posted 24 days ago on techdirt
Now that everyone is a bit more concerned about software backdoors that the NSA might have installed everywhere, a nationalistic push towards "home-grown" hardware could pick up a little among various countries around the world. Designing custom processors and software from scratch isn't easy or cheap, but it avoids some of the angles of attack for a security break-in (though it doesn't prevent any of the social engineering tactics). Here are just a few links on processor designs that aren't coming from Intel or AMD. The Russian government is reportedly going to rely on computer processors made by Russian companies, instead of Intel or AMD. Three Russian companies are creating "Baikal" processors, based on ARM designs, but it's not exactly clear how much more secure the resulting computers will actually be. (ahem, software? ARM licensing?) [url] The Chinese supercomputer, Tianhe-2, holds the top spot as the most powerful computer, but it runs on Intel chips, not Loongson processors. China's Loongson processors might not replace Intel or AMD chips in the top supercomputers in the near future, but it could happen sooner than expected. [url] OpenSPARC is an open source processor design available for anyone to develop, but it's getting a little stale since the last T2 release in 2008. If you're really paranoid about security, using obscure hardware and software might be make things a bit harder for potential attackers... (did you seriously believe that?) [url] If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.Permalink | Comments | Email This Story

Read More...
posted 24 days ago on techdirt
Late last year, as the White House still hadn't found a successor to David Kappos to run the US Patent and Trademark Office (USPTO), the head of the Silicon Valley USPTO office, Michelle Lee (a former Google patent lawyer) was appointed the interim director -- freaking out a bunch of patent maximalists, who like to argue (sometimes in our comments) that it's all a plot to undermine the patent system from the inside. Lee actually gave a great speech at Stanford last week, in which she laid out many of her views that are hardly anti-patent, but which at least recognize that there are other keys to innovation beyond patents. Basically, she presents herself as a moderate, recognizing that there are important nuances here: As many of you know, I’m a longtime user of the patent system. I’ve been a scientist in a laboratory. I’ve represented inventors and innovative businesses, patent plaintiffs, and patent licensors. I am now the head of the agency charged with examining and issuing patents. That said, I’ve also been on the other side of countless demand letters and lawsuits from patent holders, and have spent a good part of my career representing patent defendants and licensees�”including against so-called “patent trolls.” In fact, I’ve even argued on behalf of clients that some patents should be invalidated. Now, I wouldn’t call myself “anti-patent,” nor would I call myself “pro-patent,” whatever those labels mean. But let me be clear: I am, without reservation, “pro-patent system.” What do I mean by "pro-patent system"? It means that I believe that a strong patent system is essential to fostering the innovation that drives our economy. I recognize that our patent system is not something that exists in the state of nature, but is the result of policy decisions made by Congress and the Courts that weigh the costs of patent exclusivity against its benefits. We are constantly reexamining those policy decisions, to make sure the benefits continue to outweigh the costs. I believe that, for the most part, the benefits do outweigh the costs, but we need to be clear about what those benefits and costs are, and about the realities underlying innovation today. Patents are not the only drivers of innovation. The first entity to bring a product to market has a first-mover advantage that provides an incentive to innovate on its own, even if no patents are ever sought or granted. Some firms opt for an open source model, where they benefit from the network effects of the widespread adoption of a technology they developed. We also know that reputation and branding�”with or without trademark protections�”play a large role in facilitating innovation. And, of course, there are a large number of innovations protected by trade secrets or by copyrights, not by patents. And yet, patents still play a critical role in promoting innovation. Patent exclusivity�”that is, the right of a patent owner to exclude others from using the patented invention�”provides a unique route for inventions to find their way to the marketplace. Even with a patent, an inventor requires access to capital, developing a prototype, finding channels of distribution, and more before he�”or increasingly, she�”can get it to the market. Exclusivity protects the competitive position of a new entrant to the marketplace, which in turn attracts investment. And that plays an essential role in giving inventors and investors the confidence to take the necessary risks to launch products and start businesses. There's a lot more in there that's worth reading. I can't recall ever seeing a head of the patent office open to even recognizing that patents are not the be-all and end-all of innovation. I can't recall ever seeing a head of the patent office even willing to admit that there could be costs to the patent system that need to be weighed against the benefits. For the most part, they've tended to just want to expand the patent system on the assumptions that "patent = good; more patents = better." So this kind of speech was actually both surprising and refreshing. And, of course, just days later, it appears that President Obama is poised to appoint a long-time pharma industry patent-maximalist who has spent years fighting against patent reform, to take over as the director of the USPTO. One can hope that, just as Lee didn't turn out to be a total patent hater, but rather a moderate who was trying to find a middle ground, that the same will be true with Phil Johnson, the former executive from pharma giant Johnson and Johnson -- but I have my doubts. In December, Johnson testified before the Senate on behalf of the 21st Century Patent Coalition, a group of companies who opposed a bill that would have made it easier for defendants to challenge low-quality patents, and to recover legal costs in the face of frivolous patent lawsuits. (Johnson’s group ultimately prevailed last month when Senate Democrats killed the bill altogether.) Johnson has also opposed previous patent reform initiatives, describing them as “almost everything an infringer could ever want.” Last year, President Obama came out surprisingly strongly against patent trolls and in favor of comprehensive patent reform. Of course, after lots of negotiations on reform proposals, a combination of trial lawyers and big pharma -- from where Johnson came -- stepped in to kill the whole process dead. That certainly does not bode well for patent reform under the likely next director of the USPTO.Permalink | Comments | Email This Story

Read More...
