posted 22 days ago on techdirt
Issued in 1981, updated in 1991 (to consolidate power, basically) and continuously expanded (mostly unofficially) since 2001, Executive Order 12333 (EO 12333) is what grants surveillance powers to our nation's intelligence agencies. Foreshadowing the severe twisting of the English language that follows (see also: NSA-to-English dictionary), the opening paragraphs note that what certain wording sounds like isn't actually what it means. [pdf link] In spite of the constraining appearance of all the requirements, under E.O. 12333, DoD Directive 5240 .IR, and DIAR 60-4, intelligence activities conducted by the DHS currently have much more latitude and potential for effectiveness than they have had for quite some time. Looks like "constraints" but in practice is hardly anything at all. Covert and clandestine operations ("Special Activities") -- normally limited to the CIA -- are now something any agency can participate in, if given permission to. The meaning of the proscription is not that intelligence components are prohibited from conducting all Special Activities; rather, that such activities must be directed by the President and approved by the Secretary of Defense and the respective Service Secretary. Going on from there, we see the first public instance of the government's redefinition of the word "collection." Procedure 2 introduces the reader of DoD 5240.1-R to his or her first entry into the "maze" of the regulation. To begin the journey, it is necessary to stop first and adjust your vocabulary. The terms and words used in DoD 5240.1-R have very specific meanings, and it is often the case that one can be led astray by relying on the generic or commonly understood definition of a particular word. For example, "collection of information" is defined in the Dictionary of the United States Army Terms (AR 31011 25) as: The process of gathering information for all available sources and agencies. But, for the purposes of DoD 5240.1-R, information is "collected" -... only when it has been received for use by an employee of a DoD intelligence component in the course of his official duties ... (and) an employee takes some affirmative action that demonstrates an intent to use or retain the information. "Collection" is now defined as "collection plus action," rather than the way it's been defined for hundreds of years. "Information held" is not a "collection," according to this document. It still isn't collected, even if its been gathered, packaged and sent to a "supervisory authority." No collection happens until examination. It's Schroedinger's data, neither collected nor uncollected until the "box" has been opened. This leads to the question of aging off collected data/communications: if certain (non) collections haven't been examined at the end of the 5-year storage limit, are they allowed to be retained simply because they haven't officially been collected yet? Does the timer start when the "box" is opened or when the "box" is filled? Also of note: "incidental" collections are not collections if utilizing the same mental gymnastics. If the information is not essential to the mission of the component and it does not fit into one of those categories, then that information may not be collected. However, you will recall from our discussion in paragraph 3 -7 that "collection" means receiving plus an affirmative act to use or retain the information. Therefore, mere receipt of non-essential information does not constitute a violation of DoD 5240.1-R. More redefining is done here: Once again, we must cautiously examine the vocabulary used in DoD 5240.1-R. The term "retention" means more than merely retaining information in files - it is retention plus retrievability. As stated in DoD 5240.1-R -... the term retention as used in this procedure, refers only to the maintenance of information about United States persons which can be retrieved by reference to the person's name or other identifying data. Somewhat more positively, this section instructs analysts to a very limited view of "retrievability" and err on the side of "purging" information on US persons that cannot legally be retrieved, even if it was legally "collected" (using the DoD's expanded definition). It does, however, hedge by noting information "necessary to ongoing missions" should be retained. The document goes on to applaud the FISA court for being instrumental in protecting citizens' rights… apparently by eliminating legal barriers to domestic surveillance. The [Senate Select] Committee has reviewed the five years of experience with FISA and finds that the Act has achieved its principal objectives. Legal uncertainties that had previously inhibited legitimate electronic surveillance were resolved, and the result was enhancement of U.S. intelligence capabilities. At the same time, the Act has contributed directly to the protection of the constitutional rights and privacy interests of U.S. persons. There's a lot of information in there, very little of it redacted, but until the ACLU liberated it, completely withheld from the public. The question is, why? Despite the many paragraphs given over to rewriting the English language to better suit intelligence agencies' aims, there's also a lot of very blunt statements made about the balance between the government's counterterrorism efforts and the rights of US citizens. The ACLU highlights this particular section in its write up of the released documents. This area of DoD intelligence activities, that is, the use of special collection techniques, is the area in which there tends to be the greatest amount of confusion regarding the limitations on permissible activities. Because of this confusion, this area also tends to be the most fertile ground for both abuse and unnecessarily restrictive interpretation of the rules. To be sure, it is fundamental that abuse of the legitimate DoD intelligence and counterintelligence resources and authority must be avoided. The rights of US persons must also be protected, and no intrusion into these protected areas is permissible without first meeting constitutional standards, and then only through a system of careful scrutiny of the intruding apparatus. This is spelled out more explicitly later, reminding those entering the intelligence world that the job is necessarily difficult -- a fact many of those in the intelligence and law enforcement fields forget all too quickly. The system is complex, but it is not impossible. Its underlying structure is designed to balance the legitimate needs of the government with the rights of the individual. Given those constraints, one could not expect a system to exist which did not inherently contain adequate checks, balances, and oversight procedures. This is miles away from the DOJ's statements that cell phone search warrant requirements make it too difficult to capture criminals, a refrain now being echoed by law enforcement agencies in response to automatic encryption on iPhones and Android devices. These are the limits these entities must adhere to. These are built-in as a check against government power. But these rights are not a one-way street solely favoring the American public. The DIA guidebook discusses what the intelligence community and the administration have refused to: and it does it in plain, straightforward language. Nevertheless, we must be mindful of too much caution. We must remember that we are engaged in a real-world mission that involves unprincipled adversaries, and a plethora of sophisticated technical collection and counter-collection enterprises and devices. Terrorism and have destruction as their common denominator, and we are fueling their malignancy when we unnecessarily restrain or restrict our foreign intelligence or counterintelligence efforts, just the same as we would damage the fiber of our democracy through abusive use of our own capabilities and powers. Our business is one that involves constant vigilance and omnipresent balancing of competing interests. To survive, we must take risks. To succeed, we must minimize those risks. To preserve our precious ideals, we must carefully pursue our crafts in such a manner as to not offer up the rights and dignity of our citizens in exchange for that success. As the ACLU points out, this frank discussion of the tension between the two is a far cry from the usual "dissembling and obfuscation" the government has provided so far in its tepid responses to leaked documents. This willingness to discuss the balance in real terms may be part of the reasons a lawsuit was needed to free the document. The other, larger issue, is that this order may be the main justification for most of the NSA's surveillance and data dragnets -- an order not subject to any form of oversight. Because the executive branch issued and now implements the executive order all on its own, the programs operating under the order are subject to essentially no oversight from Congress or the courts. That's why uncovering the government's secret interpretations of the order is so important. We've already seen that the NSA has taken a "collect it all" mentality even with the authorities that are overseen by Congress and the courts. If that history is any lesson, we should expect — and, indeed, we have seen glimpses of — even more out-of-control spying under EO 12333. For all of the tough talk about respecting the public's rights, a vast amount of surveillance occurs under this order. In the document, any questions about overriding civil liberties concerns are directed towards members of the Executive branch, rather than to anywhere that might act as a check against its powers -- like courts or the legislative branch. In fact, the legislative branch has done nothing but expand its powers of the last 30+ years. So, new analysts might hear plenty about the importance of respecting civil liberties, but they'll find that in practice, those words -- like "retention" and "collection" mean next to nothing. Permalink | Comments | Email This Story

Read More...
posted 22 days ago on techdirt
This is from a little while ago, but I just had a chance to listen to a fascinating and eye-opening lecture by Professor Conor Gearty at the London School of Economics (LSE posts many of their public lectures online as podcasts, some of which are really excellent). The lecture was officially entitled: Human Rights, Security and the Rule of Law after Snowden. It caught my attention for a variety of reasons, including the inclusion of Snowden, but the bigger point of the lecture actually had very little to do with Snowden. It's really about the gradual and systematic undermining of human rights by human rights laws and regulations. Gearty's point is a powerful one: lots of people quite reasonably push for human rights laws and regulations -- but what gets left ignored are how those laws are systematically being used to actually deprive people of human rights. He focuses on UK law (for obvious reasons), but we've seen similar patterns elsewhere. The idea is that "the rule of law" is being used to chip away at actual human rights, often by setting up either exceptions to human rights law or by setting up laws that fundamentally violate human rights but which paper it over by having a process for (often secret) "review." So, in the US, for example, think of the FISA law, which set up the FISA court, which has rubber stamped all sorts of questionable invasions of privacy. Gearty points to similar situations in the UK, noting that when challenged, these are all deemed to be perfectly "consistent with human rights" because the officials who do it are "complying with the law." In fact, this kind of thing goes back to the point that John Oliver raised soon after the Snowden disclosures. He noted that the disturbing thing wasn't that the surveillance broke the law, but that it didn't break the law. In some ways, there are also parallels between this and things like the requirement for "privacy policies" for websites and apps. The laws basically require the policy, but not much actual privacy. And thus, sites actually have incentives to write a policy that says they won't respect your privacy, because that's much harder to violate. Thus, when they do violate your privacy they're still "within the law," even if the privacy violations are themselves questionable. The larger point here is really about this concept of "the rule of law" and how it can be used to actually undermine what's right. You create "rules" that can be followed, but which allow for things that, by any common sense analysis, are abusive and troublesome, but you insist that they're fine because they're "lawful." At the end, Gearty points out that he's quite fearful that this kind of "rule of law" attack on human rights is being extended in a manner to target and attack the poor as well. He gave this speech a few weeks prior to the events in Ferguson, Missouri that we've been discussing recently, but it's not hard to see the parallels there. The "rule of law" has been used in Ferguson quite a bit over the past couple weeks to justify actions that seem horrific, from killing an unarmed teenager, to teargassing protesters, to wiping out parts of the First Amendment to bringing in militarized police. And the defenders of these programs all point to the "rule of law" as justification. Increasingly, however, it seems like "the rule of law" is being used as a dangerous and misleading shield for some very corrupt behavior.Permalink | Comments | Email This Story

