posted 17 days ago on techdirt
Security isn't the only thing being ignored as hardware vendors rush to connect televisions, toasters, and tea kettles to the internet. Consumer privacy and data-collection transparency has also become a distant afterthought as companies rush to cash in on the ocean of data these connected-devices collect. The "smart" television sector has been notably problematic, with Samsung busted a few years back for not only recording customer living room conversations, but transmitting that data unencrypted back to the company mothership. These are lessons that hardware vendors appear incapable or unwilling to learn. Case in point: this week the FTC announced that it had struck a $1.2 million settlement with discount TV vendor Vizio. According to the full FTC complaint (pdf), Vizio began using the company's smart televisions to track user behavior in 2014, without informing customers that this was happening. The FTC notes that Vizio for years heavily advertised a "Smart Interactivity" feature that "enables program offers and suggestions." But the complaint notes this feature never provided customers with a single suggestion. But it did provide Vizio with a wonderful new way to collect and store a huge variety of consumer data under the pretense of adding consumer functionality. MAC addresses, IP addresses, nearby WiFi network names, metadata were all hoovered up and stored. And when the FTC says viewing data, it means that Vizio used pixel analysis to compile personal data on every program and device connected to the Vizio set: "According to the agencies’ complaint, starting in February 2014, VIZIO, Inc. and an affiliated company have manufactured VIZIO smart TVs that capture second-by-second information about video displayed on the smart TV, including video from consumer cable, broadband, set-top box, DVD, over-the-air broadcasts, and streaming devices. In addition, VIZIO facilitated appending specific demographic information to the viewing data, such as sex, age, income, marital status, household size, education level, home ownership, and household value, the agencies allege. VIZIO sold this information to third parties, who used it for various purposes, including targeting advertising to consumers across devices, according to the complaint." Again, this in and of itself isn't that controversial, especially in the age of location data and cell phones. The fact that Vizio chose not to tell anyone this data was being collected is where the company ran afoul of the FTC. An FTC blog post has a little more detail on just how specific this data was, and to whom it was sold: "And let’s be clear: We’re not talking about summary information about national viewing trends. According to the complaint, Vizio got personal. The company provided consumers’ IP addresses to data aggregators, who then matched the address with an individual consumer or household. Vizio’s contracts with third parties prohibited the re-identification of consumers and households by name, but allowed a host of other personal details – for example, sex, age, income, marital status, household size, education, and home ownership. And Vizio permitted these companies to track and target its consumers across devices." It's here that we'll remind you that the "anonymization" of data doesn't mean much. Time and time again, studies have shown that anonymized data sets aren't really anonymous, given that it only takes a few additional contextual clues (the likes of which companies that collect this sort of data already have) to ferret out personal identities. It's not really clear how many settlements of this type it's going to take before "smart" hardware vendors acknowledge that being transparent with consumers (which frankly is neither onerous or particularly difficult for them in the 400-page EULA era) is important. And should we continue to weaken FCC and FTC privacy oversight of ISPs and hardware vendors (as is strongly implied by both agencies), that's less likely than ever to happen anytime soon. Permalink | Comments | Email This Story

Read More...
posted 17 days ago on techdirt
I recognize that many (especially regular Techdirt readers) will assume from the title above that the question is a rhetorical one in response to the latest craziness around a stupid trademark or awful patent. But, no, we mean that literally. You see, right before the Trump inauguration, it was widely reported that Michelle Lee would stay on as the Director of the US Patent and Trademark Office. That was undeniably good news. For all the complaints we have about the USPTO, Lee has done a fairly amazing job running that office, and seems to be one of the first Patent Office directors who actually understands how patents can do serious harm to innovation. Keeping her on would be a really good sign. After seeing the stories claiming that she was staying, we'd mostly moved on. However, Politico reporter Nancy Scola sent me down something of a rabbit hole after tweeting that it's basically impossible to know who's in charge of the Patent Office right now. The USPTO's site still says it's Lee: That seems like that should be that. However, there are conspiracy theories afoot -- mainly being discussed by Gene Quinn over at IP Watchdog. Gene and I disagree about basically everything as it relates to patents, and he's got a history of insulting me, so I have every reason to basically ignore him. But, on this, he may have a point. And the questions about whether or not Lee is actually in charge are also being asked by a much more respectable patent website, Patently-O. The issue started when Quinn noticed that, despite the claims that Lee was staying on, the Commerce Department (which the USPTO is a part of) leadership page says the role is "vacant." Here's the latest screenshot I took: As for the PTO's own website, Quinn rightly points out that its leadership page still lists out a number of other individuals who have announced resignations and are no longer there, but whose profiles are still on the website. The Commerce Department seems to be refusing to comment to anyone who asks (I've sent in my own question) and it's quite unclear if Michelle Lee really is the director. If you look through the fairly long list of articles by Quinn on the subject, it's quite clear that he (as someone who is not a fan of Lee) is hoping that she's been pushed out, and is trying to drum up controversy over the possibility that she might remain. But the lack of any clarity from anyone... is bizarre. Quinn's most recent post on the subject notes that while no one seems willing to say who's running things, Lee "continues to be seen" in the building. That would certainly support the theory that she's staying. But... she's also cancelled a bunch of speaking engagements, and no one at the USPTO or Commerce Dept. seems willing to say anything. Also, in an earlier report, Quinn noted that he'd been told, unofficially, that Drew Hirshfeld is "Acting Director," implying Lee had left. But the whole thing seems to be... unclear: Who is running the United States Patent and Trademark Office? That straightforward question shouldn’t be imponderable, but it seems that the Trump Administration has chosen to sequester the Director as if he or she has gone into the witness protection program. Indeed, we seem no closer to an answer to who is running the USPTO today than we were 18 days ago. Although sources tell me that Michelle Lee continues to be seen on the 10th floor of the Madison Building, which is where the Director’s Office is located. As we begin the third week of the Trump Administration I cannot tell you with any definitive certainty who is Director, or if there is an Acting Director, or if the Commissioner for Patents is merely carrying out the responsibilities of Director without being named Acting Director, which has been the case at least once in the past. Yes, the Trump transition has been a bit of a mess, but this seems particularly bizarre. There's a decent chance that the problem is just that something is afoot and it just hasn't been discussed publicly yet, so the Commerce Dept. and PTO are staying silent. But, as Quinn notes, there are actual, real implications of not having anyone as PTO director: Indeed, there are many things that the law leaves to the discretion of the Director of the USPTO. While some of those decisions have been delegated out to subordinate officials within the Office, some do still remain only with the Director. For example, if you are a patent owner who believes you are being harassed by repeated post grant challenges the Director alone has the authority to provide a protective remedy. Without knowing who is Director how can patent owners appropriately seek to obtain the assistance of the Director? Another thing that will soon become problematic is with respect to lawsuits involving the USPTO. Who should be the named party? Generally, the Director or Acting Director of the agency is named as the party on behalf of the agency. While it seems a small point, properly identifying the party is no minor matter in federal court. Are patent applicants supposed to style their appeals to the Federal Circuit as Applicant v. John or Jane Doe, Director of the U.S. Patent and Trademark Office? In his most recent post, Quinn further wonders if those of us who tend to think certain patents shouldn't have been issued could even use this as a way to claim patents issued recently are invalid: Sources tell me that the USPTO was prepared last week to issue patents with the signature of Drew Hirshfeld, who is the Commissioner of Patents and seems to be currently in the position of Acting Director. At the last minute, however, a decision was made to reverted back to Michelle Lee’s signature. This creates several significant problems. First, if Lee is not currently the Director patents that are being issued with her signature are being issued in violation of §153. If we know anything about patent litigators it is that they raise every challenge possible, and it is only a matter of time before the provenance of patents issued during these first weeks and months of the Trump Administration are challenged as being invalid. These are not unsolvable issues, once things are clarified, but it still... very, very strange. I doubt that challenging the validity of the patents would have much of a chance, but it is interesting. And while I desperately hope that Lee remains, and Quinn desperately hopes that she is forced out, I think (for once!) Quinn and I agree: whatever is happening, and whoever is in charge, should be disclosed publicly. Permalink | Comments | Email This Story

Read More...
posted 17 days ago on techdirt
We have a great sale going on in the store this week! You can get an extra 70% off any online course by using the promo code LEARN70 at checkout. One of the courses currently available is the $15 Complete Web Developer Course. You'll master important tools and languages, including use of HTML, CSS, MySQL, WordPress, and more. Don't forget to use the LEARN70 code at checkout for an additional 70% off. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team. Permalink | Comments | Email This Story

Read More...
posted 17 days ago on techdirt
In case you were wondering what other misery DRM could contribute to, Hacker House security researchers have an answer for you: HackerHouse have been investigating social engineering attacks performed with Digital Rights Management (DRM) protected media content. Attackers have been performing these attacks in the wild to spread fake codec installers since Microsoft introduced DRM to it’s proprietary media formats. Improperly-licensed media files will produce a pop-up, asking the user if they want to visit the originating site to obtain the rights to play the file. This popup also warns users that this is great way to pick up malware if they're not careful. In these cases, computer users will likely be deterred from following through on the risky click. But that only happens if it's not licensed properly. If it is -- an expensive process that runs about $10,000 -- then no warning appears, leaving users open to attack by malicious fake codec installers. What would be the point of these fake installers? One possible use for the exploitation of Windows DRM is the exposure of Tor users' information. As these “signed WMV” files do not present any alert to a user before opening them they can be used quite effectively to decloak users of the popular privacy tool TorBrowser with very little warning. For such an attack to work your target candidate must be running TorBrowser on Windows. When opening/downloading files, TorBrowser does warn you that 3rd party files can expose your IP address and should be accessed in tails. The $10k price tag for proper licensing is a deterrent to small-time malware purveyors. But it would only be a drop in the bucket for a well-funded government agency and/or any NGOs they employ. It's basically the Network Investigative Technique the FBI deployed in the Playpen cases -- only one able to be buried inside media files which could be scattered around like mini-honeypots. The DRM-based attack certainly wouldn't be limited to law enforcement agencies. It would also be deployed by spy agencies for use against terrorists (who love to share media files) and, unfortunately, by governments every bit as malicious as the software they're deploying. The exploit could just as easily be deployed to target dissidents, journalists, and other "enemies of the state" through booby-trapped, DRM-laden files that strip away anonymity while delivering information these entities might find intriguing/useful. Underneath it all is Microsoft's apparently misplaced faith in properly-signed media files put together with its development kits. Rather than warn users that the redirect to the codec installer may still be risky despite the proper signature, Windows will automatically open a new browser instance and download the file with no further user interaction. Here's Hacker House's explanation of the whole process: Permalink | Comments | Email This Story

