posted 21 days ago on techdirt
Another participant in the Magistrate's Revolt appears out of the unlikeliest of districts: Alaska. The court order, first pointed out by ACLU's chief tech sorcerer, Chris Soghoian, features Judge Kevin McCoy telling the government to take its overly-broad search warrants and hit the road. Well, mostly. The order is without prejudice, which means the government still has options available, but from what's stated by the judge, it won't be the latest option the government deployed. The case details are a bit thin. With the exception of this court order, the rest of the documents are under seal. It deals with an investigation of Craigslist ads allegedly soliciting sexual contact with minors. The ad was reported to authorities by a Craigslist user. Law enforcement officials detained the person who placed the ad, who then admitted to being in possession of child porn, as well as being interested in sexual relations with children. With the perp nailed down, law enforcement went after those who answered the ad. A subpoena turned up six Gmail addresses, as well as the dates and frequency of contact with the email address linked to the offending ad. Four of the six email addresses obtained received either a single response or no response from the Craigslist poster, suggesting a lack of ongoing negotiations for the sexual services of a minor. The other two, however, received multiple responses, suggesting negotiations had moved ahead. Law enforcement then sought to obtain the content of the messages to the Yahoo email address of the detained suspect. That's where it ran into trouble. Rather than narrow its demands to the two accounts with the most activity, it requested content from all ad respondents. It did, however, specify a date range specifically surrounding the posting of the ad. This was approved by a magistrate judge and served to Google. Google turned the warrant down, citing technical difficulties.. We have received your Search Warrant and after evaluating the items to be seized, we have determined that Google is not capable of identifying the specific records responsive to your request as currently described in the warrant. Because our production must adhere to the stated limits of the warrant, and we are unable to do so in this case, we require amended or re-issued process. That's when things started to go a bit sideways. Rather than seek an order compelling Google to comply with the original warrant, the government presented the Court with a second application. The agent explained that “Google was unable to comply with the warrant as written because the time frame was too narrow,” “Google is unable or unwilling to parse individual accounts for” the specific emails, and “Google typically provide[s] broad ranges of information and place[s] the burden on the law enforcement officer searching the information to stay within the parameters of the warrant.” Perhaps Google was bluffing or it was simply tired of "providing broad ranges of information" to every government agency that came knocking. Whatever the case, the government's next move suggests it was stunned by Google's (apparently out-of-character) refusal… or its somewhat unbelievable claim that "records" from that time period simply could not be located. The government already had a judge clear the previous warrant application and give it the Fourth Amendment thumbs-up. It would have been incredibly simple to approach the same judge for a court order compelling the release of the records. What it did instead was strip the Fourth Amendment-friendly language from the previous application and present it to a different magistrate judge. [T]he government’s second warrant requests authorization to seize the six third-party Gmail accounts in their entirety. Once the contents of the accounts are in its possession, the government appears to promise not to look at any emails outside the applicable date ranges. However, the warrant would not limit its ability to search the entirety of the Gmail accounts as the proposed warrant plainly authorizes the inspection of all email content in the accounts without regard to how remote in time or unrelated that content is to the current investigation. So, to "fix" a Fourth Amendment-compliant warrant -- one that sought specific emails from a very narrow time frame -- the government went the other way, basically saying, "The hell with it. Give us EVERYTHING." Judge McCoy seems somewhat astounded by the government's Plan B: a 90% breathtaking audacity/10% vindictiveness warrant app that came nowhere near even the most minimal of Fourth Amendment standards. Based on these probable-cause conclusions, a narrow intrusion into the email accounts is warranted. But the present application goes well beyond the narrow intrusion justified by the probable cause showing. It seeks judicial authorization to seize and then search the entire content of the six third-party Gmail accounts with no justification other than that Google has unilaterally elected not to comply. In less subtle terms, the government behaved like a child when it was told, "No." Judge McCoy's order tells the government to grow up. [T]he Court reiterates that the government has two alternative avenues through which to seize and search the sought-after emails. First, the government remains free to seek an order compelling Google to comply with the earlier warrant provided it limits the request to email content for the narrowly defined periods relevant to the investigation of the six third-party Gmail accounts. Alternatively, the government can renew the instant application provided it proffers to seal, without any review absent further court order, material supplied by Google that is outside the time period for which probable cause has been established. Do it right or don't do it at all. At the very least, don't swing from one end of the Fourth Amendment spectrum to the next just because the warrant recipient doesn't immediately comply. Turning a narrow warrant into a general warrant is no way to run a law enforcement agency. And stomping all over the rights of others just because you're pissed off at being refused is no way to treat the people who pay your salaries.Permalink | Comments | Email This Story

Read More...
posted 21 days ago on techdirt
Back in January, we wrote about a legal challenge to the Netherlands' data retention law by a group of civil rights organizations. This was because the Dutch government had decided to ignore the important ruling by Europe's highest court, the Court of Justice of the EU (CJEU), that blanket data retention was "invalid." Now, a court in The Hague has ruled the government was wrong to do so: Dutch providers are no longer required to retain internet and phone traffic data. The telecommunications data retention law, that was fought in court by various privacy groups and small ISPs, is invalid. That was ruled (.pdf, in Dutch) by the court of The Hague on Wednesday. The data retention law violated the Charter of Fundamental Rights of the European Union, specifically regarding the right to protection of private life and protection of personal data. As that report from Nu.nl, translated by Matthijs R. Koot on his blog, makes clear, the court's judgment affects all kinds of telecoms -- both Internet and phone traffic data -- and all communication providers. This is the judge's reasoning: The judge finds that the collected data are too easily accessible for crimes that are not serious. The plaintiffs stated that, technically, theft of a bicycle could lead to access to data, although the government stated this does not happen. "Fact of the matter is that the possibility exists and that no safeguards exist to limit access to the data to what is strictly necessary to fight (only) serious crime", according to the judge. The court also finds it to be incorrect that no prior court approval is needed to access the data. The judge's ruling is only "provisonally enforeable", and the Dutch government may appeal against it. But even if it does, it has a larger problem with its policy in this area. Although it claims a new data retention bill will be compatible with the CJEU ruling, the Netherlands' Data Protection Authority has already said that it is still too intrusive for a number of reasons. Clearly, the European debate over what is a reasonable and proportionate level of data retention -- if any -- has a long way to go yet, both in the Netherlands and elsewhere. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 21 days ago on techdirt
Walmart. Just saying the company's name is usually enough to evoke unbidden brain-sounds of terrifying organ music and images of pitchfork-wielding devil-imps. But, hey, it's a large business that's been around for quite a while, so I guess it's doing alright. It seems to me that somebody might want to call a meeting with the Walmart legal brain trust, because the company's campaign against a silly and simple parody website isn't achieving much of anything at all, and is in fact Streisanding the parody site into national views. This story starts back in 2012, when ICANN saw fit to hold a firesale on domain extensions. Buying them up was all the rage for reasons unfathomable to this author. Still, that was the impetus for how we arrived at Walmart going after a site with a .horse extension. That explains why, for the mere price of $29, you can now purchase a .horse domain name, if you want to do such a thing. "With .HORSE, there are no hurdles between equine enthusiasts on the Internet," says United Domains. "Giddy up and register .HORSE today!" It doesn't seem like too many people have been receptive to this pun-based sales pitch, but a 34-year-old named Jeph Jacques saw the opportunity for what he calls an "art project." "I thought, 'Alright I'm gonna buy this and do something stupid with it and see what happens," he told me. And readers, he did just that. This grand art project? Buying up the domain www.walmart.horse, slapping a picture of the front of a Walmart store with a, you guessed it, horse superimposed over the top, and declaring the whole thing a monumental artistic success. Seriously, this is the only thing at the website if you go there. Monet it might not be, but the image is suddenly competing with the likes of famous artists for attention and views thanks to Walmart freaking the hell out about it. In its infamous wisdom, Walmart and its crackerjack legal team have demanded that the whole shebang be taken down, claiming infringement of trademark. The C&D letter Walmart helpfully sent along suggested that Jacques' website would confuse customers into thinking that Walmart, who is not in either the business of horses nor in the business of having a sense of humor, might have some affiliation to walmart.horse. Interestingly, the letter targets the domain name, rather than the image on the site itself. I'm not personally aware of any infringement claim on domain name being refuted by the actual extension used, but this would seem to be a ripe candidate for that argument, given that Walmart is not in the horse business. But this really shouldn't even get that far, given the whole purpose of the site itself and the artistic nature of the creator. Jacques argues that his site is "an obvious parody and therefore falls under fair use." He also told Walmart in his response that he'd be happy to put a disclaimer on his site to let visitors know he is not actually affiliated with the Waltons. And although he doesn't want to bow to the company just yet, he says he's already proved his original hypothesis: that corporations spend an absurd amount of time policing their trademarks. Point proven, I suppose. Meanwhile, a tiny joke site has been Streisanded into the national conversation because Walmart just couldn't resist. Permalink | Comments | Email This Story

