posted 28 days ago on techdirt
Longtime readers here at Techdirt will be familiar with Monster Energy's trademark bullying ways, but even relative newcomers will have had the opportunity to witness what has become an impressive losing streak in trademark disputes. This comes with the bullying territory, where the quick trigger finger on the threat letters and oppositions means that many of them are going to be losers. Still, one would think the sheer volume of these cases would mean quite a bit of billable hours going to the legal team that certainly could be spent better elsewhere. But the losses keep coming. Monster Energy recently lost an opposition filed by the NBA for the Toronto Raptors team imagery in Singapore, of all places. Monster Energy argued that the Toronto Raptors logo is too similar to its “claw device mark”, and consumers would likely confuse Monster’s three vertical slashes with the NBA Toronto Raptors’ circular logo of a basketball with three horizontal raptor claw marks out of it. Here are the images Monster Energy said would cause confusion in the public. Confused yet? No, of course you're not. Now, Monster Energy and the Toronto Raptors both have a lengthy roster of variations of these images and branding, but absolutely none of them come remotely close to resembling one another and, even any of them did, there is still no chance for actual confusion in the public about any of this. Fortunately, the adjudicator of the opposition agreed. The adjudicator presiding over the case said: “[The] mere similarity in the subject matter of the competing marks (for example the three-pronged claw-shaped devices with jagged edges) was not sufficient to establish visual similarity for the purposes of opposing the registration of a trademark.” The adjudicator went on to add that consumer knowledge of both brands would mean that confusion would not occur. I get that bullies are gonna bully, but I still fail to see how any of this has been productive for Monster Energy as of late. Permalink | Comments | Email This Story

Read More...
posted 28 days ago on techdirt
You can violate Constitutional rights and still dodge liability. You just have to do it in a way that doesn't immediately summon precedential cases on point. That's the beauty of qualified immunity, the doctrine the Supreme Court decided was needed because expecting law enforcement to operate within the confines of the Constitution is just too much to ask. Fairfield County, Ohio's SCRAP (Street Crime Reduction and Apprehension Program) unit plays fast and loose with the Constitution -- and with the county's apparent blessing. A case examined by the Sixth Circuit Court of Appeals details a search the SCRAP chose not to call a search that resulted in the discovery of marijuana plants -- and further contraband once a warrant was secured. The defendants -- Neil Morgan and Anita Graf -- asked for the evidence to be suppressed. They argued the initial "knock and talk" violated the Fourth Amendment, tainting the more thorough search that followed. Acting on a tip, the county's SCRAP unit went to the defendants' residence and basically surrounded it, placing two officers approximately five feet from the house in the backyard. It was from this vantage point the marijuana plants on the second floor balcony were spotted -- something not visible to those approaching the house from more "public" directions. The court agreed and vacated their sentences. This lawsuit against the officers and the county ensued. The Sixth Circuit Court notes [PDF] this knock-and-talk tactic -- surrounding the house prior to knocking -- clearly violated the Fourth Amendment. Under that commonsense approach, the area five-to-seven feet from Morgan’s and Graf’s home was within the home’s curtilage. Even when the borders are not clearly marked, it is “easily understood from our daily experience” that an arm’s-length from one’s house is a “classic exemplar of an area adjacent to the home and ‘to which the activity of home life extends.’” The right to be free of unwarranted search and seizure “would be of little practical value if the State’s agents could stand in a . . . side garden and trawl for evidence with impunity.”And the right to privacy of the home at the very core of the Fourth Amendment “would be significantly diminished” if the police—unable to enter the house—could walk around the house and observe one’s most intimate and private moments through the windows. But not only were the SCRAP unit members positioned on the sides of the house, they were in the backyard, too. Indeed the backyard is where they discovered the marijuana plants, the cause of the injuries alleged by Morgan and Graf. And “the law seems relatively unambiguous that a backyard abutting the home constitutes curtilage and receives constitutional protection.” Daughenbaugh, 150 F.3d at 603; see also United States v. Jenkins, 124 F.3d 768, 773 (6th Cir. 1997). That is true especially when, as here, there are no neighbors behind the house and the backyard is not visible from the road. The court points out there's nothing ambiguous about this particular violation in this jurisdiction: backyards and standing only a few feet from a house are both intrusions that must be supported by something more than the officers had when they approached the residence. The SCRAP team had no warrant, but it went about its business as though it had this permission slip to bypass Fourth Amendment protections. The county argued no warrant was needed, citing officer safety and exigent circumstances. The court says both assertions are ridiculous. Instead of showing a particular and immediate risk, the county argues that concern for officer safety generally allows police to enter the curtilage and form a perimeter. Yet rather than citing a case supporting that position, the county argues that drugs and guns often go together. Maybe. But that is no more than a general statement of correlation; and generic possibilities of danger cannot overcome the required particularized showing of a risk of immediate harm. See id. at 961. But, even if the officers knew that Morgan had a weapon, “[t]he mere presence of firearms does not create exigent circumstances.” United States v. Johnson, 22 F.3d 674, 680 (6th Cir. 1994). The court then goes further: to apply the county's "officer safety" theory, the whole Fourth Amendment would need to be thrown out. What is more, the county’s position would create an exception that would swallow the rule. It might be safer for the police to enter the curtilage to form a perimeter; it would certainly be easier to stop someone who might flee by establishing some sort of barrier to that flight. Indeed, many (if not most) Fourth Amendment violations would benefit the police in some way: It could be safer for police without a warrant to kick in the door in the middle of the night rather than ring the doorbell during the day, and peering through everyone’s windows might be a more effective way to find out who is cooking methamphetamine (or engaging in any illegal behavior, for that matter). But the Bill of Rights exists to protect people from the power of the government, not to aid the government. Adopting defendants’ position would turn that principle on its head. The county also tried to argue the search wasn't a search because the officers said it was a "knock and talk," despite the presence of officers inside the curtilage. No good, says the Sixth Circuit. The subjective intent of officers is irrelevant if a search is otherwise objectively reasonable, but subjective intent cannot make reasonable an otherwise unreasonable intrusion onto a constitutionally protected area. The court says the SCRAP unit had no warrant, no exigent circumstances, and no other plausible warrant exception to offer. Open and shut for qualified immunity, you would think, but apparently no one violated rights in this particular fashion previously, so… Despite these long-settled standards, one case from this circuit, although incorrectly decided, requires that we grant qualified immunity. That case, Turk v. Comerford, decided within a month of the ‘knock and talk’ in this case, found that the law was not clearly settled against a factual background that was, in every material way, the same as here. Oh wait. Someone did violate rights this way. Something directly on point. The court settled the law, right? Clearly established going forward and all that? Nope. The defendants lose because the court failed to do its job twice. Although Hardesty and Turk are outliers, Morgan and Graf cannot overcome their burden of showing that the law was clearly established at the time of the search in this case. In those two cases, this court should have reaffirmed long-settled Fourth Amendment principles. Cf. Rogers v. Pendleton, 249 F.3d 279, 289–90 (4th Cir. 2001) (denying qualified immunity and reasoning that allowing access to curtilage based on reasonable suspicion would “eviscerate the principle of Oliver and Dunn that the curtilage is entitled to the same level of Fourth Amendment protection as the home itself”). But it did not. So, because the court screwed up, the officers get their qualified immunity -- despite "knock and talk" cases directly on point being (mis)handled in this circuit. The county, however, does not get off so easily. It is uncontested that the county’s policy required officers to enter “onto the back” of any property during every ‘knock and talk.’ And as acknowledged by the sheriff and members of the SCRAP unit, that policy did not give any leeway for the officers to consider the constitutional limits that they might face. The SCRAP unit did not weigh the characteristics of properties to determine what parts of the properties were curtilage (and thus off limits). The policy gave no weight to the core value of the Fourth Amendment—one’s right to retreat into his or her home “and there be free from unreasonable government intrusion.” Collins, 138 S. Ct. at 1670 (quoting Jardines, 569 U.S. at 6). Quite the opposite: the policy commanded that the SCRAP unit ignore those limits. It was not one employee’s interpretation of a policy that caused Morgan’s and Graf’s injuries—the policy was carried out precisely as it was articulated. And so, because the county’s policy itself was the cause of Morgan’s and Graf’s injury, the county should be held liable under Monell. Third time's the charm. The next litigant will be able to move forward with their case should officers decide putting someone in the backyard is justified during a knock-and-talk. But for the three previous sets of plaintiffs, the law managed to remain "unsettled" until just now, even with blatant Fourth Amendment violations the county will have to answer for in court. Permalink | Comments | Email This Story

Read More...
posted 28 days ago on techdirt
A major insurance company recently announced that it would offer discounts on life insurance to customers who wear activity trackers and log data showing they live a healthy lifestyle. This understandably freaked out some people, but there are interesting aspects to the idea as well. There's plenty to consider, so this week regular hosts Mike, Hersh and Dennis discuss whether this is an exciting innovation, a worrying expansion of surveillance culture, or both. Follow the Techdirt Podcast on Soundcloud, subscribe via iTunes or Google Play, or grab the RSS feed. You can also keep up with all the latest episodes right here on Techdirt. Permalink | Comments | Email This Story