Read More...
posted 22 days ago on techdirt
Body cameras for police officers: the cure-all that isn't. While obtaining additional footage (and in some cases, any footage) of officer-involved incidents is a step forward, there are still too many inherent flaws in the system to consider it a complete fix for misconduct and abuse. For one, cameras are only as reliable as their operators, and the police will still control the "RECORD" button in most cases. There are also issues with what they actually capture. A first-person perspective may not be the most helpful and the rolling 30-second buffers that don't capture audio (put in at the insistence of police unions) may cause some headaches in the future. That being said, it is a huge step forward from what has been deemed acceptable for years now: the incident report, a purely subjective recounting of an event, often by an unreliable narrator. The successes seen by the Rialto, California police department trial program point to the real benefit of using body cameras. It's not that questionable incidents were caught on tape and reviewed. It's that fewer questionable incidents occurred. Even with only half of the 54 uniformed patrol officers wearing cameras at any given time, the department over all had an 88 percent decline in the number of complaints filed against officers, compared with the 12 months before the study, to 3 from 24. Ethan Bernstein at Harvard Business Review has more details from that trial. In that study, incidents occurring during shifts without cameras were twice as likely to result in the use of force. Indeed, when officers wore cameras, every physical contact was initiated by a member of the public, while 24% of physical contact was initiated by officers when they weren’t wearing the cameras. Being observed results in better behavior. In this way, the police aren't so different from the public. You’ll see similar results — with an interesting twist — in a study by Washington University’s Lamar Pierce and his coauthors, who looked at employee behavior at almost 400 U.S. restaurants. Bodycams reduced restaurant employee theft by 22%, or about $24 per week. (The effect grew over time, with theft dropping $7 a week the first month and $48 a week by the third month.) But the cameras actually had a much larger impact on productivity and sales: On average, total check revenue increased by 7% ($2,975 per week), and total drink revenue by 10.5% ($927 per week). Tips went up, too, by 0.3%. There are, of course, downsides to constant observation. Bernstein notes that some people faced with this -- especially if their employment is highly dependent on their observed performance -- tend to focus on small details rather than the overall picture. They expend more energy engaged in tedium, rather than improving. He suggests a few adjustments that might result in fewer officers (or employees) succumbing to the desire to perform in an automaton-like fashion, rather than in a way that benefits both them and the people around them. If too much transparency kills innovative behavior, how can police departments improve officers’ track record on profiling without sacrificing the kind of educated risk-taking and problem solving that’s often needed to save lives? I would argue that the answer lies in focusing on developing good judgment and supporting justice, rather than on enforcing police protocol. Police in Ferguson and elsewhere can learn from companies that use cameras for coaching and development instead of evaluation and punishment. This is a very difficult balance to achieve in a law enforcement setting. The potential harm caused by rogue police behavior can be almost incalculable. Relaxing accountability and relying on cameras to deter bad behavior won't accomplish anything with those determined to game the system. Police misconduct should still be treated seriously and have serious repercussions. (This area definitely needs to be improved, cameras or no cameras.) But there are officers who just have a few rough edges to polish off in order to make them positive additions to the force. Using body cameras solely as a lead-in for punitive measures will either push these on-the-edge cops to do their own on-the-fly film editing or turn them into officers who prefer the rote comfort of reports and clockwork patrol routes, rather than actively engaging with the community in a positive fashion. Neither outcome is desirable. These issues aside, there's really very little reason to oppose the use of body cameras. An additional account of incidents, as well as the inherent deterrent effect, have too much potential benefit to be ignored. A new level of transparency and accountability is owed to the public after years and years of public servants operating under an unwritten code of silence and obfuscation. If law enforcement agencies are at all concerned about their officers' behavior, this option isn't one they can afford to ignore. Permalink | Comments | Email This Story

Read More...
posted 23 days ago on techdirt
We covered the movie studio's lawsuit against cyberlocker Hotfile, which ended in a settlement, but there was an interesting side story involving a countersuit against Warner Bros. for abusing the copyright takedown process. From Hotfile's filing at the time: Warner has acted unscrupulously and dishonestly. Not only has Warner (along with four other major motion picture studios) filed this unfounded and contrived litigation against Hotfile employing overly aggressive tactics, Warner has made repeated, reckless and irresponsible misrepresentations to Hotfile falsely claiming to own copyrights in (or to have the owners' authorization to delete) material from Hotfile.com. Worse, Warner continued to make these misrepresentations even after Hotfile explicitly brought this rampant abuse to Warner's attention, ruling out any possibility that its wrongful actions were accidental or unknowing. Thus, Warner has knowingly made misrepresentations and it has engaged in DMCA abuse on an unprecedented scale by grossly misusing the powerful anti-piracy software tool that Hotfile specially created at Warner's request. Among the works taken down by WB's bogus requests were open source software. WB admitted to sending bogus takedowns, but basically said there's nothing illegal about that and there's nothing anyone can do about it. Basically, WB says that you can take down the wrong files all day long and that's fine. The only thing you're not allowed to do in a DMCA notice is misrepresent that you're authorized by the copyright holder to file a takedown (even if the takedown is bogus). In settling, it seemed as though the issue of WB's abuse of the takedown process might fade away, but the EFF picked up that ball and ran with it, and now the court has ruled that Warner Bros. has to reveal the details of its automated takedown system to see if it's in violation of the DMCA's 512(f) clause regarding "misrepresentations" under the law. As we've described for years, 512(f) has basically been shown to be almost entirely toothless. However, there have been a number of attempts to change that. Here's EFF's summary of the judge's ruling here: A judge found that Warner might be liable under Section 512(f) of the DMCA, which prohibits sending takedowns without having a basis for believing the content is actually infringing a copyright owned by the person initiating the takedown. The judge ruled that Hotfile had presented enough evidence of abuse that a jury could decide the issue. But before the case could be heard by a jury, the parties settled, and Hotfile shut down. So there was evidence that Warner may have crossed the line, but the details have been held under seal, inaccessible to the public. In February, EFF asked the court to release the sealed records that explain the court’s decision, including aspects of Warner’s robo-takedown system that Hotfile had challenged. At an oral hearing in the Miami federal courthouse on Thursday, attorney Dineen Pashoukos Wasylik argued for EFF. Noting that court records are normally supposed to be open to the public, Judge Kathleen Williams ordered Warner to release certain information within ten days of Thursday’s ruling, and to propose a schedule for releasing the rest. While it's unlikely that anything will happen directly here, at the very least, the details here could be useful given that copyright law is up for reform, and that could (finally) include putting some teeth into punishments for abusing the DMCA takedown process to take down perfectly legitimate content.Permalink | Comments | Email This Story

Read More...
posted 23 days ago on techdirt
A few weeks ago, I first heard about a scam in which scammers were calling up unsuspecting people, claiming to be the IRS and saying that the recipient had failed to pay taxes and was at risk of arrest if they didn't pay up quickly. The caller demands that the money be sent via a "GreenDot MoneyPak," which is basically the equivalent of cash. Scams like this have been going on for a while now -- just do a simple Google search on "scam, greendot" and you'll find a lot of results. Most recently, the scam has focused either on the IRS, as mentioned above, or local utilities, with threats about turning off your power, phone, etc. New York City even put out an alert directly warning about GreenDot MoneyPak scams. However, it appears that the scammers have recently attempted to move on from just the IRS and utilities -- to two appealing alternative options: the NSA and the FBI. Lawyer David Gingras apparently spotted the FBI version upon visiting a website recently: Apparently, at least some of these are appearing because of a virus that tries to make it look like the FBI locked up your computer. I particularly like the three reasons why your computer might have been locked up: First up is copyright infringement -- which does note "Article I, Section 8, Clause 8" (though later it says "Cause 8"), which is the Constitution's copyright clause, but here it's nonsensically described as "the Copyright of the Criminal Code of the United States of America," and then there's this, which is so obviously not written by someone fluent in English: "provides for a fine of two to five hundred minimal wages or a deprivation of liberty for two to eight years." Then there's the inevitable claim of child porn (though this calls it "child porno" and "article 202 of the Criminal Code"). You'd think for all the effort put into this, they'd at least look up the relevant laws. Finally, my favorite: they point out (somewhat accurately) that you might have malware on your computer, and then say, "thus you are violating the law on Neglectful Use of Personal Computer." Perhaps that's the most accurate, except that the fine here is paid for stupidity rather than any actual criminal violation. Here's another version, using the DOJ's logo: I find it vaguely amusing that all of these scammers highlight the store logos where you can conveniently buy a GreenDot MonkeyPak to help out with the scam. Malwarebytes claims that it's seen one of these scams with the CIA logo as well. However, on Friday, the issue apparently became so serious that the NSA put out an announcement about the scam using its logo: The NSA/CSS is aware of a computer malware scam using the NSA/CSS seals and banner. Victims of this malware report that a pop-up or a locked Internet browser alerts them that they have violated the law and/or are being monitored. The scam may also request that victims pay a fine. This activity and the associated alerts have no affiliation to the federal government, NSA included, and no money should be paid to the scammers. Victims should consult a computer professional on how to address the computer infection. Victims may also contact the Internet Crime and Complaint Center, a partnership between the FBI and National White Collar Crime Center that accepts Internet-related criminal complaints. For more information about malware, users can review the NIST Guide to Malware Incident Prevention and Handling. Of course, it's no surprise that with all of the reports of NSA and FBI surveillance and abuse, that scammers would jump on the opportunity to make use of that fear in their efforts. That said, I would imagine that targeting the FBI -- which actually does investigate cybercrime -- might not be that wise of a decision for the scammers.Permalink | Comments | Email This Story

Read More...
posted 23 days ago on techdirt
Comic-cons are awesome. They occur all over the country and they're literally the best place to people watch on the entire planet. You should know this. What you probably don't know is that "Comic-Con" is a trademarked term used by the famous San Diego convention, arguably the most successful of its kind. You likely don't know this because, like any other sane comics enthusiast, comic-con has become a generic term meaning a comics convention. It isn't associated with any particular company or brand any longer. It's generic. Which is what might make it surprising to learn that the San Diego Comic-Con is suddenly going after the Salt Lake City Comic Con over trademark infringement. The cease and desist letter the San Diego convention sent out makes hysterical claims. "Attendees, exhibitors and fans seeing use of 'Comic Con' in connection with your convention will incorrectly assume that your convention is in some way affiliated with SDCC and its Comic-Con convention," the letter from attorneys for San Diego Comic-Con wrote in the letter sent Friday. "In fact, we are aware of multiple instances where persons have incorrectly believed that the Salt Lake Comic Con convention was an SDCC event." Uh huh. I can remember attending a comics convention in Chicago recently and thinking, "Holy shit, I can't believe all these guys from San Diego came out here to run this convention." Because they didn't, obviously, and it takes a special kind of silly to think that anyone using the shortened version of the term "comics convention" must be the same folks from California. The term has become diluted on its own, certainly, but also due to the San Diego convention's inaction when it comes to all the other comic-cons out there. The Salt Lake City convention included this in its response. The 13-page response filed Monday in Southern California's U.S. District Court denied the bulk of San Diego's claims, including that its name violates the trademark the West Coast convention holds on the title "comic-con," with a hyphen. The non-exhaustive list of conventions includes Baltimore Comic Con in Maryland, Pittsburg Comicon in Pennsylvania, and Rose City Comic Con in Oregon, all of which remain uncontested by the flagship convention in San Diego. "(San Diego Comic-Con) has allowed competitors and consumers to use the words 'comic con' or 'comic-con' as the generic name for comic conventions," the filing states. "The general public understands the words 'comic con' or 'comic-con' to refer generally to a comic convention and does not associate these words with any particular source of such conventions." Rendering this all really silly is that the San Diego convention is both insanely successful and is also certainly not threatened by other conventions put on in other cities. On the off chance that they can find someone who thinks that all "comic-cons" are run by the SDCC, so what? They've already failed to protect their mark, which was eventually going to become generic, and I'm pretty sure folks in Salt Lake City going to the convention aren't taking anything away from the SDCC. So what's the point of all this again? DV.load("//www.documentcloud.org/documents/1305247-comicon.js", { width: 560, height: 550, sidebar: false, text: false, container: "#DV-viewer-1305247-comicon" }); Comicon (PDF) Comicon (Text) Permalink | Comments | Email This Story

