posted 13 days ago on techdirt
Some very interesting claims arose from oral arguments related to a case that has been kicked around the court system for a couple of years now. The case is People v. Golb, one that arose out of an extended disagreement between two college professors (Norman Golb of the University of Chicago and Lawrence Schiffman of NYU) over the origins of the Dead Sea Scrolls. One thing led to another… which then (inexplicably) led to Norman Golb's son, Raphael, creating more than 50 online aliases to create a ground swell of support for his father's views… which then (even more inexplicably) led to Raphael Golb impersonating Lawrence Schiffman (via email) in order to portray Schiffman as a plagiarist -- using Schiffman's own email address. It is this Golb the People have a problem with. (Even more inexplicably, this somehow also led to a lawyer claiming to represent Schiffman sending legal threats to bloggers who had covered the case, asserting that their "criminal postings" needed to be taken down immediately. Clifford A Rieders Esq. could not have picked a worst trio of bloggers to send baseless legal threats to: Scott Greenfield of Simple Justice, Eugene Volokh of the Volokh Conspiracy and Ken White of Popehat. Lessons were indubitably learned.) In January of 2013, the court found that the younger Golb's First Amendment rights had not been violated during his prosecution for impersonating Schiffman in order to discredit him. The pre-Washington Post version of Volokh Conspiracy covered the relevant parts of the decision. Defendant’s convictions arise out of his use of emails to impersonate actual persons. Nothing in this prosecution, or in the court’s jury charge, violated defendant’s First Amendment or other constitutional rights… Among other things, defendant sent emails in which one of his father’s rivals purportedly admitted to acts of plagiarism… Defendant was not prosecuted for the content of any of the emails, but only for giving the false impression that his victims were the actual authors of the emails. The First Amendment protects the right to criticize another person, but it does not permit anyone to give an intentionally false impression that the source of the message is that other person (see SMJ Group, Inc. v 417 Lafayette Restaurant LLC, 439 F Supp 2d 281 (SD NY 2006]). This decision is now being appealed, and the Volokh Conspiracy (Beltway Edition) is again on the scene, pointing out how the prosecutor is pushing for a very broad reading of relevant statutes -- something that will be of concern to anyone who might say something offensive via the internet. I’ve blogged before about the danger of criminal harassment laws, when they are extended beyond offensive speech to one particular unwilling person — the traditional telephone harassment example — and apply instead to speech about a person. (See posts here and here, as well as this law review article, which starts by concrete examples of how such laws have been used.) And the prosecutor’s statement in this argument helps illustrate just how broadly prosecutors can read such laws. Eugene Volokh quotes part of the oral arguments presented April 2nd. Here's the lead-up and the relevant quote, both of which highlight the prosecutor's (Vincent Rivellese) ridiculous stance, as well as the judges' incredulity at what's being claimed. CHIEF JUDGE LIPPMAN: Is this aggravated harassment or is this just annoying behavior? MR. RIVELLESE: Well, it's both, that's for sure. What's the - - - CHIEF JUDGE LIPPMAN: Well, but is it technically a crime? Can it be in this kind of - - - MR. RIVELLESE: Yes. CHIEF JUDGE LIPPMAN: Isn't that a little bit overbroad? MR. RIVELLESE: No. CHIEF JUDGE LIPPMAN: No? Go ahead. Why not? MR. RIVELLESE: This - - - this is the closest argument obviously in the case, but the aggravated harassment involves an intent to harass, annoy or alarm, and it's - - - it's got an intent that's required. It's also got the likelihood of harassing or alarming the recipients or the victims. It's also got - - - JUDGE SMITH: If I - - - if I ask you a question that I expect to be an annoying question, and is likely to be an annoying question, am I committing a misdemeanor by asking the question? MR. RIVELLESE: No, because there's no writing. The aggravated harassment - - - JUDGE SMITH: Oh, but - - - oh, but if I submitted the question in writing, it would be a misdemeanor? MR. RIVELLESE: Well, if - - - if you conveyed to somebody. So if you e-mailed somebody or you wrote a letter - - - JUDGE SMITH: Really? Really? The delineation is obviously foggy if saying something is no crime, but writing it down is. Further on: JUDGE SMITH: If I e-mail someone an annoying question, I get a year? MR. RIVELLESE: Well, it has to be likely to annoy, harass, or alarm - - - CHIEF JUDGE LIPPMAN: So if Judge Smith put what he's asking you now in writing, this is a crime? MR. RIVELLESE: I'm not annoyed. I'm not annoyed. So I'm fine. CHIEF JUDGE LIPPMAN: Oh, okay, you're not annoyed. Okay. It might have been mis - - - JUDGE SMITH: Give me - - - give me time. MR. RIVELLESE: The proper discussion - - - JUDGE ABDUS-SALAAM: Counsel, is it that subjective that the person who receives the question has to feel that it's annoying? MR. RIVELLESE: Well, no, it is - - - it's reasonableness. JUDGE ABDUS-SALAAM: It has to have an objective right. So it would appear. Objective but not subjective, but in this case, with the impersonation of another person, Rivellese seems to feel that it's actually more a subjective problem, especially when it's not even the victim who's being directly targeted. And the "intent to annoy and alarm" exception to the First Amendment should be enforced even if the speech is about a person rather than directed at a person. JUDGE PIGOTT: But as a third - - - you're saying there can be a third-party aggravated harassment. MR. RIVELLESE: Yes, if still - - - there's still an intended victim. JUDGE PIGOTT: So if - - - well, that's I - - - you get - - - you get three college kids - - - you get some college kid who write - - - who e-mails the girlfriend of his roommate saying, you know, he really is a useless person. Is that aggravated harassment with respect to the victim, boyfriend/roommate? MR. RIVELLESE: Yes, because it's got - - - JUDGE PIGOTT: Really? MR. RIVELLESE: It meets all the elements. It does not require that the person that you send the communication to is the same person that you intend to harass, annoy and alarm. This is what alarms Volokh. The narrow targeting of the First Amendment exceptions are being broadly read by prosecutors. This is the sort of expansion -- one that pushes behavior normally subject only to civil actions into criminal territory -- that invariably makes its way into newly-crafted laws targeting online behavior. Here's what Volokh originally said about the decision that's now being appealed. Intentionally trying to make others believe that someone did something (write an e-mail) that he did not inflicts specific harm on that other person, whether by harming his reputation or at least by making others think that he believes something that he doesn’t (which will often be civilly actionable under the false light tort). To be sure, that usually leads to civil liability, but nothing in the Court’s decision suggests that criminal liability in such cases is impermissible, especially when the law is limited to relatively clearly identifiable falsehoods, such as falsely claiming to be someone you are not. That's much more limited than what the prosecutor's arguing. His argument removes the limitations (falsehoods and false impersonation) and suggests that nearly any attempt to harass or annoy someone is a criminal offense. This is on top of his claim that there's a clear delineation between oral and written speech, with the latter being the more "criminal" of the two. It's this sort of broad reading that makes nearly every new cyberbullying/harassment law a handy new tool to criminalize a vast swath of online behavior. Permalink | Comments | Email This Story

Read More...
posted 13 days ago on techdirt
No entity highlights the ridiculous amount of bureaucratic inefficiency and ineptitude of government agencies better than the Government Accountability Office (GAO). Its reports are loaded with the sort of damning evidence that would lead those unfamiliar with how government actually works to assume that heads will be rolling. In reality, the agencies investigated by the GAO soldier on from scathing report to scathing report with little to no sign of improvement. Tom Coburn, a long-time combatant of government waste and fraud who publishes a yearly report exposing the worst of worst in terms of senseless government spending (the "Wastebook") is now using the GAO's own words to craft a bill targeting the money pit that is the National Technical Information Service (NTIS). Here's the leadup: (3) NTIS is tasked with collecting and distributing government-funded scientific, technical, engineering, and business-related information and reports. (4) GAO found that NTIS sold only 8 percent of the 2,500,000 reports in its collection between 1995 and 2000. (5) A November 2012 GAO review of NTIS made the following conclusions: (A) 'Of the reports added to NTIS's repository during fiscal years 1990 through 2011, GAO estimates that approximately 74 percent were readily available from other public sources.' (B) 'These reports were often available either from the issuing organization's website, the Federal Internet portal (http://www.USA.gov) or from another source located through a web search.' (C) 'The source that most often had the report [GAO] was searching for was another website located through http://www.Google.com.' (D) '95 percent of the reports available from sources other than NTIS were available free of charge.' (6) No Federal agency should use taxpayer dollars to purchase a report from the National Technical Information Service that is available through the Internet for free. And here's the punchline: SECTION 1. SHORT TITLE. This Act may be cited as the 'Let Me Google That For You Act.' Someone had fun cranking out this "Short Title." As the bill points out, it was suggested by the Secretary of Commerce in 1999 that the NTIS would eventually outlive its usefulness. According to the GAO's 2012 findings, that sell-by date was reached more than a decade ago. NTIS product expenditures exceeded revenues for 10 out of the past 11 fiscal years. The "Let Me Google That For You" Act calls for the repeal of the 1988 National Technical Information Act and the disbandment of the agency itself, with the redistribution of whichever of its duties are still deemed essential to the Commerce Department. It's not often you get the chance to watch an extraneous government agency be put down and even rarer still under a snarky, incisive, short title. This is for the best. As we've seen all too frequently, time marches on, swiftly distancing itself from the glacial pace of government innovation. Permalink | Comments | Email This Story

Read More...