Read More...
posted 28 days ago on techdirt
We've highlighted a few times now, just how problematic the GDPR is. This is not because we don't care about privacy -- we do very much. We just think that the GDPR's approach is not a very good one with a lot more downsides than upsides -- and, it's unlikely to do very much to actually protect your privacy. For example, we just wrote about the GDPR being used (successfully!) to try to erase a public court docket. But not only do we think that the GDPR doesn't actually protect your privacy, it might actually put it at much greater risk. Take the story of Jean Yang, who noted that someone hacked her Spotify account and then, thanks to GDPR requirements, was able to download her entire Spotify history. Today I discovered an unfortunate consequence of GDPR: once someone hacks into your account, they can request--and potentially access--all of your data. Whoever hacked into my @spotify account got all of my streaming, song, etc. history simply by requesting it. 😱 — Jean Yang (@jeanqasaur) September 11, 2018 That's because, under the GDPR, platforms are supposed to make all of the data they have on you easily downloadable. The theory is that this will help you understand what a company has on you (and, potentially, to request certain data be deleted). But, it also means that should anyone else get access to your account, they could access an awful lot of important and/or personal data. Your Spotify interactions might not seem like that big of a deal, but plenty of other services could expose much more sensitive data (and, who knows, there are situations where your Spotify data might be quite sensitive as well). As Jean notes in a later tweet, this kind of thing could really come back to bite other services, such as Lyft or Uber. She jokes: "Would be pretty bad to get hacked and kidnapped in the same day." There are possible technological solutions that could help (again, as Jean suggests), such as using multi-factor authentication to access your own data (one-time passwords, Yubikey, etc), but it's telling that few companies (or regulators!) have really thought about that, because that vector of attack probably hasn't occurred to many people. But, it probably will now. This is, of course, yet another good example of the unintended consequences of regulating technology, even with good intentions. Very little thought has been put into the second and third order effects. Instead, you have a bunch of policymakers who think "platforms collecting too much data is bad, thus, we have to let people check on their own data." It never occurs to them that this now creates a brand new route to accessing potentially valuable, sensitive and private data. And, as an end result, a regulation designed to increase our privacy... could sometimes have the exact opposite effect. Permalink | Comments | Email This Story

Read More...
posted 28 days ago on techdirt
It's like the scene in the Naked Gun, where Leslie Nielsen stands outside the exploding fireworks factory telling everyone, "Nothing to see here. Please disperse." Such is the decision by the district court dismissing the EFF's lawsuit challenging the constitutionality of FOSTA. Since FOSTA's passage, many have largely been reacting in terror at its vague, yet broad, language threatening civil and even criminal liability. It has led to the censorship of enormous swathes of legitimate speech as platforms seek to reduce this new risk. But in a decision Monday dismissing the case for lack of standing the district court basically declared that it couldn't understand what everyone was so worked up over. Standing has to do with who is entitled to file a lawsuit. Ordinarily you have to have suffered an actual injury, although in certain situations, such as constitutional challenges, parties can have standing if it is likely that they will suffer an injury. After all, we wouldn't want people to have to expend resources needlessly in the effort to comply with an unconstitutional law, or have to risk prosecution in order to have its constitutionality tested before the courts. But the injury risk still needs to be reasonably likely. Imminence, the element most relevant here, is concededly a somewhat elastic concept. Nevertheless, imminence "cannot be stretched beyond its purpose, which is to ensure that the alleged injury is not too speculative for Article III purposes – that the injury is certainly impending." […] The concept of imminence has been particularly important in the context of pre-enforcement challenges. The Supreme Court has held that plaintiff who challenges a statute must demonstrate a realistic danger of sustaining a direct injury as a result of the statute's operation or enforcement. A credible threat of prosecution exists when the challenged law is aimed directly at plaintiffs, who, if their interpretation of the statute is correct, will have to take significant and costly compliance measures or risk criminal prosecution. Thus, fear of prosecution cannot be "imaginary or wholly speculative," and allegations of a subjective "chill" are not an adequate substitute for a claim of specific present objective harm or a threat of specific future harm. [p. 15-16] Yet here the court decided it was not. It would be great if it were right, and no one had anything to fear. But while the court essentially declared the fears contorting the availability of online speech to be much ado about nothing, it didn't do so in a way that would effectively allay those fears. As the court ran through its analysis of the standing of each plaintiff, it struggled to see how what they proposed to do, and how what they feared would be chilled by the law, was targeted by the law. [P]laintiffs say, FOSTA criminalizes "anything that promotes or facilitates prostitution, and not a specific crime." This is particularly problematic because prostitution is an area where there has been significant advocacy, both by government entities and by private citizens. As plaintiffs see it, that advocacy places them in crosshairs. In pressing this argument, however, plaintiffs ignore key textual indications that make clear that FOSTA targets specific acts of illegal prostitution not the abstract topic of prostitution or sex work. [p. 22] The above is some of what the court had to say about the lead plaintiff Woodhull Freedom Foundation. It concluded similarly for plaintiff Human Rights Watch. For plaintiff Jesse Maley a/k/a Alex Andrews, the creator and operator of an actual platform, ratethatrescue.org, it similarly minimized her concerns. Under Maley's reasoning, because providing housing or childcare services to sex workers "make[s] sex work easier," Rate That Rescue could be said to promote or facilitate prostitution. For this reason, Maley fears that amendments to Section 230 - which clarify that immunity does not extend to conduct made unlawful by Section 2421A - could expose her to prosecution for the speech of third parties on Rate That Rescue. […] Her concerns, however, are unwarranted. Put simply, Maley has failed to show that Section 230 amendments expose her to a credible threat of prosecution. That is so because Maley, on the current record, lacks the mens rea to violate any of the provisions specified in Section 230(c)(5). […] In managing Rate That Rescue, Maley cannot possibly be said to act "with the intent to promote or facilitate the prostitution of another person" in violation of Section 2421A. Maley's declaration concedes as much, repeatedly expressing concern that law enforcement could determine that "the user-generated content on Rate That Rescue promotes or facilitates prostitution." But those formulations lack the critical mens rea element of the Section 2421A offense. Indeed, Maley herself does not even assert that law enforcement could credibly contend that, in managing Rate That Rescue, she acts "with the intent to promote or facilitate" the prostitution of another person. Of course, the mere promotion or facilitation of prostitution is not enough: Maley must intend that her conduct produce the specific result. [p. 25-26] It's a statutory parsing that would be a lot more assuring if it didn't ignore another perfectly plausible read of the statute. Of course it's ridiculous to say that Maley intended to promote prostitution. But that's not what the statute forbids. In a subsequent passage the court dismisses the argument that FOSTA's amendments to 18 U.S.C. Sec. 1591 create any additional legal risk for platforms. But the amendments expand the prohibition against the "participation in a venture" to engage in sex trafficking to include "knowingly assisting, supporting, or facilitating" such a venture. This language suggests that liability does not require knowledge of a specific act of sex trafficking. Instead, merely providing services to sex traffickers – even ones unsuccessful in their sex trafficking venture – would seem to trigger liability. In other words, knowledge seems to hinge not on knowledge of a sex trafficking act but on knowledge of a sex trafficking venture (including one that may even be victimless), yet both the statute and the court are silent as to how much, or how little, a platform would need to actually know in order to have "knowledge" for purposes of the statute. This vagueness is what is so chilling to them, because it forces them to guess conservatively. But the court provides little relief, and in dismissing the case denies the opportunity to even attempt to gain any. Also, while these plaintiffs were suing because they feared prospective injury, plaintiff Eric Koszyk has already experienced a tangible injury directly traceable to the changes in the law wrought by FOSTA. He was a massage therapist who relied on Craigslist to advertise his services. In the wake of FOSTA, Craigslist shut down its Therapeutic Services section, thus limiting his ability to find customers. Without FOSTA (which would result if it were declared unconstitutional) it would seem that the shutdown decision could be reversed. But to the court this result would be too speculative: Unfortunately for Koszyk, he cannot establish redressability under the relevant precedents. That is so because Koszyk has not established that a victory "will likely alleviate the particularized injury alleged." It is well established that a plaintiff lacks standing when the "redress for its injury depends entirely on the occurrence of some other, future event made no more likely by its victory in court." When, as here, a third party can exercise "broad and legitimate discretion the courts cannot presume either to control or to predict," a court is generally unable to redress the alleged injury and, accordingly, standing is found wanting. [p. 27-28] This is insanity. Of course the court can't force Craigslist to re-open its Therapeutic Services section. But it can eliminate the reason for its closure and at least make the decision to re-open it possible. As long as FOSTA remains on the books it eliminates that possibility, and that's an injury. It didn't go any better for the Internet Archive's standing as a plaintiff. As a platform that handles a massive amount of third party created content, for which review would be impossible, it worried it could nonetheless be caught in FOSTA's net. Don't worry about it, said the court. Although the Internet Archive represents that it does not intend to promote sex trafficking or prostitution, it believes that the Section 230 amendments 2 and the ambiguity of their scope may expose it to liability. Once again, however, there are no facts in the record supporting an inference of the mens rea standard necessary to peel back Section 230's protections. The Internet Archive's practice of sweeping up vast amounts of content from the web for indefinite storage, and its attested practical inability to review the legality of that third-party content, mean that that entity simply cannot meet the stringent mans rea standard required for liability under Sections 2421A, 1591, or 1595. [p. 28] In a way, that sounds great. Don't know what's in all that user content? No problem. But the problem is, inevitably platforms are going to have some knowledge of what's in all the user content. In fact, if Section 230 is going to work as intended to encourage platform moderation of content they are going to have to know. And, thanks to this decision, this knowledge remains a terrifying prospect for all. It is likely that EFF will continue to press forward with this case, so it is not the final word on FOSTA's constitutionality, but it is an unfortunate start. Permalink | Comments | Email This Story