Read More...
posted 23 days ago on techdirt
We've been writing a bit about CIA director John Brennan and his continuing to misrepresent the truth and outright lie. As you probably know, back in March, Senator Dianne Feinstein revealed that the CIA had spied on the computer network being used by the Senate Intelligence Committee to investigate the CIA's torture program. As Feinstein revealed, while the computers had been set up by the CIA (for security reasons), there was a written agreement that everything on them would be considered the Senate's, and that the CIA was not to look at them. The CIA violated this agreement, after realizing (upon being questioned in a Senate hearing) that the Senate had in its hands a draft of the so-called "Panetta Report" -- an internal review of all the documents the CIA had given to the Senate staffers, which more or less confirmed all their findings about the CIA torture program. Apparently, the CIA never intended to turn over that report to the Senate staffers, but did. Rather than realize its mistake, the CIA then snooped on the network and more, including Senate staff emails. When Feinstein first revealed this, Brennan insisted: "Let me assure you the CIA was in no way spying on [the committee] or the Senate." That was a lie. Soon after, Brennan tried to release his side of the story, which we noted actually appeared to confirm nearly all of the details of Feinstein's story. And yet, the mainstream press dutifully reported that Brennan had "denied" Feinstein's claims. He did not. He denied claims she did not make in a such manner as to look like he was denying her actual charges. After the CIA's Inspector General Report came out, confirming all of Feinstein's claims (and much more, including that Brennan's CIA had further misrepresented the truth in trying to claim that it was the Senate staffers themselves who had broken the law), Brennan sent an apology letter. And yet, he's spent the last few weeks denying he lied, claims that are completely undermined by the CIA itself. So here's the thing: why won't the press say that Brennan lied? Dan Froomkin, over at the Intercept, recounts most of this history in what he calls an "anatomy of a non-denial denial," and then raises the point of why won't the press actually call out Brennan for lying: The reason you so infrequently see the word “lie” in elite media news stories is that the editors generally take the position that even when someone has said something clearly not true, a reporter’s use of the word “lie” — rather than, say, “misspoke” or “was incorrect” — requires knowledge of the subject’s intent to deceive. And a fair-minded journalist, they argue, can’t be sure what’s going on in someone else’s head. But when someone who has so clearly uttered a non-denial denial has to go back and explain how he intentionally responded to an accusation in a very circumscribed or elliptical way, and how that answer was mischaracterized as a denial — and how he made no attempt to correct the record – isn’t that prima facie evidence of intent to deceive? Even though the non-denial denial isn’t in itself strictly speaking a lie, when examined in context, isn’t that exactly what it is? Froomkin notes, (as we did at the time in part, thanks to his own research) that most of the press just ate up Brennan's initial denial (which, as we stated, actually confirmed the details, while denying stuff Feinstein did not accuse the CIA of doing). Only a few put in some caveats: Politico, the New York Times, Reuters and the Wall Street Journal all pretty much cast Brennan’s statements as a blanket denial. But I was pleasantly surprised by the AP (“He denied that the CIA ‘hacked’ into the computer network in remarks on Tuesday but did not address the question of a search”) and the Los Angeles Times (he

Read More...
posted 23 days ago on techdirt
Yeah, so you've read the headline. No criminal activity. No charges brought. And a cheap shot fired across the bow of the Fourth Amendment, not to mention Vermont's own Constitution. But let's travel back further to set this up. Twenty-one-year-old Gregory Zullo was supposedly pulled over for having his license plate registration sticker (incidentally) covered by a small amount of snow. Not a crime. From the ACLU filing [pdf link]: At all times relevant to this action, it was not a violation of Vermont law to drive a car on which the validation sticker on the rear license plate – but not the numbers and letters of the license plate itself – was touched by snow, leaves, or any other material. The lawsuit notes that the officer who stated this was the reason he initiated the event spent no further time on that subject. He didn't bother to brush the snow away from the registration sticker or have Zullo do it, despite the fact that both spent over 30 minutes no more than a few inches away from the offending plate. Officer Hatch spent most of his time trying to talk Zullo into allowing him to search the vehicle without a warrant. Hatch seemed to be convinced that Zullo was involved with the heroin traffickers he was searching for. Hatch tried everything, including lying. More than once, the defendant’s employee told Mr. Zullo that Mr. Zullo should consent to a search because the police dog in the back of his truck smelled something. But the police dog in Hatch’s truck was not a drug detection dog, and, at all times during the encounter between Hatch and Mr. Zullo, the dog remained in the truck with the truck’s windows rolled up. This isn't just a mere allegation based on Zullo's statements to the ACLU. It's confirmed during the few minutes of actual dialog captured by the dash cam's mic. (Interestingly [or not, depending on your particular faith in law enforcement], Officer Hatch was wired for sound, but either his body mic wasn't activated or was buried so far beneath his winter gear it was rendered useless.) At no point does the non-drug dog appear outside the vehicle. About 30 minutes into the recording, Hatch returns to his vehicle to inform his precinct that Zullo wouldn't agree to warrantless search, so "he's [Hatch] just going to take it [Zullo's car]." During that same call, the defendant’s employee admitted that he did not have a drug detection dog with him, but would have access to one at the state police barracks. App. A at 33:59 As the officers and Zullo waited for the tow truck, they continued to try to get his permission for a search. Zullo held firm, so the cops ditched him miles from home in 20-degree weather. Mr. Zullo asked Hatch if he could retrieve his money and cell phone from his car, because he did not know how he would get home without either item. Hatch refused, saying that getting home was “not my problem,” and warned Mr. Zullo that if he attempted to retrieve those items from the car he would be arrested. When Mr. Zullo walked towards his car, Hatch placed his hands on Mr. Zullo to restrain him from reaching the car. After the tow truck arrived and took Mr. Zullo’s car, Hatch and the second state trooper left the scene, leaving Mr. Zullo stranded on the side of Route 7. After being seized, Zullo's car was searched by Officer Hatch using an actual drug dog and an actual warrant [pdf link]. Nothing illegal was uncovered. Hatch found both a pipe and a grinder with "marijuana residue." Again, no laws were broken by Zullo's possession of these items. On June 6, 2013, Governor Shumlin signed the bill, and the relevant parts of the enactment became effective on July 1, 2013. 2013 Vt. Acts & Resolves 669. As a result, at the time of the events giving rise to this suit, Vermont law deemed possession of an ounce or less of marijuana by a person over the age of twenty-one a civil offense, punishable by no more than a fine contestable in the Judicial Bureau. Vt. Stat. Ann. tit. 18, §4230a(b)(1). That part of the state statutes reads: Except as otherwise provided in this section, a person 21 years of age or older who possesses one ounce or less of marijuana or five grams or less of hashish or who possesses paraphernalia for marijuana use shall not be penalized or sanctioned in any manner by the State or any of its political subdivisions or denied any right or privilege under State law. Both the drug angle and the registration sticker angle dead end into a search and seizure based on non-criminal actions. The state does have an out (one that will likely be deployed in its defense against Zully's lawsuit) that still allows law enforcement to search for marijuana, even if what's discovered isn't a criminal amount. This section is not intended to affect the search and seizure laws afforded to duly authorized law enforcement officers under the laws of this State. Marijuana is contraband pursuant to section 4242 of this title and subject to seizure and forfeiture unless possessed in compliance with chapter 86 of this title (therapeutic use of Cannabis). But this should have resulted in something better than the response given to Zully when he finally made his way to the precinct to retrieve his vehicle (as well as being told he was responsible for the towing fees). When Mr. Zullo asked the defendant’s employee why he had to pay for the tow, the defendant’s employee told him that the tow cost was Mr. Zullo’s fault for exercising his rights. There's the now-familiar lesson: exercise your rights and cops will make you pay -- one way or another -- for making their jobs difficult. This was plainly stated by an LAPD member shortly after the situation in Ferguson blew up: be anything but compliant and you'll be hurting. If you have problems with us steamrolling your rights, sue us. That attitude brings us to this. Another lawsuit filed against a law enforcement agency simply because a police officer couldn't handle being told, "No."Permalink | Comments | Email This Story

Read More...
posted 24 days ago on techdirt
There were some high-scoring comments on the insightful side this week, and they all came in response to the same thing: law enforcement freaking out about smartphone encryption. Out in the lead we have BentFranklin with a quotable response to such complaints: Police who say they can't do their jobs without violating the constitution are saying they can't do their jobs. Trailing by just a few votes on the insightful side, but also racking up enough funny votes to win first place on that side of things, we've got John Fenderson with a little bit of perspective: Have we all forgotten those dark ages? Remember those dark days before smartphones existed? How could we forget those terrible times when no crimes could be solved because there were no smartphones to be searched? For editor's choice on the insightful side, we'll start out with one more comment from that post. Tomczerniawski served up an excellent response to anyone who tries to justify the curtailment of civil rights with a plea of "Won't somebody please think of the children?": I have. I'd rather they not grow up in a totalitarian, authoritarian dictatorship. Next, we've got an excellent comment discussing the broader topic of government secrecy and classified information. Sometimes, the push for transparency can be painted as naive — as though its proponents don't understand the need for secrecy in the face of very real threats. JP Jones does an excellent job of dispelling this straw man and delineating the differences between acceptable and unacceptable secrecy: No, we don't need to know details. What you're talking about is called Operational Security (OPSEC). OPSEC relates to very specific things. Here's an example. If I post on Facebook that I'm getting deployed to Afghanistan, that's not a violation of OPSEC. There are plenty of unclassified channels where an enemy could learn that information. Now, if I said I'm deploying on X date on Y flight with Z number of people, that's where the problem comes in. The vast majority of classified information involves specifics of known information. For example, it's not classified that we have electronic warfare devices that are used to remotely explode IEDs using frequency jamming. You can read about it on Wikipedia. The exact effective radius of devices currently in use on military vehicles, however, is classified. The issue people have with transparency is that we're hiding general information, not because knowledge of it would allow the enemy to counteract it, but because if people knew about it they would not approve of it. That is an illegal reason to classify government information. So when we find out that the government is doing it on a massive scale, and actively trying to surpress that information, not because it would aid the enemy, but because the American people would not approve, we're a little upset. I don't need to know the effective range of our counter-IED vehicles, and I don't need to know the 10 digit grid of our nuclear submarines, and I don't need to know the names of our operatives in Iran. I do need to know when my government is torturing people, spying on citizens not suspected of any crime, and in general abusing its power. The fact is that terrorists already assumed we had the capability to track their communications. Our military does this regularly; it's why we use callsigns on encrypted radio communications. We don't know if the enemy has broken our encryption, but if they have, we're not going to make it easy for them to find out more. Extremist organizations would have to be insane to operate under the assumption that their electronic communications were perfectly safe. So who's really upset about the whole thing? The American population. Did this hurt the U.S. reputation? Certainly. But that's because it's bad, and because we shouldn't have been doing it, which is not a reason to classify information. There isn't a problem with secrecy. There's a problem with illegal and immoral behavior being allowed because we're too afraid of the terrorist threat to challenge our own government. Over on the funny side, we've already had our first place comment from John, so let's move on to number two. When we mocked a report about textbook piracy for calling Herodotus' Histories a "textbook" and acting surprised that it was available for free, it being an extremely public domain work, Vidiot said not so fast: None of this public domain nonsense, now... Herodotus may have published in 440 BC, but his heirs have been closely following the adventures of the Conan Doyle estate. And they're talking subpoenas. For editor's choice, we've got a couple quick hits from other posts. First up is Stan, who was curious after hearing the NSA mention "Constitution Day": Does Constitution Day at the NSA involve shredders or incinerators? Last but not least, it's mmrtnt suggesting that the total lack of Jimi Hendrix music in an upcoming Jimi Hendrix biopic perhaps calls for the redefinition of a common term: Wow Talk about a spoiler... That's all for this week, folks! Permalink | Comments | Email This Story