Read More...
posted 21 days ago on techdirt
There was a time when it was possible to keep track of popular internet memes, but there's a countless number (maybe some neural net behind youtube has a tally while it's not trying to recognize cat videos) being created all the time now. Some marketing folks are trying to mimic viral videos and engineer their own, and it'll probably get harder and harder to spot the fake memes. ICYMI, here are a few links on viral videos of varying seriousness. The most popular viral video for millions of Chinese citizens is a 104 minute documentary on air pollution. The film ("Under the Dome") has gotten hundreds of millions of views, and although it has been removed from some popular Chinese video site, the message is still spreading. [url] A few internet-famous memes have brought financial windfalls, but some folks are not at all happy about their internet popularity. The "Star Wars Kid" was one of the first viral videos that featured an unwilling participant. It won't be the last one, but is there really any good way to put the toothpaste back into the tube? [url] Superfuse videos compile a bunch of content all together into a strange nearly-unwatchable cut of visual art. We've seen heard this sort of thing done with music, so it's not too surprising to see this technique with video mashups, too. [url] If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.Permalink | Comments | Email This Story

Read More...
posted 21 days ago on techdirt
Canada's new copyright notice system is swiftly become a playground for copyright trolls. As Michael Geist reports, Canadian legislators could have baked in a few limitations to curb abuse, but chose instead to ensure the Rightscorps of the world could twist the legislation to their advantage. Despite more than a year of work on potential regulations – including possible costs to rights holders for sending notifications – Industry Minister James Moore abandoned the process, implementing the system with no costs, no limitations on notice content, no restrictions on settlement demands, and no sanctions for the inclusion of false or misleading information. The government’s backgrounder says that the law “sets clear rules on the content of these notices”, however, it does not restrict the ability for rights holders to include information that goes beyond the statutory minimum. Righstcorp is called out for a reason. It was the first to seize this opportunity to shake down Canadian internet users with pre-settlement offers. To make its requests appear more "reasonable," Rightscorp lied in its letters to alleged infringers. The notice falsely warns that the recipient could be liable for up to $150,000 per infringement when the reality is that Canadian law caps liability for non-commercial infringement at $5,000 for all infringements. The notice also warns that the user’s Internet service could be suspended, yet there is no such provision under Canadian law. Beyond that, Rightscorp has no intention of litigating these cases -- which would be the only way for it to secure statutory damages. Even in the US, where the sky-high $150,000 applies, Rightscorp has yet to actually sue anyone for copyright infringement. It instead hopes to nickel-and-dime its way to the top of the troll heap with $20/per infringement "settlements." Now another copyright troll is invading the same territory. CEG TEK (Copyright Enforcement Group… um… TEK) has started sending out reams of useless and misleading paper threatening alleged infringers in Canada, citing the new law in order to appear really, really serious about possibly doing something expensive to those on the receiving end. At least this letter acknowledges the $5,000 cap on infringement awards, but it only uses that higher number to make its demands in the low-hundreds per infringement more palatable. The rest of it is standard demand letter histrionics. In Canada, the unauthorized copying, performance, and/or distribution of Rights Owner’s Work is illegal and is subject to civil sanctions (with statutory damages of up to $5,000 or non-statutory damages that could be higher) and/or criminal sanctions, and is a violation of the Canada Copyright Act (R.S.C., 1985, c. C-42). The recent amendments to the Copyright Act, which came into force on November 2012, have confirmed Rights Owner’s right to have its copyright protected in Canada. [...] If you have questions about your legal rights, you should consult with your own legal counsel (i.e., barrister, solicitor, lawyer, and/or attorney). CEG HAS BEEN AUTHORIZED BY RIGHTS OWNER TO OFFER A SETTLEMENT SOLUTION TO RESOLVE THIS MATTER AND PREVENT LEGAL ACTION. You have until Saturday, March 28, 2015 to access the settlement offer and settle online. Of course, the letter makes it appear as though CEG can actually offer a complete release from legal culpability for only $xxx, and the artful use of ALL CAPS around "SETTLEMENT SOLUTION" and "LEGAL ACTION" could give some recipient the sense that something dangerous lurks behind this mass-mailed "threat." But CEG, like Rightscorp, can't make much money with "LEGAL ACTION." Nope, it's all about "SETTLEMENT SOLUTIONS." Serve to thousands. Collect from tens. Call it a day. There's no lawsuit coming. A search for CEG in the Justia database returns a single lawsuit -- and in that one, CEG was the defendant. Perhaps that's why the letter stays suitably vague about the consequences of ignoring these missives. At this point. CEG TEK's business model only allows for repeated sending of demand letters and, if needed, more use of the Caps Lock key. Still, the shakedowns will have an effect, mostly on the wholly ignorant or easily intimidated -- which makes copyright trolling indistinguishable from any number of scams. The victims are those who don't know any better. And Canada's decision to enact a copyright notice system filled with holes only encourages entities like CEG and Rightscorp to expand their "markets." Permalink | Comments | Email This Story

Read More...
posted 21 days ago on techdirt
There has been an increasing push by the legacy entertainment industry to get "full site blocking," in which companies can declare sites they don't like as "rogue" and order ISPs to block all access to them. This was the whole point of SOPA. And while that law failed in the US, the entertainment industry is still interested in figuring out other paths to making it happen. Courts in many other countries have been much more receptive to this form of censorship -- and have regularly ordered ISPs to block sites. This is true in Sweden as well, but it appears that one ISP, Bredbandsbolaget, is going to fight back for as long as it can, according to Torrentfreak: “It is an important principle that Internet providers of Internet infrastructure shall not be held responsible for the content that is transported over the Internet. In the same way that the Post should not meddle in what people write in the letter or where people send letters,” Commercial Director Mats Lundquist says. “We stick to our starting point that our customers have the right to freely communicate and share information over the internet.” Of course, this means that they'll be going to court later this year. Torrentfreak notes that the MPAA is pulling the strings behind this, of course: Internal movie industry documents obtained by TorrentFreak reveal that IFPI and the Swedish film producers have signed a binding agreement which compels them to conduct and finance the case. However, the MPAA is exerting its influence while providing its own evidence and know-how behind the scenes. Also of interest is that IFPI took a decision to sue Bredbandsbolaget and not Teliasonera (described by the MPAA as “the largest and also very actively ‘copy-left’ Swedish ISP”). The reason for that was that IFPI’s counsel represents Teliasonera in other matters which would have raised a conflict of interest. Meanwhile, we're still left wondering how any of this encourages people to actually spend more money to support content creators.Permalink | Comments | Email This Story

Read More...
posted 21 days ago on techdirt
This blog post is reprinted from Public Knowledge, and is quite timely. On Thursday of this week, we'll be discussing this very topic at our Copia Inaugural Summit, with Natalia Krasnodebska from Shapeways. We'll also be distributing copies of this new report at the event. If you haven't signed up to attend or to join Copia, please check it out. Among a host of other (arguably more important) wonders, widespread access to 3D printing raises all sorts of interesting intellectual property law questions. Some of these questions are the obvious result of combining physical objects, digital files, and the distributive power of the internet. Others, however, are less obvious. 3D printing has the potential to take many of the things we assume about intellectual property law and turn it on its head. The past fifteen years or so have given us all a collective informal education in intellectual property law. We have been taught to assume that everything we see on our computer screen is protected by intellectual property law (usually copyright), and that copying those things without permission can often result in copyright infringement (and potentially lawsuits). By and large, this has been a reasonable rule of thumb. The things that we most often associate with our computer screens – those are the music, movies, software, photos, articles, and whatnot – happen to also be the types of things that are protectable by copyrights. As copyright automatically protects things that are categorically eligible for protection, it is safe to begin from the assumption that the music, movies, software, photos, articles, and whatnot made in the last century that you find online are actively protected by copyright. This easy assumption becomes less reasonable in the context of 3D printing. Many of the objects coming out of a 3D printer are simply not eligible for copyright protection. As “functional” objects, they are beyond copyright’s scope. They may be protectable by patent, but because patent protection is not automatic, many of these objects will simply not be protected by intellectual property at all. The idea that something is entirely unprotected by copyright or patent would have felt perfectly natural 30 years ago, but can feel deeply disorienting today. Furthermore, unlike those music, movies, software, photos, articles, and whatnot, we often have to treat a physical object and the digital file that represents that object differently in the context of 3D printing and intellectual property. Although we do not often draw the distinction between a song and an .mp3 file, there are many situations where we are called on to conceive of an object and its digital file as fundamentally different intellectual property entities. The importance of this difference manifests itself when people start to talk about licensing 3D printed things. Taking a page from the more traditional digital world, the conversation often starts with the relative strengths and weaknesses of various licenses. However, beginning there skips a fundamental and easy-to-overlook step: before considering which license to use, you need to know what you are actually licensing. It was easy to skip this step with traditional digital media because the answer to “what can you license?” was almost always “everything.” But in the context of 3D printing, the answer is just as likely to be “nothing” or at least “only some parts.” Understanding what is and is not available to license is a new skill for our collective intellectual property education, and it is a critical one in the world of 3D printing. In order to start this process, today we at Public Knowledge are releasing a new whitepaper called Licensing Your 3D Printed Stuff. Instead of focusing on the differences between licenses, this paper walks you through how to figure out what is even available to license in the first place. Because until you understand that, everything else is just a detail.Permalink | Comments | Email This Story

