posted 25 days ago on techdirt
Netzpolitik -- once on the receiving end of treason charges for reporting on leaked documents -- is marking the end of the so-called "inquiry" into the BND-NSA partnership with a post discussing the inquiry's multiple failures. The German government's investigation into Five Eyes spy efforts was a direct result of leaked Snowden documents, which showed the NSA had spied on the German chancellor. It failed to uncover much about that particular allegation. By the time this part of the investigation had been dropped, President Obama had already apologized for the NSA doing perfectly normal NSA-type stuff: spying on foreign officials. The committee turned to a broader discussion of surveillance best practices, including the propriety of spying on friends and neighbors. In doing so, it uncovered plenty of illicit and ill-advised spying by its NSA equivalent, BND. Netzpolitik has a full list of BND's questionable surveillance targets, including friendly foreign officials, journalists, EU officials, the UN, human aid organizations, banks, rating agencies, and a number of American companies. (Do unto others, etc.) But when it came to actually examining BND's tactics and programs, the committee opted to dwell on legal minutia. Quite some time was spent on the question of when which sub-division manager in BND knew of which selector and to whom he reported it or why he didn’t and whether someone was present at a meeting in the chancellery on 24th of October 2013 or not or was it the 28th… No wonder sometimes only a dozen people witnessed the public hearings until late at night. It's a great way to talk around the issues, rather than addressing them. Netzpolitik felt the pain personally, as its reporters attended the public hearings and transcribed all 5.6 million characters of undisturbed bushes idly observing nearby beatings. This was not entirely the tribunal's fault, however. As soon as it became apparent surveillance partnerships were going to be discussed, BND's Five Eyes partners began issuing ultimatums. The committee was only allowed to investigate a few discontinued and outdated joint operations between the German spy agency BND and the Five Eyes: Eikonal in Frankfurt and Glotaic. But the name "Glotaic" could not even be spoken, because it includes the partner's name "CIA". Just like operation "Monkeyshoulder", which was planned with British GCHQ. This could not be mentioned at all, as the UK threatened to end any spy cooperation. The committee would be responsible for terrorist attacks, they said. The committee is now in the process of writing a report that few will see, much less read. A public version will likely be presented, short on specifics and long on assertions of lawful authority and rigorous oversight. It's basically up to leakers to provide the public with the reality of the situation. And much of what the committee managed to uncover has been glossed over... or codified. The consequences to those revelations amount to the next scandal. Instead of adjusting the spying to the law, the laws are adjusted to the spying. One year before the end of the committee, the grand coalition passed a reform of the BND law. With this change, everything that the BND is doing, is legalized – and even expanded. The committee found that the NSA spies on its "friends" just as often as BND does. The examination of 14 million shared intercepts turned up 40,000 "friendlies." Notably, the committee was not allowed to review these intercepts. It was just supposed to take the single reviewer's word on the percentage of "friendly" NSA targets. Taking a look at its own intercepts, BND found 3,300 "participants" linked to 15,000 "selectors" in its "friendlies" file. This means German officials like Merkel will find it difficult to feign anger at the NSA's friendly spy targets. Not that any of this matters, at least not in the short run. As Netzpolitik points out, while the committee was busy discussing the few things it could discuss, the German parliament was expanding BND's legal authorities. German citizens -- along with everyone the government spies on -- can rest assured nothing has changed. It's only gotten worse. The final report may provide more examples of BND's misconduct, but the agency has already been rewarded for its misbehavior by the same officials charged with holding the agency accountable for its abuses. Permalink | Comments | Email This Story

Read More...
posted 25 days ago on techdirt
IBM basically tries to patent everything, no matter how stupid. The company has (no, really) been at the top of the patent recipient list in the United States for an astounding 24 straight years. Really. And, yes, sure, the company has done some innovative things and yes, Watson's pretty cool, but does anyone actually think IBM is the most innovative company around for the past two and a half decades? It gets tons of patents because IBM has an army of lawyers who just try to patent anything. Earlier this week, the EFF put out its regular Stupid Patent of the Month post, and it was about an incredibly stupid patent from IBM. The patent (US Patent 9,547,842) is for an out-of-office email messaging system. You know, when you email someone and you get back a bounce that says the person is out of the office, and that they won't be reading emails (even though they probably are reading them anyway and probably will respond anyway, because, really, who goes off email these days?). Anyway, the application for this patent was filed in 2010, way, way, way after OOO messages were quite common. The one thing that might be considered different in this patent was that you could set it to tell people a few days earlier that you would be on vacation in a few days. But, as EFF pointed out, that's not particularly inventive or difficult for anyone to figure out and it certainly doesn't deserve a patent. As the EFF notes, going over the history of this patent demonstrates why the US Patent Office is so bad at this stuff. Rather than figuring what's actually obvious or in the prior art, it just looks at patents: You might think that a patent examiner faced with a patent application on an out-of-office email system might look at some real out-of-office email solutions. But the examiner considered only patents and patent applications. The Patent Office spent years going back-and-forth on whether IBM’s claims where new compared to a particular 2006 patent application. But it never considered any of the many, many, existing real-world systems that pre-dated IBM’s application. To take just one example, the Patent Office never considered this detailed specification from 1998 (PDF) from IBM describing the out-of-office agent in Notes. Nor did it consider other well-known email features like scheduling and signatures. If the Patent Office had taken a peek at the real world, and applied a modicum of common-sense, it would have quickly rejected IBM’s claims. EFF also notes that the patent should have easily failed under the Alice standard, but IBM tap danced around it: In Alice, the Supreme Court ruled that an abstract idea does not become eligible for a patent simply because it is implemented on a generic computer. That decision came down in June 2014, so the Patent Office had plenty of time to apply it to the application that led to this patent. If it had, it likely would have rejected the claims. The ’842 Patent goes out of its way to make clear that its method can be implemented on a generic computer. The final three columns of the patent recite at length how its claims can be implemented in any programming language on essentially any kind of hardware. At one point, the examiner did reject some of the application’s claims under Section 101 of the Patent Act (which is the statute the Alice decision applies). But IBM overcame the rejection simply by arguing that the patent’s method was implemented in computer hardware. In January 2013, IBM noted that “it was agreed [between IBM and the patent examiner] that the rejection ... under 35 U.S.C. § 101 could be overcome by reciting that a hardware storage device stores computer readable instructions or program code.” Even if that was a reasonable response in 2013, it certainly was not after Alice. Yet the Patent Office never revisited the issue. We have submitted multiple rounds of comments (1, 2, 3, and 4) to the Patent Office urging it to be more diligent in applying Alice. So, normally, we just repost the EFF's Stupid Patent of the Month posts here on Techdirt, and we even had this one lined up... but a funny thing happened on the way to the posting. Over at Ars Technica, Joe Mullin reached out to IBM to ask them the reporter's equivalent of "WTF?" and got back this response: Asked today about EFF's criticisms of the patent, an IBM spokesperson said that "IBM has decided to dedicate the patent to the public." Got that? So IBM spent tons of money not just applying for this patent, but arguing back and forth with the PTO for years over why it truly deserved this silly patent... and then it got it at the beginning of this year. And less than two months after receiving the patent, when the EFF publicly shames IBM over the patent, the company then says "oh, hey, we dedicate it to the public." That makes sense. Permalink | Comments | Email This Story

Read More...
posted 25 days ago on techdirt
A report released by the San Diego Police Department shows its body-worn camera program is actually doing some good. Since officers began wearing the cameras nearly three years ago, the department has seen significant decreases in misconduct allegations and high-level uses of force by officers. A nine-page internal report also says the cameras have shrunk the number of allegations left unresolved due to lack of evidence, helped more officers get exonerated and increased the percentage of allegations deemed false. The allegations are down because the misconduct is down. The department's camera program began in 2013. Since then, it has expanded to cover every officer in the force. Three years later, the department has experienced a 43% drop in misconduct allegations. That's the sort of thing that happens when most of your interactions are recorded. In addition to better behavior by cops (and better behavior by citizens who know their words and actions are being recorded), there has been a drop in the use of severe force. [H]igh-level use of force, such as physical takedowns and using Tasers, chemical agents or weapons, is down 16.4 percent. On the other hand, lower-level uses of force have increased 23.5% over the same period. What could be taken as an indication of a partial accountability favor is more likely just a statistical adjustment. For one, the increase in real numbers is only 71 more force deployments than last year, which isn't all that much when compared to the number of police interactions. According to SDPD numbers, officers responded to 520,000 incidents in 2016. As for the uptick in lower-level force deployment -- which is much more significant than the drop in higher-level force use -- this is little more than a reflection of a positive change in tactics. In most arrests, some level of force is deployed. If San Diego cops are aware they're being recorded, they're less likely to deploy high-level force techniques as quickly as they would in pre-camera days. These numbers show there's more de-escalation occurring, which naturally results in fewer deployments of high-level force. But since some force is still needed in many cases, the numbers have to go somewhere. And they've traveled from the high-level stats to the low-level. This is backed up by officers' statements detailed in the report: This data is consistent with feedback received from officers indicating body worn cameras help de-escalate some situations, and results in the use of lesser controlling force to gain compliance without the need for greater controlling/defending force. Also of note is the fact that the cameras have increased the number of sustained allegations. Last we checked, the SDPD had no disciplinary procedures in place for officers who fail to record interactions. But something must be going right (or have changed in the meantime) because there doesn't appear to be (at this point) any evidence cameras are being disabled, being tampered with, or having critical recordings go missing. Another thing that comes through is that SDPD brass appear to be taking this form of accountability very seriously. The department is already planning to upgrade its cameras, with an emphasis on capturing even more footage than it already does. By April, the department plans to complete upgrading each of its nearly 1,200 body-worn cameras to newer models with superior video quality and the ability to store two minutes of footage before an officer hits “record” instead of the current 30 seconds. Body cameras can't fix bad policing if those up top don't show their support for additional scrutiny and accountability. Fortunately for the citizens of San Diego, their police department actually seems to want this program to help it build better cops and a better relationship with the community they serve. Permalink | Comments | Email This Story

Read More...