posted 24 days ago on techdirt
We've already discussed how the Aereo ruling is a disaster because of its lack of guidance, and a perfect example of that is that reading the decision you would have no idea whether or not it outlaws Cablevision's remote DVR service. None. It all depends on who you talk to. During the oral arguments, it appeared that the Justices recognized that they wanted to keep the important 2nd Circuit ruling that found Cablevision's remote DVR legal, with Justices even asking lawyers to take that ruling as precedent (even though it's not, since the Supreme Court refused to review that ruling). That's why it's been somewhat shocking to many that the final ruling from the Supreme Court doesn't even address Cablevision, other than an aside in a footnote. And that means it's basically an open question as to whether or not Cablevision's remote DVR is still legal or not. Cablevision, not surprisingly, insists that the ruling vindicates its position. You may recall that even though Aereo was relying on the Cablevision precedent, Cablevision sided with the broadcasters, stupidly believing that the Supreme Court would reject Aereo while preserving the Cablevision ruling. So, when the ruling came out, the company announced victory: "We are gratified that the Court's decision adopted a sensible middle ground, holding that unlicensed retransmission services like Aereo violate the copyright law, while protecting consumer-friendly, cloud-based technologies, such as RS-DVR. The real winner today is the consumer who will continue to benefit from future innovation." The problem is that's not true. The Court doesn't really say a damn thing about Cablevision, and leaves it out to hang based on the amorphous "looks like a" test. Law professor James Grimmelman is pretty sure that the Cablevision ruling is now dead, because the Aereo ruling totally overshadows it and creates this new standard that would clearly wipe out the Cablevision standard. Similarly, law professor Eric Goldman wonders what's left of that ruling: ... because the court said Aereo took the legally significant actions, it's possible this ruling overturned the 2008 Second Circuit ruling, exposing DVR service operators to new liability. The opinion further reinforces the riskiness of DVR-as-a-service when it says the simultaneous delivery of content to multiple viewers is an infringement, even if the system stores and delivers a personal copy for each viewer (the court later implies that even simultaneous delivery isn't required to violate the law). Another commentator, Deborah Goldman, notes that the SCOTUS ruling "eviscerates" that ruling. However, not everyone is convinced. Matt Schruers suggests that the Supreme Court effectively side-stepped the question by avoiding even looking at the DVR features of Aereo's system: Importantly, yesterday's decision doesn't reach the question of Aereo's DVR-like features, and it seems clear that the Court's opinion does not aim to upset Cablevision. But, of course, there's a difference between aiming to upset Cablevision and actually upsetting Cablevision, and there's nothing in the ruling that suggests a second shot at a remote DVR system won't turn out quite differently, given that plaintiffs can now use the "looks like a duck" test, rather than ever looking into the black box to see if the company hosting the DVR is really doing any infringement. And it gets especially worrisome with non-tech-savvy judges. While Schruers isn't sure if this ruling upsets the Cablevision standard, he is worried about the resulting uncertainty: On the other hand, the Court's approach offers technology lawyers counseling clients little guidance. Who can predict whether a non-tech savvy federal judge will think that the next innovative service "looks like cable"? Yesterday's decision creates considerable uncertainty, suggesting that lawyers should counsel their clients based on what analogy will most appeal to a federal judge in the distant future. The Court �” like others in the lead-up to the decision �” promises its opinion won't threaten new technology, but as the dissent points out, it cannot deliver on that promise. And this is not a small issue. As we've noted, a study by Harvard professor Josh Lerner found that the certainty created by the Cablevision ruling, resulted in somewhere around a billion dollars in new investment. Take that certainty away... and a lot of investment is about to go elsewhere.Permalink | Comments | Email This Story

Read More...
posted 24 days ago on techdirt
The other shoe just dropped when it comes to how the federal government illegally spies on Americans. Last summer, the details of the NSA's "backdoor searches" were revealed. This involved big collections of content and metadata (so, no, not "just metadata" as meaningless as that phrase is) that were collected under Section 702 of the FISA Amendments Act (FAA). This is part of the program that the infamous PRISM effort operates under, and which allows the NSA to collect all sorts of content, including communications to, from or about a "target" -- where a "target" can be incredibly loosely defined (i.e., it can include groups or machines or just about anything). The "backdoor searches" were a special loophole added in 2011 allowing the NSA to make use of "US person names and identifiers as query terms." In the past, it had been limited (as per the NSA's mandate) to only non-US persons. This morning, James Clapper finally responded to a request from Senator Ron Wyden concerning the number of such backdoor searches using US identifiers that were done by various government agencies. And, surprisingly, it's redaction free. The big reveal is... that it's not just the NSA doing these searches, but the CIA and FBI as well. This is especially concerning with regards to the FBI. This means that the FBI, who does surveillance on Americans, is spying on Americans communications that were collected by the NSA and that they're doing so without anything resembling a warrant. Oh, and let's make this even worse: the FBI isn't even tracking how often it does this. It's just doing it willy nilly: The FBI does not track how many queries it conducts using U.S. person identifiers. The FBI is responsible for identifying and countering threats to the homeland, such as terrorism pilots and espionage, inside the U.S. Unlike other IC agencies, because of its domestic mission, the FBI routinely deals with information about US persons and is expected to look for domestic connections to threats emanating from abroad, including threats involving Section 702 non-US. person targets. To fulfill its mission and avoid missing connections within the information lawfully in its possession, the FBI does not distinguish between U.S. and non- U.S. persons for purposes of querying Section 702 collection. It should be noted that the FBI does not receive all of Section 702 collection; rather, the FBI only requests and receives a small percentage of total Section 702 collection and only for those selectors in which the FBI has an investigative interest. Moreover, because the FBI stores Section 702 collection in the same database as its "traditional" FISA collection, a query of "traditional" FISA collection will also query Section 702 collection. In addition, the FBI routinely conducts queries across its databases in an effort to locate relevant information that is already in its possession when it opens new national security investigations and assessments. Therefore, the FBI believes the number of queries is substantial. However, only FBI personnel trained in the Section 702 minimization procedures are able to View any Section 702 collection that is responsive to any query. Got that? Basically, the FBI often asks the NSA for a big chunk of data that the NSA probably shouldn't have in the first place -- including tons of Americans' communications, and the FBI gets to dump it into the same database that it is free to query. And the FBI tracks none of this, other than to say that it believes that there are a "substantial" number of such queries. This would seem to be a pretty blatant attempt to end run around the 4th Amendment, giving the FBI broad access to searching through the communications of Americans with what appears to be almost no oversight. Yikes! Oh, and it's not just the NSA, but the CIA as well. Remember, the CIA is not supposed to be doing any surveillance on US persons (like the NSA), but that's not what's happening at all. At least the CIA tracks some (but not all) of its abuse of backdoor searches: In calendar year 2013, CIA conducted fewer than 1900 queries of Section 702-acquired communications using specific U.S. person identifiers as query terms or other more general query terms if they are intended to return information about a particular U.S. person. Of that total number approximately 40% were conducted as a result of requests for counterterrorism-related information from other U.S. intelligence agencies. Approximately 27% of the total number are duplicative or recurring queries conducted at different times using the same identifiers but that CIA nonetheless counts as separate queries. CIA also uses U.S. person identifiers to conduct metadata-only queries against metadata derived from the FISA Section 702 collection. However, the CIA does not track the number of metadata-only queries using U.S. person identifiers. So, the CIA is doing these kinds of warrantless fishing expeditions into the communications of Americans as well, but at least the CIA tracks how often it's doing so. Of course, when it comes to metadata searches, the CIA doesn't bother. It's also a bit bizarre that the CIA is apparently carrying out a bunch of those searches for "other U.S. intelligence agencies," when the CIA should be especially limited in its ability to do these searches in the first place. Senator Wyden has responded to these revelations by pointing out how "flawed" the oversight system is that these have been allowed: When the FBI says it conducts a substantial number of searches and it has no idea of what the number is, it shows how flawed this system is and the consequences of inadequate oversight. This huge gap in oversight is a problem now, and will only grow as global communications systems become more interconnected. The findings transmitted to me raise questions about whether the FBI is exercising any internal controls over the use of backdoor searches including who and how many government employees can access the personal data of individual Americans. I intend to follow this up until it is fixed. Hopefully, now you are starting to recognize what a big deal it was last week when the House of Representatives recently voted to defund the ability to do these kinds of backdoor searches. Still, much more needs to be done. Oh, and in case you're wondering why Clapper finally 'fessed up to the FBI and CIA making use of these data to warrantlessly spy on Americans, it's worth noting that the Privacy and Civil Liberties Oversight Board (PCLOB) is expected to come out with its report on the Section 702 surveillance program on July 2nd (7/02, get it?). It seems likely that the report will discuss these backdoor searches on Americans and how other agencies besides the NSA has been involved in the practice.Permalink | Comments | Email This Story

Read More...
