posted 22 days ago on techdirt
The "Washington Legal Foundation" claims to be a legal shop filing lawsuits to protect "free enterprise" and to fight needless government regulation. In the past, the organization has been closely associated with funding from Big Tobacco, and if you look at it's recent litigation efforts, it's almost all in support of Big Pharma and Big Copyright. They helped out on the Aereo case, for example, and sided with Monsanto in its (victorious) case arguing that planting your own seeds can be infringing patents. For a group that claims to be about getting government off your back and supporting free enterprise, it seems somewhat ironic that it appears to so strongly support centralized, government-granted monopolies in the form of copyrights and patents. Either way, WLF's Glenn Lammi recently wrote a piece for Forbes (which, these days, lets basically anyone with an agenda publish), arguing that cyberlockers are evil because they're all about raking in the big bucks from infringement. The article is sloppy and not particularly well argued, in part because it relies heavily on two recent studies (funded by the industry) that have already been debunked. Lammi ignores that part, because it doesn't fit with his narrative. You know it's going to be a bad argument when it trots out this classic trope: “Information wants to be free” is a standard rejoinder to criticism of online entertainment piracy Except, no, it's not the standard rejoinder. These days, it's mainly used as a strawman by people like Lammi who don't want to deal with actual arguments that are being made. Lammi goes on: Such a sentiment may motivate some copyright thieves, but profit, not ideology, drives the proprietors of “ cyberlockers” whose business is trafficking pirated entertainment content. A recent study by the Digital Citizens Alliance (DCA)—”Behind the Cyberlocker Door“— has laid bare that reality. These websites generate profit margins that lawful businesses can only dream of, and they do so on the backs of countless workers in the music, movie, and television industries. Of course, as we've noted for years, if cyberlockers were really so profitable, then shouldn't the response from the entertainment industry be to offer up such services themselves? Lammi, of course, leaves out that the DCA study was commissioned by the industry and that the methodology was so ridiculous that at least one company branded a "piracy haven" has already demanded a retraction of the report and an apology, claiming the report is defamatory. The methodology is clearly bogus. For example, it called Mega.co.nz a piracy haven because the researchers apparently have no idea how it works: For Mega the researchers looked at 500 files that were shared online. However, the overwhelming majority of Mega’s files, which number more than 500,000,000, are never shared in public. Unlike some other sites in the report, Mega is a rather traditional cloud hosting provider that’s frequently used for personal backup, through its desktop client or mobile apps for example. The files that are shared in public are the exception here, probably less than one percent of the total. And yet, DCA's bogus methodology insisted that the majority of files on Mega were infringing. Because they don't even understand how it works. That does not give confidence in the study -- or the fact that WLF is relying on it. Then there's the second study: A recent KPMG study found that nearly all of the most popular TV shows and movies of the past three years (which are, not surprisingly, also the most pirated), are available through video-on-demand services. Except, as discussed, that's totally misleading. What the study found was that all of those works were available on at least one of 34 different services. Of course, if you don't use all of those services, you might not be in luck. In fact, buried deep in the report was the more telling stat that if you used the most popular movie/TV service out there, Netflix, less than 20% are available. So, uh, no, contrary to Lammi's attempt to argue that the industry has done it's part, it has not. A vigorous debate has developed in recent years over numerous aspects of copyright protection. There can be little doubt, however, that cyberlockers are profitably inducing copyright infringement on a massive scale. The discussion should thus not be over whether infringement is occurring, but what measures legitimate businesses can take to deter and stop it. Actually, there can be plenty of doubt over that claim. Many of those sites rely on advertising, and anyone in the ad business knows that online ad rates are dropping precipitously, and many ad systems rely on clickthroughs. The folks surfing cyberlockers for free movies aren't exactly the kind of folks who click on ads. In fact, a lot of them likely use ad blockers. Yes, some cyberlockers make money from membership fees, but that just shows why the industry should be supporting authorized services like Netflix that provide a better service. And yet they don't. There are reasonable debates to be had here, but if you're basing your arguments off of debunked studies, don't expect to be taken seriously.Permalink | Comments | Email This Story

Read More...
posted 22 days ago on techdirt
"Erotic romance" publisher Ellora's Cave doesn't like the way a certain writer has portrayed its business woes. Rather than attempt to address the theories advanced by Jane Litte at Dear Author, Ellora's Cave has decided to sue her for defamation. Ellora's Cave has a problem with the post Jane Litte published Sept. 14th, entitled "The Curious Case of Ellora's Cave." In it, Litte questions the financial stability of EC. As she notes, EC is a powerhouse publisher in the erotic fiction world but its growth seems to have slumped at a time when it should have been expanding. As the world began to catch on to digital books and the Kindle was launched creating a second wave ebook revolution, Ellora’s Cave seemed poised to launch itself into publishing super stardom. It had thousands of backlist titles and it had launched many of the bestselling authors today–Bella Andre, Lora Leigh, Christine Warren, Beth Kery, Lauren Dane, Jaci Burton, to name a few. Yet something strange happened. Growth stagnated. In 2010, it was revealed that EC’s revenues were $5 million but a reported $6.7 million in 2006. How on earth was a digital publisher’s income declining in the biggest boom period of digital books? Litte entertains a few theories. Word of [Ellora's Cave co-founder Tine] Engler’s increasingly erratic behavior surfaced on odd places on the internet and then came the lawsuits. In 2008, former employee Christina Brashears iled suit for unpaid monies against EC. EC countersued. Brashears, Publisher and Chief Operating Officer, left and formed Samhain. Bad blood existed which culminated with EC agreeing to a settlement of undisclosed amount. The damages were alleged to be in the high six figures to low seven figures. EC’s behavior during this lawsuit was so egregious, the judge commented on it in his ruling ordering damages to be paid to Brashears... In the Brashears lawsuit, EC was accused of inappropriately diverting funds to Tina Engler through overpayment of rent. In 2009, the prevailing market rent for the space EC was occupying in Akron Ohio was around $40K but EC was paying Engler close to $100K per month. EC was providing loans to various officers at no interest and there was no indication those loans were ever repaid. Emails to EC authors seem to confirm the bad news. Ellora's Cave is struggling. Some authors have reported late or completely missing royalty payments. EC is now saying that no partial work will be paid for and has shut down its authors' portal where writers (but only a certain number of them) could check on royalty payments. The most damning evidence that something's wrong at Ellora's Cave comes in the form of public records. According to Litte, these documents show that Tina Engler (the EC founder who had been receiving the allegedly diverted funds mentioned above) has had a tax lien placed against her by the state of Ohio for 5 of the last 6 years, ranging from $26,000 to $105,000 (nearly $400,000 total to this point). The lawsuit filed against Jane Litte claims (of course) that none of Litte's allegations are true and that the post itself is libelous. [PDF link] It mainly has a problem with this paragraph, which encapsulates most of the claims it refutes. A report from Ohio business record places Ellora’s Cave revenues at $15 million last year. So why is it that tax liens go unpaid as well as the salaries or royalties of creative individuals? It is unknown but it sounds like the money is being mismanaged at best and improperly diverted at worst. What’s the result? Many people believe that EC will close its doors before the summer is over but at least by the end of the year. If it enters bankruptcy, author’s intellectual property rights are part of the estate and can be sold off to the highest bidder. EC's attempt to stifle criticism (the suit asks for $25k in damages as well as a permanent injunction prohibiting Litte from publishing any further "libelous" content as well as demanding the removal of her Sept. 14th post. Litte has chosen to fight back, gaining not only the support of many authors and bloggers, but the valuable legal assistance of a name familiar to Techdirt readers. Jane Litte, the pseudonymous editor of Dear Author, announced this morning that she had hired the big guns to defend her in this lawsuit, noting that: "she has retained the services of Marc Randazza, and he and an Ohio colleague will provide the defense in this case. You can find out more about Randazza at his firm’s website, and in this piece at Popehat, Marc Randazza: First Amendment Badass." That's possibly the worst news anyone filing a dubious defamation suit could hope to receive. Now EC will have to face Randazza on top of possibly having to do something it clearly doesn't want to: turn over its financial records. As Litte noted above, a previous lawsuit filed against EC over owed monies resulted in a judicial smackdown of Tina Engler and her various legal representatives -- specifically related to their failure to produce requested information. EC refused to give up documents such as tax returns and ledgers during the litigation.   The failure to respond the request for documents impaired Brashear’s ability to proceed with her claim.   EC blamed it on their first lawyer who they fired.   EC retained new counsel but the pattern of delay and duck continued.   Brashear filed a motion for sanctions (a request asking the court to punish EC for its delinquent behavior).   The court granted the motion after EC and its counsel failed to show up for a hearing.   EC asked the court to set aside the sanction and promised it would deliver the documents requested by Brashear.   EC never did. The judge had this to say after both defendants and their new attorney failed to materialize for the hearing. Defendants willfully evaded the production of discovery, resulting in unnecessary delays of this case and increased legal fees.   Defendants’ actions in this case have crossed the line from a zealous defense to malingering, malfeasance, sabotage and delay. If Ellora's Cave wishes to demonstrate that Litte's claims are libelous (most of which appear to be delivered as opinions rather than statements of fact), it will have to present documentation of its royalty payments, as well as some detailing of Engler's discretionary spending. It wasn't interested in turning these documents over in 2009. There's no reason to believe (especially considering the ongoing tax liens against Engler) it's any more interested in doing so now. This suit, despite being fairly articulate about what it disputes, still looks like an attempt to silence criticism. If Ellora's Cave wanted to take Litte to court over speculations about financial mismanagement, it had several opportunities to do so in the past. Litte's coverage of the 2009 lawsuit uses the same Forbes stats as her recent post and asks the same question: why is Ellora's Cave struggling at a time when it should be showing record growth? This 2010 post also speculated that EC didn't have the cash on hand to pay damages, much less pay the funds contractually obligated to the complainant. The only new wrinkles here are the questions about EC owner Tina Engler's spending habits and the (documented) tax liens against her. Given the fact that EC likes to withhold documentation, it probably the last part being made public (so to speak -- tax liens are public records) that irks Engler the most. In asking for damages to be awarded, the lawsuit claims that this post is harming its relationship with its current writers and damaging its future earnings by warning authors away. Undoubtedly this is true, but a business owner with a half-decade of high-dollar tax liens would warn them away just as well, even without Litte's additional research and commentary. You can withhold royalties indefinitely (give or take a lawsuit) but you can't hold out on the government. If you do, your business is repo'ed and auctioned. and the slight possibility of this happening means authors' copyrights could end up in the hands of someone who feels even less obliged to pay off owed royalties, if they're even obligated to pay them at all. Those who were happy with EC may find themselves working for someone they don't like, but will be able to do very little about it. Another troubling aspect of the lawsuit is the request to unmask anonymous commenters, delivered by this slightly ominous sentence. Additionally, Plaintiff request that Defendants disclose the name of the anonymous commenters on the blog so that the spreading of the defamatory content can be stopped. Not only is this request another attack on speech, but it's unlikely to do anything more than subject other people to EC's litigious efforts. The "spreading" has already begun and getting a list of commenters' names isn't going to change that. EC's decision to sue has already caused more harm to its reputation than Litte's post could have done on its own. The news that EC wants to target commenters will only generate even more negative coverage. Permalink | Comments | Email This Story