posted 13 days ago on techdirt
The DOJ, via its Deputy Assistant Attorney General, has sent a memo to FISC Judge Reggie Walton, informing him of just how compliant the agency has been during the last couple of months as conflicting orders over the retention of bulk record data went flying as a result of multiple BR-related lawsuits. The DOJ, speaking for the NSA and FBI (who actually collect the collections), went from one court to the other (the Northern District Court of California and the FISA Court), trying to figure out whether it would be destroying aged-off data or holding onto it. It was hard to discern which route the DOJ preferred to take, but FISA Judge Walton managed to sniff out the agency's true intentions, calling them out for not only failing to inform the FISA court of standing retention orders but also attempting to talk the involved plaintiffs from passing this information along to the involved courts. Given these actions, it would appear the DOJ preferred to dump the data rather than have it actually appear in court as evidence. But Judge Walton, along with the district court, prevented that. The DOJ's letter to Judge Walton conveniently glosses over its misconduct, instead portraying the agency as a conscientious party doing the best it could under the circumstances. The DOJ's letter notes that it managed to restrain itself from destroying any aged-off data while waiting for the conflicting orders to be settled (March 5 - March 12), which means the BR data still has a chance to be used in court. According to the letter, this retained data is being held separately from the rest of the bulk collections, which means it can't be accessed by analysts searching the metadata. Supposedly, the NSA will only be allowed to peek in on the retained data to verify it's all still present and accounted for. While this sort of hi-gloss portrayal is to be expected from an agency that probably still believes it did nothing wrong, it's rather audacious of the DOJ to attempt to pass this narrative off to the same judge that called it out for misleading the FISA court and attempting to bury plaintiffs' concerns. Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
One of the great unwritten rules of parenthood is that the right to name your offspring should be treated as a privilege. The temptation is to give the child a "unique" name that sets him or her as far apart for his/her eventual peers as humanly possible, thus living up to the common parental delusion that each child is its own special flower, unlike the millions born before it or after it. Unfortunately, a "unique" name is often just an unwieldy name, if not simply embarrassing. And the unlucky child has to bear that clumsy moniker until he or she hits the legal paperwork-filing age and changes it to something that won't trigger an inadvertent laugh from college staff and potential employers. The intervening years will pass excruciatingly slowly as the child awkwardly orbits his peers like a gatecrasher at a menage a trois, trying desperately to find somewhere to fit in. This is generally made worse by the "unique" parents, who somehow view intense shunning as more "evidence" of their child's one-in-a-million qualities. This unwritten rule holds true even if (or especially if) the abusive-by-proxy moniker holds some deep and special meaning to the parent attempting to sabotage their child's future before the ink on the birth certificate is dry. Hajar Hamalaw wanted to name his son, who was born on March 14th, after the online whistleblowing platform as it “changed the world”, the Passauer Neue Presse reported. But the 28-year-old failed to get the name past authorities in Passau, Bavaria. Hamalaw's heart is in the right place, at least in terms of having a decent reason to name his new child "Wikileaks." But first he had to convince local officials, which went just about as well as could be expected from any place where newborns' names get run past local officials. But Wikileaks did not make it onto the birth certificate. "The registrar said that this was not a first name. He thought it was a series or TV show," said Hamalaw. Beyond the out-of-touch registrar, there's another rule on the books that keeps Passau parents from saddling their offspring with ridiculous names. A spokesperson for the town of Passau said the decision by the registry office was based on legal rulings which state a child’s name should not be granted if it could endanger their welfare. I don't agree that any government entity should keep you from naming your child whatever you want, but if you're going to have a stupid rule like this, at least have one that looks out for the child's best interests. When "Dako" (the "Plan B" name, apparently) hits legal age, he'll have the option to change his name to "Wikileaks" or "Full Metal Havok More Sexy N Intelligent Than Spock And All The Superheroes Combined With Frostnova" if he'd like and no one, not even a person who thinks "Wikileaks" went downhill after its third season, will be able to stop him. But until then, he's got several years of pre- and post-pubescent awkwardness to live through that will have nothing at all to do with his father's love for leaked documents. Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
Professional wrestling league, the WWE, is truly a lesson in paradoxes. A theatrical production presented as an athletic competition sets the stage for a business that at times can't quite seem to figure out exactly how it wants to behave. On the one hand, you have their plan to embrace a streaming product that leaves much of the rest of the "sporting" world to shame. On the other hand, WWE executives have been known to protect their intellectual property on a level bordering insanity. In this latest story, executives for WWE seem to be channeling one of their in-the-ring evil personas, in which they pretend to offer up an apology to a streaming site operator all in an attempt to sneak his identity and contact information from him. It all starts with battling a website designed to bring wrestling fans the streaming they wanted (note: this was before WWE offered its own streaming service): During March 2013, Facebook said that WWE Intellectual Property Director Matthew Winterroth was behind the closure of a page operated by Wrestling-Network, a site offering links to WWE streams and shows. Wrestling-Network operator ‘BeBe’ was told by the social network that he would need to contact the lawyer directly to solve the dispute. BeBe decided to quit Facebook and moved to Twitter instead, but by the summer WWE had raised its head again, this time after PayPal disabled an account used for the site’s finances. BeBe says that in October WWE sent a takedown notice to Cloudflare, who handed over the details of the site’s actual host. For a few months things went calm, but last week all that changed. PayPal closed the site’s new account which had been opened by a third-party, and Facebook shutdown Wrestling-Network’s new page and BeBe’s personal page while they were at it. It's a story that feels as old as the bible these days. Guy runs sites pointing to links of illegitimate streams, content producer works to take the site down, cat-and-mouse game commences. Now, we could have a long discussion about how links aren't themselves infringement, about how WWE could (and it appears eventually did) offer a competing legitimate service, and all the rest. This isn't that post, however, because it was around this time that things got a bit strange. BeBe did as he was asked and reached out to the WWE to resolve the issue. In his communique, he offered up only his handle and his email address. Winterroth responded to BeBe, suggesting the takedown of his site may have been a mistake. It seems unlikely Winterroth was being honest about this, since he was the one named in the takedowns. Stranger, a follow-up email from Winterroth requested BeBe's real name and address, promising a WWE giftbag and an apology for taking down the sites. BeBe wasn't taking. “I mean, I heard a long time ago about a case where in order to arrest them on US territory, some guys were attracted to the USA by undercover FBI agents who promised them money and girls, but a gift bag from WWE? Really? He could at least given me some WrestleMania tickets.” BeBe says he politely declined the offer. Winterroth's response had, shall we say, a slightly different tone. He tells BeBe he's tracked him down to Romania and promises to send the blackshirts over for a visit. “Should you not shut down the website and agree not to infringe WWE intellectual property in the future in an immediate fashion, WWE will continue to work with our counsel in Romania, as well as the relevant legal authorities, including the Ministry of Internal Affairs/Bucharest City Police and Romanian National Audiovisual Council on our ongoing criminal complaint against you.” What followed were demands for BeBe to hand over his domain but with tempers beginning to fray, that seemed unlikely. From there, the exchanges devolved, on both sides, into threats from the WWE and BeBe's sophomoric attempts to remind Winterroth that Romania is actually a country outside of the United States, where US copyright law is as applicable as federal payroll taxes. Nobody comes out clean in the exchange, with both sides behaving like children. Which is the entire point: if I can't tell the difference between a guy running a streaming-links site and the counsel for a multi-milliion dollar entertainment business, we have a problem. Also, false apologies and underhanded attempts to sneak contact information out of a guy who is just running a site linking to what might be legitimate targets for corporate counsel make everyone look oily. Finally, this seems like an awful lot of energy to spend on this situation, particularly when the release of a real damned streaming product to compete with the "pirates" was just around the corner. So, for all that work, Winterroth likely gets nothing other than a single link site taken down, while the folks putting together the streaming site actually work to make the company more money. It makes one wonder which side is getting the higher pay in this equation. Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
There are a lot of myths and aphorisms about the passage of time. A watched kettle never boils. Time flies when you're having fun. However, these observations could lead to some important discoveries about human psychology and how our brains perceive and remember various events in our lives. Does "proportionality theory" really explain why 8yo kids and 80yo senior citizens judge time differently? Here are just a few links on the topic of time. Does the perception of time really speed up as you get older? It depends on the time frame -- days and weeks may pass at a normal speed, but it's the years that seem to fly by. [url] The perception of time passing can be changed by emotions (fear seems to slow time down), disrupted routines and new experiences. Also, drugs that affect dopamine function in the brain (eg. Ritalin, Adderall and anti-psychotic drugs) can speed up or slow down how a person perceives time. [url] If the maximum sentence for criminals is life in prison, could we make the punishment worse by giving inmates drugs that make the time seem to pass more slowly? Obviously, there are some serious ethical questions about customizing punishments with technology, but it's an issue that should be debated as medicine comes up with ever more ways to extend human lifespans. [url] If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
