posted 26 days ago on techdirt
The New York Times is reporting that the War on Encryption continues, with a renewed push for legislation the Justice Department couldn't talk Obama into. Federal law enforcement officials are renewing a push for a legal mandate that tech companies build tools into smartphones and other devices that would allow access to encrypted data in criminal investigations. F.B.I. and Justice Department officials have been quietly meeting with security researchers who have been working on approaches to provide such “extraordinary access” to encrypted devices, according to people familiar with the talks. [...] Against that backdrop, law enforcement officials have revived talks inside the executive branch over whether to ask Congress to enact legislation mandating the access mechanisms. FBI Director Chris Wray still has yet to hand over his list of agreeable security experts to Sen. Ron Wyden. Wray continues to assert there's a way to solve the "going dark" problem that won't involve make device encryption less secure, but every suggestion he offers involves making device encryption less secure. There are a few techies looking for solutions, and that small group may be who Wray believes can talk legislators into prepping a mandated access bill. A National Academy of Sciences committee completed an 18-month study of the encryption debate, publishing a report last month. While it largely described challenges to solving the problem, one section cited presentations by several technologists who are developing potential approaches. They included Ray Ozzie, a former chief software architect at Microsoft; Stefan Savage, a computer science professor at the University of California, San Diego; and Ernie Brickell, a former chief security officer at Intel. The solutions presented by this group are more of the same: key escrow, weakened encryption, or technological assistance mandates. None of these work out particularly well for customers, as each options provides additional attack vectors for criminals, not just law enforcement. So, even if Wray hopes to rely on more sympathetic tech experts, he's still going to run into the same facts: you cannot provide access to law enforcement without increasing the chance of access by criminals and state-sponsored hackers. It appears the DOJ isn't interested in letting the perfect be the enemy of the good. And why should it? It won't be affected by mandated access and/or weakened encryption. Those affected most will be members of the general public, and they simply don't matter when the FBI's agitating for destroying the encryption the public relies on to keep their devices and communications secure. [O]ne Justice Department official familiar with the deliberations contended that it might not be necessary to come up with a foolproof system, arguing that a solution that would work for ordinary, less-savvy criminals was still worth pursuing. Take a long look at that statement. This is the DOJ saying it's willing to sacrifice the security of millions of Americans to make sure it can round up the nation's least intelligent criminals. This isn't a balance anyone outside of the FBI's inner circle will be happy with. Wray and others routinely claim encryption is preventing them from solving serious crimes and hunting down dangerous criminals, but when all is said and done, it will apparently be satisfied locking up the most inept suspects. Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
As we've pretty well documented, the internet of things is a security and privacy shitshow. Millions of poorly-secured internet-connected devices are now being sold annually, introducing massive new attack vectors and vulnerabilities into home and business networks nationwide. Thanks to IOT companies and evangelists that prioritize gee-whizzery and profits over privacy and security, your refrigerator can now leak your gmail credentials, your kids' Barbie doll can now be used as a surveillance tool, and your "smart" tea kettle can now open your wireless network to attack. Security analysts like Bruce Schneier have been warning for a while that the check is about to come due for this mammoth dumpster fire, potentially resulting in human fatalities at scale -- especially if these flaws are allowed to impact integral infrastructure systems. But Schneier has also done a good job noting how nobody in the production or consumer cycle has any incentive to take responsibility for what's happening: "The market can't fix this because neither the buyer nor the seller cares. Think of all the CCTV cameras and DVRs used in the attack against Brian Krebs. The owners of those devices don't care. Their devices were cheap to buy, they still work, and they don't even know Brian. The sellers of those devices don't care: they're now selling newer and better models, and the original buyers only cared about price and features. There is no market solution because the insecurity is what economists call an externality: it's an effect of the purchasing decision that affects other people. Think of it kind of like invisible pollution." There's no quick fix for this problem. And as Schneier notes it's going to take the cooperation of companies, governments, consumers and independent groups to craft a solution, something that was already difficult enough during decidedly more sane times. Consumer Reports has been one of the few organizations to try and tackle this problem with plans to incorporate some open source security and privacy testing standards into its product reviews, to name and shame companies that turn a blind eye to this problem. Just about a year ago the organization noted it was working with privacy software firm Disconnect, non-profit privacy research firm Ranking Digital Rights (RDR), and nonprofit software security-testing organization Cyber Independent Testing Lab (CITL) on the new effort, which it acknowledged was early and requires public and expert assistance. This week these groups shed a little more detail on the new effort, which it claims is the first step in reinstilling some degree of trust in the internet of very broken things. The standard is still very much under development, and the groups are looking for your help in spreading the word: "We are focused on ensuring the Standard’s maximum impact by working across many constituencies to use and refine this tool as a metric for evaluating consumer software and hardware. Our goals are to educate companies on how they can use the Standard to improve their products, help consumer and digital rights advocates to leverage the Standard in their advocacy, and solicit feedback from the full range of stakeholders on how the Standard can be improved." The emerging standard would incorporate 35 different security and privacy testing standards into product reviews, with a heavy emphasis on the obvious need for quality encryption, non-default usernames and passwords, transparency as to what data is collected and who it's being sold to, more easily understood terms of service, and better government mechanisms to handle consumer complaints and enforcement against bad actors. Traditionally, IOT companies have disregarded these issues in both their business models and product design, creating Schneier's unaccountable "invisible pollution" (for example when your cheap ass Chinese security camera gets hacked minutes after being connected online, then contributes to historically massive DDOS attacks without your knowledge or consent). Convincing companies (especially when they're overseas and outside of regulatory authority) that contributing to the greater good benefits everybody in the long run hasn't been easy. As such, the OTI tries to make the case that over the long term, respecting privacy and embracing security standards should save everybody money, noting that firms like the Ponemon Institute have estimated that the average data breach in 2017 cost "responsible" businesses $3.5 million. Not to mention the costs of downtime from massive DDOS attacks like the one that targeted Dyn last year, or the costs of having to deal with regulatory action because of the lack of common security sense we've seen applied to everything from smart TVs to in-car infortainment systems. Still, the temptation to disregard security and privacy and just move on to marketing the next IOT product in the pipeline is a siren song that will be hard to compensate for (especially for overseas Chinese vendors), and it's going to take a massive, collective push to avoid some of the doomsday scenarios many security researchers have been warning about. Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
Just a quick update on the current craziness going on in the Swedish court system. In the middle of 2017, we wrote about the Swedish authorities raiding the offices of Undertexter, a site that provides fan-created subtitles of movies. Many people were confused by this, but the film industry has long branded fan-made subtitles as contributors to piracy, allowing people in foreign countries to download films and append the subtitles to watch them, rather than buying the localized version. The industry also argues that these subtitles are themselves copyright infringement, as they essentially reproduce the film's script in another language. Founder Eugen Archy was convicted of copyright infringement. Ever the fighter, he appealed, but now we learn that Archy has lost his appeal as well. On appeal, Archy agreed that he was the person behind Undertexter but disputed that the subtitle files uploaded to his site infringed on the plaintiffs’ copyrights, arguing they were creative works in their own right. While to an extent that may have been the case, the Court found that the translations themselves depended on the rights connected to the original work, which were entirely held by the relevant copyright holders. While paraphrasing and parody might be allowed, pure translations are completely covered by the rights in the original and cannot be seen as new and independent works, the Court found. The Svea Hovrätt also found that Archy acted intentionally, noting that in addition to administering the site and doing some translating work himself, it was “inconceivable” that he did not know that the subtitles made available related to copyrighted dialog found in movies. Now, the good news is that losing this appeal only results in his original conviction and punishment of probation and a $26,000 fine. All told, that isn't the craziest punishment we've seen for copyright infringement. Those caveats aside, let's all remember that Undertexter gave away the fan-translations it hosted. The site didn't sell them. They were offered for free. And for the crime of providing free translations in markets that are often underserved by Hollywood, he now has a copyright infringement conviction on his record and a five-figure bill to pay. Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
For no imaginable reason, Twitter continues to allow Turkish president Recep Tayyip Erdogan to cleanse the internet of stuff he doesn't like. This doesn't begin and end with Twitter -- other social media platforms have obliged the president as well -- but Twitter is where it's most quickly noticed that something has gone missing. Kurdish-American activist and attorney Samira Ghaderi recently saw one of her tweets memory-holed in response to a Turkish court order. Now, it's one thing when social media companies start geoblocking/vanishing posts originating in the country where the legal complaint was filed. It's quite another when they allow Turkish law to take precedence over US law, which is what appears to have happened here. I received a court order from Turkey demanding the removal of the tweet below on the ground that it violates TURKISH LAW. The order was requested by the holy sultan @RT_Erdogan. Shame on @Twitter for entertaining Turkey’s attempt to silence the voice of the people. https://t.co/kfMuuy9I1N — Samira Ghaderi (@Samira_Ghaderi) March 15, 2018 If you can't see/read the tweet, it says: I received a court order from Turkey demanding the removal of the tweet below on the ground that it violates TURKISH LAW. The order was requested by the holy sultan @RT_Erdogan. Shame on @Twitter for entertaining Turkey’s attempt to silence the voice of the people. The tweet that was censored on behalf of the offended president contained footage of a King's Carnival parade float in which RT Erdogan was portrayed as a "bloodthirsty monster." The video remains live… sort of. The video is still there but all video footage has been removed, replaced with an inky blackness apparently meant to give a bloodthirsty, monstrous president the respect he hasn't earned. Ghaderi has since reposted the video and that version remains live. So do screenshots pulled from the blacked-out video. But the original remains unviewable. And so a video shot in France and posted by an American is made unviewable via a court order sent from Turkey. Service providers aren't even doing Balkinization correctly. The fact is US companies have no business respecting Turkish laws that are wielded in this fashion. Doing so does nothing more than assist a despot in consolidating power, silencing critics, and stifling dissent. The world needs more of the latter and less of the former and social media platforms would better serve their worldwide user bases by refusing to be complicit in government censorship. Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