Read More...
posted 22 days ago on techdirt
Yesterday, we mentioned the reports kicked off by Nate Hoffelder's research that Adobe was spying on your ebook reading efforts and (even worse) sending the details as unencrypted plaintext. Adobe took its sweet time, but finally responded late last night (obnoxiously, Adobe refused to respond directly to Hoffelder at all, despite the fact that he broke the story). Here's Adobe's mealy-mouthed response that was clearly worked over by a (poorly trained) crisis PR team: Adobe Digital Editions allows users to view and manage eBooks and other digital publications across their preferred reading devices—whether they purchase or borrow them. All information collected from the user is collected solely for purposes such as license validation and to facilitate the implementation of different licensing models by publishers. Additionally, this information is solely collected for the eBook currently being read by the user and not for any other eBook in the user’s library or read/available in any other reader. User privacy is very important to Adobe, and all data collection in Adobe Digital Editions is in line with the end user license agreement and the Adobe Privacy Policy. Some of the research into what's going on contradicts the claims of it only looking at books "currently being read," but even if that's true, it doesn't make the snooping any less disturbing. And while it may be true that Adobe has not violated its privacy policy (though, that's arguable), it really just highlights the stupidity of the concept of privacy policies. As we've noted in the past, the only way you get in trouble on privacy is if you violate your own privacy policy. And thus, the incentives are to write a policy that says "we collect absolutely everything, and do whatever we want with it, nyah, nyah, nyah," because that way you won't ever violate it. Since no one reads the policy anyway, and most people assume having a "policy" means protecting privacy (even if it says the opposite), privacy policies (and laws that require them) are often counterproductive. This situation appears to be a perfect example of that in action. Either way, the response is tone deaf in the extreme. Even if it's "in line" with the privacy policy, does that make it right or acceptable? Adobe makes no effort to respond to the concerns about this snooping on reading habits -- which can be quite revealing. It makes no effort to respond to the serious problems of sending this info in plaintext, creating a massive security hole for private information. While Adobe has told some that it is working on an update to "address" the issue of transmitting the data in plaintext, it's a bit late in the process to be recognizing that's an issue. The Ars Technica article notes that this may, in fact, violate New Jersey's Reader Privacy Act. EFF wonders about the similar California Reader Privacy Act and whether or not Adobe's efforts here completely undermine that law. Since Adobe's Digital Editions are commonly used by libraries (my local library uses it, which I've used to take out ebooks), it really raises some serious questions for those libraries. Librarians have a history of strongly standing up for the protection of reader privacy. In fact, for all the talk we've had recently about Section 215 of the PATRIOT Act and how the NSA abuses it, when it was first passed, the people who protested the loudest were the librarians, who feared that it would be used to collect records on what books people were reading! Some people even referred to it as the "library records" provision (even though it was eventually twisted into much more). And yet, here we are, a decade or so later, and Adobe has completely undermined this kind of trust and privacy which libraries pride themselves on. And, even worse, it's all in the name of some crappy DRM that publishers demand. Librarians and readers should be up in arms over this, and looking for alternatives. Adobe should stop with the bullshit crisis PR response and admit that they screwed up and that the product needs to change to better protect the privacy of individuals and their reading habits.Permalink | Comments | Email This Story

Read More...
posted 22 days ago on techdirt
We discuss moral panics, past and present, pretty frequently to make a key point: for all the fears you hear about today's technologies, there were similar (almost always unfounded) fears for new technologies in the past. And, in retrospect, almost all of them look silly. Among my favorites were when chess or the waltz were going to undermine society. However, the NY Times' archivist, Evan Sandhaus has an amusing example (via Mathew Ingram) concerning that time, back in 1878, when the NY Times editorialized against Thomas Edison's phonograph and aereophone, for the fact that they could destroy everyone's privacy. Here's just the beginning: You can read the rest at the link above or embedded below (oh yeah: and this was written in 1878, so contrary to the NY Times' totally bogus copyright claim on the PDF below, the content is public domain). The whole thing is hilarious, first railing against Edison (who has apparently "invented too many things") and then against the phonograph for destroying privacy and making it impossible for anyone to talk to anyone any more: THE AEROPHONE. Something ought to be done to Mr. EDISON, and there is a growing conviction that it had better be done with a hemp rope. Mr. EDISON has invented too many things, and almost without exception they are things of the most deleterious character. He has been addicted to electricity for many years, and it is not very long ago that he became notorious for having discovered a new force, though he has since kept it care- fully concealed, either upon his person or elsewhere. Recently he invented the phone- graph, a machine that catches the lightest whisper of conversation and stores it up, so that at any future time it can be brought out, to the confusion of the original speaker. This machine will eventually destroy all confidence between man and man, and render more dangerous than ever woman's want of confidence in woman. No man can feel sure that wherever he may be there is not a concealed phonograph remorseless gathering up his remarks and ready to reproduce them at some future date. Who will be willing, even in the bosom of his family, to express any but most innocuous and colorless views and what woman when calling on a female friend, and waiting for the latter to make her appearance in the drawing-room, will dare to express her opinion of the wretched taste displayed in the furniture, or the hideous appearance of the family photographs ? In the days of persecution and it was said, though with poetical exaggeration, that the walls had ears. Thanks to Mr. Edison's perverted ingenuity, this has not only become a literal truth, but every shelf, closet, or floor may now have its concealed phonographic ears. No young man will venture to carry on a private conversation with a young lady, lest he should be filling a secret phonograph with evidence that, in a breach of promise suit, would secure an immediate verdict against him, and our very small-boys will fear to express themselves with childish freedom, lest the phonograph should report them as having used the name of "gosh," or as having to "bust the snoot" of the long-suffering governess. The phonograph was, at the time of its invention, the most terrible example of depraved ingenuity which the world had seen; but Mr. EDISON has since reached a still more conspicuous peak of scientific infamy by inventing the aerophone--an instrument far more devastating in its effects and fraught with the destruction of human society. Yes, now we move on to the aerophone. The true worry of the moralists at the NY Times. For the aerophone, you see, can make voices louder. Fear the innovation: The aerophone is apparently a modification of the phonograph. In fact, it is a phonograph which converts whispers into roars. If, for example, you mention, within hearing of the aerophone, that you regard Mr. HAYES as the; greatest and best man that America has yet produced, that atrocious instrument may overwhelm you with shame by repeating your remark in a tone that can be heard no less than four miles. Mr. EDISON, with characteristic effrontery, represents this as a useful and beneficent invention. He says that an aerophone can be attached to a locomotive, and that with its aid the engineer can request persons to "look out for the locomotive" who are nearing a railway crossing four miles distant from the train. He also boasts that he will attach an aerophone to the gigantic statue of "Liberty." Which France is to present to this country, provided we will raise money enough to pay for it, and that the statue will thus be able to welcome incoming vessels in the Lower Bay, and to warn them not to come up to the City in case Mr. STANLEY MATTHEWS is delivering an oration on the currency, or Mr. Cox is making a comic speech at Tammany Hall. Were the aerophone to be confined strictly to these uses, it prove a comparatively unobjectionable intstrument; but no man can loose a whirlwind and guarantee that its ravages shall be confined to Chicago, or to some other place where it may do positive good. There is some talk about the threat of this horrible invention on "dumb wives" and "dumb husbands" which we will skip over here, and then it gets to the next fear: the public being overwhelmed with everyone blasting their speech for four miles with aerophones. Oh the cacophony. Our present vocal powers are always used to their full capacity. Everybody talks with about the same volume of voice, and when the aerophone comes into use, people will universally talk as loudly as the instrument will permit. When ninety-nine people out of a hundred converse with the aerophone, there will be such a roar of conversation that the hundredth person, who may speak in his natural voice, cannot be heard. We can only faintly imagine the horrible results of the general introduction of the aerophone. Wives residing in suburban Jersey villages will call to their'husbands at their places of business in the City, and require information as to subjects of purely domestic interest. Mothers whose children have wandered out of sight will howl over a four-mile tract of country direful threats as to the flaying alive which awaits James Henry and Ann Eliza unless they instantly come home. From morning till midnight our ears will be tortured with the uproar of aerophonic talk, and deaf men will be looked upon as the favored few to whom nature has made life tolerable. I love the fear of having to hear talk of "purely domestic interest." And, in the end, could anything less that the entire destruction of society follow as a result? The result will be the complete disorganization of society. Men and women will flee from civilization and seek in the silence of the forest relief from the roar of count- less aerophones. Business, marriage, and all social amusements will be thrown aside, except by totally deaf men, and America will retrogade to the Stone Age with frightful rapidity. Better is a dinner of raw turnips in a damp cave than a banquet at DELMONICO'S within hearing of ten thousand aerophones. Far better is it to starve in solitude than to possess all the luxuries of civilization at the price of hearing every remark that is made within a radius of four miles. It may be too late to suppress the aerophone now, but at least there is time to visit upon the head of its inventor the just indignation of his fellow-countrymen. Frankly, the whole thing is so over the top and outrageous that it almost feels like parody of similar moral panics, but it does seem to be legit. Consider this when comparing it to today's moral panics, like Google Glass, mobile phones in general, autonomous cars, personal drones and a variety of other technologies. Perhaps one day we'll learn not to pre-freak out, but it doesn't appear to be happening just yet.Permalink | Comments | Email This Story

Read More...
posted 23 days ago on techdirt
We've talked plenty about the near total failure of the NSA and others in the intelligence community to consider the costs associated with their "collect it all" mentality. Much of the intelligence community's views seem based on the idea that the surveillance efforts would always remain totally secret. The NSA, in particular, appears to have never thought it possible that something like the Snowden revelations might happen, and the intelligence community still seems to be scrambling to figure out what to do in response. In the meantime, however, the impact on the internet has been very real and ongoing. Senator Ron Wyden -- who was one of very, very, very few politicians in DC to be talking out (loudly) about this prior to Snowden -- is coming to Silicon Valley tomorrow for what looks to be quite a discussion with some top execs from the tech industry about the "impact of mass surveillance on the digital economy." With Senator Wyden will be Google chairman Eric Schmidt, Microsoft General Counsel Brad Smith, Facebook General Counsel Colin Stretch, Dropbox General Counsel Ramsey Homsany and Greylocks' John Lilly (former Mozilla CEO). In other words, it's a pretty high level gathering -- and it's open to the public. I'll be there to cover it for Techdirt, but for anyone in Silicon Valley, feel free to register to attend.Permalink | Comments | Email This Story

Read More...
posted 23 days ago on techdirt
Cloaking devices have been a part of science fiction and fantasy for ages, but so far, no one has really developed an invisibility cloak that works "like magic" without using some tricks that limit the effect to novelty illusions. Researchers are working on the problem, and there have been a few significant advances that are definitely getting better. Check out these videos to see how advanced physics is creating things that aren't quite indistinguishable from magic (yet). You can achieve some pretty nifty optical illusions with just a few standard lenses, such as this cloaking setup that looks almost too simple to work. There are also some simple things you can do with mirrors, but they're not quite as impressive because they only work under certain narrow conditions. [url] Metamaterials are getting some attention for their ability to create curious optical effects. Some metamaterials are nanocomposites that have been known since ancient times, but newer materials (with a negative index of refraction and other artificial properties) can be designed to create more controlled optical illusions. [url] Controlling light refraction can create a "cloaking" device of sorts that doesn't rely on lenses or mirrors or strange metamaterials. Simple prisms can be set up like mirrors and lenses, but the drawback for these kind of devices is also a limited range of viewing angles. [url] If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.Permalink | Comments | Email This Story

Read More...
posted 23 days ago on techdirt
If anything, the anonymous student should have been investigated for the egregious use of outdated slang. There’s no danger at Snow College after an anonymous former student threatened the school on Facebook, state officials said. No danger, because there was no threat. So, the past tense usage by "state officials" is completely wrong. Police believe the out-of-state male author of the post did not plan to hurt anyone, said Derek Walk, a campus police officer. Here's what was posted: Let's just say, homecoming weekend is gonna go out with a bang. And the football game is gonna be one no one is ever gonna forget. If you're like me, you're probably picturing lots of heavily drinking, possibly culminating in some gametime streaking. If you're like a lot of the commenters in this screenshot, you're apparently picturing a DHS-suspicion-raising shopping trip for pressure cookers and other fine explodables, followed by the opening scene of "The Last Boy Scout." Ultimately, no one was charged and locked up with insurmountable bail. Officers did serve a warrant to Google, which coughed up the IP address and ultimately tracked down the suspect. (Yes, I was also confused by this turn of events, but apparently one of the few roads to Facebook anonymity leads directly through Google Docs.) The only thing noticeably different was a larger police presence during that week, which went as routinely un-bombed as the countless weeks preceding it. No charges have been filed, nor does it appear there will be. Attorney General Sean Reyes praised the work of local officers. "We are pleased to have been part of this successful outcome," Reyes said in a prepared statement. Snow College President Gary Carlston added he’s happy no one was harmed over the weekend and is grateful for the officers’ quick response. Presumably, the student was fully cleared of any potential wrongdoing and mocked gently for his use of the phrase "going out with a bang" by an officer drawing the shape of square with his opposing index fingers. As usual, the thought process is: you can never be too careful. And while I appreciate the fact no one wants to be the one who ignores a potential threat because it doesn't sound scary enough, there's something to be said for not allowing a perpetual fear of rare, highly-isolated incidents to govern your official responses, much less your Facebook interactions. I personally think the anonymity aspect of the posting made it seem more threatening than one made by someone easily identifiable by other students -- something that would have allowed the use of context to frame the "confession." (And while we're on the subject, these same students don't seem too moved to report anonymous comments containing an actual specific threat, admissions of criminal behavior or use of slang even more outdated than "out with a bang.") I am, however, pleased that this incident didn't turn out like others have -- with someone arrested and/or facing excessive bail -- simply because panic has become the default mode in all school settings. Permalink | Comments | Email This Story