Read More...
posted 17 days ago on techdirt
Just last week, new FCC boss Ajit Pai made a speech in front of FCC staffers breathlessly professing his dedication (pdf) to consumers, innovation, and closing the digital divide. In a post over at Medium, the former Verizon lawyer again insisted that closing the digital divide would be the defining theme of his tenure as FCC Boss: "I look forward to working with my fellow Commissioners on this aggressive agenda to connect Americans on the wrong side of the digital divide, to allow broadcasters to innovate and better serve viewers, and to reduce unnecessary regulations. And Groundhog Day or not, you can expect that I will return to these themes over and over and over again." So, how is Pai doing on his promise after just a few weeks in office? Let's see. In just the last few weeks, Pai: Began undermining FCC attempts to prevent prison phone monopolies from dramatically overcharging inmate families for phone calls. Dropped all FCC investigations into whether or not zero rating violates net neutrality and drives up rates for streaming video consumers -- the opening salvo of what's believed to be the rollback of all net neutrality protections. Killed an attempt by the FCC to bring competition to the cable box market, which would have threatened $20 billion in cable industry rental fee revenues. Not to be outdone, Pai also actually made it harder for poor people to get discounted broadband by unnecessarily disqualifiying nine, already approved small ISPs (Spot On, Boomerang Wireless, KonaTel, FreedomPop, AR Designs, Kajeet, Liberty, Northland Cable, and Wabash Independent Networks) from participating in the FCC's Lifeline program. That program, founded by Reagan and expanded by Bush, doles out $9.25 per low-income household for them to use on phone or broadband service. Last year the FCC expanded it marginally so low-income homes could use that money to pay for stand-alone broadband, cellular, or fixed-line phone service (Pai, digital divide closer extraordinaire, voted down that effort). Kajeet's founder Daniel Neal finds Pai's definition of "helping the poor" a little bit curious when asked about it by the Los Angeles Times: "I’m most concerned about the children we serve,” Kajeet founder Daniel Neal said. “We partner with school districts — 41 states and the District of Columbia — to provide educational broadband so that poor kids can do their homework." Consumer advocacy groups like Public Knowledge were also quick to point out how Pai broke the sound barrier in rushing to immediately undermine his own agency's promises: "The most obvious fact in our society is that high-speed Internet is astronomically expensive for the middle class and down,” said Gene Kimmelman, president of the consumer advocacy group Public Knowledge. “So in any way limiting the Lifeline program, at this moment in time, exacerbates the digital divide. It doesn’t address it in any positive way." So yes, when your definition of "helping the poor" includes ensuring cable boxes stay expensive and closed, allowing duopolies to abuse net neutrality and drive up service costs, protecting prison monopoly telcos that have price-gouged families for years, and preventing smaller ISPs from actually helping the poor you profess to love -- you have to wonder what it looks like when Pai actively wants to harm something. Permalink | Comments | Email This Story

Read More...
posted 17 days ago on techdirt
It's unclear how many Americans are under surveillance by the FBI. Not only would the agency be extremely unwilling to even provide a broad estimate, but the underlying basis for a preliminary investigation is so thin it could conceivably cover a majority of US residents. A previously-classified document [pdf] obtained by The Intercept gives more insight into the FBI's use of "assessments" -- an investigation the agency doesn't consider an investigation. Assessments allow agents to look into tips or leads that don’t meet the standard for opening an investigation, which requires specific information or allegations of wrongdoing — an “articulable factual basis” for suspicion, as FBI rules put it. In an assessment, by contrast, an agent just needs to give an “authorized purpose” for their actions. Agents can open assessments “proactively,” in order to evaluate potential informants, collect intelligence about threats surrounding public events, study a field office’s geographical area, or gather information about a general phenomenon of interest to the bureau. This practice has been referred to elsewhere as "circling the target." The FBI scours publicly-available information on potential investigation targets, gathering anything it can without a subpoena or warrant. But it doesn't stop there. It goes much further, based on little more than unverified tips from confidential informants or indulging in its own hunches. [I]f agents decide to dig deeper by opening an assessment, they are allowed to have informants collect information, and they can also physically surveil the subject — including by airplane. In some cases, they can issue grand jury subpoenas. If the purpose of an assessment is to evaluate someone as a potential informant, agents can give polygraph tests, dig through trash, and use fake identities in the course of their research. In addition to these information-gathering tools, the FBI also has access to massive databases of information collected by other government agencies, including the NSA. [Thanks Obama] Analysts use FBI-built tools to uncover links between assessment targets and other suspects by poring through massive amounts of third-party records (email, phone, banking, etc.) Then the agency starts tracking the target's movements. The FBI also traces the subject’s travel history through Department of State visa and passport records, a Customs and Border Protection database, and data held by a private company called the Airlines Reporting Corporation, which manages itineraries for airlines and travel agencies. In 2009, Wired reported that the FBI was seeking access to ARC’s full database, which would include billions of travel records showing the data printed on the front of an airplane ticket and the method of payment used. ARC told Wired it only handed over info in response to subpoenas and National Security Letters, which is likely the impetus for the FBI's push for full access. Anything that eliminates paperwork and paper trails for mostly-suspicionless investigations is a win for the agency. And, it must be noted, the information sought from ARC does not fall under the DOJ's guidelines for what records can be obtained with NSLs. This is added to everything else the FBI can obtain without actually officially engaging in an investigation -- something that covers records held by the ATF, CIA, and NSA. Powerful data mining tools crack open a target's social media life for deeper exploration while FBI planes circle overhead. And yet, this person remains -- according to the FBI -- not under investigation. In all fairness to the FBI, the assessments place it in the worst possible position. It's not allowed to convert these into investigations if it can't uncover anything more substantive during its assessment. FBI insiders say there's pressure to convert these as soon as possible, albeit not because of civil liberties concerns. And when its assessments fail to snag people who later engage in acts of terror, the FBI is viewed as incompetent. Then again, in all fairness to the FBI's track record, it tends to spend a lot of its time converting mostly-incompetent people into "dangerous" terrorists -- effort that might be better expended chasing down truly dangerous individuals. And the sheer amount of information it has access to without actually opening an investigation can do more harm than good. It can generate a lot of false positives while burying stuff the FBI should be focusing on. Signal-to-noise is always a concern for intelligence agencies, and the FBI's dual hat-wearing (law enforcement/counterterrorism) gives it access to more data than more single-minded agencies. Permalink | Comments | Email This Story

Read More...
posted 18 days ago on techdirt
We've made the point before. In the pantheon of trademark disputes, the most commonly trotted out excuse for overt protectionism is nothing but a headfake. While companies often proclaim their bullying actions are a requirement under trademark law's provision for active policing of infringement, the fact is that this requirement does not mandate that companies roadblock any and all similar uses to their marks. Instead, the idea is that trademark holders cannot allow actual infringements to go unchallenged. For an example of the difference, we can point to the current dispute between two companies in the food mart business, Dawa Food Mart and Wawa Inc. The former is a single store in New Jersey that has operated for two years now. The latter is a mid-sized chain that only recently decided that Dawa infringed on its trademarks. According to The Courier-Post, Wawa has filed a federal trademark infringement lawsuit against Dawa Food Mart, located at 15 Lafayette Street in Paterson, Passaic County. The Korean owner of Dawa Food Mart, identified only as Han in the report, explained to the Courier-Post that "Dawa" means "welcome" in his native language. The shop has been open for about two years now. It's worth noting that Wawa has a long history of policing its trademark to near feverish degrees, having filed suit against tour and gaming companies that use the term "wawa" in their names. At least Dawa Food Mart is more in the marketplace ballpark, though even then we're talking about completely different animals. Add to that the difference in stature and offerings and it's unclear how likely any real confusion could possibly be. And, since the potential confusion is really the question in trademark actions, you might have expected Wawa to make the claim for it when asked to comment on the suit. But it only did so in a roundabout way, instead seeming to fall back on the old requirement to police excuse. "Wawa spokeswoman Lori Bruce told the newspaper that the lawsuit is about fulfilling an "obligation to protect consumers from any likelihood of confusion" and protecting "the brand name," symbolized by the Canada goose whose name is a direct translation from the Native American language used in the region." There are some barriers to Dawa winning out, which mostly amounts to both brands using the color red on signage. Still, it seems silly to soberly worry about any real customer confusion here. Permalink | Comments | Email This Story

Read More...
posted 18 days ago on techdirt
A ballot measure introduced by a bipartisan group of Michigan legislators is sure to encounter some heavy resistance on its trip through the lawmaking machinery. The proposal amends the state's constitution to add a warrant requirement to data that law enforcement is used to obtaining without one. House Joint Resolution C (HJRC) was introduced by Rep. Jim Runestad (R-White Lake) along with 11 bipartisan co-sponsors. If approved, voters would have the opportunity to alter Article 1, Section 11 of the Michigan state constitution in the following manner: The person, houses, papers, and possessions, and electronic data and communications of every person shall be secure from unreasonable searches and seizures. No warrant to search any place or to seize any person or things or to access electronic data or communications shall issue without describing them, nor without probable cause, supported by oath or affirmation. The provisions of this section shall not be construed to bar from evidence in any criminal proceeding any narcotic drug, firearm, bomb, explosive or any other dangerous weapon, seized by a peace officer outside the curtilage of any dwelling house in this state. The phrase "electronic data" covers a lot of things normally considered to be "third-party records" and currently given little to no protection under the Fourth Amendment. This amendment would establish an expectation of privacy in electronic communications and data -- at least under the state's constitution. If passed, courts will have to consider the implications of the state's more stringent privacy protections when dealing with the admissibility of electronic data/communications. This means state law enforcement partnerships with federal agencies could result in unprosecutable charges if any evidence is derived from the warrantless acquisition of protected data and communications. In practical terms, this may not change much, as the feds will just bring the case to federal court in order to (hopefully) bypass the state's more restrictive constitution. But, as the Tenth Amendment Center points out, if the new law passes, it will discourage local law enforcement from helping themselves to data harvested by federal surveillance programs. Because the federal government relies heavily on partnerships and information sharing with state and local law enforcement agencies, passage the amendment could potentially hinder federal surveillance programs that depend on state cooperation and information gathering. State and local law enforcement agencies regularly provide surveillance data to the federal government through ISE and Fusion Centers. They collect and store information from cell-site simulators (AKA “stingrays”), automated license plate readers (ALPRs), drones, facial recognition systems, and even “smart” or “advanced” power meters in homes. Requiring warrants to gather such data would undoubtedly limit the amount of information collected by state and local law enforcement. Information that doesn’t exist cannot be shared with the feds. If "electronic data" is defined in such a way to include data gathered en masse by electronics, this would institute a warrant requirement for ALPR deployment and would make pen register orders demanding historical cell site data a thing of the past. The constitutional amendment has a long way to go before it's ratified. Hopefully, it will make its way through the process mostly intact. Permalink | Comments | Email This Story

Read More...
posted 18 days ago on techdirt
Once exclusively the domain of hospitals with comically-bad IT support, crippling ransomware attacks are increasingly beginning to impact essential infrastructure. Just ask the San Francisco MTA, whose systems were shut down entirely for a spell last fall after a hacker (with a long history of similar attacks) managed to infiltrate their network, forcing the MTA to dole out free rides until the threat was resolved. Or you could ask the St. Louis public library network, which saw 16 city branches crippled last month by a bitcoin-demanding intruder. We've also seen a spike in ransomware attacks on our ever-expanding surveillance and security apparatus, DC Police acknowledging this week that 70% of the city's surveillance camera DVRs were infected with malware. The infection was so thorough, DC Police were forced to acknowledge that city police cameras were unable to record much of anything during a three day stretch last month: "Hackers infected 70 percent of storage devices that record data from D.C. police surveillance cameras eight days before President Trump’s inauguration, forcing major citywide reinstallation efforts, according to the police and the city’s technology office. City officials said ransomware left police cameras unable to record between Jan. 12 and Jan. 15. The cyberattack affected 123 of 187 network video recorders in a closed-circuit TV system for public spaces across the city, the officials said late Friday. Brian Ebert, a Secret Service official, said the safety of the public or protectees was never jeopardized. Right. An intruder managed to effectively blind law enforcement in the nation's capital for three straight days -- eight days before the inauguration of a new President, but hey -- no big deal. Fortunately the city was able to purge the malware and reboot the system without paying a ransom, though they still don't appear to have actually tracked down the intruder or his or her point of origin: "Archana Vemulapalli, the city’s Chief Technology Officer, said the city paid no ransom and resolved the problem by taking the devices offline, removing all software and restarting the system at each site. An investigation into the source of the hack continues, said Vemulapalli, who said the intrusion was confined to the police CCTV cameras that monitor public areas and did not extend deeper into D.C. computer networks." These intrusions are usually courtesy of an employee downloading something stupid, but the paper-mache grade security and default administrative credentials common on DVRs and other network-connected hardware also plays a starring role. The end result is an absolute laundry list of similar stories popping up all around the globe, from the Austrian hotel whose customers were locked inside their rooms thanks to a ransomware intruder, to the Texas police station that lost years of video evidence courtesy of poor security standards and a lack of redundancy. And it's worth remembering that these are only the intrusions in which the intruder actually wants to make their presence known. Overall, poorly secured internet-connected devices have not only contributed to a spike in ransomware attacks, but poorly-secured hardware is increasingly being infected and used as part of DDoS botnets, resulting in some of the largest and most devastating attacks we've seen to date. The IT security 2017 prediction du jour is a crippling attack that brings the internet to its knees sometime this year, with a loss of human life on some scale also seen as an inevitability. As several security analysts like Bruce Schneier have noted, our casual treatment of device security has created a security and privacy dumpster fire, and the spike in these DDoS and ransomware attacks is simply the check coming due. Permalink | Comments | Email This Story