posted 25 days ago on techdirt
The finding and booking of flights is a massive and elaborate global mechanism that contains both fascinating technology and useful secrets. This week, we're joined by Adam Fletcher, co-founder of Gyroscope Software and an architect of Google's airline reservation system, to talk about all the technology behind commercial air travel today. Follow the Techdirt Podcast on Soundcloud, subscribe via iTunes or Google Play, or grab the RSS feed. You can also keep up with all the latest episodes right here on Techdirt. Permalink | Comments | Email This Story

Read More...
posted 25 days ago on techdirt
I've known Bas Grasmayer for many years, and he's a super insightful digital/music strategist and has written a bunch of posts for us over the years. He tends to be on the cutting edge of any digital music startup -- so it's little surprise that he first got a Soundcloud account way back in 2008 or 2009, soon after Soundcloud started. His account is at soundcloud.com/bas/ because, well, that's his name. So it was a bit of a shock for Bas to get this notice from Soundcloud yesterday: If you can't read that, it says: Hi there, We are writing to inform you that a SoundCloud user has reported trademark infringement regarding your URL "https://soundcloud.com/bas" and Display Name "Bas". They have provided verified proof of trademark ownership. Accordingly, we are writing to request that you please change your URL and Display Name so that they do not include any version of "BAS". If your URL and Display Name are not changed within the next 48 hours, we may have to suspend your account, on the grounds of trademark infringement. Please make these changes within the next two days, to avoid any consequences in this situation. Thank you very much for cooperation and please let us know if you have any questions about this. Kind regard, SoundCloud Trust & Safety Team Did you get that? Bas Grasmayer is not allowed to use any version of his own damned name in a URL or Display Name. Of course, if you're in SoundCloud's shoes, you're in a tough spot. They don't want to get sued, and the intermediary liability protections around trademark are even weaker than they are for copyrights. After writing back to SoundCloud with a "hey, but that's my name..." message, the company has told Bas if he can prove that's his name then maybe, just maybe, the company can push back on his behalf: The key portion in that one reads: "...their [sic] is an exception within the Trademark Directive that may apply in your case. This exception states that trademark owners can't prevent an individual from using their own name in the course of trade. If we receive documentation proving that your name is "Bas", we will be able to push back and reject the trademark infringement claim. That's better than nothing, but still seems silly that Bas needs to go about proving his name is Bas just to keep his account or to use his name anywhere on his own account. The problem here isn't so much SoundCloud, which is in a tough spot due to ridiculous laws, but with the nature of trademark law itself and how it's been expanded and twisted over the years. Again, the original intent of trademarks was for consumer protection -- to distinguish one company's products from another's. It's not like people are going to go to Bas' SoundCloud page and freak out that it's not the trademarked' "BAS'" page. Of course, over the years there have been other disputes involving trademarks and people's names. Most famously there was the years-long legal fight over Nissan.com (which we wrote about back in 2001) between the car company Nissan and a dude named Uzi Nissan who ran a computer repair business under his own name. Either way, Bas has responded with evidence that his name really is Bas, and also questioned that anyone might confuse him with a musician who trademarked Bas. It's fairly ridiculous that these kinds of disputes keep happening, but it's the result of over aggressive trademark laws in a world where our basic namespace has put little emphasis on the need to be unique. While you can quibble over whether or not everyone should have unique names, we shouldn't be stripping or shutting down long term internet accounts just because someone jumps in years later with a trademark claim. Permalink | Comments | Email This Story

Read More...
posted 25 days ago on techdirt
For the last four years, the Web has had to live with a festering wound: the threat of DRM being added to the HTML 5 standard in the form of Encrypted Media Extensions (EME). Here on Techdirt, we've written numerous posts explaining why this is a really stupid idea, as have many, many other people. Despite the clear evidence that EME will be harmful to just about everyone -- except the copyright companies, of course -- the inventor of the Web, and director of the W3C (World Wide Web Consortium), Sir Tim Berners-Lee, has just given his blessing to the idea: The question which has been debated around the net is whether W3C should endorse the Encrypted Media Extensions (EME) standard which allows a web page to include encrypted content, by connecting an existing underlying Digital Rights Management (DRM) system in the underlying platform. Some people have protested "no", but in fact I decided the actual logical answer is "yes". As many people have been so fervent in their demonstrations, I feel I owe it to them to explain the logic. He does so in a long, rather rambling post that signally fails to convince. Its main argument is defeatism: DRM exists, the DMCA exists, copyright exists, so we'll just have to go along with them: could W3C make a stand and just because DRM is a bad thing for users, could just refuse to work on DRM and push back wherever they could on it? Well, that would again not have any effect, because the W3C is not a court or an enforcement agency. W3C is a place for people to talk, and forge consensus over great new technology for the web. Yes, there is an argument made that in any case, W3C should just stand up against DRM, but we, like Canute, understand our power is limited. But there's a world of difference between recognizing that DRM exists, and giving it W3C's endorsement. Refusing to incorporate DRM in HTML5 would send a strong signal that it has no place in an open Internet, which would help other efforts to get rid of it completely. That's a realistic aim, for reasons that Berners-Lee himself mentions: we have seen [the music] industry move consciously from a DRM-based model to an unencrypted model, where often the buyer's email address may be put in a watermark, but there is no DRM. In other words, an industry that hitherto claimed that DRM was indispensable, has now moved to another approach that does not require it. The video industry could do exactly the same, and refusing to include EME in HTML5 would be a great way of encouraging them to do so. Instead, by making DRM an official part of the Web, Berners-Lee has almost guaranteed that companies will stick with it. Aside from a fatalistic acceptance of DRM's inevitability, Berners-Lee's main argument seems to be that EME allows the user's privacy to be protected better than other approaches. That's a noble aim, but his reasoning doesn't stand up to scrutiny. He says: If [video companies] put it on the web using EME, they will get to record that the user unlocked the movie. The browser though, in the EME system, can limit the amount of access the DRM code has, and can prevent it "phoning home" with more details. (The web page may also monitor and report on the user, but that can be detected and monitored as that code is not part of the "DRM blob") In fact there are various ways that a Web page can identify and track a user. And if the content is being streamed, the company will inevitably know exactly what is being watched when, so Berners-Lee's argument that EME is better than a closed-source app, which could be used to profile a user, is not true. Moreover, harping on about the disadvantages of closed-source systems is disingenuous, since the DRM modules used with EME are all closed source. Also deeply disappointing is Berners-Lee's failure to recognize the seriousness of the threat that EME represents to security researchers. The problem is that once DRM enters the equation, the DMCA comes into play, with heavy penalties for those who dare to reveal flaws, as the EFF explained two years ago. The EFF came up with a simple solution that would at least have limited the damage the DMCA inflicts here: a binding promise that W3C members would have to sign as a condition of continuing the DRM work at the W3C, and once they do, they not be able to use the DMCA or laws like it to threaten security researchers. Berners-Lee's support for this idea is feeble: There is currently (2017-02) a related effort at W3C to encourage companies to set up "bug bounty" programs to the extent that at least they guarantee immunity from prosecution to security researchers who find and report bugs in their systems. While W3C can encourage this, it can only provide guidelines, and cannot change the law. I encourage those who think this is important to help find a common set of best practice guidelines which companies will agree to. One of the biggest problems with the defense of his position is that Berners-Lee acknowledges only in passing one of the most serious threats that DRM in HTML5 represents to the open Web. Talking about concerns that DRM for videos could spread to text, he writes: For books, yes this could be a problem, because there have been a large number of closed non-web devices which people are used to, and for which the publishers are used to using DRM. For many the physical devices have been replaced by apps, including DRM, on general purpose devices like closed phones or open computers. We can hope that the industry, in moving to a web model, will also give up DRM, but it isn't clear. So he admits that EME may well be used for locking down e-book texts online. But there is no difference between an e-book text and a Web page, so Berners-Lee is tacitly admitting that DRM could be applied to basic Web pages. An EFF post spelt out what that would mean in practice: A Web where you cannot cut and paste text; where your browser can't "Save As..." an image; where the "allowed" uses of saved files are monitored beyond the browser; where JavaScript is sealed away in opaque tombs; and maybe even where we can no longer effectively "View Source" on some sites, is a very different Web from the one we have today. It's also totally different from the Web that Berners-Lee invented in 1989, and then generously gave away for the world to enjoy and develop. It's truly sad to see him acquiescing in a move that could destroy the very thing that made the Web such a wonderfully rich and universal medium -- its openness. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 25 days ago on techdirt
The $41 (normally $49 in the Techdirt Deals Store) Python 3 Bootcamp Bundle includes 9 courses geared to help you perfect your Python programming skills. You will learn beginner and advanced lessons in Python, as well as how to use Scrapy, Scipy, Numpy, Django, and more. Over 300 lessons feature hands-on activities, such as building your own applications, so you can put into practice what you learn as you go along. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team. Permalink | Comments | Email This Story

Read More...