Read More...
posted 23 days ago on techdirt
As you may recall, in the wake of the Snowden revelations, various tech companies got into a bit of a spat with the US government over the right to disclose FISA orders received under Section 702 of the FISA Amendments Act. These orders are what made up the PRISM program that got so much early attention, with some early reports implying, incorrectly, that the tech companies had given the NSA full access to their systems under the program. The reality is that the 702 program includes specific FISA court orders for access to specific information, not blanket access. What's unknown is just how narrow or broad those orders are, and that's partly because of a gag order that comes with any of those FISA court orders. In response, a bunch of those tech companies filed a lawsuit arguing they had a First Amendment right to reveal the number of orders they had received. Further, they noted that due to the early, misinterpreted reporting, they needed to be able to reveal how many orders they received, and how many people it impacted, to correct the faulty record on their level of sharing with the NSA. In January, the tech companies and the DOJ settled the lawsuit, with the US government agreeing to specific ways in which tech companies could reveal some information on those orders, but in a very limited way. Basically they could reveal some information in "bands." Depending on how they revealed the info, it could be in bands of 250 people or bands of 1,000 people -- but if you chose the 250 option, you also had to lump in National Security Letters (NSLs), making the information even harder to parse. While this was progress over nothing, it was a pretty small step forward. That's why we were happy to see Twitter come out in February and say that, while those other companies (including Google, Facebook and Microsoft) had agreed to that settlement, it was not good enough for Twitter, and that the company would keep pushing for the right to say how many FISA orders it had received. Apparently those negotiations with the DOJ haven't gone very well, as the company has now sued the US government over the issue. Twitter claims that it even asked for the ability to publish a redacted transparency report, but the DOJ even tried to block that. The full filing is worth reading. Twitter seeks to lawfully publish information contained in a draft Transparency Report submitted to the Defendants on or about April 1, 2014. After five months, Defendants informed Twitter on September 9, 2014 that “information contained in the [transparency] report is classified and cannot be publicly released” because it does not comply with their framework for reporting data about government requests under the Foreign Intelligence Surveillance Act (“FISA”) and the National Security Letter statutes. This framework was set forth in a January 27, 2014 letter from Deputy Attorney General James M. Cole to five Internet companies (not including Twitter) in settlement of prior claims brought by those companies (also not including Twitter) (the “DAG Letter”). The Defendants’ position forces Twitter either to engage in speech that has been preapproved by government officials or else to refrain from speaking altogether. Defendants provided no authority for their ability to establish the preapproved disclosure formats or to impose those speech restrictions on other service providers that were not party to the lawsuit or settlement. Twitter’s ability to respond to government statements about national security surveillance activities and to discuss the actual surveillance of Twitter users is being unconstitutionally restricted by statutes that prohibit and even criminalize a service provider’s disclosure of the number of national security letters (“NSLs”) and court orders issued pursuant to FISA that it has received, if any. In fact, the U.S. government has taken the position that service providers like Twitter are even prohibited from saying that they have received zero national security requests, or zero of a particular type of national security request. These restrictions constitute an unconstitutional prior restraint and content-based restriction on, and government viewpoint discrimination against, Twitter’s right to speak about information of national and global public concern. Twitter is entitled under the First Amendment to respond to its users’ concerns and to the statements of U.S. government officials by providing more complete information about the limited scope of U.S. government surveillance of Twitter user accounts—including what types of legal process have not been received by Twitter—and the DAG Letter is not a lawful means by which Defendants can seek to enforce their unconstitutional speech restrictions. It will be interesting to see how far this lawsuit goes. Unfortunately, the courts are often willing to give great deference to the government when it insists things need to be secret, but there's always a chance that a court may recognize the problematic nature of how the government gags companies in this manner.Permalink | Comments | Email This Story

Read More...
posted 23 days ago on techdirt
Back in June, we wrote about an important ruling from a court in Oregon that found the process of getting off the Homeland Security "no fly list" to be unconstitutional. The government has continued to try to stall over this, but the judge has basically told the Justice Department to speed things up and to tell the plaintiffs whether or not they're still on the list, so that further legal action can move forward, if necessary (and, yes, it's likely necessary). From the official ruling: No later than October 10, 2014, Defendant shall identify to the Court and Plaintiffs which Plaintiffs, if any, will not be precluded as of that date from boarding a commercial aircraft flying over United States airspace. The court tells the US government that as soon as it realizes any of the plaintiffs shouldn't be on the list it needs to inform them of that fact, and for those that remain on the list, it needs to give a detailed reason: If Defendants determine after the interim substantive review of a Plaintiff's status that such Plaintiff is not presently eligible to fly over United States airspace, Defendants shall promptly and consistent with the Court's Opinion and Order of June 24, 2014: (a) give such Plaintiff notice of that determination; (b) give such Plaintiff an explanation of the reasons for that determination sufficient to permit the Plaintiff to provide Defendants relevant information responsive to such reasons; and (c) consider any such responsive information provided before completing the substantive reconsideration of such Plaintiff's DHS TRIP redress inquiry as ordered herein. It's pretty clear the judge finds the whole no fly list situation to be ridiculous, and the fact that these people haven't been able to fly for years with no recourse problematic: The Court notes the importance, complexity, and sensitivity of the issues raised and the remedies to be implemented in this matter preclude proceeding with undue haste. Nevertheless, in light of the fact that each Plaintiff has presumably been prevented from flying internationally and otherwise over United States airspace during the four years this matter has been pending, the Court concludes the time has come to resolve the claims of each Plaintiff on an individualized basis as soon as practicable. It seems entirely likely that the DOJ and DHS will continue to try to stall and delay, but Judge Anna Brown makes it fairly clear in her ruling that she's not interested in stalling attempts and will not treat them kindly.Permalink | Comments | Email This Story

Read More...
posted 23 days ago on techdirt
A few years back, we wrote a series of articles about an operation called Vision Media TV (and a variety of other rapidly changing names, including WJMK, United Media, World Progress Report, and Great America HD, among many others). The basic "business" of this operation was to get a semi-famous TV personality to be the "host" of a TV show, then go around pitching gullible businesses that it was a legitimate TV show on "public broadcasting TV" or "national public television" and that they wanted to do a profile on that small business. The scam was you just had to pay a "small fee" (usually upwards of $20,000). Oh yeah, and the claims of being on TV were somewhat dubious as well. Among the "hosts" we had mentioned back then, there had been Joan Lunden, Walter Cronkite (!?!) and Hugh Downs -- all three of whom backed away after they were called out for participating in a scam. You can see a legal filing from a few years ago that goes through this scam in rather great detail. The scam continued to morph. A few years ago, under the name "In Focus," it was "hosted" by Martin Sheen, until that got called out and was shut down. Then it was "Outlook with Ben Kingsley." But the basics of the scam were the same. The semi-famous or famous "host" obviously just comes in for like a day of reading intros on a cheap TV set, and then they show a "profile" on the company who paid big bucks. The claims of being on "public TV" are massively exaggerated to downright bogus. The NY Times did a big expose on this scam back in 2008. NPR did a detailed takedown in 2010. PBS itself has put out a warning to people not to believe the claims from these ever-rotating operations about their shows being on "public television." It notes that it has no association with any such show and PBS never solicits money from organizations to be on TV. But it keeps morphing, as evidenced by the Martin Sheen and Ben Kingsley versions, both of which happened long after those stories. The latest version uses the same basic playbook -- and this time the "talent" is famed football coach Jimmy Johnson, and the show is called "Leading Edge with Jimmy Johnson." The reason I know about this is because the somewhat clueless folks who work there decided to pitch Techdirt/Floor64 to be on the program (apparently unaware that we'd written about scammers like themselves before): My name is Barbara Rock, I'm the assistant to Mr. Bill Thomas who is the Sr. Producer for Leading Edge on National Public Television. If you're not familiar with the program, it's an interstitial news break that airs prime time in the U.S. on National Public Television just after The Nightly Business Report. The reason for my contact Mr. Thomas will be producing a few segments for our upcoming season highlighting innovative breakthroughs and solutions that are changing the way we live and work, and our research department has forwarded to Mr. Thomas a general profile on Floor64 as a possible invite to the program for this segment. If you have a few minutes one day next week, Mr. Thomas would like to discuss this with you in more detail, to learn more about Floor64 and to see if the organization would be a good fit for this segment. Note the careful word choice. "National Public Television," not PBS (though, a neat attempt to confuse with National Public Radio). Also, whoever is behind "Leading Edge" also is doing some fairly dodgy SEO work. They've registered a ton of domain names like "leadingedgeseriespbs.com" (and .org and .biz and many more) trying to imply an association with PBS that isn't really there. According to the Washington Post article linked above, they did the same with the Martin Sheen show, with numerous sites using combinations of "Martin Sheen" and "PBS" in the URLs, but with small disclaimers elsewhere saying they're not associated with PBS. That article also notes that the actual contract terms say that the videos "will be distributed" to "public Television stations in all 50 states," with potential "estimated viewership and reach for one year [of] 60 million households." Yes, again, carefully ambiguous language. By saying "distributed" it just means they'll send them out -- not that anyone will air them. I sought more information from "Barbara Rock" and she was rather straightforward in admitting that we would have to pay -- though she insisted that it wasn't a fee to be on the show, even though it clearly was: For starters this is not a “pay-for-play” where we would be asking Floor64 to buy airtime. As a matter fact Public TV does not sell commercials. An interstitial news break is the 5 min. between programs on Public Television. The only costs associated is a pre-production/underwriting fee of $18,900 plus travel. In addition to being featured on The Leading Edge program Floor64 would also receive a fully produced 5 min. corp. demo and a fully produced 1 min. commercial that would air primetime on CNBC 50 times in the markets of your choice. All production and distribution is included in the fee. Again, note the careful choice of words. You're not "buying airtime" -- just "pre-production, underwriting." Real TV programs don't do that. She also followed up on the claim about PBS/public television saying: Our program airs across the country on Public Television, some of which are PBS affiliated, however our segments run on all Public TV stations not just the ones that are PBS affiliated. Our presenting station is KRCB in San Francisco. So she claims they run on "all Public TV stations" which is clearly a bogus claim. Furthermore, if you click on that KRCB link, the URL suggests it was once about "Leading Edge" but now takes you to a "page not found" link, so if KRCB ever did show Leading Edge, that appeared to have gone away. I asked Barbara about this missing link, and she apparently decided I was asking too many questions, refusing any further responses. I also reached out multiple times to KRCB's senior executives, Nancy Dobbs and Larry Stratton, both of whom refused to respond to email and phone requests for comments. I'm not sure why, but that certainly seems fairly sketchy. However, before Barbara stopped responding to me, she did offer two examples of companies that had participated in the Leading Edge series as enticements as to why I might be interested: GigaOm and DocuSign. Now, I know folks at GigaOm, and they're not ones to be taken in by a scam like this. But, indeed, there they are, featured on the Leading Edge site. I reached out to people from GigaOm, and was told it was a video that was recorded years ago, and not for "Leading Edge." However, their response does suggest that, perhaps, GigaOm got taken in by a different version of the scam a few years back. They told me that "the video was produced and licensed to Public Television for limited distribution through May 2013." However, GigaOm "did not have any knowledge it was being used by Leading Edge nor did we authorize or condone its use for this purpose." The company further said that it is looking further into the matter and may "take legal action to prevent it from being used by Leading Edge in the future." No matter what, this seems like another version of the same old scam, tricking businesses into paying big bucks for questionable claims of being on "public television" on a show hosted by some celebrity. Indeed, if you do a search, you can find a bunch of businesses in press releases about how "Leading Edge with Jimmy Johnson" will "host an upcoming segment" on whatever it is that business is doing. Hopefully, with a bit more attention, Jimmy Johnson will back away from this, the same way Walter Cronkite, Hugh Downs, Joan Lunden, Martin Sheen and Ben Kingsley did in the past. But, of course, it seems likely the deal will just morph and be back with another semi-famous "host" soon after.Permalink | Comments | Email This Story