Read More...
posted 21 days ago on techdirt
The US legal system took a step towards criminalizing thought when a New York court convicted a former NYPD officer of conspiring to kidnap, rape, kill and eat 100 women. The evidence against Gilberto Valle included chat logs and internet searches. The details uncovered were nightmarish. But at the end of it all, it only amounted to Valle giving his very vivid imagination a long leash. On appeal, the court overturned the conspiracy charges, stating that Valle's "conspiracy" was little more than thoughtcrime, something the legal system isn't* in the business of punishing. (And yet, "conspiracy" remains a valid criminal charge -- one used extensively by the FBI to bag its handcrafted "terrorists." Go figure.) *About a million caveats apply. But the court left one charge on the table: a CFAA violation. During the course of Valle's fantasizing, he used police databases to look up information on one of his "victims." This, of course, is an egregious abuse of his position and access, but it is not -- as the EFF argues -- a CFAA violation. Despite acquitting Valle on the conspiracy charge, the court upheld the CFAA conviction, believing that the restrictions placed on Valle concerning the database—which permitted him to access any part of the database as long as it was for a valid law enforcement purpose—was an access restriction, not a use restriction, simply because of the way the restriction was phrased. The distinction between "access" and "use" restrictions is critical because serious prison time is at stake. Congress clearly intended the CFAA to criminalize the act of breaking into computer systems a person is not allowed to be in otherwise, but violating a use restriction—a (usually written) policy that governs the purposes for which someone can use their access—is clearly not that. The EFF has filed an amicus brief in Valle's case (now before the Second Circuit Court), arguing for this charge to be overturned as well. In it, the EFF points out that Valle's unauthorized access didn't involve him actually breaking into the NYPD's computers -- a key element of CFAA charges. Instead, he already had access. He just didn't have permission to do what he did. So, while Valle's abuse of his access was certainly immoral, possibly illegal under a New York state law, and a clear violation of NYPD policy, it was not the sort of circumvention Congress had in mind when it crafted the bill. There should definitely be consequences for this activity (including Valle being subject to civil rights lawsuits from the violated party[ies]), but there definitely should not be a finding that violating an internal use policy is a federal crime. As it stands now, the decision reached by the lower court poses a serious threat to nearly anyone with access to computers/networks provided by their employers. Most critically, the court set a dangerous precedent. As we’ve repeatedly warned, this theory of CFAA liability gives employers and website owners the power to make behavior illegal through simply adopting use restrictions in their corporate policies or terms of use, which in turn criminalizes a broad range of innocuous everyday behaviors—like checking personal email or the score of a baseball game. It's the worst cases -- ones with less-than-sympathetic defendants -- that result in the worst precedents. Valle's extended, detailed cannibalistic fantasies are hard to defend, even knowing that he never followed through with the lurid plans he dreamed up. Free speech is toughest to defend when it's composed of brutal and depraved fantasies that include any number of hideous criminal acts. But the lower court saw it for what it was: thoughts, not deeds. Now, there's one detail left, but it's hardly a minor one. The remaining charge -- if left standing -- seriously lowers the bar for criminal charges under the CFAA, a law that is already severely flawed. And so, the EFF joins the battle on behalf of a former NYPD officer who abused his position to further his violent fantasies in hopes of protecting far-more-centered members of the general public from abuse at the hands of a broken law.Permalink | Comments | Email This Story

Read More...
posted 21 days ago on techdirt
If you wanted more bad reviews than you could shake a legally-unenforceable clause at, you'd do this: [Windermere Cay's] Social Media Addendum, published here, is a triple-whammy. First, it explicitly bans all "negative commentary and reviews on Yelp! [sic], Apartment Ratings, Facebook, or any other website or Internet-based publication or blog." It also says any "breach" of the Social Media Addendum will result in a $10,000 fine, to be paid within ten business days. Finally, it assigns the renters' copyrights to the owner—not just the copyright on the negative review, but "any and all written or photographic works regarding the Owner, the Unit, the property, or the apartments." Snap a few shots of friends who come over for a dinner party? The photos are owned by your landlord. The Florida apartment complex claims the stupid clause is needed to prevent "unjust and defamatory reviews." It makes this claim -- not in a statement given to Ars Technica (which was tipped off by a resident) -- but in the introductory paragraph of the Addendum. From there it gets worse. Doing any of the following triggers a $10,000 fine, with $5,000 added on for each additional "infraction." This means that Applicant shall not post negative commentary or reviews on Yelp!, Apartment Ratings, Facebook, or any other website or Internet-based publication or blog. Applicant agrees that Owner shall make the determination of whether such commentary is harmful in Owner's sole discretion, and Applicant agrees to abide by Owner' determination as to whether such commentary is harmful. Then come the copyright demands. Additionally, each Applicant hereby assigns and transfers to Owner any and all rights, including all rights of copyright as set forth in the United States Copyright Act, in any and all written or photographic works regarding the Owner, the Unit, the property, or the apartments. This means that if an Applicant creates an online posting on a website regarding the Owner, the Unit, the property, or the apartments, the Owner will have the right to notify the website to take down any such online posting pursuant to the Digital Millennium Copyright Act. Of course, when confronted by Ars about the Addendum, the property managers claimed this was all someone else's fault. Asked about the Social Media Addendum by Ars, Windermere Cay's property manager sent this response via e-mail: "This addendum was put in place by a previous general partner for the community following a series of false reviews. The current general partner and property management do not support the continued use of this addendum and have voided it for all residents." I would imagine the support was removed and addendum voided shortly after Ars publicized it, and not a moment before. According to Ars, the resident who contacted the site was asked to sign this suddenly-unsupported addendum only "days before." But Windermere's management now very likely regrets ever including it in the first place. Like so many others before it, Windermere is learning that attempting to preemptively shut down criticism with bogus clauses and high fees almost always results in more criticism. Its Yelp! page is swiftly filling up with negative reviews and -- like every other emotionally-charged incident on the internet, has already achieved Godwin. Obviously, there are better ways to handle allegedly defamatory reviews. A $10,000 fine and a preemptive usurpment of tenants' copyright isn't one of them. [And neither is this bizarre Craigslist ad from another, unrelated rental property -- which makes vague claims about "defamation" while shouting "LAWSUIT LAWSUIT LAWSUIT" across the ether.] As multiple entities have learned over the years, you can't stop criticism on the internet. You can only hope to contain it. Legal threats and punitive fines tend to blow the walls right off the containment scheme. What should be handled with exceptional customer service and the rare lawsuit (for truly defamatory statements) is instead turned over to hamfisted legalese and intimidating dollar amounts -- both of which make things worse for the entities they're ostensibly in place to protect.Permalink | Comments | Email This Story

Read More...
posted 22 days ago on techdirt
Before there was Edward Snowden, there was of course the notably less celebrated Mark Klein. As most of you probably recall, Klein, a 22-year AT&T employee, became a whistleblower after he highlighted (pdf) how AT&T was effectively using fiber splits to give the NSA duplicate access to every shred of data that touched AT&T's network. Of course, once it was discovered that AT&T was breaking the law, the government decided to just change the law, ignore Klein's testimony, and give all phone companies retroactive immunity. It really wasn't until Snowden that the majority of the tech press took Klein's warnings seriously. AT&T's been loyally "patriotic" ever since, often giving the government advice on how to skirt the law or at times even acting as intelligence analysts. Business repercussions for AT&T have been minimal at best; in fact, you'll recall that Qwest (now CenturyLink) claimed repeatedly that government cooperation was rewarded with lucrative contracts, while refusal to participate in government programs was punished. In fact, the only snag AT&T's seen in the years since was to have its European expansion plans thwarted, purportedly by regulators uncomfortable with the carrier's cozy NSA ties (AT&T instead simply expanded into Mexico). Fast forward a few years and The Hill is now claiming that AT&T's relationship with the NSA could harm the company's $48 billion attempt to acquire DirecTV. This claim is apparently based on the fact that a coalition of AT&T business partners, called the Minority Cellular Partners Coalition, is warning the FCC in a letter (pdf) that AT&T's enthusiastic voluntary cooperation with the NSA shows the company's total disregard for consumer privacy. "(Despite immunity) the Commission is still obliged to execute and enforce the provisions of § 229 of the Act, see 47 U.S.C. § 151, and it is still empowered to conduct an investigation to insure that AT&T complies with the requirements of CALEA. See id. § 229(c). And the Commission is obliged to determine whether AT&T is qualified to obtain DIRECTV’s licenses in light of its egregious violations of CALEA. This is particularly true given AT&T’s continued and ongoing pattern of misconduct. Accordingly, the Commission should investigate AT&T’s complicity in the PSP to determine whether AT&T engaged in unlawful conduct that abridged the privacy interests of telecommunications consumers on a vast scale and, if so, whether AT&T is qualified to obtain DIRECTV’s licenses." Of course, that's simply not happening. While the NSA cooperation can be used as a broader example of AT&T's character (like the repeatedly nonsensical claims the company makes when it wants a merger approved, or how AT&T tries to charge its broadband customers extra for no deep packet inspection), it's incredibly unlikely that the same government that granted AT&T's immunity will turn around and sign off on using AT&T's behavior to squash a merger. If the merger is blocked, it will be due to more practical considerations -- like the fact that DirecTV is a direct competitor to AT&T and eliminating them would lessen competition in the pay TV space. When it comes to AT&T's relationship with the NSA, it's pretty clear by now that these particular chickens may never come home to roost.Permalink | Comments | Email This Story