posted 24 days ago on techdirt
Last week, after finally having a gag order lifted by a court, Facebook revealed how it had spent the last year fighting back against an incredibly broad search warrant from the Manhattan District Attorney's office, for basically all information -- including private messages -- from 381 user accounts. The warrant came complete with a gag order forbidding the company from telling anyone -- including the 381 people -- about the search. The searches were related to an investigation that resulted in charges being filed against over 100 former NYC police and firefighters for a giant disability fraud scheme. Basically, those retired officers faked disabilities, while their Facebook accounts supposedly revealed that their disability claims were bogus. While we're all for rooting out former government employees clearly abusing the system, we're even more worried about overly broad government intrusions like this. Part of the issue, though, is over who has standing. As you may recall, Twitter was involved in a somewhat similar situation a few years back, when it went to court to protect the private messages of Malcolm Harris, who was involved in some Occupy Wall St. protests. In that case, Twitter told Harris, and Harris objected, but the court said it was only an issue between the government and Twitter, so Harris had no standing. Twitter then fought the issue, but eventually lost. The details in this case are a bit different (including the type of request -- a search warrant, rather than a 2703(d) order in Twitter's -- case, but the basic principles are fairly similar. Unfortunately, the law is a bit of a mess on this issue, again getting to the difficulty of applying old laws to new technologies: Orin S. Kerr, a law professor at George Washington University who is an expert on digital searches and seizures, said Facebook was trying to do something unusual in establishing a right for service providers to challenge a warrant. “The real question is, ‘Can they challenge warrants for their customers?’ And I think the answer is probably not, under current law,” Mr. Kerr said. While some have made comparisons to last week's Supreme Court ruling on mobile phone searches, which recognized that the digital data you store on your phone and "in the cloud" are more like the personal effects you have in your house, it's unlikely that ruling will have much of an impact here. After all, the point of that case was to tell law enforcement to "get a warrant." And, in this case, that's exactly what the DA's office did. The bigger question may be one of due process and standing in terms of challenging these warrants. As Facebook's deputy general counsel, Chris Sonderby, explains: Of the 381 people whose accounts were the subject of these warrants, 62 were later charged in a disability fraud case. This means that no charges will be brought against more than 300 people whose data was sought by the government without prior notice to the people affected. The government also obtained gag orders that prohibited us from discussing this case and notifying any of the affected people until now. We’ve gone to court and repeatedly asserted that these overly broad warrants�“which contain no date restrictions and allow the government to keep the seized data indefinitely�“violate the privacy rights of the people on Facebook and ignore Fourth Amendment safeguards against unreasonable searches and seizures. We fought forcefully against these 381 requests and were told by a lower court that as an online service provider we didn’t even have the legal standing to contest the warrants. We complied only after the appeals court denied our application to stay this ruling, and after the prosecutor filed a motion to find us in criminal contempt. In talking to the NY Times, Sonderby elaborated that when the DA's office said that the individuals themselves would have standing to challenge the use of the collected evidence later, that left out all of the people whose information was taken, but who weren't charged. To them, they just had their private effects searched with no recourse. “It appeared to us from the outset that there would be a large number of people who were never charged in this case,” he said. “The district attorney’s response was that those people would have their day in court. There are more than 300 people that will never have that chance.” In some ways, this case is a bit trickier than others. When there's probably cause, allowing law enforcement to get a warrant and do a search, makes sense. The real problem here is the incredibly broad nature of the warrants in this case, and the fact that there's really no way to challenge that factor. Facebook has basically been told it can't challenge it. The 300 people who aren't charged have no way of challenging it. And those that were charged really can only challenge the situation involving their personal circumstances, rather than the overly broad nature of the original warrant. It seems worth pointing out, by the way, that the warrant happened last July, about a month after the first Snowden revelations. While Facebook notes that it was the massive size of the warrant (more than 10x larger than any previous one) that made the company challenge it, it seems quite likely that the sudden attention on internet companies and their willingness to share personal information with the government played a big role in the decision as well. Chalk another one up to the Snowden Effect.Permalink | Comments | Email This Story

Read More...