Read More...
posted 23 days ago on techdirt
Last week, the UK Home Secretary pitched the current UK government's plan to ramp up anti-terror laws to further stamp out privacy and free speech rights in the UK. This week, Keith Bristow, director general of the National Crime Agency, doubled down by arguing that he needs to teach the public that of course they need to give up liberty if they want security. He argues that "public consent" is necessary, but that legislation is "public consent" and thus he needs to help convince the public (or, really, Parliament) to cough up some liberty. He said: “If we seek to operate outside of what the public consent to, that, for me, by definition, is not policing by consent … the consent is expressed through legislation.” He added that it was necessary to win “the public consent to losing some freedoms in return for greater safety and security”. And while the famed Ben Franklin quote on "safety" v. "liberty" is mostly used out of context, that doesn't lessen the importance of the premise behind it. Giving up liberty for the sake of presumed (without evidence) security is a very dangerous game, often used by those who just wish for more control and power, not any actual concerns with safety and security.Permalink | Comments | Email This Story

Read More...
posted 23 days ago on techdirt
Ebooks have many advantages, but as Techdirt has reported in the past, there are dangers too, particularly in a world of devices routinely connected to the Net. Back in 2010, we wrote about how Amazon was remotely uploading information about the user notes and highlights you took on your Kindle. More recently, we reported on how a school was using electronic versions of textbooks to spy on students as they read them. Against that background, you would have thought by now that companies would be sensitive to these kinds of issues. But if Nate Hoffelder is right, there's a big privacy problem with Adobe's Digital Editions 4, its free ebook reading app. Here's what Hoffelder writes on his blog, The Digital Reader: Adobe is tracking users in the app and uploading the data to their servers. (Adobe was contacted in advance of publication, but declined to respond.) Specifically: Adobe is gathering data on the ebooks that have been opened, which pages were read, and in what order. All of this data, including the title, publisher, and other metadata for the book is being sent to Adobe’s server in clear text. Yes, not only is the app spying on you, but it is sending personal information unencrypted over the Net. And it seems that this is not just about the ebook you are currently reading: Adobe isn't just tracking what users are doing in DE4; this app was also scanning my computer, gathering the metadata from all of the ebooks sitting on my hard disk, and uploading that data to Adobe’s servers. These are all serious accusations, and completely unacceptable if confirmed. At the very least, an independent investigation by Ars Technica has now confirmed all of the important details, though Adobe has still stayed silent. However, this also highlights why many people prefer to use pirated editions without DRM, which can be read on any suitable software: not because they're free, but because they're better products in just about every way -- for example, in respecting your privacy. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 23 days ago on techdirt
A district court in Missouri has granted an injunction filed against the police in Ferguson for their ridiculous "5 second rule" that was used to arrest numerous protestors. The rule was that if you stood in place for more than 5 seconds, you could be arrested -- with the goal of (a) keeping protestors moving and (b) having an excuse to arrest a bunch of protestors. Mustafa Abdullah, with help from the ACLU, sued over this and the court has agreed that the rule is clearly unconstitutional, and thus a preliminary injunction has been granted. The court notes that standing in place for 5 seconds is not a legitimate standard to be used for Missouri's "failure to disperse law" (or any other law). First, the court doesn't buy the police's claim that the 5 second rule matches up with the failure to disperse law: This statute provides no defense to this suit for several reasons. First, people were not told to “disperse” – in other words, to leave the area. Instead they were told to keep moving. Second, the order was given even when there were fewer than six people gathered. The evidence included examples where the order was given to one person alone, to three people attempting to pray, to a reporter and one other person, as well as to larger groups. And the order was given to people who were doing nothing to indicate they intended to violate laws of any sort, much less to engage in violence. In fact, nearly all of plaintiff’s fact witnesses testified that despite gatherings that were peaceful and law-abiding at the time, officers told people they must keep moving or they would be arrested. Then there's the question of due process. And, once again, the 5 second rule is problematic: Plaintiff is likely to succeed on the merits of showing that the keep-moving policy violates due process in both ways. Of course, in this situation there is no statute or ordinance being challenged. Rather, it is an unwritten policy, given to officers at their roll calls, instructing them to order people to keep moving whenever the officers thought it was appropriate to do so. Some officers told everyone to keep moving, so if plaintiff was unlucky enough to be standing in the vicinity of those officers, he would be told to move. Some officers told people they would be arrested if they did not move, but at least one officer told people that they had to keep moving but probably would not be arrested if they failed to comply. Some officers interpreted the policy to mean that people had to walk at a certain speed, others told people that they could not walk back and forth in a certain-sized area. Some officers applied it to members of the press, while others did not. Plaintiff and his other witnesses testified that they could not tell what would or would not be allowed at any given moment. The rule provided no notice to citizens of what conduct was unlawful, and its enforcement was entirely arbitrary and left to the unfettered discretion of the officers on the street. This policy “necessarily entrusts lawmaking to the moment-to-moment judgment of the policeman on his beat.” See Kolender, 461 U.S. at 360 (brackets and quotation marks omitted). Like the gang loitering ordinance found unconstitutional in Chicago v. Morales, 527 U.S. 41 (1999), the keep-moving policy cannot meet constitutional standards for definiteness and clarity. And then the good old First Amendment: I conclude that it is likely plaintiff will prevail on the merits of his First Amendment claim, and given my conclusions about the Due Process claim, I need not at this time discuss the First Amendment issues in detail. The keep-moving policy – as it was applied to plaintiff and others – prohibited citizens from peacefully assembling on the public sidewalks. Although the state has a valid interest in maintaining order on its streets and sidewalks and in preventing violence by crowds, this interest is not sufficient to apply such a blanket rule to people assembling peacefully.... The evidence showed that the strategy burdened substantially more speech than was necessary to achieve its legitimate goals. In fact, one of the police witnesses testified that it only worked well during the daytime when there were no large crowds and no threats of violence – when the crowds grew unruly, telling them to keep moving was not an effective strategy. Thus, defendants’ own evidence shows that this strategy fails the requirement that “the means chosen are not substantially broader than necessary to achieve the government’s interest,” Nice to see this ruling, though it would have been nicer to have this earlier -- but hopefully it will at least prevent future such actions.Permalink | Comments | Email This Story

Read More...
posted 23 days ago on techdirt
Techdirt has been covering the "Comprehensive Economic and Trade Agreement" (CETA) between the EU and Canada for a while now. Or rather, trying to, given the obsessive secrecy that has surrounded the negotiations, just as it does for TAFTA/TTIP and TPP. However, the agreement's text has now been officially released (pdf) -- on the day that those negotiating it declared it finished. This means that at precisely the moment when the people most impacted get to see what has been agreed to in their name, there is no point in expressing their views, since nothing can be changed. This is the shabby trick that governments routinely pull for these kinds of deals: the public is promised that it will have its say once the final text is available, but when that moment comes, people are informed that obviously no changes can be made since it has already been finalized. However, in CETA's case, it's not quite so simple. During the ceremony marking the end of the negotiations, the leaders of Canada and the EU declared: Today marks a truly historic moment in the evolution of the Canada-EU relationship as we celebrate the end of negotiations of the Canada-EU Trade Agreement. Not "sign", but "celebrate". That's because Germany is threatening to withhold its support for CETA, as reported here by The Star: New doubts about the fate of Canada’s long-sought free-trade deal with the European Union have cast a shadow over a meeting Friday where Prime Minister Stephen Harper and senior EU officials were to celebrate the completion of five years of negotiations. A day before the Canada-EU summit in Ottawa, Germany signalled it won’t approve the landmark trade pact in its current form because of objections to the investor-protection measures included in the Comprehensive Economic and Trade Agreement (CETA). It turns out that CETA contains many other deeply worrying aspects. That's doubtless why the negotiators were so keen to keep the text secret, but now that we have it, detailed analyses are coming through. The first in-depth look at what's lurking among CETA's 1500 pages comes from the Canadian Centre for Policy Alternatives (CCPA), which has produced a document called "Making Sense of the CETA: An analysis of the final text of the Canada–European Union Comprehensive Economic and Trade Agreement". Even that runs to over a hundred pages; what follows are some of the key points that it highlights. Significantly, CCPA's analysis begins with the most contentious aspect of CETA, the investor-state dispute settlement (ISDS) chapter. It's crucially important not just because Germany is refusing to accept it, but also because it is likely to form the basis of a similar chapter in TAFTA/TTIP -- the European Commission included a draft version of the chapter as part of its public consultation on corporate sovereignty, offering it as a blueprint. One of the European Commission's repeated claims is that it will "fix" ISDS by making it clear that governments always retain the right to regulate, and that corporate sovereignty does not overrule that right. But CCPA's analysis shows why that is not true in CETA, despite similar claims there: The 'right to regulate' is mentioned three times in the agreement. In the preamble, the parties simply 'recognize' that the CETA protects the right to regulate ("RECOGNIZING that the provisions of this Agreement preserve the right to regulate..."), yet the text fails to clearly and unequivocally confirm this right, especially in the investment chapter. The other mentions are to be found in the labour and environment chapters, so that, in effect, the CETA shields the right to regulate from any international obligations to protect labour or the environment but not from all the detailed obligations in the investment chapter. Also in the environment chapter, the right to regulate is limited by formulations which require environmental policies to be implemented “in a manner consistent with the multilateral environmental agreements to which they are a party and with this Agreement,” meaning that environmental policies have to be consistent with the CETA -- not the other way round. CETA also includes a definition of "investor" that will make it easy for US companies to sue the EU using CETA and "treaty shopping", just as Philip Morris is suing Australia via its Hong Kong subsidiary: For the purposes of this definition an 'enterprise of a Party' is: (a) an enterprise that is constituted or organised under the laws of that Party and has substantial business activities in the territory of that Party”). The reference to 'substantial business activities' is not enough to prevent 'treaty shopping.' For example, U.S. investors in Canada would be able to use the CETA investment provisions and ISDS to challenge European state measures. One major surprise is found in the chapter covering regulation. Like ISDS, this is already a hot issue for TAFTA/TTIP, where many fear that national sovereignty will be sacrificed to the corporate kind. CETA shows another way in which this can happen -- and which is likely to be adopted in TAFTA/TTIP as well: Parties to the agreement have to ensure that the licensing and qualification requirements and procedures are based on particular criteria to preclude regulators from acting in “an arbitrary manner” (Article 2.1). Specifically, covered regulations will have to be: “a) clear and transparent; b) objective; c) established in advance and made publicly accessible” (Article 2.2). Parties have to ensure “that licensing and qualification procedures are as simple as possible and do not unduly complicate or delay the supply of a service or the pursuit of any other economic activity” (emphasis added) (Article 2.7). Making licensing procedures "as simple as possible" sets an absolute value on the ease with which corporations can get their projects approved to the detriment of all other considerations. The CCPA report explains how this new requirement could have a major impact on regulation: If a dispute panel interpreted "objective" to mean "not subjective," regulations could be overturned if they are based on the regulator's necessarily subjective balancing of different factors such as public input, the scenic impacts of a development and environmental considerations. For example: Dispute panels could determine that public input, environmental assessments and archaeological studies do not constitute a process that is "as simple as possible." CETA also provides some hints about the shadowy Regulatory Council that TAFTA/TTIP is likely to set up in order to ensure the convergence of future US and EU regulations. The danger here is that such a council will effectively vet or change new regulations before they are made public, and allow corporations with privileged access to government sources to prepare their lobbying well in advance. Indeed, that's exactly how CETA's "Regulatory Co-operation Forum" will work: Parties will endeavor to share "proposed technical or sanitary and phytosanitary regulations that may have an impact on trade with the other Party at as early a stage as possible so that comments and proposals for amendments may be taken into account." This means that information on future legislation could be shared with the other Party even before it has been shared with their Parliaments. If that were the case, the other Party could make amendments and comments before the country's own parliament got their hands on the draft legislation. These are just a few of the awful things that are starting to crawl out of the CETA text now that it has been exposed to some sunlight. CCPA's excellent analysis is grim but required reading, not just in order to understand what is in CETA, but also as a taster for some of the bad stuff that is likely to turn up in TAFTA/TTIP too. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 24 days ago on techdirt
Over the weekend, the NY Times revealed that it is the latest publication to receive notification from Google that some of its results will no longer show up for searches on certain people's names, under the whole "right to be forgotten" nuttiness going on in Europe these days. As people in our comments have pointed out in the past, it's important to note that the stories themselves aren't erased from Google's index entirely -- they just won't show up when someone searches on the particular name of the person who complained. Still, the whole effort is creating a bit of a Streisand Effect in calling new attention to the impacted articles. In this case, the NY Times was notified of five articles that were caught up in the right to be forgotten process. Three of the five involved semi-personal stuff, so the Times decided not to reveal what those stories were (even as it gently mocks Europe for not believing in free speech): Of the five articles that Google informed The Times about, three are intensely personal — two wedding announcements from years ago and a brief paid death notice from 2001. Presumably, the people involved had privacy reasons for asking for the material to be hidden. I can understand the Times' decision not to reveal those articles, but it still does seem odd. You can understand why people might not want their wedding announcements findable, but they were accurate at the time, so it seems bizarre to have them no longer associated with your name. The other two stories, however, again reveal the more questionable nature of this process: One Times article that is being shielded from certain searches in Europe is a report from 2002 about a decision by a United States court to close three websites that the federal government accused of selling an estimated $1 million worth of unusable Web addresses. The complaint named three British companies, TLD Network, Quantum Management and TBS Industries, as well as two men who it said controlled the companies: Thomas Goolnik and Edward Harris Goolnik of London. The case was later settled. Thomas Goolnik did not respond to messages left via social networking sites. Now, if the request was sent in by one of the Goolnik's, it seems especially questionable. The fact that they were involved in a legal dispute is relevant factual information, even if it was eventually settled. As for the other article... In the last of The Times articles, a feature about a 1998 production of “Villa Villa” by the ensemble called De la Guarda, it was much harder to divine the objection. Not a review, the article explored how the antic, acrobatic show was managing “to get a generation raised on MTV interested in seeing live theater.” It's unclear from that article what someone is upset about. There are a few people named (though many are Americans who aren't supposed to be filing for such requests). And, even with the quotes it's difficult to see how any of them could upset someone. The only thing that caught my eye is that the story quotes a "27-year-old art student" named Feliz Skamser. Skamser's quote is innocuous "It was like a dream, only more intense," but the very same sentence awkwardly inserts a quote from The Guardian (not from Skamser) calling the show "theater as good as sex." If people read the sentence quickly, perhaps some might think that Skamser said that latter quote -- and perhaps she was annoyed that people were associating her with a quote about sex? Or maybe she just doesn't want people to know she went to the theater? A search on her name will turn up that story on the American Google, but not the UK Google. Once again, though, we're left wondering how this setup makes any sense at all. If the information was accurate at the time, then why should it be removed?Permalink | Comments | Email This Story