Read More...
posted 22 days ago on techdirt
We just had a story based on the Intercept breaking the fact that the CIA holds an annual hackathon (the CIA calls it a "Jamboree") to come up with new ways to hack secure systems, inviting in various contractors and government agencies. Much of the work is focused on hacking Apple's security, inserting backdoors and generally degrading security and encryption for everyone. The CIA refused to comment on the Intercept's original story, but the reporters got former FTC official Steven Bellovin to sum it up as: “Spies gonna spy,” says Steven Bellovin, a former chief technologist for the U.S. Federal Trade Commission and current professor at Columbia University. “I’m never surprised by what intelligence agencies do to get information. They’re going to go where the info is, and as it moves, they’ll adjust their tactics. Their attitude is basically amoral: whatever works is OK.” Now, "unnamed" anonymous CIA officials seem to be picking up where that shrugging comment left off. Talking to CNBC reporters, the CIA folks give similarly "meh" kinds of responses: "That's what we do," the official said. "CIA collects information overseas, and this is focused on our adversaries, whether they be terrorists or other adversaries." Except, of course, they don't just spy overseas. The CIA has done domestic spying as well, and the descriptions of the projects don't just impact people overseas. And then there's this one: "There's a whole world of devices out there, and that's what we're going to do," the official said. "It is what it is." It is what it is. That's someone who clearly doesn't care one bit about the negative consequences of attacking security and inserting backdoors that can harm everyone, just so long as they can also spy on people they don't like. You know, like the US Senate.Permalink | Comments | Email This Story

Read More...
posted 22 days ago on techdirt
If you live in a broadband and TV market with anything even closely resembling competition, you've probably learned that the only way to get the best rates is to pit ISP retention departments against one another. Often only by seriously threatening to cancel can users force ISPs to bring out their best promotional offers, something you'll have to repeat every few years if you don't want to get socked with higher rates. The ideal consumer then, from the broadband and cable industry's perspective, is one that grumbles a little bit but can't be bothered to do a little extra legwork to secure better rates (read: the vast majority of users). Of course pitting ISPs against one another assumes you even have the choice of more than one decent broadband provider, something that's certainly not a given. Even in markets we tend to think of as competitive, we're increasingly seeing non-price competition (what I affectionately refer to as "wink wink, nod nod" competition), wherein duopolies quietly work together to slowly edge prices upward -- because there's simply no repercussion for doing so. The New York City tri-state area, where Cablevision and Verizon FiOS engage in a customer tug-of-war, is a perfect example of this kind of not-really-competition. While Verizon and Cablevision did compete intensely for a short while in New York, the two sides have in recent years declared what can only be called a competitive cease fire. Both have dramatically scaled back or stopped promotions entirely and raised rates whenever possible. In fact, a study last year noted that while all cable rates are increasing much higher than the rate of inflation, Cablevision customers see some of the highest rates in the nation. Cablevision executives meanwhile have made their disdain for the smart consumer abundantly clear over the last few years, calling smart shoppers a "dead end" that the company has no interest in pursuing. Speaking at a recent investor conference, Cablevision vice chairman Gregg Seibert took this rhetoric one step further, declaring that customers that follow the best promo offer are a "low quality" subscriber that the company is happy to get rid of:"We found out that we were pushing subscribers back and forth on a highly promoted basis," said Cablevision vice chairman Gregg Seibert, speaking Monday at the Deutsche Bank 2015 Media, Internet & Telecom Conference in Palm Beach, Fla. "I don't want to roll a truck to you every two years if you keep going back and forth to another provider … So we're getting rid of that lower quality, lower profitability base of subscriber."Except "pushing subscribers back and forth" is what competition is. Fighting to offer a better value than the other guy is how competition works. That Cablevision and FiOS can just choose when they'd like to seriously compete illustrates perfectly how even in U.S. markets we consider to be more competitive, what we're usually witnessing is just coordinated competition theater. When consumers only have one or two real options for service, and both of those options quietly agree on an unwritten competitive cease fire, there's simply no longer any reason to even try. It's then a lovely layer of hubris to publicly express disdain for customers looking for something better.Permalink | Comments | Email This Story

Read More...
posted 22 days ago on techdirt
Hillary Clinton and her team apparently felt that it was finally time to have the Candidate* address the whole email thing, which she did with a press conference, in which she tried to brush the whole thing off as nothing. Here's the key bit from her prepared remarks: Now, I would be pleased to talk more about this important matter, but I know there have been questions about my email, so I want to address that directly, and then I will take a few questions from you. There are four things I want the public to know. First, when I got to work as secretary of state, I opted for convenience to use my personal email account, which was allowed by the State Department, because I thought it would be easier to carry just one device for my work and for my personal emails instead of two. Looking back, it would've been better if I'd simply used a second email account and carried a second phone, but at the time, this didn't seem like an issue. Second, the vast majority of my work emails went to government employees at their government addresses, which meant they were captured and preserved immediately on the system at the State Department. Third, after I left office, the State Department asked former secretaries of state for our assistance in providing copies of work- related emails from our personal accounts. I responded right away and provided all my emails that could possibly be work-related, which totalled roughly 55,000 printed pages, even though I knew that the State Department already had the vast majority of them. We went through a thorough process to identify all of my work- related emails and deliver them to the State Department. At the end, I chose not to keep my private personal emails -- emails about planning Chelsea's wedding or my mother's funeral arrangements, condolence notes to friends as well as yoga routines, family vacations, the other things you typically find in inboxes. No one wants their personal emails made public, and I think most people understand that and respect that privacy. Fourth, I took the unprecedented step of asking that the State Department make all my work-related emails public for everyone to see. I am very proud of the work that I and my colleagues and our public servants at the department did during my four years as secretary of state, and I look forward to people being able to see that for themselves. Again, looking back, it would've been better for me to use two separate phones and two email accounts. I thought using one device would be simpler, and obviously, it hasn't worked out that way. Later, in the Q&A session she added a few "details." On the question of which emails she kept private (which she says she deleted), she claimed it was just stuff that don't need to be shared, such as emails between herself and Bill Clinton: And the process produced over 30,000 you know, work emails, and I think that we have more than met the requests from the State Department. The server contains personal communications from my husband and me, and I believe I have met all of my responsibilities and the server will remain private and I think that the State Department will be able, over time, to release all of the records that were provided. As for the security of the emails, she insists they were fine because they were guarded by the Secret Service: Well, the system we used was set up for President Clinton's office. And it had numerous safeguards. It was on property guarded by the Secret Service. And there were no security breaches. So, I think that the -- the use of that server, which started with my husband, certainly proved to be effective and secure. Now the proper follow up to that is how the hell do you know there were no security breaches. Having Secret Service agents guard the physical machine is one thing. Making sure there were no online breaches is another thing entirely. Trevor Timm, over at the Guardian, notes that Clintons statements only raise a lot more questions. For example, she claims that the private emails were things like emails with Bill. But, as Timm points out, just hours earlier, Bill Clinton's spokesperson said that the President still doesn't use email. The former president, who does regularly use Twitter , has sent a grand total of two emails during his entire life, both as president, says Matt McKenna, his spokesman. After leaving office, Mr. Clinton established his own domain that staff use–@presidentclinton.com. But Mr. Clinton still doesn’t use email himself, Mr. McKenna said. So, was Hillary lying when she said other emails were just her and Bill chatting -- or was Bill's own spokesperson wrong? Timm also digs in on that "no security breaches" claim, and finds that Clinton's people did a followup with a caveat: "there is no evidence there was ever a breach." Which could mean there was one, and they just never knew about it. Furthermore, the better question (and one a reporter in the press corp. should have asked) is not about the Secret Service guys guarding the box, but who set up the computer security for the email server. But no one did. Here's Timm: Also: what type of security professionals were looking after the server? Clinton said the secret service guarded it, but we have no idea the expertise of the person actually running it. Experts have already pointed to basic holes in the email server’s security based on public data, and as any systems administrator will tell you, running your own email server is never simple. Another point raised by Timm: Clinton seems to be willfully misstating the rules when she claims she didn't violate them: Clinton also said at the press conference she “fully complied with every rule I was governed by”. Well, actually: a 2005 State Department directive said “It is the Department’s general policy that normal day-to-day operations be conducted on an authorized [Automated Information System], which has the proper level of security control to provide nonrepudiation, authentication and encryption, to ensure confidentiality, integrity, and availability of the resident information.” Sources told Politico the rules were “clear-cut”. An ambassador was harshly criticized in 2012 for breaking this rule in the same manner Clinton did and subsequently fired in part for using a private email account at work. And Clinton herself signed a State Department cable in 2011 saying that all ambassadors should avoid personal email for professional business. In the end, this response tried to answer questions, but only served to raise a bunch of new ones. * Still not officially runningPermalink | Comments | Email This Story