It's not too surprising that one of the first questions many people have been asking about the Heartbleed vulnerability in OpenSSL is whether or not it was a backdoor placed there by intelligence agencies (or other malicious parties). And, even if that wasn't the case, a separate question is whether or not intelligence agencies found the bug earlier and have been exploiting it. So far, the evidence is inconclusive at best -- and part of the problem is that, in many cases, it would be impossible to go back and figure it out. The guy who introduced the flaw, Robin Seggelmann, seems rather embarrassed about the whole thing but insists it was an honest mistake: Mr Seggelmann, of Munster in Germany, said the bug which introduced the flaw was "unfortunately" missed by him and a reviewer when it was introduced into the open source OpenSSL encryption protocol over two years ago. "I was working on improving OpenSSL and submitted numerous bug fixes and added new features," he said. "In one of the new features, unfortunately, I missed validating a variable containing a length." After he submitted the code, a reviewer "apparently also didn’t notice the missing validation", Mr Seggelmann said, "so the error made its way from the development branch into the released version." Logs show that reviewer was Dr Stephen Henson. Mr Seggelmann said the error he introduced was "quite trivial", but acknowledged that its impact was "severe". Later in that same interview, he insists he has no association with intelligence agencies, and also notes that it is "entirely possible" that intelligence agencies had discovered the bug and had made use of it. Another oddity in all of this is that, even though the flaw itself was introduced two years ago, two separate individuals appear to have discovered it on the exact same day. Vocativ, which has a great story giving the behind the scenes on the discovery by Codenomicon, mentions the following in passing: Unbeknownst to Chartier, a little-known security researcher at Google, Neel Mehta, had discovered and reported the OpenSSL bug on the same day. Considering the bug had actually existed since March 2012, the odds of the two research teams, working independently, finding and reporting the bug at the same time was highly surprising. Highly surprising. But not necessarily indicative of anything. It could be a crazy coincidence. Kim Zetter, over at Wired explores the "did the NSA know about Heartbleed" angle, and points out accurately that while the bug is catastrophic in many ways, what it's not good for is targeting specific accounts. The whole issue with Heartbleed is that it "bleeds" chunks of memory that are on the server. It's effectively a giant crapshoot as to what you get when you exploit it. Yes, it bleeds all sorts of things: including usernames, passwords, private keys, credit card numbers and the like -- but you never quite know what you'll get, which makes it potentially less useful for intelligence agencies. As that Wired article notes, at best, using the Heartbleed exploit would be "very inefficient" for the NSA. But that doesn't mean there aren't reasons to be fairly concerned. Peter Eckersley, over at EFF, has tracked down at least one potentially scary example that may very well be someone exploiting Heartbleed back in November of last year. It's not definitive, but it is worth exploring further. The second log seems much more troubling. We have spoken to Ars Technica's second source, Terrence Koeman, who reports finding some inbound packets, immediately following the setup and termination of a normal handshake, containing another Client Hello message followed by the TCP payload bytes 18 03 02 00 03 01 40 00 in ingress packet logs from November 2013. These bytes are a TLS Heartbeat with contradictory length fields, and are the same as those in the widely circulated proof-of-concept exploit. Koeman's logs had been stored on magnetic tape in a vault. The source IP addresses for the attack were 193.104.110.12 and 193.104.110.20. Interestingly, those two IP addresses appear to be part of a larger botnet that has been systematically attempting to record most or all of the conversations on Freenode and a number of other IRC networks. This is an activity that makes a little more sense for intelligence agencies than for commercial or lifestyle malware developers. EFF is asking people to try to replicate Koeman's findings, while also looking for any other possible evidence of Heartbleed exploits being used in the wild. As it stands now, there doesn't seem to be any conclusive evidence that it was used -- but that doesn't mean it wasn't being used. After all, it's been known that the NSA has a specific program designed to subvert SSL, so there's a decent chance that someone in the NSA could have discovered this bug earlier, and rather than doing its job and helping to protect the security of the internet, chose to use it to its own advantage first.Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
Swedish ISP Bahnhof has long been a supporter of keeping its customers' data private. Five years ago, we wrote about its decision to delete user log files to avoid having to rat out users under Sweden's draconian IPRED law (which required ISPs to hand over info on users accused of copyright infringement). However, various data retention laws were put in place to stop that sort of thing two years ago. So, it's not too surprising that following the ruling this week in the EU Court of Justice that found the EU's data retention directive invalid, that the ISP has acted swiftly to delete all user records and to cease collecting and retaining any more information. After the decision in the European Court of Justice on Tuesday, the internet service provider Bahnhof decided to delete the records and to stop retaining the data with immediate effect. That said, it may be a bit hasty for Bahnhof to have done this. As many people noted in response to the EU Court of Justice ruling, it was only ruling on the EU directive itself, and didn't directly apply to various laws passed in different countries to comply with that directive. Technically, those laws still apply -- and Swedish Justice Minister Beatrice Ask seems to imply that Bahnhof's decision broke the law. But the minister is not pleased about Bahnhof's decision to stop all data retention immediately. "Swedish law still applies. It is not the case that you can start applying other conditions straight away. But of course we need to quickly consider what the consequences are so that everybody can get the right information," she said. Still, it's nice to see Bahnhof, once again, make it clear that it doesn't want to be the custodian of information for law enforcement.Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
So, we already wrote about Comcast's attempted charm offensive (built on blatant falsehoods) as part of its effort to get its merger with Time Warner Cable approved. We also wrote about Comcast cruising to an easy victory in Consumerist's famed 'Worst Company' awards (beating out the comic book and sci-fi level evil in Monsanto). So, in reading through Comcast's filing with the FCC about why its merger is in the "public interest," I found it curious that Comcast decided to ignore the Consumerist award, and instead focus on an award suggesting something entirely different: By investing heavily in talent, research and development, and in the infrastructure needed to facilitate creativity and invention, Comcast has created a culture of innovation. Comcast now employs over 1,000 engineers and developers, and vigorously competes for new engineering talent with the likes of Google, Apple, Facebook, Netflix, Microsoft, and Twitter. Its single-minded focus on enhancing its services and pursuing innovation have earned it first place among cable and satellite providers on Fortune Magazine’s list of World’s Most Admired Companies – up from third place. I live in Silicon Valley and talk to engineers all the time. I hear about various job offers and dream jobs, and people talking about working for Google, Apple, Facebook, Netflix, Microsoft, Twitter (and a few other companies as well). I've never, ever, heard anyone even once thinking about working for Comcast. Of course, it is true that Fortune put Comcast on its list, but note the small caveat that this is solely in the "cable and satellite providers" category which (no joke) consists of a total of four whole companies -- and one of them (ranked the lowest, by the way) is Time Warner Cable. Even more important? The bit that Comcast conveniently leaves out of this message is the line right above its rank in that narrow category. And that's its overall rank: Top 50 rank: N.A. Rank in Telecommunications: Cable and Satellite Providers: 1 In other words, Comcast is not in the top 50 "most admired" companies. It only scores in this narrow category with only a very small number of companies, where almost every other company is hated. Now, if we look at the companies that are actually at the very top of the real "Most Admired" list, we'll see: Apple, Amazon and Google in the top three spots. Microsoft (24) and Facebook (38) come in a bit lower. Hell, even AT&T (not a cable or satellite provider) sneaks its way into the top 50 most admired companies at number 50. So, once again, Comcast's attempts to mislead just call out more scrutiny on the fact that the company seems allergic to honesty. Even in trying to highlight how "admired" the company is, it's actually calling attention to the simple fact that it's not admired at all.Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
When I become king of America, I can assure you that anything resembling publicity rights will be stricken from the legal record. We've seen entirely too much craziness recently over these laws that appear to create something of a VIP class citizenry. But while even the typical ownership culture insanity usually has an inkling of logic to it, Katherine Heigl suing a drugstore for six million dollars simply for tweeting a photo of the actress shopping there is a whole new level of protectionism. It's a form of publicity rights gone insane yet again, after Duane Reade tweeted and Facebook-ed a paparazzi photo of Heigl walking out of a Duane Reade, carrying some bags of whatever she had just purchased. Heigl, the star of the films "The Ugly Truth" and "Life as We Know It" and a best supporting actress Emmy winner for "Grey's Anatomy," filed the lawsuit on Wednesday in New York federal court. The complaint said she was photographed in March near a Duane Reade store in New York while filming a new television series. Duane Reade posted the photo on its Twitter and Facebook account with captions advertising the store without her approval, the complaint said. The 15-page lawsuit cited a tweet that Heigl claimed Duane Reade posted last month. "Love a quick #DuaneReade run? Even @KatieHeigl can't resist shopping #NYC's favorite drugstore," it said. Now, we should all know by now that New York's publicity rights laws resemble something a dictator might have put together, strictly governing what the little people can do with images of the important folks. That said, Duane Reade may have a pretty strong defense in that the photo was an accurate representation of a thing that happened. A picture is worth a thousand words, as they say, and all this picture is saying is "Heigl shopped at our drugstore and, hey, here's some photo evidence to prove it." In fact, Duane Reade seems confident enough in its position that, as of writing this, the tweet is still up. This is unlike some other publicity cases we've seen, such as when local grocery stores in Chicago congratulated Michael Jordan with an ad campaign, or the misinterpreted representation of celebrities in video games. This is a picture of something that happened represented over social media. At some point, it has to raise certain First Amendment issues about the broadness of various state publicity rights laws, when such laws can be used to prevent someone from accurately describing factual information. Yes, the point of publicity rights laws is to prevent companies from creating a false endorsement of a product, but is accurately describing the fact that someone shops at a store really a false endorsement? On top of the publicity rights claim, Heigl claims that this is a form of "false advertising," but one could reasonably argue that (a) it's not false and (b) it's not advertising. The latter claim may be a little trickier, but where is the line between an advertisement, and some social media jockey at Duane Reade just tweeting out a photo. That line may become... very important to the outcome of this particular lawsuit. But Heigl wants you to know she's not some kind of greedy monster: The complaint said Heigl intends to donate all proceeds from the lawsuit to The Jason Debus Heigl Foundation, which was established in 2008 after her brother was killed in a car accident. You're not fooling anyone. This is an ego-driven abuse of the legal system. Or, it would be, if publicity rights weren't opening the door to a whole new level of ownership culture insanity, where merely tweeting a picture of a thing that happened suddenly became actionable. Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