Read More...
posted 25 days ago on techdirt
Five Years Ago We sort of foreshadowed this last week, but five years ago this week, we had our little dust-up with singer Lily Allen -- something I still can't quite understand. It started with Lily posting a bit of a rant against file sharing, which we felt was a bit misguided. Then, Lily decided to double down and set up an entire blog entitled "It's Not Alright" in which she apparently planned to discuss how copying and file sharing was simply "not alright." Except... her very first post happened to be her copying an entire Techdirt article (without credit or a link). The copied article was about 50 Cent's more enlightened view on copyright. Lily reposted our entire article and then slammed 50 Cent. We noted that we have no problem with anyone copying our articles, but it sure seemed strange for Ms. Allen to create an entire blog post about how "it's not alright" to copy, and then copied our entire article (again, without credit). Allen then updated her website with an semi-apology to me, while still insisting that she thought it was "quite obvious" that she "wasn't trying to pass off those words" as her own. Of course, that wasn't the concern. Very little copyright infringement is about plagiarism (which is about passing off someone else's words as your own). Our point was merely that perhaps her views on copying being "not alright" weren't entirely well thought out when she, herself, clearly copied our words without a thought. But then it got stranger. That's because someone alerted us to the fact that part of the way Lily became famous was distributing mixtapes, which mixed in her music with lots of other famous recording artists. Now, lots of musicians do this. It's considered pretty common these days, but it doesn't make it any less infringing. Even more bizarre was that these mixtapes were being distributed off of Allen's official website, which had a big copyright notice on it, courtesy of her label, EMI. So, for someone speaking out about how it was "not alright" to copy others, she sure didn't seem to take heed of that herself. Lily responded by "answering some questions," but it really just repeated her claims about it's "not alright." She didn't address the hypocritical nature of her own copying (and distributing) of others' works. She also insisted that music couldn't be free. We asked her some questions that we hoped she'd actually answer, including about her own use of free, while slamming the concept of free. Following this, she put up a big blog post that tried to respond to my questions, but which we felt missed the mark. Her post was only up for a few hours, and as I was writing about it, she not only took the post down, but the whole blog down, never to return. The next day she showed up at an event, and suddenly people were claiming that there were horrible attacks online against her leading some people to accuse me of attacking her for merely pointing out inconsistencies in her statements and actions (a recording industry lawyer insisted that I lead "my army" of internet "hackers" to attack her -- which is all sorts of hilarious). A few days later, she claimed she was quitting music altogether, something that almost no one believed to be true, and which wasn't true. She did, eventually, release more music, including a song attacking internet trolls. It was quite a week. It wasn't all Lily Allen that week. This was also the week that a bank screwed up and sent confidential info to someone's Gmail account, leading a judge to order Google to kill the entire account -- a reaction that seemed a bit on the extreme side. Meanwhile, Mark Helprin, who wrote a book about how awful the internet was (spending way too much time dissecting anonymous Techdirt comments), blamed the plethora of bad reviews of the book on the fact that publishers asked the people he insulted (all of us internet shut ins, of course) to review the book (or, maybe, the book just sucked). Meanwhile, an author in New Zealand claimed that libraries were engaging in grand theft by loaning books. CAFC was being CAFC and said that you could patent medical diagnostics in the Mayo Clinic case, setting up an epic smackdown from the Supreme Court that set the framework for future epic smackdowns, including the most recent in the Alice ruling. Texas Instruments was angry at calculator hackers and some ridiculous Canadian professor tried to insist that an injunction that would stop the sale of Microsoft Word due to a questionable patent infringement claim would be good for society because patents patents patents. Speaking of patents and craziness, a ridiculous SLAPP suit against Rick Frenkel, who had blogged anonymously as the "patent troll tracker" was set to begin, though it settled quickly (after all, the goal was really just to out Frenkel). In other news, DMCA safe harbors are super important, people aren't that interested in paying for news and DRM doesn't enable business models. Oh, and I still love this story about a clothing firm pirating their own clothes. Ten Years Ago: Judge Baer tossed out part of the Uruguay Round Agreements Act that said selling bootlegs was copyright infringement, saying it basically granted perpetual copyright. Unfortunately, the appeals court overruled him later. Patents were in the news: patents were piling up in search and in WiFi, foreshadowing some patent troll fights to come. Someone claimed that merely offering internet access in public spaces was patented. Netflix was taking tentative steps towards offering downloadable movies while people were already suggesting that the price of music downloads needed to drop. The 9/11 Commission Report was both public domain and available totally free -- and yet was a massive best seller. And yet some people still insist that you can't make money off of free or without copyright? A UK newspaper felt that if it pulled some of it content off the web that would make more people buy the paper edition (wonder how that worked out). Meanwhile, electronic voting machines continued to mysteriously lose votes. In the telco world, people were talking about the insanity of phone bills that had more unadvertised fees than the official "cost" of the service. Telcos were still fighting back against muni-broadband and broadcasters were still resistant to freeing up spectrum. Some things never change. Fifteen Years Ago: Still in the heart of the dot com bubble, NetZero, the free ISP went public at a $3 billion valuation. Speaking of free, a new registrar was launching that would offer you free domain names, but you had to run their ads on your site. Virginia was claiming that it was the "Capital of the Internet" which never made much sense. Yahoo was setting up its own taxis in San Francisco. It could have been Uber! We were talking about an early music storage locker and predicting a day when your phone could stream your music from the internet no matter where you were (not a bad prediction). The NY Times, in its typically curmudgeon fashion, was bothered by the idea of people using instant messaging at work. And, yes, there was patent trouble, as NCR was claiming that Netscape violated its patents. Four Hundred And Thirty Four Years Ago: Sir Francis Drake finished his circumnavigation of the globe, the second trip to do so. Of course, since Drake is widely considered to be a pirate, I'd have to say this marks the first ever "global pirate scourge."Permalink | Comments | Email This Story

Read More...
posted 25 days ago on techdirt
For this week's awesome stuff we're back to discussing some crowdfunding projects, and this week, we're keeping it simple. Here are a few simple, small projects, some potentially more interesting and useful than others. Nope! It's no longer paranoid and crazy to want to cover up the camera on your laptop any more. Most people just use some black tape. Hell, the EFF even sells special camera cover stickers that are totally worth buying. But if you'd prefer not to use sticky tape, there's now another solution, that looks a bit more elegant: Nope: a pair of magnets designed to cover the camera, but also easy enough to slide out of the way when you do need the camera (and without leaving any sticky residue. The magnets are supposedly weak enough not to cause problems for the computer but you might want to confirm that before diving in. Openmix Simple, straightforward and small: it's the Openmix, the world's smallest audio mixer. It's pretty no frills. The tiny device has a dial, two audio input plugs that you can accept any smartphone or mp3 player, and you spin the dial back and forth to crossfade from one audio source to the other. There's also an outbound jack so you can plug in a speaker, and a third input if you want to insert effects or something via a DJ app. It's not fancy. It won't do amazing things, but as a simple device, it looks pretty neat. Of course, it also looks like it's nowhere near hitting its goal with just a little time left. Gyzmo A simple wireless remote for your mobile phone, called the Gyzmo. Three buttons that you can program to do a specific thing on your phone, letting you have your phone do something specific without having to grab the full phone. Originally designed as a sort of "panic button," the designers are making it programmable so you can do other things remotely as well. NoPhone Okay, this last one is just for fun, but it is simple. As the NoPhone folks explain, it's a "technology-free alternative to constant hand-to-phone contact that allows you to stay connected with the real world." In short, it's a 3D printed slab of nothing, in the shape of a phone, for those of you who now feel like you always have to be holding something smartphone-sized. There's also a "selfie-upgrade" which is a mirror sticker. They note that while it doesn't have bluetooth, if you drop it in the toilet, it won't die. It's also not carrier locked. That's it for this week.Permalink | Comments | Email This Story