Read More...
posted 28 days ago on techdirt
Whether you're painting a room, designing a site, or anytime you're searching for just the perfect color, the Nix Mini Color Sensor is here to help. Simply scan any color critical surface, save it to your phone or tablet, and match it to an existing color library of more than 31,000 brand name paint colors, as well as RGB, HEX, CMYK, and LAB colors. It's smaller than a ping pong ball, and fits comfortably on your key chain. The Nix features high CRI white LEDs provide a consistent light source for every scan. It's on sale for $69 and comes with lifetime access to the Nix Paints and Nix Digital Android and iOS apps. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team. Permalink | Comments | Email This Story

Read More...
posted 28 days ago on techdirt
The latest in this ridiculous political fight over the claimed, but not proven, "political bias" found in search results and social media is that Louisiana's Attorney General says we should break up the big internet companies because of it. He's not even hiding his unconstitutional anti-First Amendment reasons for doing so: Landry says the internet giants are suppressing conservative agendas, stifling competition, and infringing on antitrust laws. “This can’t be fixed legislatively,” Landry told The Advocate Tuesday. “We need to go to court with an antitrust suit.” Again, it's not at all proven that the internet giants are "suppressing conservative agendas." If they were, that would be quite remarkable, given that apparent "conservatives" control the White House, both houses of Congress, the judiciary and the vast majority of state houses. It would certainly then suggest that these internet companies aren't very good at suppressing such an agenda if they really were attempting to do so (and, spoiler alert: they're not). But, of course, the larger point still stands: this is clearly a government official, looking to use not just executive power, but law enforcement powers, to intimidate companies regarding speech on their platforms. That is 100% unconstitutional. I already detailed a variety of cases that make this point, but it appears that law enforcement officials are going to ignore that, so long as they can politically grandstand on this issue. But, just to flip this around: would Louisiana Attorney General Jeff Landry agree that Fox News or Breitbart should be hit with legal action for "suppressing liberal agendas?" Of course not. Some will say that this is just politicians being politicians, and they'd have a point. But what's absolutely astounding is that some on the other end of the political spectrum are jumping on this just because they so hate Google. Matt Stoller, from the Open Market Institute, has spent the past few years misrepresenting all sorts of arguments concerning the internet companies, and pushing for them to be broken up. He sits very far away from Landry politically, but apparently as long as a politician wants to break up the internet companies (even in violation of the First Amendment) that seems to be cool with him: The Louisiana Attorney General is now saying he wants to break up Google and Facebook. Wow. #BUFA https://t.co/sYFe1kh5uj — Matt Stoller (@matthewstoller) September 19, 2018 After people pointed out to him that Landry was just playing partisan politics, Stoller responded by suggesting that maybe it's for the wrong reasons, but at least someone is trying to break up these companies (despite there being no evidence to support such a move): Lot of angry liberals saying he’s doing this for the wrong reasons. Ok. Fine. But Democratic AGs aren’t presenting the alternative on how to do this correctly. They are just supporting the status quo. https://t.co/hZXUZTyqt0 — Matt Stoller (@matthewstoller) September 19, 2018 Lots of people have key issues that they think are important. For some that may be breaking up the big internet companies. But a general rule of thumb: if you have to spit on the First Amendment to get your wish, you're doing it wrong. Permalink | Comments | Email This Story

Read More...
posted 28 days ago on techdirt
Comcast's latest effort to grow even larger is spooking even the company's investors. "Growth for growth's sake" has been the mantra of the telecom and TV sectors for years. Once growth in any particular market (like broadband) saturates, companies begin nosing about for efforts to grow larger in other sectors, even if it it's well outside of their core competencies (see Verizon Sugarstring, Go90). Unfortunately for the end user, such growth isn't accompanied by any meaningful parallel investment in quality product or customer service, a major reason so many users "enjoy" Comcast services today. At the same time, this growing power results in increased efforts to thwart any effort to rein in this power, leaving oversight of the natural monopolies more precarious than ever (see: net neutrality). That's exceptionally true for Comcast, where the one-two punch of fading state and federal oversight, expiring NBC Universal merger conditions from its last 2011 megadeal, and a growing monopoly over broadband is forging a perfect storm of trouble. Comcast's latest gambit came over the weekend, when the nation's biggest cable operator toppled 21st Century Fox with a $39 billion for Sky broadcasting, Europe's biggest pay TV operator. But even Wall Street stock jocks, traditionally more than happy to cheerlead mindless growth for growth's sake, have become nervous about the expansion, worrying that Comcast's overseas exploits are little more than a pricey distraction: "Craig Moffett, an analyst at MoffettNathanson LLC, downgraded Comcast’s stock Monday to neutral, saying the company had “grossly overpaid for Sky.” Timothy Horan, an analyst at Oppenheimer, also downgraded Comcast’s stock, citing the company’s need to invest instead in the U.S., where it faces growing competition from wireless and online TV rivals." “It’s going to be incredibly hard to justify having paid such a high price,” Moffett said in an interview Sunday. “This is an asset that neither Disney nor Comcast investors wanted to win.” Comcast stock price took a major tumble as a result. The biggest problem for many investors is debt. Like AT&T's acquisition of Time Warner, the deal saddles Comcast with so much debt it's going to be forced to cut corners on other fronts in order to shore up the losses. Usually, at least in telecom, that results in cuts to customer service. It also results in companies nickel and diming captive customers harder than ever, whether that means usage caps and overage charges, bullshit fees, or even charging users more money if they want to protect their own privacy. As you might expect, Comcast tried to put a more positive spin on its latest looming acquisition, company CEO Brian Roberts bubbling over about the overseas expansion: "This is a great day for Comcast. Sky is a wonderful company with a great platform, tremendous brand, and accomplished management team. This acquisition will allow us to quickly, efficiently and meaningfully increase our customer base and expand internationally. We couldn’t be more excited by the opportunities in front of us. We now encourage Sky shareholders to accept our offer, which we look forward to completing before the end of October 2018." The problem, of course, is the same one Comcast has always faced. Its ragingly incompetent customer service has made it the laughing stock of the tech industry for the better part of the last decade. What Comcast actually needs is to pause, invest in overall quality and support, and focus on its core competencies. But because traditional broadband is never profitable enough, quickly enough for Wall Street, Comcast executive eyeballs are always fixed everywhere other than fixing some of the company's many, fatal flaws. Permalink | Comments | Email This Story

Read More...
posted 28 days ago on techdirt
We don't hear much from anyone other than FBI officials about the "going dark" theory. The DOJ pitches in from time to time, but it's the FBI's baby. And it's an ugly baby. Earlier this year, the FBI admitted it couldn't count physical devices. The software it used to track uncrackable devices spat out inflated numbers, possibly tripling the number of phones the FBI claimed stood between it and justice. FBI officials like James Comey and Chris Wray said "7,800." The real number -- should it ever be delivered -- is expected to be less than 2,000. The FBI also hasn't been honest about its efforts to crack these supposedly-uncrackable phones. Internal communications showed the agency slow-walked its search for a solution to the San Bernardino shooter's locked iPhone, hoping instead for a precedential federal court decision forcing device manufacturers to break encryption whenever presented with a warrant. The FBI appears to have ignored multiple vendors offering solutions for its overstated "going dark" problem. At this point, it's public knowledge that at least two vendors have the ability to crack any iPhone. Israel's Cellebrite -- the company presumed to have broken into the San Bernardino phone for the FBI -- is one of them. The other is GrayShift, which sells a device called GrayKey, which allows law enforcement to bypass built-in protections to engage in brute force password cracking. We don't know how often the FBI avails itself of these services. A pile of locked phones numbering in the thousands (but which thousands?!) suggests it is allowing the serviceable (vendor services) to be the enemy of the perfect (favorable court rulings and/or legislation). Other federal agencies aren't waiting around for the next horrifying terrorist attack to nudge Congress towards mandating encryption backdoors. They're spending tax dollars now to take advantage of vulnerabilities that may be patched out of existence in the near future, if they haven't been addressed already. Thomas Brewster of Forbes has spent some time sifting through government records to see who's buying and how much they're spending. The FBI isn't on the list. The DEA is. But the Daddy Warbucks of federal law enforcement agencies is none other than the one voted Most In Need Of Immediate Abolishment. According to government contract records on FPDS.gov, ICE acquired the services of GrayShift earlier this month. And it’s spent more than any other government department on GrayShift tech, with a single order of $384,000. Other branches of the Trump government, from the Drug Enforcement Administration to the Food and Drug Administration, have splashed between $15,000 and $30,000 on different models of the GrayKey, which requires physical access to an Apple device before it can break through the passcode. ICE wants everything on the menu. In addition to spending big on cellphone-cracking devices, the agency has also thrown money at forensic tools from Cellebrite, social media tracking software, "intercept software" from a Nebraska-based vendor, and "computer support equipment" from foreign companies (one of them Russian) known for their ability to extract data from encrypted messaging services. It would seem the agency involved in investigating the widest variety of crimes would be joining ICE in its encryption-breaking spending spree. But there's no trace of FBI expenditures to be found in these records. It may be the FBI has exempted itself from reporting this information under the theory that naming dollar amounts and/or vendors would allow wily criminals to escape its grasp. If so, it seems unlikely this refusal has a legal basis. The DEA and ICE have both allowed these records to be published and both agencies routinely engage in investigations that theoretically could be compromised by making spending data public. (The key is "theoretically." In reality, it's unlikely publishing contract data has any noticeable effect on criminal behavior.) Moving past the FBI, there's reason to be concerned ICE is making purchases like these. Given its main concern is the speedy removal of undocumented immigrants, this tech seems to be more of a "want" than a "need." Most of the cases ICE deals with don't need to involve cracked phones and forensic searches. But because it has the tools on hand, it will make sure it gets our money's worth. Permalink | Comments | Email This Story