Dropbox is probably the most well-known of the cloud storage providers out there, and it's angling for an IPO. As such, it recently made some changes in its management, including a bit of news that is getting a fair bit of attention: adding Condoleeza Rice to its board. Rice's consulting firm has apparently been advising the company for the past year, and the announcement says that the former Secretary of State will help Dropbox navigate "international expansion and privacy" issues. While she's certainly qualified to help with international issues, it's the privacy issues that are raising significant concern among many. “As a country, we are having a great national conversation and debate about exactly how to manage privacy concerns,” Rice says about her new position. “I look forward to helping Dropbox navigate it.” Except, of course, a big part of that "great national conversation" are revelations that involve warrantless spying -- and Rice was a big part of enabling that warrantless spying. When she was Secretary of State, she defended the warrantless wiretapping program by saying: Secretary of State Condoleezza Rice defended Bush's actions, telling "Fox News Sunday" the president had authorized the National Security Agency "to collect information on a limited number of people with connections to al Qaeda." Except, as we've learned from various leaks since then, the definitions that were used of "limited" and "connections to al Qaeda" in the sentence above are not the same definitions most English speakers would use. The program was not very limited and the necessary connections were barely present. Besides, to this day, no one has given a reasonable explanation for why a warrant shouldn't be used in such situations anyway. If there really are a limited number of people they want info on who have connections to al Qaeda, getting a warrant should be easy enough. Furthermore, Rice also authorized the NSA to spy on the UN Security Council to find out what they were thinking about the US going to war in Iraq back in 2003. President Bush and other top officials in his administration used the National Security Agency to secretly wiretap the home and office telephones and monitor private email accounts of members of the United Nations Security Council in early 2003 to determine how foreign delegates would vote on a U.N. resolution that paved the way for the U.S.-led war in Iraq, NSA documents show. Two former NSA officials familiar with the agency's campaign to spy on U.N. members say then-National Security Adviser Condoleezza Rice authorized the plan at the request of President Bush, who wanted to know how delegates were going to vote. Rice did not immediately return a call for comment. As for Dropbox, there have certainly been quite a few concerns about how private your data is on the site. When the first slides about PRISM came out, it was noted that Dropbox was about to become a part of the program. And while the fears about PRISM are greatly overstated, Dropbox has been fighting against public perception over this for some time. Dropbox's CEO, Drew Houston, spoke out against the NSA's efforts at the State of the Net conference back in January, and the company recently changed its privacy policies to address concerns about NSA spying. The company has also taken a strong stand saying that it will protect users' data against blanket government requests and backdoors. Those were all good moves, that should have calmed many people's fears -- but to then appoint Rice to the board, and have her handling "privacy" issues basically blasts a major hole in that. I'm less inclined than some to simply assume this means bad things for Dropbox's privacy efforts in general. But from a public perception standpoint, this move does come across as exceptionally tone deaf by Dropbox. People are already raising concerns, and a basic Twitter search shows a bunch of people both raising concerns and looking for alternatives to Dropbox. And, of course, someone has already set up an entire website about why people should drop Dropbox over this move. At a time when people around the globe are increasingly worried about American tech firms having too close a connection to the intelligence community, a move like this seems like a huge public relations disaster. While Rice may be perfectly qualified to hold the role and to help Dropbox with the issues it needs help with, it's hard not to believe that there would be others with less baggage who could handle the job just as well.Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
Yahoo Tech has an interesting column about an "art project" in Germany, where a bunch of folks are printing out 250,000 academic papers from JSTOR, which they're describing as the JSTOR Pirate Headquarters. Of course, as I'm sure you know, JSTOR -- the somewhat controversial organization that hosts thousands of academic articles behind a massively high paywall -- was a central player in the Aaron Swartz saga. It was JSTOR's collection that Aaron was caught downloading, though it was never entirely clear what he was going to do with it. Soon after Aaron's arrest, a guy by the name of Greg Maxwell got some attention by releasing 33GB of JSTOR scientific papers to the Pirate Bay. While he's considered doing so before, he had held off out of concern for how JSTOR might react. But the simple fact was that all of the papers he released were public domain papers, meaning that JSTOR would have no right to complain. In fact, a few months later, JSTOR itself agreed to make all its public domain materials free. JSTOR freely admits that Maxwell's decision influenced the move, but that they had been planning to do something like this anyway. So, back to Germany and the "JSTOR Pirate Headquarters." As the Yahoo story notes, the folks there were inspired by the Swartz story to try to create some sort of civil disobedience act, with the initial plan being to print out the documents Swartz downloaded -- but, of course, that database has long since gone away. Instead, they found Maxwell's torrent, and decided to print that out. The problem is that throughout the story, everyone seems to pretend that this is some sort of illegal act of piracy. Beyond the fact that they call it the JSTOR Pirate Headquarters, the article by Rob Walker opens this way: For several days now, five printers in Düsseldorf, Germany, have been pumping out illegally-downloaded articles from JSTOR, the digital library of academic journals. Except, they're not illegally downloaded. They're public domain, which makes them perfectly legal to download. Then Walker claims: If you’re in the area, you can stop by and browse this stuff – which would cost you something like $353,229 to buy from JSTOR itself. Except that's not true either, because JSTOR made the same documents free. And it appears the guy behind the project doesn't realize this either: The JSTOR Pirate Headquarters, then, exists partly as a tribute to Swartz, and partly as a provocation, explains its overseer, the artist and poet Kenneth Goldsmith. The material being printed consists of “arcane scientific papers that are hundreds of years out of copyright,” he tells me via email. “Yet JSTOR is firewalling & profiting from this stuff, which should be available to everyone at no cost.” Again, those works have already been freed, legally, both by Maxwell and by JSTOR. So while this protest may have some symbolic value, to claim that these works are locked up and that this is some sort of illegal activity is just wrong. Later in the article, they discuss the possibility that JSTOR might do something: There has been, to date, no word from JSTOR. And realistically, this mass of paper is not a material threat to its business — even if it does make material an argument about the nature of that business. “The legal issue is interesting. Is printing material without the intent to distribute it really illegal?” Goldsmith asks. “Is this useless intellectual property really worth going to the mat for? Except, not only is this not a material threat to its business, it's not a threat to anything. These works are all completely legal, in the public domain and totally freely available from a variety of sources including JSTOR. Here, go ahead and check it out. That's not to say there aren't other issues with JSTOR. Its regular paywall is ridiculously high, and often stands in the way of sharing important academic knowledge (frequently paid for by the public). And there are plenty of non-public domain works JSTOR should consider freeing up as well -- such as this 80 year old article on why we should do away with copyright and patent laws altogether. It's 21 pages and JSTOR wants $43 for it, which seems rather ironic, since the author himself, Arnold Plant, believes that locking up such works with intellectual property is a mistake. So, I can recognize the desire to do something that appears to be civil disobedience to stand up against JSTOR. But the JSTOR Pirate Headquarters, unfortunately, only contributes misinformation to the situation, implying that freely available public domain works are somehow illegal or subversive. It appears this is the opposite of the message they want to send, so it's unfortunate that the message that is getting out is that it's illegal to share public domain works. Similarly, shame on Yahoo Tech and its reporter, who should be willing to do the most basic of fact checking to understand the very premise of the article is hogwash. Yahoo Tech is trying to position itself as a tech publication for a more mainstream audience, and if it believes the way to do that is to spread misinformation, that's unfortunate.Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