Read More...
posted 18 days ago on techdirt
In the wake of President Trump's travel ban, the San Francisco Police Department has offered up an unprecedented response: it's breaking up with the FBI. On Wednesday, San Francisco officers took a bold stance against Trump’s new immigration laws. In response to Trump’s Muslim ban, they are cutting ties between the police department and an FBI task force. The San Francisco Police Department (SFPD) has worked with the FBI on a Joint Terrorism Task Force (JTTF) since 2007, with the purpose of investigating terrorism threats, collecting intel, and making arrests. Generally speaking, federal partnerships are forever… especially in Forever Wars. Local law enforcement agencies have been working side-by-side with federal agencies since the Drug War began. The same goes for the War on Terror. Wars keep government agencies in good health, awash in perpetual funding and repurposed military gear. Local governments are seldom interested in ending these lucrative arrangements, whether or not the underlying activity is productive. But San Francisco already sees its supply of federal funding drying up. President Trump has made it clear he'll cut off this flow to cities that care more about immigrants than he does. So, there's some gamemanship in this move -- one that sends a message to Trump while expressing some resignation to the eventual fiscal punishment to come. The city of Austin, Texas is doing the same thing, but fighting the battle on two fronts, as its decision to call itself a "sanctuary city" has also earned it the displeasure of the state's governor. But the SFPD's rejection of the FBI's "assistance" in the War on Terror suggests a couple of things -- neither of them complimentary -- about the federal agency's usefulness in this "war." The first is explained in the Think Progress article. [T]he SFPD will no longer work with the JTTF on the grounds that the federal agency will likely increase efforts to surveil Muslims, following Trump’s recent executive order to prevent Muslims from entering the county. The other part is implied. By telling the feds to beat it, the SFPD is suggesting the FBI isn't doing much to acutally make San Francisco safer. The Joint Terrorism Task Force seems to be more about expanding surveillance and obtaining perpetual funding than preventing terrorist attacks or uncovering their conspiracies. This much can be ascertained by the FBI's counter-terrorism efforts to date. For the most part, the FBI's terrorism busts have relied heavily on FBI informants being the brains, muscle, and wallet behind supposed future acts of terrorism. Undercover agents have pushed some of the weakest humans in the nation towards acts of violence -- acts which would likely never have materialized on their own. The FBI has poked and prodded easily-influenced people -- some elderly, some with mental problems -- into professing their support for [Current Top Terrorist Organization], helped them plan trips to [Top Terrorist-Associated Foreign Country], and purchased everything from duct tape to latex gloves to weapons for would-be terrorists that seemingly would have difficulty opening a savings account, much less coordinating an act of terrorism. The SFPD feels it will be fine without the FBI's dubious assistance, which appears to be mostly limited to trampling civil liberties and ever-expanding surveillance with minimal oversight. The city can apparently handle the terrorism threat without federal intervention -- suggesting it's not much of a threat… and the FBI isn't much of a counter-terrorism agency. What the city's rejection says about President Trump's orders and directives is pretty damning. What it says about the FBI and its counter-terrorism efforts is even worse. Permalink | Comments | Email This Story

Read More...
posted 18 days ago on techdirt
Surprising nobody, new FCC boss Ajit Pai used a flurry of late-Friday announcements to roll back a number of consumer-friendly FCC initiatives the former Verizon lawyer (and the large ISPs that already love him) didn't like. Among them was the Wheeler-led FCC's attempt to crack down on zero rating, the practice of an ISP exempting its own content from its own arbitrary usage caps, while still penalizing competitors. The former FCC had just belatedly ruled that both AT&T and Verizon's zero rating efforts were anti-consumer, anti-competitive, and dramatically damaged the open streaming video market. That was then, and this is now. This new, Pai-led FCC wasted no time sending AT&T, Verizon and Comcast letters (pdf) proclaiming that all FCC inquiries into the anti-competitive impact of zero rating have been dropped. In a brief statement (pdf) issued to the media, Pai went so far as to imply he was doing this not because it's what giant ISPs wanted -- but because of a selfless dedication to the poor: "Today, the Wireless Telecommunications Bureau is closing its investigation into wireless carriers' free-data offerings. These free-data plans have proven to be popular among consumers, particularly low-income Americans, and have enhanced competition in the wireless marketplace. Going forward, the Federal Communications Commission will not focus on denying Americans free data. Instead, we will concentrate on expanding broadband deployment and encouraging innovative service offerings." You'll find that taking an anti-consumer position on something, then insisting it was only done to aid the downtrodden, will be a common refrain from this new Pai-led FCC. In reality, zero rating data doesn't create "free data plans," it simply shifts the cost burden onto streaming video providers -- or more accurately, the customers of streaming video providers. Those customers suddenly face having to pay more money for competing services, which naturally funnels them to the streaming services of AT&T (DirecTV Now), Verizon (Go90), or Comcast (Stream TV). ISPs like AT&T and Verizon had tried to argue that disadvantaging competitors in this fashion wasn't a big deal, because those companies could pay AT&T and Verizon a steep and unnecessary surcharge to cap-exempt their services too, putting themselves back on equal footing with ISPs. Given that many smaller companies couldn't afford such tolls, the former FCC's report (pdf) made it clear that this structure would be abused by giant, incumbent gatekeepers: "Thus, it would appear that AT&T's practices inflict significant unreasonable disadvantages on edge providers and unreasonably interfere with their ability to compete against AT&T's affiliate, DIRECTV, The structure of Verizon's FreeBee Data 360 program raises similar concerns. We are aware of no safeguards that would prevent Verizon from offering substantially more costly or restrictive terms to enable unaffiliated edge providers to offer services comparable to Verizon's affiliated content on a zero-rated basis. Again, for those confused, zero rating is simply incumbent duopolists using a lack of competition in broadband to impose arbitrary and unnecessary usage caps, then (ab)use those caps to dramatically tilt the playing field in their favor. Full stop. There's more than a little cognitive dissonance required to insist you're a stalwart defender of "free markets," then immediately turn a blind eye to the demolition of a level streaming video playing field by giant, lumbering monopolists. And, of course, this is just the opening cannons in the latest battle over net neutrality; while Pai gets to work refusing to enforce the agency's existing FCC rules, the GOP is getting to work on a Communications Act rewrite that will not only kill the net neutrality rules, but defang and defund the FCC as a consumer watchdog altogether. If you actually give a flying damn about net neutrality, broadband competition and a healthy, open internet -- 2017 is going to desperately need your help. Permalink | Comments | Email This Story

Read More...
posted 18 days ago on techdirt
The $40 LimeLens Universal Smartphone Camera Lens Set will give your smartphone or tablet camera a boost. These two outstanding mini lenses and all three versions of the genius Limeclip attachment are designed to perfectly secure both lenses to over 70 smartphones and tablets. Take macro/wide lens photos with the dual-purpose lens, and capture creative photo and video with the fisheye lens. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team. Permalink | Comments | Email This Story

Read More...
posted 18 days ago on techdirt
Just south of the Second Circuit Court of Appeal's district, a Pennsylvania (3rd Circuit) federal judge has come to (nearly) the opposite conclusion on law enforcement's access to emails stored overseas. This case deals with two FBI SCA (Stored Communications Act) warrants seeking emails that Google says aren't stored in the United States. Google, however, also says the sought emails could be at any of its data storage sites -- which would include those in the US. It all depends on when it's asked to retrieve the communications. And there's where this decision parts ways with the Second Circuit, which found that emails stored in an Irish data center weren't subject to US-issued warrants. The court explains [PDF] Google's process for handling user data, which is built for efficiency, rather than what's central to the FBI's demands: efficiency of retrieval in response to law enforcement requests. Google stores user data in various locations, some of which are in the United States and some of which are in countries outside the United States. Some user files may be broken into component parts, and different parts of a single file may be stored in different locations (and, accordingly, different countries) at the same time. Google operates a state-of-the-art intelligent network that, with respect to some types of data, including some of the data at issue in this case, automatically moves data from one location on Google's network to another as frequently as needed to optimize for performance, reliability, and other efficiencies. As a result, the country or countries in which specific user data, or components of that data, is located may change. It is possible that the network will change the location of data between the time when the legal process is sought and when it is served. As such, Google contends that it does not currently have the capability, for all of its services, to determine the location of the data and produce that data to a human user at any particular point in time. Because of the way Google handles data, it theoretically could refuse every US law enforcement request for communications. (It could do the same to foreign requests as well.) This makes Google's case distinguishable from Microsoft's legal battle. Microsoft knew exactly where the stored communications were located. Google says the communications might be anywhere -- in one place upon receipt of a warrant and in another when retrieval efforts begin. As the court sees it, the Second Circuit's ruling would basically make Google completely immune to law enforcement requests. [I]f the court were to adopt Google’s interpretation of the Microsoft decision and apply such a rationale to the case at bar, it would be impossible for the Government to obtain the sought-after user data through existing MLAT channels. The "fix," according the Pennsylvania court, is to have Google round up the sought communications in the US, putting them within reach of the FBI's warrants. In contrast, under this court’s interpretation, Google will gather the requested undisclosed data on its computers in California, copy the data in California, and send the data to law enforcement agents in the United States, who will then conduct their searches in the United States. Of course, this means compelling Google to do something with its data that it doesn't normally do, which would make it a seizure. And since the data sought is constantly in transit, the court is giving the government the power to step in and alter Google's data-handling. This would obviously be a seizure of data potentially stored (at least temporarily) in foreign countries. To get around the Fourth Amendment concerns this raises -- not to mention the expansion of the US government's power to compel the production of data from foreign servers -- the court decides no seizure actually takes place until the government takes control of the data Google has been ordered to compile. In contrast to the decision in Microsoft, this court holds that the disclosure by Google of the electronic data relevant to the warrants at issue here constitutes neither a "seizure" nor a "search" of the targets' data in a foreign country. This court agrees with the Second Circuit's reliance upon Fourth Amendment principles, but respectfully disagrees with the Second Circuit's analysis regarding the location of the seizure and the invasion of privacy. [...] Electronically transferring data from a server in a foreign country to Google's data center in California does not amount to a "seizure" because there is no meaningful interference with the account holder's possessory interest in the user data. Indeed, according to the Stipulation entered into by Google and the Government, Google regularly transfers user data from one data center to another without the customer's knowledge. Such transfers do not interfere with the customer's access or possessory interest in the user data. Even if the transfer interferes with the account owner's control over his information, this interference is de minimis and temporary. This is a really weird -- and wrong -- interpretation of the word "seizure." While it's true the FBI won't actually have taken possession of the emails until after Google has gathered them in a California datacenter to make them more Fourth Amendment-compliant (or whatever), the fact that Google has to interrupt its normal flow of data at the government's request would appear to make that initial interruption a "seizure" -- de minimis or not. In essence, the court is saying the Fourth Amendment doesn't apply to data in transit. The government can compel the collection of overseas data and have the Fourth Amendment applied to it after it's already been gathered and stored locally. The decision makes a mess of the Fourth Amendment cart-horse configuration, but figures this is more acceptable than informing the FBI that its warrants might be useless. The better conclusion to reach would be the one the Second Circuit reached: if the concern is that the 30-year-old SCA limits law enforcement's ability to demand data from overseas data centers run by US companies, the solution lies with the entity that created it (Congress), rather than the courts. This decision will be appealed and it's safe to assume the Third Circuit Court of Appeals will arrive at the same conclusion. Even if Congress doesn't "fix" the SCA to make US companies with foreign data centers more responsive to law enforcement demands, cases going forward may start applying the Rule 41 changes that went into effect at the beginning of this year, which greatly expand the jurisdictional reach of US court-issued warrants. As for Google, its system isn't built with law enforcement's needs in mind, nor should it be. It does what works best for it, which is what we expect from private companies. This ruling gives law enforcement a workaround for dealing with the SCA's limits, so some forum shopping should be expected until this decision is (hopefully) overturned. Permalink | Comments | Email This Story