Read More...
posted 29 days ago on techdirt
It's no secret that sometimes a company's lawyers get way out ahead of how their client would want them to behave in protecting their intellectual property. We've seen many a story in which threat letters go out, only to have ownership on both sides of a dispute get together and settle things amicably. And if there's any industry in which this should absolutely happen, it should be the craft brewing industry, where there has long been a tradition of fraternity and peaceful coexistence. And that almost seemed like it's what was going to happen when Abnormal Beer Co. got a letter from the lawyers for 3 Floyds Brewing. View this post on Instagram We’d like to say a very big Thank You to Nick Floyd @3FloydsBrewing for personally handling a legal matter for us. . Last year we were notified that the trademark for our brand, Abnormal, was being protested by the attorneys at 3 Floyds Brewing on the grounds that our brand name, Abnormal, creates confusion with consumers with their brand. For those familiar with our two brands, you understand why we were left scratching our heads with that assertion... . After being at two beer festivals in two different countries with them, one of our owners had the pleasure to get to chat with Nick Floyd and fill him in on the details. He immediately reassured us he would make sure we were squared away and explained that their legal firm is only there to combat “Big Beer” that threatens their business not little guys like us. He even took a photo with us in traditional 3 Floyds fashion :) . Thank you again Nick for keeping the spirit of craft beer alive. Money & time is much better spent on crafting great beer for everyone, not on attorney fees. We look forward to seeing you guys at the next beer festival! Cheers! A post shared by ABNORMAL BEER CO. 🍻 (@abnormalbeerco) on Aug 14, 2018 at 5:10pm PDT Happy ending, right? Unfortunately, that Instagram post was not the end of the story. In a separate post, Abnormal has informed the public that any assurances it had been given that the lawyers would be called off were apparently not sincere. The lawyers for 3 Floyds is insisting now that Abnormal not only pull its trademark application for the beer industry, but for its winery as well. To be frank, the fact that there is any dispute here at all is silly. 3 Floyds' opposition is flatly unnecessary, as nobody is going to somehow mix up or mistake association between Abnormal Beer Co. and a company with a slogan such as "It's not normal." The marks aren't particularly similar and, when you consider the context of the rest of the trade dress, are unlikely to cause any confusion. On top of that, the PR game Abnormal is playing with its Instagram posts is quite strong. We want to be clear, we are not a threat and we do not want a legal battle over something as silly as this; the only people who win are the lawyers. We’ve been at multiple festivals in different countries together and we all know there is no confusion between the 3 Floyds and Abnormal brands. As fans of 3 Floyds Brewery, we have saved a beer for you Nick, should you decide to change your mind and reach out to work this out with us. Let’s be friends, not enemies; that’s what the spirit of craft is about, a spirit you yourself helped cultivate. There shouldn’t be anything sharing a beer can’t fix. It's a smart appeal, which is something that fans of the craft beer industry will care about. Again, why 3 Floyds wants to continue this hit to its reputation is beyond me. Permalink | Comments | Email This Story

Read More...
posted 29 days ago on techdirt
Something that happens far too often -- police officers raiding the wrong house in search of criminals -- has resulted in national headlines. A police search warrant team going after a drug dealer targeted the wrong address and burst into the apartment of an innocent resident who shot and wounded two officers believing they were home invaders, Prince George’s law enforcement officials said. It has been greeted by something that almost never happens. Police Chief Hank Stawinski apologized for the error Thursday and said he has halted executing search warrants until the department reviews how it corroborates information to confirm addresses and the location of investigative targets. There's more. No charges will be filed against the man who shot two officers. The police chief said the man ambushed in his own home was a "law-abiding citizen." Beyond that, he called the warrant itself into question, along with the information used to obtain it. A confidential informant led investigators to the address at which they were serving the search warrant Wednesday night, Stawinski said. But the chief said he is “not satisfied” with the amount of information investigators used to obtain the search warrant and with the efforts to verify the information from the informant. Here's all the things that didn't happen: - No one suggested everyone "wait until all the facts are in." - No one blamed the media for rushing ahead with a narrative the PD didn't find flattering. - No one refused to comment until an investigation was completed. - No one disparaged the victim of the raid by feeding his criminal record to local media. - No one suggested the resident be more compliant in the future. - No one defended the officers' actions as reasonable. - No one filed charges against the resident for shooting and wounding police officers. This is an astounding reaction to incidents that are far too commonplace in this country. This is also an indictment of policing in America. There is no reason this reaction should be as stunning as it is. This should be standard operating procedure when cops screw up. Instead, we're most often greeted with defense of indefensible actions combined with a multitude of efforts designed to make the SWAT raid victim appear as unsympathetic as possible. Wrong address raids, killings of unarmed citizens, excessive force deployment… all of these events are normally handled by police departments with maximum defensiveness and minimal acceptance of culpability. A law enforcement agency immediately stepping up to take responsibility for its errors -- especially ones with potentially deadly outcomes -- is a breath of fresh air in the fetid, stagnant swamp of US policing. But this shouldn't be the ultra-rare exception. It should be the rule. The public law enforcement serves deserves far better than the condescending, self-serving crap it's so often handed in the wake of incidents like these. Permalink | Comments | Email This Story

Read More...
posted 29 days ago on techdirt
A Pennsylvania legislator with little to lose but his remaining reputation has decided to burn that down on his way out of office. State rep Will Tallman wants to exit in a blazing cloud of idiocy and is asking his fellow reps to be as stupid as he is. (h/t Max Kennerly) On Friday, Tallman sent a memo to the 203-member state House seeking support for a bill he dubbed the “Teacher Code of Ethics,” which legal experts questioned as unconstitutional overreach. In the memo, Tallman said his bill would forbid public school teachers from endorsing, supporting or opposing candidates or incumbents for local, state and federal offices while in the classroom. On the job, teachers could not discuss enacted or pending legislation, regulations, executive orders or court cases involving any level or branch of government. They could not talk about activities “that hamper or impede” law enforcement actions or military recruiters on campus. Tallman actually believes children as young as the age of 5 are being "indoctrinated" by teachers with ideological axes to grind. His conclusion appears to be based on things people like him have said in the recent past without offering citations or evidence. As a member of the House Education Committee, he said, he has received “half a dozen to a dozen” complaints about teachers inserting their political beliefs into non-germane topics. His adult children and grandchildren also complained to him about the same issue, he said. So, the braintrust behind this assertion includes three missionaries and their children and 6-12 complaints over the past decade. Obviously, the only conclusion to draw is that indoctrination is out of hand and only the powerful velvet fist of government regulation can stop it. If the First Amendment must be destroyed to save the children, it's a sacrifice Tallman is willing to make on behalf of the few that agree with him and the large majority of non-idiots who don't. Everyone who isn't Tallman has already greeted his proposed legislation with Constitution-based ridicule. The law will never pass. If something goes horribly wrong and the bill does pass, the courts will strike it down immediately. Tallman believes it won't. Tallman -- again without offering supporting evidence -- firmly believes this same sort of unconstitutional garbage is already law elsewhere in the country. Tallman stood by his bill, saying four other states, which he could not name, have enacted similar legislation, and that it would be up to the courts to determine if the enacted laws and his bill are legal. Follow-up? "This will have to play out in court," he said. Sorry, but the game goes to The Morning Call. It already has. The Morning Call offers far more than cases it can't name in support of its statement. Readers are given a list of precedential Supreme Court decisions striking down similar unconstitutional restrictions on speech. The bill has zero chance to survive a Constitutional challenge should it somehow make its way from half-formed brain fart to actual law. No one else in the legislature appears willing to push Tallman's Folly along, meaning the legislator will have to handle all of his own agitating while short-timing his way through his last few months in office. Tallman could have exited office gracefully -- remembered vaguely as that one guy who did the government thing for nine years. Instead, he chose to be remembered for the hill he chose to retire on -- a stupid law so facially unconstitutional it could only have been dreamed up by someone who uses family members as focus groups. Permalink | Comments | Email This Story

Read More...
posted 29 days ago on techdirt
On September 14th, we wrote about a draft executive order basically tasking the executive branch with "investigating" the major internet companies for evidence of "bias" that might lead to antitrust activity. As we wrote at the time, the draft executive order was poorly drafted, didn't make much sense, and was almost certainly unconstitutional. It took a week, but the rest of the tech policy world finally discovered the same draft executive order this past Friday (amusingly with some insisting that they had the "scoop" a week after we wrote about it). Now, the White House has admitted that the document is "real", though they're not entirely sure who crafted it, it hasn't gone through any of the normal processes, and there's no intention of moving forward with it. In other words, it sounds like a pet project of someone in the White House to have in a drawer in case it was needed at some future date. From the Washington Post: But three White House aides soon insisted they didn’t write the draft order, didn’t know where it came from and generally found it to be unworkable policy. One senior White House official confirmed the document had been floating around the White House but had not gone through the formal process, which is controlled by the staff secretary. Asked about the document, Lindsay Walters, the deputy White House press secretary, said of the digital-age ‘whodunit’ on Saturday: “Although the White House is concerned about the conduct of online platforms and their impact on society, this document is not the result of an official White House policymaking process.” There is some speculation in the article that the document actually originated from Yelp, which has spent the past decade or so trying to get any government anywhere to bring the antitrust hammer down on Google. If that turns out to be true, it speaks very poorly of Yelp, as a company trying to leverage an obviously bullshit claim of "search bias" to try to achieve its unrelated goals. It would also almost certainly backfire on Yelp in a big way, as the biggest tool that the government has to try to "punish" Google would be to modify Section 230 of the CDA -- which, arguably, Yelp relies on much more than Google does. It's good that this document is clearly going nowhere, though it still is worth noting that at least someone in the White House thought it was worth passing around for discussion as they try to determine "what to do" about the made up problem of "bias" in search. Permalink | Comments | Email This Story