Read More...
posted 25 days ago on techdirt
They can promise strong encryption. They just need to figure out how they can provide us plain text. - FBI General Counsel Valerie Caproni, September 27, 2010 [W]e're in favor of strong encryption, robust encryption. The country needs it, industry needs it. We just want to make sure we have a trap door and key under some judge's authority where we can get there if somebody is planning a crime. - FBI Director Louis Freeh, May 11, 1995 Here we go again.  Apple has done (and Google has long announced they will do) basic encryption on mobile devices. And predictably, law enforcement has responded with howls of alarm. We've seen this movie before.  Below is a slightly adapted blog post from one we posted in 2010, the last time the FBI was seriously hinting that it was going to try to mandate that all communications systems be easily wiretappable by mandating "back doors" into any encryption systems.  We marshaled eight "epic failures" of regulating crypto at that time, all of which are still salient today.  And in honor of the current debate, we've added a ninth:  . . . If the government howls of protest at the idea that people will be using encryption sound familiar, it's because regulating and controlling consumer use of encryption was a monstrous proposal officially declared dead in 2001 after threatening Americans' privacy, free speech rights, and innovation for nearly a decade. But like a zombie, it's now rising from the grave, bringing the same disastrous flaws with it. For those who weren't following digital civil liberties issues in 1995, or for those who have forgotten, here's a refresher list of why forcing companies to break their own privacy and security measures by installing a back door was a bad idea 15 years ago: It will create security risks. Don't take our word for it. Computer security expert Steven Bellovin has explained some of the problems. First, it's hard to secure communications properly even between two parties. Cryptography with a back door adds a third party, requiring a more complex protocol, and as Bellovin puts it: "Many previous attempts to add such features have resulted in new, easily exploited security flaws rather than better law enforcement access."It doesn't end there. Bellovin notes: Complexity in the protocols isn't the only problem; protocols require computer programs to implement them, and more complex code generally creates more exploitable bugs. In the most notorious incident of this type, a cell phone switch in Greece was hacked by an unknown party. The so-called 'lawful intercept' mechanisms in the switch — that is, the features designed to permit the police to wiretap calls easily — was abused by the attacker to monitor at least a hundred cell phones, up to and including the prime minister's. This attack would not have been possible if the vendor hadn't written the lawful intercept code. More recently, as security researcher Susan Landau explains, "an IBM researcher found that a Cisco wiretapping architecture designed to accommodate law-enforcement requirements — a system already in use by major carriers — had numerous security holes in its design. This would have made it easy to break into the communications network and surreptitiously wiretap private communications." The same is true for Google, which had its "compliance" technologies hacked by China. This isn't just a problem for you and me and millions of companies that need secure communications. What will the government itself use for secure communications? The FBI and other government agencies currently use many commercial products — the same ones they want to force to have a back door. How will the FBI stop people from un-backdooring their deployments? Or does the government plan to stop using commercial communications technologies altogether? It won't stop the bad guys. Users who want strong encryption will be able to get it — from Germany, Finland, Israel, and many other places in the world where it's offered for sale and for free. In 1996, the National Research Council did a study called "Cryptography's Role in Securing the Information Society," nicknamed CRISIS. Here's what they said: Products using unescrowed encryption are in use today by millions of users, and such products are available from many difficult-to-censor Internet sites abroad. Users could pre-encrypt their data, using whatever means were available, before their data were accepted by an escrowed encryption device or system. Users could store their data on remote computers, accessible through the click of a mouse but otherwise unknown to anyone but the data owner, such practices could occur quite legally even with a ban on the use of unescrowed encryption. Knowledge of strong encryption techniques is available from official U.S. government publications and other sources worldwide, and experts understanding how to use such knowledge might well be in high demand from criminal elements. — CRISIS Report at 303 None of that has changed. And of course, more encryption technology is more readily available today than it was in 1996. So unless the goverment wants to mandate that you are forbidden to run anything that is not U.S. government approved on your devices,  they won't stop bad guys from getting  access to strong encryption. It will harm innovation. In order to ensure that no "untappable" technology exists, we'll likely see a technology mandate and a draconian regulatory framework. The implications of this for America's leadership in innovation are dire. Could Mark Zuckerberg have built Facebook in his dorm room if he'd had to build in surveillance capabilities before launch in order to avoid government fines? Would Skype have ever happened if it had been forced to include an artificial bottleneck to allow government easy access to all of your peer-to-peer communications?This has especially serious implications for the open source community and small innovators. Some open source developers have already taken a stand against building back doors into software. It will harm US business. If, thanks to this proposal, US businesses cannot innovate and cannot offer truly secure products, we're just handing business over to foreign companies who don't have such limitations. Nokia, Siemens, and Ericsson would all be happy to take a heaping share of the communications technology business from US companies. And it's not just telecom carriers and VOIP providers at risk. Many game consoles that people can use to play over the Internet, such as the Xbox, allow gamers to chat with each other while they play. They'd have to be tappable, too. It will cost consumers. Any additional mandates on service providers will require them to spend millions of dollars making their technologies compliant with the new rules. And there's no real question about who will foot the bill: the providers will pass those costs onto their customers. (And of course, if the government were to pay for it, they would be using taxpayer dollars.) It will be unconstitutional.. Of course, we wouldn't be EFF if we didn't point out the myriad constitutional problems. The details of how a cryptography regulation or mandate will be unconstitutional may vary, but there are serious problems with nearly every iteration of a "no encryption allowed" proposal that we've seen so far. Some likely problems: The First Amendment would likely be violated by a ban on all fully encrypted speech. The First Amendment would likely not allow a ban of any software that can allow untappable secrecy. Software is speech, after all, and this is one of the key ways we defeated this bad idea last time. The Fourth Amendment would not allow requiring disclosure of a key to the backdoor into our houses so the government can read our "papers" in advance of a showing of probable cause, and our digital communications shouldn't be treated any differently. The Fifth Amendment would be implicated by required disclosure of a private papers and the forced utterance of incriminating testimony. Right to privacy. Both the right to be left alone and informational privacy rights would be implicated. It will be a huge outlay of tax dollars. As noted below, wiretapping is still a relatively rare tool of government (at least for the FBI in domestic investigations -- the NSA is another matter as we now all know). Yet the extra tax dollars needed to create a huge regulatory infrastructure staffed with government bureaucrats who can enforce the mandates will be very high. So, the taxpayers would end up paying for more expensive technology, higher taxes, and lost privacy, all for the relatively rare chance that motivated criminals will act "in the clear" by not using encryption readily available from a German or Israeli company or for free online. The government hasn't shown that encryption is a problem. How many investigations have been thwarted or significantly harmed by encryption that could not be broken? In 2009, the government reported only one instance of encryption that they needed to break out of 2,376 court-approved wiretaps, and it ultimately didn't prevent investigators from obtaining the communications they were after.This truth was made manifest in a recent Washington Post article written by an ex-FBI agent. While he came up with a scary kidnapping story to start his screed, device encryption simply had nothing to do with the investigation.  The case involved an ordinary wiretap. In 2010, the New York Times reported that the government officials pushing for this have only come up with a few examples (and it's not clear that all of the examples actually involve encryption) and no real facts that would allow independent investigation or confirmation. More examples will undoubtedly surface in the FBI's PR campaign, but we'll be watching closely to see if underneath all the scary hype there's actually a real problem demanding this expensive, intrusive solution. Mobile devices are just catching up with laptops and other devices.  Disk encryption just isn't that new. Laptops and desktop computers have long had disk encryption features that the manufacturers have absolutely no way to unlock. Even for simple screen locks with a user password, the device maker or software developer doesn't automatically know your password or have a way to bypass it or unlock the screen remotely.Although many law enforcement folks don't really like disk encryption on laptops and have never really liked it, and we understand that some lobbied against it in private, we haven't typically heard them suggest in public that it was somehow improper for these vendors not to have a backdoor to their security measures.That makes us think that the difference here is really just that some law enforcement folks think that phones are just too popular and too useful to have strong security.  But strong security is something we all should have.  The idea that basic data security is just a niche product and that ordinary people don't deserve it is, frankly, insulting.  Ordinary people deserve security just as much as elite hackers, sophisticated criminals, cops and government agents, all of whom have ready access to locks for their data.   The real issue with encryption may simply be that the FBI has to use more resources when they encounter it than when they don't. Indeed, Bellovin argues: "Time has also shown that the government has almost always managed to go around encryption." (One circumvention that's worked before: keyloggers.) But if the FBI's burden is the real issue here, then the words of the CRISIS Report are even truer today than they were in 1996: It is true that the spread of encryption technologies will add to the burden of those in government who are charged with carrying out certain law enforcement and intelligence activities. But the many benefits to society of widespread commercial and private use of cryptography outweigh the disadvantages. The mere fact that law enforcement's job may become a bit more difficult is not a sufficient reason for undermining the privacy and security of hundreds of millions of innocent people around the world who will be helped by mobile disk encryption.  Or as Chief Justice of John Roberts recently observed in another case rejecting law enforcement's broad demands for access to the information available on our mobile phones:   "Privacy comes at a cost."   Reposted from the Electronic Frontier Foundation's Deeplinks Blog Permalink | Comments | Email This Story

Read More...
posted 25 days ago on techdirt
Comcast is notorious for its terrible customer service. It's not hard to find story after story after story after story after story after story about Comcast's customer service failures. And those are all just from the past three months (and we skip over plenty of those stories as well). It's gone on for years. It's why Comcast keeps winning the Worst Company in America award. Every time these things happen, some top exec from Comcast comes out of his or her cave to tell us that these things are unacceptable and will change. As Karl Bode at Broadband Reports sums up, it's becoming like clockwork: Comcast CEO Brian Roberts emerges every six months and makes a promise to fix things, though it's always with a dismissive attitude. It's because we're so big that we see so many complaints, he'll say, as if every other major company has employees consistently making the news for falling asleep at customer homes, murder, digging in the wrong yard blowing up laptops, dishwashers or homes -- or even animal cruelty. But, apparently that's all over now. You know what was missing? A "Senior VP of Customer Experience" and now Comcast's got itself one of those: The latest seemingly bi-annual promise to fix their abysmal customer satisfaction ratings comes via Comcast Executive VP Neil Smit, who in a blog post informs us that Comcast has hired Charlie Herrin to be the company's new "Senior VP of Customer Experience." Herrin will, according to Smit, "reimagine the customer experience and ensure that we are delighting our customers at each touch point." "Over the last few years, we’ve been incredibly focused on product innovation and delivering great content and technology experiences," insists Smit. "But this is only one half of the customer experience equation. The other half is operational excellence in how we deliver service. The way we interact with our customers – on the phone, online, in their homes – is as important to our success as the technology we provide." That's an interesting rewriting of history. The reality, of course, is that while Comcast has improved speeds, it's spent an awful lot of its time over the past few years on buying up companies and getting regulatory approval to grow its monopolistic appetite. And, it seems noteworthy that each time Comcast tries to do a big merger, part of the rationale presented is that this will somehow improve the customer experience. And yet, now they're more or less admitting that was never actually true. Furthermore, what giant monopolistic provider of service do you know that has a reputation for providing good customer service? Competition leads to both innovations and good customer service, and that's not something that Comcast really faces anywhere these days. A VP of Customer Experience isn't likely to change thatPermalink | Comments | Email This Story

Read More...
posted 25 days ago on techdirt
It can be difficult to nail down the definition of American food since immigrants from all over the world have settled in the US and created a distinctly different varieties of their traditional cuisines. If you didn't realize it, fortune cookies are not a Chinese dessert (Chinese-American, yes). So what other foods aren't as authentic as you might think? Here are just a couple other examples. Spaghetti and meatballs sounds like a classic Italian dish for dinner, but it's actually not a common meal for people in Italy. Meatballs in Italy are generally smaller than their American counterparts and served separately from pasta. [url] The names of pasta varieties can be confusing because there are so many kinds and they look vaguely similar to the casual observer. Thankfully, there's an infographic to help you figure out the difference between rotini and marziani. [url] Italian restaurants in the US have created several dishes that are definitely not from Italy. One example is Lobster Fra Diavolo. Lobsters are not common in Italy, first of all. However, there could have been a similar dish with a different kind of crustacean. Maybe. [url] If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.Permalink | Comments | Email This Story