Thought the whole Bob Murray / John Oliver story was over with the judge making it clear Murray had no case and preparing to dismiss the whole thing? It appears that Murray cannot let it go. As first spotted by YouTubing lawyer Leonard French, Murray (not his lawyers) sent the judge a letter whining about the whole thing (check out French's video for a wonderful dramatic reading of the letter): Or just go check out the letter yourself (kudos to French for getting the document and posting it and doing the dramatic read, shame on the West Virginia courts for not having web-accessible electronic records, and a plea to French to stop putting lame ugly watermarks on public documents). Of course, the reason the letter is public is that (1) parties are not supposed to talk to the judge about their case without telling the other side, and (2) parties are not supposed to communicate with the court directly, rather than via their attorneys. And, thus, the judge added Murray's letter to the docket in the case, along with a bit of a benchslap: This date the Court received the attached unsolicited missive from the Plaintiff, Robert E. Murray. As it does not appear Mr. Murray forwarded copies of the same to Defense Counsel, pursuant to Rule 2.9(B) of the West Virginia Rules of Judicial Conduct, the Court has copied and enclosed the correspondence herein and filed the original in the Court's file. Mr. Murray's letter is an improper ex parte communication with the Court, therefore the request to reconsider the Court's decision cannot and will not be entertained. The Court respectfully requests Plaintiffs' Counsel to advise Mr. Murray against future ex parte correspondence which could result in sanctions against the Plaintiffs in this matter. In other words: don't do this shit, Bob. But, of course, the real joy is in Murray's letter itself, which is absolutely hilarious. It starts off talking about how disappointed he is in the ruling, which, sure, is understandable but it's totally improper to send a personal letter to the judge about it. We are deeply disappointed to learn that you intend to dismiss our lawsuit against Home Box Office, Inc., Time Warner Inc., Mr. John Oliver, and others (collectively "Defendants"). We will appeal that decision in due course. Right. If you (stupidly) decide to appeal this, your lawyers should appeal it in due course. Reaching out to the judge on your own is... not part of that "due course." The jobs of our 6,000 coal miners depend on me and my reputation. Right, then maybe you shouldn't have done a bunch of things that caused John Oliver and many others to mock you. And those mockable things include suing John Oliver for mocking you in the first place. Because the "harm" to your reputation was caused by you -- not John Oliver. There is no right in this country not to have people mock you, and considering how frequently Murray seems to be flag waving about how proud he is to be an American, he might want to take some time to read the First Amendment of the Constitution. So, if 6,000 coal miner jobs really depend on your reputation (which, also: citation needed), then perhaps the first thing you should do is improve your reputation (pro tip: sending a hilariously dumb letter to the judge in your case does the opposite of improving your reputation). My name is on the Company, and I am the one who our 140 lenders, our utility customers, the regulators, and the public look to in order to keep these jobs. You have enabled the Defendants to further destroy our miners' families. We write you today to inform you of the continued personal attack and harassment by the Defendants in this case. If your lenders and customers bail because John Oliver made fun of you, perhaps there are larger issues at play. And, of course, Murray presents no evidence that any such lender, customer, regulator or anyone else has done anything to the company as a result of Oliver's story, or the ruling in this case. As for "continued personal attacks," again I have to point you to the First Amendment. Personal attacks are protected. Making fun of you is protected. Telling you to "eat shit, Bob" is protected. This isn't even close. Telling the court that just told you such things are protected that such "personal attacks" have continued is not a compelling argument. It suggests someone is acting like a sore loser without even understanding why he lost. Just because you feel bad, Bob, it doesn't make it illegal. Indeed, just yesterday, the Defendants aired worldwide the enclose attack on the undersigned and our Compay, whereby John Oliver taunted us, once again, stating "Eat Sh-t Bob" and announcing that, once your order is issued, he will "gloat" and he will be "rubbing it in the face of the person that lost over and over again." Oooooooooooooh. He taunted you again. I mean, that's positively Pythonesque, and we all know how King Arthur v. French Knight turned out, don't we? This clearly demonstrates the vindictiveness and intentional destruction that the Defendants have caused. No. It means that you were mocked, had such thin skin that you sued in a case that you quickly lost, and thus were called out on filing a bad case (pretty mildly too, frankly). It doesn't show "vindictiveness." You know what shows vindictiveness? Suing a television comedian for reporting on your antics because you don't like how you were portrayed. And, really, if anyone's trying to "destroy" anyone, I think that honor must go to the person who sued someone for making fun of them, demanding "general damages," "special damages," "punitive damages," "attorneys' fees" and "a permanent injunction" against the person who made fun of you. It shows that these attacks will continue in perpetuity, as a result of your order. No, not as a result of the order. As a result of you doing silly, mockable things up to and including filing a lawsuit over someone expressing their opinion that things you did were silly and mockable. I am a dying old man, but our employees will pay for your decision. Nice baseless appeal to emotion. But, of course, if you're dying, then how does your earlier statement about how all these employees relying on your reputation for their jobs make sense? Does that mean once you die they're all out of work? If so, isn't that a bigger threat to their jobs? Further, since your ruling, we have been subjected to multiple insulting and threatening email and telephone messages, including these: "BOB, KISS MY A--"' "Hey Bob, I guess John Oliver f---ed you in your a--. You are a real evil piece of s--t"; "Consume defecation, Bob."; "What an old and selfish c--t of a human being. You and your industry are no longer relevant and the entire world knows it."; "Congratulations on having HBO make you look like a big fat lardass loser in court. Idiot.;" And "Ha ha you fat pig, you lost your lawsuit... burn in hell dr. evil." This is a very small sampling of the flagrant and extremely damaging personal attacks that we continue to receive on a daily basis. First off, Bob, thank you for sharing those. We never would have seen them otherwise. I'm assuming that Bob self-censored the dashes in the curse words, which is nice of him. But, really, the "consume defecation, Bob" statement is a really tremendous work of art. Oh, and Bob, defamation is not "people made fun of me and I'm sad." It requires false statements of fact made with actual malice. That's not what's happening. And you don't even bother to allege that's what's happening, because it isn't. Accordingly, we respectfully request that you reconsider your decision to dismiss this lawsuit and allow this case to proceed on the merits. What merits? There are no merits, which is what the judge has already made clear. Indeed, this lawsuit is extremely important to our employees, who rely on Murray Energy and me for their continued livelihoods, and to our lenders, customers, and suppliers who depend on our integrity and performance. We cannot sit idly and allow our jobs and livelihoods to be destroyed by the cruel and baseless attacks of these defendants. Wait. This lawsuit -- in which a key part is about John Oliver quoting one of your employees writing "Eat Shit Bob" on a bonus check he was voiding over safety concerns -- is "important" to your employees? You sure about that, Bob? And, again, it's not the people making fun of you that's "destroying livelihoods." The ACLU of West Virginia's Legal Director, Jamie Lynn Crofts, put out a nice statement in response to all of this: “Other than the fact that Bob Murray’s case against John Oliver is a ridiculous attempt to quell speech by abusing our legal system, it really is the gift that keeps on giving. With the disdain Mr. Murray has shown for our constitution and our legal system, I’m not surprised that he would also improperly try to influence a judge in this way (or with such a hilarious letter). Unfortunately for Bob, everything John Oliver has said on his show was and continues to be protected speech. It is, in fact, legal for anyone to say, ‘Consume defecation, Bob.'” Yes, all together now: Consume Defecation, Bob. Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
Cannes this week declared that the long-running festival would be banning streaming services like Netflix from being able to win the Palme d’Or. That said, festival leaders weren't able to offer a coherent reason why. Festival boss Thierry Fremaux apparently tried to offer something vaguely resembling an explanation to a variety of different news outlets, but wasn't particularly successful. Most of the arguments made by Fremaux to the press had something to do with Netflix being different (gasp) from the traditional film industry production and criticism model: "The Netflix people loved the red carpet and would like to be present with other films. But they understand that the intransigence of their own model is now the opposite of ours,” Thierry Fremaux said." The heart of the ban appears to be a fusion of protectionist concerns about how streaming could harm the traditional French film industry and brick-and-mortar theaters (aka: fear of competition). France has a cultural exception law that requires a percentage of all box office, TV and streaming revenues be used to finance homegrown and foreign films. That law also forces a very outdated and obnoxious release window: namely a 36-month delay between theatrical release and streaming availability. Streaming providers' disdain for such artificial and arbitrary restrictions has been ruffling feathers for years. In other words, this is really just the same old story about people making silly decisions because of fear of something new disrupting legacy business models that may not work as well in the modern era. But because Cannes just can't come out and admit that, we instead got a heavy dose of disdain for the internet in general: "Fremaux said the while new players like Netflix and Amazon are enabling directors to make big budget films, they are creating “hybrids” that aren’t TV and aren't quite film. “Cinema [still] triumphs everywhere even in this golden age of series,” he said. “The history of cinema and the history of the internet are two different things." It's 2018 and that's not entirely true anymore but who cares, get off my lawn! Cannes has previously banned made for TV movies to ensure a certain quality bar in competition. The organization appears to be using that ban to justify banning Netflix, despite the fact that Netflix is now spending billions on producing its in-house, award winning fare. Because many of these films only saw limited runs in theaters (or no run at all) doesn't automatically equate to low quality, and banning streaming services from awards isn't likely to magically save an industry unwilling to evolve. Of course this disdain for all things new isn't solely a French phenomenon. Stephen Spielberg recently stated that Netflix films shouldn't be allowed to win Oscar awards, though here too you'll notice that the justifications are arguably flimsy, with an attempt to equate "streaming" with inevitably low quality: "Once you commit to a television format, you’re a TV movie,” he told ITV News. “You certainly, if it’s a good show, deserve an Emmy, but not an Oscar. I don’t believe films that are just given token qualifications in a couple of theaters for less than a week should qualify for the Academy Award nomination." Why not? Who knows! If the content is awful it will get rejected from such competitions anyway. And trying to fend off streaming at this point is like trying to slow the flow of a river with just your hands. The move is pretty clearly an effort by Fremaux to project a certain standard of excellence (he also announced that selfies would be banned at this year's festival), but the message it's actually sending the world is more of the "I'm a Luddite" variety. Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
If you've been reading Techdirt for any length of time, you know how important it is to guard your data when browsing the internet. Today’s featured deal can help you do so. Get a 2-year subscription to NordVPN for $69, which comes with more than3,521 worldwide server locations in 61 different countries, offering secure internet access from just about anywhere. All data sent through NordVPN's networks is double-encrypted, and the service includes an automatic kill switch that protects your data should the VPN connection drop. NordVPN lets you connect six devices simultaneously, does not limit the amount of data you can send through the service, an encrypted chat function, and more. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team. Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