Read More...
posted 22 days ago on techdirt
As we noted recently, one of the most worrying aspects of corporate sovereignty chapters in trade agreements is the chilling effect that they can have on future legislation. That's something that the supporters of this investor-state dispute settlement (ISDS) mechanism never talk about. What they do say, though, is that corporate sovereignty cannot force governments to change existing laws. A recent defeat for Canada before an ISDS tribunal proves that's not the case: An international trade tribunal has ordered Ottawa to pay ExxonMobil and another oil company $17.3 million, following a complaint that the companies were required to spend money in Newfoundland and Labrador on research and development. The case was brought by ExxonMobil using the corporate sovereignty provisions in the North American Free Trade Agreement (NAFTA), and concerned another agreement, called the Atlantic Accord. As CBC News explains: Under the terms of the Atlantic Accord, a federal-provincial agreement on oil development first negotiated in 1985, oil companies are required to support petroleum-focused research and development in Newfoundland and Labrador, as part of its local benefits package. In other words, three decades ago, Canadian politicians had passed a research and development package, one of whose measures was designed to boost local employment -- exactly the kind of thing that voters want their politicians to do. But the ISDS tribunal ruled that under NAFTA, this was not permitted, and awarded substantial damages to ExxonMobil for being required to comply with the Atlantic Accord. But it gets worse: Unless the governments of Canada and Newfoundland and Labrador agree to change the R&D legislation, Ottawa could be on the hook for continued damages. The federal government is responsible because NAFTA is an agreement between sovereign nations. That is, the corporate sovereignty provisions in NAFTA are being used to force the Canadian government to change existing and long-standing legislation -- something that ISDS fans assure us never happens. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 22 days ago on techdirt
Both a cop and his prime homicide suspect have walked away free men. But it's the cop who's gathered most of the attention. Donald Love was picked up by Milwaukee police on August 14, 2013, after his infant son died in a local hospital of traumatic brain injuries. Love wasn't just a "person of interest." He was alone in the house with the infant at the time the injury occurred. Love was interrogated by detective Rodolfo Gomez Jr. This questioning was recorded. The highlight reel, as it were, doesn't show much interrogation. It shows Gomez attacking the restrained suspect on two separate occasions. Love was punched, kicked and jabbed in the eye with Gomez's thumb. The latter -- and more excruciating "interaction" (caution: the video hosted here contains some very unnerving screaming) -- occurred during Gomez's "follow-up questioning," and appears to have been provoked by Love's justifiably angry yelling. A jury acquitted Love of all charges more than year later. Another jury also acquitted Gomez of all charges, despite watching him assault a handcuffed man. (via The Honest Courtesan) How do you defend someone against charges related to a videotaped beating? Well, you do everything you can to cast the person handing out the beating as the real victim. His defense lawyers helped, but they had to fight an uphill battle against both damning video footage and statements made by Gomez himself, most of which gave the indication that he had no idea how to handle a potentially dangerous individual. First, Gomez admitted he said something he knew would provoke an angry response. Then he claimed his short-term memory went all haywire in the heat of the moment. Even after Gomez punched Love hard in the face, he still refused orders to sit and stop resisting, Gomez told the jury, causing the veteran detective to fear for his life. Love finally settled down when the lieutenant responded to yelling in the interrogation room and helped Gomez gain control of Love. Both detectives then left the room, but Gomez continued to monitor Love from just outside the doorway. It was at that point, Gomez said, that he realized he had handcuffed Love earlier. "I had forgotten I had handcuffed Mr. Love," Gomez said. "Forgotten." And twice at that. Gomez got a very good look at the "forgotten" handcuffs during the first beatdown, having twisted Love's free arm up against his body and bent him over the interrogation room desk. But he entered the room moments later and acted as though Love's left hand was unrestrained. On top of that, he stated that he "provoked" an angry reaction -- something he probably wouldn't have done if he thought Love was completely unrestrained. If he actually thought Love wasn't cuffed to the wall -- and went ahead with his plan to aggravate his detainee -- then Gomez was either acting recklessly or just looking for an excuse to start swinging. Gomez's memory continued to leak. Gomez said the door behind was closed and locked, which made retreat difficult. But even if the door had been open, he said, he would not have tried to leave the room. "I'd be giving my back to a killer," Gomez said. A lieutenant testified that when responding to the room after hearing yelling, the door was open. And with all of that (and the detective's past misconduct), the jury still found Gomez credible enough to acquit. The key to this unlikely turn of events? The skillful manipulation of time. A handful of guys in black suits walking down through a parking lot is almost completely uninteresting. But adjust the speed a bit and suddenly you have something much more dramatic. The same sort of thing happens in real life. A video which apparently shows a detective beating an unarmed, restrained man becomes a horrific incident in which a detective bravely survives a potential beating at the hands of an unarmed, restrained man. A juror from the trial said a defense expert's frame-by-frame examination of the incident's key moments put things in a different light and convinced jurors that Gomez reasonably believed he was in danger and used only the force necessary to establish control over Deron Love, a suspect in the death of his infant son. "We were able to convince the last juror, reluctantly, that still frame by still frame Gomez's last three closed fist windups became open palm motions to control Love's arms, and his final leg strike misses the mark." Gardner said the expert's explanation, while moving single frames from the video back and forth in a slide show, helped convince jurors that Love was resisting Gomez's commands to sit down or relax his body, even if Love didn't actively fight back. It also helps to have a jury pool sufficiently awed by the dangers of police work that they can swallow that last sentence without immediately vomiting in disbelief. And also willing to grant positive points for blows that didn't quite connect. Apparently, you can "resist" without "actively fighting back," and you'll know that you're "resisting" when the police officer begins raining blows on your handcuffed body. "Turning your back on a killer" or no, Gomez had other options. Love was restrained. He could have left the room. He could have called for help. He could have simply walked as far back as needed to still "communicate" with Love without being "resisted" at the same time. The excuse that he "forgot" he had handcuffed Love might work once, but it doesn't explain his actions the second time, after he could plainly see the handcuff attached to Love's wrist. Gomez, for the time being, is no longer a Milwaukee PD employee. This "problem" may be swiftly remedied now that he's been acquitted. Love has also been cleared of all charges, but he's headed right back into the courtroom with a newly-filed civil rights suit against Gomez. Just as this won't be Love's first tango with Gomez, it also won't be Gomez's first appearance under the heading "DEFENDANT" in a civil rights suit. A 2008 lawsuit stemming from a no-knock warrant obtained by Det. Gomez ended up this way. Gomez, now a homicide detective, sought qualified immunity. The district judge denied the request, a decision that was upheld Wednesday by the 7th U.S. Circuit Court of Appeals. Gomez was recently the subject of internal investigation after his arrest on a domestic violence claim. No criminal charges were issued. In its 20-page opinion, the court found that "If believed, (the sister's sworn) deposition testimony would establish that Officer Gomez knowingly or with reckless disregard for the truth made false or misleading statements in the affidavit..." In denying Gomez qualified immunity, the court noted that Gomez's affidavit implied the [suspects] kept weapons as a part of a criminal enterprise, when the sister's tip suggested nothing of the sort, that he knew the sister was on bad terms with Sharon Betker and hadn't been in the Franklin home for five years, and didn't try to nail down some information that came from her as hearsay. "Statements that are both unreliable and uncorroborated do not support probable cause," the court found. Former Det. Gomez, ladies and gentlemen: a cop who hits restrained men and unrestrained women, but somehow manages to land on his feet. And wrapped up in his tale of habitual abuse is the "power" of video -- an objective, unblinking eye that can be made to "take sides" when properly manipulated. A recording of a disputed event is better than hearsay and conjecture but, in reality, is often nothing more than a useful idiot. It only records. It offers images, not insight. With enough skill, any recording can be used to present both sides of the same argument. "Seeing is believing," as they say, but the use of controversial tactics, like those used in Gomez's defense, can change what is seen and alter beliefs. Permalink | Comments | Email This Story