Read More...
posted 29 days ago on techdirt
It all seems so far away now, but in 2013, during the early days of the Snowden revelations, a story about the NSA's activities emerged that apparently came from a different source. Bloomberg reported (behind a paywall, summarized by Ars Technica) that Microsoft was providing the NSA with information about newly-discovered bugs in the company's software before it patched them. It gave the NSA a window of opportunity during which it could take advantage of those flaws in order to gain access to computer systems of interest. Later that year, the Washington Post reported that the NSA was spending millions of dollars per year to acquire other zero-days from malware vendors. A stockpile of vulnerabilities and hacking tools is great -- until they leak out, which is precisely what seems to have happened several times with the NSA's collection. The harm that lapse can cause was vividly demonstrated by the WannaCry ransomware. It was built on a Microsoft zero-day that was part of the NSA's toolkit, and caused very serious problems to companies -- and hospitals -- around the world. The other big problem with the NSA -- or the UK's GCHQ, or Germany's BND -- taking advantage of zero-days in this way is that it makes it inevitable that other actors will do the same. An article on the Access Now site confirms that China is indeed seeking out software flaws that it can use for attacking other systems: In November 2017, Recorded Future published research on the publication speed for China's National Vulnerability Database (with the memorable acronym CNNVD). When they initially conducted this research, they concluded that China actually evaluates and reports vulnerabilities faster than the U.S. However, when they revisited their findings at a later date, they discovered that a majority of the figures had been altered to hide a much longer processing period during which the Chinese government could assess whether a vulnerability would be useful in intelligence operations. As the Access Now article explains, the Chinese authorities have gone beyond simply keeping zero-days quiet for as long as possible. They are actively discouraging Chinese white hats from participating in international hacking competitions because this would help Western companies learn about bugs that might otherwise be exploitable by China's intelligence services. This is really bad news for the rest of us. It means that China's huge and growing pool of expert coders are no longer likely to report bugs to software companies when they find them. Instead, they will be passed to the CNNVD for assessment. Not only will bug fixes take longer to appear, exposing users to security risks, but the Chinese may even weaponize the zero-days in order to break into other systems. Another regrettable aspect of this development is that Western countries like the US and UK can hardly point fingers here, since they have been using zero-days in precisely this way for years. The fact that China -- and presumably Russia, North Korea and Iran amongst others -- have joined the club underlines what a stupid move this was. It may have provided a short-term advantage for the West, but now that it's become the norm for intelligence agencies, the long-term effect is to reduce the security of computer systems everywhere by leaving known vulnerabilities unpatched. It's an unwinnable digital arms race that will be hard to stop now. It also underlines why adding any kind of weakness to cryptographic systems would be an incredibly reckless escalation of an approach that has already put lives at risk. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 29 days ago on techdirt
ITIL is a set of detailed practices for IT service management that focuses on aligning IT services with the needs of business. Getting ITIL-certified is hugely important to beginning and maintaining a career in IT. If you're interested in pursuing a career in IT, then the Ultimate ITIL Certification Training Bundle is for you. These 14 individual ITIL courses are certified, which means you can earn PDUs to help you qualify to take the certification exams. Upon completion of each course and practice exam, you'll be awarded a certificate of completion that includes the necessary information you need to take the formal exam or earn PDUs. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team. Permalink | Comments | Email This Story

Read More...
posted 29 days ago on techdirt
A few weeks back, we did a post trying to explain how the planned meeting between Attorney General Jeff Sessions and a group of state Attorneys General to "discuss" how to deal with the imaginary problem of "political bias" on social media platforms actually represented a serious First Amendment problem. The government simply isn't allowed to pressure companies into any sort of compelled speech, and yet it appears that's exactly what these law enforcement officials were trying to do. Late last week, we signed onto a detailed letter put together by the think tank TechFreedom, explaining why this meeting is so problematic. We write to express our concern over your plans to convene a meeting of state attorneys general later this month “to discuss a growing concern that [operators of popular social media services and search engines] may be hurting competition and intentionally stifling the free exchange of ideas on their platforms.” The First Amendment bars the government from attempting to “correct” the first alleged problem, political bias, including through the antitrust laws, and sharply limits how the antitrust laws can be used against anticompetitive behavior beyond editorial bias. Essentially, antitrust law can prescribe anticompetitive economic conduct but “cannot be used to require a speaker to include certain material in its speech product.” … For all these reasons, we are skeptical that there are any grounds for legal action that could arise out of your inquiry. The letter also highlights why the very idea of a "fairness doctrine" for the internet is Constitutionally impossible, not to mention ridiculous, given that the push for it is coming from the very same Republicans who have spent years falsely "warning" that the Democrats wanted to bring back a "fairness doctrine" for broadcast TV. A Fairness Doctrine for the Internet Would Be Unconstitutional. The President and top congressional Republicans have talked about the need to ensure the “fairness” of social media platforms and search engines. Consciously or otherwise, this invokes not antitrust law but the “Fairness Doctrine” imposed on radio and television broadcasters by the Federal Communications Commission from 1949 until 1987. In theory, the Fairness Doctrine required broadcasters to represent a wide spectrum of opinion on controversial issues of public importance. The Supreme Court upheld this Doctrine in Red Lion (1969) — but only because it declined to extend the full protection of the First Amendment to broadcasters on the grounds that they received government licenses to use a scarce public resource: the airwaves. Five years later, the Court categorically rejected mandating that newspapers offer a right of reply. Anything like the Fairness Doctrine would undoubtedly be struck down as unconstitutional if applied to any other media — whether to Fox News (the cable network) or Internet media.... Ironically, it was conservatives who led the fight to repeal the Fairness Doctrine over four decades — because it hurt conservatives most: The threat of losing an FCC license discouraged broadcasters from including non-mainstream voices in their coverage and made impossible alternative media offerings with an unabashed conservative “bias.” Indeed, it was President Reagan’s FCC that repealed the Fairness Doctrine in 1987. The letter, targeted at Jeff Sessions repeatedly reminds him how such a tool might be used in the other direction as well: The last thing conservatives should want is a Democratic administration with such arbitrary power (or a Republican administration, for that matter). A Warren administration, say, could use such powers to coerce existing social media sites and search engines to disadvantage conservatives (in the name of neutrality and fairness, and stopping “fake news,” of course) and also to prohibit the “Facebook for conservatives” network recently called for by Donald Trump, Jr. It's quite incredible that we're even discussing this. A fairness doctrine doesn't make any sense, and is broadly unconstitutional for a whole host of reasons. What's bizarre and troubling is how quickly those who like to wear blue or red uniforms like to rush to it as soon as they feel one area of the media is "biased" against them, not recognizing how it would clearly be used in other areas of the media as well. While it appears that Sessions' gathering with Attornerys General will happen, hopefully all it serves to do is remind them all that the First Amendment exists, and that they are Constitutionally prohibited from messing with how online platforms present content. Permalink | Comments | Email This Story

Read More...
posted 29 days ago on techdirt
So we've pretty well established that somebody flooded the FCC's website with bogus comments during the agency's unpopular attack on net neutrality last year. Many of these comments were made using lifted identities (like Senators Jeff Merkley and Pat Toomey, or my own). Other comments were made using the identities of dead people. Many of the comments were made by a bot that pulled some of these fake identities in alphabetical order from a hacked database of some kind. Exactly 444,938 of those comments were made using Russian e-mail addresses. The general consensus among activists and journalists is that it was broadband providers or a partisan advocacy group linked to broadband providers, though the FCC's total refusal to aid investigations have made proving this rather difficult. This week, the New York Times sued the FCC for its ongoing refusal to adequately respond to FOIA requests regarding the incident. In an interesting twist however, the Times seems more interested in the Russian angle of the story than the wholesale fraud that occurred: "The request at issue in this litigation involves records that will shed light on the extent to which Russian nationals and agents of the Russian government have interfered with the agency notice-and-comment process about a topic of extensive public interest: the government’s decision to abandon “net neutrality.” Release of these records will help broaden the public’s understanding of the scope of Russian interference in the American democratic system." It's unclear whether the Times actually thinks the Russian angle to this story is really the heart of the matter, or whether they're using concerns surrounding other Russian disinformation efforts to help bring some additional national security gravitas to the effort to expose home-grown graft and disinformation. It's certainly possible Russia saw the net neutrality fight as another opportunity to sow division. But it's also worth noting that bogus comments supporting bad, usually anti-consumer policy is something that's been a problem across numerous agencies for several years, from fake consumers supporting efforts to rein in the banking industry, to the NFL submitting fake comments in opposition to efforts to eliminate the so-called black out rule. On its face, those mostly likely responsible are the companies trying to shape the policies in question, and here too the most likely culprits in the net neutrality fracas are telecom monopolies with long histories of precisely this sort of nonsense. Regardless, the Times suit makes it abundantly clear that the FCC refused to lift a finger to help reporters (or law enforcement) get to the bottom of the matter, and has routinely tried to use inapplicable FOIA exemptions (6, B5, 7E) to avoid having to share any real data: "Repeatedly, the FCC has responded to The Times’s attempt to resolve this matter without litigation with protestations that the agency lacked the technical capacity to respond to the request, the invocation of shifting rationales for rejecting The Times’s request, and the misapplication of FOIA’s privacy exemption to duck the agency’s responsibilities under FOIA." While it will likely take a while, slow progress is being made to force the FCC's hand on this issue. Journalist Jason Prechtel enjoyed a legal victory this week after he also sued the FCC for refusing to adequately respond to FOIA requests, data from which (largely the e-mail addresses and .CSV files utilized in the bot campaign) should surface in a few months. It's pretty obvious that there's something the FCC doesn't want explored here, and that something may just be exposed in time for not only the midterm elections, but also for the wide array of lawsuits headed the FCC's way this fall. Permalink | Comments | Email This Story

