt
A recent decision by the Tenth Circuit Court of Appeals reaches two conclusions: one obvious, and one not quite so obvious. The defendant, Walter Ackerman, appealed the district court's denial of his motion to suppress evidence obtained through a warrantless search of his email. Unsurprisingly, the court finds [PDF] that the content of his emails are subject to Fourth Amendment protections. More surprisingly (and apparently to the government's complete surprise), it finds a private entity to be a government entity -- one unable to perform "private searches." (via FourthAmendment.com) First, some background. Ackerman's AOL email account was flagged by the service provider when messages containing hashes known to be related to child porn images were discovered. AOL turned over the flagged email to the National Center for Missing and Exploited Children (NCMEC) as it is required to do by federal statute. NCMEC is the clearinghouse for any suspected child porn discovered by ISPs and works directly with law enforcement to locate suspects. NCMEC is not a government entity. It is a nonprofit started and run (for the most part) by private citizens. However, it has additional duties imposed on it by Congress -- a total of "22 programs and services to assist law enforcement." The opinion details the close relationship NCMEC enjoys with the government, including the fact that 75% of its funding comes from the federal government and a number of government officials sit on its board. It also details the mandates Congress has handed to it, which require it to do exactly what it did in this case: confirm that flagged images were child porn and alert authorities. Here we know Congress statutorily required AOL to forward Mr. Ackerman’s email to NCMEC; Congress statutorily required NCMEC to maintain the CyberTipline to receive emails like Mr. Ackerman’s; Congress statutorily permitted NCMEC to review Mr. Ackerman’s email and attachments; and Congress statutorily required NCMEC to pass along a report about Mr. Ackerman’s activities to law enforcement authorities. All at the government’s expense and backed by threat of sanction should AOL have failed to cooperate. All with special dispensation, too, to NCMEC to possess and review contraband knowingly and intentionally. This comprehensive statutory structure seems more than enough to suggest both congressional knowledge of and acquiescence in the possibility that NCMEC would do exactly as it did here. NCMEC is also allowed to do something private citizens can't: retain and view child porn. While private citizens can come across child porn, preserve the evidence, and turn it over to law enforcement, they can't maintain a private database of images for cross reference like NCMEC does. The government tried to argue that NCMEC's search of email given to it by AOL was a "private search," and therefore not subject to the Fourth Amendment. Private searches can be performed by almost anyone and these searches can sometimes be duplicated by a government agency without the need for a warrant. AOL's hash-matching was a form of a private search, albeit a very cursory one that did not access the email's entire contents. It's somewhat the equivalent of a repair shop finding child porn while repairing a computer. In this case, AOL was required to give that information to NCMEC by federal law. NCMEC was required -- again by federal law -- to examine the images and determine the owner of the email account. It's the insertion of federal law -- along with several other factors -- that turns a private nonprofit into a government agent. If NCMEC had done nothing more than confirmed the single image hash matched hashes in its database, it likely would have steered clear of this issue. But it opened the email and accessed three other attached images. A government agent can duplicate a private search without implicating the Fourth Amendment, but it has to remain within the confines of the original search. NCMEC's search went further than AOL's "private search" -- which only confirmed that one image matched hashes in the child porn database. The government wanted to salvage the not-so-private search, but seemed completely confident that the appeals court would find in its favor. That's the only explanation for its lack of counterarguments when litigating on appeal. The appeals court, however, isn't obliged to make the government's arguments for it. In the face of so much law and evidence suggesting NCMEC qualifies as a governmental entity, the government offers almost no reply. In fact, its only response is to question whether the question is properly before us. [...] Seeing the void left by the government, NCMEC offers a number of substantive responses to Mr. Ackerman’s entity theory in its own amicus brief. But ours is a party-directed adversarial system and we normally limit ourselves to the arguments the parties before us choose to present. Amici briefs often serve valuable functions, but those functions don’t include presenting arguments forgone by the parties themselves or effectively and unilaterally expanding the word limits established by rule for a favored party. The NCMEC is a government entity for the purposes of investigating child porn tips. Even if it were to be considered a private entity, law enforcement would need a