Assuming you haven't been living under a rock, you know that on Sunday night, porn star Stephanie Daniels (real name: Stephanie Clifford) did a big interview with Anderson Cooper on 60 Minutes. Much of what was in there had been previously reported, though this is the first time many of the claims came directly from Daniels herself. But there was one "big" new claim, which hadn't previously been reported, and which is now getting lots of attention. It's that when she first considered telling her story in 2011, someone threatened her pretty directly: Stormy Daniels: I was in a parking lot, going to a fitness class with my infant daughter. T-- taking, you know, the seats facing backwards in the backseat, diaper bag, you know, gettin' all the stuff out. And a guy walked up on me and said to me, "Leave Trump alone. Forget the story." And then he leaned around and looked at my daughter and said, "That's a beautiful little girl. It'd be a shame if something happened to her mom." And then he was gone. Anderson Cooper: You took it as a direct threat? Stormy Daniels: Absolutely. Stormy Daniels: I was rattled. I remember going into the workout class. And my hands are shaking so much, I was afraid I was gonna-- drop her. Anderson Cooper: Did you ever see that person again? Stormy Daniels: No. But I-- if I did, I would know it right away. Anderson Cooper: You'd be able to-- you'd be able to recognize that person? Stormy Daniels: 100%. Even now, all these years later. If he walked in this door right now, I would instantly know. Anderson Cooper: Did you go to the police? Stormy Daniels: No. Anderson Cooper: Why? Stormy Daniels: Because I was scared. That is the entire extent of the discussion about the threat. So here's an interesting thing. Almost as soon as this aired, the lawyer for Trump's main lawyer, Michael Cohen (yes, this is Trump's lawyer's lawyer), Brent Blakely, sent Daniels' lawyer, Michael Avenatti, a new threat letter, first posted by Maggie Haberman at the NY Times. The threat letter is quite a read. Here's what it says, in part: I am writing in connection with the false and defamatory statements that you and your client, Stephanie Clifford, a.k.a. Stormy Daniels, made on 60 Minutes this evening regarding Mr. Cohen, namely that he was responsible for an alleged thug who supposedly visited Ms. Clifford, while she was with her daughter, and made an alleged threat to Ms. Clifford. In truth, Mr. Cohen had absolutely nothing whatsoever to do with any such person or incident and does not even believe that any such person exists, or that such incident ever occurred. You and your client's false statements about Mr. Cohen accuse him of criminal conduct and constitute, among other claims, libel per se and intentional infliction of emotional distress. It would also appear that your statements of alleged criminal conduct are being made to obtain an advantage in a civil dispute, which is also improper. I hereby demand that you and your client cease and desist from making any further false and defamatory statements about my client, that you immediately retract and apologize to Mr. Cohen through the national media for your defamatory statements on 60 Minutes, and make clear that you have no facts or evidence whatsoever to support your allegations that my client had anything whatsoever to do with this alleged thug. So... uh... read the two separate quoted chunks again. Notice anything? Nowhere in the 60 Minutes piece does Daniels even come close to suggesting Cohen had anything to do with the thug. She notes she never saw the guy again, but would recognize him. She does not even mention Cohen in that entire segment. It seems like a fairly odd legal tactic to start screaming "cease and desist" over claims that were not made about your client. Though, of course, doing so might make some people a bit more interested in investigating whether or not Cohen did have anything to do with those threats... Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
Oh, good. Someone's trying to make journalism as dangerous as security research. A Canadian journalist who did something journalists do all the time is now facing the possibility of criminal charges for doing his job. A Radio-Canada investigation, with a team including reporter Antoine Trépanier, revealed that the executive director of the Big Brothers Big Sisters chapter in Gatineau, Que., falsely portrayed herself as a lawyer and practised law without a licence. Yvonne Dubé told Radio-Canada she knew nothing about the case and insisted she never represented anyone as a lawyer. Trépanier had talked to Dubé over the phone Monday, eventually offering a formal interview request for the story before it was published earlier this week. After initially accepting the interview, she declined it at the last moment. She instead spoke by phone. The next day, ​Trépanier sent an email reiterating the offer for an interview. Subsequently, Dubé contacted Gatineau police and made a complaint of criminal harassment against Trépanier. Trépanier was arrested Tuesday evening and he signed a promise to appear in court. Another chilling sentence follows. The Crown has not yet decided if charges will proceed. It seems like there should be nothing to decide. Obviously Dubé had zero interest in commenting on a story about her alleged impersonation of a licensed lawyer. Fine, but this scenario absolutely reeks of vindictive bullshit from a person who couldn't stop a negative story from being posted and felt she should spread the misery around. Needless to say, Trépanier's employer, Radio-Canada, is deeply concerned with this turn of events. The director of its French services says he's never seen anything like this in three decades of journalism. The police likely haven't either, but they're sticking to their guns. Gatineau police held a media briefing early Friday afternoon, where the force's director, Mario Harel, said "we have the obligation to listen to the victims ... regardless if [the accused] is a journalist, a politician, a star or an ordinary citizen." All well and good, but requests for interviews or comments are not anywhere in the neighborhood of "threats" that should make someone "fear for their safety." It's just part of the business. Sure, it's often an unpleasant part for those who'd rather not comment on articles uncovering their misconduct, but it's not even close to criminal harassment. If a journalist wants comments and a person doesn't feel like giving them, "no comment" is a great way to terminate these communications. A phone call and an email are pretty mild compared to hordes of journalists camping out on your street or chasing you around from place to place with a microphone in their hands. I can see how some journalists might cross the line into harassment on occasion, but the underlying facts don't suggest Trépanier did anything other than repeat his request once, using another form of communication. Even if charges are dropped, light bulbs are going off over heads of subjects of unflattering new stories. Why not subject your perceived tormentor to a little ride and possible rap? That an arrest was the immediate result of this complaint is enough to make journalists have second thoughts about contacting story subjects for comments or interviews. When subjects start complaining they weren't contacted before publication, they have Yvonne Dubé to thank for the new normal. Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
It's really quite incredible how, at nearly every turn, the New Zealand government has managed to mess up the legal case against Kim Dotcom. The raid on his house was later declared to be illegal, using invalid warrants. Evidence that was seized from his home and illegally turned over to the FBI was ordered to be returned. Oh, and then there was the whole bit about conducting illegal surveillance on Dotcom, deleting evidence of that illegal spying, and ordered officials to "bury" information about that illegal surveillance to avoid embarrassing the Kiwi government. And now we have the latest: A Human Rights Tribunal in New Zealand has declared that the New Zealand government violated Dotcom's rights in withholding information from him. Specifically, in July of 2015, Dotcom had made an information request (in New Zealand it's an "information privacy request" -- which appears to be a quasi-privacy/data protection-type right in New Zealand) to various officials in the government requesting whatever personal information they held on him. The recipients of the demands sent them to the Attorney General who refused to comply with the demands, claiming they were "vexatious and included information that was trivial." The Tribunal disagrees. It goes through in pretty great detail the procedural issues at play here, including an attempt to discover this information by way of his extradition case -- which was denied by the court. But that still left open the information privacy request. The court then goes through the question of whether or not it was even appropriate for everyone who received the request to hand them over to the Attorney General. This is done in almost excruciating detail, which we'll save you from having to go through yourself (unless you'd like to dig in below). However, the tribunal sums up the issue by basically pointing out that the recipients of the request were not supposed to transfer those requests to the Attorney General in the first place, as they had no legitimate reason to do so under the law (the fact that Dotcom was fighting the government in an extradition case is not enough). In these circumstances it was artificial for the Crown to argue that simply because the Attorney-General, Solicitor-General and Crown Law were the Crown’s legal advisers and conducting litigation against Mr Dotcom the transferring agencies could properly believe the information to which the requests related were more closely connected to the functions or activities of the Attorney-General, Solicitor-General or Crown Law as the providers of legal advice and representation to the Crown. If in the context of that litigation the Crown had wanted to coordinate its responses to the information requests and to the associated requests for urgency, it could have done so by giving advice to the agencies and by communicating any decision made by those agencies. No transfer under s 39 was required by the circumstances or permitted by s 39 itself And, because of that: As the transfers were not made in accordance with the Act the Attorney-General was not the lawful transferee under PA, s 39(b)(ii). The Attorney-General accordingly had no authority, as transferee, to refuse to disclose the requested information. In these circumstances Mr Dotcom has established that in terms of PA, s 66(2)(b) there was no proper basis for the refusal. The next question on the docket was whether or not the requests were "vexatious," as the Attorney General had argued in refusing to release the information. The government's argument here was basically that it was "vexatious" because Dotcom had an "ulterior motive" to accessing the information, with that motive being to help him in his fight against being extradited to the US to face criminal charges. But the tribunal points out that this doesn't appear to be true: We make the specific finding that Mr Dotcom has amply satisfied us, to the civil standard, that contrary to the assertion by the Crown, he had no ulterior motive in making the information privacy requests. The requests were entirely genuine and not intended to disrupt the extradition hearing. Indeed, the tribunal actually notes that if anyone seemed to be focused on "disrupting" the extradition hearing, it was the New Zealand government, listing out the various things the government did, including: unsuccessfully applying to revoke his bail when his then solicitors and counsel were granted leave to withdraw. unsuccessfully opposing the release of restrained funds for living and legal expenses. unsuccessfully opposing an adjournment of the eligibility hearing scheduled for 2 June 2015. applying to register in New Zealand the USA forfeiture order obtained in that country on the basis of a fugitive disentitlement doctrine, a concept unknown to New Zealand law. If successful, this would have meant that Mr Dotcom would have no funds to live on, let alone to defend the extradition proceeding. unsuccessfully opposing, and seeking to strike out, Mr Dotcom’s judicial review of the decision by the Deputy Solicitor-General (Criminal) to authorise the Commissioner of Police to register the USA forfeiture order. refusing, until 23 June 2015, to respond to the legitimate concerns as to funding for New Zealand counsel raised by counsel for Mr Dotcom on 29 April 2015. The tribunal further pointed out: By making the information privacy requests he was not seeking to be disruptive or vexatious. Rather, based on previous unsuccessful attempts to gain access to information held by various agencies (which had been the subject of judicial review and appeals), he was trying to follow what he understood to be the process identified by the courts as available to him in the circumstances. He was also anxious to avoid the requests being delayed by drawn out litigation as the goal was to obtain the information and to use it in evidence. The tribunal also laughs off the idea that the government could refuse to hand over the information because it was "irrelevant." As the ruling notes, how could Dotcom know if it was irrelevant until he had seen it? There is also the point made by Mr Dotcom that without being given access to the information held by the Crown agencies, he cannot know whether the information is relevant to the extradition hearing. To require him to first establish relevance before being given access to the information turns the Privacy Act upside down and renders illusory the legal right of access to personal information held by state agencies. There are a bunch of smaller claims made by the New Zealand government as part of this that the tribunal dismisses quickly -- often criticizing the silly arguments made by the government. Here's just one example of many: The Crown’s submission is also difficult to accept given that not knowing what personal information was held by the agencies, Mr Dotcom could not be expected to identify information which was relevant to the stay application. As he said: “you do not know what you do not know”. The suggestion by the Solicitor-General that Mr Dotcom could be more specific was, in the circumstances, not helpful. Given all this, the Tribunal says that the information requests should never have been passed on to the Attorney General to review, and there was no basis to refuse to disclose the information requested. In terms of remedies, the Tribunal orders the original information requests to be fulfilled, and the Attorney General needs to pay Dotcom $30,000 "for the loss of a benefit Mr Dotcom might reasonably have been exptected to obtain but for the interference" and another $60,000 for "loss of dignity and injury to feelings." Dotcom can also petition the Tribunal to have his legal costs paid for by the New Zealand government, which I expect he'll do. On Twitter, Kim Dotcom has declared that this means his extradition case is "over," though that seems to be a bit of an exaggeration: What does the Human Rights Tribunal Judgement mean for my Extradition case? It is OVER! By unlawfully withholding information that could have helped my case the former Attorney General of New Zealand has perverted the course of Justice. — Kim Dotcom (@KimDotcom) March 26, 2018 I don't know enough about New Zealand judicial process to know how true the statement is. It will certainly be interesting to see how it does impact that case, though. I can't imagine it's a good thing for the government. In later tweets, Dotcom also suggests that government officials have destroyed the information he is requesting, but we'll see what happens when the request is finally fulfilled. Either way, the book of examples of just how incredibly the New Zealand government has fucked up everything about this case at every single turn has now added yet another chapter. Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