posted 24 days ago on techdirt
Parker Higgins has a great opinion piece over at Wired, which is ostensibly about the recent release of OnionShare, a tool for sharing large documents directly and securely between two individuals, but which looks deeper into the question of why we're in 2014 and sharing such large files directly without intermediaries is such a challenge. And, as Higgins notes, a big part of that goes right back to... the copyright wars. Groups like the Motion Picture Association of America (MPAA), the Recording Industry Association of America (RIAA), and others that make up the copyright lobby have actively campaigned against the kinds of tools that address these aims. OnionShare creates direct connections between users, making it an example of peer-to-peer network architecture. The copyright lobby’s got a long history with peer-to-peer: at least since Napster emerged a decade and a half ago, corporate copyright holders have endeavored to destroy examples of the tech. We live today with the disastrous results. After 15 years of being attacked, villainized, and litigated over, peer-to-peer programs and protocols have become a hard sell for investment and development. And as centralized products have gotten a lion’s share of the attention, their usability and market share have increased as well. The simple fact is that the fight to protect one business model (out of many possible business models) for the entertainment industry, has clearly had a pretty big negative impact on the development of new tools and services that would lead to greater privacy and security (and a more functioning free press): The qualities that the copyright lobby dislike about peer-to-peer are precisely the ones that make it a powerful choice for defenders of press freedom and personal privacy. Namely, peer-to-peer offers no convenient mechanism for centralized surveillance or censorship. By design, there’s usually no middleman that can easily record metadata about transfers�”who uploaded and downloaded what, when, and from where�”or block those transfers. So, if you're concerned about how much metadata the NSA is scooping up from online services, you have the MPAA and RIAA and its legal fights partially to blame for that. In demonizing distributed, private peer-to-peer applications and protocols, we've been driven increasingly to more centralized offerings. As Higgins further highlights, the third party doctrine, giving less privacy to information held by third parties, makes this situation even worse. The distinction is further reflected in the U.S. legal system, which often offers data that goes through a third party reduced protection. That premise, the “third party doctrine,” is badly out-of-date, and produces counter-intuitive results in an era where the location of data storage is otherwise abstracted away. Already one Supreme Court Justice, Sonia Sotomayor, has called for reconsidering it. But as long as the third party doctrine exists, architectures like peer-to-peer that allow for direct communication, broadly speaking, provide more privacy protection against invasive government requests. In short, you have the government wanting to get more access to information, and it can do that on centralized systems -- and combine that with the RIAA/MPAAs of the world fighting to either outlaw or diminish investment in more decentralized systems, and you have a recipe for easy mass surveillance. A decentralized world is important for the internet to work correctly, but we've been increasingly pushed away from that. The good news is that with all the discussions of surveillance lately, a renewed push is being made for more decentralized systems. The success of decentralized cryptocurrencies like Bitcoin is also helping things along the way. And there are a large number of other projects that are each trying to tackle different aspects of more centralized systems. Hopefully, they won't be deterred by litigation spats focused on just preserving a particular business model as well.Permalink | Comments | Email This Story

Read More...
posted 24 days ago on techdirt
While former NSA boss General Keith Alexander continues to run around insisting that the damage from the Snowden revelations has been catastrophic and has put us all in great danger, his successor in office, Admiral Mike Rogers (again, no relation to chief NSA defender and head of the House Intelligence Committee Rep. Mike Rogers), has actually been a hell of a lot more reserved in his own claims. In his latest interview, with the NY Times, he specifically notes that the sky is not falling from the Snowden revelations. He repeated past warnings that the agency had overheard terrorist groups “specifically referencing data detailed” by Mr. Snowden’s revelations. “I have seen groups not only talk about making changes, I have seen them make changes,” he said. But he then added: “You have not heard me as the director say, ‘Oh, my God, the sky is falling.’ I am trying to be very specific and very measured in my characterizations.” Rogers also didn't spew the usual FUD about how we'd all be at risk if the bulk phone record collection was shut down, though, of course he said he still wanted access to the data in a reasonable amount of time, if necessary. Admiral Rogers indicated that system, so long resisted by the security agency, was workable. “I am not going to jump up and down and say, ‘I have to have access to that data in minutes and hours,’ ” he said. “The flip side is that I don’t want to take weeks and months to get to the data.” While it's doubtful that there will be any significant change in the NSA under Rogers, at the very least it's nice to see it have a leader who doesn't immediately jump to the usual FUD about how it absolutely needs every possible ability to spy on everyone or we'll all be put at risk.Permalink | Comments | Email This Story

Read More...
posted 24 days ago on techdirt
Les Moonves, CEO of CBS, was one of the more vocal network execs leading the charge against Aereo. He was the one insisting that CBS would move its content off of the public airwaves if Aereo won -- to which many people said that sounded like a good idea, so that others could use that valuable spectrum. Of course, when talking to his investors, Moonves also admitted that an Aereo win would have no real impact on the company, revealing the truth of the matter. Either way, it's no surprise that he'd be delighted by the victory over Aereo. What gets ridiculous is when he claims that it's a "pro-consumer thing." How, exactly, is that the case? If you look at the comments from just about any Aereo user following Aereo's decision to "pause" the service this weekend in the wake of the ruling, it certainly doesn't look particularly "pro-consumer." Aereo user and GigaOm writer Jeff Roberts has what might be the best explanation of how horrible this is for consumers: But while CBS and ABC investors may be throwing around high fives at the sop from the Supremes, the average consumer just took a bath. Not only did the court just stick it to them by protecting the TV industry’s bundle rip-offs, consumers also lose access to a marvelous technology. Aereo, you see, was different. It gave urban dwellers like me a cheap way to see over-the-air shows (which the broadcasters send out for free in the first place, don’t forget) on their computers and phones. The service, to be sure, was from perfect. The show streams could be choppy, and in the case of sports, the short time delay could be frustrating �” I would sometimes learn about a goal on social media right before seeing it on Aereo. And it lacked the lazy, channel-clicking pleasure of TV. But Aereo did point out what could be: a commonsense way to watch TV over the internet at a reasonable price. Now, we’re stuck instead with the TV industry’s over-priced bundles and, in the case of mobile, a confusing and convoluted “TV everywhere” system that seeks to replicate an out-of-date form of linear TV watching that no one wants in the first place. You can claim that the networks' win in the Supreme Court was "good" for the broadcast industry (though I'd challenge that assertion too), but to claim in any way that it was "pro-consumer" is just clearly out and out ridiculousness by Moonves.Permalink | Comments | Email This Story

Read More...