Senator Dianne Feinstein has finally responded to former CIA and NSA boss Michael Hayden's misogynistic and ridiculous claims that the Senate Intelligence Committee's 6,300 page, $40 million research report into the CIA torture program (run, in part, while Hayden was boss) was motivated by her "emotions" rather than by an objective position. Hayden has also called out the staffers working on the report as sissies (though he'll claim he was just saying the Senate Select Committee on Intelligence's acronym -- SSCI). She brushes off the whole "emotional" claim by noting quickly that's Hayden being "stereotypical" and "incorrect" and saying such a thing is "an old male fallback position." However, as Marcy Wheeler points out, rather than spending her time addressing silly ad hominem attacks, Feinstein scores a lot more points in basically pointing out that the real motivation for the report was Hayden's own lies to Congress: What she notes is that the real inspiration for the report came after it was revealed to the Senate that a CIA staffer had ignored direct requests from Congress, the White House and others in the CIA and destroyed tapes showing the CIA torturing people. The destruction of the tapes was then hidden from Congress for some time as well. When it finally came to light, Hayden (then director of the CIA) told the Senate that it could review various cables and documents, which were "just as good" as the tapes. In looking into that claim from Hayden that the documents were just as useful as the deleted tapes, that the Senate decided to move forward on a full investigation. In other words, it wasn't emotions that motivated Feinstein, it was Hayden's lies to the Senate. Let me give you how this began. It began in 12/6/07 when the NY Times reported that the CIA destroyed evidence -- namely videotapes. In December, the 11th, Director Hayden appeared before our Committee and said he would allow members and/or staff to review operational cables which he said were just as good. Jay Rockefeller was then the chairman of the Committee. He, on the 7th of February of '08, assigned staff. On February 27th, the staff presented an interim report to the Committee on the destruction of the tapes. The Committee agreed to do a full review of the tapes. On March 5, 2009, the Committee voted 14-1 to do a comprehensive review of the detention and interrogation [program]. Let's have the record crystal clear. I never gave any direction to the staff. I just said 'we want the facts -- and we want those facts footnoted.' The one place I did give some direction, was with respect to the CIA response to the report. I said, 'you will include their response, where appropriate, within the text of the report, and where not appropriate, you will note the response in a footnote to the report.' And that has been carried on. .... I don't believe Director Hayden has seen the report. I don't believe most people talking about it have actually seen the report. But the genesis of the report was back with the videotapes and back under then Chairman Rockefeller, who assigned staff, staff studied the operational cables, came back, reported to us, we took a look at that and said -- both sides -- we should move ahead and do a full study. As Wheeler notes: Michael Hayden has only himself to blame for this report. If he hadn't lied and tried to downplay the destruction of evidence of the CIA's torture program, perhaps there would be no torture report at all. No wonder he's so "emotional" and attacking everyone about it.Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
Seeing how often official reports by law enforcement are contradicted by video recordings, you'd think judges would have become a bit more skeptical about the supposed "superiority" of officers' recall powers. But that's apparently not the case, at least not in Indiana, where the state's Supreme Court has ruled that officer memory trumps video recordings. Videotape evidence can be overruled by the testimony and after-the-fact interpretation of a police officer, the Indiana Supreme Court ruled last week. In a 6 to 1 decision, justices overruled the state Court of Appeals which reviewed dashcam footage of Joanna S. Robinson driving her Chrysler PT Cruiser at around 1am on October 15, 2011 in Elkhart County and found no evidence of a crime. In the case being discussed, the officer following Robinson's car observed it veering over the fog line twice, which gave him the reasonable suspicion he needed to pull her over. Once pulled over, Robinson blew a .09 BAC (.01 over the legal limit) and volunteered to the officer that she was also in possession of a small amount of marijuana. During her trial, she attempted to have the evidence suppressed on the basis that the officer did not have the reasonable suspicion needed to pull her over. The Supreme Court reviewed the dashboard cam recording, concluding that while it may have not showed exactly what the officer claimed (or indeed, any solid evidence that Robinson's driving was impaired), it was clearly inferior to the officer's observational skills and experience. Deputy Claeys, as he drove down County Road 4 on that October night, was observing Robinson’s vehicle through the lens of his experience and expertise. And when Deputy Claeys testified at the suppression hearing, the trial judge heard his testimony—along with the other witness testimony and evidence, including the video—through the lens of his experience and expertise. Ultimately, that experience and expertise led the trial judge to weigh Deputy Claeys’s testimony more heavily than the video evidence, and we decline Robinson’s invitation to substitute our own judgment for that of the trial court and rebalance the scales in her favor. This conclusion was reached despite Claeys' "superior" observational skills observing things that didn't actually happen. Deputy Claeys testified “both passenger side tires were over the fog line” and “completely off the roadway” “twice.” As the single dissenting opinion notes, the previous court found Claeys' recall of the events suspect. The trial court summarized the evidence presented, observing that “the officer in this case has testified that defendant drove off the roadway on two occasions.” The court further acknowledged that “[i]t is quite possible that the officer’s actual visual observation of the defendant’s vehicle was superior to the video camera in his car.” But the court recognized that the video did not reflect that the vehicle “actually left the roadway” but only that it “veer[ed] on two occasions onto the white fog line.” Despite this disparity, the trial court still felt that "veering onto the fog line" was enough reasonable suspicion (for a "well-trained officer") to justify a stop. Judge Rucker points out how ridiculous this assumption is. The Court of Appeals reviewed numerous cases from other jurisdictions as well as prior Indiana precedent, all of which support the proposition that mere “brief contact with the fog line or swerving within a lane”—without more—is ordinarily insufficient to establish reasonable suspicion of impaired driving [...] I agree and would reiterate the observation that “if failure to follow a perfect vector down the highway or keeping one’s eyes on the road were sufficient reasons to suspect a person of driving while impaired, a substantial portion of the public would be subject each day to an invasion of their privacy.” Despite the appeals court's conclusions and the deputy's faulty recall, the Indiana Supreme Court agreed with the trial court's finding. The trial court found, as a matter of fact, that to the extent Deputy Claeys’s testimony conflicted with the video, the former was more reliable than the latter. While it's certainly true that video itself can be open to the interpretation of its viewers (as is noted in the majority opinion), it's hardly as subjective as a single officer's portrayal of events. What is often depicted as superior instinct and training may actually be nothing more than self-delusion or post facto justification for rights violations. This sets a precedent for Indiana that suggests exculpatory video evidence will be given less weight than the "expert" testimony of law enforcement officers. Permalink | Comments | Email This Story

Read More...
posted 14 days ago on techdirt
Here comes another round of lawsuits from non-practicing entities. With patent reform constantly just around the corner, it appears that those seeking to extract money from actual businesses with actual products and services are making a push to get some lawsuits filed before reforms kick in. Landmark Technology, LLC makes no products and offers no services, something that can easily be surmised by its "address" in Tyler, Texas. It does, however, generate lawsuits and demand letters, most referencing patent 6,289,319: 'Automatic Business and Financial Transaction Processing System.' Or, as the EFF puts it more succinctly: paying with a credit card online. Landmark Technology is Lawrence Lockwood's latest incarnation. Lockwood pushed this patent through back in 2001, apparently racking up 'tens of thousands of dollars' in costs while doing so. Since that point, he has sued multiple companies for infringing on his patent and extracted several settlements. Many he sued under the name of Pangea IP (PanIP), which was covered here in 2003. Under this name (originated in 2008), Lockwood has sued multiple companies (Justia lists 79 lawsuits under this name). His latest batch of lawsuits was filed last Friday, naming such diverse entities as Dunkin' Donuts, Abercrombie & Fitch, Caesar's Gaming, Hitachi and Harley-Davidson. His previous batch, filed January 15th, named Louis Vuitton, The Children's Place, Rubbermaid and a handful of others. Landmark's physical address in Tyler, Texas shares office space with other patent trolls, including Techdev Holdings, Eon Corp. IP Holdings and US Ethernet Innovations. Lockwood's m.o. seems unchanged from a decade ago: send demand letters and follow up with a lawsuit. The America Invents Act may have (mostly) gone into effect in March of last year, but it's had little discernible effect on those who do nothing more than hold onto exploitable patents without ever making use of the "invention." Like Better Mouse Company, LLC, a company that doesn't seem to exist outside of lawsuits filed in East Texas. Better Mouse Company has filed 10 patent infringement lawsuits in the last 30 days, targeting Mad Catz, AsusTech and Corsair, among others -- all over a patent described as "Apparatus for setting multi-stage displacement resolution of a mouse." The patent was originally issued to SunPlus Technology Co. of Taiwan, but judging from the lawsuit activity, it looks to be in the hands of a patent-exploiting shell company. Bonus: Better Mouse is represented by the law firm of Antonelli, Harrington & Thompson LLP, the same team that represented patent troll Execware in its losing battle against Overstock.com. This ongoing trolling is why entities like the EFF are pushing the Senate to pass its version of the Innovation Act, which sailed through Congress late last year. Although the Act was watered down by lobbying efforts, the Senate has an opportunity to build something stronger before it makes its way to the President. Until then, AIA or not, it still seems to be business as usual for non-practicing entities.Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