Read More...
posted 18 days ago on techdirt
As we've been noting, broadband providers have wasted no time pressuring Congress to kill the FCC's new broadband privacy rules. These rules, passed last year, simply require that ISPs are transparent about what data they're collecting and who they're selling it to, while requiring they provide working opt-out tools. But the rules went further in requiring that broadband customers opt in to more sensitive data collection, including financial data. Given an informed, empowered consumer means less advertising revenue, ISPs quickly went to work throwing a monumental hissy fit. This week, a coalition of broadband providers including Comcast, AT&T, T-Mobile and Verizon issued a breathless letter professing their absolute dedication to consumer privacy, apparently hoping that consumers haven't noticed they're simultaneously trying to kill the first meaningful broadband-specific privacy protections users have enjoyed in the history of the technology. As you might expect, the least-liked industry in America spends a notable part of the missive patting itself on the back for its selfless dedication to user privacy: "ISPs understand the trust our customers place in us, and we are committed to protecting our customers’ privacy and safeguarding their information. For 20 years, we have implemented policies and practices that are consistent with the FTC’s widely respected and effective privacy framework and other federal and state privacy laws. ...We understand the importance of maintaining our customers’ trust. That is why we will continue to provide consumer privacy protections, while at the same time meeting consumers’ expectations for innovative new product solutions to enhance their online experiences. Yeah, like that time Verizon was caught modifying user data packets to covertly track customers all around the internet without A. telling anybody or B. providing working opt out tools. Or that time AT&T began charging its broadband customers a steep premium just to protect their own privacy (something Comcast has shown repeated interest in as well). Or that time Cable One made it clear it wants to use user financial data to deliver worse customer service to low-income customers with bad credit. You can just feel the broadband industry's dedication to protecting your private data pulsing in the very wind itself! In short the industry's trying to argue that the weaker, inconsistent privacy protections of the FTC are enough to protect consumers from wrongdoing. But as you saw in the last paragraph, the FTC (already overloaded and in constant risk of having its authority eroded) rarely has the time or interest in actually enforcing these rules anyway. The FCC's new rules were created specifically in response to these behaviors, and because the barely-competitive broadband industry creates some unique consumer protection challenges other industries and companies (like Google or Facebook, where users are free to use other services) don't face. This idea that Congress will be somehow "streamlining" the FCC and eliminating duplicate authority will be the narrative du jour for most of this year. But in an outgoing interview with former FCC boss Tom Wheeler this week, the former dingo makes a point that's important for consumers and telecom journalists alike to understand: "In the Trump administration, people are talking about stripping regulatory power from the FCC, and essentially taking the agency apart (including moving jurisdiction over internet access to the Federal Trade Commission [FTC]). “Modernizing” the FCC is the lingo being used. What’s your thought about that? It’s a fraud. The FTC doesn’t have rule-making authority. They’ve got enforcement authority and their enforcement authority is whether or not something is unfair or deceptive. And the FTC has to worry about everything from computer chips to bleach labeling. Of course, carriers want [telecom issues] to get lost in that morass. This was the strategy all along. So it doesn’t surprise me that the Trump transition team — who were with the American Enterprise Institute and basically longtime supporters of this concept — comes in and says, “Oh, we oughta do away with this.” It makes no sense to get rid of an expert agency and to throw these issues to an agency with no rule-making power that has to compete with everything else that’s going on in the economy, and can only deal with unfair or deceptive practices. To try and ease concerns among those that, well, have actually paid attention to the industry's bad behavior on this front, giant ISPs like Verizon and Comcast instead proposed a voluntary group of self-regulatory principles governing transparency, data security, notifications in the wake of hack attacks, and "consumer choice." The industry's promise to respect user privacy choices are framed as such: "ISPs will continue to give broadband customers easy-to-understand privacy choices based on the sensitivity of their personal data and how it will be used or disclosed, consistent with the FTC’s privacy framework. In particular, ISPs will continue to: (i) follow the FTC’s guidance regarding opt-in consent for the use and sharing of sensitive information as defined by the FTC; (ii) offer an opt-out choice to use non-sensitive customer information for personalized third-party marketing; and (iii) rely on implied consent to use customer information in activities like service fulfillment and support, fraud prevention, market research, product development, network management and security, compliance with law, and first-party marketing." In short, we're going to just keep doing what we're already doing, while hiding behind overlong privacy policies, "implied consent," and loopholes that broadly declare most data "non-sensitive" -- all while obfuscating the fact the FTC privacy enforcement hasn't worked. If FTC enforcement alone for broadband privacy actually worked, Verizon wouldn't have been allowed to covertly track consumers around the internet for two years before security researchers actually noticed it. If FTC oversight actually worked on this subject, AT&T wouldn't have been allowed to charge users up to nearly $800 more per month in some instances just to protect their own data. And having a weak (and likely soon to be weaker) cop on the beat is particularly important to companies like Verizon moving forward, given it has been on a tear gobbling up failed internet brands like AOL and Yahoo as part of its master plan to shift its focus from broadband toward slinging video ads at Millennials (apparently not very well). Verizon and friends have tried to argue that the FCC's privacy rules created "asymmetrical regulation," but they consistently ignore that the lack of broadband competition creates risks you don't see in the markets inhabited by the companies Verizon's envious of (Facebook, Google). Here's the thing. The broadband industry had it pretty good for most of the last decade in terms of doing whatever it wanted with consumer data. Regulators, regardless of party, generally looked the other way as these companies hoovered up every shred of location and browsing data -- using everything from DNS tracking to deep packet inspection -- then relied on FTC regulatory loopholes to sell this data to pretty much everybody. Only once the broadband industry began pushing its god-damned luck with incredibly stupid ideas (with ideas like charging users for their own privacy) did the FCC even feel the need to get involved. So in short, if the broadband industry's looking for someone to blame for the FCC's relatively modest privacy rules, it should spend some time looking in the mirror. Granted that may all be a moot point now that we've decided to put a former Verizon lawyer with a disdain for facts in charge of regulating the broadband sector. Back in 2008 Verizon claimed that consumer privacy protections weren't necessary because "public shame" would keep the company honest. There's every indication we're about to truly put that theory to the test. Permalink | Comments | Email This Story

Read More...
posted 18 days ago on techdirt
I've been quite clear how I feel about Donald Trump's awful executive order that places a blanket ban on people entering the US (even if they had valid visas) from 7 countries, including a permanent block on Syrian refugees. Tons of people have been protesting this decision, and multiple courts have ruled against it. There has been some discussion over whether or not the tech industry was really going to stand up against this move, and some of the early statements about the executive order were a bit weak. However, late Sunday night, basically the entire technology industry (plus some companies from other industries as well) signed onto an amicus brief calling the order illegal and unconstitutional (technically, it's a motion asking for permission to file the amicus brief, with that brief attached). The brief was filed in the Ninth Circuit appeals court, which is one of the first appeals courts considering the executive order, after a federal judge in Seattle issued a nationwide temporary restraining order on enforcing the exec order. On Sunday, the appeals court refused to reverse the lower court, keeping the TRO in place. However, it also gave both parties (the lawsuit itself was filed by the state of Washington) a very quick turnaround time to file written arguments to be considered. Given that incredibly short time frame, the fact that 97 companies -- including some of the world's largest -- but also some tiny ones, like the Copia Institute (the think tank arm of Techdirt), were able to come together and not only get a detailed amicus brief together, but also get sign on from all of those companies (on Super Bowl Sunday, no less). Having been through the process in which amicus briefs with multiple signers has been done before, normally there's lots of hemming and hawing from different companies and nitpicking over certain choices. It takes a lot of effort. But this issue was so important and so core and fundamental to our basic values, that basically the entire industry came together and signed onto this. You name the company, and it's probably signed on. There are the big guys: Google, Facebook, Microsoft and Apple (despite a false Washington Post article that claimed none of them had signed on). There are lots of other huge names as well, including Twitter, Snap, Uber, Airbnb, Lyft, Dropbox, Cloudflare, Box, eBay, GitHub, Kickstarter, Indiegogo, Medium, Mozilla, Patreon, Paypal, Pinterest, Reddit, Salesforce, Spotfy, Stripe, Wikimedia, Yelp, Y Combinator and many, many more. I highly recommend reading the full amicus brief -- which makes an economic argument, a moral argument and a legal argument all wrapped up in one. Immigrants make many of the Nation’s greatest discoveries, and create some of the country’s most innovative and iconic companies. Immigrants are among our leading entrepreneurs, politicians, artists, and philanthropists. The experience and energy of people who come to our country to seek a better life for themselves and their children—to pursue the “American Dream”—are woven throughout the social, political, and economic fabric of the Nation. For decades, stable U.S. immigration policy has embodied the principles that we are a people descended from immigrants, that we welcome new immigrants, and that we provide a home for refugees seeking protection. At the same time, America has long recognized the importance of protecting ourselves against those who would do us harm. But it has done so while maintaining our fundamental commitment to welcoming immigrants—through increased background checks and other controls on people seeking to enter our country. [....] The Order effects a sudden shift in the rules governing entry into the United States, and is inflicting substantial harm on U.S. companies. It hinders the ability of American companies to attract great talent; increases costs imposed on business; makes it more difficult for American firms to compete in the international marketplace; and gives global enterprises a new, significant incentive to build operations— and hire new employees—outside the United States. The Order violates the immigration laws and the Constitution. In 1965, Congress prohibited discrimination on the basis of national origin precisely so that the Nation could not shut its doors to immigrants based on where they come from. Moreover, any discretion under the immigration laws must be exercised reasonably, and subject to meaningful constraints. There's much more in the full brief, and hopefully the court allows it and recognizes how momentous this is. I've never seen anything that so many tech companies have gotten behind (including things like SOPA), and this happened so fast that it is literally unprecedented. A whole bunch of people put in a tremendous effort to actually get this done (including more than a few having to miss the Super Bowl to get this done...). Andy Pincus from Mayer Brown deserves a specific shoutout for being the main lawyer putting the brief together. We shall see what happens from here, but having basically the entire tech industry rise up in a single voice to say that this order is not right is nice to see. In this day and age, it's easy not to speak out and to just sit on the sidelines. But this is important, and when it mattered all of these companies spoke out. Permalink | Comments | Email This Story