posted 25 days ago on techdirt
We recently submitted our comments to the Copyright Office's ongoing study on DMCA safe harbors, but perhaps we should have been a bit more creative. At least that seems to be the plan of the Content Creators Coalition, which has made its submission in the form of a video starring producer T Bone Burnett doing his best Werner-Herzog-without-the-accent impression. It's... quite something. (Amusingly it's also hosted on Vimeo, a site which — like all sites hosting user content — relies heavily on DMCA safe harbors for its existence, and indeed prevailed in a major legal battle over that very thing last year.) Probably the word most prominent in my mind after watching that is dramatic, with optional prefixes such as melo- and over-. It starts out like this: In its early days, the Internet was hailed a panacea. A global community — unshackled from corporate, military, or government control ready to equalize and connect the world. One of its early false prophets named it a "Culture of the Mind" that "all may enter without privilege or prejudice". But that's not what we got. Remember, this isn't a trailer for season three of Mr. Robot — it's a submission to the Copyright Office. There's a bit of a problem with that quote, too, but we'll get to that in a moment. T Bone drones on: Instead of opening up minds, it has closed them down — becoming a restrictive, abusive place where women, people of color, and anyone marked different are shunned, attacked, and shouted down. 2016 laid bare how cyberspace hasn’t rationalized dialog. It's become a megaphone for propaganda and fake news where it’s easier to demagogue and divide than ever. Dreams of a stronger democracy have given way to foreign hackers and corporate manipulation — a shriveled politics indistinguishable from reality TV. While some of those problems are certainly real, they are a lot more complicated and far from the primary characteristic of the internet as a whole — but more importantly, what does this have to do with musicians and the DMCA, exactly? (By the way, demagogue is not a verb.) And for artists and creators, instead of amplifying our voices to lead the fight for change, it undermines and silences us. The Internet — with all its promise and beauty — threatens to destroy what it was supposed to save. We can’t let that happen. This proceeding is focused on the legal safe harbors in the Digital Millennium Copyright Act – the law that was supposed to balance the Internet’s openness with creators’ ability to earn a living wage from their work. Those safe harbors have failed. Wow, smooth transition. If I'm reading that correctly, he's saying that artists could have cured or at least mitigated all of society's woes if only they weren't being "silenced" by the internet. The idea that the internet is silencing anyone, much less artists, is frankly just silly — unless of course you're talking about the people who are directly and unambiguously censored by abuse of the DMCA. The safe harbors have failed, by having a very low bar to get content removed and failing to have any meaningful way of preventing or punishing abuse. And yet even despite this, the internet offers the biggest, most powerful and most accessible platform for artists in history. (Also at this point, let's revisit that quote from an internet "false prophet". The line is actually a "civilization of the mind" and it comes from EFF founder John Perry Barlow's famous Declaration of the Independence of Cyberspace in 1996. You'd think T Bone could have gotten the quote right, but you also have to wonder if he knows that Barlow is an artist himself who used to write lyrics for the Grateful Dead.) The problems are familiar — they are well described in the record of these proceedings from the broken Sisyphus climb of "notice and takedown" to the gunpoint negotiations and pittance wages forced upon creators by the Google monopoly. The Big Tech ITOPIANS can track us across dozens of networks, devices, and profiles to bombard us with micro targeted ads, but they can’t even identify unauthorized copies of our work and keep them off their own servers and systems. Or they won’t. Ah, Sisyphus — he who evaded his timely death and was sentenced to eternal fruitless toil. Not a bad metaphor for media gatekeepers and the DMCA, actually. Perhaps T Bone can imagine Sisyphus happy. Or maybe instead of wasting all this time pushing boulders up hills, the industry could have embraced digital distribution from the start and helped new platforms emerge instead of hindering them. As for detecting infringing works, ad tracking is just as flawed as any other "if they can do that, why not this" comparison on that front: the issue is not the technological ability to sort content, but the fuzzy definitions of what's legal and what isn't — especially since, despite T Bone's conflation of the two, "unauthorized" does not automatically mean "infringing". Besides, a mistargeted ad just gets ignored; a mistargeted copyright filter shuts down free expression. (And by the way, I didn't capitalize "ITOPIANS" like that — that's how it was transcribed in the Coalition's press release. Apparently someone thought it was really, really clever and wanted to make sure you didn't miss it.) The problem here isn’t technology – creators welcome the digital revolution and its power to connect, amplify, and inspire. A modern recording studio looks more like a cockpit than a honky tonk, and that’s just fine. The problem is business models — designed to scrape away value rather than fuel new creation, focused on taking rather than making. To restore technology’s place as the rightful partner of tomorrow’s creators, we need change. Oh I see: he wants artists to enjoy all of the huge advantages created by digital technology, both in terms of distributing and creating their music, but not have to adapt to any of the new challenges created by the same technology. Sure, that sounds fair. He's right that the biggest challenge is business models, but to that I say: physician heal thyself. The safe harbors must be restored — so only responsible actors earn their protection, not those who actively profit from the abuse and exploitation of creators' work. People don't have to "earn" critical free speech protections by proving they aren't abusing them. That's exactly the opposite of how it works. But I'm impressed by the creativity and gall it took to describe dismantling safe harbors as restoring them. The false prophets of the internet may have imagined an egalitarian open source creative wonderland – but what we got was a digital playground for a handful of mega corporations and web moguls living fat off the artistic, cultural, and economic value everyone else creates online. And if our democracy becomes stunted and diverse Americans are shut out, I guess these new Galtian Lords would say, "That’s business." But artists and creators will never bow to that. We will never accept an Internet that turns its back on the vitality, optimism, and hope from which it was born. We will never allow our democracy to become a mere series of pseudo-events designed to manipulate people into spending money. This, and the line that follows it, is the last quote I'm going to pick on, because it's where T Bone's bizarre attempt to treat art and democracy as more than related but practically synonyms finally coalesces. Because in the next line he commits to this blunt conflation whole-hog and coins a new term (emphasis mine): Everyone with a stake in the Internet’s success and the health of our creative democracy must work together to make this right. Well, coined it in this strange context anyway — though in fact "creative democracy" is originally the title of a 1939 essay that ended with a passionate assertion that "the task of democracy is forever that of creation of a freer and more humane experience in which all share and to which all contribute". Now you can twist words and concepts all day to pretend that the internet somehow stifles artists, but be honest: is there anything in the world that has pushed us closer to that democratic goal than the internet, and the communication and content platforms that rely so heavily on safe harbors to exist? Maybe T Bone and the Content Creators Coalition think differently, but in that case they should at least take this little dramatic exercise off of Vimeo. Permalink | Comments | Email This Story

Read More...
posted 25 days ago on techdirt
Last week we watched as Verizon, a company that spent years telling users they didn't want or need unlimited data, was forced to bring back unlimited data. AT&T quickly followed suit with similar plans of its own, despite having spent years waging a not so subtle war on grandfathered unlimited connection customers. The reason for this sudden collective about-face? The continued rise of T-Mobile, which has increasingly brought something vaguely resembling competition to the wireless sector (even if non-price, often superficial competition remains the predominant law of the land). While this was happening, we've been noting how new FCC boss Ajit Pai has been taking an axe to consumer protections, moving to gut broadband privacy rules, making it easier for prison telco monopolies to rip off inmate families, and killing efforts to bring competition to the cable box. Pai also recently killed off the FCC's inquiry into zero rating, after the former FCC stated Verizon and AT&T were using usage caps to give their own content an unfair market advantage. If you ask industry lobbyists, this behavior makes Pai an incredible consumer champion. Apparently that narrative is very much alive in Pai's head as well. In a speech this week at the Mobile World Congress in Barcelona, Pai was quick to proclaim that he's simply returning to an era of "light-touch" regulation of telecom, one that will result in massive, unspecified benefits to all: "We are confident in the decades-long, cross-party consensus on light-touch Internet regulation—one that helped America’s digital economy thrive. And we are on track to returning to that successful approach. In telecom, "light-touch regulation" is code for letting AT&T, Verizon, Comcast and Charter do whatever the hell they'd like. The narrative usually goes something like this: if you free giant ISPs from the burdens of "onerous federal regulation" (like net neutrality), Utopia magically springs from the sidewalks. But as we saw during Michael Powell's tenure, this narrative is flimsy, and the blind federal deregulation of telecom only makes things worse. Why? When you let revolving door regulators like Pai and Powell run the show, their breathless dedication to industry means they intentionally overlook the lack of competition in the sector. Eliminate functional regulatory oversight and refuse to address limited competition? The end result is... Comcast Corporation and its record-shatteringly-bad customer service, high prices, and usage caps. But Pai took things further in his speech, actually claiming that his refusal to enforce the agency's net neutrality rules somehow resulted in a flurry of competition and a return to unlimited data: "Earlier this month, for example, we ended the FCC’s investigation into so-called “zero-rating,” or free-data offerings. Free-data plans have proven to be popular among consumers, particularly those with low incomes, because they allow consumers to enjoy content without data limits or charges. They have also enhanced competition. Nonetheless, the FCC had put these plans under the regulatory microscope. It claimed that they were anticompetitive, would lead to the end of unlimited data plans, or otherwise limit online access. But the truth is that consumers like getting something for free, and they want their providers to compete by introducing innovative offerings. Our recent decision simply respected consumers’ preference. The best evidence of the wisdom of our new approach is what happened afterward. In the days following our decision, all four national wireless providers in the United States announced new unlimited data plans or expanded their existing ones. Consumers are now benefiting from these offers—offers made possible by a competitive marketplace. And remember: Preemptive government regulation did not produce that result. The free market did. That's an incredible load of nonsense. T-Mobile only still exists because federal regulators blocked AT&T from acquiring it. So in reality, it was government intervention that allowed T-Mobile to continue to exist, with the resulting competition driving AT&T and Verizon to adopt all manner of more consumer-friendly positions. It's hard work, but one needs to weigh each instance of government regulation on its merits. Insisting all regulation is good or bad is just lazy thinking, and the idea that gutting all consumer protections magically results in the telecom equivalent of Smurf village is utterly nonsensical given the industry's history. We've also noted how zero rating has nothing to do with giving consumers "free data," though carriers have certainly conditioned consumers to think as much. Usage caps are entirely arbitrary, and are completely untethered to real-world network congestion or financial necessity. Caps and overage fees are simply glorified price hikes, and they exist as a symptom of limited competition. As competition increased, it became untenable for AT&T and Verizon to continue ignoring consumer demands, especially once T-Mobile began adding significantly more mobile subscribers than any other carrier every quarter. The irony, of course, is that Pai was in favor of the AT&T and T-Mobile merger, which would have killed off T-Mobile's disruption entirely. He's also never seen an incumbent ISP policy idea he didn't like, and his voting history suggests he'll happily vote to approve what many expect is a looming Sprint acquisition of T-Mobile. When the resulting diminished competition from that deal results in higher prices, what's the over/under on Pai blaming himself or his love of a "light touch?" Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