Read More...
posted 24 days ago on techdirt
If you look closely enough at nearly anything, you're bound to find some fascinating details. With the right tools, you can see single-celled organisms are literally everywhere (and viruses are even more ubiquitous). The biodiversity of soil is obviously important to farmers, but there are other interesting things we can find out when we quantify the dirt under our feet. If you've ever wondered what's in dirt, check out these links on soil. Soil ecologists checked out some 600 samples of dirt from Manhattan's Central Park and discovered, surprisingly, that the soil contained almost 170,000 different kinds of microbes -- a similar biodiversity to soils found in far less urban locations. These soil researchers also found about 2,000 species of microbes unique to Central Park. [url] Prospecting for oil by looking for certain microbes in soil samples is a technique that's been around since the 1930s. With improving biotech, identifying microbes in oil fields could lead to faster and more accurate prospecting for energy-rich deposits. [url] There's a lot of life going on in soil (aka the pedosphere) with millions to billions of microbes in each gram of dirt. Additionally, fungi, protozoa, earthworms and nematodes are hopefully thriving in healthy soil that we just see plants growing. [url] If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.Permalink | Comments | Email This Story

Read More...
posted 24 days ago on techdirt
The CIA's spying on Senate staff members during the compilation of the "Torture Report" (last seen delayed until late October) provoked some righteous (but hypocritical) indignation from political figures who were otherwise fans of government surveillance of American citizens. Dianne Feinstein's dismay may have been genuine, but it was also completely tone-deaf. CIA director John Brennan said no spying occurred while also admitting some spying had occurred. Further details revealed by an Inspector General's investigation noted that spying continued after Brennan finally told everyone to knock it off, using a classified "hacking tool" to peer into Senate staffers' email accounts. Nothing further has been forthcoming about the subject. The DOJ said it wouldn't investigate the issue and calls for Brennan's resignation have been ignored. The Office of the Inspector General obviously has a deeper read on the tactics used and who was involved, but all the CIA's been willing to part with is a one-page summary. The one-page document points at impropriety but doesn't fill in the blanks. “That doesn’t give you any information about what actually happened, how purposeful this was, how high-level these people were,” EPIC associate director Ginger McCall told The Hill. “Were these high-level agency officials versus just minions down at the bottom?” “There’s not a lot of information in this and it certainly doesn’t say anything about what they’re doing to remedy the problem or how these people are being dealt with,” she added. “That’s what we’re interested in finding out.” EPIC is now suing the CIA over its refusal to respond to a FOIA request for the full report. The lawsuit [pdf link] notes that the group has "exhausted all remedies," which is certainly true if the "responding agency" doesn't bother to respond. EPIC is also asking for several more stipulations to be granted along with the release of the requested document. WHEREFORE, Plaintiff prays that this Court: A. Order Defendant to conduct a reasonable search for all responsive records; B. Order Defendant to promptly disclose to EPIC responsive records; C. Order Defendant to produce a Vaughn Index identifying any document or portion of a document withheld, stating the statutory exemption claimed, and explaining how disclosure would damage the interests protected by the claimed exemption; D. Order Defendant to grant EPIC news media status; E. Order Defendant to grant EPIC a fee waiver; F. Order Defendant to grant EPIC expedited processing; G. Award Plaintiff its costs and reasonable attorneys’ fees incurred in this action pursuant to 5 U.S.C. § 552(a)(4)(E) (2013); and H. Grant such other relief as the Court may deem just and proper. It may seem like EPIC is jumping the gun by pulling the trigger* on an FOIA lawsuit a mere two months after requesting the documents. But look at it this way: it could have waited for six months… or a year… and still have been ignored or denied. Leading with a lawsuit is nothing more than playing the FOIA game efficiently. If the responding agency doesn't bother to respond within the statutory deadlines, you may as fire off a lawsuit to get the process moving. *Shoutout to Thomas Friedman, yo! Permalink | Comments | Email This Story

Read More...
posted 24 days ago on techdirt
FBI Director James Comey was on 60 Minutes on Sunday, in a segment that will continue next week as well. Apparently next week is when we'll find out his views on mobile encryption and whether or not the FBI is spying on all of us, but this week, he gave us a tiny hint towards the end of the segment, in which he discusses why the internet is so dangerous. As far as I can tell, the summary is "don't open attachments" (i.e., the same advice that you've been hearing for a decade, and which has little to do with many internet threats today): Scott Pelley: Do people understand, in your estimation, the dangers posed by cybercrime and cyber espionage? James Comey: I don't think so. I think there's something about sitting in front of your own computer working on your own banking, your own health care, your own social life that makes it hard to understand the danger. I mean, the Internet is the most dangerous parking lot imaginable. But if you were crossing a mall parking lot late at night, your entire sense of danger would be heightened. You would stand straight. You'd walk quickly. You'd know where you were going. You would look for light. Folks are wandering around that proverbial parking lot of the Internet all day long, without giving it a thought to whose attachments they're opening, what sites they're visiting. And that makes it easy for the bad guys. Scott Pelley: So tell folks at home what they need to know. James Comey: When someone sends you an email, they are knocking on your door. And when you open the attachment, without looking through the peephole to see who it is, you just opened the door and let a stranger into your life, where everything you care about is. Scott Pelley: And what might that attachment do? James Comey: Well, take over the computer, lock the computer, and then demand a ransom payment before it would unlock. Steal images from your system of your children or your, you know, or steal your banking information, take your entire life. About the only thing I get from all this is that FBI Director James Comey is bad at analogies. Yes, you shouldn't click on attachments from unknown people, and you should even be careful about attachments from known folks. But that makes the internet the "most dangerous parking lot imaginable"? Perhaps the other thing I've learned is that James Comey doesn't have a very strong imagination.Permalink | Comments | Email This Story

Read More...
posted 24 days ago on techdirt
When Apple first launched the iTunes store for music, it had DRM deeply embedded in it. According to reports around the time, this DRM was a key part of allowing Apple to get into the business of selling music. The labels demanded strong DRM. It didn't take long for most people to recognize how the labels' own demands for DRM actually gave Apple tremendous leverage over the record labels by basically handing the market over to Apple while making it that much more difficult for a competitor to jump into the space. While, years later, Apple and the labels finally ditched the DRM on music, one of Apple's competitors, Real Networks had tried to hack its way around Apple's DRM, which was called FairPlay, with its own DRM, called Harmony, that more or less reverse engineered Apple's DRM. Apple responded by changing things so that Real's music wouldn't work on iPods (yes, this was back in the day of iPods). Real adjusted... and Apple broke it again. While all that went on a decade ago, a lawsuit over whether or not Apple's use of FairPlay to keep out Real's music violated antitrust laws appears to finally be heading to trial: In this lawsuit, plaintiffs are claiming the anti-Harmony measures in iTunes 7.0 broke antitrust laws, because it had the effect of illegally raising the price of iPods. Users were continually forced to either stop playing any songs they had bought from the Real store, or convert them to a non-DRM format, for example by burning the music to CD and then ripping the CD to their computer. That produced "lock-in" to the iTunes environment and increased consumers' "switching costs," the plaintiffs argue. Apple sought to have the lawsuit tossed out, but the judge is letting it go forward. While the specifics of this case now seem like ancient history, the eventual results, should it get very far, could be interesting for other makers and users of DRM (Amazon might want to pay particular attention). From the judge: That theory is intricate, but ultimately it amounts to a charge that Apple's release of 7.0 unlawfully maintained Apple's monopoly in the market for portable digital media players by making demand for iPods less elastic. Specifically, plaintiffs claim that 7.0 resulted in an increased "lock-in" effect for iPod owners who purchased songs online. Lock-in, according to plaintiffs' principal economics expert, "is a form of foreclosure that arises from actions that increase the cost to consumers of switching to a product that has better quality and/or a lower price.".... Plaintiffs offer expert opinion that Apple, by counteracting Harmony, "raised the cost of switching from iPods to competing portable digital media players by eliminating the ability of consumers to collect a library of downloads that could be played on all players." (Id.) That is, 7.0 made iPod owners unable to play songs purchased from iTS competitor Real and thus pushed them to make their online song purchases only on the iTS. As a result, it discouraged iPod owners from buying a competing, non-iPod digital portable music player when it came time to replace their iPods due to loss, breakage, or a desire to upgrade. (Id.) Such owners would have to either forego use of the songs they had purchased through Real (as well as any other online music store besides iTunes, though that is not part of the damages alleged in this case), repurchase such songs through other, iPod-compatible means (for instance, iTS or physical CDs), or convert music bought from Real into a non-DRM format, for example, by "burning" that music to a CD and then "ripping" the CD onto their computers in a file format with no DRM, from whence the songs could then be loaded on their iPods. These increased "switching costs," plaintiffs argue, locked iPod owners into continuing to purchase iPods, notwithstanding the allegedly similar or better quality of and lower prices of competing products. They also locked out owners of non-iPod portable digital media players who had downloaded songs from the Real store. The effect of both lock-in and lock-out, plaintiffs say, was to reduce competition in the market for digital portable music players and to reduce the price elasticity of iPods, which permitted Apple to charge a supracompetitive price therefor. While other DRM situations may not be quite as involved, the idea of using DRM as a form of lock-in, increasing switching costs is clearly a legitimate concern. Having DRM present a potential antitrust concern could make for some interesting situations for companies today who rely on DRM.Permalink | Comments | Email This Story