Read More...
posted 19 days ago on techdirt
Normally, on the rare occasions that Mike's or my own comments win the top spots, I skip over them unless they are really important — since this post is all about highlighting reader comments. This week, however, our participation in the comments on our response to Trump's immigration ban dominated the leaderboards to such a degree (with one double-winner) that skipping them would mean going pretty far down the list, so this particular comment post will have to be more boastful than usual. And indeed, all of our top-voted comments this week come in response to that post. That said, a reader still beat Mike and me out for first place on the insightful side. Roger Strong provided the very first comment on the immigration post, and racked up the points with a simple and appropriate quote: "The way a government treats refugees is very instructive because it shows you how they would treat the rest of us if they thought they could get away with it." - Tony Benn, British Minister of Parliament for 47 years In second place, we've got the first of Mike's several responses to our detractors on the post, in this case one who asserted that "no one except children are swayed by emotional arguments and cherry picking individual sufferers to form a platform which is ultimately harmful to society at large". Mike's response became a double winner, taking first place for Funny as well as second place for Insightful: Really? Because that seemed to be the basis of the entire platform of the President of the United States. For editor's choice on the insightful side, we'll start out with one more nod to Roger Strong for his activity on that post, in this case handily rebutting the argument that immigrants are a drain on the country: You're making that up. A more interesting look at the issue: Wall Street Journal: Immigrants Founded 51% of U.S. Billion-Dollar Startups ...including Google, SpaceX, Tesla, Uber, Cloudfare and more. And it doesn't even count second generation immigrants. For example Apple, founded by the son of a Syrian refugee and the son of Polish immigrants. Which isn't at all surprising. When I was in high school it was the immigrants - from Asia, Russia, the Philippines, etc. - who did their homework and got the highest marks. They got the work ethic from their parents. Later I've worked for immigrants who set up businesses here. We all know people with grand plans to improve their lives. They're going to move to the west coast. Or to Canada if the Republicans or Democrats win. They're going to save up, quit their jobs and go back to school. They're going to run for office and fix things. But most never do. They're stuck in the inertia of their own lives, unable to drop or stop making new commitments even in the long term. Or unable to save, or to put in the extra effort. Or just too nervous about taking a leap into a new life. Immigration acts as a filter. You get only the people who DO the things they said. Who got over their fears. Who put in the extra effort and made the big leap. These are the kind of people you want as citizens. The kind who ALSO tend to start businesses and create jobs. It's one reason why for immigration is a good deal for the countries they head for. Next, we take a break from that post to look at one of the few clues we've gotten about the Trump administration's stance on copyright — a worrying editorial by one of his advisors who held up China's ability to disappear book publishers as a shining example of how IP enforcement is possible. Machin Shin was understandably horrified: I must say, sure makes me feel all warm and fuzzy to know people in our government are looking up to China and their ability to make people vanish..... What the hell has happened to this country? We are supposed to be a shining example of freedom, not some twisted country drooling over the wonderful power of an authoritarian country. It really sickens me to see what this country has become. Instead of the land of the free and home of the brave we have a bunch of cowering morons trashing all our freedoms. I would much rather live free and risk being killed from a terrorist attack than live under an oppressive government that is promising me a false safety. Over on the funny side, we've already had our first place double-winner from Mike above, so we move on to the second place winner... me! There was some debate over Trump's precise attitude towards Mexicans based on rather generous interpretation of the precise words in his infamous "criminals and racists" speech. Personally, I found his final caveat to be less than convincing: "Some, I assume, are good people" is right up there with "but I have [minority group] friends!" on the list of Shit Racists Say. For editor's choice on the funny side, we start out on our post about John Carmack's comments on the code expert who attempted to demonstrate "non-literal copying" in the ZeniMax/Oculus trial. Hij figured the concept could be put to good use: On the up side this just gave every student in a programming class a way out of completing their assignment. Instead of saying, "the dog ate my code," now students can say, "I wrote the code, but I cannot distribute it since it is under copyright." Finally, we head to the story of the Mac repair company whose lawyer sent out baseless threatening letters, offering up little more than a "just following orders" excuse when pressed by Paul Alan Levy. Roger Strong (he had a lot of great comments this week) was curious about the marketing aspect: And what does he call this service? iThug? Fraud On Demand? Chris Cammack's Barratry Emporium? That's all for this week, folks! Permalink | Comments | Email This Story

Read More...
posted 20 days ago on techdirt
Five Years Ago This week in 2012, we watched as the reaction to ACTA continued to heat up. Though the opposition was in some danger of straying off course, there were some big developments: the Slovenian Ambassador apologized for signing the deal, the Polish Prime Minister suspended all efforts to ratify it, Bulgarian MPs followed in the footsteps of Polish MPs the week before and protested with Guy Fawkes masks, and widespread protests began to break out across Europe. Meanwhile, the TPP was also on the docket for the week, with a stark example of crony capitalism presented by the USTR getting civil society groups kicked out of the Hollywood hotel where it was hobnobbing with entertainment industry elites. We pointed out that SOPA/PIPA should be a pretty good lesson on why these negotiations need to be way, way more transparent. Also, this was the week we released the first Sky Is Rising report. Ten Years Ago This week in 2007, the world was still reacting to the newly Google-owned YouTube. The plans for revenue sharing with video creators were brewing, and while NBC was embracing the promotional value of YouTube clips, Viacom made its big move of telling Google to yank 100,000 videos off the service, setting the stage for the big legal feud to follow. Also this week in 2007: Sony BNG reached a deal with the FTC for violating federal law with its horrible rootkit DRM, the RIAA had a SWAT team raid an Atlanta mix-tape producer on questionable legal grounds, Google was offering half-apologies for aiding Chinese censorship, and Adult Swim's now-infamous marketing stunt shut down the city of Boston. Fifteen Years Ago Five years earlier in 2002, Google made a much more popular decision when it announced it would not use pop-up ads. Of course, that seems obvious now, as did other things that were fresh at the time, like the convergence of wireless devices and the possibility of having a laptop as your only computer. In the world of secondary effects from the dot-com bubble bursting, we saw Cisco grappling with a huge gray market for used IT products and folks to dropped out to work in tech going back to school to finish their degrees. Also, because nothing is truly new: folks were commenting on how news was getting less factual and more opinionated. One-Hundred And Seventy Years Ago Though not in fact headquartered in the city itself, Techdirt does a whole lot of its business in and around San Francisco — so this week we're marking a milestone in that city's history. It was on January 30th, 1847 that its name was changed from Yerba Buena to San Francisco by Lt. Washington Allon Bartlett. Permalink | Comments | Email This Story

Read More...
posted 21 days ago on techdirt
It's common knowledge at this point why advertisers start to go wonky after the new year. We've long talked about how all kinds of groups and companies suddenly begin playing the euphemism game when it comes to the Super Bowl, America's annual celebration of brain trauma. Everyone, from comedians to beer makers to tech companies, goes to great lengths to wink at everyone as they all refer to the Super Bowl by any name other than its own. Why? Well, because the NFL has a trademark on the term, which allows it to restrict the user of the phrase only to its sponsorship partners... except that that's not remotely true and isn't how trademark law works at all. Instead, the only real prohibition is on the implication that a company is an official sponsor of the NFL when it isn't. Beyond that, simply calling the game what it's called isn't trademark infringement. But this is confusing enough that this year the website HowStuffWorks has done an entire piece to explain to an almost certainly confused public why companies are pretending that nobody knows what they're talking about when they say "the big game" instead of "the Super Bowl." It's a post that deserves a rebuttal, which I will helpfully provide. The Super Bowl is a registered trademark of the NFL. And the football league also owns the copyright to the telecast of the game. That's why advertisers use unregistered phrases like "the Big Game" or "the football championship" when hawking a furniture sale or happy hour, for instance. The NFL allows the Super Bowl sponsors and the network airing the game that year to use the phrase, but they pay heavily for it. Not true. Those advertisers pay to be official sponsors, not to simply use the phrase. Anyone can use the phrase Super Bowl as a means for accurately describing the name of the game about which they are talking. They just can't claim to be sponsors, nor imply a relationship with the NFL. If Best Buy advertises a big screen television as the "preferred TV on which to watch the Super Bowl," that's a no-no. But if it says it is running a sale on big screen TVs and to get yours before Super Bowl Sunday, that ain't trademark infringement. So, the explanation for why advertisers don't say "Super Bowl" in that manner isn't because the NFL has the intellectual property rights to it, it's because the NFL is a duplicitous money-monster that has perpetrated a farce in pretending trademark law is something that it isn't. "The NFL wants to make sure they keep their sponsorships the way they want to control who has use of the phrase," says Anderson. "That way people can know what's directly connected to the NFL and their product." Trademark infringement occurs when someone uses a trademarked term (like "Super Bowl") in a way that may cause a person to wrongly infer an official connection between the company the trademark belongs to and the product advertised. The NFL absolutely wants that, and it regularly bullies anyone who uses the phrase in a nominative manner in any kind of advertising or social media. But the "how" part of HowThatWorks isn't answered by trademark law. It's a combination of the aforementioned misleading of the public along with the NFL's regular practice of being a protectionist idiot. Because the NFL should want the term said as often as possible by as many people, and companies, as possible: It’s unnecessarily stupid for the NFL, which should want “Super Bowl” said as often as possible, because until 100% of TVs new and old are tuned to the Big Game, the league has not accomplished its goal of complete domination of American consciousness. Best Buy wants to have a Super Bowl sale? Great! That’s a free ad for the NFL, which should thank a non-sponsor for promoting their product. This is not, however, how the NFL thinks. This is the same league that banned its own teams from posting GIFs of game highlights, ostensibly to protect its TV partners, as if any GIF-worthy play isn’t being turned into a GIF by a thousand different people and going viral anyway. Shouldn’t the league want its teams to reap the benefits of all those clicks, which convert to social media followers, which convert to deeper embedding of the product, through official channels, in the minds of consumers? Nah, the league would much rather play language cop in a silly game it has made out of trying to alter trademark law simply by out-jackass-ing the Olympics. And, hey, it's worked! By simply pretending trademark law is something that it isn't, the NFL has managed to get the world's advertisers to play pretend along with the league. And what a victory it is, what with every advertiser using barely-disguised euphemisms for the game that we all know they're talking about. Victory! So, how does this work? Not in the way HowStuffWorks describes. The NFL acts as a protectionist lie-geyser bully through a legal team on more figurative steroids than the league's field-hands. That's how it works. Permalink | Comments | Email This Story