The tools are there to be abused. Anyone who doubts this aspect of intrusive surveillance programs is either a supporter or a beneficiary. Oversight might be in place and various checks and balances instituted, but the scope and breadth of these programs ensures -- at minimum -- collection of communications and data government surveillance agencies have no business looking at. If someone's given a tool that allows them to snoop on almost anyone with impunity, it will eventually be abused. Case in point: everywhere and everything related to state-sponsored surveillance. Spiegel, which has published several surveillance agency leaks (from Snowden and others), has obtained some more documents. The documents haven't been published, but the contents indicate that -- from 1999 on -- Germany's foreign intelligence agency (BND) has used its powers to snoop on journalists and their sources. According to documents seen by SPIEGEL, the BND conducted surveillance on at least 50 [...] telephone numbers, fax numbers and email addresses belonging to journalists or newsrooms around the world in the years following 1999. Included among them were more than a dozen connections belonging to the BBC, often to the offices of the international World Service. The documents indicate that the German intelligence agency didn't just tap into the phones of BBC correspondents in Afghanistan, but also targeted telephone and fax numbers at BBC headquarters in London. A phone number belonging to the New York Times in Afghanistan was also on the BND list, as were several mobile and satellite numbers belonging to the news agency Reuters in Afghanistan, Pakistan and Nigeria. The extent of the surveillance isn't detailed in the article. The writer refers to phones being "tapped" but also states the journalists' numbers were used as "selectors," which possibly means this was limited to data collection, rather than communications. Not that it possibly being "just metadata" makes it any less of a violation. German law supposedly shelters journalists from domestic surveillance with protections roughly comparable to attorney-client privilege. But the reality of the situation proves the country's laws are only as strong as those enforcing them. Watching the watchers is something no country seems to do well, and Germany is no exception. This wouldn't be the only time Germany's BND has targeted journalists. It may be the earliest (leaked) record of such behavior, but Spiegel has covered previous leaks in which journalists' emails were intercepted and other journalists were caught in the crossfire of BND's surveillance of allies' government agencies. This news comes just as a three-year investigation into BND's tactics and surveillance programs wraps up. Not that anything will come of this investigation. During the investigation's running time, leaks continued to highlight inappropriate surveillance, even as Germany's legislators set about codifying BND's previously-illegal snooping. As long as surveillance powers continue to expand and agencies are given a free pass for previous bad behavior, citizens' rights will continue to be violated. Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
We've talked a great deal about businesses connecting with their fans as a way to keep their interest in a product. The whole formula of CwF+RtB relies first and foremost on giving customers an emotional interest in seeing a particular business or product succeed. This generally involves treating the buying public well, engaging with customers in an open and honest way, making sure the product is great, and building advocates out of mere consumers. But then one day the owner of an indoor American football team comes along and decides that basically the entire team should be run in a crowdsourced manner by the fans via a mobile application. The Screaming Eagles claim to be the first fan-run professional football team in the United States. Using a free mobile app, anyone can vote on nearly all aspects of the new team's identity and function, including calling offensive and special-teams plays. The experiment did not begin swimmingly. On the Screaming Eagles’ first possession, voters decided on a pass play on third-and-10 from their own 5-yard line. Reed fumbled in the end zone, and Nebraska recovered for a touchdown. Five plays later, on fourth-and-15 from their own 1-yard line, the vote called for a field goal. (The field is 50 yards long.) The kick was blocked and recovered by Nebraska for another score. But the influence of the fans was felt long before they managed to collectively poop the bed on the field. The fans were responsible for the uniforms the team wore in the game, the name of the team and its cheerleader squad, and even the choice of the music to which the team warmed up. And, like all good ideas that have ever existed, the owner of the team decided to do all of this because he played video games. Sohrob Farudi, the chief executive of Project Fanchise, the team’s ownership group, said there was no eureka moment behind his decision to start such a fan-driven team; it was something he had considered for a number of years. “I was always on my couch, playing Madden, making calls and wondering why I was spending money on beer and tickets to games,” said Farudi, who sold his cellphone resale and recycling company, Flipswap, in 2011. “Being so close to tech and mobile, I wondered, Why can’t a fan be involved?” And now they are, in more ways than with any other team in the history of professional sports. There have been some rocky beginnings to all of this, including some fans' attempt to have the Utah-based team named The Stormin' Mormons. Still, Farudi appears committed to the concept, and even his coach and players are getting on board. McCarthy, whose résumé includes head coach and coordinator positions on four other I.F.L. teams, said he has warmed to a system that, to outsiders, may look as if he is relinquishing control of his coaching duties. “At the end of the day, it’s still my plays,” he said. “I set up our system, so it’s got my plays in it and what we’ve been working on.” Nobody would suggest that this level of fan involvement will translate to the larger, more popular sports leagues and franchises. But aspects of it certainly can. And the Indoor Football League is obviously desperate for eyeballs, so it's quite interesting to see them try to attract fans by giving them a crazy amount of ownership over the product they'll be watching on the field. It seems obvious that allowing fans to have this kind of crowdsourced involvement in the team can only help to keep them engaged by giving them an emotional investment in the product. That's pretty clearly CwF-type thinking, with the curiousity of how the fans' gameplan might turn out to be a rather creative RtB. There are even benefits for different levels of fan involvement and purchasing. Christian Williams, 29, of Melbourne, Australia, spent $450 during the team’s crowdfunding round to be named one of 10 co-founders of the franchise. He said in a phone interview Thursday that he had analyzed scouting reports and held conversations with the front office via Skype and email. “I like the fact that I have been involved in the process all the way,” he said. Again, not a model for everyone, but it's a cool concept for fan engagement. I imagine that engagement would only multiply if the team manages to start winning some games with the fans at the helm. Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
Obstructing government operations seems like a serious offense, but it tends to be one of those catch-all charges used by law enforcement to generate arrests for non-criminal activities like showing less respect than officers feel they deserve or someone getting all constitutional in response to searches and/or seizures. In Nebraska, law enforcement uses it to handle "being made." Nebraska state police attempted to perform a compliance check at local restaurant Salt last August. In this case, "compliance check" is just a dressed-up word for "sting." Cops sent in two teenagers to attempt to purchase alcohol. The sting failed. Two troopers in plain clothes drove the teens in an unmarked vehicle to the businesses and stayed nearby in case things went awry, testified Christopher Kober, a State Patrol investigator. The teens sat at Salt 88’s bar and ordered two Bud Lights, Alberico testified. The bartender asked for identification and the teens, trained on what to do, presented their real driver’s licenses. The bartender refused service and the teens left, Alberico testified. John Horavatinovich, the owner of Salt, wasn't too impressed by the failed sting. He tweeted out a photo of the teens, along with a warning to other restaurant/bar owners. Assistant City Prosecutor Makayla Maclin said in her opening statement Monday that on Aug.13, Horvatinovich tweeted photos showing the faces of two teens with the comment: “Omaha restaurant peeps: These two are trying to ruin your night w/sting operations in town.” The state police decided to shut down its sting operation since its two underage informants were no longer all that "confidential." Instead of rounding up another set of compliant teens to perform compliance checks, the cops arrested Horavatinovich for obstruction of justice. The arresting officer justified this with a mostly-nonsensical statement about safety -- as though restaurant owners were every bit as vengeful and violent as mob bosses and drug cartel heads. “I have never had my CIs’ identity compromised before,” Trooper Alberico testified. “I felt that it was a safety issue for them. I care about my CIs, and it’s my job to protect them.” The police certainly seemed secure in the rightness of their actions, despite everything about the arrest looking like nothing more than petty revenge for having their operation blown. And the local prosecutors office was the most compliant entity in this failed compliance sting, as it followed through with a jury trial, rather than drop the ridiculous charge. The jury found in favor of the restaurant owner, which means the next time an ID sting is uncovered, restaurant owners are more than welcome to let each other know which teens are acting as narc-of-the-day for the local PD. Honestly, the problem here lies entirely with state law enforcement and its response to Horavatinovich's actions. As Fault Lines' Josh Kendrick points out, the public shouldn't be forced to stay silent when law enforcement screws up. While police are welcome to investigate crime, that doesn’t mean we now live in a police state. If your amateur hour undercover investigation targeting law-abiding business owners gets discovered, why does the public have to cover for your ineptitude? Why can’t those business owners get together and help each other? Maybe remind each other to double-check identification and watch out for teens drinking at the bar? Just like warning drivers about speed traps, warning other business owners about law enforcement stings raises awareness and actually results in more compliance, rather than less. Those warned about speed traps slow down. Those warned about law enforcement sting operations pay more attention to those they're serving alcohol to. The only party that "loses" is the one that thinks the general public is nothing more than a revenue stream that can be tapped into at its convenience -- where arrests and fines are preferred to actual lawful behavior. Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