This week, our first place winner on the insightful side is an anonymous commenter responding to the claim that the Blurred Lines ruling isn't a problem because lots of songs are not similar: I'm not sure you understand. Similar songs are what's called a genre, because they all share basic similarities in structure, composition, and 'feel' or 'groove'. You can instantly identify a rock and roll song from a jazz song because they have different similarities. Rock and roll was born out of a few different artists all riffing off each other and other styles to create something new. If making similar songs was illegal back then, rock and roll would have died in the 50s. If it's now illegal to create a new song that feels or sounds similar to another song, you've just made music genre's illegal and automatically outlawed somewhere around 75% of all music on the market today because it all builds off songs, styles, and artists that came before them. As an example, consider the I–V–vi–IV chord progression. It's extremely common in a lot of songs but would likely now be illegal because it gives songs built off of it a similar feel. In fact several comedians have built routines off of this and other chord groupings. Another famous example that comes to mind is Pachelbel's Canon. Do you have any idea of the sheer amount of songs and music that are based off of or riff off of that work? It's used in many works from artists as varied as Trans-Siberian Orchestra to Vitamin C. TD isn't spreading FUD, it's actually pretty on point. In second place, we've got another anonymous commenter with a thought on our post about Craigslist becoming the first victim of SESTA: Slight correction Mike, Craigslist was the 2nd victim. Common Sense was the first one. For editor's choice on the insightful side, we've got another comment about SESTA, this time from PaulT responding to the claim that fixing the law's problems would harm Hollywood: Even if it actually did significantly harm Hollywood, would you rather have the major studios harmed or the victims of sex trafficking? Hell, there's a fair argument that the activities of some of the studios is leading to some of the trafficking in the first place! I'd bet that the fallout from Weinstein's activities have revealed some involvement in some way, at the very least. For an issue that's so regularly been based on emotional rather than factual arguments, it does seem like a strange tactic to try getting people to root for the major corporations here. I'd love to think it's because they've finally realised that they're being called out on how much it would harm actual victims if passed, but I'm not confident that's actually getting said outside of sites like this. And finally, we've got a response from Daydream to the story that dominates things on the funny side, about the YouTuber who faces hate speech charges in Scotland for training his girlfriend's dog to act like a nazi: It seems to me that these prosecutors sending people to jail for teaching a dog politically incorrect tricks, are the real ones causing fear and stirring up hatred. It was Gary who took first place on the funny side with his response to that same story: Wrong Target Why hasn't the dog been charged? Next, we drop slightly out of our usual order to slip in our first editor's choice for funny, since ShadowNinja had a good response: Because he was just following orders. In second place on the funny side, it's ryuugami with another take on the prankster's situation: On the plus side There's no better way to annoy a girlfriend than having to spend a year in prison for doing something stupid. Last but not least, we move away from that post for one more editor's choice, which actually racked up precisely equal votes for both insightful and funny. It's That One Guy with a bit of a script-flip on the idea of video games causing violence: 'I reject your studies and substitute my self-rightousness' Nah, I've saved several kingdoms, planets, even a galaxy or two, that's plenty to 'sooth the last pangs of conscience' over killing digital people. (Understanding the difference between fantasy and reality might help too, but I'm sure it's of negligible importance in comparison.) After all, if ending a digital 'life' is supposed to be something to feel guilty over, then saving one should more than make up for it, especially given the difference in scope. That's all for this week, folks! Permalink | Comments | Email This Story

Read More...
posted 28 days ago on techdirt
Five Years Ago This week in 2013, EA/Maxis was dealing with the fallout from its disastrous SimCity launch, which was ruined by always-online DRM (which, it turns out, was also disastrously hackable), by offering up tonedeaf responses while giving away earlier versions of the game as a weak apology. They were drawing ire from other developers, and then things got worse as a security hole was discovered in EA's Origin platform itself. Meanwhile, we were digging in to copyright boss Maria Pallante's call for comprehensive, forward-thinking copyright reform, which included some good ideas like not seeing personal downloading as piracy, but was still largely focused on bad ideas. Ten Years Ago This week in 2008, the makers of e-voting machines were doing everything they could to avoid scrutiny, so while machines in Ohio were declared a crime scene, Sequoia was trying to keep Ed Felten away from reviewing its machines and succeeded in scaring officials into backing down — all while a new study showed a massive error rate in e-voting. This was also the week that the world lost Arthur C. Clarke. Fifteen Years Ago It was this week in 2003 that the US invaded Iraq. Though the war didn't dominate our writing on Techdirt, we did take a look at the businesses rapidly moving to explore whether this would help or hurt them, and the discussion around how this was the first true war of the internet era and the implications of that for journalists. And it didn't take long for "war" to oust "sex" and "Britney Spears" as the top internet search. Also this week: the RIAA moved into the suing-companies phase of its anti-file sharing crusade; a Texas congressman wanted to throw college students in jail for file-sharing, though surveys of students showed they had a much more modern understanding of the issues at stake; and MIT's tech review continued sounding the warning bells about America becoming a surveillance nation. Permalink | Comments | Email This Story

Read More...
posted 29 days ago on techdirt
Predictive policing software -- developed by Palantir and deployed secretly by the New Orleans Police Department for nearly six years -- is at the center of a criminal prosecution. The Verge first reported the NOPD's secret use of Palantir's software a few weeks ago, something only the department and the mayor knew anything about. The relationship between New Orleans and Palantir was finalized on February 23rd, 2012, when Mayor Landrieu signed an agreement granting New Orleans free access to the firm’s public sector data integration platform. Licenses and tech support for Palantir’s law enforcement platform can run to millions of dollars annually, according to an audit of the Los Angeles County Sheriff’s Department. In January 2013, New Orleans would also allow Palantir to use its law enforcement account for LexisNexis’ Accurint product, which is comprised of millions of searchable public records, court filings, licenses, addresses, phone numbers, and social media data. The firm also got free access to city criminal and non-criminal data in order to train its software for crime forecasting. Neither the residents of New Orleans nor key city council members whose job it is to oversee the use of municipal data were aware of Palantir’s access to reams of their data. Suspects being tried didn't know anything about it either. While the NOPD turned over 60,000 pages of documents to Evans "Easy" Lewis during his trial for conspiracy and murder charges, not a single one of them referenced the software the police were using to sniff out suspects. This was mainly due to Palantir giving the city the software for free, which allowed both the city and the PD to cut the public out of the equation by eliminating bidding processes and budgetary reporting requirements. The mayor ended the program two weeks after the Verge report, choosing not to continue working with the contractor. It appears this decision was made to limit negative coverage of the secret software deployment, rather than out of any concern for the millions of New Orleans residents swept up in Palantir's dragnet. Yesterday, outgoing New Orleans Mayor Mitch Landrieu’s press office told the Times-Picayune that his office would not renew its pro bono contract with Palantir, which has been extended three times since 2012. The remarks were the first from Landrieu’s office concerning Palantir’s work with the NOPD. The mayor did not respond to repeated requests for comment from The Verge for the February 28th article, done in partnership with Investigative Fund, or from local media since news of the partnership broke. Now that the city's secret is no longer secret, defense attorneys are demanding the NOPD start handing over Palantir-generated evidence. A man challenging his conviction on gang-related charges in New Orleans is asking for everything Palantir has on him, under the theory the dragnet also swept up plenty of exculpatory info. In the first courtroom challenge to the New Orleans Police Department’s use of sophisticated crime-fighting software, a judge on Wednesday granted a convicted Central City gang lord a chance to try to prove his allegation that a Palantir Technologies program spat out exculpatory information on him that was never revealed to his attorneys. Criminal District Court Judge Camille Buras set an April 3 court date to rule on subpoenas that attorneys for Kentrell "Black" Hickerson will be seeking in order to learn how Palantir's program, called "Gotham," has been used in New Orleans — and particularly in the case against Hickerson and 19 other suspected "3NG" gang members. Buras said that Hickerson's lead attorney, Kevin Vogeltanz, could add the argument to Hickerson's pending motion for a new trial. Prosecutors are arguing the Palantir documents will add nothing new. They claim the only thing the software does is aggregate info from multiple law enforcement databases to make it easier to search. But that's not how the software is described in the Verge report. It's predictive policing software -- something that turns people into suspects based on their relationships with people in law enforcement databases or their location in the city. That's far more than "aggregation." It creates criminals who haven't committed crimes and encourages officers to view certain areas of the city as inherently suspicious. This dovetails directly into the defense's theory about Palantir's attenuated associations and quasi-geofencing of suspected gang members: what Palantir "sees" isn't necessarily what's actually happening. Hickerson, 38, was convicted of racketeering and drug conspiracy counts after a 10-day trial in Buras’ courtroom two years ago. Prosecutors and former gang allies said he committed or directed a series of killings in a battle over turf rights around Third and Galvez streets. At the trial and afterward, however, Vogeltanz argued that authorities had created the idea that 3NG was a gang. He pointed to testimony from a key cooperating witness, Tyrone Knockum, who cast doubt on the gang’s cohesiveness. “Is it a bona fide gang, or is it a group of people that grew up around each other and hang around with each other?” Vogeltanz asked. “It’s a group of people that grew up around each other,” Knockum said. That's what happens when algorithms decide people in the general vicinity of each other must all engage in the same activities. If some of them engage in criminal activities, then everyone the software declares to be risky -- based on law enforcement databases and math companies aren't willing to share with the accused -- faces the possibility of being swept up and charged with conspiracy, if nothing else. And criminal conspiracy charges result in real years in real prisons, based on little more than calculated assumptions about a person's relationship to those around them. Permalink | Comments | Email This Story

Read More...