Read More...
posted 25 days ago on techdirt
Attorney General Eric Holder announced he would resign yesterday, after serving as the nation’s top law enforcement official since President Obama came into office in 2009. Holder will leave behind a complex and hotly debated legacy at the Justice Department on many issues, but one thing is clear: he was the worst Attorney General on press freedom issues in a generation, possibly since Richard Nixon’s John Mitchell pioneered the subpoenaing of reporters and attempted to censor the Pentagon Papers. Holder presided over the largest legal crackdown on journalists’ sources in American history. Under his watch, the Justice Department prosecuted more sources and whistleblowers under the Espionage Act than all previous administrations combined, and many of those cases directly led to surveillance of reporters. In one, the Justice Department secretly subpoenaed twenty Associated Press phone lines, gathering information on over one hundred AP reporters. In another, the Justice Department accused Fox News reporter James Risen in court documents of being a “co-conspirator” and “aiding and abetting” State Department employee Stephen Kim in violating the Espionage Act. Both moves by the Justice Department were personally approved by the Attorney General. After a loud public backlash, the Justice Department recently tightened its media guidelines, but that hasn’t stopped them from attempting to force one of the nation’s best national security reporters, New York Times’ James Risen, into jail for refusing to testify against an alleged source. In Risen’s case, the Justice Department caused the most damage to reporter’s privilege in decades when it convinced the Fourth Circuit to do away with the privilege in its jurisdiction altogether. Shamefully, Holder’s Justice Department argued in front of the Court of Appeals that not only did Risen not qualify for reporter’s privilege, but the privilege did not exist at all, literally comparing reporters who protect sources who tell them about sensitive information to receiving drugs from a drug dealer and refusing to talk about it. Despite all this, Eric Holder had previously promised that, “As long as I’m attorney general, no reporter who is doing his job is going to go to jail.” How the Justice Department could pursue contempt of court charges against Risen but keep him out of jail was unknown. But now the Holder is stepping down, the Justice Department is not obligated to abide by his promise. The Justice Department’s pursuit of Risen has led to a petition signed by over 100,000 citizens, and over twenty Pulitzer Prize winners issued statements condemning it. The Justice Department has still refused to drop its pursuit. And often forgotten in the Justice Department’s awful crackdown on the press, is its the sprawling, four-year grand jury investigation into WikiLeaks for publishing classified State and Defense Department documents in 2010 and 2011, under a “conspiracy to commit espionage” theory where WikiLeaks may or may not have asked source Chelsea Manning to send them the documents. Many have referred to it as the largest investigation of a publisher in American history. Despite the fact that the investigation has been widely condemned by legal experts and Constitutional scholars—former Times general counsel James Goodale said Holder might as well be investigating WikiLeaks for “a conspiracy to commit journalism”—recent court documents show the grand jury is still active. Any indictment would leave all US newspapers in the perilous position of constantly under threat of prosecution when publishing supposedly “secret” information. But even without an indictment, the open-ended investigation chills WikiLeaks’ work and anyone caught in its wide net. In addition, the Justice Department's handling of the Freedom of Information Act (FOIA) and its aggressive tactics in court to keep basic information from journalists and the public has been deplorable, especially given Holder's promise to reform FOIA when he first came into office. Holder is also attempting to expand the controversial 'state secrets' privilege to new lengths, after promising to reform that as well. The next attorney general, whoever it is, will have a lot of issues on his or her plate. But better respecting the rights of reporters and the First Amendment should be at the top of that list. Reposted from the Freedom of the Press Foundation Permalink | Comments | Email This Story