Read More...
posted 21 days ago on techdirt
For many, many years we've talked about the importance of strong anti-SLAPP laws. In case you're new to the subject, SLAPP stands for a Strategic Lawsuit Against Public Participation. In short, SLAPP suits are lawsuits where it is fairly obvious that the intent of the lawsuits is to stifle free speech, rather than for a legitimate purpose under the law. The intention of anti-SLAPP laws are to allow for such lawsuits to be tossed out of court quickly -- and, frequently, to force those who bring those suits to pay legal fees. While actually getting a federal anti-SLAPP law is really important, for now, we're left with a patchwork of state laws. While many (though not all) states have anti-SLAPP laws, they vary widely in terms of what they cover and just how strong or effective they are. As we've pointed out in the past, a few years ago, Nevada passed a really great anti-SLAPP law, though it's been under attack the past few years. Thankfully, Marc Randazza informs us that Nevada's anti-SLAPP law has been found to be Constitutional, meaning that it will survive largely intact (a few changes had been made a few years ago to bolster the law's likelihood of surviving). Perhaps even more important was that the ruling basically recognized that Nevada's anti-SLAPP statute was similar to California's (much older and much more broadly litigated anti-SLAPP) law, and that Nevada courts can use California case law for its own anti-SLAPP cases. That's also a good thing: A secondary issue in the case, and an important one, is that the Nevada Supreme Court recognized that Nevada and California Anti-SLAPP jurisprudence are essentially one body of law. This is not entirely new law. In John v. Douglas Cnty. Sch. Dist., 125 Nev. 746 (2009), the Nevada Supreme Court held similarly, but this was discussing the prior version of the law.... [....] The good news is that the Court reaffirmed the John v. Douglas County pronouncement that Nevada courts should rely on the rich body of California case-law in interpreting the Nevada statute. Given the scant case-law we have in Nevada, this is a godsend. California has interpreted "matter of public concern" as extremely broad. Meanwhile, I have seen Nevada trial court judges looking at the standard as much more narrow. This is a good decision that brings more predictability to Anti-SLAPP litigation under the Nevada statute, and ultimately will function to keep Nevada's free speech protections aligned with its free-speech-protective neighbor. Another good win for an anti-SLAPP law. Now, if only more states (and the federal government) will adopt them and really protect free speech from legal bullying. Permalink | Comments | Email This Story

Read More...
posted 21 days ago on techdirt
Another day, another wacky legal complaint. This one, first spotted by Eric Goldman was filed by a recent law school grad, Tiffany Dehen. She's fairly upset that someone set up a parody Twitter account pretending to be her that portrayed her in an unflattering light. So she has sued. For $100 million. And she's not just suing the "John Doe" behind the account... but also Twitter. Oh, and also the University of San Diego, because she's pretty sure that someone there is responsible for this account (she just graduated from USD's law school). Oh, and according to the exhibits that Dehen put in her own lawsuit, the account is labeled as a parody account. The lawsuit... well... it doesn't reflect well on the University of San Diego law school and its ability to prepare lawyers. I don't know if the law school didn't teach Ms. Dehen about California's anti-SLAPP law, but she's likely about to get a quick post-graduate lesson about it. I won't even get into the reasons why this is unlikely to be defamation (parody, people, parody...), but the fact that Twitter and USD are included... is pretty nutty. Twitter will get out of the case pretty damn easily under Section 230 (does the University of San Diego law school not teach Section 230?!?). And, of course, there's this, which kind of speaks for itself: If you can't read that, it says: Additionally, it should be noted that Tiffany Dehen's real twitter account consists of posts supporting the elected President of the United States, not Adolf Hitler, the socialist communist dictator from Germany. The fact that John Doe used Tiffany Dehen's real name and linked the fictitious Twitter account to Tiffany Dehen's real name and linked the fictitious Twitter account to Tiffany Dehen's real account by retweeting Tiffany Dehen's posts shows that John Doe acted with actual malice and negligence. Huh? I'm still stumbling over "socialist communist" that I'm already having difficulty figuring out how parodying someone is proof of "actual malice and negligence." As for Twitter's involvement, here's what Dehen thinks makes Twitter liable: Plaintiff requests to enjoin Twitter, Inc, jointly and severally, the social media website which allowed this disparaging speech to stay broadcast to the world, costing plaintiff potentially millions of dollars in future earnings. Twitter was put on notice on January 30, 2017, and as of Feb 1, 2017, the false twitter account was still posted, even after Tiffany Dehen put Twitter on notice. The process Twitter adheres to is absolutely ridiculous and should be looked at as well and Plaintiff claims the process Twitter has in place to review defamation is unconstitutional. Hooo boy. Where to start? Let's just skip over the awful run on sentences and note, again, as we did above, that Section 230 makes Twitter categorically immune from this lawsuit. I'm still at a loss as to how any lawyer today could file a lawsuit and not be aware of the basics of Section 230. Even without Section 230, Twitter would easily get out of this lawsuit. Notice that she cites no actual laws on the books or caselaw to back up this claim? She gives the company a grand total of two days of notice? And then I didn't know that "absolutely ridiculous" processes (which she doesn't actually seem to understand or describe) is illegal. I'd like to know the statute that says "absolutely ridiculous" polices for dealing with parody accounts is illegal, because, man, that would be useful. Oh, and "unconstitutional." Wha....? This is just... so, so awful. The University of San Diego law school should be ashamed. Oh, right, about USD Law. Why is it a defendant? Beats me. Plaintiff requests to enjon University of San Diego because of the fact that as seen in Exhibits 34 and 35, it appears as though there is a high probability John Doe is an University of San Diego student or alumni since the photo used to make the swastika headband, as shown in Exhibits 3, 4, and 5, is Plaintiff's profile photograph on LinkedIn. University of San Diego should be liable as well due to a prior matter that was not resolved appropriately by University of San Diego which led to USD acting recklessly, or at the very least negligently, to allow this matter to arise. So... it sorta feels like perhaps Ms. Dehen thinks that "enjoin" means "make a party to the case" rather than the actual meaning, which is to have the court stop the party from doing something. Is it truly possible that someone can graduate from law school without knowing what enjoin means? Also, as for the rest of that paragraph, what is even going on? I keep reading it, and trying to understand why the fact that a LinkdedIn photo was used somehow makes it obvious that it was a USD student. Because she doesn't explain it at all, if you actually bother to go to the exhibits, it appears she's implying, without saying, that because LinkedIn tells her that some people from USD Law School visited her profile (among other people from other places) that's her proof. That's... not quite how it works. And... even if it is a USD student, so what? That doesn't make USD liable. And then the unexplained "prior matter"? Who graduates from law school and thinks that's how you put something into a complaint? Oh, and then there's this: Further, on the way to Federal Court in Downtown Sand Diego to file this complaint, Plaintiff was involved in a collision on the I-5 Freeway headed South, which resulted in neck and back pain for which Plaintiff is now seeking medical attention. Please see Exhibit 39. So... um... it sucks that you were in a car accident. That's no fun. But what the hell does that have to do with the lawsuit? Why is that in here? And if she was on her way to file it when the accident happened, does that mean after the accident (in pain and all) she stopped to add this totally irrelelvant paragraph to the "complaint"? Again, I'm not even going to go into why this account almost certainly isn't defamation, but among her evidence that this meets the "statutory malicious defamation claim" (?!?!) is this: John Doe's fault in publishing the statement amounted to substantially more than just negligence. John Doe's meticulous planning of potentially creating a fake Facebook account in which he sought to befriend Plaintiff on social media (Please see Exhibit 38) and gain access to additional information, coupled with the time involved in setting up a false Twitter account, as well as downloading, altering, and reposting plaintiff's images, shows more than just the defendant's fault in publishing the statement. John Doe's deliberate actions amounted to much more than just mere negligence, but more so proves malice, an element of criminal crimes. That's... quite a paragraph. But I just want to point out that this is (1) a civil lawsuit and (2) she says that this is an element of "criminal crimes." Criminal. Crimes. Finally, I'm no lawyer, but I read and write a lot about court cases, and I can't recall ever seeing a legal complaint written in this manner. It doesn't seem to match with any typical legal complaint format that I've ever seen. It doesn't name any laws. And, I hate to give her any ideas, but normally when people make these kinds of questionable legal attacks on parody claims, they at least try to throw in an ill-advised publicity rights claim. Perhaps that wasn't taught at USD? Anyway, the 3-page "brief" (as she calls it) is then followed with another 20 pages of "exhibits" which are mostly screenshots that she seems to think proves a point, but as noted above, require anyone looking at them to make giant leaps and inferences to even figure out what her complaint is actually alleging. And yet, she argues that John Doe, Twitter and USD should pay her $100 million because this parody account is "damaging to plaintiff's name, especially in this crucial juncture of her life where she is applying to California bar admittance and looking for a legal job in San Diego." I think free speech lawyer Ari Cohn sums this one up nicely: @associatesmind @Popehat Well if the parody Twitter account didn’t tank your career hopes, this terribly written brief surely will! pic.twitter.com/J3PaYAG1Yp — Ari Cohn (@AriCohn) February 2, 2017 Permalink | Comments | Email This Story

Read More...
posted 21 days ago on techdirt
We've already made our views clear on the horrible nature of the Trump administration's ban on travelers who were born in seven predominantly Muslim countries. The administration has been trying to defend the program, but its talking points are (once again) falling apart. For example, the idea that this only "inconvenienced" a tiny percentage of people and was only temporary — government lawyers have now revealed that over 100,000 visas were permanently revoked. Permanently. But the story that's gotten a lot more attention is how Trump aide Kellyanne Conway went on TV last night and tried to back up another talking point: that this is no different than what President Obama did with Iraqi visas. That's not true, but we'll get to that. Even if it were true, Conway seemed to literally make up a terrorist attack that didn't happen, calling it the "Bowling Green Massacre." Of course, there was no such massacre. This has resulted in lots and lots of social media mocking about the "massacre" that didn't exist. Some of the mocking is actually quite funny. And, of course, you might want to go donate to the Bowling Green Massacre Fund to support the victims. Conway, of course, has said that she merely misspoke and had meant to say "Bowling Green terrorists" and then further pointed to a 2013 article about the two arrested Iraqis, claiming that it was a sign that "dozens" of terrorists could live in the US as refugees. Even ignoring the ridiculous massacre claim, and accepting the idea that she just meant to say "terrorists", absolutely everything about this story fails to make her point unless you actively distort it. Let's dig in: The two Iraqis were "terrorists" set to carry out a bombing plot. Nope. It turns out that the two guys arrested were involved yet another of the FBI's "own plots." If you're new to this, for years we've covered how the FBI (rather than actually taking on criminal activity) has been inventing its own fake terrorist plots, and then using undercover agents and informants to bully dupes into "joining" the non-existent, FBI-created, FBI-financed, FBI-supplied "plots." We've written about examples of this over and over and over and over and over and over and over and over and over and over and over and over and over and over and over and over and over and over and over again (so don't go in the comments and ask why this story is on Techdirt...) And the "Bowling Green Terrorists" story is the same exact thing all over again: From that fall through the following spring, the FBI informant invited Alwan to participate in 10 operations to send weapons or money to Iraq. There was no bombing plot against Americans. The FBI's "own plot" here didn't even involve attacks on America. It was just about sending (non-existent) money and weapons to Iraq: ...throughout their interactions with undercover FBI agents in 2010 and 2011, Alwan and Hammadi never discussed plans to attack anyone or cause destruction on U.S. soil. And while they were found guilty of attempting to provide material support to al Queda militants back in Iraq, the men never indicated that they were personally in contact with any militants, attempted to procure weapons for such individuals, or attempted to provide any of their own money to such individuals. Rather, they showed up when and where the FBI informant told them to and helped physically load decoy supplies into whatever they were allegedly being shipped from. There was never any support for the claim that they were part of a larger cell of terrorist refugees: Again, this was a tiny "plot" manufactured by the FBI to send weapons and money to Iraq, not to attack the US. And while Conway has been blowing up Twitter by claiming this ABC story proves that other refugee "terrorists" were here, that article is from 2013, and not a single other person has been arrested, no other terrorist plots associated with refugees (real or fake) have been found or (more importantly) taken place. Hell, even former DOJ spokesperson Matthew Miller pointed out that the ABC story "is garbage": This speculative story was published more than three years ago, and since then not one additional refugee has been charged. This is garbage. https://t.co/i4KSEyaLGc — Matthew Miller (@matthewamiller) February 3, 2017 Conway claimed that the media didn't report on the Bowling Green situation... but her proof that it happened is pointing to an article from ABC. Enough said on that. What Obama did in response to that was different: This has been a key talking point for those supporting the ban. They claim that no one complained about Obama "ban" for six months on people from Iraq in response to the Bowling Green "terrorists." Except that's simply false. As has been carefully reported in a ton of places, what President Obama did in 2011 was entirely different. There was no ban. There was no stoppage. A single type of visa just had more stringent vetting put in place that briefly slowed the throughput of applications. If you want the most thorough explanation I've seen for just how different the two situations are, read the analysis at Foreign Policy Magazine. Even if President Obama had done the same thing, people should still be upset: Because banning all people from a certain country or set of countries without a specific reason or threat, and (in the process) wreaking havoc on the lives of tons of people, including permanent residents and American citizens, deserves to be condemned as simply cruel. In summary, Kellyanne Conway is using a non-existent "Bowling Green Massacre" to defend an inhumane policy, based on falsely arguing that two refugees, who were ensnared in a plot created by the FBI to send fake money and fake weapons back to Iraq (and not to attack America), were the tip of the iceberg of a bunch of refugee terrorists (who didn't actually exist) planning to attack America (which never happened) and because of that fake plot, fake massacre and fake terrorists, President Obama similarly banned people from Iraq -- which was something he didn't do. Is that about the sum of it? Permalink | Comments | Email This Story