posted 29 days ago on techdirt
A few years back, you might recall that there was a period of immense government and media hyperventilation over allegations that Chinese hardware vendor Huawei spied on an American consumers. Story after story engaged in hysterical hand-wringing over this threat, most of them ignoring that Chinese gear and components are everywhere, including in American products. So the government conducted an 18 month investigation into those allegations and found that there was no evidence whatsoever to support allegations that Huawei spies on Americans via its products. One anonymous insider put it this way at the time: "We knew certain parts of government really wanted” evidence of active spying, said one of the people, who requested anonymity. “We would have found it if it were there." What inquiries into this subject do tend to find is that U.S. networking companies like Cisco, terrified by the added competition from Chinese network vendors, are really effective at scaremongering gullible and non-tech savvy lawmakers into supporting a protectionist stance against Huawei. The hypocrisy of "protectionism is only bad when somebody else does it" is compounded by the fact that Snowden docs revealed that the NSA hacked into Huawei starting back in 2007 to steal source code and...plant backdoors in Huawei gear to spy on people around the world. In an ideal world, numerous lessons would have been learned from this whole experience. But this is America! Fast forward to the last few months, and the narrative of Huawei as a villainous, unchecked Chinese spying apparatus is once again all the rage, with nobody apparently heeding the lessons from just a few years ago. As we've been noting, both AT&T and Verizon (who not only help the NSA spy on everyone but have been caught giving advice on how to best tapdance around privacy and surveillance laws) were recently pressured to kill looming business deals with Huawei based on unsubstantiated, unpublished and vague allegations of spying. While Huawei has some presence here (they helped Google build the Nexus 6P), they'd been making some solid inroads at AT&T and Verizon on deals that would have let them strike major smartphone partnerships. AT&T was just hours away from announcing one such deal at CES earlier this year, when it suddenly announced it would be scrapping the deal. AT&T didn't say why, but later reports indicated it was because of pressure from a handful of lawmakers on the Senate and House Intelligence Committees (again, AT&T has oodles of NSA contracts it would obviously like to protect). Again though, nobody was able to offer concrete evidence of said spying, nor did anybody seem to remember we just went through this a few years back and found no evidence of Huawei wrongdoing. Fast forward to this week, when Best Buy announced it too would be banning Huawei products from its store shelves (warning: obnoxious autoplay video): "Best Buy, the nation's largest electronics retailer, has ceased ordering new smartphones from Huawei and will stop selling its products over the next few weeks, according to a person familiar with the situation. Best Buy made the decision to end the relationship, the person said. "We don't comment on specific contracts with vendors, and we make decisions to change what we sell for a variety of reasons," said a Best Buy spokeswoman." Few news outlets seem to spend too much time worrying about the fact that these decisions are being made completely non-transparently, with no hard evidence being offered to justify them. Again it's not impossible that Huawei helps the government spy, but given the volume and duration of these accusations, you'd think that somebody would be able to drum up a shred of public evidence supporting them. Regardless, protectionism is playing a pretty major role here one way or another, and you'd be hard pressed to find any American tech press coverage that so much as breaches that already documented reality. While it's obvious that China spies on America, it certainly has an ocean of ways to do so outside of Huawai. Chinese hardware is utterly everywhere in America, including inside of most U.S.-made networking gear and smartphone hardware. And Americans also have a voracious appetite for internet of broken things devices, most of which lack even the most rudimentary privacy and security safeguards. Spying on us at scale doesn't really even require Huawei's help. We volunteer ourselves routinely for the duty courtesy of our collective obsession with "smart" televisions and other easily-hacked devices. It's routinely amazing how the same individuals and organizations who preach endlessly about the need for healthy, open competition and malign China endlessly for protectionism, are suddenly OK when we're the ones dressing up protectionism under the thin veneer of national security. Similarly there's an endless roster of individuals engaged in all manner of face-fanning when foreign governments spy on us, but don't so much as blink when it's revealed we illegally hack into companies to plant backdoors or intercept U.S. networking gear deliveries for the same purpose. And again, this hypocrisy is routinely made worse by a U.S. (and Canadian) tech press that's utterly oblivious to how nationalism skews their reporting and allows them to be easily manipulated by companies simply eager to avoid competition. If you're a tech reporter it is, shockingly enough, still your job to provide hard data--even when reporting on murky allegations against "enemies of the state" you may not personally be a fan of. Permalink | Comments | Email This Story

Read More...
posted 29 days ago on techdirt
Last week the Tenth Circuit refused to let New Mexico's anti-SLAPP statute be used in federal court in diversity cases. The relatively good news about the decision is that it is premised heavily on the specific language of New Mexico's statute and may not be easily extensible to other states' anti-SLAPP laws. This focus on the specific language is also why, as the decision acknowledges, it is inconsistent with holdings in other circuits, such as the Ninth. But the bad news is that the decision still takes the teeth out of New Mexico's statute and will invite those who would abuse judicial process in order to chill speech to bring actions that can get into the New Mexico federal courts. In this case, there had been litigation pending in New Mexico state court. That litigation was then removed to federal court on the basis of "diversity jurisdiction." Diversity jurisdiction arises when the parties in the litigation are from separate states and the amount in controversy is more than $75,000 and the issue in dispute is solely a question of state law. Federal courts ordinarily can't hear cases that only involve state law, but because of the concern that it could be unfair for an out-of-state litigant to have to be heard in a foreign state court, diversity jurisdiction can allow a case that would have been heard in state court to be heard by the federal one for the area instead. At the same time, we don't want it to be unfair for the other party to now have to litigate in federal court if being there means it would lose some of the protection of local state law. We also don't want litigants to be too eager to get into federal court if being there could confer an advantage they would not have had if the case were instead being heard in state court. These two policy goals underpin what is commonly known as the "Erie doctrine," named after a 1938 US Supreme Court case that is still followed today. The Erie doctrine is why a case removed to federal court will still use state law to decide the matter. But sometimes it's hard to figure out how much state law needs to be used. Federal courts have their own procedural rules, for instance, and so they are not likely to use procedural state rules to govern their proceedings. They only will use substantive state law. But it turns out that figuring out which a law is, procedural or substantive, is anything but straightforward, and that is the question at the heart of this Tenth Circuit case: was New Mexico's anti-SLAPP law procedural, in which case the federal court did not have to follow it, or substantive, in which case it did? And unfortunately in this case, Los Lobos Renewable Power LLP v. Americulture, Inc., the Tenth Circuit decided it was "hardly a challenging endeavor" to decide that it was only procedural. It based a significant portion of its decision on language unique to the New Mexico statute that differed from other states' and emphasized its procedural operation: Unlike many other states’ anti-SLAPP statutes that shift substantive burdens of proof or alter substantive standards, or both, under no circumstance will the New Mexico anti-SLAPP statute have any bearing on the suit’s merits determination. See, e.g., Makaeff v. Trump Univ., LLC, 715 F.3d 254 (9th Cir. 2013) (addressing a California anti-SLAPP statute that shifted substantive burdens and altered substantive standards). It also looked to a New Mexico state supreme court decision that had used substantive/procedural language as part of its consideration of a different anti-SLAPP case: The New Mexico Supreme Court’s recent decision in Cordova v. Cline, 396 P.3d 159 (N.M. 2017), supports our reading of the anti-SLAPP statute to a tee. ... The court could not have made itself any clearer: “While the Anti-SLAPP statute provides the procedural protections [the members] require, the Noerr-Pennington doctrine is the mechanism that offers [the members] the substantive First Amendment protections they seek.” But picking out this language of the Cordova case to base its holding on suggests that the Tenth Circuit seriously misread what the New Mexico Supreme Court case was saying and all the effort it had made in its ruling to ensure that the state anti-SLAPP law would, in fact, have substantive effect in that case: To curtail SLAPP suits, New Mexico enacted an Anti-SLAPP statute. Section 38-2-9.1. The Legislature enacted the Anti-SLAPP statute with the policy goal of protecting its citizens from lawsuits in retaliation for exercising their right to petition and to participate in quasi-judicial proceedings. Section 38-2-9.2. In order to accomplish this goal, the Legislature created expedited procedures for dismissing actions "seeking money damages against a person for conduct or speech undertaken or made in connection with a public hearing or public meeting in a quasi-judicial proceeding before a tribunal or decision-making body of any political subdivision of the state," Section 38-2-9.1(A), and allowing for the recovery of costs and attorney fees incurred in pursuing the dismissal, Section 38-2-9.1(B). … We conclude that the Legislature intended to protect all public participation, whether it be in quasi-judicial proceedings or public hearings. The specific protection in the Anti-SLAPP statute for participation in public hearings before tribunals also comports with a national political ethos, that "encourage[s], promote[s], and purport[s] to protect citizens' testifying, debating, complaining, campaigning, lobbying, litigating, appealing, demonstrating, and otherwise `invoking the law' on public issues." George W. Pring & Penelope Canan, "Strategic Lawsuits Against Public Participation" ("SLAPPS"): An Introduction for Bench, Bar and Bystanders, 12 Bridgeport L. Rev. 937, 945-46 (1992); see also Rowe & Romero, supra, at 221-23 (summarizing a lawsuit filed in state district court against protestors who appealed city approval of Wal-Mart's development plan to the district court and then the Court of Appeals and describing the lawsuit as a SLAPP because it was intended to discourage the protestors' public participation in opposing the development). It's this language from the New Mexico Supreme Court opinion upholding the anti-SLAPP statute that should have informed the Tenth Circuit's analysis, not the substantive/procedural language that it used in an entirely different context than in the case before the Tenth Circuit. The bottom line is that with an operative anti-SLAPP law public participation in New Mexico is protected from costly litigation. Without it public participation in New Mexico has no such protection. But the Tenth Circuit's ruling means that New Mexico speakers only get the benefit of that protection if the people who try to sue them are local to New Mexico. If they instead have the misfortune of being sued by an out-of-state plaintiff able to assert diversity jurisdiction to get the case into federal court, they will suddenly be stripped of it. The degree to which this deprivation obviously frustrates New Mexico legislative intent to protect speech, and leaves speech vulnerable to chilling abuse of process, shows just how substantive anti-SLAPP law really is, and thus just how out-of-step with the Erie doctrine the Tenth Circuit deeming it merely procedural really is. It's also inconsistent with another part of the decision where the Tenth Circuit itself seemed to recognize the anti-SLAPP law's substantive import. As part of the same decision, the court also had to rule on whether it could even consider this interlocutory appeal of the district court's denial to enforce the New Mexico anti-SLAPP statute. Due to a missed deadline by the defendant, the court had to engage in a meaningful analysis that included assessing just how pivotal it was for the court to rule on the anti-SLAPP applicability question now, and not after the full case examining the merits of the lawsuit had concluded. And the court found that it was indeed very important: "[W]ere we to wait for this case to conclude in the court below by ordinary process, the statute’s sole aim would already be lost. Defendants would have already incurred the ordinary time and expense of litigation that the statute potentially grants them a right to avoid. Indeed, we can reverse the rulings of a hi court, but we cannot order away proceedings and legal fees that have already passed into history. Nor can we remand the case with instructions to “do it again, but faster this time.” This very same finding regarding the law's effect, a finding that underpinned the Tenth Circuit's ability to even consider the appeal at all, should also have led it to conclude that the anti-SLAPP law was in fact substantive, and thus applicable in federal court. Instead, however, when it came to considering the question of its applicability the court suddenly forgot about this significance. It based its decision on semantics, rather than substance, and in contravention of what the Erie doctrine at its root requires. Permalink | Comments | Email This Story

Read More...