warrant to duplicate the searches it performs because NCMEC's investigative work goes beyond simply confirming hashes already flagged by ISPs. The government is not allowed to use private agencies to bypass warrant requirements. NCMEC can still do what it's statutorily required to do without violating the Fourth Amendment, but if law enforcement wishes to avail itself of the evidence the clearinghouse has obtained, it will need to obtain a warrant. The contents of the email accessed by NCMEC are protected by the Fourth Amendment. No one in this appeal disputes that an email is a “paper” or “effect” for Fourth Amendment purposes, a form of communication capable of storing all sorts of private and personal details, from correspondence to images, video or audio files, and so much more. [...] Given the uncertain status of Jacobsen after Jones, we cannot see how we might ignore Jones’s potential impact on our case. And its impact here seems even clearer than in Jacobsen. After all, we are not dealing with a governmental drug test that destroyed but a trace amount of potential contraband. We are dealing instead with the warrantless opening and examination of (presumptively) private correspondence that could have contained much besides potential contraband for all anyone knew. And that seems pretty clearly to qualify as exactly the type of trespass to chattels that the framers sought to prevent when they adopted the Fourth Amendment. [...] So it seems that, whether we analyze the “search” question through the lens of the government’s preferred authority — Jacobsen and Katz — or through the lens of the traditional trespass test suggested by Jones, they yield the same (and pretty intuitive) result: NCMEC conducted a “search” when it opened and examined Mr. Ackerman’s email. The court notes that this finding does not immediately preclude the government from successfully battling the suppression motion on remand. There are a host of questions not answered here, mainly because the government decided not to raise them. Surely hard questions remain to be resolved on remand, not least the question whether the third-party doctrine might preclude Mr. Ackerman’s claim to the Fourth Amendment’s application, a question the government has preserved and the district court and we have reserved. But about one thing we can be very certain. There can be no doubt that NCMEC does important work and that its work can continue without interruption. After all, it could be that the third-party doctrine will preclude motions to suppress like Mr. Ackerman’s. Or that changes in how reports are submitted or reviewed might allow NCMEC to access attachments with matching hash values directly, without reviewing email correspondence or other attachments with possibly private, noncontraband content — and in this way perhaps bring the government closer to a successful invocation of the private search doctrine. Or it may be possible that the government could cite exigent circumstances or attenuation doctrine or special needs doctrine or the good faith exception to excuse warrantless searches or avoid suppression in at least some cases. But, it goes on to state, this doesn't mean the government should continue to consider NCMEC as operating outside of the confines of the Fourth Amendment and using the nonprofit's statutory mandates to skirt warrant requirements. Given the nature of the NCMEC's investigative work, there should be little standing between law enforcement officers and the proper permission to view NCMEC's collected evidence. [E]ven if not a single one of these potential scenarios plays out — and we do not mean to prejudge any of them — we are confident that NCMEC’s law enforcement partners will struggle not at all to obtain warrants to open emails when the facts in hand suggest, as they surely did here, that a crime against a child has taken place. The case goes back to the lower court to discuss the defendant's motion to suppress. No evidence has been suppressed at this moment because the district court never gave Ackerman the opportunity to present a motion, due to its acceptance of the government's "private search" theory. It's certainly an interesting decision as there appears to be little precedent for this conclusion. The NCMEC has been an integral part in the fight against child pornography -- so much so that the federal government has drafted it into service, funds it, and sits on its board of directors. This close relationship has its benefits for the clearinghouse, but -- at least in this circuit -- it can no longer act on behalf of the government while simultaneously being used by the government as a "private" party for searches. Permalink | Comments | Email This Story

Read More...
posted 17 days ago on techdirt
Algorithms have become a powerful force in the world, but for all the impressive good they do, they sometimes show some worrying tendencies. Algorithms that discriminate are a problem that nobody's found a solution for yet. This week, we discuss why some algorithms appear to be racist, and whether there's anything that can be done about it. Follow the Techdirt Podcast on Soundcloud, subscribe via iTunes, or grab the RSS feed. You can also keep up with all the latest episodes right here on Techdirt. Permalink | Comments | Email This Story

Read More...