Read More...
posted 22 days ago on techdirt
Getting on a rocket to Mars has been a dream for space exploration enthusiasts for decades. However, there are a lot of engineering problems that still need solutions before people can safely get to Mars (and back, unless you favor the one-way trip strategy). Optimists might expect humans to walk on Mars sometime in the 2030s, but realistically, there would have to be a significant change in the way deep space exploration is funded for that to happen. If you're just entering 5th grade or so, maybe you can consider a career on Mars. But perhaps you shouldn't put all your eggs in one basket. Boeing has a promotional video for its SLS (Space Launch System) rocket that could get people to Mars. Boeing suggests that six spacecraft elements need to be built, and two of them are already in the works. Getting those other four pieces might be difficult to do without several billion dollars more funding. [url] British astrophysicist Maggie Lieu wants to be the first woman to have a baby on Mars. She's a 24yo PhD candidate who is also on the shortlist for the Mars One project, so it's possible that her wish could come true. It sounds more than a bit risky to give birth on another planet, but it's been done in Antarctica.... [url] For a manned mission to Mars to work, an extremely sophisticated life support system will have to be developed to shield astronauts from radiation and keep bodies from atrophying in microgravity. When astronauts who have been in space for months come back to earth, there are plenty of able-bodied people to help them re-adjust to earth's full gravity -- but that's not really an option for landing on Mars. [url] If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.Permalink | Comments | Email This Story

Read More...
posted 22 days ago on techdirt
This isn't a huge surprise, even as it's ridiculously problematic, but the jury in the "Blurred Lines" copyright case has ruled that Robin Thicke and Pharrell Williams infringed on Marvin Gaye's song, and thus now owe $7.54 million. I had guessed that this is how the jury would rule solely because it was possible to play Blurred Lines lyrics over the Gaye composition and have it sound like it would fit -- and it seemed unlikely that the jury would understand enough about the specifics of copyright to not think that magically made it infringing. Of course, the fact is there are tons of songs that you could play over tons of other songs. That's why there are even multiple different comedy routines making this point. The jury seems to understand that Thicke and Williams didn't do this on purpose -- even though there was a claim made that they said they wanted a song with "the feel" of a Marvin Gaye song. In fact, they said it wasn't willful infringement. That means that, according to this jury, merely being inspired by a genre and making a song with the same sort of "feel" is infringing. That's not how copyright law is supposed to work at all. One hopes that Thicke and Williams appeal and the appeals court slaps down this ridiculousness. Either way, this accidental infringement is worth a pretty penny, according to the jury: Ultimately, a jury comprised of five women and three men heard dueling opinions regarding "Blurred Lines" and decided to order Thicke and Williams to pay $4 million in copyright damages plus profits attributable to infringement, which for Thicke was determined to be $1.8 million and $1.6 million. That's less than the $25 million that the Gaye Estate was seeking, but still. That's crazy. It's likely that Thicke and Williams will appeal, and one hopes that they'll go through with it, rather than settle just to end things. This is a horrific copyright ruling that suggests that songs that merely have a similar feel may be infringing. It's a really dangerous precedent that completely undermines basic copyright law. In the meantime, the Gaye estate is asking for a permanent injunction on the sale of the song, which is just a negotiating tactic to pressure Thicke/Williams into settling...Permalink | Comments | Email This Story

Read More...
posted 22 days ago on techdirt
Insanely popular game Minecraft is known for a lot of things. It's a fantastic creative outlet and the digital sandbox of youngsters' dreams, for instance. The game has also been known to raise the ire of unrelated companies who somehow think all that creativity by gamers is something that can be sued over. It's known for amazing user-generated content, including games within games and replicas of entire cities. The nation of Turkey is known for very different things. It's a country that absolutely loves to censor stuff, for instance. And, thanks to recent developments, Turkey is also known as a great place to get a front-row look at the incredible violence done by the Islamic State in Syria and Iraq. But the Turkish government has a plan to keep its youngsters from witnessing too much violence: it is calling to ban Minecraft. Turkish websites Hürriyet Daily News and LeaderGamer report that the country's Family and Social Policies Ministry is now calling for Minecraft to be banned in the region. The ministry's report has been sent to the legal affairs department, along with instructions for the legal process for the ban to begin. Ultimately, whether the game is banned or not will be decided in the Turkish courts. When it comes to the issue of violence corruption the national youth, one would really think that the Turkish government might have bigger fish to fry than a sandbox game in which battling fictional and non-human monsters is almost an aside from the actual gameplay mechanics. The point of the game is to build, to be creative, to express. For a Turkish government with the barbarians quite literally at its doorstep to call for censorship of one of the more benign gaming titles in recent memory would be comical if it were parody. But it isn't. Nor are some of the hilariously contradictory claims to Ministry made in its report. Although the game can be seen as encouraging creativity in children by letting them build houses, farmlands and bridges, mobs [hostile creatures] must be killed in order to protect these structures. In short, the game is based on violence," the report stated (via Hürriyet Daily News). The ministry feels as though children may confuse the in-game world with the real world, and even begin torturing animals, oblivious to the pain they're inflicting. The report added that not only would Minecraft cause "social isolation," but that the online component might lead to internet bullying. Ah, of course! It's a video game, so it has to create isolation amongst players, except it's a video game, so it must also create bullying problems because of the all the interacting going on between those isolated players. Don't think about that sentence for too long or your brain will storm out of your noggin in protest. Turkey may be censorship happy, but going after Minecraft over violence concerns? C'mon guys... Permalink | Comments | Email This Story

Read More...
posted 22 days ago on techdirt
Services like Uber and Lyft have been disrupting the taxi industry, and plenty more industries, too. In fact, they are the progenitors of a new and growing "gig economy". But what's it like to actually drive for one? Podcast co-host Dennis Yang has been trying his hand as a driver for both services, and in this episode he shares his experiences and sparks off a discussion about the future of this economy. Follow the Techdirt Podcast on Soundcloud, subscribe via iTunes, or grab the RSS feed. You can also keep up with all the latest episodes right here on Techdirt. Permalink | Comments | Email This Story

Read More...
posted 22 days ago on techdirt
For years now, customers have been begging HBO to offer a standalone streaming service. Instead, customers got HBO Go, a streaming service only accessible if you can prove you have traditional cable. HBO Go is part of the cable and broadcast industry's "TV Everywhere" initiative -- or the industry's misguided belief that you can thwart cord cutting by building giant walled gardens firmly tethered to traditional cable. Of course this does nothing to actually thwart cord cutting, and only drives customers unwilling to pay cable's endlessly-soaring rates to piracy. For many years, HBO was hesitant to offer a truly stand alone streaming service, fearing disruption of the cozy, promotion and subsidy-laden relationships it has with cable operators. Late last year HBO finally announced it would offer a standalone HBO service, but didn't provide any hard details. The good news? HBO has formally announced that it's launching "HBO Now" next month for a $15 monthly fee. The bad news (for some)? The service is going to be an Apple exclusive at launch, meaning that while you can access the service via iOS devices, you're out of luck if you'd like to use the service on a game console, Roku player, Chromecast, or any of the myriad other competing streaming devices. And while you will be able to watch HBO Now content via the new website and any old browser, you can apparently only register for the service using Apple's HBO Now app and an iOS device. This resulted in many people correctly noting customers are being herded from one walled garden to another: HBO used to be cable only, now it's cable and Apple exclusive. Is that really an improvement? http://t.co/ExSUMumDPg pic.twitter.com/1NKqrtV7Ei — Richard Lawler (@rjcc) March 9, 2015 The press release can't be bothered to mention this, but the exclusive is only for three months, after which HBO Now will be made available on all the usual platforms. Cable providers may also jump in and pitch the service, though many will likely worry they'll only act to cannibalize existing cable subscribers. In other words, we're not exactly talking about the end of the world here, and HBO Now is still part of a welcome sea change toward more standalone streaming options in 2015. If you're still annoyed, just pretend Apple users are beta-testing the service and ironing out the wrinkles ahead of your arrival this summer. Still, while the exclusive surely nets Apple a nice cash payout, being greeted by a giant wall isn't a great first HBO Now brand impression for Android, Xbox, Playstation, Chromecast or Roku users. Being greeted by that same giant wall also isn't going to do much to keep the "most pirated TV show on television" from being downloaded via BitTorrent. HBO Now's still a welcome change, it's just a shame its market entry has to be polluted by unnecessary, annoying boundaries just to fatten Apple's wallet.Permalink | Comments | Email This Story