posted 29 days ago on techdirt
As we've been discussing all week, a lot of people are reacting to the wrong thing in the whole Facebook / Cambridge Analytica mess. The problem was not that Facebook had an open API -- but that its users were unaware of what was happening with their own data. Unfortunately, many, many people (including the press and politicians) are running with the narrative that Facebook failed to "protect" data. And, just as we warned, the coming "solutions" won't help matters, but will actually make them worse. Case in point: when Mark Zuckerberg finally made his big press tour on Wednesday evening, he repeatedly told people that, the public has spoken and Facebook will lock down your data now. I do think early on on the platform we had this very idealistic vision around how data portability would allow all these different new experiences, and I think the feedback that we’ve gotten from our community and from the world is that privacy and having the data locked down is more important to people than maybe making it easier to bring more data and have different kinds of experiences. This is the wrong solution for two reasons: (1) It makes Facebook that much more central and dominant to online activities, making it that much more difficult for upstarts and competitors to compete and (2) it takes away power from the end users to do more with their own data. For all the people whining about Facebook having too much of your data, this is not the solution you want. This is effectively giving Facebook even more power over your data, not less. If people were to take the time to actually understand the issue, then they wouldn't be pressuring Facebook to react this way. And there are better solutions: give people more access to their own data. That means, as Cory Doctorow suggested, the better way out is for Facebook to open itself up in a different way: to open itself up to third party app developers not to suck up data for marketing databases, but to give end users more control over their own data and how it is used. People are so focused on Facebook sucking up their data, that they're responding by demanding Facebook be a better steward of their data... rather than demanding that they get to manage their own data. Nearly a decade ago, EFF suggested a social media bill of rights that it hoped sites like Facebook would adopt. It included giving users transparency into who wants their data and who gets it, giving users full control over their data, and finally enabling them to export their data in a useable format to bring to other sites on their own terms. If we lived in such a world, then we wouldn't have to worry about the Cambridge Analytica situation, because users would know that some creepy personality test app was requesting their info, and they could deny it (or they could set filters that would automatically block it). So, if Mark Zuckerberg really wants to respond to this crisis in a way that's helpful, he should be opening up his platform... to a different set of app developers. It shouldn't go to the developers who are siphoning up everyone's data, but to those who can provide tools for end users to have full transparency and control over their data. Unfortunately, the political and media reality is that if Zuckerberg actually went down this path, he'd probably be slammed for "opening up" user data, rather than locking it down. Permalink | Comments | Email This Story

Read More...
posted 29 days ago on techdirt
The security researcher who was at the center of an audacious and disturbing government demand to unmask several Twitter accounts on the basis of an apparently menacing smiley emoji contained in one of them is now facing zero prison time for his supposed harassment of an FBI agent. Justin Shafer, who was originally facing five felony charges, has agreed to plead guilty to a single misdemeanor charge. Shafer, who spent eight months in jail for blogging about the FBI raiding his residence repeatedly, is finally going home. Here are the details of plea agreement [PDF] Shafer has agreed to. (h/t DissentDoe] Mr. Shafer is pleading to a single misdemeanor of simple assault, based on his sending a Facebook direct message to an FBI Agent’s immediate relative's public Facebook account. There is no allegation of any physical contact. The government agrees to recommend a sentence of time served. Mr. Shafer already served 8 months in jail before trial for criticizing the government's prosecution in a blog post. He was released after the defense filed a motion arguing his pre-trial detention violated First Amendment free speech rights and the statute governing pre-trial detention. The government is not seeking for any restitution. The United States Attorney's Office has agreed not to prosecute Mr. Shafer for the events leading to the initial armed FBI raid of his family’s home. Mr. Shafer has agreed to a no contact order with the FBI agent, the agent’s family, and the company involved in the initial investigation. What started out as normal security research soon became a nightmare for Shafer. His uncovering of poor security practices in the dental industry -- particularly the lack of attention paid to keeping HIPAA information secured -- led to his house being raided by FBI agents. The FBI raided his house again after he blogged about the first raid. The FBI justified its harassment of Shafer with vague theories about his connection to infamous black hat hacker TheDarkOverlord. To do this, the FBI had to gloss over -- if not outright omit -- the warnings Shafer had sent to victims of TheDarkOverlord, as well as the information on the hacker Shafer had sent to law enforcement agencies including the FBI. Blogging about his interactions with the FBI led to the judge presiding over his criminal trial to revoke his release and jail him for exercising his First Amendment rights. This was ultimately reversed by a federal judge who agreed Shafer was allowed to call FBI agents "stupid" and blog about his treatment by the federal agency. (He was not to reveal personal info about FBI agents, however.) This trial has come to a swift end because the presiding judge sees zero merit in the government's case. [T]he case probably would have gone to trial had it not been for Judge Janis Graham Jack letting the prosecution know that she saw no evidence of any threat to support the felony charges and that she might rule on the defense’s motion to dismiss if the prosecution didn’t come up with some reasonable plea deal. This case comes to an end, but it does not absolve the government of its abusive behavior. Here's what Shafer's defense team (Tor Ekeland, Fred Jennings, and Jay Cohen) had to say about their client's treatment by federal law enforcement. Mr. Shafer first contacted us after he [was] raided by armed federal law enforcement for alleged computer crimes the government has never charged him for. When he complained to the government about it, he was arrested and thrown in jail for his criticism. He was freed after the defense filed a motion arguing his pre-trial detention violated the First Amendment. Fortunately, when presented with the facts of this case, the Court understood the magnitude of the issues here and helped us resolve this case without the hassle, expense, and stress of a jury trial. We are grateful to the Northern District of Texas for recognizing this case for what it was: an attack on internet free speech and a citizen’s right to criticize the government. And what can we learn from this debacle? Here's what Shafer has learned: never help anybody. I think the next time someone finds social security numbers that is considered protected health information under HIPAA they should just turn a blind eye. Nobody is going to call you a hero (except the enlightened), and you run the risk of being harassed by the FBI. Doctors responsible for alerting patients will now have yet another reason not to. Already, only about 10% of doctors notified patients that their patient information was publicly available. Law enforcement or the Office of Civil Rights won’t care, and will most likely ignore it. Punishing health information researchers for reporting these issues only puts patients at greater risk. I think it would benefit society greatly if people who find publicly accessible data were not threatened by the people who put it there. Thank god the FBI was there to help ensure public safety no one publicly badmouthed one of its agents. Shooting the messenger is the expected response when security breaches are discovered. If it's not those leaving personal info exposed threatening researchers with lawsuits or criminal charges, it's the government itself stepping in to "protect" entities that can't even protect the data of paying customers. Permalink | Comments | Email This Story

Read More...
posted 29 days ago on techdirt
The Computer Hacker Professional Certification Bundle has 60+ hours of prep for CISM, CISA, and CISSP Certification Exams to help you train to be an ethical hacker. In this bundle, you'll master the skills of hacking and penetration in order to learn how to defeat malicious hackers. You will learn about the role of social engineering in stealing confidential information, how to apply integrity controls and different types of encryption, and how to carry out an investigation according to industry best practices and legal guidelines. Three courses cover the basics of what you'll need to know to sit various certification exams. The bundle is on sale for $49. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team. Permalink | Comments | Email This Story

Read More...
posted 29 days ago on techdirt
It's not like people didn't warn about this. But, following Congress passing SESTA (likely to be signed soon by the President), a bunch of sites are already starting to make changes. Craiglist is probably the most notable, announcing that it was completely shutting down its Personals Section: US Congress just passed HR 1865, "FOSTA", seeking to subject websites to criminal and civil liability when third parties (users) misuse online personals unlawfully. Any tool or service can be misused. We can't take such risk without jeopardizing all our other services, so we are regretfully taking craigslist personals offline. Hopefully we can bring them back some day. To the millions of spouses, partners, and couples who met through craigslist, we wish you every happiness! This is interesting on multiple levels, since the moral panic against online sites that eventually resulted in SESTA actually did start with Craiglist nearly a decade ago, with various state Attorneys General ganging up on the company -- despite no legal basis -- even threatening criminal charges. Because of all that, Craigslist eventually shut down its "adult" section, which was really what pushed Backpage into the spotlight. And, as we noted last fall, a recent study showed that when Craigslist shut down its adult section, there was a dramatic increase in homicide, which many attributed to sex workers being unable to use the website to screen clients and protect themselves. But, either way, the site dropped its adult section entirely all the way back in 2010. And, yet, now it realized it must shut its entire personals section, or potentially face crippling criminal liability. Remember how all the SESTA supporters insisted that SESTA would only target those willfully supporting sex trafficking and wouldn't do anything against other sites? That's already been proven wrong. There are some additional reports of sites or online services no longer working, though it's not clear if any of them are directly because of SESTA or not, and at least some of them appear to be "escort" sites, which SESTA was clearly targeting anyway (so not "collateral" damage). Some are also suggesting that Reddit closing some subreddits is connected to SESTA as well, though the link there is not entirely clear either. But a straight up "personals" site like Craigslist? It's certainly at risk (as is any online dating site) of being declared in violation of SESTA. We'll be seeing the fallout from SESTA for quite some time. Permalink | Comments | Email This Story

Read More...