Read More...
posted 29 days ago on techdirt
The DHS says assaults on CBP and Border Patrol officers have been steadily increasing since 2015, with a 46.3% surge in violence against officers in 2017 alone. Sure, it fits the current narrative that undocumented immigrants are inherently dangerous. But is it true? Not even remotely. The CBP and Border Patrol are using new math to report assaults, allowing the DHS to portray patrolling the border as far more dangerous than it actually is. The Intercept exposed the bogus math earlier this year, thanks to a CBP official's inadvertently frank admission the numbers were incredibly inflated. Almost the entire increase — 271 purported assaults — was said to have occurred in one sector, the Rio Grande Valley, in South Texas. A large number of the assaults supposedly occurred on a single day, according to charts and details provided by Christiana Coleman, a CBP public affairs spokesperson. In response to questions from The Intercept, Coleman explained in an email that “an incident in the Rio Grande Valley Sector on February 14, 2017, involved seven U.S. Border Patrol Agents assaulted by six subjects utilizing three different types of projectiles (rocks, bottles, and tree branches), totaling 126 assaults.” What should have been classified as six or seven assaults at the most was recast as 126 assaults during a single incident. This should have prompted some Congressional concern about the CBP's reporting processes. It didn't. Instead, the Senate Committee on Homeland Security and Governmental Affairs "expressed concern" about the perceived increase in assaults and asked the DHS Inspector General to get to the bottom of it. This "concern" predated the Intercept's exposure of the bogus math, so it might explain why the IG believes under-reporting might be the problem, rather than the Jesus-like ability to feed hundreds of dangerous foreigner narratives using only a couple of larger altercations. The report [PDF] says the numbers are "unreliable," but doesn't focus on the real reason the yearly assault totals are suddenly increasing after a period of steady decline. Here are the numbers since 2010: And here's what the IG feels the problem is. In response to a request from the Senate Committee on Homeland Security and Governmental Affairs for information on assaults on CBP and ICE law enforcement officers, we determined that, from fiscal years 2010 to 2017, the number of assaults against CBP law enforcement officers decreased from 1,089 to 856. During the same time period, assaults of ICE law enforcement officers remained the same at 48. However, the data does not show a clear trend over that time period and the number of assaults varied widely from year to year. Our analysis also shows that, for a number of reasons, the data is unreliable and does not accurately reflect whether assaults have increased or decreased. For example, although both components introduced new reporting systems in FY 2016, law enforcement officers continue to use informal methods instead to document assaults and remain unfamiliar with these reporting systems. Further, the officers do not always report acts of physical resistance or attempted assaults, even when required to do so. Unsurprisingly, the DHS, CBP, Border Patrol, and ICE are all willing to take steps to increase the number of reported assaults. If these agencies can gain the sympathies of Congressional committees by inflating numbers and over-reporting assaults, they have everything to gain. The recommendations include more training for officers to help them recognize assaults and expanding the definition of assault to include "physical touch" or resisting arrest. If someone picks up a rock or tree branch but never uses it against an officer, that's also an assault. This should ensure the number of reported assaults continues to increase, shoring up the administration's fear-based immigration platform. Adding the expanded "assault" definition to the CBP's bogus math, a single subject resisting arrest has "assaulted" every officer involved in the takedown, whether they were injured or not. The CBP's force multiplier can turn one strenuous arrest into a half-dozen assaults and "concerned" Congressional committees can take it from there. The use of bogus multiplication is completely ignored in this report. Someone in Congress needs to send a letter to the IG telling the office to take a look at the sketchy math behind the "unreliable" numbers. CBP et al can't be trusted to tell the truth about officer safety until this has received a thorough examination. Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
This week, both our winning comments on the insightful side come in response to Ajit Pai's whining about California's net neutrality effort — and, more specifically, in response to a commenter making the silly blanket statement that all regulation fails and governments cannot do anything right. In first place, ShadowNinja with some counterexamples: Black and white statements like that are always wrong. There's literally tons and tons of government programs that worked great and didn't backfire in the long run. Here's just a short list of what things I can think of off the top of my head that you can thank the government for, that you can't say anything bad about how they backfired. Having safe food that's not laced with poison or other things that will make you sick. Knowing that up to $250,000 worth of assets will the safe in the event of your bank going under thanks to FDIC insurance required by law. Not having rivers and oceans that literally catch on fire because of how polluted they are with harmful chemicals/etc. that businesses dumped in them (yes, this really happened in the US). Having much cleaner air because of the same environmental regulations, and not having air so polluted that people have to wear smog masks just to go outside, and some wealthy literally go on 'clean air vacations' where it's less polluted (this is the reality today in China in a number of cities thanks to lack of regulation). Knowing that any car you purchase has passed rigorous government safety inspections when it was designed, and any used car you purchased was inspected as well to make sure that it's still safe to drive. Such regulations are responsible for a consistent decline in automobile accidents (which has long been the #1 killer in America). In second place, it's Jeremy Lyman with a similar point: I bought a gallon of milk in the grocery store last week, and I actually got a measured gallon of the listed substance for the posted price. It also didn't make me ill when I consumed it. https://www.fda.gov/downloads/food/guidancecomplianceregulatoryinformation/guidancedocuments/food labelingnutrition/foodlabelingguide/ucm265446.pdf https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/ cfcfr/CFRSearch.cfm?fr=101.7 https://www.fda.gov/Food/GuidanceRegulation/GuidanceDocumentsRegulatoryInformation/Milk/default.htm I'd wager that the government does thousands of things right in your life, it's just transparent when it's running smoothly. For editor's choice on the insightful side, we start out with one more comment from that post, this time from Anonymous Anonymous Coward and directed at one of Pai's statements: He know what the truth is, it just won't fit in his mouth. "Of course, those who demand greater government control of the Internet haven’t given up." Pai's disingenuous characterization is not very subtle. In fact the demand is not for government control of the Internet, but for control over internet providers, no matter what flavor. Control to keep the expected dumb pipes dumb. Control to encourage actual competition to keep quality high and prices low. Control to keep those offering service honest in their advertising and billing practices. Control to separate content from access. Control to keep corporations from overly influencing Government in their favor rather than the owners of this country, the people. Next, we've got a quick comment from Gary about an attempt to use the GDPR to hide a public US court document: And also weird how the ISP is putting the pressure on the website. It's almost as if there should be some law to limit intermediary liability... Over on the funny side, our first place winner comes after we clarified what happened with the Apple movie "deletion" kerfuffle, which turned out to be about dumb regional copyright restrictions. One commenter feared they might have to give back an earlier "most insightful" award for a comment on the subject, so Anonymous Anonymous Coward checked the criteria: Did you move to another country? In second place, it's one more response to the Ajit Pai post, this time from Chip in full parody mode targeting a particular commenter: I "told" you that This would "happen"! Idiots! Sycophants! MINIONS! I "told" you that when there were REGULATIONS, that "meant" that SOMEDAY there would be Elections, and other "people" might get "elected" and Undo the REGULATIONS. You did not Praise me for my BRILLIANCE in "understanding that Elections "exist" and sometimes different Parties get Elected, which doesn't matter anyway because oth Parties are the "same", as you would know if you were Interested in Truth and in "history" such as GEORGE WASHINGTON'S FAREWELL ADDRESS, which is one of Many historical Things that I have read because I am very "very" Smart. The "regulations" in California are BAD, and the FCC's repeal of the REGULATIONS from Wheeler is also BAD, and Wheeler's regulations were "also" BAD. That is OBVIOUS to anyone who is very VERY "smart" like "me". Don't you Sycophantic "idiots" Get it? Someay in California there will be an ELECTION. And different PEOPLE might get "elected". And those different "people" might repeal this "law". You're all so Stupid! Stupid! for not recognizing my obvious GENIOUS in understanding that sometimes different "people" get Elected to things. You did not learn about History like I learne about History, at Smilin' Jim's Unaccredited Forth Grade Academy. Every Nation eats the Paint chips it Deseves! For editor's choice on the funny side, we start out with another comment from Gary, this time in response to the Hollywood Chamber of Commerce engaging in some trademark bullying over the Hollywood sign: Hey isn't Hollywood that obscure California city that all those film studios moved to in order to escape draconian patent lawsuits from Edison? And finally, it's an anonymous comment about Tanzania's plan to outlaw the fact-checking of government statistics: Statistics show that 100% of leaders who demonize fact-checking are honest and deserve to be reelected. That's all for this week, folks! Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