The USTR seems to have a worrying need to blame other countries. Alongside the infamous Special 301 Report which puts a selection of nations on the naughty step because of their failure to bend to the will of the US copyright industries, there's the less well-known Section 1377 Review , which considers "Compliance with Telecommunications Trade Agreements." Here's some information about the latest one (pdf): The Section 1377 Review ("Review") is based on public comments filed by interested parties and information developed from ongoing contact with industry, private sector, and foreign government representatives in various countries. This year USTR received four comments and two reply comments from the private sector, and one comment from a foreign government. Clearly something of a specialist area, then. One of those comments comes from the United States Council for International Business, which describes itself as "among the premier pro-trade, pro-market liberalization organizations." A concern it raises is the following: The ability to send, access and manage data remotely across borders is integral to global services, including converged and hybrid services such as cloud services. However, the tremendous increase in cross-border data flows has raised concerns on the part of many governments. Given that cross-border services trade is, at its essence, the exchange of data, unnecessary restrictions on data flows have the effect of creating barriers to trade in services. That seems to be reflected in the following section of the USTR's review: Recent proposals from countries within the European Union to create a Europe-only electronic network (dubbed a "Schengen cloud" by advocates) or to create national-only electronic networks could potentially lead to effective exclusion or discrimination against foreign service suppliers that are directly offering network services, or dependent on them. In particular: Deutsche Telekom AG (DTAG), Germany's biggest phone company, is publicly advocating for EU-wide statutory requirements that electronic transmissions between EU residents stay within the territory of the EU, in the name of stronger privacy protection. Specifically, DTAG has called for statutory requirements that all data generated within the EU not be unnecessarily routed outside of the EU; and has called for revocation of the U.S.-EU "Safe Harbor" Framework, which has provided a practical mechanism for both U.S companies and their business partners in Europe to export data to the United States, while adhering to EU privacy requirements. Of course, Deutsche Telekom is not the only one calling for Safe Harbor to be revoked: the European Parliament's inquiry into the mass surveillance of EU citizens has also proposed that, along with a complete rejection of TAFTA/TTIP unless it respects the rights of Europeans. Strangely, the USTR doesn't mention that fact in its complaint, but goes on to say: The United States and the EU share common interests in protecting their citizens' privacy, but the draconian approach proposed by DTAG and others appears to be a means of providing protectionist advantage to EU-based ICT suppliers. You've got to love the idea that too much privacy protection is "draconian". The USTR continues to tiptoe around the real reason that not just Deutsche Telekom but even Germany's Chancellor, Angela Merkel, are both keen on the idea of an EU-only cloud: Given the breath of legitimate services that rely on geographically-dispersed data processing and storage, a requirement to route all traffic involving EU consumers within Europe, would decrease efficiency and stifle innovation. For example, a supplier may transmit, store, and process its data outside the EU more efficiently, depending on the location of its data centers. An innovative supplier from outside of Europe may refrain from offering its services in the EU because it may find EU-based storage and processing requirements infeasible for nascent services launched from outside of Europe. The USTR saves what it obviously sees as its killer punch for last: Furthermore, any mandatory intra-EU routing may raise questions with respect to compliance with the EU's trade obligations with respect to Internet-enabled services. Accordingly, USTR will be carefully monitoring the development of any such proposals. Got that, Europeans? If you dare to try to protect yourselves by creating a slightly more secure EU-only cloud in response to the NSA breaking into everything and anything, you may find yourself referred to the World Trade Organization or something.... It's interesting that the USTR brings up this issue -- doubtless a reflection of the huge direct losses that revelations about massive surveillance on Europeans and others are likely to cause the US computing industry. But trying to paint itself as the wronged party here is not going to endear the USTR to European politicians. At a time when Safe Harbor and even the TAFTA/TTIP negotiations are being called into question in the EU, such an aggressive and insulting stance seems a very stupid move. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
Almost exactly a decade ago (man, time flies...), we first discussed the question of whether or not it should be against the law to get hacked. The FTC had gone after Tower Records (remember them?) for its weak data security practices. That resulted in a series of questions about where the liability should fall. Many people, quite reasonably, say that there should be incentives for companies to better manage data security and (especially) to protect their users. But, it's also true that sooner or later, if you're a target, you're going to get hacked. Ten years later and this is still an issue. The FTC went after Wyndham hotels for its egregiously bad data security (which made it easy for hackers to get hotel guests' information, including credit cards), but Wyndham fought back, saying the FTC had no authority over such matters, especially without having first issued specific rules. However, a court has shot down that argument and will allow the FTC's case against Wyndham to move forward. Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
Every so often, there are intriguing stories of a man who speaks multiple languages, waking up with complete memory loss, and carrying no paperwork or identification on them. Sometimes these men are well-dressed when they're found. Sometimes they've been mugged or beaten, but not always. Doctors can't tell if these men are faking amnesia. Police can't figure out identities from fingerprints if they have no criminal records. Here are just a few examples of these mysterious men called John Doe. A man in his mid-20s was recently found in Oslo in "a bad condition" -- without any memory of his identity. This guy speaks English with an east European accent and understands Czech, Slovak, Polish and Russian. Oslo police are stumped, so they're asking the public to see if anyone recognizes him. [url] A 50yo man mysteriously woke up in Seattle without any recollection of his name. Someone recognized him as Edward Lighthart -- but there's still no explanation for how he got lost with $600 in cash in his sock with no idea who he was. [url] A supposed amnesiac was admitted to a Toronto hospital without any identification and only vague clues about his identity. He called himself Philip Staufen, but he turned out to be a fraud -- a Romanian named Ciprian Skeid. [url] If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
It's the time of year, when victories are had or not, dreams are realized or dashed along the playing surface, and champions are either born or unseated. Being from Chicago, I've been through this before. I've seen my heroes fall and experienced the heartbreak of having victory snatched from my guys in heartbreaking fashion. Still, even with that experience, it never gets easier. Which is why we should all be standing up and doing a slow-clap for Electronic Arts, whose "Worst Company" championship string has finally come to an end. And it's all thanks to Comcast, who narrowly defeated cartoonishly evil megacorporation Monsanto in the final showdown. The road to not-glory, however, was not without its controversy. Comcast’s road to the Poo started out without a speedbump, as the company powered through the first three rounds without ever giving up more than 30% of the vote. And with two-time reigning champ EA eliminated in Round One by Comcast’s merger partner Time Warner Cable, followed by three-time consecutive runner-up Bank of America’s surprise defeat at the hands of Walmart, Comcast seemed destined for the Final Death Match. But the nation’s largest cable and Internet provider (which is trying to become even larger), almost got stopped in its track by first-time contender SeaWorld, riding high on waves of negative publicity tied to the documentary Blackfish. Comcast pulled off a buzzer-beater to hold off SeaWorld and earn its place in the Final Death Match. From the onset of the day-long bout, lawsuit-lovin’, herbicide-makin’ Monsanto was within striking distance of the Philly Kid, but Comcast gained a hair-thin edge early on and never ceded the lead. It's been a good run for EA these past two years, in which they deftly ran the treat-customers-like-criminals offense and the delete-yo-crap defense. That kind of strategy led to their distinction for being the only two-time winning and repeat "Worst Company" champion. But if Michael Jordan retired (multiple times), Muhammed Ali fell, and the Lakers turned into whatever you call whatever they are now, then it was only a matter of time before a new, more youthfully horrible champion arose to unseat EA. And that example of awful is Comcast, who appears to think that Mr. Potter from It's A Wondeful Life was a template for how to do things. And, just so we're all clear here, they beat Monsanto, a company that is attempting to put a corporate and IP stranglehold on food. Food. You know, that thing you need every day in order to live. That means that if you sat the average voter down and asked them which was worse, a big company getting bigger so they can control how you get your television, or the same scenario but with the thing that lets you live, people will choose the former. I'm not sure that makes a whole lot of sense, but I'll refrain from taking away any of Comcast's glory today. Congrats, you terrible congress-bribing megalith you! Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
You may have heard the recent stories about former President George W. Bush's new exhibit of paintings of world leaders. There's been plenty of chatter about the former President picking up painting as a hobby since leaving office. While many may have assumed that he used his experience in meeting with those world leaders in order to have an accurate representation of what they looked like, the truth is that he just pulled results from Google Image search result for each one. Literally. Some people have gone through and done Google Image searches on each of the subjects he painted, and discovered that the paintings were clearly all based on either the very first result, or very near the top search result. Yes, that's right. George W. Bush is an appropriation artist. Many of those images from Wikipedia, where they're under Creative Commons licensing, but others are clearly covered by copyright. As Animal New York notes, the image of former French President Jacques Chirac comes from a photo of the cover of Chirac's book cover, where the copyright on the photo is actually held by the Associated Press. The Animal New York article is probably correct that it's unlikely that the Associated Press will go after the former President for copyright infringement, but only because it's hypocritical. In the past, the Associated Press did, in fact, sue Shepard Fairey over his iconic image of President Obama, that was also based on an AP photo. Fairey (stupidly) did himself in by trying to destroy evidence and then lie about it, seriously harming his case, and distracting from the central question of whether or not his image was fair use. But, the AP has sued others over that image as well, so you never know. While the chances are minimal, it certainly would be interesting to have a case in which, of all people, George W. Bush, becomes the poster child for fair use.Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