Read More...
posted 25 days ago on techdirt
As you may have heard, there's a new movie opening today about a transformative year in Jimi Hendrix's life, called Jimi: All Is By My Side. The story sounds pretty interesting, but there's one big element that's missing: Jimi Hendrix's original music. As we noted two years ago, the Jimi Hendrix Estate denied any and all attempts to license his music unless they could have some control over the production (which the producers felt was out of order), meaning that the movie is, in fact, lacking any original Hendrix music. Instead, the only thing you'll see Hendrix performing if you watch the movie, is cover songs of other bands, which the movie's producers were able to license. I'm just going to repeat what I said two years ago, because it still applies: This is, in many ways, ridiculous. Part of the point of recording and retelling our cultural heritage is the use of the actual music that made it happen. Even the Hendrix estate finds the moviemakers' position confusing (though, it doesn't indicate if it would license the songs without creative say in the flick). Part of the problem is the ridiculous setup of music licensing today. You can do a cover song with compulsory licenses (i.e., without permission), but that's only for audio. Doing video gets you into sync licenses and other issues that require permission. And this is what you get in a society that locks up culture: a movie about Jimi Hendrix that features exactly none of his original music. This is how we lose out on culture. Culture thrives by sharing it, building on it, doing new things with it not by locking it up and demanding permission or control for everything. Indeed, looking over the reviews of the movie, many are specifically calling out the lack of Hendrix's music as a big part of the problem with the movie. How can you tell the story of an iconic rock star without his music? The music and the star go hand in hand, but you can't have that here. Thanks to copyright.Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
Marlene Pinnock, the 51-year-old grandmother with bipolar disorder who was politely asked to refrain from walking on Interstate 10 with the judicious application of California Highway Patrol officer Daniel Andrew's fist (no less than nine times), has been awarded a settlement of $1.5 million from the city of Los Angeles. Further details on the settlement aren't forthcoming, but the issuing of a settlement generally means never having to say you're sorry -- most settlements are awarded without an admission of wrongdoing. The CHP's statement notes that the officer involved has elected to resign, but that doesn't necessarily mean he'll avoid facing criminal charges. The CHP forwarded the results of its investigation of the incident to Los Angeles County prosecutors last month, saying he could face serious charges but none have been filed yet. Left unaddressed entirely is the CHP's seizure of Pinnock's medical records, which occurred shortly after it became apparent she would be suing over the beating she received. Here's the recording of Officer Andrew's life-saving beating. Ask yourself whether this settlement would have arrived this quickly without this recording. (You already know the answer.) Speaking of cops and cameras, it's a damn good thing State Trooper Sean Groubert didn't have the presence of mind to disable his dashcam before shooting a man in the hip for following his instructions. Sean "Jumpy" Groubert may have thought the driver was reaching for a weapon, but he did just instruct him to get his license -- which happened to be in his wallet -- which happened to be in the car -- and presumably, the rest of his vehicle documents. Instead of allowing Levar Jones to comply, Groubert's weapon discharged (to use the Police Passive Tense) at least four times, hitting Jones in the hip and leading to a very surreal conversation in which the victim asks a perfectly logical question: "Why'd you shoot me?" Fortunately, there was no extensive, drawn-out investigation. Groubert has been fired and charged with aggravated assault. Again: would Groubert still be employed if his camera hadn't been on or if the recording had vanished? Finally, courtesy of PINAC, here's one of the nation's most incompetent cops hard at work. It took almost eight painstaking minutes for the dimwitted cop in this video to realize he was being recorded, which was when he turned to the man with the camera and told him it was “technically illegal.” But it also took the cop 24 hours before realizing he had forgotten to issue a citation to a man he had pulled over the prior evening, which is why he had the man meet him at the gas station the following night in an attempt to get the man to sign it. "Technically illegal." Which means not illegal at all, but also means that the cop knows it (or thinks he does) but desperately wants the person recording to be more ignorant than he is and think that Officer Better Late Than Never is cutting him a break. Ridiculous. The person who actually obliged this poster boy for law enforcement IQ tests points out that he really shouldn't be cited for something that happened 24 hours ago -- an interaction in which he was released by this same cop without a citation. The retort? He also admits he routinely forgets to issue citations to people he pulls over, requiring him to track them down the following day to do so. Um. Touché. Again, the camera is the public's best friend. Hopefully this circulated footage will make its way back to the officer's superiors, who will hopefully assign him to an immovable desk that will never not be right where he expects it to be, even 24 hours later.Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
The idea that there's so-called "regulatory capture" of the Federal Reserve by the very Wall Street bankers they're supposed to regulate isn't one that's particularly surprising to anyone. It's been obvious for quite some time, but everyone in power has generally looked the other way about it. ProPublica and This American Life teamed up this week to reveal the the secret recordings of Carmen Segarra, a bank examiner of the Fed, who was supposed to be watching over Goldman Sachs. When she realized what was truly going on (basically, her bosses keep suggesting she tone down her criticism and concerns of Goldman), she bought a hidden recorder and started recording. The resulting story is astounding and incredibly revealing -- even if you already assumed much of it was true. Michael Lewis -- who's been reporting on Wall Street for decades -- describes the recordings as the "Ray Rice video for the financial sector", which may be a slight exaggeration, but the story is still quite telling. The report starts off by detailing how the Fed conducted a (for internal use only) study on how it totally missed the financial meltdown of 2008. And the answer won't surprise you, even if those close to the system claim they were surprised: The most daunting obstacle the New York Fed faced in overseeing the nation's biggest financial institutions was its own culture. The New York Fed had become too risk-averse and deferential to the banks it supervised. Its examiners feared contradicting bosses, who too often forced their findings into an institutional consensus that watered down much of what they did. From there, the story moves on to Segarra, who had been hired to be a senior examiner watching over Goldman Sachs. She actually tried to do her job, and for that was fired after just seven months on the job. She had discovered serious conflict of interest problems on certain deals, and then (on top of that) discovered that Goldman Sachs had no official "conflict of interest policy" that conformed with what was required by the Fed. When she wrote up a report on this, her boss insisted that she take out the claim that there was no policy, despite it being true. She was soon fired -- and then sued the Fed (and lost). However, this desire to whitewash embarrassment seems endemic at the Fed. It happened to the guy who wrote that report detailing the Fed's cultural problems: One New York Fed employee, a supervisor, described his experience in terms of "regulatory capture," the phrase commonly used to describe a situation where banks co-opt regulators. Beim included the remark in a footnote. "Within three weeks on the job, I saw the capture set in," the manager stated. Confronted with the quotation, senior officers at the Fed asked the professor to remove it from the report, according to Beim. "They didn't give an argument," Beim said in an interview. "They were embarrassed." He refused to change it. The report goes on to detail how quickly the Fed seemed to take orders from Goldman Sachs. There was a situation in which a Fed examiner, Michael Silva, expressed concerns about a probably-legal, but still ethically-questionable, deal that Goldman was involved in -- effectively moving around some shares in a Spanish bank to make the bank look fiscally more sound than it really was. But, expressing concern about the deal apparently wasn't allowed: Shortly after the Santander transaction closed, Segarra notified her own risk-specialist bosses that Silva was concerned. They told her to look into the deal. She met with Silva to tell him the news, but he had some of his own. The general counsel of the New York Fed had "reined me in," he told Segarra. Silva did not refer by name to Tom Baxter, the New York Fed's general counsel, but said: "I was all fired up, and he doesn't want me getting the Fed to assert powers it doesn't have." This conversation occurred the day before the New York Fed team met with Goldman officials to learn about the inner workings of the deal. In the audio version on This American Life, you can hear the incredible sequence in which Silva "fires up" his team to go confront Goldman about a specific problem with the deal (the other bank had required to get the Fed to sign off and say there were "no objections" and Goldman hadn't done so). However, then there's the recording of the meeting that happens right after Silva talks about going in and asking this important question -- and Silva doesn't get around to asking it until an hour into the meeting, and does so incredibly meekly, basically backing off the question before he's even finished answering it, handing Goldman an out. There's also audio of other Fed employees talking about how they should almost apologize to Goldman for all their questions, out of fear that Goldman (1) will think they're being "critical" of the bank and (2) won't share information on future deals (even though they're legally required to do so). It's classic regulatory capture. The Fed guys -- who literally work in the building with Goldman -- want the Goldman guys to like them. There's a lot more in the report, leading to a point in which Segarra is basically told to not be so good at doing her examiner job, but to instead build more relationships. The Fed employee doing the scolding, Segarra's supervisor who used to have her job, points out that she's upset some people with her brusque language, her "sharper elbows" and the fact that she was "breaking eggs." Segarra points out that she's doing her job and, furthermore, doing a "good job" as well: "I'm here to change the definition of what a good job is," Kim said. "There are two parts it: Actually producing the results, which I think you're very capable of producing the results. But also be mindful of enfolding people and defusing situations, making sure that people feel like they're heard and respected." In other words, don't do your job quite so well, because you're pissing off people at Goldman Sachs. That eventually led to the fight over the conflict of interest policy. After investigating it for a while, having Goldman officials and Michael Silva directly admit that there was no real policy, suddenly Silva tells her she can't actually say that in the report she's writing up. This is because folks at Goldman got upset about it, pointing to a generally vague policy statement on conflicts of interests (which doesn't come close to actually being a policy), and insisted that they had a policy. "You have to come off the view that Goldman doesn't have any kind of conflict-of- interest policy," are the first words Silva says to her. Fed officials didn't believe her conclusion — that Goldman lacked a policy — was "credible." Segarra tells him she has been writing bank compliance policies for a living since she graduated from law school in 1998. She has asked Goldman for the bank's policies, and what they provided did not comply with Fed guidance. "I'm going to lose this entire case," Silva says, "because of your fixation on whether they do or don't have a policy. Why can't we just say they have basic pieces of a policy but they have to dramatically improve it?" Later in the conversation, Silva says that he "didn't get taken seriously" when he challenged higher-ups in the past over that shady banking deal, and thus Segarra should just give in to the higher-ups demands. A week later, she was fired. There's also this story, which Lewis summarizes: In meetings, Fed employees would defer to the Goldman people; if one of the Goldman people said something revealing or even alarming, the other Fed employees in the meeting would either ignore or downplay it. For instance, in one meeting a Goldman employee expressed the view that "once clients are wealthy enough certain consumer laws don't apply to them." After that meeting, Segarra turned to a fellow Fed regulator and said how surprised she was by that statement -- to which the regulator replied, "You didn't hear that." In the actual This American Life episode, the story is even more damning. There were other regulators (not from the Fed) there as well, who all heard it too. And they were all talking about (something that was confirmed by others there) and the other Fed employee insisted that Goldman must have been joking and no one should pay attention to it. The end result of all this: the banks run the show. I actually didn't find the full report to be quite as damning as Lewis does. Some of the issues raised by Segarra do appear to be slightly overstated, and there do seem to be reasonable explanations for some of the things she found questionable. But it doesn't change the overall issue, which is that the banks effectively control the regulator, not through direct intimidation (or at least not in ways that are directly evident in this report), but because the Fed itself seems unwilling to ever actually rock the boat and make sure that Goldman is held to account. Now, I'm among those who are concerned about situations involving over-regulation and government interference where it's not necessary. But we should also be concerned about companies that are simply too powerful, and are able to engage in activities that abuse market power to harm the public -- and to engage regulatory capture to rubber stamp them. This episode shows how that's apparently the norm on Wall Street.Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
In what I'm sure is a huge coincidence, a petition at We the People was submitted Sept. 19th asking for the government to label "Copblock.org" (and any variation) members as "domestic terrorists." [h/t Police State USA] This seems to follow news of Austin police officer Justin Berry's designation of these organizations as "domestic extremists" far too closely to be just some sort of random happening -- more or less within five days of the information first being exposed. Here's the stupidity in full: CopBlock.Org and its affiliates on social media are often applauding and encouraging violence towards law enforcement officers and their families. At times, they are even directly causing said violence in their communities, and then supporting each other online or in person for their illegal activities. I believe that many people who are active in this organization are committing terroristic acts by inspiring, inciting, or taking parts in acts that are designed to take human lives in cold blood for political gain. The statements made by this organization and its affiliates should be taken very seriously by local, state, and federal law enforcement agencies, and proper action should be taken to combat this. I believe the US DHS and FBI should monitor and investigate this Organization. Last things first, the DHS/FBI probably already monitor groups like this to a certain extent. Both work closely with local law enforcement and if local officers are complaining about being filmed or otherwise "harassed" by civilians, chances are certain reports have been kicked up the ladder to agencies with bigger budgets, more manpower and (especially in the case of the DHS) plenty of spare time to collect and collate information on Constitutionally-protected activities. Next, there's the unfounded accusations that these organizations are "directly causing violence." As I've noted earlier, police accountability organizations draw more than their share of people who can't articulate their objections to law enforcement tactics beyond vague threats and misspelled swear words, but those running these organizations (along with a majority of their members) do not encourage violence towards law enforcement members. Holding someone accountable for their actions does not mean acting as judge, jury and executioner. "...take human lives in cold blood for political gain." I can't even. Pushing for accountability through activism isn't a political sport. Law enforcement agencies aren't partisan entities. They don't check voter registrations before ordering people to stop filming or restraining someone into a coma/morgue. That's not how this works. At all. The petition stills needs ~95,000 signatures before it can be officially ignored, but at the rate it's going, it will never get there, despite pushes from law enforcement advocacy groups. About all that can be done with this information is a bit of data mining to determine which state harbors the most resentment towards police accountability. What this does definitely show is that there's a subset of law enforcement (and their supporters) that find the activities of these groups threatening, and are looking for any route at all to shut them down. The percentage of those seeking this is probably no larger than the subset of Copblock members who actively wish injury and death on law enforcement members. Just as Copblock shouldn't be judged by a vocal minority, neither should law enforcement advocates. To most, these groups are just another part of the job. Some handle the extra attention better than others but there's no concerted effort being made to shut them down. Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