Five Years Ago This week in 2013, we learned that in addition to communications the NSA was keeping millions of credit card transaction records, and then we finally got a look at the secrett FISA court ruling that permitted bulk phone data collection, in which it was revealed that Verizon and AT&T never fought back. The court also made the untrue claim that all of congress already knew all the details, and of course we wondered why the ruling was ever secret to begin with. Meanwhile, Michael Hayden was making some crazy claims about terrorists using Gmail and the US's right to spy on the internet it invented, while also making some childish prognostications about Ed Snowden's likely future of alcoholism — though other defenders of the agency were sticking to the same tired talking points, plus the new euphemism that Snowden's activities were "masked by his job duties". Ten Years Ago This week in 2008, Apple made the decision to block a competitive podcast app from the App Store, leading to significant backlash, while a court in Germany was getting in on similar action in its own way by banning VOIP on the iPhone at the behest of T-Mobile. NBC was bragging about its ability to lock down online Olympic footage, the movie industry was making yet another attempt to build the mythical "good" DRM, and the cops were continuing to bring in the RIAA to help with investigations where it would clearly be biased. There was a glimmer of light for online entertainment though: this was also the week that BandCamp launched, and its easy-to-build pages quickly became one of the best tools for musicians to distribute their work online. Fifteen Years Ago This week in 2003, as file-sharers were going deeper underground, a study showed that most online copies of movies were coming from industry insiders — which perhaps explains the industry's insane plan for self-destructing DVDs. While RIAA head Carey Sherman was struggling to defend the agency's lawsuit strategy (and totally missing the point), the Senate was gearing up for hearings over the lawsuits, and considering a bill to close the DMCA's special subpoena powers — also a major issue in the ongoing court battle between the RIAA and Verizon. Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
Strangest trademark story of the month? Strangest trademark story of the month! As you may have heard, back in March, a former Russian spy who had been a double agent for the UK, Sergei Skirpal (and his daughter), was poisoned in the UK with a nerve agent. Earlier this month, UK officials moved to charge two Russians with attempted murder over that event. They named Alexander Petrov and Ruslan Boshirov as being behind the plot. Along with the announcement, the Crown Prosecution Service admitted that it will not seek to extradite the men from Russia, as Russia will not extradite its own nationals. Somewhat bizarrely, the two men (who many believe are not actually named Petrov and Boshirov) then decided to go on Russian TV to profess their innocence, claiming, improbably, that they were just tourists with no connections to Russian intelligence who had really wanted to go visit a cathedral in Salisbury where the attacks took place. A somewhat fascinating Bellingcat investigation has torn to shreds most of their story and suggested pretty strong evidence connecting them to the Russian government (and that their names are fake). That TV interview has been mocked and described as a farce, but as the NY Times described, it may have been intentionally so, with the hope of mocking the west. And, that leads us to a story that's more normal for us around here: one about trademarks. Apparently, a Russian company, "Golden Brand," decided to apply for a trademark in the two suspects' "names" and (har har) have that trademark cover "production of chemical compounds and perfume." And the idea is that the trademark will then be handed over to the guys to do what they want with it. According to the Moscow Times: Russia’s Golden Brand company has applied to trademark the phrase “Petroff & Boshiroff,” its spokesperson told The Moscow Times on Wednesday. "After the name gets registered, we will gift it to Bashirov and Petrov, and they can start a company if they want,” a spokesperson for the company said. "We did it as a marketing tool; it's good for public relations," she added. The trademark will allow its holders to manufacture and sell industrial chemicals and perfume, as well as operate fitness centers and travel agencies At least they admit it's a publicity stunt. But what a bizarre use of trademark. Trademark law in Russia may be different than elsewhere, but in the US, you're supposed to actually be intending to actually use the mark in commerce in order to register it. And, uh, while these two guys may have "used" a chemical, it wasn't in commerce (not to mention, they deny having done so). Also, if they wanted a trademark, they could file it for themselves, without needing some random company to file it for them. The whole story is obviously bizarre, but I didn't expect trademark to play a role in it. Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
The Long Beach Police Department has bravely struck a blow against police accountability. An investigation by Al Jazeera uncovered use of self-deleting messaging by the department. Current and former officers from the Long Beach Police Department in Southern California have told Al Jazeera that their police-issued phones had Tiger Text installed on them. The Tiger Text app is designed to erase text messages after a set time period. Once the messages have been deleted, they cannot be retrieved - even through forensic analysis of the phone. The police officers who spoke with Al Jazeera said the confidential messaging system was used to share details of police operations and sensitive personnel issues. This may be true. But even if this was the full extent of TigerText usage, it's still a problem. Personnel issues can become matters of public interest, especially in civil rights lawsuits. Details of police operations are normally inaccessible to the public, but in rare cases, these too become matters of public interest. On top of that, there's a good possibility some of these vanished discussions may have been pertinent to criminal trials. Defendants should have the chance to obtain relevant discussions that may help their defense, but Tiger Text ensures information that prosecutors might be obligated to turn over to the defense is now completely inaccessible. In fact, the Al-Jazeera article quotes two former officers as claiming their superiors told them to use TigerText specifically to prevent conversations from being discoverable. The department has denied giving officers these instructions, but former officers claim the PD's participation in the discovery process is anything but "on the up and up." The Long Beach PD had more than 100 officers using TigerText to preemptively destroy possible public records and/or evidence. The use of self-destructing messages, if nothing else, violates record preservation laws. Depending on what disappeared into the ether, there's a good chance criminal cases were also affected by the rolling destruction of communications. It didn't take long for the Long Beach PD to reverse course after having its shady texting exposed. The LA Times reports the department has already officially ditched TigerText. The Long Beach Police Department has suspended its use of a mobile texting application that permanently erases messages after civil liberties advocates and media outlets raised concerns that the app could be used to hide evidence useful to the other side in criminal and civil court cases. In a statement, the city said the decision to halt the use of TigerText came “pending further review of whether the use is consistent with the city’s record retention policy and administrative regulations for the use of mobile devices.” The PD claims it used TigerText as a stopgap solution when it moved away from Blackberry phones. Supposedly the search for an encrypted messaging system led the LBPD to this program, despite there being plenty of other options on the market in 2014. I guess the built-in autodelete feature was a pleasant bonus. TigerText was originally developed for the medical industry to allow care providers to send sensitive patient information to each other. The self-destruct feature helped hospitals comply with HIPAA regulations -- both by encrypting communications and ensuring records no longer needed were removed from issued phones. To its credit, the swift abandonment of TigerText means future violations will be minimal. The PD has also promised to release more info about the department's utilization of the messaging app, including which officers and commanders used the app. But the damage that has been done probably can't be undone. If no messages were archived, the last four years of TigerText communications no longer exist. Nothing can be proven one way or another and taxpayers who paid $10,000 a year to help the PD destroy public records will just have to take the department's word that nothing illegal or unconstitutional occurred while TigerText was in use. That's a giant leap of faith most people won't make. If the Long Beach PD didn't have a trust issue before, it definitely has one now. Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
Sometimes the best move is to let something go. Kids will be kids, as the saying go. Thing is, kids may also be litigants, especially if you think your school administration position grants you the power to violate students' rights. The mother of the 17-year-old girl filed the federal lawsuit this past February against the Hackettstown School District; teacher Kathleen Matlack; assistant principal Kevin O'Leary; and Jennifer Spukes, a Harassment, Intimidation, and Bullying specialist at the high school. The suit contends the girl was discriminated against and her constitutional rights violated as the district accused the girl of bullying and then issued a one day in-school suspension while she attended the school in the 2016-2017 school year. That's the tidied-up summary of the lawsuit, as composed by Lehigh Valley Live, which covered the case but couldn't be bothered to post the judge's ruling. So, here's the missing paperwork [PDF] and we'll get into the story behind this via the details contained in the federal judge's order. This is only the build-up. On March 8, 2017, K.C. was summoned to the office of Defendant Kevin O’Leary, Assistant Principal at Hackettstown High School. Apparently, K.C. and other students were overheard having a conversation about guns and violence, which O’Leary wished to address. O’Leary asked K.C. whether the conversation concerned the Black Lives Movement; when she told him that she was speaking about confrontations between police and African Americans, O’Leary responded, “all lives matter.” According to K.C., she understood this to mean that she was not to discuss the Black Lives Movement while in school. Apparently, during this conversation O’Leary also remarked that some individuals are lucky to have light-colored skin and pass as Caucasian, which K.C. took as an insult, being that she is bi-racial. However, K.C. was not disciplined for this incident. This seems like pretty weird behavior from a school official, but not exactly the subject matter of a federal lawsuit. An administrator took a chance to connect with students discussing a serious issue that affects all of them and chose to grind his personal ax instead. A bad decision but not exactly a violation of K.C.'s rights. THAT During K.C.’s English class, students were reading the play, “Blood Brothers,” which has a scene where a corrupt police officer treats two suspects differently based on their economic status. As students were picking roles to play, K.C. volunteered to play the police officer, referring to the officer as “the pig.” ESCALATED Her English Teacher, Defendant Matlack, reprimanded her for her choice of word and K.C. apologized. This being said, J.G. received a phone call a half hour later from Principal Matthew Scanlon, who explained to her that K.C. was the subject of a Harassment, Intimidation, and Bullying (hereinafter, “HIB”) investigation…The basis of this investigation was K.C.’s use of the word “pig,” which may have offended a student in the class whose father is a police officer… QUICKLY Later that day, the school conducted an HIB investigation, which was attended by K.C., Defendant Jennifer Spuckes, an HIB Investigation specialist, and Defendant O’Leary. K.C. apparently recorded this meeting. In any event, during the meeting, K.C. expressed to Defendants Spuckes and O’Leary that use of the word “pig” did not reflect her view of law enforcement and claimed that the classmate who may have been offended by the statement was