posted 17 days ago on techdirt
The first rule of science journalism is to read the study before you write about it. Alas, that hasn't stopped media outlets from routinely misreporting, exaggerating or exercising insufficient skepticism about scientific research, particularly in the service of clickbait headlines and extra views. A recent study from the American Journal of Epidemiology on whether the introduction of ridesharing has had an effect on alcohol-related crash fatalities was the latest victim of this kind of sloppy reporting. The Washington Post announced: "Is Uber reducing drunk driving? New study says no." CNN declared: "Uber doesn't decrease drunk driving, study says." Fortune writes: "A New Study Says Uber Has Had No Impact on Drunk Driving." Other outlets published similar stories. But alcohol-related fatalities are not the same thing as drunk driving rates. According to the National Highway Traffic Safety Administration, nearly 10,000 Americans die each year in crashes involving a drunken driver; about two-thirds of that total are the drunken drivers themselves. But according to the FBI's Uniform Crime Reporting Program, there are annually about 1.1 million arrests for driving under the influence, which itself is just a fraction of the Centers for Disease Control and Prevention's estimate of 121 million incidents each year in which intoxicated drivers aren't caught. Astoundingly, according to one analysis, drunk drivers average just one arrest per 27,000 miles driven while intoxicated. Ideally, society would like each of these three numbers to fall, but first, we must be able tell them apart. The AJE study's authors make clear that they "did not examine Uber's association with other traffic outcomes, including drunk driving incidences and nonfatal crashes." This leads one to the conclusion that these journalists – or at least, those writing the headlines – may not have actually read the study at all. When it comes to whether services like Uber and Lyft reduce drunk driving overall, logic suggests that more available and convenient transportation options likely would make it easier for many to plan a night out without getting behind the wheel, and reduce the incentives to drive under the influence. The CDC already lists taking a taxi as an important preventative measure and ridesharing options are usually cheaper and very often more convenient than getting a taxi. As these services increase in popularity – particularly among millennials, who both use ridesharing more and have a greater propensity to drive drunk – one would expect a corresponding decline in the number of DUI arrests and alcohol-related fatalities. There isn't much research on the subject, but most observations to date seem to support the supposition. A 2015 study published by Temple University's Fox School of Business concluded the introduction of UberX in California led to a reduction in the rate of motor-vehicles homicides per quarter of between 3.5 and 5.6 percent. Another study by Mothers Against Drunk Driving, in partnership with Uber, also looked at the introduction of UberX in California and found that alcohol-related crashes by drivers under age 30 fell 6.5 percent, or 59.21 fewer crashes per month. In June 2016, Providence College published a study which found that "DUIs are 15 to 62 percent lower after the entry of Uber" and the introduction of the service "is associated with a 6 percent decline in the fatal accident rate." More recently, when Uber and Lyft were pushed out of Austin, Texas, DUI arrests spiked by 7.5 percent. Given that background literature, it's important to note some significant limitations in the approach used by the AJE study's authors. They looked at data from 2005 to 2014 for the top 100 metropolitan statistical areas (MSAs) in which Uber has entered the market. Of course, in many of those MSAs, the company may be operating in the largest city or cities, but not across the whole metropolitan area. Also notable is that in most of the MSAs the study examines, Uber was introduced at some point in 2014, the same year the authors' data ends. Additionally, many of these jurisdictions also did not have friendly regulatory climates for ridesharing in the period the authors examined. Aside from California and Colorado, where state-level pre-emption laws were passed, most ridesharing regulation through 2014 was done at the city level. It was fairly common at the time for transportation network companies to have uncertain legal status and for jurisdictions to impose hostile regulations, issue cease and desist orders or hold sting operations to block Uber and Lyft from operating. Additionally, carpool services like UberPOOL and Lyft Line, which are significantly cheaper, had not yet become widely available. Today, ridesharing is cheaper, more popular and fully legal in most major cities. It also may not be that surprising the AJE study didn't line up with results from other research that focused on California. Uber was founded in San Francisco and launched there in 2009. Lyft launched in 2012. TNCs have been legal statewide in California since the California Public Utilities Commission's initial rulemaking in 2013. California is the oldest and probably strongest ridesharing market. If ridesharing has an effect on alcohol-related fatalities or drunk driving more generally, it would show up there first. In much of the rest of the country, ridesharing is not as well-established. According to Pew, as of December 2015, only 15 percent of U.S. adults had used a ridesharing service. Of those, only 17 percent reported they use it more than once or twice a month. In short, outside of millennials in major urban centers, ridesharing hasn't yet caught on in a big way. More research looking at more recent data is needed to better understand the effects of ridesharing on drunk driving rates. And with each new report, whatever its conclusion, one hopes science journalists will bring more care and a healthy skepticism to the table. In the meantime, this study alone isn't a compelling reason to dismiss other evidence supporting the positive effects of ridesharing on reducing drunk driving. Zach Graves is a senior fellow at the R Street Institute, a free market think tank based in Washington, DCPermalink | Comments | Email This Story

Read More...