New Attorney General Jeff Sessions has just sent another message about the future of US law enforcement: there will be no policing of the police during the Trump Years. In his first on-the-record briefing, Sessions flat-out stated the DOJ's many civil rights investigations of local police departments mean nothing. [Sessions] said he had not read the Obama Justice Department's scathing reports on unconstitutional policing practices in Ferguson, Mo., or in Chicago, reasoning that he found the summaries "pretty anecdotal." Nothing is more useless than deliberately ignored facts. Summing up multi-year investigations as "anecdotal" goes far beyond willful ignorance into dangerously-smug territory. At least when FBI director James Comey said he hadn't bothered reading the CIA Torture Report, he had the excuse that the info included did not directly reference his area of control. Sessions doesn't have this excuse. But his focus isn't on what's wrong with America's law enforcement. He's only interested in what's wrong with Americans. He wants tougher sentencing and tougher laws. He's looking at moving forward with federal prosecutions targeting legal marijuana sales. He wants to ease restrictions on asset forfeiture. He has shown no concern about the policed, only for the police. Sessions also called police officers cowards during his briefing. Sessions said police officers in Chicago were arresting people less frequently, which he speculated may be out of fear their interactions could be recorded and spread on the internet. "The officer feared for his observation." That's the jist of this statement by Sessions. He may think this is a perfectly acceptable reason for Chicago PD officers to not do the job they're paid to do, but only a coward would shy away from doing their job because it might be witnessed by others. What a bunch of shit. But back to the "anecdotal" shrug off of the DOJ Civil Rights Division's work. Here's some of the stuff Sessions has the audacity to call "anecdotal." From the DOJ investigation of the Ferguson PD: We spent, collectively, approximately 100 person-days onsite in Ferguson. We participated in ride-alongs with on-duty officers, reviewed over 35,000 pages of police records as well as thousands of emails and other electronic materials provided by the police department. Enlisting the assistance of statistical experts, we analyzed FPD’s data on stops, searches, citations, and arrests, as well as data collected by the municipal court. We observed four separate sessions of Ferguson Municipal Court, interviewing dozens of people charged with local offenses, and we reviewed third-party studies regarding municipal court practices in Ferguson and St. Louis County more broadly. As in all of our investigations, we sought to engage the local community, conducting hundreds of in-person and telephone interviews of individuals who reside in Ferguson or who have had interactions with the police department. We contacted ten neighborhood associations and met with each group that responded to us, as well as several other community groups and advocacy organizations. Throughout the investigation, we relied on two police chiefs who accompanied us to Ferguson and who themselves interviewed City and police officials, spoke with community members, and reviewed FPD policies and incident reports. Also "anecdotal:" (from the Chicago investigation) First, we reviewed thousands of pages of documents provided to us by CPD, IPRA, and the City, including policies, procedures, training plans, Department orders and memos, internal and external reports, and more. We also obtained access to the City’s entire misconduct complaint database and data from all reports filled out following officers’ use of force. From there, we reviewed a randomized, representative sample of force reports and investigative files for incidents that occurred between January 2011 and April 2016, as well as additional incident reports and investigations. Overall, we reviewed over 170 officer-involved shooting investigations, and documents related to over 425 incidents of less-lethal force. We also spent extensive time in Chicago—over 300 person-days—meeting with community members and City officials, and interviewing current and former CPD officers and IPRA investigators. In addition to speaking with the Superintendent and other CPD leadership, we met with the command staff of several specialized units, divisions, and departments. We toured CPD’s training facilities and observed training programs. We also visited each of Chicago’s 22 police districts, where we addressed roll call, spoke with command staff and officers, and conducted over 60 ride-alongs with officers. We met several times with Chicago’s officer union, Lodge No. 7 of the Fraternal Order of Police, as well as the sergeants’, lieutenants’, and captains’ unions. All told, we heard from over 340 individual CPD members, and 23 members of IPRA’s staff. Our findings were also significantly informed by our conversations with members of the Chicago community. We met with over ninety community organizations, including non-profits, advocacy and legal organizations, and faith-based groups focused on a wide range of issues. We participated in several community forums in different neighborhoods throughout Chicago where we heard directly from the family members of individuals who were killed by CPD officers and others who shared their insights and experiences. We also met with several local researchers, academics, and lawyers who have studied CPD extensively for decades. Most importantly, however, we heard directly from individuals who live and work throughout the City about their interactions with CPD officers. Overall, we talked to approximately a thousand community members. We received nearly 600 phone calls, emails, and letters from individuals who were eager to provide their experiences and insights. The DOJ Civil Rights Division won't be given this long of an investigative leash under Sessions. The Trump Administration is already planning to cut this division's budget, and the man at the top of the organizational chart is just going to dismiss the findings without even reading them. Sessions says he's "not sure" if he'll pursue a consent agreement with the Chicago PD, which strongly suggests he won't. He seems more concerned about the criminal activity in the city and fails to see how unconstitutional and abusive policing may be making it worse. Police accountability is off the table for the next four years minimum. Whoever inherits this mess will have to make up a lot of lost ground. Under this administration, law enforcement officers will be untouchable, as least at the federal level. The groundwork has begun on Police State, USA. Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
So here's a story that goes from weird to bizarre in record time. A few weeks ago, Axios was among the first to report that White House staffers were using an app called "Confide" to make use of its disappearing message feature, specifically to avoid putting things down on the record, that might later be leaked or revealed: We spoke with one influential GOP operative who is using the app. He told us he especially likes that Confide makes it harder to take a screenshot—you have to slide your fingers over text and it only captures a portion of the screen. He also likes the integration with iMessage, allowing him to write self-destructing encrypted messages within the confines of the iPhone's standard-issue messaging platform. He says Republicans like him are especially paranoid about their communications after Hillary Clinton's email scandal. "For folks that are on the inside in this city, it provides some cover," he said. Among those found to be using the app? Trump Press Secretary Sean Spicer, who got upset that anyone might think it was a big deal that the app was on his phone: BuzzFeed News found the phone numbers of Spicer, along with Hope Hicks, the director of strategic communications, via a feature that allows users to see friends who have already joined. In a phone call with BuzzFeed News, Spicer confirmed that he used the app, but said that he had done so only once, when asked to by a reporter “months ago.” He offered to show a BuzzFeed News reporter his phone as proof. “I downloaded it, but I’m glad to show anyone my phone and that I’ve literally sent one message on Confide,” said Spicer. “These are personal phones… I also have iTunes on my personal phone, Solitaire, and other apps. Frankly I think the idea that you guys are writing a story, the idea of what apps I use on my phone, is an invasion of my privacy.” Of course, if the messages are deleted soon after sending, as the app advertises, then showing the app to a reporter doesn't really prove much of anything. Either way, hold that thought. Security experts have ripped apart Confide, saying that it's claims of being secure are "a triumph of marketing over substance," however others in the White House are making use of an app that is generally considered more secure: Signal. And, apparently, that has some in Congress worried that the apps are being used not to undermine things like federal record keeping laws, but rather that it may be used by people inside the government to go undermine the administration or to leak information to the press. And, indeed, this weekend it was reported that Sean Spicer (remember him from above?) conducted a surprise leak crackdown last week, ordering staffers into a conference room and then searching their phones for Confide or other apps, and telling them not to use such apps: Upon entering Spicer’s office for what one person briefed on the gathering described as “an emergency meeting,” staffers were told to dump their phones on a table for a “phone check," to prove they had nothing to hide. Spicer, who consulted with White House counsel Don McGahn before calling the meeting, was accompanied by White House lawyers in the room, according to multiple sources. There, he explicitly warned staffers that using texting apps like Confide — an encrypted and screenshot-protected messaging app that automatically deletes texts after they are sent — and Signal, another encrypted messaging system, was a violation of the Presidential Records Act, according to multiple sources in the room. Leaving aside, for now, the humor in this information (of course) then leaking to the press, it does seem somewhat amusing that Spicer is now suddenly running surprise phone checks on staff members over these apps when he, himself, admits to having used at least Confide, and his insisting that its presence on his phone was really no big deal. Remember, "Frankly I think the idea that you guys are writing a story, the idea of what apps I use on my phone, is an invasion of my privacy." And yet... it's not such an invasion of privacy to suddenly order lower ranked staff members into a conference room to do a "phone check" to see if they have any of those apps on their phones? Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
So we've noted time and time again how so-called "smart" toys aren't immune to the security and privacy problems plaguing the internet of broken things. Whether we're talking about the Vtech hack (which exposed kids' selfies, chat logs, and voice recordings) or the lawsuits against Genesis Toys (whose products suffer from vulnerabilities to man-in-the-middle attacks), the story remains the same: these companies were so excited to connect everything and anything to the internet, but few could be bothered to spend more than a fleeting moment thinking about product security and consumer privacy. Troy Hunt, creator of the very useful Have I Been Pwned? website, this week highlighted one of the biggest privacy breaches yet when it comes to the connected toy market. Spiral Toys makes the CloudPets line of stuffed animals, which adorably record and play back voice messages that can be sent over the Internet by parents and children alike. Less adorable is the fact that this collected data is stored by a Romanian company called mReady, which apparently left this data in a public available database neither protected by a password nor placed behind a firewall. As such, that data was publicly accessible to anybody perusing the data via the Shodan search engine. And while it's hard to nail down a precise number, Hunt estimates that somewhere around 2 million voice recordings of children and parents were just left exposed to the open air, as well as the e-mail addresses and passwords for more than 800,000 Spiral Toys CloudPets accounts. On a positive note, the company did appear to keep CloudPets stored passwords as a bcrypt hash, one of the more secure methods available. But that appears to have been compromised by the fact that the company (as outlined in this instructional video for customers) has absolutely no restrictions when it comes to minimal password strength: "However, counteracting that is the fact that CloudPets has absolutely no password strength rules. When I say "no rules", I mean you can literally have a password of "a". That's right, just a single character. The password used here in the demonstration is literally just "qwe"; 3 characters and a keyboard sequence. What this meant is that when I passed the bcrypt hashes into hashcat and checked them against some of the world's most common passwords ("qwerty", "password", "123456", etc.) along with the passwords "qwe" and "cloudpets", I cracked a large number in a very short time." As we've seen with so many IoT companies, many simply don't respond when contacted and warned about vulnerabilities. And when they are warned, lawsuit threats are often more common than cogent responses. In this case, Hunt notes that Spiral Toys was contacted three times about the data being publicly exposed and its weak password rules, and it chose to ignore each one of them: "3 attempts to warn the organisation of a serious security vulnerability and not a single response. I've said many times before in many blog posts, public talks and workshops that one of the greatest difficulties I have in dealing with data breaches is getting a response from the organisation involved. Time and time again, there are extensive delays or no response at all from the very people that should be the most interested in incidents like this. If you run any sort of online service whatsoever, think about what's involved in ensuring someone can report this sort of thing to you because this whole story could have had a very different outcome otherwise." In other words, here's yet another company that not only thinks security and privacy are an afterthought, but can't actually be bothered to respond when informed that the data of millions of users was just sitting unsecured in public view. These companies don't appear to realize it, but their incompetence acts as a living, breathing advertisement for why dumb toys and devices remain the smarter option. Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