Read More...
posted 23 days ago on techdirt
The latest big report from the Intercept is about an annual hackathon, put on by the CIA (which the NSA and others participate in) where they try to hack encrypted systems, with a key focus on Apple products. The CIA calls this its annual "Trusted Computing Base Jamboree." The whole point: how can the CIA undermine trusted computing systems. If you can't see that, it notes: As in past years, the Jamboree will be an informal and interactive conference with an emphasis on presentations that provide important information to developers trying to circumvent or exploit new security capabilities. In other words, rather than seeking to better protect Americans by making sure the security products they use remain secure, this event was about making everyone less safe -- in particular Apple users. The report notes how researchers have undermined Xcode so that the intelligence community can inject backdoors into lots of apps and to reveal private keys (apparently not caring how that makes everyone less secure): A year later, at the 2012 Jamboree, researchers described their attacks on the software used by developers to create applications for Apple’s popular App Store. In a talk called “Strawhorse: Attacking the MacOS and iOS Software Development Kit,” a presenter from Sandia Labs described a successful “whacking” of Apple’s Xcode — the software used to create apps for iPhones, iPads and Mac computers. Developers who create Apple-approved and distributed apps overwhelmingly use Xcode, a free piece of software easily downloaded from the App Store. The researchers boasted that they had discovered a way to manipulate Xcode so that it could serve as a conduit for infecting and extracting private data from devices on which users had installed apps that were built with the poisoned Xcode. In other words, by manipulating Xcode, the spies could compromise the devices and private data of anyone with apps made by a poisoned developer — potentially millions of people. The risks for nearly anyone using an Apple product should become pretty clear when you realize what this "whacked" Xcode can do: “Entice” all Mac applications to create a “remote backdoor” allowing undetected access to an Apple computer. Secretly embed an app developer’s private key into all iOS applications. (This could potentially allow spies to impersonate the targeted developer.) “Force all iOS applications” to send data from an iPhone or iPad back to a U.S. intelligence “listening post.” Disable core security features on Apple devices. While the Jamboree appears mostly focused on Apple products, that's not all. Microsoft's BitLocker encryption was also a target: Also presented at the Jamboree were successes in the targeting of Microsoft’s disk encryption technology, and the TPM chips that are used to store its encryption keys. Researchers at the CIA conference in 2010 boasted about the ability to extract the encryption keys used by BitLocker and thus decrypt private data stored on the computer. Because the TPM chip is used to protect the system from untrusted software, attacking it could allow the covert installation of malware onto the computer, which could be used to access otherwise encrypted communications and files of consumers. Again, this suggests a serious problem when you have the same government that's supposed to "protect us" in charge of also hacking into systems. With today's modern technology, the communications technologies that "bad people" use are the same ones that everyone uses. The intelligence community has two choices: protect everyone, or undermine the security of everyone. It has chosen the latter. “The U.S. government is prioritizing its own offensive surveillance needs over the cybersecurity of the millions of Americans who use Apple products,” says Christopher Soghoian, the principal technologist at the American Civil Liberties Union. “If U.S. government-funded researchers can discover these flaws, it is quite likely that Chinese, Russian and Israeli researchers can discover them, too. By quietly exploiting these flaws rather than notifying Apple, the U.S. government leaves Apple’s customers vulnerable to other sophisticated governments.” There's been a lot of talk lately about the growing divide between the intelligence community and Silicon Valley. As more stories come out of projects to undermine those companies and the trust they've built with the public, it's only going to get worse.Permalink | Comments | Email This Story

Read More...
posted 23 days ago on techdirt
As we've noted countless times, diminishing the impact of piracy isn't exactly rocket science. Give consumers what they want at a reasonable price, and more often than not you'll be able to minimize piracy's impact on your business model. But as we've seen just as often, that logic is a bridge too far for many entertainment industry executives, who've relentlessly instituted all manner of more "creative" solutions to try and retain legacy power in shifting markets. Why give consumers what they want when you can insult, cajole, sue and otherwise harass your paying customers, then blame everything but your own rigid thinking? The latest ingenious solution comes courtesy of India's Tamil Film Producer's Council (TFPC), which is considering a plan to stop releasing movies entirely in the misguided belief that this is going to somehow stop people from pirating. Apparently, the logic goes, if you stop releasing films for three months, the lack of things to pirate (ignoring a century of previous content, of course) will magically stop piracy forever! Ingenious!:"Piracy will automatically stop when there's no content. When we stop film releases, say for three months, the movie pirates will go out of business. We are looking into this option because film producers have suffered heavily in the last 24 months," (said) Kalaipuli S Thanu, TFPC president."One, there's just a blistering amount of hubris involved in believing that you can turn an entire culture's art creation on and off like some kind of spigot. Like they were scolding a kitten, you'll recall the RIAA often used to state that if people didn't stop pirating content, creators would just stop making music -- as if the business side of the equation could simply wipe all art creation from the face of the earth. That some still think they can unilaterally stop art creation as a "punishment" for piracy perfectly exemplifies the distorted thinking responsible for the global entertainment industry's ongoing struggles. Two, the report notes that just a three-month ban on film production would impact the release of some 36 Indian films, which would then be harmed by the fact that they'd be shoveled in a more crowded release window. In addition to harming content creators, TFPC can't apparently understand that stopping the release of all films hurts its paying customers. Local filmmaker "Cheran" has a different suggested course of action, involving crazy concepts like modifying release windows and (gasp) lowering prices:"If original DVD of a new film is available for Rs.50, why would anyone think of buying a pirated copy?" (asked Indian Filmmaker Cheran. "We all know the quality of pirated prints. I've sold nearly Rs.10 lakh (or around $16,800) DVDs of my film in the first two days," he said."I don't mind if one person buys and shows it to his entire family. As long as people don't watch pirated version of any film, I'm happy to release my films on DVD. Most households today have access to digital TV, so new films can be released via direct-to-home medium as well," he added."Hopefully somebody at the TFPC hears Cheran's outlandish suggestions above the din of indignant entitlement.Permalink | Comments | Email This Story

Read More...
posted 23 days ago on techdirt
Why is it always the state Attorneys General? Time and time again we see examples of state AGs who seem to think they're above the law and can abuse their position to attack those they dislike. The latest? Michigan Attorney General Bill Schuette. Apparently, he was none too happy that Huffington Post reporter Dana Liebelson was investigating juvenile prison conditions in the state, and had a representative from his office follow her for two hours across the state to slap her with two separate, but equally questionable, subpoenas, demanding all of her notes: As Liebelson notes on her Twitter feed, she had had permission to visit the prisons, and agreed not to bring in a recording device. She noted that she followed all the rules that she was given for reporting from the prison -- and yet, she immediately gets slapped with a subpoena demanding her notes. And she wasn't the only one. Another report notes that Schuette also sent a subpoena to Michigan Radio, demanding its recording of a prisoner/attorney interview. Of course, after Liebelson's story started getting social media and press attention, Schuette's office quickly backed down, and promised to rescind the subpoenas. The excuse given by his office, to MLive, is absolutely ridiculous: A spokesperson for Schuette, responding to a request for comment, issued a statement indicating a civil service attorney had been "doing the department's job of defending the state" from lawsuits. The attorney "followed a common legal procedure" of subpoenaing information from individuals "entering Michigan prisons to speak to prisoners who are suing state taxpayers," said spokesperson Andrea Bitely. That makes no sense at all. Defending the state from lawsuits should never involve sending reporters subpoenas demanding all of their notes. It's a clear intimidation technique that violates all basic concepts of a free and open press.Permalink | Comments | Email This Story