posted 17 days ago on techdirt
As you may have heard, in an effort to refocus his Presidential campaign, this week, Donald Trump erased his original economic plan (literally, it just disappeared from his website) and launched a brand new plan with a speech in Detroit. The speech came across as a mishmash of semi-random ideas, pulled from whatever that crazy list of folks he's calling his advisors are these days. However, for the folks around here, what may be interesting is that this is really the first time I can recall Trump even mentioning intellectual property, and his entire summary of it is basically "China bad, we need more protection." At the center of my plan is trade enforcement with China. This alone could return millions of jobs into our country. They break the rules in every way imaginable. China engages in illegal export subsidies, prohibited currency manipulation, and rampant theft of intellectual property. They also have no real environmental or labor protections, further undercutting American workers. Just enforcing intellectual property rules alone could save millions of American jobs. According to the U.S. International Trade Commission, improved protection of America's intellectual property in China would produce more than 2 million more jobs right here in the United States. Add to that the saved jobs from cracking down on currency cheating and product dumping, and we will bring trillions of dollars in new wealth and wages back to the United States. These are kind of old and obsolete talking points. China has been ramping up its intellectual property enforcement over the past few years after many, many years of the US screaming about Chinese copycats. Except, as we've noted, our own government's shortsighted focus on "stopping IP theft in China" actually handed China a fantastic tool to enable on-the-sly protectionism against foreign companies. China has begun "respecting" intellectual property in the form of building up a massive patent portfolio and then suing foreign companies (mainly American) and winning. The trade deals that the US has been negotiating historically won't help stop that. They'll only encourage more of it. Of course, it's doubtful that Trump really cares about or understands the policy implications of this. I doubt he cares at all about intellectual property. This was just a new speech for him to give in an effort to refocus the campaign from the non-stop ridiculous comments last week to try to sound more serious this week and to pretend there's an actual plan. Of course, Hillary Clinton's intellectual property platform is a complete joke too, but it feels like War & Peace compared to what little Trump has said on the subject. And people wonder why our new t-shirt about the election is selling so well...Permalink | Comments | Email This Story

Read More...
posted 17 days ago on techdirt
Whether you're new to the kitchen or you're looking to spice things up with exciting, seasonal recipes, Blue Apron will deliver just what you need. It's simple - you'll get fresh, gourmet recipes and the highest quality, sustainably-sourced ingredients to bring them to life. The Blue Apron 3 Meals for 2 People delivers pre-portioned ingredients for 3 recipes to be cooked & enjoyed by 2 people delivered to your door, and it's on sale now for $27 (54% off) in the Techdirt Deals store. You can also select a family plan where you get enough for 2 recipes for four people for $35 (49% off). Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.Permalink | Comments | Email This Story

Read More...