If you'd like to learn more about careers in IT, the $59 CompTIA-IT Certification Career Advancement Bundle is a thorough introduction to the most relevant skills and certifications to succeed. Over 240 hours of content will help you prepare for the CompTIA A+, CompTIA Network+ , CompTIA Security+ SYO-401, CompTIA Cloud Essentials, Cloud +, and CompTIA Cloud Essentials Professional certification tests. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team. Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
The nice thing about truly stupid ideas is they generally have very short lifespans. Last week, the Arizona Senate did itself a huge disservice by passing a bill targeting a nonexistent problem ("paid protesters") with fines, jail time, and seized assets if any act of destruction occurs during a protest. It wasn't limited to just the person committing the act. Anyone else participating in the same protest could be rung up on the same charges, as well as any nonparticipants who may have been involved in the planning process. In support of this idiocy, idiotic statements were made, including the unforgettable assertion that a new terrible law was needed because existing rioting laws were constantly being undercut by a functioning bail system. Sen. Sylvia Allen, R-Snowflake, said the new criminal laws are necessary. “I have been heartsick with what’s been going on in our country, what young people are being encouraged to do,’’ she said. She agreed with Quezada that there already are laws that cover overt acts. But Allen said they don’t work. “If they get thrown in jail, somebody pays to get them out,’’ she said. “There has to be something to deter them from that.’’ Once again, I'm at a loss for words. Unfortunately for R-Snowflake, the state's existing laws will have to do. Antonia Nooni Farzan of the Phoenix New Times reports the bill is dead, killed by an apparently less-stupid House. (h/t Caitlin Burns) House Speaker J.D. Mesnard has confirmed that he does not plan to consider the bill, which means that it won't move forward in the legislature. “I haven’t studied the issue or the bill itself, but the simple reality is that it created a lot of consternation about what the bill was trying to do,” Mesnard tells New Times. “People believed it was going to infringe on really fundamental rights. The best way to deal with that was to put it to bed." Good call, Rep. Mesnard. Indeed, it did look an awful lot like an unconstitutional bill. In fact, the bill's underlying conceit makes one suspect its author accidentally sent a page of his dream diary to a staffer to type up. The more surprising aspect is that a presumably-sober Senate moved it forward. If he'd left it there, Mesnard would have been fine. But he didn't. After saying the bill had "created a lot of consternation," Mesnard goes on to say the "lot of consternation" had nothing to do with his Kevorkianing of the brain-dead bill. When the bill passed the Senate last week, it sparked a national outcry, with many questioning whether or not it was even constitutional. But Mesnard says that wasn’t what made him decide to kill the bill. “I was less concerned about the national story,” he says. “My decision was based on what I think is best for Arizona and the concerns that were being expressed by Arizonans.” Well, good for the locals either way. If it were just local concerns, it's doubtful the bill would have died less than a week after it was introduced. Then there's this: “I’m certain the sponsor wasn’t trying to infringe on anyone’s First Amendment rights,” he adds. “I want to stand up for him a little bit - he’s being criticized, and I don’t know if that’s entirely fair.” Oh no no no no no no no… every bit of criticism the bill's sponsor -- Senator Sonny Borrelli -- gets, he's earned. And if we're handing "Nice One, Dumbass" awards, honorable mentions need to go to both local police unions (Arizona Police Association [WARNING: WEB 0.25 EXPERIENCE AHEAD], Phoenix Law Enforcement Association) for their endorsement of Borrelli's Folly. Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
New FCC boss Ajit Pai, apparently taking a break from paying empty lip service to the poor, has quietly announced the FCC will be killing consumer broadband privacy protections before they even have a chance to take root. Hoping the news would get lost in the pre-weekend hustle, the FCC quietly circulated an e-mail on Friday stating that the agency would be moving to kill the rules before they arrive March 2, just as large ISPs had demanded. The FCC statement starts by implying that eliminating FCC oversight of broadband privacy (leaving the FTC as the lone cop on the beat) is more consistent and efficient: "Chairman Pai believes that the best way to protect the online privacy of American consumers is through a comprehensive and uniform regulatory framework. All actors in the online space should be subject to the same rules, and the federal government shouldn’t favor one set of companies over another. Therefore, he has advocated returning to a technology-neutral privacy framework for the online world and harmonizing the FCC’s privacy rules for broadband providers with the FTC’s standards for others in the digital economy. Unfortunately, one of the previous administration’s privacy rules that is scheduled to take effect on March 2 is not consistent with the FTC’s privacy standards. Therefore, Chairman Pai is seeking to act on a request to stay this rule before it takes effect on March 2." This idea that the FTC should be the only regulator overseeing ISP privacy comes from the telecom industry itself, which has repeatedly tried to claim it's unfair to "burden" ISPs (many of which are trying to get into the ad and media industry) with FCC regulations not faced by the likes of Google and Facebook. The problem: they're ignoring the fact that while users can switch search engines or services if they're unhappy with Google or Facebook's privacy practices, a lack of competition often means users have no such luxury when it comes to broadband ISPs. Thus, specific rules large ISPs pretend they don't see the reasoning for. Meanwhile, the big push to have the FTC alone oversee broadband privacy is rooted in the knowledge that the FTC is (a) overworked and underfunded, and (b) has no rule-making authority. Now ex-FCC boss Tom Wheeler had this to say about this GOP and Trump FCC "modernization" effort in a recent, candid interview: "It’s a fraud. The FTC doesn’t have rule-making authority. They’ve got enforcement authority and their enforcement authority is whether or not something is unfair or deceptive. And the FTC has to worry about everything from computer chips to bleach labeling. Of course, carriers want [telecom issues] to get lost in that morass. This was the strategy all along. So it doesn’t surprise me that the Trump transition team  --  who were with the American Enterprise Institute and basically longtime supporters of this concept  --  comes in and says, “Oh, we oughta do away with this.” It makes no sense to get rid of an expert agency and to throw these issues to an agency with no rule-making power that has to compete with everything else that’s going on in the economy, and can only deal with unfair or deceptive practices." In other words, the pretense for Pai and friends is "efficiency," when the reality, as has long been the FCC's overarching MO, is to protect large ISPs like Comcast, Verizon and AT&T from real accountability and oversight. That's a problem when it comes to an uncompetitive industry where the nation's biggest carriers have no organic checks and balances on their increasingly unethical privacy practices. You need either real competition or reasonable regulators, and as these ISPs' historical behavior makes clear, you run into problems when revolving-door regulators want neither. The FCC rules themselves were passed last year and are relatively simple; ISPs must disclose what data they're gathering and who they're selling it to. In a few instances, users need to opt in if ISPs want to share more personal financial data. The telecom and ad industries whined about the rules, but the FCC only acted to create the rules after Verizon was caught covertly modifying user packets in order to track user behavior (without informing them or providing working opt-out tools), and AT&T and Comcast began making it clear they wanted to charge users a premium for privacy. The telecom industry had its chance to self-regulate on the privacy front, and showed repeatedly it wasn't capable of actually doing so. Repeal the FCC's privacy rules, and there's literally nothing standing between you and Comcast when it comes to privacy except an overworked (and likely to be similarly and intentionally hamstrung) FTC incapable of picking up the slack. That's certainly great for Comcast. It's less great if you're a broadband consumer actually looking to have some amount of control over how your personal data is collected and shared in the gigabit era. Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
Really can't say enough good things about public servants, especially when their response to criticism is to expose personal details in a published interview. Andie Fox wrote an article for the Canberra Times about her struggle to get an ex's debt removed from her record. Following several calls from Centrelink -- Australia's Department of Human Services -- attempting to recover this misplaced debt, Fox spent hours -- including most of day she took off from work -- trying to speak to human being directly about her situation. As is par for the bureaucratic course, this was almost impossible. I soon found out that to even ask the simplest question about a Centrelink debt requires you to throw yourself into a vortex of humiliating and frustrating bureaucratic procedures. [...] Having gone as far as I could on the website, I eventually pressed the Centrelink employee and asked that I please be able to just speak to someone directly. I joined another queue. A different staff member saw me at a counter and, again, I relayed my story. Increasingly, I shed any dignity around discussing the details of my break-up and finances. Here, you have a three-minute window. You have to speak quickly. You have to speak loudly, so nothing is missed. There is no other way to put this, you sound nuts. You are literally announcing the wreckage of your life to a complete stranger in a room full of other strangers. This is only a short sampling from Fox's article. In addition to providing services like welfare, Centrelink goes after people it feels it may have handed out undeserved benefits to. Her problem was eventually resolved -- not on site -- but after her article's publication. Centrelink apparently felt Fox's case was an aberration. Someone from the agency spoke to Paul Malone of the Sydney Morning Herald to "set the record straight." Apparently, setting the record straight involves handing over specific details of a person's relationships/tax payments to a journalist. (And the journalist's decision to publish these details? Well, that's on him.) Included in the rebuttal piece were details Fox hadn't shared in her article. Like when the relationship had ended and which years the disputed tax assessment covered. But Centrelink has a different story. The agency says Ms Fox's debt is a Family Tax Benefit (FTB) debt for the 2011-12 financial year which arose after she received more FTB than she was entitled to because she under-estimated her family income for that year. The original debt was raised because she and her ex-partner did not lodge a tax return or confirm their income information for 2011-12. [...] Centrelink says it was not until 2015 that she informed them that she had separated from her partner in 2013. According to Centrelink, it did nothing wrong and violated no privacy laws by handing over this information to a third party -- a third party that would make them completely public. The department confirmed that Fox’s personal information was approved for release to Fairfax Media. It said it was necessary to correct the public record about several inaccurate claims Fox had made. The information was approved for release by a deputy secretary. The department’s head of legal services and general counsel both said they were comfortable with the release of the information. It was then provided to Fairfax Media by the office of the human services minister, Alan Tudge. The department claims it has the right to dump personal info if it feels it needs to "correct the record." That seems incredibly petty, if not possibly illegal. But the wonderful thing about government agencies like Centrelink is that it can simply waive someone else's privacy protections without breaking the law or consulting any higher authority. Ordinarily it would be an offence for social services staff to disclose “protected information” held by the agency, which would include a person’s Centrelink details. But the secretary has a broad discretionary power to release information “to such persons and for such purposes” as they deem fit. The spokeswoman said such disclosures did not need to be formally authorised by the department’s secretary. So… it's not really "protected information," is it? Not if a government agency can instantly strip away the protection without further legal review and for no better reason than contradicting perceived slights delivered by bloggers/journalists. And it's not as though citizens can do anything at all to prevent Centrelink from distributing this information at its own discretion, much less compiling a wealth of personal details. Dealing with the government is one of life's few certainties. No one really gets to "opt out." And if Centrelink is making any guarantees about protecting personal information in the multitudinous forms it asks citizens to fill out, it's completely full of shit. Update: And full of shit Centrelink may be. This just in from The Register: The Office of the Australian Information Commissioner is investigating whether it's acceptable for an Australian government department to release personal data when seeking to correct the public record when clients recount their interactions with government agencies. The office has told The Register it's “making inquiries with the Department of Human Services” after a Canberra Times article offered a rebuttal to a blogger's account of her interactions with payments agency Centrelink. Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