Yesterday, we wrote about just how terrible the Heartbleed bug in OpenSSL is. It's been generating plenty of discussion, with folks like Bruce Schneier calling it "catastrophic" and saying that "on the scale of 1 to 10, this is an 11." It's a pretty big deal. So you'd think that everyone would be scrambling to help plug the vulnerability as painlessly as possible. And most companies have been doing that. But one -- StartCom -- apparently sees this as an opportunity to rake in cash and to screw over those most vulnerable. StartCom is a free SSL Cert authority, and on the company's website, it claims it offers this service for free "because we believe in the right to protect and secure information between two entities without discrimination of race, origin and financial capabilities." Except, that's not quite how things are playing out in reality. As is being actively discussed over at HackerNews and via the StartSSL Twitter fee, the company is trying to charge people to revoke the vulnerable certs. While the company has generally charged for revoking certs, many people pointed out that with a vulnerability of this magnitude, that's both ridiculous and dangerous. However, the company doesn't seem to care. It's upon the subscriber to take appropriate action since the certificate authority can't enforce which software to use. The terms of service and related fees will not change due to that. When it was pointed out to the company how serious a vulnerability issue the company started to get snotty with its own uses: We do understand the situation very well, thanks.... This is not our fault as well. We do not see any reason to provide this paid service for free. We have enough other free services already if you didn't mentioned it. People began challenging the company on Twitter, and it's taken that same snotty "we don't give a fuck" attitude to them as well: Yes, this is part of StartCom's business model. Free certs, pay to revoke. But this is clearly a case where that model should be suspended to keep the internet safe. The amount of ill-will this move is generating is pretty clear. Furthermore, it highlights what a bullshit claim it is that its goal is to better protect communications. If that were true, it would allow emergency revocations for an issue like Heartbleed.Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
Comcast is ratcheting up its charm offensive (or perhaps that's just offensive charm) in trying to get its attempted merger with Time Warner Cable approved. It's released its "public interest statement" and a blog post about how wonderful the merger will be. There are plenty of ridiculous claims in both, but let's focus on the key one -- Comcast's decision to completely fabricate "competitors" in various markets to argue that Comcast competes "in a dynamic, expanding and highly competitive marketplace." Of course, for anyone who actually knows what broadband options they have at home are, this statement is clearly bullshit. But Comcast is going to pretend otherwise, because it's Comcast. This chart really takes the cake: You see that? People in New York City have a wealth of competition according to, well, pure bullshit. Those "29 competitors" involve finding any company in the tri-state area that sorta, kinda offers something that if you squint and sneeze, you might sorta, kinda think maybe could be qualified as broadband if you were the last person on earth and really, really needed a barely working connection to the internet. In the past, we've reasonably mocked the FCC's website listing broadband competitors, BroadbandMap.gov, because the results it gives are hilariously wrong and/or misleading. But Comcast's competitive claims take this to a new level entirely. Even if we rely on the National Broadband Map, I challenge anyone to find any spot in New York City where someone has anywhere close to 29 choices for actual broadband. Just for fun, I put in an address in the heart of midtown Manhattan, and it coughed up a (laughably misleading) claim of seven competitors. Except three of them (AT&T, T-Mobile and Sprint) are just 3G/4G service over your phones with very low caps and limited speed. Those accounts are explicit that they're not to be used for regular home broadband. So they don't count. You have, of course, the traditional competitors: Time Warner Cable (who Comcast is trying to take over) and Verizon. And who else? There's just Lightower Fiber Networks and Platinum Equity LLC. Platinum Equity is the private equity firm that bought out MegaPath, a DSL company that has been around (in various forms) for many years, but is only focused on business broadband. Ditto for Lightower Fiber, which only serves businesses. So, oh look, if you want true residential broadband, guess what: your choice is Time Warner Cable or Verizon. And, remember, Verizon is actively trying to get out of the wired broadband market, handing its users over to... their main cable competitors. So, it might not be left until your only real "choice" in the heart of midtown Manhattan is... Time Warner... I mean, Comcast. So, um, what's that about 29 competitors?Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
Why can't movie-streaming sites deliver the selection of movies that customers obviously want? This was the question posed by a recent New York Times column, comparing undersupplied services like Netflix with unauthorized platforms like Popcorn Time. The answer, the Times explains, is windowing—the industry practice of selling exclusivity periods to certain markets and platforms, with the result of staggered launches. But the Times fails to ask a more fundamental question: why do streaming sites have to listen to Hollywood's windowing demands in the first place? After all, while it's clear why the studios like windowing—they can sell the same rights over and over once the promised exclusivity periods expire—it doesn't seem like a very good deal for users. Those users get access to a smaller selection, higher prices, and fewer choices between platforms and services. It should be astonishing that a company that once had to maintain and transport a staggering inventory of fragile plastic discs is able to offer less when its marginal cost dropped to near zero. The problem is that, unlike earlier movie-rental options, streaming rights fall fundamentally within a permissions culture. Netflix is a great illustration of what's gone wrong here. It's gone from having a nearly unrivaled catalog of films available to rent to being the butt of Onion jokes. What happened: It shifted from a system where nobody had a veto power over its operations, to one where it had to get permission and make deals with Hollywood. Sometimes it's difficult to find the concrete costs of living in a permissions culture, but the decline of Netflix's selection is an important cautionary tale. It's especially clear when you look at how Netflix upended the movie rental market in the first place. In one way, it suffered from a major competitive disadvantage: competitors like Blockbuster had locations near people's houses. As long as those stores had the movie you wanted, you could be watching within hours—not days—of deciding on a title. But Netflix was able to experiment with different price points and subscription models and, crucially, it could try those without first convincing any incumbents. Both Blockbuster and Netflix's DVD-by-mail service relied on the first sale doctrine, meaning they can buy physical copies of movies, and then resell or rent at any price they like. No royalties, no licenses, no contracts—with physical media, once a rental company has bought the copy, the copyright holder is basically out of the picture. You can see how this is great for users. Companies can experiment to find the things that people like best, and have the power to make decisions based on their users' needs and wants. Movie studios still got paid—these rental companies were buying lots and lots of copies, after all—but couldn't exert control over the rental businesses, which could then compete on their merits. Rightsholders hate not having this control. So the first sale doctrine gets attacked over and over. From Nintendo's suing Blockbuster in the 80s to Universal's "revenue sharing agreement" with Redbox, and through to more recent cases like Kirtsaeng v. Wiley in the Supreme Court, rightsholders have tried to restrict the first sale doctrine in physical media. And when it comes to digital media, consumers have even more of an uphill battle. When the ranking member of the House Subcommittee on intellectual property is calling the principle of "you bought it, you own it" an extreme view, there's something seriously wrong here. Furthermore, the Netflix example shows that the problem isn't contained to the books, movies, records, and games that we own; it limits the kinds of services that can ever be created. With a commercial product like Netflix, we can feel those costs today. But more troubling are the costs we will feel tomorrow, in a decade or a century from now, if we make a transition to digital media without keeping the first sale doctrine intact. Copyright has already cost us crucial elements of our cinematic and literary history. Those costs will compound if librarians, archivists, and enthusiasts aren't allowed to care for their own copies. As Matt Schruers over at the DisCo Project notes, studio practices have ensured that no option so far can be convenient, comprehensive, and lawful. Netflix Instant is a great service for what it is able to offer, but in a permissions culture it is broken from the start.Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
Earlier this week, we wrote about the MPAA's announced plans to sue Megaupload in a civil lawsuit to pile on to the criminal charges the company is already facing. As we noted, there's no legitimate reason for such a lawsuit, given the criminal lawsuit already underway, other than as a way to try to get a favorable court ruling it can use against others. Having now read the full complaint against Megaupload, it's quite clear that this is exactly what the MPAA is doing. The lawsuit is incredibly dangerous for the internet, even if you think that Megaupload itself was a bad actor. Even the LA Times -- Hollywood's hometown paper -- has called out the lawsuit for how it may have negative consequences felt broadly across the internet. That's because the lawsuit makes a whole bunch of claims about Megaupload that are perfectly reasonable activities for tons of user-generated content and/or cloud computing companies. But, because Hollywood has spent years demonizing Kim Dotcom as a movie-style villain a la "Dr. Evil", it seems to be hoping that the courts won't notice that it's basically making up what they want copyright law to be, rather than what it is. First, it describes the fact that when you upload a file to Megaupload, the service would then give you a link that you could share. The MPAA paints this as if it's some nefarious scheme to encourage infringement. But it's actually how pretty much any cloud or user-generated content site works. When the upload was completed, Megaupload reproduced the file on at least one computer server it controlled and provided the user with a Uniform Resource Locator ("URL") "link" beginning with "megaupload.com." The uploader could then propagate the link broadly over the Internet, so that anyone interested in downloading or otherwise accessing a copy of the file could easily find it on Megaupload's servers. But, of course, Dropbox or YouTube do the same exact thing. Then, they call out the fact that Megaupload did not provide its own search engine, as if that's something nefarious: To conceal the scope of infringennent occurring on the Megaupload website, defendants did not provide users with a searchable index of files available for download from the Megaupload website (although defendants themselves had access to such an index). Instead, defendants relied on numerous third party "linking" sites to host, organize, and promote URL links to Megaupload-hosted infringing content, including plaintiffs' copyrighted works. Except, cloud storage companies from Dropbox to Box to Google Drive don't supply a searchable index of files available on their services either. And that's for a very good reason. Because they're