not present when she uttered the word. According to the Complaint, “Mr. O’Leary and Ms. Spuckes analogized the use of the term ‘pig’ to the use of the term ‘nigger’ and, later, the term ‘fag.” Apparently, both of them asked her how she would feel if someone called her by either name. Despite objecting to these slurs, Defendants O’Leary and Spuckes continued to utter them in front of her. The two also criticized K.C. for continuing to discuss the Black Lives Movement, which they compared to someone overhearing a sexually degrading conversation between two teachers. Where do you even start? The bullshit "bullying" accusation? Well, the lawsuit states the student supposedly offended by this wasn't even in the room when the "pig" comment was made. K.C. apologized for referring to a fictional cop character as a "pig," even though there was no reason for her to do so. From there, it's just an embarrassment of richly embarrassing -- if not downright insulting -- conversational tactics by a bunch of disciplinarians who apparently felt compelled to straighten out a gay, multiracial student by [checks notes] using the words "nigger" and "fag" in an entirely abhorrent analogy that presumes "cop" is a race or sexual orientation. Also: Black Lives Matter is to "sexually-degrading conversation between two teachers" as Colin Kaepernick is to: A: gumball machine B: complete works of Proust C: narcolepsy D: deciduous This atrocious trainwreck of judgment calls was followed by a one-day suspension. This, in turn, was followed by the lawsuit. The defendants all moved to dismiss the lawsuit, arguing K.C. didn't have standing and/or failed to state a claim. The federal court disagrees, finding both offered defenses to be off base. K.C. has standing... [C]ontrary to Defendants’ assertion, none of Plaintiff’s claims “arise under the school laws” of New Jersey. While the allegations relate to the school’s investigation into K.C.’s alleged bullying, the claims asserted arise under a federal statute, state law, United States Constitution, and the Constitution of the State of New Jersey. … and has stated a plausible claim. When reviewing the Complaint, the Court is satisfied, at this stage, that Plaintiffs “pig” comment may constitute protected speech that was allegedly wrongfully infringed. While Defendants contend that her punishment was based on complaints of bullying and the school’s overall concern for preventing disruptive behavior, there is nothing alleged in the Complaint to support same. Second, with regards to the Plaintiffs conversation surrounding the Black Lives Matter movement, it can hardly be argued that discussions involving political or social justice matters do not fall within the protections afforded under the First Amendment… There were plenty of opportunities to handle this non-issue in a way that would have eliminated the possibility of a civil rights lawsuit. Anything from "doing nothing" to "doing anything but what was done" would have sufficed. But it sounds like these administrators have something against minorities and people who don't automatically assume cops are saints. And that might cost them in the long run. Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
Way back when the GDPR was still under consideration, we were among those who warned that, in the name of "protecting privacy," Europe was about to create a tool for massive censorship by encapsulating a massive "right to be forgotten." As we noted at the time, a big part of the problem was that the GDPR was written by privacy and data protection experts, with little to no consideration given to free speech experts, who could have told the drafters how "right to be forgotten" rules would likely be abused. The basic idea behind them seems sound -- allowing people to delete data from services they no longer use -- but the ability to turn that into a tool to take down public information is a real problem. And, now that the GDPR is official, we're already seeing it in practice. Aaron Greenspan, from Plainsite -- a site that hosts court dockets -- recently noted that he had received a RTBF demand from a guy named Michael Francois Bujaldon, who was seeking to disappear a docket involving a case in which Bujualdon was sued for real estate and securities fraud. The complaint against Bujaldon is fairly damning, and while Bujaldon tried to get the case dismissed, the court was not at all impressed. The current docket suggests that the parties are attempting to work out a settlement, but having yourself be a defendant accused of real estate and securities fraud can't be good for the old reputation. Never fear, however, for the GDPR has a Right to be Forgotten in it, and Bujaldon is apparently using it to delete his own name from the dockets for which he is a defendant: French scam artist Michael Francois Bujaldon is using the GDPR to attempt to remove traces of his United States District Court case from the internet. He has already succeeded in compelling PacerMonitor to remove his case. We have 24 hours to respond. https://t.co/Ht7ucqLoJY pic.twitter.com/XjEgkvathE — PlainSite (@PlainSite) September 14, 2018 If you cannot read that request, it says: Hi, under Article 21.1 of the General Regulations on Data Protection (RGPD) transcribing European Regulation 2106-679 and updating the provisions of Law 78-17 of 6 January 1978, known as "Informatique et Libert" amended in 2004 (Law 2004-575 on Trust in the Digital Economy - LCEN), which Article 6 | 2 provides that "any information relating to an identified natural person or which can be identified, directly or indirectly, by reference to an identification number or one or more elements specific to that person shall constitute personal data", I thank you for deleting my personal data, which is my first and last name Michael Franois BUJALDON on this page: https://www.plainsite.org/dockets/30qmdbpgl/north-dakota-district-court/chabert-et-al-v-bujaldon-et-al/ Please see attached my ID card. Regards, Michael Francois BUJALDON PD: this website has removed this content yet: https://www.pacermonitor.com/public/case/17818391/Chabert_et_al_v_Bujaldon_et_al So, first, you can feel free to highlight the fact that BUJALDON misspelled his own name in the part where he asks that his name be deleted (he left the c out of Francois). But it does appear to be the case that Pacer Monitor deleted the entire docket for Bujaldon, not just his name. If you go to that link you get: Which... is pretty damn messed up. This is a public court docket regarding a case accusing Bujaldon of serious fraud. That's not just public information, but it's the kind of information that people clearly want to be public. Yet, Bujaldon has been able to get it shot down the memory hole thanks to the GDPR, and Pacer Monitor has complied and disappeared the entire docket. While Greenspan clearly didn't want to similarly comply, he later notes that his hosting company forced him to remove Bujaldon's name, and replace it with his initials or else it would suspend his server: Our ISP is forcing us to abbreviate Michael Francois Bujaldon to "M.F.B." in order to avoid "server suspension." The GDPR needs to be fixed. https://t.co/Ix6qTk6CPH — PlainSite (@PlainSite) September 17, 2018 So, now the docket on PlainSite looks like this: Plainsite's Aaron Greenspan told me that his hosting company, Hetzner, is based in Germany, so perhaps they feel more exposed to GDPR requests, no matter how nonsensical. He also shared with me his email exchange with Hetzner. The company doesn't even seem to want to consider the possibility that the takedown request was illegitimate. Not only does it demand he take Bujaldon's name down within 24 hours, it demands a statement "about how this could have happened and what you intend to do about it." What? Someone totally abuses the GDPR's Right to be Forgotten to try to delete evidence of an ongoing lawsuit against himself, and the hosting company's first reaction is to assume that the site is at fault and demand an explanation? And an explanation of how "what" happened? Plainsite is just hosting a federal court docket. It didn't do anything wrong, so why is Hetzner acting as if the site must have done something wrong? Looking around the web, other sources still have Bujaldon's full name in their dockets -- such as at Justia, Law360 and CourtListener, but one wonders if Bujaldon will seek to target them as well. This is, quite obviously, an abuse of the GDPR to delete public information (information where it's fairly important that it be public) to hide reputation harming information. Some defenders of the GDPR may argue that since this is an abuse of the GDPR, we shouldn't really blame the GDPR for this result, but rather blame Bujaldon for abusing it, or the various internet companies for caving to his bogus demands. However, this is exactly what free speech experts were warning would happen when the "data protection" experts in the EU insisted that these rules would be fine. They refused to listen, and now we're at the point where important information is actually being censored. Even worse, we're increasingly hearing talk of exporting the GDPR to the United States, and creating a similar set of rules here, as if they won't be aggressively abused to hide important information like this, as well. Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
Will we ever see a complete postmortem of the damage done by leaked NSA software exploits? All signs point to "no." [M]ore than a year since Microsoft released patches that slammed the backdoor shut, almost a million computers and networks are still unpatched and vulnerable to attack. Although WannaCry infections have slowed, hackers are still using the publicly accessible NSA exploits to infect computers to mine cryptocurrency. This report, from Zack Whittaker at TechCrunch, says there's really no endpoint in sight for the unintended consequences of exploit hoarding. But at this point, it's really no longer the NSA or Microsoft to blame for the continued rampage. Stats from Shodan show more than 300,000 unpatched machines in the United States alone. EternalBlue-based malware still runs rampant, but the focus has shifted from ransom to cryptocurrency. An unnamed company recently watched the NSA's exploit turn its computers into CPU ATMs. Nobody knows that better than one major Fortune 500 multinational, which was hit by a massive WannaMine cryptocurrency mining infection just days ago. “Our customer is a very large corporation with multiple offices around the world,” said Amit Serper, who heads the security research team at Boston-based Cybereason. “Once their first machine was hit the malware propagated to more than 1,000 machines in a day,” he said, without naming the company. Fun stuff. And all made possible by the US government. Sure, indirectly, but it's not like no one in the private sector ever expressed concerns about the agency's vulnerability hoarding and the possibility of exactly this sort of thing happening. The exploit the NSA thought was too good to give up was taken from it and handed over to the malware-crafting masses to inflict misery around the world. Enemies were made -- and not all of them were software and hardware developers. There will never be a full accounting of the damage done. Yes, the NSA never thought its secret stash would go public, but that doesn't excuse its informal policy of never disclosing massive vulnerabilities until it's able to wring every last piece of intel from their deployment. And there's a chance this will happen again in the future if the agency isn't more proactive on the disclosure front. It was foolhardy to believe its tools would remain secret indefinitely. It's especially insane to believe this now. Permalink | Comments | Email This Story

Read More...