posted 30 days ago on techdirt
We've noted for some time how the broadband industry fights tooth and nail against more accurate broadband availability mapping, since having a better understanding of the broadband industry's competition problem might just result in somebody actually doing something about it. This dysfunction and apathy was most recently illustrated with the FCC's recent release of an "updated" broadband availability map, which all but hallucinates competition, speeds, and overall availability. This map (available here) also omits pricing data at industry behest, resulting in a $300 million pair of rose-colored glasses. But it's not just the FCC's broadband availability map that's under fire. FCC maps that determine which area get wireless subsidies (more specifically Mobility Fund Phase II (MF II) funding) are also a bad joke for many of the same reasons. As such, a group of Senators from both parties fired off a letter to the FCC last week, politely pointing out how the FCC's new wireless coverage map dramatically overstates the availability of wireless broadband service: "We write this letter to express our serious concerns that the map released by the Federal Communications Commission last week showing presumptive eligible areas for Mobility Fund Phase II (MF II) support may not be an accurate depiction of areas in need of universal service support. We understand that the map was developed based on a preliminary assessment from a one-time data collection effort that will be verified through a challenge process. However, we are concerned that the map misrepresents the existence of 4G LTE services in many areas. As a result, the Commission’s proposed challenge process may not be robust enough to adequately address the shortcomings in the Commission’s assessment of geographic areas in need of support for this proceeding." When you're crafting telecom policy, actually understanding the "reality on the ground" is arguably important. But if you can twist, manipulate, and distort the data to indicate the industry doesn't have any real problems, you can justify the kind of head-in-sand approach to leadership that birthed the telecom industry's dysfunction in the first place. In this case, the MF II is intended to provide $4.53 billion in support over 10 years to preserve and expand mobile coverage to rural areas, something that won't actually happen if maps aren't correctly illustrating which areas need help and which areas don't. The Senators were quick to point this out in their letter to Ajit Pai, who has repeatedly and breathlessly professed his dedication to closing the digital divide, even while the lion's share of his policies work to make these problems inherently worse: "For too long, millions of rural Americans have been living without consistent and reliable mobile broadband service. Identifying rural areas as not eligible for support will exacerbate the digital divide, denying fundamental economic opportunities to these rural communities. We strongly urge the Commission to accurately and consistently identify areas that do not have unsubsidized 4G LTE service and provide Congress with an update on final eligible areas before auctioning $4.53 billion of MF II support." Some lawmakers, like New Hampshire Senator Maggie Hassan, have taken to begging for public input on their websites in the hopes of getting a more accurate picture of real-world coverage. Some, like Kansas Senator Jerry Moran say the FCC map's “value is nil," while Mississippi Senator Roger Wicker stated the FCC's map was "utterly worthless of giving us good information." That's not particularly impressive for an FCC that has been crowing about how data driven it is, but it's the price of supporting revolving door regulators who prioritize monopoly revenues over science, competition, innovation or the welfare of the public. And while the telecom industry will be quick to insist that this is just the inherent dysfunction of government at play, the reality that this is a feature, not a bug. ISPs have routinely fought tooth and nail against every and any attempt to build better maps, fearing that a more accurate picture will only result in efforts to not only (gasp) improve competition, but might result in the subsidizing of smaller competitors that could disrupt the comfortable (but very, very broken) telecom sector status quo. Permalink | Comments | Email This Story

Read More...
posted 30 days ago on techdirt
As Spain continues to expand its (anti-)speech laws, the rights of its citizens continue to contract. Not content with making it illegal to insult a cop or government officials, the Spanish government has decided to tackle hate speech and terrorism with the same ineptitude. There's no punchline here. People are being arrested and charged with speech having nothing to with promoting hate or terrorism. And this is in addition to people who've found themselves targeted by vindictive public servants for daring to publicly criticize their words or actions. It's gotten so bad Amnesty International -- an entity that usually spends its time decrying the acts of dictators and brutal authoritarians -- has felt compelled to speak up about Spain's terrible speech laws. Mathew Ingram has more details at Columbia Journalism Review. In a new report on the phenomenon, entitled “Tweet… If You Dare,” Amnesty International looks at the rise in prosecutions under Article 578 of the country’s criminal code, which prohibits “glorifying terrorism” and “humiliating the victims of terrorism.” The law has been around since 2000, but was amended in 2015 and since then prosecutions and convictions have risen sharply. So, who's been doing all this glorifying and humiliating? Well, it's not supporters of terrorism. Instead, it's musicians, artists, people telling jokes -- pretty much everybody but actual terrorists or proponents of hate. Among those who have been hit by the law are a musician who tweeted a joke about sending the king a cake-bomb for his birthday and was sentenced to a year in prison, and a rapper who was sentenced to three-and-a-half years in jail for writing songs that the government said glorified terrorism and insulted the crown. A filmmaker and a journalist have also been charged under the anti-terrorism law, and a student who tweeted jokes about the assassination of the Spanish prime minister in 1973 was also sentenced to a year in prison, although her sentence was suspended after a public outcry. Don't read too much into the into the post-outcry suspended sentence. Spain's government is still busy ensuring satire, commentary, and anything else that might wander into the territory of offensive remains a criminal offense. Anything that has been walked back has been the result of public outcry. Amnesty National's report "Tweet… if you dare" [PDF] notes hate speech and anti-terrorism speech law violations have resulted in 70 convictions over the past two years. The student, (Cassandra Vera) who was arrested and sentenced for joking about a 45-year-old assassination, notes the government is still involved in acts of censorship that would be ridiculous if they weren't backed by threats of jail time. Vera expressed similar views after her sentence was overturned. She pointed to the recent censorship of a work at a Madrid art fair and the seizure, on a judge’s orders, of Fariña, a book about drug-trafficking in Galicia, as proof that something was seriously wrong with free speech in Spain. “People shouldn’t have to be afraid of expressing their opinions,” she told the Guardian. “What happened with Valtonyc and Fariña and the art exhibition showed that freedom of expression is under serious attack. I think freedom of expression has been dealt an almost fatal blow in Spain.” Amnesty International is demanding the law be repealed. It has done little to deter acts of terrorism or successfully counter hate speech. Instead, it has been used to target dissidents, activists, and others who criticize the government. Whatever terrorism happens to be addressed under the law apparently only considers certain acts by domestic terrorists to be worthy of enforcement. Content and communications glorifying foreign terrorist groups is usually ignored by the government. As its report points out, the speech laws enacted by the Spanish government violate the rights of its citizens. By using these laws to criminalize lawful expression, the Spanish authorities are disregarding international human rights law and standards. The impact of Article 578 is devastating to individuals – ranging from hefty fines, to lengthy periods of exclusion from the public sector, to prison sentences. But even beyond these sanctions, such misuse of counter-terrorism provisions leads people to engage in self-censorship for fear that they may be targeted. The criminalization of such a wide range of expression has a general chilling effect and can create an environment where individuals are afraid of expressing unpopular views, or even making controversial jokes. The report also notes several other European countries are also beginning to curtail the rights of their citizens in their quest to target hate speech and international terrorism. Germany's hate speech law roll out has been an unmitigated disaster and other countries like France and Italy seem all too willing to join Spain and Germany in killing satire, parody, and content they just don't agree with. All of this is being done under the heading of "public safety," but in reality, the public is no safer and will develop an unhealthy fear of their own governments. Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
Missing from far too many of the stories we post on trademark bullies is anything amounting to blowback. While it happens on occasion, the reason that trademark bullying works is due to the costs for any sort of defense, nevermind the cost that would be required to actually go on the offense against a bully. Still, that isn't to say that when a trademark bully picks a fight that it cannot sometimes lead to a backfire. That appears to be the risk Chicago's famous Billy Goat Tavern now faces after it sued Billy Goat Chip Co., given the countersuit and factual response made by the chip company. Billy Goat Tavern filed suit in 2017, alleging that the St. Louis potato chip maker was infringing on its trademark with its name and logo, which uses the silhouette of a rearing billy goat. For what it's worth, the tavern's logo is completely different and features a fully detailed cartoon head of a goat, not a black outline like the chip company. But based on the information in the countersuit, it seems there is much more factual information the tavern ought to have considered before filing its initial lawsuit. Attorneys representing the Billy Goat Chip Co. filed a counterclaim this month arguing the chip maker was actually the first to use the “Billy Goat” mark in connection with packaged retail food and beverage products. The suit stated Billy Goat Tavern’s trademark was limited to only “tavern and restaurant services” and was later applied to packaged retail food and beverage products when the tavern started selling items such as frozen burger patties and canned beer through third-party vendors in 2017. Oops. While the Billy Goat is indeed famous, it is famous for being a tavern. It did not even sell any retail packaged foodstuffs until the past year or so and never had a trademark for those market designations until the same time frame. Billy Goat Chip Co., on the other hand, has been selling its goods for a decade and has the trademark registration to match. In its countersuit, the chip company blasts Billy Goat Tavern for being the trademark bully it is. To compensate for its tardiness in entering the retail food/beverage products market, Billy Goat IP has undertaken a campaign of deceptive trade practices, false advertising, misusing trademarks, misusing registration symbols, and misusing the Billy Goat Tavern Marks … in an effort to improperly injure and damage Billy Goat Chip Co.. The upshot being that Billy Goat Chips Co. is asking not only for the trademark lawsuit to be dismissed, but is also asking for damages for the tavern's false advertising and deceptive trade practices. Oh, and it is also asking the court to order the tavern to cease using the Billy Goat name for any packaged foods, the exact request the tavern initially sued over. If the chip company wins, it would represent as clean a backfire from trademark bullying as I can remember. It would also be a helpful warning shot to other trademark bullies about what can happen. Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
In the wake of a Tempe, Arizona woman being struck and killed by an Uber autonomous vehicle, there has been a flurry of information coming out about the incident. Despite that death being one of eleven in the Phoenix area alone, and the only one involving an AV, the headlines were far closer to the "Killer Car Kills Woman" sort than they should have been. Shortly after the crash, the Tempe Police Chief went on the record suggesting that the victim had at least some culpability in the incident, having walked outside of the designated crosswalk and that the entire thing would have been difficult for either human or AI to avoid. Strangely, now that the video from Uber's onboard cameras have been released, the Tempe police are trying to walk that back and suggest that reports of the Police Chief's comments were taken out of context. That likely is the result of the video footage showing that claims that the victim "darted out" in front of the car are completely incorrect. Contrary to earlier reports from Tempe’s police chief that Herzberg “abruptly” darted out in front of the car, the video shows her positioned in the middle of the road lane before the crash. Based on the exterior video clip, Herzberg comes into view—walking a bicycle across the two-lane road—at least two seconds before the collision. Analysis from Bryan Walker Smith, a professor at the University of South Carolina that has studied autonomous vehicle technology indicates that this likely represents a failure of the AVs detection systems and that there may indeed have been enough time for the collision to be avoided, if everything had worked properly. Walker Smith pointed out that Uber’s LIDAR and radar equipment “absolutely” should’ve detected Herzberg on the road “and classified her as something other than a stationary object.” “If I pay close attention, I notice the victim about 2 seconds before the video stops,” he said. “This is similar to the average reaction time for a driver. That means an alert driver may have at least attempted to swerve or brake.” The problem, of course, is that AVs are in part attractive because drivers far too often are not alert. They are texting, playing with their phones, fiddling with the radio, or looking around absently. We are human, after all, and we fail to remain attentive with stunning regularaty. So predictable is this failure, in fact, that it shouldn't surprise you all that much that the safety operator behind the wheel of this particular Uber vehicle apparently is shown in the video to have been distracted by any number of things. A safety operator was behind the wheel, something customary in most self-driving car tests conducted on public roads, in the event the autonomous tech fails. Prior to the crash, footage shows the driver—identified as 44-year-old Rafaela Vasquez—repeatedly glancing downward, and is seen looking away from the road right before the car strikes Herzberg. So the machine might have failed. The human behind the wheel might have failed. The pedestrian may have been outside the crosswalk. These situations are as messy and complicated as we should all expect them to be. Even if the LIDAR system did not operate as expected, the human driver that critics of AVs want behind the wheel instead was there, and that didn't prevent the unfortunate death of this woman. So, do we have our first pedestrian death by AV? Kinda? Maybe? Should this one incident turn us completely off to AVs in general? Hell no. Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