posted 17 days ago on techdirt
While Comcast gets the lion's share of the public's loathing, there's an argument to be made for AT&T actually being a worse company. Think Comcast, but with slower broadband speeds, more dubious executive ethics, and an even greater disdain for its paying customers. In just the last few years AT&T has been: fined $18.6 million for helping rip off programs for the hearing impaired; fined $10.4 million for ripping off a program for low-income families; and fined $105 million for helping "crammers" by intentionally making such bogus charges more difficult to see on customer bills. In every instance AT&T was either busy ripping off customers directly, or turning a blind eye to fraud aimed directly at AT&T customers -- because in most instances AT&T got a cut of the profits. Fast forward to this week, when the FCC announced it would be fining AT&T another $7.7 million (pdf), this time for actively helping drug dealers rip off paying AT&T customers. According to the full FCC order (pdf), AT&T turned a blind eye to two bogus Cleveland companies, Discount Directory, Inc. (DDI) and Enhanced Telecommunications Services (ETS), which had been billing AT&T phone customers $9 per month for a "directory assistance service" that didn't actually exist. These bogus companies were originally only uncovered during a DEA drug investigation:"In May 2015, while investigating the Companies’ principals for drug-related crimes and money laundering, the United States Drug Enforcement Administration uncovered that DDI and ETS were sham operations that never provided any directory assistance service to the customers billed by AT&T. The Companies’ principals told law enforcement that they submitted fake service charges for thousands of AT&T customers (mostly small businesses) over a multiyear period."The complaint proceeds to suggest that AT&T was aware of these charges (as with previous cramming settlements), but turned a blind eye because it took a cut of each fraudulent charge:"Although it bore ultimate responsibility for the charges placed on its customers’ bills, AT&T never required proof from the Companies that they obtained customer authorizations to be billed for their service and the record shows that the Companies never obtained any such customer authorizations. In addition, AT&T ignored a number of red flags that the charges were unauthorized, including thousands of charges submitted by the Companies for nonexistent, disconnected, or otherwise “unbillable” accounts."As per the settlement, AT&T will issue $6,800,000 in refunds to all current and former consumers charged for the sham directory assistance service, and a $950,000 fine to the U.S. Treasury. AT&T's also been forced to cease billing for nearly all third-party products and services for wireline customers (now that few use wireline anyway), adopt policies requiring express informed consumer consent before such charges can be reapplied, and revise its billing systems so that such charges are easier to find. While these fines are puny and belated, keep in mind that until the last few years regulators did little to nothing whatsoever to hold larger telecom companies accountable for their role in perpetuating that kind of fraud -- making this a step up from the apathy of decades' past. Still, AT&T consistently gets to pay settlements that are likely only a small fraction of the money collected over the years, its lawyers and accountants already busy cooking up the fraudulent efforts we'll surely get to read about in 2022.Permalink | Comments | Email This Story

Read More...
posted 17 days ago on techdirt
Last month, we looked at the criminal complaint against the alleged operator of the torrent search engine Kickass Torrents (KAT) and raised a number of questions about the complaint. We noted that it appeared that the alleged operator, Arten Vaulin, was getting the "Megaupload treatment," as there were a number of similarities between the two cases and the legal leaps of logic employed by the Justice Department in making their case. Thus, it was little surprise that Ira Rothken, who has managed the legal efforts for Kim Dotcom/Megaupload, has now signed on to represent Vaulin as well. His first move, last week, was to send the DOJ a letter, asking it to drop the case. While I would imagine that the request resulted in some hearty laughter among DOJ lawyers, it does lay out some of the key arguments that Vaulin will likely make as the case moves forward. The key issue -- as we pointed out in our post -- and which is also true of the Dotcom/Megaupload case -- is that the DOJ appears to be making up a secondary liability for criminal infringement claim, which does not exist in the law. This alleged criminal copyright case arises out of an erroneous theory of criminal copyright law advanced by the United States that attempts to hold Artem Vaulin ("Defendant") criminally liable for the alleged infringing acts of KAT's search engine users. Discussion of Mr. Vaulin’s involvement in KAT shall await another day. Distilled down, in terms of technology, nothing more is alleged in the CC than that a visitor to defendants' alleged "KickAssTorrents" ("KAT") site can take advantage of automated search processes embodied there to search for and locate "dot torrent" files. Such files contain textual information assembled by automated processes and do NOT contain copyrighted content. After leaving the defendants' alleged websites, the visitor may stop and do nothing or use the data in such torrent files in conjunction with third party "client" software; and that pursuit may, according to the desires of the user and the uncertain nature of the availability of third party files on the internet, lead to both infringing and non-infringing files being constructed that are located elsewhere on the Internet. By the time any possible primary infringement by a former KAT visitor could ever occur the visit to the site is long over. The