As Techdirt readers know only too well, doing things "for the children" is a perfect excuse to pass all kinds of ridiculous laws that would otherwise be thrown out without a thought. For example, back in 2013, we wrote about attempts to pass legislation in Russia that would ban swearing on the Internet. It was framed as an amendment to an existing law called "On the Protection of Children" that introduced a blacklist designed to block access to information on drugs, suicide and child pornography. Now the head of Roskomnadzor, the body that oversees website-blocking in Russia, has a bold proposal for protecting children from all the Internet's possible harms. It takes the "for the children" logic to its logical conclusion, as TorrentFreak explains: In a Q&A session with AIF.ru, Alexander Zharov spoke on a number of issues, including online safety, especially for children. Naturally, kids need to be protected but the Rozcomnadzor chief has some quite radical ideas when it comes to them using the Internet. "I believe that a child under 10-years-old should not go online. To use [the Internet] actively they need to start even later than that," Zharov said. He went on to say: "Some parents are proud of the fact that their three-year-old kid can deftly control a tablet and use it to watch cartoons. It is nothing good, in my opinion. A small child will begin to consider the virtual world part of the real world, and it changes their perception of reality." This is presumably just Zharov's personal opinion, not a foreshadowing of official policy -- it's hard to believe the view that children under 10 years old should stay off the Net would ever be enshrined in a law. Then again, given some of the things that Russian officials have been suggesting, such as disconnecting Russia from the global Internet, you never know. And once people start invoking "for the children," common sense tends to go straight out of the window. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
For years, we had pointed out that one of the nice things about the new generation of tech companies was that they rarely seemed to use patents offensively. Yes, they were subject to tons of patent lawsuits from trolls or from legacy players trying to hang on against innovators, but we've pointed out in the past that young companies innovate, while older companies litigate. So, we have a tendency to watch companies to see when they shift from being patent litigation defenders, to going on the offensive. For years -- even as patent system supporters falsely claimed that Google only existed because of patents -- it was good to see not a single example of Google going on the offensive and filing patent lawsuits against other companies. That changed, unfortunately, back in 2012 when Google brought a patent lawsuit against Apple. Some argued that it wasn't "really" Google, because it came from Motorola, a company that Google had purchased (mainly for the patents) and then only owned for a short while before dumping, but it was still a Google-owned property going on the offensive. At that time, we argued that if Google really wanted to support patent reform (as the company claimed) then it should stop being a patent aggressor. To its credit, I don't believe the company went on the offensive again... until just now. As has been widely reported, Google's Waymo subsidiary (which works on Google's self-driving cars) has sued Uber over its self-driving car technology, which Uber obtained last year, in purchasing another startup, Otto, for its self-driving car technology. Otto, of course, was founded by a former Google/Waymo guy. Just a few weeks ago, Bloomberg had written that a bunch of early Google car team members had left to found Otto in part because Google had paid them a ridiculous sum of money, so they no longer needed to stay there. Along with the lawsuit, both in the filing itself and in a separate blog post about the lawsuit, Waymo tries to bend over backwards to say that this situation is not your typical "patent" lawsuit, but a very specific one. Indeed, the company is clear that the patent issue is a lesser concern. The larger one is over trade secrets -- and here the company is fairly specific that Otto's founder, and several early employees, appear to have deliberately copied a huge amount of proprietary info from Google/Waymo before departing: Recently, we received an unexpected email. One of our suppliers specializing in LiDAR components sent us an attachment (apparently inadvertently) of machine drawings of what was purported to be Uber’s LiDAR circuit board — except its design bore a striking resemblance to Waymo’s unique LiDAR design. We found that six weeks before his resignation this former employee, Anthony Levandowski, downloaded over 14,000 highly confidential and proprietary design files for Waymo’s various hardware systems, including designs of Waymo’s LiDAR and circuit board. To gain access to Waymo’s design server, Mr. Levandowski searched for and installed specialized software onto his company-issued laptop. Once inside, he downloaded 9.7 GB of Waymo’s highly confidential files and trade secrets, including blueprints, design files and testing documentation. Then he connected an external drive to the laptop. Mr. Levandowski then wiped and reformatted the laptop in an attempt to erase forensic fingerprints. Beyond Mr. Levandowki’s actions, we discovered that other former Waymo employees, now at Otto and Uber, downloaded additional highly confidential information pertaining to our custom-built LiDAR including supplier lists, manufacturing details and statements of work with highly technical information. If accurate, that does sound fairly deliberate and sneaky. And you can certainly understand why the company is upset. The main focus of the lawsuit is the trade secrets claim. But the lawsuit also makes claims for patent infringement on three separate patents as well. Again, you can understand why this situation would be frustrating for Waymo/Google. And maybe the direct evidence of downloading all that material prior to leaving Google is a legitimate reason to file a lawsuit. But it still seems problematic. When Elon Musk freed up all of Tesla's patents, he made it quite clear the reason he was doing so was that this was a brand new, emerging market, and it was going to need all the help it could get in becoming established. And that meant lots of companies competing and innovating and together educating the market. Thus, it didn't really matter if new entrants copied Tesla's electric car/battery technology, because in the end it would help create a larger market that helped everyone. That same situation is true for self-driving cars as well. Even given the presence of the potential smoking gun of the downloads of documents, there's still something to the idea that the market would be a lot better off if everyone were just building the best possible self-driving car tech they could find, even if that means copying one another. Fighting over trade secrets and patents in a market that barely even exists feels silly. Yes, from a purely profit maximizing standpoint, you can understand the argument: the larger share of the market you can capture early can make a huge difference. But why not focus on executing in the marketplace and fighting the battles that are blocking the adoption of self-driving cars, rather than fighting back and forth with each other. Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
Last week, we noted how Apple was one of several companies lobbying against a right to repair bill in Nebraska. The bill would make it easier for consumers to repair their own products and find replacement parts and tools, which is generally considered to be a good thing -- especially if the only Apple store is eighty miles away from your current location. But Apple tried to argue that Nebraska's bill would not only make the public less safe (self-immolation everywhere!), but it would also result in Nebraska becoming some kind of "mecca" for nefarious hoodie-wearing ne'er-do-well hackers. Of course Apple, like most companies, just enjoys a repair-monopoly, which not only allows it to charge an arm and a leg for what very well may be superficial repairs, but helps prop up closed, proprietary ecosystems, hurting customers in a myriad of other ways as well. It's not just in Nebraska where this conversation is happening (the Nebraska bill just happens to be the furthest along legislatively). Similar bills are also winding their way through New York, Minnesota, Wyoming, Tennessee, Kansas, Massachusetts, and Illinois state legislatures. And in most of these states, the companies lobbying against these laws are using the same disingenuous arguments Apple has been embracing. Usually it's the trifecta of false claims that the bills will make users less safe, pose a cybersecurity risk, and open the door to cybersecurity theft. Game console makers Nintendo, Sony and Microsoft, long at the forefront of opposing the user right to tinker, fired off a letter last week (pdf) under the banner of the Entertainment Software Association that once again trots out all three bogeymen in taking aim at Nebraska's law: "We are concerned that legislative Bill 67 would jeopardize consumer safety and security, is unnecessary and compromises intellectual property....Customer safety, security and privacy are fundamental goals in the design of our membership's hardware, software and services...Our free market economy already provides a wide-range of consumer choice for repair with varying levels of quality, price and convenience without the mandates in this legislation." Note they cite a "free market economy" in the hopes you'll ignore the fact that they've effectively monopolized repair to the detriment of price and convenience. Companies like Sony and Microsoft would certainly prefer that you pay them exorbitant fees to repair what's often their own manufacturing errors that they charge upwards of $200 to fix, but could have been repaired for notably less. Both Sony and Microsoft have also long placed tamper-proof stickers on their game consoles claiming removal of the sticker violates the warranty, even though this technically violates the 1975 Magnuson-Moss Warranty Act. Justification for repair bill opposition is so flimsy, none of the companies opposing right to repair legislation want to really talk about it: "After referring me to several different press representatives, Microsoft declined to comment. Sony did not respond to a request for comment. Apple has ignored repeated requests for comment. The ESA declined to comment. In two years of covering this issue, no manufacturer has ever spoken to me about it either on or off the record." "We won't make as much money if independent, local repair shops can help customers" isn't a very compelling argument. But as usual, buying or hoodwinking a campaign-contribution-soaked Congress with a fleeting understanding of technology isn't particularly hard: "It's very easy for the manufacturer to stand up there and say no we're the only ones who know how to do it," Kyle Wiens, CEO of iFixit, told me. "Lawmakers get spun stories by lobbyists who say the sky is falling, and it's very easy to kill legislation."..."This is not a case of right vs. left or a fringe interest group pushing it," Wiens added. "Everyone wants to be allowed to fix their stuff, and there's only a few organizations that don't want them to be able to. It's very transparent why manufacturers are against this." In Nebraska, the right to repair bill was driven by John Deere's "authorized" repair requirements, which forced many regional farmers to pay John Deere an arm and a leg for, again, what in many instances may be relatively inexpensive and simple repairs. It's not only a monopoly over repair -- it's the cornerstone of an adversarial and utterly non-transparent relationship with the consumer. And the fact that the companies taking aim at these legislative proposals aren't even willing to publicly talk about them speaks volumes in and of itself. Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