Read More...
posted 21 days ago on techdirt
For many years, we've written about Carl Malamud and his non-profit organization Public.Resource.org, which goes to great lengths to make sure that the law and other government documents are widely available to the public. While he's gotten lots of attention for battling states over their claims to hold a copyright in the law, perhaps his biggest fight has been over the question of whether or not private standards that are "incorporated by reference" into the law, are still covered by copyright. And, unfortunately, the federal district court in Washington DC has just ruled against him, and effectively said it's okay to lock up some important elements of the law with copyright. This is bad news. Some background: as you probably know, there are tons of standards bodies out there who create various standards. Most techies are quite familiar with various technology standards, developed by various groups. But standards obviously go way beyond just the tech industry. Think: building codes for plumbers and electricians. These are often developed by independent, private bodies. Of course, you may also realize that some of these standards are in the law as well. These are generally known as "incorporated by reference." That's just a fancy way of saying that a private group created a standard and then lawmakers put into the law "this thing we're regulating needs to meet those standards." So, for example, fire codes may be developed by a private body, but then governments say that any building has to meet those standards. Voila: those standards are "incorporated (into the law) by reference." The question, though, is how accessible are these standards? Many of the standards bodies that create those standards like to sell them. That's often how they make their money. But that seems to be in fairly dire conflict with the idea that the law should be publicly accessible. It's fairly difficult to argue that the rule of law is paramount when you can't even see the law without having to buy a bunch of expensive standards. To deal with this, many regulators and standards bodies have come up with awful hedges -- which basically say that any such standard incorporated by reference must be "available to the public," but they allow that availability to be insanely limited. So, for example, the EPA basically says, sure, you can see all of the standards, if you trek to DC and go to a special reading room (or a few other limited places): Certain material is incorporated by reference into this part with the approval of the Director of the Federal Register under 5 U.S.C. 552(a) and 11 CFR part 51. To enforce any edition other than that specified in this section, the EPA must publish notice of change in the Federal Register and the material must be available to the public. All approved material is available for inspection at the EPA Docket Center, Public Reading Room, EPA WJC West, Room 3334, 1301 Constitution Ave. NW., Washington, DC, telephone number 202-566-1744, and is available from the sources listed below. It is also available for inspection at the National Archives and Records Administration (NARA). For information on the availability of this material at NARA, call (202) 741-6030 or go to http://www.archives.gov/federal_register/code_of_federal_regulations/ibr_locations.html. And, of course, even then, there are serious restrictions on what you can do. Many of the reading rooms are "read only." You can read them, but you can't print or download electronic versions. As you can imagine, that can be fairly useless. Imagine you're trying to build a house, and every time you want to check if something is up to code, you have to go to DC to a special reading room, find the standard, check the details, but you can't print it out or download an electronic version. You'd probably think that's a pretty silly way to have laws. At least, that seems to be what Malamud thought, so he bought copies of a whole bunch of these standards, scanned them, and put them online, arguing that once they're incorporated by reference into the law, they are a part of the law and thus copyright shouldn't apply. The big standards bodies, including the American Society for Testing and Materials (ASTM), the National Fire Protection Association (NFPA), the American Society of Heating, Refrigerating, and Air-Conditioning Engineers (ASHRAE), the American Educational Research Association (AERA), the American Psychological Association (APA), and the National Council on Measurement in Education (NCME) sued Public.Resource.org for copyright infringement (and for some of them, trademark infringement). The plaintiffs were lumped into two groups -- the ASTM group (covering the first three groups listed above, which filed for copyright and trademark infringement) and the AERA group (covering the last three groups, which filed for just copyright infringement). Public Resource made a number of arguments for why the standards bodies shouldn't win, but the court doesn't buy them. It's not impressed by the idea that since many people worked on these standards, the bodies don't really hold the copyrights. Malamud also argued that there's no valid copyright in standards, because there's nothing copyrightable in a bunch of standards, which are nothing more than "methods or systems" -- comparing it to the famous Feist case that said a telephone book isn't copyrightable, because it's just a collection of facts. And, of course, "methods and systems" are not copyrightable material under Section 102(b) of copyright law (this is the same issue that was debated in the Oracle/Google case over whether or not APIs were covered by copyright). Unfortunately, the court doesn't see it that way for standards. It notes that even under Feist, standards meet the "extremely low" bar of creativity to be covered by copyright. And, it completely disregards the 102(b) argument as a misreading of the law, saying that it only bars trying to copyright the system or method itself, "not the written work explaining or describing that method." I can see that argument, though I'm still left wondering who actually thinks that copyright is the necessary incentive to create a building code. But, unfortunately, that's not quite how copyright law works these days. The bigger issue is over what happens to the copyright once it's incorporated by reference into the law. Malamud's lawyers argued that it should be considered public domain. The court says... sorry, nope. As you surely know, copyright law says that works made by the federal government are not subject to copyright and are in the public domain. But that only applies to works actually created by the government. It has long been recognized that works created by others, and then assigned to the US government allow the government to retain the copyright. We can argue that this is dumb and bad policy (because it is), but it's pretty well-recognized. Here, Malamud's lawyers argued that even so, Congress intended things directly referenced into the law to be in the public domain. But the court basically says that Congress had a chance to weigh in on this and didn't... so, no dice: Congress was well aware of the potential copyright issue posed by materials incorporated by reference when it crafted Section 105 in 1976. Ten years earlier, Congress had extended to federal agencies the authority to incorporate private works by reference into federal regulation.... However, in the Copyright Act of 1976, Congress made no mention of these incorporated works in § 105 (no copyright for “any work of the United States Government”) or any other section. As the House Report quoted above indicates, Congress already carefully weighed the competing policy goals of making incorporated works publicly available while also preserving the incentives and protections granted by copyright, and it weighed in favor of preserving the copyright system.... However, recognizing the importance of public access to works incorporated by reference into federal regulations, Congress still requires that such works be “reasonably available.” ... Under current federal regulations issued by the Office of the Federal Register in 1982, a privately authored work may be incorporated by reference into an agency’s regulation if it is “reasonably available,” including availability in hard copy at the OFR and/or the incorporating agency.... Thirteen years later, Congress passed the National Technology Transfer and Advancement Act of 1995 (“NTTAA”) which directed all federal agencies to use privately developed technical voluntary consensus standards.... Thus, Congress initially authorized agencies to incorporate works by reference, then excluded these incorporated works from § 105 of the Copyright Act, and, nearly twenty years later, specifically directed agencies to incorporate private works by reference. From 1966 through the present, Congress has remained silent on the question of whether privately authored standards and other works would lose copyright protection upon incorporation by reference. If Congress intended to revoke the copyrights of such standards when it passed the NTTAA, or any time before or since, it surely would have done so expressly. Again, based on the legislative history, perhaps that's a reasonable, if unfortunate, reading of the law. And it's something that Congress should fix, but almost certainly won't. But, taking a step back from all of this, there's still the problem that it's crazy. The idea that the law itself should be locked up under copyright is immensely problematic for a whole host of other reasons. And Malamud and his lawyers pointed this out, arguing that there's a due process issue here, where using copyright to block people from accessing the law deprives them of their due process. But, the court isn't impressed, basically saying other court opinions haven't bought this kind of argument, so it won't either. And, further, the court seems to feel that those limited reading rooms or fee-based copies are enough access: ... there is no evidence here that anyone has been denied access to the standards by the ASTM Plaintiffs or AERA Plaintiffs. Instead, Defendant simply argues that the public should be granted more expansive access. Another argument is that once incorporated by reference, under the merger doctrine, the "law" and the creative expression are so tightly intertwined (i.e., "merged") that the law is now factual and thus not subject to copyright law. The court says "eh, we're not going to look at that, because it doesn't matter either way." The court declines to resolve this merger doctrine issue, since under either approach, the standards maintain copyright protection. After all that, we finally get to the fair use argument. Public.Resource argues that what it's done isn't copyright infringement, even if the work is covered by copyright, thanks to fair use. The court does a four factor analysis... and says "no fair use." On the big question of whether or not it's transformative, Public.Resource tried to argue that making the works more accessible (including turning them into digital versions that could be searched) was transformative. The ruling in the Google Book scanning case would seem to support that, but the court says no, because it doesn't see turning a written work into a searchable HTML file as enough of a transformation. While it appears Defendant may enable blind individuals, like all other individuals, to access the standards at no cost, they still may have to take additional steps like OCR processing or converting to a different file type, as well as using additional screen reader programs in order to access the standards. There is no evidence that this would not be possible with Plaintiffs’ PDFs or by scanning Plaintiffs’ hard copy standards. In Defendant’s view, taking the first step or two towards making the standards entirely accessible to those with visual impairments is enough to have transformed the standards. This attempts to stretch logic, and certainly the doctrine of fair use, too far. Defendant has not offered a sufficiently new purpose to render the use transformative, and this weighs against a finding of fair use. Within this analysis, I'd argue that the court goes way too far in dismissing the comparisons to the Google Books ruling and the ruling in the Swatch case that said that posting full transcripts of analyst calls can be fair use. The court here seems overly nitpicky, saying that Google Books doesn't count because it doesn't show full works, and Swatch (which does show full works) doesn't count because that work wasn't available in any other way (though I'm not sure what that really has to do with the fair use analysis). The court also says that "the nature" of the work goes against Malamud, which surprises me. You'd think that the fact that these works are a part of the law would push it the other way. But, instead, the court misreads the nature of the Constitution to misunderstand what the framers meant by the word "science." This is unfortunate: Defendant argues that Plaintiffs’ standards are “factual,” both because they are highly technical and because they are “the law.” However, the Constitution explicitly states that copyright exists to “advance the progress of science and the useful arts.” ... That Plaintiffs’ works involve technical scientific concepts and guidelines does not push it away from the core of intended copyright protection, but actually brings it closer. Plaintiffs’ standards are vital to the advancement of scientific progress in the U.S. and exactly the type of expressive work that warrants full protection under the Constitution and the Copyright Act. This is just wrong. At the time the Constitution was written "science" had an entirely different meaning. It meant learning. That's entirely different than something that is mandated by law. On the third factor of the "amount" of the work copied, obviously here it's all of it, and the court says that there is not "a single case" that supports the Defendant's view that because the entire standards were referenced into law, it's fair use. But that's also wrong. Again, the Google book scanning and the Hathitrust rulings both made it clear that using the whole work was fine because "it is literally necessary to achieve" the purpose they were looking to achieve. While I found the court's reasoning on the copyrightability of the standards more persuasive, the fair use analysis seems incredibly weak -- and hopefully the appeals court will overturn it. The only "win" for Malamud was that the argument for contributory infringement failed, but for fairly weak reasons, leaving it open to the possibility that a more complete attempt to make that claim could work. Finally, the court also says that for the ASME plaintiffs, what Malamud did is also trademark infringement. I won't even bother getting into why, but this result was more or less expected given the results of the copyright part of the case. The court then grants an injunction, basically ordering Malamud to delete all these standards from the internet. It includes a fairly bizarre determination of whether or not the public will be harmed by this: Additionally, the public must not be disserved by the issuance of an injunction. Here, the public interest is served by the policy interests that underlie the Copyright Act itself, namely the protection of financial incentives for the continued creation of valuable works, and the continued value in maintaining the public-private system in place in the U.S. to ensure continued development of technical standards. Did you get that ridiculous sleight of hand? The public is served by no longer having access to the law because it's better for some private organizations to get rich off of the standards that are a part of the law, or else such standards might not be developed. Huh? I'm guessing that this case will be appealed, and hopefully the appeals court is more receptive to the fair use arguments. In the meantime, though, this seems like a pretty big loss for those who believe not just in the rule of law, but the idea that the law ought to be accessible to the public if it's to be respected. Permalink | Comments | Email This Story