Read More...
posted 24 days ago on techdirt
A few weeks ago, we wrote about "Walter O'Brien," the guy who is supposed to be the basis of the CBS TV show Scorpion. The problem we had was that O'Brien made a ton of absolutely fantastical claims and, after doing a little fact checking, none of them seemed to check out. At all. Since a few people brought this up, let me make it clear: I have no issue with exaggerating on a TV show for the sake of good entertainment. I don't even mind bogus claims like "based on a true story" because, hey, Fargo was pretty awesome. If that's all that was going on, it wouldn't be a big deal and everyone could get on with their lives. What concerns me about the bogus Walter O'Brien story is twofold: (1) Gullible reporters simply repeat his claims without even the slightest bit of skepticism, which is just shameful reporting and (2) O'Brien and his friends aren't just making a TV show: they're trying to spin the TV show (which, as far as we can tell has close to no basis in reality) into a way to promote O'Brien's "business" with claims that are wholly unbelievable -- in that, literally, I don't think most of the claims are true. It worries me that some people will take the TV show's inflated claims at face value and think that throwing gobs of money O'Brien's way will get them the clearly exaggerated solutions the show is pitching. Last week, O'Brien appeared with Scorpion producer (and Justin Bieber manager) Scooter Braun at the "Techmanity"* conference in San Jose, and I went to the show hoping to talk to O'Brien and/or the producers of the show to see if they could help clear up the inconsistencies in his story (many of which we detailed in the original post). Instead, despite multiple requests, I was denied an opportunity to interview them before or afterward. They did appear to show up right before going on stage, and then I was told they had to leave immediately after (though, at least one other conference attendee posted a selfie with O'Brien well over an hour after O'Brien got off stage). Despite the agenda specifically promising a Q&A with O'Brien and multiple producers, there was no Q&A (and those other producers weren't even there). A microphone stand that had been present for Q&A during earlier sessions was removed prior to the panel, so it was clear that there was no intention of a Q&A at all. Instead, there were just more questionable claims from O'Brien, on a panel moderated by Fast Company's Chuck Salter, an "award winning" reporter who didn't seem interested in challenging a single claim from O'Brien, taking them all at face value. Fast Company, which co-produced the conference, and thus, perhaps, had business reasons for suppressing all skepticism, also wrote a big article again repeating the O'Brien myth, though that article appears to have been dropped behind a paywall. O'Brien tells some of the same stories he's told before -- claiming the company only hires people with IQs over 150 and that people with high IQs have "low EQs" and they try to help them on that front. This leaves aside the whole fact that the concept of "EQ" is pretty questionable in the first place and that even IQ is a pretty limited and misleading tool, which may be useful for determining some innate problem solving skills in kids, but means little once they reach adulthood. Once you're an adult, however, IQ is somewhat meaningless. That doesn't stop O'Brien from continuing to assert that he has an IQ of 197, and multiple publications to claim that he's either the "fourth smartest man" in the world or has the "fourth highest IQ ever recorded." As we noted in our original post, there is no public evidence that O'Brien actually even has such an IQ, let alone that it's the 4th highest ever recorded. In his Reddit AMA, Walter admits that the "4th highest" claim comes from just getting a 197 (still no proof shown) and using this table on the distribution of IQ to assume that he must be the 4th because a 197 IQ only should occur in 1 out of every 1.5 billion people, and then he estimated based on the number of people on the planet. Of course, for someone with such a high IQ, that shows a surprising lack of understanding how IQ actually works. He also notes that he took the Stanford-Binet IQ test, though he doesn't say when. If it was while he was a child (as suggested by his claim to have been "diagnosed" as a "child prodigy") then it's likely he took an earlier version of the Stanford-Binet test -- either the SBIV or the L-M, depending on when he took the exam. It seems noteworthy that modern research has noted that scales on the results of those two versions of the test should equal lower scores on the current SB5. The 197 score (assuming it's true), strongly suggests he took the L-M, which used a ratio scoring system, as opposed to the IV, which was standardized. As such, it also would mean that using the deviation chart Walter uses would be inaccurate, since the ratio score wasn't based on the same scoring system (you'd think someone with such a high IQ would recognize that). And, about all that would suggest was that, at a young age, he was likely far ahead of his peers, but that's about it. Either way, the whole "4th smartest man" in the world claim is clearly ridiculous. After some other chatter, O'Brien talks (again) about hacking NASA at age 13 (he still hasn't explained how Homeland Security came to get him at the time considering Homeland Security didn't exist and wouldn't be operating in Ireland, but details, details) and then hacking into banks at age 16. Then he says he was developing some software "image recognition software" which he notes he developed "for peaceful purposes" related to autonomous vehicles around that time "for the government and a private contracting group underneath the government" (not sure what that even means). Then he says that project got scrapped, and "the software got reused, without my permission, in the Gulf War" leading to "2600 casualties for civilians, because it was built for speed over accuracy." He notes that he "took that pretty hard." He then says he "didn't talk to anyone for about 18 months, I became scared of my own abilities." I can't see how any of that is even close to accurate. The timing of the first Gulf War would have coincided with Walter being in high school, which matches his story about being recruited by the non-existent DHS, but even if he was developing image recognition software at the time, from Ireland, for the US government (really?), the idea that even after his project would be scrapped that he'd then be told (as an Irish high schooler) that the same software was misused leading to 2,600 casualties? That's not happening. That leads to a discussion about how his company, Scorpion Computer Services came about. He claims he was just being asked to do usual computer things -- set up computers, install operating systems, set up printers, etc and the business just grew -- to the point that he was doing work on "localization." Of course, to some extent much of that might be accurate, and Walter's own LinkedIn page suggests he was working on a bunch of fairly straightforward (i.e., no "genius IQ" required) projects around localization. This is further supported by the "references" page on the Scorpion Computer Services website, which is basically just a bunch of reference letters from the late 90s referring to what appear to be fairly mundane computer jobs he held -- often with fairly muted praise. My favorite is this one in which a development manager merely "confirms" that Walter O'Brien worked there. Not explained is why the genius who is building amazing image recognition software for the US military is now working on Word Basic and Visual Basic for projects in Ireland... and apparently desperate for references to get a new job. Something doesn't add up. And of course, Walter still posts this letter from Steven Messino, claiming Messino is a "co-founder of Sun Microsystems." Yet, as we noted last time, Messino joined Sun years after it was a public company, and then as a "regional sales manager." O'Brien also leaves out the fact -- as seen on his own LinkedIn page, that he was a QA guy at The Capital Group from 2002 to through March of 2009 -- at which point, in the storyline, we're supposed to be believing that he was saving the world at Scorpion Computer Services. But, no matter, at the conference, O'Brien lists out the kinds of "projects" Scorpion was supposedly handling around this time: "Handle my divorce, put a shark tank in my office, build a casino overseas, choose winning race horses based on their DNA." I'm guessing these are plotlines for future episodes of the TV show. How much they're based in reality, well, that's anyone's guess. In past interviews, O'Brien has shied away from saying how much of the actual show is true, pretending that he can't really reveal it. Yet here, he at least suggests that the plots of the shows are almost entirely fictional (which makes sense, given the pure ridiculousness of the plots). So, for example, after a clip is shown of the TV version of Scorpion making a bunch of ridiculous assumptions to find a guy on an airplane with an analog phone turned on, O'Brien just says that "out in the desert" doing some testing they have to use "old Nokia analog phones, because it's the only thing that will pick up a signal -- so I knew that those old phones have a stronger signal." So, first of all, he seems to be admitting that the whole premise of calling the guy in the plane is made up -- it's just based on his personal experience with old analog phones out in the desert. Second, for a technical genius problem solver, he doesn't seem to have the faintest idea why analog works better out in the desert, or have much knowledge about wireless frequencies and the different ways in which analog and digital phones work. He later admits that the story of the plane flying low with the car driving under it was his "idea" (not based on reality) and that the director added the ethernet cable concept to make it "more exciting." In other words, Walter appears to reveal that he just tosses out some ideas about technologies, and then the writers create these crazy scenarios that have almost no basis in reality (the second show appears to have been equally as unreal, focusing on a "personalized virus" that was designed for a single person. Uh, yeah). Basically, this whole thing just continued to enforce the idea that Walter O'Brien's claims appear to be a Walter Mitty-esque imagining of the world he wants to live in, rather than one based on reality. Other stories claim that Scorpion Computer Services has "2600 people in 20 countries and over $1.3 billion in revenue" (that's from the Fast Company story). Yet, on LinkedIn I can find only 10 people who list Scorpion as an employer -- and some are merely "advisors." No, you don't expect everyone to list Scorpion or even be on LinkedIn, but 10 out of 2600 people? That's not particularly believable. Then there's the fact that the company's address is a UPS Store in Burbank, and the building shown on its website is actually a photoshopped image of the headquarters of German glass manufacturer, Glaskoch, based in Bad Driburg, Germany: In other interviews, he's directly said -- or often coyly implied -- that his work helped "stop two wars" (at 3:09 in this video), caught the Boston bombers (though this video just says the FBI used "the kind of technology" that was developed by O'Brien -- not that he actually developed, and presents no evidence the FBI even used similar tech, let alone O'Brien's), and searched for the downed Malaysian Airlines plane, saying his software was used "to make sure the crash site wasn't tampered with." O'Brien frequently plays up the fact that he's in the US on an EB1-1 visa, which he always notes is the "same one given to Albert Einstein and Winston Churchill." That may be true, but he makes it out like he and those two are the only ones who got this visa. Actually, thousands of people get one every year. In O'Brien's visa application he claims "he placed among the top programmers in the world in several international high-speed programming competitions, including a sixth-place finish in the 1993 Information Olympics, and first-place showings in the 1991 and 1992 Wisconsin International Computer Problem Solving Competition." Except, elsewhere reports have him coming in 90th in the 1993 Informatics Olympiad and sixth (not first) in Wisconsin. So, did he lie on his visa application too? The various companies that O'Brien is associated with have websites that are filled with gibberish rather than actually supportable claims. "We saved $43 billion in opportunity risks over a five-year period." That doesn't make any sense. "We invented an efficiency engine that performs 250 human years of work every 1.5 hrs with over 99% improvement over human error." An old, now deleted, part of the Scorpion website hilariously claimed that Scorpion Computer Services was a venture fund with $204 billion (with a b) under management. It also claims that it had a 7200% return in 1999. This was on his website in 2003 -- the very same time he was doing QA for The Capital Group. Odd. The "ScenGen" software that Walter frequently touts as being able to "exhaustively... think of" and then "execute... all user actions" appears to just be a rather straightforward system for inputting a bunch of variables and brute forcing every possible combination. The documentation on it suggests that you can solve NP-complete problems, like the traveling salesman problem, just by running every possible solution through a computer program. While you, of course, could run through all possible scenarios, that's... not a particularly useful or intelligent way to solve complex problems. Walter has hinted that one of the reasons he "went public" now is because Wikileaks revealed some of the projects he's worked on. Indeed, there is this page on Wikileaks from the hacked and leaked Stratfor emails, showing Walter trying to reach out to the founder of Stratfor, George Friedman, in 2009 saying "we should talk" and including a PowerPoint about ScenGen... and a resume for Walter which does not mention Scorpion Computer Services (and also lists himself as a "tech specialist" at Capital Group, rather than "Tech Executive" as his LinkedIn now claims). In 2009 -- at which point we're now supposed to believe Scorpion has been in business for 25 years. Yet, the email is sent from Walter's MSN.com email address. It also says nothing of his supposed image recognition skills, but focuses on his QA, compliance and globalization work. It also includes the same 1990s press clippings that Walter promotes on his website. There doesn't appear to be any reply or any other Walter-related info on Wikileaks. In the presentation, though, we learn that this masterful bit of programming called ScenGen is less than 200kb in size and produces output like this: The more you dig, the more of the same you find. Former co-workers of O'Brien's have shown up in comments or reached out to me and others directly -- and they all say the same thing. Walter is a nice enough guy, works hard, does a decent job (though it didn't stop him from getting laid off from The Capital Group), but has a penchant for telling absolutely unbelievable stories about his life. It appears that in just repeating those stories enough, some gullible Hollywood folks took him at his word (and the press did too), and now there's a mediocre TV show about those made up stories. Again, I'm all for fictionalized TV. And O'Brien, Braun and others associated with the show keep claiming that they're doing this to help "smart kids" not feel like outcasts (though, I'd think the success of Silicon Valley and the internet in general, is doing a much better job of that...). And that's great. But, telling highly questionable stories that seem easily debunked doesn't seem like a good way of helping people. It just feels... like a fraud. In fact, the story continues to remind me of the similar case of Shiva Ayyadurai. In both cases, you seem to have guys who had a certain amount of fame about their computer programming prowess as teenagers, and where both of them still keep those newspaper clippings from their youth around and frequently highlight them and show them off as if it's proof that they did, in fact, amount to something great later in life even if the actual details of their lives don't quite match the hype. They both seem to cling to those predictions of their youth as if they had to come true. In both cases, they successfully convinced some folks -- notably, a gullible press -- to spin the fictionalized account as being something more. I have no problem with people exaggerating and puffing up their own stories -- that's pretty common. But when it's being used in a way to fool the press and the public and take credit where little is deserved, often with ulterior motives in mind, that seems problematic. Side note: in nearly 20 years of conference attending, Techmanity appeared to be one of the worst organized events I've ever attended. In many ways, it felt like the Walter O'Brien of conferences -- making lots of fantastical claims that didn't hold up to much scrutiny ("Silicon Valley's Biggest Annual Gathering"? Not even close. They held the "Techmanitarian Awards" which was described as an "Exclusive, VIP celebration" yet anyone could have just wandered in -- and, even then not too many people did, "the most dangerous and disruptive startups on the planet" not even close). The event organizers appeared to figure out a way to get a few famous Hollywood/music industry folks (Jared Leto, Weezer, Troy Carter, Scooter Braun, Thievery Corporation), but very few actual tech minds. The whole thing seemed designed to get as much money out of sponsors as possible, with little thought to the actual content of the event, beyond "ooh, famous people, the sponsors will love that!" There was lots of talk about "bottom up" creations and the end of powerful top down efforts, yet almost no sessions had any interactions (only a few even had basic Q&A). The pinnacle of poor organizing was highlighted by the scheduled promise of a free showing of Brian Knappenberger's documentary on Aaron Swartz, The Internet's Own Boy, at a local movie theater in San Jose. A bunch of attendees trekked over to the theater only to be told the theater had no idea what any of us were talking about. On contacting the media relations people at the conference we were told that someone "forgot" to actually set that up, despite it being on the agenda. A bunch of angry conference-goers were left pondering what to do outside the theater. I feel particularly bad for the various startups who must have paid a pretty penny to be part of "Startlandia" a bunch of startup kiosks that went mostly ignored. Some I spoke to flew in especially for this event, expecting something with a lot more substance. Instead, they got a Potemkin Village of a tech conference. Finally, at least the "media" side of the event was organized by Racepoint Group. I knew the name sounded familiar -- and then remembered that the CEO of Racepoint is Larry Weber, the PR "guru" behind the Shiva Ayyadurai story. I don't know if/how Racepoint is connected to the whole Scorpion thing, but at the very least, the connection is an amusing coincidence. Perhaps there's a PR business to be built in building up fake tech heroes.Permalink | Comments | Email This Story