posted 24 days ago on techdirt
As you may have heard (since it appears to have become the hyped up internet story of the weekend), the Proceedings of the National Academy of Sciences (PNAS) recently published a study done by Facebook, with an assist from researchers at UCSF and Cornell, in which they directly tried (and apparently succeeded) to manipulate the emotions of 689,003 users of Facebook for a week. The participants -- without realizing they were a part of the study -- had their news feeds "manipulated" so that they showed all good news or all bad news. The idea was to see if this made the users themselves feel good or bad. Contradicting some other research which found that looking at photos of your happy friends made you sad, this research apparently found that happy stuff in your feed makes you happy. But, what's got a lot of people up in arms is the other side of that coin: seeing a lot of negative stories in your feed, appears to make people mad. There are, of course, many different ways to view this: and the immediate response from many is "damn, that's creepy." Even the editor of the study, admits to the Atlantic, that she found it to be questionable: "I was concerned," she told me in a phone interview, "until I queried the authors and they said their local institutional review board had approved it�”and apparently on the grounds that Facebook apparently manipulates people's News Feeds all the time... I understand why people have concerns. I think their beef is with Facebook, really, not the research." Law professor James Grimmelmann digs deeper into both the ethics and legality of the study and finds that there's a pretty good chance the study broke the law, beyond breaking standard research ethics practices. Many people have pointed out, as the editor above did, that because Facebook manipulates its news feed all the time, this was considered acceptable and didn't require any new consent (and Facebook's terms of service say that they may use your data for research). However, Grimmelmann isn't buying it. He points to the official government policy on research on human subjects, which has specific requirements, many of which were not met. While those rules apply to universities and federally funded research, many people assumed that they don't apply to Facebook as a private company. Except... this research involved two universities... and it was federally funded (in part). The rest of Grimmelmann's rant is worth reading as well, as he lays out in great detail why he thinks this is wrong. While I do find the whole thing creepy, and think that Facebook probably could have and should have gotten more informed consent about this, there is a big part of this that is still blurry. The lines aren't as clear as some people are making them out to be. People are correct in noting that Facebook changes their newsfeed all the time, and of course Facebook is constantly tracking how that impacts things. So there's always some "manipulation" going on -- though, usually it's to try to drive greater adoption, usage and (of course) profits. Is it really that different when it's done just to track emotional well-being? As Chris Dixon notes, doing basic a/b testing is common for lots of sites, and he's unclear how this is all that different. Of course, many people pointed out that manipulating someone's emotions to make them feel bad is (or at least feels) different, leading him to point out that plenty of entertainment offerings (movies, video games, music) also manipulate our emotions as well -- though Dixon's colleague Benedict Evans points out that there's a sort of informed consent when you "choose" to go to see a sad movie. Though, of course, a possible counter is that there are plenty of situations in which emotions are manipulated without such consent (think: advertising). In the end, this may just come down to being about what people expect. If anything, what I think this does is really to highlight how much Facebook manipulates the newsfeed. This is something very few people seem to think about or consider. Facebook's newsfeed system has always been something of a black box (which is a reason that I prefer Twitter's setup where you get the self-chosen firehose, rather than some algorithm (or researchers' decisions) picking what I get to see). And, thus, in the end, while Facebook may have failed to get the level of "informed consent" necessary for such a study, it may have, in turn, done a much better job accidentally "informing" a lot more people how its newsfeeds get manipulated. Whether or not that leads more people to rely on Facebook less, well, perhaps that will be the subject of a future study...Permalink | Comments | Email This Story

Read More...
posted 24 days ago on techdirt
A few weeks ago, we wrote about how Malibu Media was up to its old tricks again, demanding six strikes data from Comcast as part of its evidence gathering for its copyright trolling. Apparently, no one fought the request, so a magistrate judge has granted Malibu Media's request and told Comcast to comply with the forthcoming subpoena. When the six strikes plan was first put into place, many people worried that the information from it would be used in lawsuits, but people hadn't realized that it might also get abused by copyright trolls. All the more reason to question whether or not such a program is a good idea. When you have a system that allows "strikes" to be issued with no due process at all, which can then be used by a company currently responsible for 40% of all copyright lawsuits -- nearly all of which they're really using to shake down settlement fees -- it should make you wonder if the six strikes program is really such a good idea.Permalink | Comments | Email This Story

Read More...
posted 25 days ago on techdirt
This week, we were dismayed when the supreme court ruled against Aereo. It didn't take long for the fallout to start, with Fox trying to use the ruling against Dish, and silverscarcat took first place for insightful with a simple sentence to sum up how many people feel about this: And this is why... Copyright loses more and more respect by innovators, writers and consumers on a daily basis. Meanwhile, when we discussed problems with another fairly recent legal development — Europe's right-to-be-forgotten — one commenter accused us of having a double standard about privacy. Mason Wheeler took second place for insightful by explaining the nuance: Techdirt is for privacy, but only for things that are actually private. Techdirt has always--as far as I've seen, at least--been against the abuse of the term "privacy" to try to hide public affairs that someone finds embarrassing. For editor's choice on the insightful side, we'll start with some more thoughts about the Aereo ruling, this time from Josh in CharlotteNC who realized that in the long run, nobody wins: It's not just a disaster for tech companies, startups, and consumers. It's also a disaster for the media companies that won the suit. As with every other victory they have in the courtroom, it's nothing more than a Pyrrhic one. They've been handed another excuse to not innovate or even to offer services based on now mature technology, and instead to let their lawyers run wild. Until there's an online video offer equivalent or better than cable at a reasonable price, millions will continue to pirate. Netflix isn't there yet, and not just entirely because cable is trying to kill them. Lawsuit won, at cost of millions. Revenue gained, nil. Company that could've helped broadcast video reach more people and make more money, destroyed. Other companies that could've helped video adapt, never going to be born. Widescale piracy extended. Everyone loses. Next, we've got Almost Anonymous pointing out that no matter how you slice it, Keith Alexander shouldn't be doing private security work: There are huge problems with Alexander doing security consulting, but it seems to me that he must be breaking the law whether he discloses classified info or not. 1. If he knows of "backdoors" and other vulnerabilities and does not disclose the info to his clients, he is essentially defrauding those clients by deliberately allowing them to remain insecure. 