Read More...
posted 21 days ago on techdirt
Give your IT career a big boost with the $59 Cisco Complete Network Certification Training. Through instructor-led videos, hands-on exercises and self-assessment tools, you'll learn everything you need to know about how to build and scale wireless networks, troubleshoot, and improve network resilience. The courses will help prepare you to take the Cisco CCNA, CCNP, and CCENT certification exams. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team. Permalink | Comments | Email This Story

Read More...
posted 21 days ago on techdirt
Back in 2014, when ZeniMax first claimed that Oculus and its CTO John Carmack had copied the company's VR technology, we pointed out the obvious: since ZeniMax hadn't made a peep until the announcement that Facebook was buying Oculus for a cool $2-billion, it was a pretty blatant cash-grab. Now ZeniMax has scored a partial win in its lawsuit against Oculus and its executives, with the jury rejecting claims of trade secret misappropriation but awarding $500 million for copyright and trademark infringement and violation of non-disclosure agreements. The trade secrets were the most important claim, but Oculus has already vowed to appeal the rest — so the case isn't over. But the most interesting thing to come out of this verdict is a statement from John Carmack about the expert testimony on "non-literal copying" that was central to some of the copyright claims: For the most part, the process went as I expected. The exception was the plaintiff’s expert that said Oculus’s implementations of the techniques at issue were “non-literally copied” from the source code I wrote while at Id Software. This is just not true. The authors at Oculus never had access to the Id C++ VR code, only a tiny bit of plaintext shader code from the demo. I was genuinely interested in hearing how the paid expert would spin a web of code DNA between completely unrelated codebases. Early on in his testimony, I wanted to stand up say “Sir! As a man of (computer) science, I challenge you to defend the efficacy of your methodology with data, including false positive and negative rates.” After he had said he was “Absolutely certain there was non-literal copying” in several cases, I just wanted to shout “You lie!”. By the end, after seven cases of “absolutely certain”, I was wondering if gangsters had kidnapped his grandchildren and were holding them for ransom. If he had said “this supports a determination of”, or dozens of other possible phrases, then it would have fit in with everything else, but I am offended that a distinguished academic would say that his ad-hoc textual analysis makes him “absolutely certain” of anything. That isn’t the language of scientific inquiry. Now, ZeniMax was quick to hit back with its own statement pointing out that some of the code at issue was literally copied (though the jury seems to have found that little or none of that code was actually used), but this question of "non-literal copying" is far more important. This whole notion of experts doing textual analysis to find recurring patterns is a worrying one: for all the real science behind such methods, it's not at all hard to see how easily they could be manipulated to support a chosen result, or how difficult it would be to ensure a jury properly understands the arguments and affords them the appropriate weight. Indeed, Carmack goes on to explain how the expert's presentation was... lacking: There are objective measures of code similarity that can be quoted, like the edit distance between abstract syntax trees, but here the expert hand identified the abstract steps that the code fragments were performing, made slides that nobody in the courtroom could actually read, filled with colored boxes outlining the purportedly analogous code in each case. In some cases, the abstractions he came up with were longer than the actual code they were supposed to be abstracting. It was ridiculous. Even without being able to read the code on the slides, you could tell the steps varied widely in operation count, were often split up and in different order, and just looked different. The following week, our side’s code expert basically just took the same slides their expert produced (the judge had to order them to be turned over) and blew each of them up across several slides so you could actually read them. I had hoped that would have demolished the credibility of the testimony, but I guess I overestimated the impact. The notion of "non-literal copying" as applied to code is a weird one, and casts a light on how weird code copyright is to begin with. If copyright isn't supposed to cover functional choices, how can it be infringing to create new code that accomplishes the same function in a slightly different way? Are juries supposed to determine which "non-literally copied" aspects of the code were aesthetic, and which were purely functional? This sort of idea-expression divide question is muddy in the worlds of art and literature, but it should be simple in the world of code: what a program does is not covered by copyright, nor are any purely functional elements of how it achieves that. But instead, we've got experts applying what more or less amounts to literary analysis to computer code, and even using that analogy (to which Carmack has an excellent response): The notion of non-literal copying is probably delicious to many lawyers, since a sufficient application of abstraction and filtering can show that just about everything is related. There are certainly some cases where it is true, such as when you translate a book into another language, but copyright explicitly does not apply to concepts or algorithms, so you can’t abstract very far from literal copying before comparing. As with many legal questions, there isn’t a bright clear line where you need to stop. The analogy that the expert gave to the jury was that if someone wrote a book that was basically Harry Potter with the names changed, it would still be copyright infringement. I agree; that is the literary equivalent of changing the variable names when you copy source code. However, if you abstract Harry Potter up a notch or two, you get Campbell’s Hero’s Journey, which also maps well onto Star Wars and hundreds of other stories. These are not copyright infringement. (Not that plenty of people haven't tried to sue over books, including Harry Potter, being vaguely similar to their ideas.) After all this, you might be thinking that you want to go find out more about just what that expert had to say, and get more detail on how he reached his conclusion about copying. Too bad! Even the defendants didn't get to see the full report, and we get even less: Notably, I wasn’t allowed to read the full expert report, only listen to him in trial, and even his expert testimony in trial is under seal, rather than in the public record. This is surely intentional -- if the code examples were released publicly, the internet would have viciously mocked the analysis. I still have a level of morbid curiosity about the several hundred-page report. Several hundred pages to "prove" that software was "non-literally copied" because it does the same thing in similar ways, all by abstracting chunks of code into their platonic forms and comparing them? Well, I guess those experts have to earn their paycheques somehow. Permalink | Comments | Email This Story

Read More...
posted 21 days ago on techdirt
Comcast's earnings report this week indicated that the company managed to add 80,000 basic video subscribers during the fourth quarter, and 161,000 net video customers for the full year. And while news outlets were quick to proclaim that Comcast had magically bucked the cord cutting trend, you'd be hard pressed to find a single outlet that could be bothered to actually explain how. When an explanation is given, it's usually just regurgitation of Comcast's claim that the cable giant's fending off cord cutting thanks to the company's incredible innovation in the set top box market: "The turnaround in the cable business helped Comcast beat profit estimates for the fourth quarter. Executives attribute the momentum in their cable-TV business largely to their new video platform, called X1, which makes it easier to search for shows and movies on TV and on Netflix from their cable set-top box." Except it's not cable box innovation that's helping Comcast fend off cord cutting, it's the company's growing monopoly over the broadband last mile. In countless markets Comcast competes solely with AT&T and Verizon, who have made it abundantly clear they're no longer interested in the fixed-line residential broadband business. Both companies have made slinging ads and content at Millennials their primary focus, as evident by Verizon's acquisition of AOL and Yahoo and focus on creative new snoopvertising technologies. As a result, these telcos are quite literally trying to drive many of these customers away with a combination of apathy and price hikes. If these users want broadband connections any faster than 3-6 Mbps, their only option is, increasingly, Comcast. When these users arrive at the nation's biggest cable giant, they discover that signing up for TV and broadband is notably cheaper than just signing up for broadband alone. The problem is: while many have claimed that Comcast's "bucking cord cutting," there's no evidence that many of these users are even watching the cable connections they pay for, nor that they'll stick around as a traditional television viewer long term. Many just signed up because having television was actually less expensive than getting rid of it. But should they try and get rid of it Comcast's got that angle covered too: the company's growing monopoly means less broadband competition than ever in many of its markets, allowing it to impose draconian and unnecessary usage caps on the company's customers. Caps that apply to competing streaming services, but not Comcast's own content. All told, between bundling and usage caps, Comcast's broadband monopoly means it simply doesn't feel the pain a company would feel in the face of real competition, which is why it has little to no incentive to fix its historically bad customer service. Often Comcast obfuscates its growing monopoly over broadband and its ham-fisted implementation of usage caps with creative claims of incredible new innovation that gets gobbled up by the press. Like the company's announcement this week that it will soon be letting customers watch Comcast cable TV on Roku devices. This new beta is Comcast's attempt to quiet criticism that emerged during the FCC's failed attempt to bring competition to the monopolized cable box. And, in obedient fashion, the press was quick to highlight the partnership as a surefire example of Comcast's incredible innovation. But upon closer inspection the service comes with a number of caveats, including the fact that users must subscribe to Comcast cable TV and Comcast broadband, and must pay Comcast an extra fee just to use Roku hardware they already own. Also buried in the FAQ for Comcast's new Roku beta is the proclamation that this service also won't count against Comcast's usage caps: "Will the XFINITY TV Beta app use data from my XFINITY Internet Data Usage Plan? No. The XFINITY TV service delivered through the XFINITY TV Beta app is not an Internet service and does not touch or use the Internet. Rather, it is a Title VI cable service delivered solely over Comcast's private, managed cable network, so it will not count toward your XFINITY Internet Data Usage Plan. Usage of any other apps on Roku devices, including any TV Everywhere apps accessible with your XFINITY TV credentials, do use the Internet and will count against your XFINITY Internet Data Usage Plan. Comcast is effectively arguing that this isn't a net neutrality violation (for whatever that's worth with the rules about to be deep sixed by a duopoly-adoring Congress) because the data doesn't travel over the common internet. Still, the function of these added restrictions cumulatively remains the same: to tilt the playing field and keep customers in house and away from competing services. With a growing cable monopoly and the rise of rubber-stamping regulators under Trump, Comcast will soon face less pressure than ever before to shore up its miserable customer service or to lower prices. That's great news if you're a Comcast executive or investor, but less stellar if you're one of the countless millions of consumers or competitors already bored to tears by several decades of Comcast's anti-competitive behavior and overall dysfunction. Permalink | Comments | Email This Story

Read More...