Read More...
posted 24 days ago on techdirt
In the past, we'd been fairly worried about governments seizing website domains with little or no notice, but it's perhaps equally, if not more, troubling when it's done by private individuals and companies. This was one of our concerns with the original version of SOPA, which included a "private right of action." But, even though SOPA never became law (and the private right of action was dropped fairly early on), it appears that some courts are still allowing this to happen. Just a couple of months ago, we wrote about a troubling ruling in an Oregon district court that let a Filipino entertainment company seize a bunch of domains, in a process that was done under seal. In the past, we've seen other brands, like Chanel do the same thing. Louis Vuitton has also tried seizing domains. The latest such example seems especially troubling because no one has any idea what's fully happening, but it appears to involve Chan Luu, a jewelry and clothing retailer. The Internet Commerce Association notes that approximately 5,000 domains appear to have been seized, handed over to a private "receiver" who is now trying to sell those domains -- for no clear reason. One of the victims, Michael Berkens, who lost some of his domains, has explained what little details he's been able to find out: Overnight I received a notice that several domain names I owned were transferred by a sealed court from Verisign without notice and of course without the court order. The domain names just were transferred by Verisign to another domain and are now listed for sale at another marketplace. Another domainer sent me an identical notice he received overnight on domain names he owned. The Domain names are now all owned by COURT APPOINTED RECEIVER – ROBERT OLEA and have been moved to Uniregisty as the registrar and are now listed for sale at domainnamesales.com The only information that Berkens received was the following email: Please be advised that Verisign has changed the registrar of record for certain domain names pursuant to a ***SEALED*** court order. The domain names identified below were affected by this action. Alexander the Great, LLC —————————————————————————– RETRACTIT.COM If you have any questions relating to these actions, please contact: David J. Steele Partner, Christie, Parker & Hale LLP Adj. Professor of Law, Loyola School 18101 Von Karman Ave, Suite 1950 Irvine, CA 92612-0163 office: +1 (949) 476-0757 direct: +1 (949) 823-3232 fax: +1 (949) 476-8640 email: david.steele@cph.com Thank you very much, The Verisign Transfer Dispute Team”” transfers@verisign-grs.com Others have tracked down that it has something to do with this case, but with the details under seal, it's all a bit of a mess. Here's Phil Corwin from the Internet Commerce Association: The only other available facts that we are presently aware of are that a copy of the “Clerk’s Certification Of A Judgment To be Registered In Another District” issued by the U.S. District Court for the Central District of California in the case of Chan Luu Inc. v. Online Growth, LLC et al is available at the Justia website, and the order was registered in the Florida Middle District Court. The other defendants in the case are “Grant Shellhammer et al”. There was a considerable time lag in this proceeding, with the original judgment entered in California on May 23rd, the certification dated September 8th, and the domain transfers occurring around October 2nd. The damages granted to plaintiff are $200,000 plus interest, court costs and attorney fees; we note that there is a strong possibility that the domains transferred in this case may have an aggregate market value far in excess of that total judgment, and that is likewise disturbing. The California court document covers domains that are identical or confusingly similar to Plaintiff’s CHAN LUU mark – but we’re not sure if the domain cited by Mike in his article, RETRACTIT.COM, or any of the other transferred domains fit in that category. Chan Luu is a retailer of jewelry, accessories, and ready-to-wear clothing based in Los Angeles, and so far as can be discerned makes no commercial use of the term “retractit”, so it is unclear why that domain was covered by the court order. This is problematic on many, many levels -- and is exactly why we've been so concerned about any process that allows for domain seizures without any sense of due process. In this case, with all the details under seal and the domain owners having their websites simply ripped away from them with no explanation at all, it should raise serious questions about why courts are allowing this to occur. To take domain names away from people who aren't even parties to a lawsuit, based on a sealed document, and then to immediately put them up for resale seems sketchy beyond belief.Permalink | Comments | Email This Story

Read More...
posted 24 days ago on techdirt
The Washington Post editorial board has weighed in on the recent "controversy" over Apple and Google's smart decision to start encrypting mobile devices by default. The "controversy" itself seems pretty hyped up by law enforcement types who are either lying or clueless about the technology. Throwing a bunch of technically ignorant newspaper editors into the mix probably wasn't the wisest of decisions. Much of the editorial engages in hand-wringing about what law enforcement is going to do when they need the info on your phone (answer: same thing they did for years before smartphones, and most of the time with smartphones as well, which is regular detective work). It even repeats the bogus use of the phrase "above the law" that FBI director James Comey bizarrely keeps repeating (hint: putting a lock on your stuff isn't making you above the law). But the real kicker is the final paragraph: How to resolve this? A police “back door” for all smartphones is undesirable — a back door can and will be exploited by bad guys, too. However, with all their wizardry, perhaps Apple and Google could invent a kind of secure golden key they would retain and use only when a court has approved a search warrant. Ultimately, Congress could act and force the issue, but we’d rather see it resolved in law enforcement collaboration with the manufacturers and in a way that protects all three of the forces at work: technology, privacy and rule of law. Did you get that? No "back door," but rather a "golden key." Now, I'm not sure which members of the Washington Post editorial board is engaged in mythical "golden key" cryptography studies, but to most folks who have even the slightest understanding of technology, they ought to have recognized that what they basically said is: "a back door is a bad idea, so how about creating a magic back door?" A "golden key" is a backdoor and a "backdoor" is a "golden key." The two are indistinguishable and the Post's first point is the only accurate one: it "can and will be exploited by bad guys, too." That's why Apple and Google are doing this. To protect users from bad guys. In the meantime, just watch, and we'll start to see ignorant politicians and law enforcement start to echo this proposal as well, talking down "backdoors" and talking up "golden keys." The fact that we already had this debate in the 1990s, when the "golden key" was called "key escrow" and when having the government lose that was was fairly important in allowing the internet to become so useful, will apparently be lost on the talking heads. Still, a small request for the Washington Post Editorial Board: before weighing in on a subject like this, where it's fairly clear that none of you have the slightest clue, perhaps try asking a security expert first?Permalink | Comments | Email This Story