2. If he gives those clients the classified info that would allow them to remove those vulnerabilities, then he is obviously breaking the law, as Rep Grayson noted. This is not even getting into the unethical nature of a person in Alexander's position doing any sort of security consulting in the first place. Over on the funny side, we start out on the story about a Raspberry Pi microwave-modder whose awesome work can't be commercialized because of the patent thicket. Naturally someone — in this case Michael — had to make the irresistible joke: I put a raspberry pie in my microwave and it didn't turn out very awesome. In second place, we start out on the post about the FAA's strict rules against commercial drone use, which suggested (among other things) that using drones for commercial farming is not okay, but for hobby gardening it is. This prompted one commenter to wonder what kind of hobby gardener has so many crops that they need a monitor drone, to which saulgoode offered a possible answer: Tommy Chong? For editor's choice on the funny side, we'll return one more time to the Aereo ruling, where one commenter wondered (as many have) why the tech industry doesn't just start buying out the entertainment industry entirely. It's not that crazy of an idea, and you can see why it appeals to some, but it's ultimately not really what tech companies want to do, and Dave Xanatos offered a fantastic explanation of why that is: Don't fight the dinosaur. *Buy* the dinosaur. Sounds great until you realize that now you have a dinosaur to care for and feed. Do you know how much Brontosaurus Chow goes for these days? Finally, after all this time spent on a bad ruling, let's head over to a good one: KlearGear being forced to pay up for its attempts to shake down customers who wrote bad reviews. The company's vague, nebulous and often ridiculous nature prompted one anonymous commenter to draw a distinct parallel: If this were a movie and Techdirt articles were the inspiration for the script, KlearGear would be revealed in the end to be owned by Prenda Law. What a twist! That's all for this week, folks. Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
Another week, another fifteen years to look back over. Five Years Ago: In the wake of the Jammie Thomas ruling, which we discussed in last week's look back, Moby said the RIAA should be disbanded and Richard Marx (whose music was included in the lawsuit) apologized to Thomas. Meanwhile, the RIAA insisted that the ruling showed that the public is against file sharing. I think it really showed just how delusional the RIAA can be at times. Meanwhile, newspapers were accusing Google of being a "digital vampire" while judge Richard Posner was bizarrely suggesting that copyright law get a special extension just to protect newspapers from the likes of Google. Comcast and Time Warner were working hard to limit your ability to watch TV online while ASCAP was insisting that when your phone rang in public, it was a public performance for which it should get compensated (that argument didn't fly in court). A town in Connecticut, however, told ASCAP and BMI to take a hike when they tried to demand royalties from local establishments. Amanda Palmer was in her early days of successfully experimenting with forms of crowdfunding, while Mythbusters Adam Savage was learning the horrors of insane international roaming fees for mobile phones. Tivo cynically bought a bull in Marshall, Texas in a weak (failed) attempt to influence a jury there in a patent trial. In a preview of today's cab driver fights against Uber, cab drivers were screaming mad about free competition in Tampa. Oh, and someone realized that if copyright law had been around in the time of Shakespeare, we'd probably not have a bunch of his classic plays today. Ten Years Ago: The MPAA's Jack Valenti was trying to rewrite history to edit out his claim to Congress that the VCR would kill the movie industry. And, on cue, his buddy, Senator Orrin Hatch was pushing a pair of absolutely terrible copyright bills in Congress: the INDUCE Act to make inducement copyright infringement and the PIRATE Act to let the FBI work on civil copyright cases as the private police force of Hollywood. Thankfully both failed to become law, though the Supreme Court effectively made the INDUCE Act law with its Grokster decision not too long after that. Ten years ago, SBC (which became AT&T) was promising to install fiber to the home. Amusingly, we just mentioned that again this week in highlighting how AT&T has a long history of lying about these things, as it did ten years ago. Thankfully, ten years ago we were pretty skeptical, noting that the company has a history of promising things and not delivering. Turns out we were right. Tiffany sued eBay for not policing counterfeit goods, kicking off a years-long process that (eventually) ended in courts making it clear that eBay is not liable. Those rulings have been quite important, so I guess we should thank Tiffany for losing those cases. Finally, ten years ago this week, SpaceShipOne became the first private space ship to break the space barrier, kicking off the private space race that is still underway today. This is one of those stories that still feels like it just happened recently to me... How time flies. Fifteen Years Ago: We were marveling over the idea of coupons sent to mobile phones and the brave new world of online banking. Some foolish people were still using analog mobile phones that were easily hacked, leading some enterprising hackers to rebroadcast calls they were intercepting via Shoutcast. If someone did that today, the DOJ would try to lock them up for decades. And, a study found that people were more truthful over email. I wonder if that would still be true today... 146 Years Ago: Christopher Latham Sholes patented the typewriter, though he soon "disowned the machine and refused to use, or even to recommend it." The patent (US 79,265) was sold off for $12,000.Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
Given that we wrote this week about the FAA saying that basically any use of a drone for money is illegal, we figured that for this week's awesome stuff we'd focus on some projects around drones -- some of which may actually be illegal under the FAA's ridiculous interpretation. HEXO: Autonomous Aerial Camera First up, we've got the HEXO, an autonomous aerial camera. It's a drone that you can attach a GoPro to (some packages include the GoPro) with some software that you can use to let the drone know who/what to follow, and the drone will do exactly that. It's designed very much with aerial imagery of sporting events in mind. The examples in the video above are... amazing. Makes me want to do more sporting activities that I'd want to film just to use this kind of thing. Airdog: Auto-follow Drone for GoPro Okay, this one is very similar to the HEXO above -- a drone system for automatically filming action sports from above with a GoPro. In fact, in some areas the similarities are striking. They're both built by companies based in Palo Alto, California. They both launched on Kickstarter on the same day, and they're both built by companies made up of action sports folks who wanted to have better systems to film themselves. It looks like the AirDog is a little different in that, rather than autonomously following you via the software, the AirDog requires a "leash" that you strap to your wrist, so it knows where to film. The AirDog also looks a little bit more expensive, and, frankly the sample shots in the video aren't nearly as impressive as those in the HEXO video, though that may have more to do with filmmaking technique than the devices in question. Either way, two options for very similar offerings -- and using either of them for commercial uses will piss off the FAA. View from Nova Scotia -- an aerial drone film A filmmaker wants to make a film about Nova Scotia, filmed entirely by drones. The project is just about over and has almost no backing, so it's not going to get funded. Also, it's in Canada, so the FAA rules don't directly apply to it, but if this were in the US, the project itself would almost certainly go against the FAA rules, for being a "commercial" offering using drones. That seems fairly ridiculous for a variety of reasons. Personal Drone Detection System Okay, finally a project that the FAA might like. Consider this as the anti-drone project if you, like the FAA, look at the above stories and freak out. Some folks who don't like drones have built some "drone detection systems" to let you spot drones flying around you. Honestly, given the quality of the video and the prototypes shown, this seems like a fairly amateurish project. The system also doesn't really do anything other than alert you if a drone is entering the "grid" that you set up. Seems like a perfect solution for people overly sensitive to drones. Perhaps the FAA will order a few dozen. That's it for this week. Have fun and try not to piss off the FAA this weekend.Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