Thanks to the FBI's one-to-many NIT warrant, which was issued in Virginia but reached thousands of computers all over the world, yet another federal judge is dealing with the fallout of the feds' efficiency. Michigan federal judge Thomas Ludington finds plenty he doesn't like about the FBI's malware and the DOJ's defense of it, but still can't quite find enough to warrant suppression of the evidence [PDF link]. Properly stated, the question here is whether the FBI’s NIT warrant so exceeded the limits of the magistrate judge’s jurisdiction and authority or reasonable behavior by law enforcement as to require suppression to deter similar actions in the future. Although the NIT warrant exceeded the scope of Rule 41(b) as it existed at the time, the FBI’s actions in investigating and closing Playpen were reasonable and directed toward securing the judicial review of law enforcement which the Fourth Amendment contemplates. Given the circumstances, suppression is not appropriate. That being said, the opinion does offer plenty of counters to the DOJ's legal rationale -- something that other defendants in the FBI's massive Playpen investigation might find useful. The court, like others, finds the FBI exceeded the jurisdictional limitations of Rule 41 and no amount of creative phrasing is going to change that. None of the three bases in Rule 41(b) provided jurisdiction for the magistrate judge to approve the warrant. Rule 41(b)(1) cannot serve as the basis for jurisdiction. Under that provision, a magistrate judge can issue a warrant to seize property “located in the district.” Here, the server housing Playpen had been transported to Virginia by the FBI, but the NIT involved the transmission of information from that server to computers located around the country and then back to the server. The relevant information (or “property”8 ) was the information requested by the NIT from the user’s computer. The NIT cannot be reasonably construed as seizing information “located in the district” even if the request for the information originated from a server in Virginia. [...] Even if Kahler had some contact with the Playpen server located in Virginia, the information sought by the NIT was all located in Michigan. The mere fact that the information from outside the district was brought into the district cannot satisfy Rule 41(b)(2). If that scenario was sufficient, then there would effectively be no jurisdictional limit on warrants for seizure of personal property, because property can typically be moved. It also finds -- during its discussion of Rule 41 limitations -- that the DOJ can't justify its defective warrant by claiming the software was merely a "tracking device." The NIT pulled information from a computer -- including information that would ID the user -- and left nothing behind to track further computer "movements." That changes the purpose -- and the scope -- of the intrusion. The receipt of the username associated with the computer’s operating system goes beyond simple location data to descriptive data regarding the identity of the user. The NIT is more than just a “tracking device”; it is a surveillance device. Additionally, the entire purpose of the NIT was to interact with a computer and obtain information that was located in another district. Even though the NIT was nominally installed on the Playpen Server, the NIT’s “tracking” functionality occurred in other districts. Finally, the purpose of the NIT was to discover the location of the users accessing Playpen, not track their movement. The government also argued that even if the warrant was faulty, it was ultimately unnecessary because the information obtained fell under the Third Party Doctrine. The court disagrees (nodding to the Supreme Court's Riley decision), finding that efforts users make to cloak their identity -- even while engaging in criminal activity -- generates a layer of privacy protection under the Fourth Amendment. The Government argues that, despite using a software which exists only to veil the user’s IP address from prying eyes, the user has no reasonable privacy interest in his or her IP address. This argument has little to recommend it. If a user who has taken special precautions to hide his IP address does not suffer a Fourth Amendment violation when a law enforcement officer compels his computer to disclose the IP address, the operating system, the operating system username, and other identifying information, then it is difficult to imagine any kind of online activity which is protected by the Fourth Amendment. Internet use pervades modern life. Law enforcement, acting alone, may not coerce the computers of internet users into revealing identifying information without a warrant, at least when the user has taken affirmative steps to ensure that third parties do not have that information. This contrasts with other decisions dealing with the same subject matter, where judges have found there's no expectation of privacy in IP addresses, even when one has taken extra steps to obscure it. Those findings seem logically contradictory, at best. If someone's attempts to keep third parties from obtaining information, this information can't truly be considered held by a third party. Stripping away these efforts turns the FBI into the "third party," and the government isn't allowed to both act as a third party and excuse its actions with the Third Party Doctrine. But in the end, there's no suppression. As the court points out, two things weigh against suppressing the evidence, even with the warrant being facially invalid under Rule 41. First, the FBI malware only infected registered users visiting the dark web child porn site, which makes the possibility of accidental infection almost nonexistent. Second, the fact that the FBI had no idea where the site's visitors were actually located makes this an inelegant solution to a problem, not a case of judge-shopping for compliant magistrates. [T]his is not a case where the FBI purposely avoided compliance with the law. The investigation of Playpen was difficult precisely because the FBI had so little information about the location of the users. If the FBI had known where certain users were located but nevertheless chose to seek a warrant in another district, suppression would be appropriate. In that case, the FBI would have purposely skirted the law despite a legal alternative. Kahler’s arguments, if accepted, would imply that the FBI should not have conducted the NIT investigation at all because the users were masking their true location. The FBI’s decision to adopt novel tactics to bring individuals distributing child pornography behind location-concealing software to justice is not inherently troubling behavior. In the future, the FBI won't have to deal with nearly as many suppression hearings, thanks to changes to Rule 41. These decisions are becoming relics of statutorial limitiations almost as soon as they're issued. Even if courts find the malware deployment to be a search invasive enough to trigger Fourth Amendment protections, the lack of jurisdictional limits going forward will prevent them from being challenged. Unfortunately, the rule changes are almost guaranteed to encourage more frequent deployments of tools designed to decloak anonymous internet users. The breadth and reach of these warrants will be almost unchecked and that's bad news for activists, dissidents, and others who just want to stay off the internet grid. Sure, it's also bad news for child porn fans, but child porn, terrorism, drug warring, etc. is where these efforts start. It's seldom where they end. Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
Well before fake news became a thing, Karl was reporting on the fascinating details that have emerged about Russia's Internet troll factories that relentlessly pump out fake posts on an extraordinary scale. More recently, the Russian Defense Minister Sergei Shoigu revealed that the country's military has created a force specifically tasked with waging information warfare. We may know about Russia's domestic activities in this area, but what about online propaganda teams active in other countries? One data point towards answering that question is provided by an article on a site called the Disinformation Review, which describes itself as follows: the latest cases of news articles carrying key examples of how pro-Kremlin disinformation finds its way in international media, as well as news and analysis on the topic. The review focuses on key messages carried in international media which have been identified as providing a partial, distorted or false view or interpretation and/or spreading key pro-Kremlin messaging. It does not necessarily imply however that the outlet concerned is linked to the Kremlin or pro-Kremlin, or that it has intentionally sought to disinform. The Review is a compilation of cases from the East StratCom Task Force's wide network of contributors and therefore cannot be considered an official EU position. That is, the Disinformation Review draws on information provided by the EU-funded East StratCom Task Force, and is part of the EU's response to what it sees as growing Russian propaganda directed against the European Union and its member states. A recent post on the site delves into another troll factory, but this time in Sweden. It reports on an article originally published by the Swedish daily Eskilstuna Kuriren: we read that Swedish trolls primarily target journalists; that they develop and use scripts for their telephone conversations; and that the trolls are paid 1,000 SEK (110 EUR [about $110]) when their recorded telephone conversations obtains enough 'likes' in social media. We read that the trolls work with manuals that instruct them to edit the recordings to make them as "entertaining" as possible. We also read that the people behind the troll factory belong to Swedish racist and extreme right wing organisations. But it's not only extreme right-wing viewpoints that the Swedish Internet troll factory supports: The agenda of the political movement affiliated with the trolls is, according to the investigation, "xenophobia and Islamophobia", combined with promotion of commentators who "support Russia after the occupation of the Crimea and the Russian-backed civil war in Ukraine". Despite that intriguing fact, the Swedish newspaper report was unable to establish who was funding the propaganda efforts. However, it does provide some interesting information about what makes a successful Internet troll factory: Eskilstuna Kuriren ends their piece by asking that question to Jack Werner, co-founder of the popular Swedish fact-checker Viralgranskaren. According to Werner, the organisation is possibly limited in size, but a central part of its strategy is to make itself look very big: "The aim of propaganda is to respond to light so as to make the shadow it casts is as large as possible. If you really want to give the impression that your side is the largest, most dedicated and most passionate, it requires more work, for example, you will need to spend days and nights writing comments in the internet." The article quotes figures from an earlier investigation into right-wing propaganda sites, which found that just 183 individual writers accounted for 366,291 comments out of a total of half a million, which works out as 2,000 comments per person on average. Perhaps that high volume could be turned against the Internet troll factories. Since it is very hard for people to write so many comments so quickly without using similar phrases, sites might check new posts against old ones to eliminate those that are likely to be from a few writers churning them out to order. The technology already exists, and is widely used to spot academic plagiarism, for example. Cloud computing platforms would allow this approach to be applied routinely at a reasonable cost, and there would be scope for new third-party services to flag up re-used content across multiple sites. Google's parent company, Alphabet, is already working on software in this area. Maybe the time has come to apply a little more intelligence and computational firepower to tackling the growing threat that intentionally misleading and inflammatory posts by Internet trolls represent not just to online discourse, but far beyond. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
Grab the $39 Complete Linux Mastery Bundle and start on your way to becoming a Linux expert. Over 33 hours of instruction will take you from the very basics to more advanced concepts. Learn how to make Linux work for you. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team. Permalink | Comments | Email This Story

Read More...