Jonathan Corbett has been trying for years to get the courts to declare the TSA's pre-flight searches -- specifically body scanners and full-body patdowns -- a violation of the Fourth Amendment. So far, this has gone nowhere, with a lot of the blame falling on Corbett himself. Spending a great deal of time filing in improper venues has cost Corbett his most recent lawsuit at the hands of the 11th Circuit Court. The two-year gap between his filing with the Miami district court and the federal court system had led to his case being thrown out mainly on procedural grounds [pdf link]. Despite being instructed where to file back in 2010, Corbett didn't actually file in federal court until 2012, far surpassing even the most generous readings of filing limitations. Corbett failed to heed that advice, despite admonitions by the Administration, a magistrate judge, the district court, and our Court that we had exclusive jurisdiction over his petition. He instead pursued his Fourth Amendment challenge in the district court for nearly two years. Courts of appeals have excused a petitioner’s delay when the Administration caused a petitioner’s confusion, id. at 960, or when a petitioner unsuccessfully attempted to exhaust administrative remedies, Reder v. Adm’r of Fed. Aviation Admin., 116 F.3d 1261, 1263 (8th Cir. 1997), but Corbett has not alleged anything of the kind. His conduct—the “quixotic pursuit of the wrong remedies”—cannot excuse his delay. A "quixotic pursuit" it was, including a direct petition (which was refused) to the Supreme Court. But it wasn't completely futile. During his lengthy stay with the district court, sealed, unredacted documents filed by the government were accidentally uploaded by a court clerk -- documents that revealed the TSA itself doesn't believe terrorists are focused on bringing down airplanes. But it's the argument following "Alternatively, the Screening Procedure Is a Reasonable Administrative Search" that deals directly with Corbett's complaints. As is indicated in the subtitle, the TSA's pre-flight screening methods are both an "administrative search" (i.e., not requiring individualized suspicion) and "reasonable." But "reasonable" compared to what? The Fourth Amendment does not compel the Administration to employ the least invasive procedure or one fancied by Corbett. Airport screening is a permissible administrative search; security officers search all passengers, abuse is unlikely because of its public nature, and passengers elect to travel by air knowing that they must undergo a search. Hartwell, 436 F.3d at 180. The “jeopardy to hundreds of human lives and millions of dollars of property inherent in the pirating or blowing up of a large airplane” outweighs the slight intrusion of a generic body scan or, as a secondary measure, a pat-down. Corbett argues that the TSA could use less intrusive methods than patdowns and full-body scanners, but the court states that the Fourth Amendment does not demand a "least invasive" effort. It also doesn't demand the system be foolproof -- which the TSA's definitely isn't. It only requires a balance of the public's safety and its rights. An administrative search, especially with current full-body scanners that use a generic body shape when scanning flyers, does that. While the court's decision is more or less reasonable, it does indicate that there will not be a successful civil liberties challenge to the TSA's tactics anytime soon. Much of the discussion only deals with balancing the Fourth Amendment against worst-case scenarios, rather than the mundanity that is the millions of un-hijacked, unmolested flights that occur every year… year after year. “[T]here can be no doubt that preventing terrorist attacks on airplanes is of paramount importance.” Hartwell, 436 F.3d at 179; see United States v. Marquez, 410 F.3d 612, 618 (9th Cir. 2005) (“It is hard to overestimate the need to search air travelers for weapons and explosives before they are allowed to board the aircraft. . . . [T]he potential damage and destruction from air terrorism is horrifically enormous.”); Singleton v. Comm’r of Internal Revenue, 606 F.2d 50, 52 (3d Cir. 1979) (“The government unquestionably has the most compelling reasons[—]the safety of hundreds of lives and millions of dollars worth of private property[—]for subjecting airline passengers to a search for weapons or explosives that could be used to hijack an airplane.”); see also United States v. Yang, 286 F.3d 940, 944 n.1 (7th Cir. 2002). Finally, the federal government's unwavering belief that secret documents are still secret even when the public has already seen them is obliged. Despite being published in full by a clerical mistake, the court instructs Corbett to honor the purely symbolic sealing of previously exposed documents and denies him release from his non-disclosure agreement. The Administration filed under seal the proprietary information—an operations manual for an advanced imaging technology scanner—because the owner of the information marked the manual with the warning that customers “shall not disclose or transfer any of these materials or information to any third party” and that “[n]o part of this book may be reproduced in any form without written permission” from the company. We also grant the motion to seal the sensitive security information because Corbett has no statutory or regulatory right to access it. Sensitive security information is “information obtained or developed in the conduct of security activities[,]... the disclosure of which TSA has determined would... [b]e detrimental to the security of transportation.” "Detrimental," except that some of this information was already exposed and yet, planes kept flying and no terrorist activity was detected. So, rather than seeing a growing skepticism towards the government's claims that the TSA's screening procedures are the only thing standing between us and certain disaster, the court seems to be embracing them with just as much enthusiasm, 13 years after the 9/11 attacks. It cites various attacks that were thwarted (by passengers, no less) as all the evidence that's needed to support the government's claims, while apparently ignoring the TSA's own assertions that planes are no longer terrorism's favorite target. Corbett did a lot to sabotage his own chances of a win. The court's decision here just ensures it will be much more difficult for whoever follows in his wake. Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
We already wrote about how law enforcement was freaking out over the (good) news that Apple and Google were making encryption a default on both iOS and Android. Then we had a followup where a recently retired FBI guy insisted that such encryption would have meant a kidnap victim died... until everyone pointed out that the entire premise of that story was wrong and the Washington Post had to change the entire thing. We had hoped that, maybe, just maybe the misguided whining and complaining wouldn't come from those in charge, but apparently that's not happening. On Thursday, FBI boss James Comey displayed not only a weak understanding of privacy and encryption, but also what the phrase "above the law" means, in slamming Apple and Google for making encryption a default: "I am a huge believer in the rule of law, but I am also a believer that no one in this country is above the law," Comey told reporters at FBI headquarters in Washington. "What concerns me about this is companies marketing something expressly to allow people to place themselves above the law." [....] "There will come a day -- well it comes every day in this business -- when it will matter a great, great deal to the lives of people of all kinds that we be able to with judicial authorization gain access to a kidnapper's or a terrorist or a criminal's device. I just want to make sure we have a good conversation in this country before that day comes. I'd hate to have people look at me and say, 'Well how come you can't save this kid,' 'how come you can't do this thing.'" First of all, nothing in what either Apple or Google is doing puts anyone "above the law." It just says that those companies are better protecting the privacy of their users. There are lots of things that make law enforcement's job harder that also better protect everyone's privacy. That includes walls. If only there were no walls, it would be much easier to spot crimes being committed. And I'm sure some crimes happen behind walls that makes it difficult for the FBI to track down what happened. But we don't see James Comey claiming that homebuilders are allowing people to be "above the law" by building houses with walls. "I get that the post-Snowden world has started an understandable pendulum swing," he said. "What I'm worried about is, this is an indication to us as a country and as a people that, boy, maybe that pendulum swung too far." Wait, what? The "pendulum" hasn't swung at all. To date, there has been no legal change in the surveillance laws post-Snowden. The pendulum is just as far over towards the extreme surveillance state as it has been since Snowden first came on the scene. This isn't the pendulum "swinging too far." It's not even the pendulum swinging. This is just Apple and Google making a tiny shift to better protect privacy. As Christopher Soghoian points out, why isn't Comey screaming about the manufacturers of paper shredders, which similarly allow their customers to hide papers from "lawful surveillance?" But, of course, the freaking out continues. Over in the Washington Post, there's this bit of insanity: “Apple will become the phone of choice for the pedophile,” said John J. Escalante, chief of detectives for Chicago’s police department. “The average pedophile at this point is probably thinking, I’ve got to get an Apple phone.” Um. No. That's just ridiculous. Frankly, if pedophiles are even thinking about encryption, it's likely that they already are using one of the many encryption products already on the market. And, again, this demonizing of encryption as if it's only a tool of pedophiles and criminals is just ridiculous. Regular everyday people use encryption every single day. You're using it if you visit this very website. And it's increasingly becoming the standard, because that's just good security.Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
We remain absolutely baffled by the FAA's bizarre rules about drones. As we've noted, the FAA has said that you can use drones for fun, but if it in any way involves profit, it's not allowed. So you can use a drone to take photographs from the sky for personal use, but if you're a real estate agent trying to do a flyover of a house you're trying to sell, that's illegal. And while some people still claim that drone use should be limited so they don't interfere with airplanes, that doesn't seem to (even remotely) be the concern here, otherwise the personal use of drones would be barred too. But it's getting even more bizarre. Now, it seems that anyone who wants to use drones in anything close to an innovative way has to first go beg the FAA for permission. And the permission is sometimes given and sometimes withheld. Compare these two stories. The University of Michigan wanted to use drones to deliver the game ball before kickoff of a football game, but the FAA nixed the request. It's not at all clear why. This was for a sporting event, and it would just be for fun. It's hard to see how the use was "commercial" other than the fact that college football is big business. Meanwhile, compare that to the fact that the FAA is apparently granting permission to Hollywood to use drones to film things: In May, seven aerial photo and video production companies asked for regulatory exemptions (known as a 333 exemption) that would allow the film and television industry to use drones with FAA approval. Those seven companies and the Motion Picture Association of America (MPAA), were asked by the FAA to develop the guidelines and safety procedures under which they planned to operate. The FAA reviewed those procedures and is expected to approve the drone-specific rules and standards that will enable Hollywood to be exempt from existing aviation regulations. Of course, the report from Forbes notes, this actually took four years of back and forth with the FAA to get to this point. We've talked for a while about the concept of permissionless innovation and why it's important to keep the velocity of innovation moving forward at a rapid pace. Adding in this layer of bizarre, arbitrary and ridiculously slow regulation, and you're slowing down that pace. And while some say "does that really matter" for something as silly as flying drones, as we've noted, it's entirely possible that drones can create some amazingly powerful societal shifts. But each bit of "permission" needed along the way slows down that process and limits our ability to innovate and to adapt and adjust and learn.Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
If you've been reading Techdirt for a while, you probably know that we're not big fans of this myth: "If you're not paying for the product, you are the product." Regardless of whether or not you pay for something, some companies will still treat their customers horribly. Likewise, there are also some corporations that try to treat customers (or users) with respect without expectation of payment for the favor. That said, it's easy to make mistakes that get mis-interpreted when it comes to analyzing consumer behavior. An unintentional email message to a targeted (or even un-targeted) group of customers can enrage a whole community. Consumer data is available to a lot of companies, but it might be wise for these companies to tread lightly with their data scientists. Here are just a few cases that data miners might want to check out. Facebook participated in some social experiments, but creating an "emotional contagion" resulted in some unwanted public attention. The actual ability for a social network to measure or effect various emotions is far from proven, but the potential to cause widespread distress through a social network is probably something users should be concerned about. [url] Shutterfly made a seemingly small mistake in mass-emailing a bunch of its customers a congratulatory message about an upcoming newborn. The photo printing service wasn't even using data mining techniques (eg Target) to try to figure out who might be pregnant, but in this data-driven world, folks are trained to expect that companies may be trying to pry into their personal lives. [url] Social psychology has had some problems with scientific fraud, and thankfully, there are some investigators who are developing methods to find fake or massaged data. It's hard enough to actually design psych experiments that have conclusive results, but sometimes the data can't lie. [url] OKCupid admits to experimenting on its users, too. The difference with dating sites is that the people using them seem to be tacitly agreeing to be experimented upon. [url] If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
We recently sneered at the publicity rights law suit brought against video game maker Activision by dictatorship-maker Manuel Noriega over his portrayal in the Call of Duty game series. The idea of a foreign historical/public figure filing suit against an American company for publicity rights, which tend to be quite localized to individual states, seemed silly on its face. Add to the mix the dastardly acts by the plaintiff and there was a great deal of room for eye-rolling at this fight. Well, now a new combatant has emerged to defend Activision, and there's a small chance you'll recognize his face. Is it...Derek Jeter? No, it's former NYC Mayor Rudy Giuliani, who has decided to take up the sword for Activision and defend them in court against Noriega. It turns out that America's Mayor has since gone back to practicing law and he's asking for a dismissal of the case for the exact reasons I outlined in the previous post. Giuiliani told The Associated Press he took the case because he doesn't want the imprisoned Noriega to profit from his crimes, which include convictions for murder, drug trafficking and money laundering. Also, Giuiliani said that if the lawsuit is upheld, it could give historical figures and their heirs veto power over their depiction in books, television, movies and video games. The entire point here is that the First Amendment provides protection in fictional depictions of historical figures. That those depictions are so close in describing the criminal actions of Noriega, in this case as a kidnapper and murderer, don't relieve Activision of those protections. Opening the door to more suits by public and historical figures would be absolutely horrific for the areas of historical fiction, whether in games, novels or movies. Noreiga, by the way, is serving prison time for murder and corruption. "Noriega going after 'Call of Duty,' you should think of it as Osama bin Laden's family going after 'Zero Dark Thirty,'" [Giuliani] said. Hopefully the court will dismiss this nonsense quickly. On a related note, it's always nice to see a former politician come to the aid of new entertainment companies, video games in particular. Too often it's the other way around. Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
We've been covering the saga of Roca Labs for a few days now. This is the company that claims to make an "alternative" to gastric bypass surgery in the form of some "industrial food thickening agents" that (the company claims) will fill up your stomach and make you not want to eat. These claims are not FDA reviewed and an examination of the claims by a doctor found them to be questionable (to say the least). We became aware of the company because it had sued Consumer Opinion Corp., the company that owns the site PissedConsumer.com. The issue? Roca Labs has a terms of service that offers everyone a "discount" on its product if you agree to never, ever, say anything bad about the product ever (you also have to agree to share success stories with Roca and allow them to publicize those stories). In short, the terms of service are designed to only show positive results, and gag any negative results. Roca claims that it has to do this because results may vary, and negative results could be caused by other factors. Of course, doesn't that also mean that positive results could be caused by other factors as well? Either way, Roca Labs sued PissedConsumer on the hilarious legal theory that by offering a forum for unhappy customers to post their story, it was "tortious interference" because it encouraged people to break the terms under which people bought the product. As we noted, this legal theory is fairly laughable, and PissedConsumer's legal response makes that fairly clear as well. However, Roca Labs and its lawyers are apparently busy. They're not just suing PissedConsumer, but they're actually suing a customer who complained to the Better Business Bureau for "breach of contract" and "defamation per se." While her filing with the BBB included some statements that might reach the level of defamation, amusingly, Roca Labs does not attempt to show that her comments were false in any way. Rather, it relies on yet another ridiculously questionable term in its terms of service, saying that if you post something negative, it will automatically be considered "defamation per se." Here's the term: You agree that any such negative claim will constitute defamation per se I don't think that's how defamation law works. At all. Even if this woman's comments to the BBB are defamatory (and I'm not saying they are), you can't just have someone sign a contract saying that if they do something, they'll be guilty of defamation. Either way, all of this should make you wonder just what sort of company Roca Labs is in that it seems to not just sue its own customers for negative reviews, but to work so hard to stop negative reviews and to threaten and intimidate those who make complaints about their experience with the company.Permalink | Comments | Email This Story

Read More...