Where do you go when the assertions that Snowden's leaks will cause grave damage and irreparable harm to national security still fail to unite the world against the former NSA contractor? It appears you head to alternate realities where Snowden leaks documents during the early 1940s, thus dooming Britain to cowering at the feet of Hitler. If Edward Snowden had been around during World War II, Adolf Hitler would have been able to score victories against the United Kingdom, according to the British ambassador to the U.S. In remarks at The Ripon Society commemorating the U.S. and British alliance, Ambassador Peter Westmacott said leaks like Snowden's would have allowed the Nazis to overrun allied forces in the Battle of the Atlantic and gain the upper hand... "[T]here are moments ... when it is absolutely essential that intelligence operations in defense of our national security remain secret," he added. "These things are important. It's not frivolous and it is not hiding things." "It is actually necessary for our national security to ensure that our real secrets remain secret." Westmacott's comments follow a long line of detractors, who have claimed Snowden's leaks have turned the US (and other Five Eyes partners) into terrorists' playgrounds, when not trawling through history in an attempt to compare leaks spread worldwide by journalists to the selling of sensitive documents to unfriendly nations. That's when they're not suggesting Snowden's residence in Russia will inevitably turn him into an alcoholic. This sort of claim is another in a long line of NSA/GCHQ defenders deploying fear in hopes of regaining the supposed higher ground. But there's only so long these tactics can remain effective in a dearth of terrorist activity, and it appears to have passed that shelf date quite some time ago. You can only point to attacks you haven't prevented as evidence that you're needed for so long before the public starts granting you the same level of trustworthiness reserved for those who claim to know the exact date the world will end. Westmacott also mixes his metaphors by using military operations to condemn the leaking of documents detailing lots of untargeted surveillance. His fears mirror those of the Defense Department, which seems to believe Snowden is holding onto thousands of military intelligence documents and has based its damage assessment on the theory that a) he actually has these and b) they will be (or have been) released. The ambassador would do well to remember that not nearly as many citizens are sold on the "War of Terror" as they were on actions taken during World War II. There's something much less tangible about a threat that is constantly referred to but rarely cohesively materializes. It's become so much of an abstraction here in the US that the FBI has had to craft its own "terrorist plots" from scratch just so its Counterterrorism wing (the larger of the two -- the other being "Law Enforcement") has something to do. Cleared of all its Godwin-trappings, Westmacott's ultimate point is hardly any better. His extended anecdote -- involving the cracking of German U-boat codes in 1940-41 -- bears little resemblance to what has actually been revealed by Snowden's leaks. Much of what's been uncovered deals with the domestic surveillance performed by many countries as well as a concerted effort to undermine secured communications of any sort. There has been nothing released to date that details intelligence efforts directed at military foes. That the oft-alluded-to enemy ("terrorists") use the same communication tools as the rest of the public (phones, internet, etc.) has been used as leverage to allow multiple intelligence agencies to gather communications and data from everybody, supposedly in hopes of ferreting out the terrorists among us. But nothing here covers encrypted military communications, not even those of the US or our allies. Westmacott says some secrets must remain secret, and without a doubt, many still do. To try to pitch the leaked documents as somehow being the equivalent of "allowing" Nazi Germany to "win" is more than disingenuous, it's a distortion of what's actually been leaked. Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
We've already noted how the Supreme Court's ruling in the Aereo case is a disaster for the technology industry, by using a bizarre "looks like a duck test" that provides no guidance for the tech industry and is going to create a litigation nightmare. Of course, the broadcasters and their supporters in the copyright maximalist world insist that this is all hyperbole and exaggeration -- but it appears that even many of their "friends" agree. The LA Times is Hollywood's hometown paper, and it frequently supports the industry. However after the ruling, it's released an editorial worrying about the impact on innovation: There's been plenty of speculation that Aereo could undermine broadcasters by cutting into or even eliminating the substantial fees they collect from cable operators. But then, as Scalia noted, broadcasters said the VCR would be the death of their industry too. By trying to close a legal loophole that technology enabled Aereo to exploit, the court blurred the boundaries around copyrights in a way that will chill investment and innovation. It would have been far better if the court had let Congress respond to a technological change it couldn't have foreseen 38 years ago. Then jump over to the Hollywood Reporter, the leading trade magazine for Hollywood, and you get a similar analysis that notes the chill on innovation: Innovators lose because the Aereo decision makes it harder for them to know where the lines are drawn. The court said Aereo �“ which allowed users to use RS-DVR technology to transmit programs, from a small antenna to a hard drive and thence via packet on the Internet to mobile devices and PCs �“ was "substantially similar" to a cable system that uses a single big antenna to transmit programs via cables buried in the streets to television sets. The fact that Aereo also resembled an RS-DVR was discarded. With that much elasticity, how does a technologist know whether her brilliant idea too closely resembles a phonograph or player piano roll and therefore runs afoul of some vastly pre-Internet analysis? That report also notes the harm done to the public: Consumers lose for the same reason that MVPDs win. High priced cable bills are here to stay, and unbundling remains a distant dream for consumer advocates. The other big trade publication, Daily Variety, was much more congratulatory towards Hollywood's "victory," but its editor-in-chief penned an analysis piece that warns the networks who hid behind this fight that if they don't want another Aereo to pop up, they need to start innovating themselves. In other words, pretty much everyone -- even Hollywood's closest observers -- recognize that this ruling was a disaster towards true innovation, and are hoping against hope that these companies that have spent decades fighting innovation will magically start innovating themselves, now that they wiped out the upstart competitors. I wouldn't hold my breath. The purpose of this fight was to kill innovation, and that's not going to spur the networks to innovate. They think they wiped out this threat.Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
Earlier this week, EFF's Parker Higgins noted that he was about to head on a secretive "adventure to Utah" -- and now it's come out that he was actually there to fly a blimp over the NSA's infamous datacenter in Bluffdale, Utah. You know the one. It's received plenty of attention over the past few years, as it was designed to store a ton of electronic data that the NSA previously didn't have room for. Either way, EFF and Greenpeace teamed up to launch a new campaign called Stand Against Spying, and took to the skies in the blimp to get it some attention. You can also see a brief video of the blimp taking off. If you look closely, you'll see the big arrow pointing downward from the blimp saying "NSA Illegal Spying Below." The blimp -- technically a thermal airship called the A.E. Bates, apparently flew over the center for about an hour. In an interview with the Guardian, Higgins noted just how enormous the datacenter appears to be from above: "The data center is this massive, sprawling complex. I've seen pictures of it, but it's different from the air. You get a sense, really, for the scope of this, the scale of what they're doing there." Check out the Stand Against Spying website, and, in particular, its new Congressional scorecard rating our elected officials on how good of a job they're doing (or not doing) in protecting our privacy against the NSA. The list, unfortunately, shows how polarized this debate is. There are a lot of "A"s on the list, and a ton of "D"s and "F"s. There are very few "B"s and "C"s in between. The methodology explains how the grades were awarded. Improving grades is pretty straightforward: sponsor or co-sponsor good privacy bills and then vote for them. Simple? Simple. Now, it's time to move more people into the "A" category.Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