Read More...
posted 23 days ago on techdirt
This is big news. Wikimedia Foundation, the organization behind Wikipedia, has announced that it is suing the NSA (with help from the ACLU) over its mass surveillance program. While the full lawsuit hasn't yet been posted, the lawsuit targets the "upstream" collection under Section 702 of the FISA Amendments Act. Because this gets confusing if you're not spending a lot of time with this, let's break out some of the different surveillance programs: Section 215 of the PATRIOT Act: under this program the NSA is collecting all the phone metadata on calls in the US. Executive Order 12333: this is what enables the NSA to hack into pretty much anything overseas -- including things like Google, Yahoo and Microsoft's data centers. PRISM: Actually part of Section 702 of the FISA Amendments Act. Allows for (slightly) targeted collections of information via a court order from the FISA Court, demanding specific types of information (rather than "all" information). Upstream collection: Also under Section 702, but this is the program that lets the NSA tap into backbone fiber optic cables, such as from AT&T and others, and slurp up all traffic in case there's anything "interesting" happening that it can classify as "foreign intelligence information." It's the upstream collection that Wikimedia is challenging in this lawsuit, arguing (among other things) that it violates both the First and Fourth Amendments. That upstream program is the one that was first disclosed by Mark Klein, a former AT&T technician who wandered into the EFF's offices a decade ago with the evidence. This resulted in a lawsuit -- Hepting v. AT&T -- that AT&T was able to get out of thanks to Congress passing a law granting the telcos retroactive immunity for helping the NSA. The EFF has a long-running similar case against the NSA over the upstream collection -- Jewel v. NSA -- which recently suffered a setback, in that the judges claimed there wasn't evidence for "standing." That is, the plaintiffs need to be able to prove that they were spied on -- which is a fairly tough barrier. Another case that was filed on similar grounds, by Amnesty International (also with the ACLU), also lost at the Supreme Court on the question of "standing." However, as later came out, that victory was based mostly on a false statement from Solicitor General Donald Verrilli, who had argued that if the US government made use of any of the upstream collection data in a lawsuit against someone, the government would need to reveal it to the defendants, who would then have standing to challenge it. Only later -- thanks to a Senate speech from Senator Dianne Feinstein -- did it come out that the DOJ regularly made use of information collected this way without ever alerting the defendants about how the information was collected. Wikimedia thinks that it has a chance to get past this "standing" hurdle, thanks to the following NSA slide that was leaked in the Ed Snowden revelations: See that big Wikipedia logo? That seems to be the NSA admitting that it's spying on Wikipedia users. The 2013 mass surveillance disclosures included a slide from a classified NSA presentation that made explicit reference to Wikipedia, using our global trademark. Because these disclosures revealed that the government specifically targeted Wikipedia and its users, we believe we have more than sufficient evidence to establish standing. In an oped for the NY Times, Wikipedia's Jimmy Wales explains why the organization is doing this: The harm to Wikimedia and the hundreds of millions of people who visit our websites is clear: Pervasive surveillance has a chilling effect. It stifles freedom of expression and the free exchange of knowledge that Wikimedia was designed to enable. During the 2011 Arab uprisings, Wikipedia users collaborated to create articles that helped educate the world about what was happening. Continuing cooperation between American and Egyptian intelligence services is well established; the director of Egypt’s main spy agency under President Abdel Fattah el-Sisi boasted in 2013 that he was “in constant contact” with the Central Intelligence Agency. So imagine, now, a Wikipedia user in Egypt who wants to edit a page about government opposition or discuss it with fellow editors. If that user knows the N.S.A. is routinely combing through her contributions to Wikipedia, and possibly sharing information with her government, she will surely be less likely to add her knowledge or have that conversation, for fear of reprisal. And then imagine this decision playing out in the minds of thousands of would-be contributors in other countries. That represents a loss for everyone who uses Wikipedia and the Internet — not just fellow editors, but hundreds of millions of readers in the United States and around the world. Given how much difficulty other cases have had in establishing standing, it appears that this may still be a challenge here. However, the fact that the US government effectively misled the Supreme Court last time around, at least suggests that maybe it will be open to revisiting the issue this time around. Kudos to Wikimedia for stepping up to the challenge, and to the ACLU for not giving up on this issue.Permalink | Comments | Email This Story

Read More...
posted 23 days ago on techdirt
As part of the annual joke from the USTR known as the Special 301 Report (which is so ridiculous that even top people at the US Copyright Office mock the USTR about it), the USTR publishes what it calls its "notorious markets list." The Special 301 Report, if you don't know, is the report where big companies whine to the USTR about countries those companies feel don't respect US intellectual property rights enough. The USTR collects all of those whinings, and rewrites it as a report to send out to US diplomats to try to shame countries into "cracking down" on the behaviors that these companies don't like -- no matter whether or not it complies with US or local intellectual property laws. Starting a few years ago, the USTR broke out a separate list of online websites, which it refers to as "notorious markets." It started doing this in 2011, in a process that was intended to support SOPA (because SOPA supporters wanted the list of "rogue" sites that would be banned under SOPA). The USTR itself admits that there's basically no objective or legal rationale behind its process: The List does not purport to reflect findings of legal violations, nor does it reflect the U.S. Government’s analysis of the general IPR protection and enforcement climate in the country concerned. The latest Notorious Markets list is out (technically, it's the "2014 Out-of-Cycle Review of Notorious Markets") and it's full of the usual misleading crap. It's quite amazing to watch US government officials celebrating the censorship of online forums and websites, calling it "progress." Free expression is not particularly important to the USTR when the MPAA complains about it, apparently. But the really astounding move in this latest report is by the USTR to start including domain registrars as "notorious markets," including one of the most popular and widely used registrar in the world, Tucows: This year, USTR is highlighting the issue of certain domain name registrars. Registrars are the commercial entities or organizations that manage the registration of Internet domain names, and some of them reportedly are playing a role in supporting counterfeiting and piracy online. And here is the entry against Tucows: Tucows.com: Based in Canada, Tucows is reportedly an example of a registrar that fails to take action when notified of its clients’ infringing activity. Consistent with the discussion above, USTR encourages the operators of Tucows to work with relevant stakeholders to address complaints. Not surprisingly, the USTR lays the FUD on thick in claiming that it feels the need to do this to protect you against dangerous counterfeit drugs that are being offered on these sites, and those evil domain registrars that refuse to shut down an entire business because someone has complained: Several respondents to the 2014 Federal Register Request identified registrars that purportedly facilitate the distribution of unauthorized copyright-protected content. One respondent identified several registrars that have apparently refused requests to lock or suspend domain names used to sell suspected counterfeit pharmaceuticals to consumers worldwide. This conduct also presents a public health challenge, and requires a coordinated response by governments and a variety of private sector stakeholders. According to one report, an estimated 96 percent of online pharmacies targeting U.S. consumers are operating in violation of applicable U.S. law and standards. An estimated 50 percent of websites worldwide that hide their physical address are selling illicit pharmaceuticals, including those labeled with counterfeit trademarks. The website www.LegitScript.com has reviewed over 40,000 online drug sellers, but found fewer than 400 to be legitimate. Studies have found that counterfeit anti-cancer, anti-HIV/AIDS, and other medications are not only ineffective, but in some cases may contain toxic or deadly adulterants, such as rat poison. As you may recall, the scary stories about "counterfeit drugs" and conflating that with copyright infringement is standard operating procedure for those pushing for stronger copyright enforcement. That's because they can't show any real harm from copyright infringement, so they talk about drugs. But what they miss is the fact that counterfeit drugs are actually a very very small problem. The cases of "toxic or deadly adulterants" are exceedingly rare. Even when dealing with unauthorized pharmacies, studies have shown that they tend to deliver legitimate products (it's not good business to kill your clientele, after all). As for the whole "only 400 out of 40,000 online drug sellers are legit" claim -- well, consider the source. LegitScript is known for frequently conflating online pharmacies that are questionable, with perfectly reasonable authorized Canadian pharmacies that merely "reimport" legitimate versions of drugs at much lower costs than US pharmacies. LegitScript has regularly been used to try to shut down or to tar and feather Canadian pharmacies that provide much cheaper access to medicine. President Obama, in the past, spoke out in favor of allowing more "reimportation," but later went back on that campaign promise, once American pharmaceutical companies got angry. Even Senator Patrick Leahy, the author of PIPA (SOPA's companion bill in the Senate) has been a big supporter of reimportation of drugs from Canada. And yet, the USTR implies that merely reimporting drugs is the same as someone selling rat poison pretending it's something else. The big pharmaceutical companies have been really pushing a lot lately to force ISPs to completely take down websites if they sell drugs that weren't originally intended for the US, even if there is no court order or other adversarial process. They just want to complain and have the sites taken down. It appears that Tucows, quite reasonably, finds this to be somewhat excessive... and in response the USTR labels it as a "notorious market." To put it mildly, this is absolutely crazy. Note that this is the very same USTR that is currently negotiating the TPP and TTIP agreements, which it insists will help promote a free and open internet. Yet, at the very same time, it's going around and calling domain registrars "rogue markets" because they won't arbitrarily take down entire websites, because some pharmaceutical company complains that it doesn't want the competition and some movie studio is pissed off that a website links to some infringing content (no matter what else may be on that site, or who is actually responsible). It is difficult to see how the USTR can claim to be in favor of an open and free internet, and the free flow of information (as it claims), when at the very same time, it's arguing that domain registrars themselves should not only be held responsible for any infringement, but rather that they should censor entire sites just because the users of some sites whose domains were registered via that registrar, happened to infringe. Next thing you know, the USTR will be demanding that the makers of asphalt be held responsible for not stopping cars that have counterfeit tires from driving. The USTR has long been something of a joke, but recently it has tried to present itself as really "getting" the internet after years of not getting it. By naming Tucows as a "notorious market," however, the USTR has only shown how totally clueless it remains, and raises very serious questions about its focus and knowledge as it negotiates important trade agreements.Permalink | Comments | Email This Story

Read More...