indictment does not even come close to alleging direct "willful" copyright infringement as KAT contains and transmits no content files. Defendants cannot be held criminally responsible for what users do after they leave the KAT search engine behind. The Copyright Act does not criminalize secondary copyright infringement.... The Criminal statute at issue namely Section 506 only imposes liability for direct, willful infringement that causes specific damages.... The government’s copyright conspiracy theory for similar reasons fails as a matter of law. Such a conspiracy theory is little more than a novel back door attempt to improperly argue judge made civil secondary infringement in a criminal case. Trying to hold KAT criminally responsible for the entire global BitTorrent network does not pass muster. Later, the letter points out how the failure of the complaint to point to any actual direct infringement shows just how weak the case is: The absence of allegations of specific unauthorized downloads or direct infringements in the complaint is not inadvertent: rather it is a side effect of how far removed defendant is from the potential infringing event and it is part of an improper criminal complaint that purports to impose presumptive criminal liability on a BitTorrent search engine for alleged offsite infringements. It is also a sign that the government is eager to improperly introduce concepts of judge made civil law into a criminal statutory analysis. The letter also notes that the Homeland Security Investigations agent who wrote the affidavit attached to the criminal complaint clearly did not understand how bittorrent works and completely misrepresented the technology in a way that unfairly represents how KAT and bittorrent actually work. For example: Paragraph 19 of the Affidavit inaccurately states: “Between on or about June 24, 2016, and on or about June 30, 2016, HSI Special Agents downloaded from the Northern District of Illinois the following prerelease movies from KAT (at Subject Domain 4).” There was no movie or other content on KAT that could ever be downloaded and therefore no direct infringements could have occurred on KAT.... Infringements that occur after users, including HSI Special Agents, leave the KAT site behind cannot be criminally actionable against KAT. The case by the DOJ also relies very heavily on the fact that the HSI investigator was able to find a torrent for a pre-release copy of Captain America: Civil War via a KAT search. The case needs this, because it's the only way it gets even remotely close to criminal copyright infringement (remember, there's a big difference between criminal and civil copyright infringement, and individuals downloading/uploading stuff won't cut it (especially if there's no money in it). The complaint tries to get around this by focusing (almost exclusively) on the Captain America pre-release, because there is criminal infringement for pre-release works. But, again, Rothken points out the problems with this argument: The only copyrighted work identified in Counts Three and Four is “Captain America: Civil War,” referenced in paragraph 19, discussed supra. There is no evidence to support the allegations as “Captain America: Civil War” or as to any specific work. The lack of evidence is not surprising given that the KAT technology did not store or transmit any content. If a user committed copyright infringement, it is only after they left the KAT servers behind. It is settled that liability for direct copyright infringement cannot be based on provision of information services to individuals that such individuals use to commit infringement. More specifically it is also well settled law that mere hyperlinks and their more attenuated cousin, torrent files, cannot constitute direct copyright infringement. In brief, because KAT did not copy anything or transmit content, it cannot be charged with direct copyright infringement. It also challenges the weird DOJ argument that KAT failed to comply with the DMCA notices it sent. As the letter points out, that's not a criminal offense. Alleged failures to comply with the conditions of a DMCA civil defense does not create a criminal cause of action. There is no Act of Congress establishing a crime for violations of the DMCA safe harbors. The DMCA is a defense in the civil context of contributory and vicarious liability for copyright infringement committed by third parties and of liability for intentionally inducing third parties to commit copyright infringement. The Government knowing that Judge made civil law for internet secondary copyright infringement could not be applied in the criminal statutory context is attempting to use the vague and novel theory of criminal “conspiracy” to try to argue it through a back door and such arguments fail as a matter of law. There is a scarcity of judicial opinions in contested criminal copyright cases that discuss how a criminal conspiracy theory could apply to mere internet hyperlinks or torrent files/trackers. The government by throwing against the wall the criminal conspiracy theory without any statutory support from Congress is trying to argue Judge made civil common law by analogy. Common-law civil liability principles cannot be extended to impose criminal liability. Crimes must be specifically defined by Congress. Federal crimes “are solely creatures of statute.” There are a few other points made in there, including laughing off the "conspiracy" claims, since the DOJ only named one person and can't legitimately argue a "conspiracy" between KAT's operator and its users. There are also jurisdictional questions about trying the case in Illinois (or under US law at all) and of course, the silliness of including a money laundering claim. There's basically zero chance that this leads to the DOJ dropping the case, but I imagine that much of this letter (perhaps verbatim) will show up in court before long...Permalink | Comments | Email This Story

Read More...