not promoting their services as a place to go to search for infringing works. In fact, you just have to go back to the RIAA's lawsuit against Napster, to see where the exact opposite claim was made. In that case, the court found that Napster was, in part, liable because it had a search feature: Napster is not an Internet service provider that acts as a mere conduit for the transfer of files.... Rather, it offers search and directory functions specifically designed to allow users to locate music, the majority of which is copyrighted. Yet, now, the MPAA seems to be arguing that not having a search engine means you're trying to hide copyright infringement. Damned if you do, damned if you don't -- just how the RIAA and MPAA like it. If you have a search engine, you're enabling infringement, if you don't have a search engine, you're "concealing" infringement. The MPAA also tries to paint other perfectly reasonable business model choices as nefarious. Offering premium paid-for services for faster downloads, or access to larger files, is painted as some evil plan to profit off of infringement. But it also makes perfect business sense for a company like Megaupload seeking to cover its bandwidth bills. Similarly, the famed "financial incentives for premium users" is treated as if this is actually paying people to post infringing works. But that makes little sense. It's actually an incentive to get people to post good content. It's the same reason that YouTube today pays top YouTubers who bring in lots of visitors. Is the MPAA really arguing that such an incentive program is illegal? To ensure a vast and ever-growing supply of popular copyrighted content to which they could sell premium access, defendants paid users to upload popular content to Megaupload's servers. Defendants' Uploader Rewards program promised premium subscribers cash and other financial incentives if they uploaded popular works, primarily copyrighted works, to Megaupload's servers. The rewards program also encouraged users to publicly promote links to that content, so that the content would be widely downloaded. Except, nothing in this program appeared to be about encouraging people to post infringing works. In fact, it would seem like a pretty stupid program for encouraging infringement, as Megaupload would likely be able to bring in a lot more attention and revenue for authorized legitimate content. Such a program, in actuality, appears to be the perfect way for artists to go direct to their fans, offering them ways to get the content for free, while still earning money. In fact, that's why artists like Busta Rhymes spoke out in favor of Megaupload after it was shut down. He pointed out that he could make a lot more money releasing his own music directly via Megaupload, than in going the old record label system. Furthermore, since this lawsuit is from the movie studios, they list out a number of specific movies that they claim were on the site. However, Megaupload says that the uploader rewards program only applied to files smaller than 100MB, meaning it likely didn't apply to any films that were uploaded. Assuming that's accurate, the studios are going to have quite a difficult time proving that the rewards program induced infringement of movies. On top of that, even if the program was used by some to make money from sharing infringing works, the program itself is clearly content neutral, and not about encouraging sharing of infringing works. For the MPAA to allege otherwise threatens all kinds of incentive programs on pretty much any user-generated content site. Next, the MPAA complains that when they sent takedowns to Megaupload, it only removed the specific URL they sent, and not all copies of the content. But, uh, that's all that the law requires. As the court in the YouTube/Viacom case ruled, under the DMCA, the service provider needs to be made aware of specific locations where infringing content is. They can't just be given a single URL and told to "block all copies of that." Nor would such a request be reasonable either, as infringement depends on context, not content. In the YouTube/Viacom case, Viacom initially sued over files that its own employees had uploaded, meaning they were licensed -- yet it argued those were infringing. You run into the same problem here in that the MPAA is arguing that if you know that a particular file is infringing, all similar content must be removed. But the law does not say that. Though, clearly, the MPAA is seeking to change the interpretation of the law. Next, the MPAA argues that because Megaupload could have used filtering tools to prevent new uploads of works previously claimed as infringing, and did not do so, that proves it's liable. However, that's completely bogus. Many, many, many copyright cases have all said over and over again that nothing in the DMCA creates a duty for service to proactively filter new uploads. In fact, the industry itself admits that this is true, because they're currently asking Congress to change the law to make this a new legal requirement. Yet, in the Megaupload complaint, they pretend it is already the law: Megaupload could also have implemented various readily available and effective technological solutions (including, without limitation, automated filtering using digital fingerprinting-based content-identification technology) to identify and prevent infringement of copyrighted content. Megaupload chose not to do so. But there is no legal reason why it had to do so. In fact, considering that others have spent tens to hundreds of millions of dollars on such systems, there are perfectly good business reasons not to have spent such money. Here, the MPAA is using this lawsuit to try to get a court to suggest there's a legal duty to filter. This would have a huge negative impact on startups who couldn't afford the tens of millions of dollars entry fee. You can argue that Megaupload was widely used for infringement. You can even argue that Megaupload management were awful people who didn't care that much about copyright. But if you read this lawsuit objectively, you have to admit that it is a straight up attack on the basic principles of cloud computing and user-generated content, while seeking to change settled law and reinterpret the DMCA in a way the MPAA fantasizes it should be, rather than the way the law is today. That's incredible dangerous. It's no surprise that they're doing this against Megaupload, a company based halfway around the globe, with all its assets seized, and which is fighting a massive criminal complaint at the same time. That will, obviously, lead to limited resources to fight this civil suit, making it easier for the MPAA to sneak through dangerous changes to the law, via potential court rulings. These are changes that it's been unable to get written into the law for the past few years, so now it's using the courts to try to do its dirty work. No matter what you think of Megaupload, this is a very dangerous lawsuit.Permalink | Comments | Email This Story

Read More...
posted 15 days ago on techdirt
I saw two headlines in a row recently about Singapore's plans for copyright reform. The first one sounded good, and the second one sounded dreadful: Singapore decides 'three strikes' laws are too intrusive Singapore proposes law to block sites such as Pirate Bay It turns out that both headlines are accurate, though it's the second one that's the bigger issue here. You can see the details laid out (quite clearly) by Singapore's Ministry of Law. It notes that they currently have a DMCA-like notice-and-takedown setup, but have apparently decided that this is somehow too burdensome for rightsholders who have pushed the government to come up with an alternative plan (gee, this sounds familiar...). They don't seem to explain why this is so burdensome, they just say that there's too much "uncertainty" in having to actually "establish the liability for infringement." So, rather than do that, it appears that the Singaporean government is willing to chuck basic due process, and go for flat-out censorship without due process. Under the proposed legislative changes, rights holders will also be allowed to apply directly to the Courts for injunctions to prevent access to pirate sites without having to first establish ISPs’ liability for copyright infringement. This judicial process is more efficient and avoids implicating the ISPs unnecessarily. So, just as in SOPA, the idea is that rightsholders can suddenly declare that certain sites are "rogue" and courts can agree to wipe them off the face of the internet, by ordering ISPs to block access to them. The Singaporean government insists this won't be a problem for legitimate sites, because it seems to have bought into the Hollywood fallacy that what is a "legitimate" site and what is a "pirate" site are somehow obvious, rather than a spectrum in which nearly everything is some form of gray. This is targeted at websites that show a blatant disregard for, and that clearly infringe, copyrights. Legitimate search engines and content sharing sites such as Google and YouTube will not be affected. Notice how they just blithely insist that YouTube is legitimate. That may well be news to YouTube's lawyers, who just concluded (via settlement) a seven-year battle in which Viacom literally insisted that YouTube was the equivalent of a video Grokster (the file sharing service that lost its court case for enabling infringement). And that's where the real problem is. It's easy to claim that it's obvious when a site is legitimate and when it's not, but reality doesn't work that way. For years, many people were pretty sure that Napster was perfectly legitimate under the rules of the Sony Betamax ruling, but then a court decided otherwise. Similarly, many assumed that YouTube was illegal, until that case settled. Hell, even the VCR was a "pirate tool" until the Supreme Court ended that argument thirty years ago. And, of course pretty much all of modern entertainment history is filled with similar examples of new innovations in the delivery and consumption of content that are at first deemed illegal, until suddenly they're not. The player piano, the phonograph machine, radio, television, cable television, the photocopier, the DVR, the VCR, the mp3 player, and many other innovations were first decried as "pirate" technologies. And then they weren't. But with the Singaporean government insisting that it's somehow obvious which ones are legitimate and which ones are not, Singapore is almost guaranteeing that important legitimate innovations that help move the industry forward will, instead, get censored and blocked across the entire country. That's no way to present yourself as an innovative country. So, yes, later in the document, they reject three strikes (and administrative, rather than judicial, blocking) as too draconian and intrusive: Countries like Spain and Malaysia have implemented an administrative site-blocking approach where rights holders can apply for site-blocking orders from a Government-appointed body. Countries like France have introduced a “graduated response” system where individual internet users are notified of their infringing activity by the ISP, and can be penalised if they continue their infringing activity despite repeated notifications (or “warnings”). We considered the alternatives above but assessed that they may not be suitable in Singapore’s context as they are too intrusive on internet users. But, in many ways, the alternative "solution" that Singapore appears to be supporting is worse than three strikes. It's outright censorship against innovation, based on a faulty belief that it will be immediately obvious whether or not new innovations and technologies are "legitimate" or "pirates."Permalink | Comments | Email This Story

Read More...