We were concerned, last month, by the appeals court ruling in the Cox v. BMG case regarding the DMCA's repeat infringer policy rules, though the more I've reread that ruling, I've become less bothered by it. While I'm still concerned about how bad decisions by Cox created potentially bad law, there are enough specifics in the ruling that hopefully will limit the impact to specific circumstances. In particular, whereas Cox was found to not have implemented a "reasonable" termination policy for repeat infringers, the court does acknowledge that the law means that the platforms have wide leeway in determining what their termination policy should be. The real problem for Cox was that it appeared not to actually follow its own policy, and thus did not reasonably implement it. That was over in the 4th Circuit. Last week, the 9th Circuit ruled on a case where there were also questions about a repeat infringer policy, and the ruling is a clean ruling in defense of platforms determining their own rules for terminating repeat infringers. The case, Ventura Content v. Motherless, involves a porn producer suing a site that allowed user uploads of porn. From the description in the case, Motherless qualifies for the DMCA's safe harbors as a site where the content is submitted by users, and the ruling goes into great detail about the steps that Motherless's sole employee, Joshua Lange, goes through to review content uploaded to the site to make sure it doesn't violate the site's terms (which mostly seem aimed at blocking child porn). Motherless also appears to follow a pretty standard DMCA takedown process. Actually, the site appears to go beyond what is legally required in accepting notices that don't even meet the DMCA notice standard, and removing much of the notified content. While the site did not have a written out "repeat infringer policy," Lange did have some mental metrics he used in reviewing accounts, and did shut off ones that were receiving lots of copyright takedown notices. Motherless does not have a written policy instructing its employees on when to expel repeat infringers; there are no employees to instruct. Lange personally terminates repeat infringers; the independent contractor does not terminate repeat infringers. Termination is a matter of Lange’s judgment. He considers the following factors in deciding whether to terminate a repeat infringer: (1) the volume of complaints; (2) the amount of linked content in the complaints; (3) the timespan between notices; (4) the length of time the alleged infringer’s account had been active; (5) the amount of total content the account has; (6) whether the user is maliciously and intentionally uploading infringing content or uploading content without knowing the source; and (7) whether the takedown notices were DMCA-compliant. Between 2008 and 2011, Lange terminated over 33,000 user accounts for violating the website’s Terms of Use. Lange estimated that he terminated about 4% to 6% of these users for possible copyright infringement, which would be between 1,320 and 1,980 users. Ventura argued that, since there's no written policy, Motherless no longer qualifies for the DMCA's safe harbors, which require such a policy. The court, however, points out that Lange's "policy" is good enough. Doubt that Motherless really does have a “policy” of terminating repeat infringers that is “reasonably implemented” is unavoidable in light of unsystematic and casual implementation. But doubt is not evidence. Ventura has presented no evidence to establish a genuine issue of fact as to whether Motherless failed to reasonably implement its policy. Motherless, however, has met its burden. The absence of any significant number of repeat infringers who escaped termination compels the conclusion that a trier of fact could not conclude, on the record before us, that Motherless failed to meet the repeat infringer eligibility requirement for safe harbor. Motherless and Lange are therefore entitled to claim the protection of the safe harbor. There are some other good points in there as well, including pointing out that a repeat infringer policy need not be perfect: Safe harbor eligibility does not require perfection, just “reasonable” implementation of the policy “in appropriate circumstances.” Eligibility for the safe harbor is not lost just because some repeat infringers may have slipped through the provider’s net for screening them out and terminating their access. The evidence in the record shows that Motherless terminated between 1,320 and 1,980 users for alleged copyright infringement and that only nine alleged repeat infringers had slipped through. Of those nine, only six were before Ventura filed its lawsuit, and only four of the six had been the subject of more than one DMCA notice. That suggests that less than one repeat infringer in 100,000 active users was missed. If that is the extent of failure, there could be no genuine issue of material fact as to whether Motherless “reasonably implemented” its termination policy. Congress used the word “reasonable” to modify “implemented,” so the phrase cannot be construed to require perfect implementation. And even though the "policy" was all in Lange's head, the court says that's good enough. The details of the termination policy are not written down. However, the statute does not say that the policy details must be written, just that the site must inform subscribers of “a policy” of terminating repeat infringers in appropriate circumstances. Motherless consists only of Lange and a few independent contractors, and Lange alone determines when to terminate repeat infringers. A company might need a written policy to tell its employees or independent contractors what to do if there were a significant number of them, but Motherless is not such a firm. Small operations in many industries often do not have written policies because the owners who would formulate the policies are also the ones who execute it. There might not have been a need for anything in writing. So the lack of a detailed written policy is not by itself fatal to safe harbor eligibility. Neither is the fact that Motherless did not publicize its internal criteria. There's a lot more in the ruling, but most of it is pretty standard DMCA stuff, including Ventura ignoring lots of other cases about what constitutes "red flag knowledge." One other thing of note: Ventura, incredibly, tried to argue that Motherless should lose its DMCA safe harbor provisions because the site does some screening. Thankfully the court points out how silly an argument that is: Ventura cites no authority for the unlikely proposition that screening out illegal material eliminates the safe harbor shield. Indeed, section 512(m) says that the law should not be construed to eliminate the safe harbor because a service provider monitors for infringement or disables access to material where the conduct depicted is prohibited by law.11 Motherless screens out child pornography because it is prohibited by law. It screens out bestiality because a few European countries prohibit bestiality pornography by law, and some of Lange’s European advertisers voiced concerns about this content. We find it counterintuitive, to put it mildly, to imagine that Congress intended to deprive a website of the safe harbor because it screened out child pornography and bestiality rather than displaying it. Instead, we read section 512(m) to say that Congress expressly provided that such screening does not deprive a website of safe harbor protection. I imagine the statements concerning repeat infringer policies may come up in other cases, now that some in the legacy entertainment industry have been choosing to attack that part of the DMCA's safe harbors. Having a nice, clean precedent like this hopefully will help block some of the more ridiculous claims concerning repeat infringer policies. Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
Just as the Supreme Court is considering the legality of extraterritorial demands for communications held by US internet service providers in overseas data storage, Congress is doing all it can to short-circuit the debate. Tucked away towards the back of a 2,200-page spending bill is something called the "Clarifying Lawful Overseas Use of Data Act" or (of course) "CLOUD Act." (h/t Steve Vladeck) The CLOUD Act [PDF - starting at p. 2201] would make any decision by the Supreme Court extraneous. If it agrees with Microsoft -- as lower courts have -- that the US has no right to demand communications stored overseas with a normal warrant, the Act would immediately overturn the decision. If it decides against Microsoft, it will be aligned with the new law. As it stands now, the route most likely to be taken by the Supreme Court is a punt. Legislation on point is in play and the Court will probably be more than happy to let legislators make the final call. Beyond the obvious problem of giving US law enforcement permission to use regular warrants to bypass mutual assistance treaties, the law also allows for reciprocation. We can't go around waving SCA (Stored Communications Act) warrants in foreign lands without expecting pushback from locals. So, we'll have to give foreign countries the same privileges, even if the criminal charges being investigated wouldn't be considered criminal acts in this country and the country enjoying this reciprocation doesn't care much about its own citizens' rights and privacy. The EFF is especially critical of the shoehorned-in CLOUD Act. As it points out, the law would result in backdoor searches of anyone's communications via reciprocal communication demands. In the US, we've already seen the Fourth Amendment circumvented by US government agencies via their access to NSA collections. The same would happen in reverse when other countries start playing by the CLOUD Act's new rules. When foreign police use their power under CLOUD Act executive agreements to collect a foreign target’s data from a U.S. company, they might also collect data belonging to a non-target U.S. person who happens to be communicating with the foreign target. Within the numerous, combined foreign investigations allowed under the CLOUD Act, it is highly likely that related seizures will include American communications, including email, online chat, video calls, and internet voice calls. Under the CLOUD Act’s rules for these data demands from foreign police to U.S. service providers, this collection of Americans’ data can happen without any prior, individualized review by a foreign or American judge. Also, it can happen without the foreign police needing to prove the high level of suspicion required by the U.S. Fourth Amendment: probable cause. In addition, the law allows the US to enter into agreements with almost any country on earth, even those whose respect for human rights is nearly nonexistent. There's a provision in the law that says countries must meet a vague human rights standards before they're allowed to start searching US-based cloud services, but those guidelines are roughly 100% useless. Unless a more rigorous vetting standard is applied, countries like Turkey could soon be trawling for US persons' communications. As the ACLU points out, Turkey might still be considered to be compliant with the humans rights guidelines despite its ever-increasing level of citizen-directed abuse. For example, in early 2014, Turkey may have met the CLOUD Act’s vague human rights criteria; Freedom House even rated it a three and four on its index for political and civil rights. But since the attempted coup in mid-2016, the Turkish government has arrested more than 50,000 people — including journalists and activists such as the chair and director of Amnesty International’s Turkey section — many on bogus terrorism charges. According to U.N. experts: “Most of these accusations of terrorism are based solely on actions such as downloading data protection software, including the ByLock application, publishing opinions disagreeing with the Government’s anti-terrorism policies, organizing demonstrations, or providing legal representation for other activists.” Under the CLOUD Act, neither Congress nor U.S. courts would be able to prompt a review or a temporary moratorium for a case like Turkey. Users, without notice, would have little practical ability to lodge complaints with the U.S. government or providers. Even if the U.S. government were to take action, the CLOUD Act fails to ensure a sufficiently quick response to protect activists and others whose safety could be threatened. What few positives the bill provides revolve around challenging demands for communications. The bill provides avenues for US tech companies to challenge orders targeting foreign servers, as well as pushing back against foreign government demands for communications held in the US. But these will mainly be of use to the largest tech companies with the manpower and legal acumen to throw at the problem. Smaller companies will likely just find themselves handing over anything to anyone who comes asking, rather than risk punitive action by domestic and foreign governments. And the standards are extremely weak. While the bill claims to hold foreign countries to US standards, it never specifically says foreign countries demanding communications need to have US-equivalent rights. It refers to "international universal human rights" which sounds great, but this is a feel-good term that isn't recognized by US or international law. Even if communications are subject to some restrictions, metadata isn't. Anything foreign governments collect on American citizens can be handed over to the US government without further legal review. And it carves out a hole for wiretapping electronic communications, allowing demands like these to bypass the privacy protections of the Wiretap Act. Considering it's been stapled to end of must-pass funding bill, chances are the bill will receive zero debate before being forwarded to the president. The House has already passed its version, which means the Senate needs to step up to block the CLOUD Act stuffed into its spending bill. As we saw during the last several months of 2016, very few reps were in any hurry to challenge the expansion of Rule 41 authorities, despite having more than a year to generate opposition. Even when time is a luxury, inaction is the preferred response. The CLOUD Act, hidden under more than 2,000 pages of funding requests, is probably as close to a sure thing as it's ever been. And it will do little more than further damage privacy protections across the globe. Permalink | Comments | Email This Story

Read More...