Read More...
posted 24 days ago on techdirt
Ever since the government first declared it had located the Silk Road server linked to Dread Pirate Roberts (Ross Ulbricht) thanks to a leaky CAPTCHA, there have been questions about the plausibility of this explanation. Ulbricht's attorneys suggested it wasn't the FBI, but rather the NSA, who tracked the Silk Road mastermind down. This suggested parallel construction, something federal agencies have done previously to obscure the origin of evidence and something the FBI actively encourages local law enforcement agencies to do when deploying cell tower spoofers. Technical documents filed in response to discovery requests seem to solidify the parallel construction theory. Brian Krebs at Krebs on Security and Robert Graham at Errata Security have both examined the government's filings (the Tarbell Declaration [pdf]) and noted that what the government said it did doesn't match what's actually on display. Krebs' article quotes Nicholas Weaver, a researcher at the International Computer Science Institute at Berkeley, who points out that where the FBI agents say they found the leak doesn't mesh with the server code and architecture. “The IP address listed in that file — 62.75.246.20 — was the front-end server for the Silk Road,” Weaver said. “Apparently, Ulbricht had this split architecture, where the initial communication through Tor went to the front-end server, which in turn just did a normal fetch to the back-end server. It’s not clear why he set it up this way, but the document the government released in 70-6.pdf shows the rules for serving the Silk Road Web pages, and those rules are that all content – including the login CAPTCHA – gets served to the front end server but to nobody else. This suggests that the Web service specifically refuses all connections except from the local host and the front-end Web server.” Translation: Those rules mean that the Silk Road server would deny any request from the Internet that wasn’t coming from the front-end server, and that includes the CAPTCHA. Weaver says that FBI agents would have been served nothing at all when attempting to access the server without using Tor. The server simply wasn't leaking into the open web. The more likely explanation is that the FBI contacted the IP directly and accessed a PHPMyAdmin page. Robert Graham's analysis of the documents notes something slightly different than Weaver, but still arrives at the same conclusion. Brian Krebs quotes Nicholas Weaver as claiming "This suggests that the Web service specifically refuses all connections except from the local host and the front-end Web server". This is wrong, the web server accept all TCP connections, though it may give a "403 forbidden" as the result. Even with this detail being off, the parallel construction theory still fits. Graham notes that the Tarbell Declaration (the filing that contains the official explanation of how the Silk Road server was accessed) is noticeably light on supporting documentation -- like screenshots, packet logs or code snippets. Now that the government has been forced to hand over more technical documentation, it's original story is falling apart. Since the defense could not find in the logfiles where Tarbell had access the system, the prosecutors helped them out by pointing to entries that looked like the following: 199.170.71.133 - - [11/Jun/2013:16:58:36 +0000] "GET / HTTP/1.1" 200 2616 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36" 199.170.71.133 - - [11/Jun/2013:16:58:36 +0000] "GET /phpmyadmin.css.phpserver=1&lang=en&collation_connection=utf8_general_ci&token=451ca1a827cda1c8e80d0c0876e29ecc&js_frame =right&nocache=3988383895 HTTP/1.1" 200 41724 "http://193.107.86.49/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36" However, these entries are wrong. First, they are for the phpmyadmin pages and not the Silk Road login pages, so they are clearly not the pages described in the Tarbell declaration. Second, they return "200 ok" as the error code instead of a "401 unauthorized" login error as one would expect from the configuration. This means either the FBI knew the password, or the configuration has changed in the meantime, or something else is wrong with the evidence provided by the prosecutors. The NSA as the purposefully-missing link makes sense. First off, Ulbricht's back end server was located in Iceland. Graham points out basic authentication was provided by this server via Port 80. If the NSA was monitoring traffic in and out of Iceland (as it is legally able to do), it could easily have captured a password for this server. Furthermore, the front end server (located in Germany -- also within the NSA's established dragnet) would return "forbidden" errors when accessed outside of Tor, but would not when accessing PHP files (as Weaver noted). To get to the admin page, other possibly non-NSA-related tactics could have been used. (Graham suggests a couple of different methods well within the FBI's technical grasp and abilities -- "scanning the entire Internet for SSL servers, then searching for the string "Silkroad" in the resulting webpage" or doing the same but correlating the results with traffic traveling across the Tor onion connection.) However, none of the above is suggested by Tarbell's recounting of the events. In fact, the official narrative is vague enough that almost any explanation could fit. Tarbell doesn't even deny it was parallel construction. A scenario of an NSA agent showing up at the FBI offices and opening a browser to the IP address fits within his description of events. Graham calls the declaration from Special Agent Tarbell "gibberish" (and points out that Ulbricht's opsec "sucks"). Ulbricht's legal team is still pushing for the government to explain why its declaration doesn't match the details it's handed over during discovery. A new filing by his attorney, Joshua Horowitz, isn't much kinder, calling the declaration "implausible." [pdf link] The presiding judge has given the government until the end of Monday to respond to Horowitz's filing… if it wants to. [pdf link] Defendant has submitted a declaration from Joshua Horowitz in support of his motion and request for an evidentiary hearing. If the Government has any response to the factual statements (and/or relevance of the factual statements) asserted therein, it should file such response by C.O.B., October 6, 2014 (if possible). The government may not feel compelled to respond. A filing from earlier in September (but added to the docket on Oct. 1st) suggests it's pretty much done discussing Ulbricht's "NSA boogeyman." [pdf link] In light of these basic legal principles, the Government objects to the September 17 Requests as a general matter on the ground that no adequate explanation has been provided as to how the requested items are material to the defense. Most of the requests appear to concern how the Government was able to locate and search the SR Server. Yet the Government has already explained why, for a number of reasons, there is no basis to suppress the contents of the SR Server: (1) Ulbricht has not claimed any possessory or property interest in the SR Server as required to establish standing for any motion to suppress; (2) the SR Server was searched by foreign law enforcement authorities to whom the Fourth Amendment does not apply in the first instance; (3) even if the Fourth Amendment were applicable, its warrant requirement would not apply given that the SR Server was located overseas; and (4) the search was reasonable, given that the FBI had reason to believe that the SR Server hosted the Silk Road website and, moreover, Ulbricht lacked any expectation of privacy in the SR Server under the terms of service pursuant to which he leased the server. Particularly given these circumstances, it is the defendant’s burden to explain how the contents of the SR Server were supposedly obtained in violation of the defendant’s Fourth Amendment rights and how the defendant’s discovery requests are likely to vindicate that claim. The defense has failed to do so, and the Government is unaware of any evidence – including any information responsive to the defense’s discovery requests – that would support any viable Fourth Amendment challenge. Instead, the defense’s discovery requests continue to be based on mere conjecture, which is neither a proper basis for discovery nor a proper basis for a suppression hearing. The response document notes that it has already responded with several documents, won't be responding to a host of other requests, but most tellingly, says the government is "not aware" of any supporting documentation for Agent Tarbell's declaration. (As noted by Robert Graham, the declaration as written is "impossible to reconstruct," with the lack of technical details being a large part of that.) 5. The name of the software that was used to capture packet data sent to the FBI from the Silk Road servers. Other than Attachment 1, the Government is not aware of any contemporaneous records of the actions described in paragraphs 7 and 8 of the Tarbell declaration. (Please note that Attachment 1 is marked “Confidential” and is subject to the protective order entered in this matter.) 6. A list of the “miscellaneous entries” entered into the username, password, and CAPTCHA fields on the Silk Road login page, referenced in the SA Tarbell’s Declaration, at ¶ 7. See response to request #5. 7. Any logs of the activities performed by SA Tarbell and/or CY-2, referenced in ¶ 7 of SA Tarbell’s Declaration. See response to request #5. 8. Logs of any server error messages produced by the “miscellaneous entries”referenced in SA Tarbell’s Declaration. See response to request #5. 9. Any and all valid login credentials used to enter the Silk Road site. See response to request #5. 10. Any and all invalid username, password, and/or CAPTCHA entries entered on the Silk Road log in page. See response to request #5. 11. Any packet logs recorded during the course of the Silk Road investigation, including but not limited to packet logs showing packet headers which contain the IP address of the leaked Silk Road Server IP address [193.107.86.49]. See response to request #5. Parallel construction matters, but the government claims it doesn't. It will probably continue to declare it a non-issue so long as the courts agree that Ulbricht's Fourth Amendment rights weren't violated. Ulbright's Fourth Amendment defense is admittedly a disaster, making claims that have nearly no chance of holding up under judicial scrutiny. The Silk Road indictment is a lousy test case for challenging parallel construction. But parallel construction spills over into purely domestic investigations where Fourth Amendment rights are supposedly guaranteed. As long as the "expectation of privacy" isn't violated -- according to the government's definition of what does and doesn't enjoy this "expectation" -- the origin of the evidence isn't really up for discussion, according to the government's own filing. And what the government says here is that what was ultimately obtained matters more than how it was obtained. Parallel construction covers up invasive surveillance and investigative tactics, providing courts with evidence that looks clean but was illicitly gathered. Permalink | Comments | Email This Story

Read More...
posted 24 days ago on techdirt
Compare and contrast: Product A Alerts for terms used in Chat or Texting. Access to videos as well as web, camera and cell phone images loaded on device. Review & delete images. Email, Print or Save results. View Internet History Log. Keystroke logging. Product B View sent/received text messages. Access chatlogs. Look at photos, videos, music stored on device. View visited sites and bookmarks. Alerts for suspicious words. One of these products is handed out by law enforcement agencies. One just had its creator arrested after an FBI investigation. Product A is ComputerCOP, a deeply-flawed set of tools that allows parents to spy on their children's computer activities, provided they don't mind getting hundreds of false positives returned during searches or having passwords stored as plaintext by the built-in keylogger. Product B is StealthGenie, a piece of software aimed at giving the inherently suspicious (or routinely cuckolded) person surreptitious access to everything on their significant other's phone. The full set of features included are astounding, including location info, email access, eavesdropping via the built-in mic and the perverse ability to lock or wipe someone else's phone. It's not that the FBI was wrong to shut down the sale of this software, even if it does sound like the sort of thing the agency wishes it could deploy rather than terminate. It's that the law enforcement-approved tool set overlaps so heavily with something aimed at tearing the digital roof off someone else's life. ComputerCOP -- unlike the more (necessarily) targeted StealthGenie -- doesn't ultimately care who's using the device it's installed on. You may just want to track your kids' internet activity, but anyone who uses it while it's activated will have their web history -- along with any keystrokes entered -- automatically logged. If anything, ComputerCOP is a cheap, legal alternative to StealthGenie, even if it's strictly limited to personal computers. But one of these is being handed out by law enforcement agencies without any oversight (and with loads of misinformation). The other was the subject of a federal investigation. There's a certain amount of disconnection here, similar to law enforcement's use of encryption to protect themselves from criminals but wanting to deny the public the same option. Just replace "StealthGenie" with "ComputerCOP" in these statements from the FBI's press release and see if it ultimately makes any difference. [h/t to Techdirt reader Will Klein] "Selling spyware is not just reprehensible, it's a crime," said Assistant U.S. Attorney General Leslie R. Caldwell. "Apps like StealthGenie are expressly designed for use by stalkers and domestic abusers who want to know every detail of a victim's personal life -- all without the victim's knowledge." “StealthGenie has little use beyond invading a victim’s privacy” said U.S. Attorney Boente. “Advertising and selling spyware technology is a criminal offense, and such conduct will be aggressively pursued by this office and our law enforcement partners.” “This application allegedly equips potential stalkers and criminals with a means to invade an individual’s confidential communications,” said FBI Assistant Director in Charge McCabe. “They do this not by breaking into their homes or offices, but by physically installing spyware on unwitting victims’ phones and illegally tracking an individual’s every move. As technology continues to evolve, the FBI will investigate and bring to justice those who use illegal means to monitor and track individuals without their knowledge.” Spyware is spyware, whether it's sporting a uniform and a badge or an orange jumpsuit and handcuffs. Permalink | Comments | Email This Story

Read More...
posted 24 days ago on techdirt
So, as you probably heard last week, JP Morgan revealed more details of how it had been hacked, noting that the number of households impacted shot up to 76 million, thus impacting a pretty large percentage of Americans. The hack involved getting access to customer names, addresses, phone numbers and emails. It doesn't appear to have gotten anything else, but that's plenty of information to run some sophisticated phishing attacks that could lead to some serious problems. It's expected that the fallout from this could be quite long lasting. Almost immediately, politicians leapt into action... but not in any good way. They're cynically using this as an excuse to push questionable cybersecurity legislation. Specifically, Senator Angus King used it to push CISA, a bill that actually undermines privacy, rather than protect it, by giving companies incentives to share info more freely, opening up greater opportunities for leaks and breaches. CISA gives those companies a blanket get-out-of-jail-free card by taking away any liability in sharing such info. What no one explains is how something like CISA would actually have helped stop the JP Morgan hack. That's because it wouldn't have helped. Congressional supporters of cybersecurity legislation keep playing the "something must be done!" card, without ever bothering to explain how the something (CISA) will actually help. They just make vague promises that by somehow letting companies share info without liability, we'll magically all be better protected. Given the recent revelations about how government has regularly abused access to information, it's hard to accept the "just trust us" explanation for why companies should just hand over more information. Even worse is that King went for the FUD-based "cyber Pearl Harbor" claim -- one that's been trotted out regularly, usually by intelligence community folks who just want access to your data, when the reality is that even James Clapper has admitted that there's little real chance of such a thing happened. But that doesn't stop King: “Congress must work to pass legislation that will improve our capabilities and protect us against more attacks like these,” King added. “The next Pearl Harbor will be cyber, and shame on us if we're not prepared for it.” Okay, sure. Shame on us if we're not prepared, but how will this law help us prepare for it? This is a question that no one in Congress seems willing to answer. They just insist we have to "do something." King wasn't the only one: Sen. Ed Markey called the hack “yet another example of how Americans’ most sensitive personal information is in danger.” "It is time to pass legislation to protect Americans against these massive data breaches,” he added. Rep. Yvette Clarke tweeted that the U.S. “must keep up on cybersecurity.” Right, but again, how will the proposed law actually help? The problem is that no one answers because the truth is that it's unlikely to actually help keep companies and your data secure, though it might just make it easier for the intelligence community to get their hands on your data.Permalink | Comments | Email This Story

Read More...