Life is filled with small problems. Some more important than others. Mathematicians have attempted to solve some of these conundrums, and apparently one somewhat popular task is cutting things up. Here are just a few (useful?) examples of math applied to the task of cutting a cake. This video demonstrates how to cut a cake in a way that maximizes the amount of moist cake that can be eaten if the cake isn't eaten in a single sitting, but over the course of days. This is actually a pretty sad way to eat a cake, assuming you have no friends or don't want to share your cake so that you have to eat it all by yourself. [url] If you've ever heard of the Banach-Tarski Paradox, you might think it should be possible to cut up a cake in such a way that you never run out of cake. The proof relies on the Axiom of Choice, but too bad real cake isn't infinitely divisible. [url] Everyone knows the classic "you cut, I choose" method for cutting up a cake fairly between two people. Not everyone knows the method for cutting a cake fairly between n number of people.... [url] If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
I don't know what possesses certain individuals and entities to address their screwups by attempting to bury them, especially in an age where a wealth of information is still (mostly) a Google search away. Whatever happened to taking responsibility for errors of judgement? By opting for the "hasty burial" method of reputation management, these entities almost invariably direct more attention to the very thing they wanted everyone to forget. It happens so frequently, it even has its own name. Occidental College expelled a student over rape allegations, opting to take the path well knee-jerked, rendering its decision before all the facts were in. The facts didn't seem to indicate a rape had occurred (something investigating officers agreed with). The student, identified only as "John Doe," had sex with his accuser on September 8th, 2013, according to details of the case obtained by the Foundation for Individual Rights in Education. Both Doe and his accuser had been drinking. By several accounts, the sex was consensual. The accuser sent Doe a text message beforehand asking him if he had a condom. She also texted a friend and clearly announced her intention to have sex with Doe. But rape was declared in the sober light of day, thanks in part to an assistant professor's bizarre profiling of Doe as a rapist. After that night, the accuser spoke with several Occidental employees, including Danielle Dirks, an assistant professor of sociology. Dirks told the accuser that Doe "fit the profile of other rapists on campus in that he had a high GPA in high school, was his class valedictorian, was on [a sports team], and was 'from a good family.'" Classic rapist. High grades, played sports, good family. Occidental obviously holds its rapists to a higher standard, seeing as Doe fit right in with "the other rapists on campus." One week later, the rape complaint was filed. The police, as mentioned above, investigated it and deemed the interaction to be drunken sex between two consensual adults. Occidental College, however, was feeling the pressure from up top -- specifically, a recent federal investigation into its rape prevention policies. So it overreacted. [T]he college hired attorney Marilou Mirkovich to investigate the matter. Mirkovich concluded that the female student did indeed consent to sex. However, since she was intoxicated, her consent was invalid, according to Mirkovich. (Interesting point, but wouldn't that mean they raped each other? Or is consent vis-a-vis intoxication completely malleable to each situation, in order to better comply with societal expectations?) This was all Occidental needed to justify expelling Doe... who then sued the school for denying him due process. When this happened, all of the above became public knowledge. And it made Occidental look bad, which is something the school cannot abide. But rather than settle with Doe and admit the whole "investigation" was a farce, it decided it still had plenty of "stupid" left in its tanks. So it's unsurprising that Occidental would be unhappy about these documents being displayed online for all to see and judge. It is equally unsurprising, however, that yesterday a Los Angeles County Superior Court judge denied the college's request to seal certain documents relating to the case—specifically, approximately 180 pages comprising an investigative report and accompanying evidence that included interviews with witnesses and the alleged victim. Unsurprising, indeed. And yet, the university attempted to bury its embarrassment with a straight face, expressing a completely belated "concern" about the personal information contained in the investigative report... four months after it went public. To which the judge responded: I don't understand why [it] is so pressing in June when it wasn't so pressing in February. That's the power of negative press. That open-and-shut investigation that forced a dangerous rapist valedictorian off campus was suddenly an ugly, festering byproduct of Occidental's desire to show the US Government that was Very Serious about combating sexual assault and completely willing to offer up as many scapegoats as needed until the pyre of shame receded to an easily-ignored flicker. It was even willing to find as many "experts" as needed to paint Doe into the "rapist" corner, even if the supporting statements made were facially moronic. But just asking the judge wasn't enough. Occidental tried to get FIRE (Foundation for Individual Rights in Education) to pull its coverage while awaiting the judge's incredulous/sarcastic response. On Monday, FIRE received a fax from the law firm Sidley Austin LLP asking us to remove the investigative report and adjudicator's decision from our website until the court had made a decision on the confidentiality of those materials. We did not do so. Occidental managed to bully one student off of its campus, but its limited reach means everyone else remains unaffected, no matter how many requests its law firm sends out. The judge's refusal to assist in patching up the school's self-inflicted wounds should send a message to other entities that find themselves in similar situations. Before attempting a quick burial, consider the possibility that doing so will only result in wider coverage. If you still feel your temporarily wounded pride is worth more than your long-term reputation, go ahead. But don't be surprised if it only results in more criticism. [Defense lawyer Scott Greenfield also has some fine thoughts on Occidental (and the law's intrusion into bedrooms/dorm rooms) at Simple Justice, included here mainly because of this tweet.] Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
Often, it seems there are two sets of rules: the set we the public are expected to follow, and those that legislators, law enforcement and other government subsects follow. Sometimes, it's not just something that feels that way. Sometimes, it actually is, like the discovery that lawmakers were profiting from inside trading. This prompted a quick change in laws to make legislators act like law-abiding citizens, but it was just as swiftly rolled back once the outrage had died down. Legislators in North Carolina are now considering a bill that would give government employees and officials unprecedented control over public records -- a "courtesy" that apparently won't be extended to the public. (via Techdirt reader Jj) Wake County Assistant District Attorney Colleen Janssen spoke before a House judiciary committee before it passed a measure allowing state and federal prosecutors, federal judges and police officers to remove any information that could be used to identify them from city and county websites. Such information could include local tax payments, property deeds and other records accessible to the public online. It includes one small caveat. Identifying information wouldn't be removed from the actual records on file at local government offices. Anyone with enough time on their hands can still head down and experience some quality face time at the local government office should they want to see the offline-only information, an interaction that will presumably be logged in some fashion, just in case. Why is this bill even being considered? Because bad things happened once to this one person -- who also happens to be a prosecutor. A prosecutor recently targeted by kidnappers urged a legislative committee Wednesday to endorse a bill that would shield the identity of law enforcement officials online. An indictment says alleged gang members kidnapped Janssen's father, 63-year-old Frank Janssen, from his Wake Forest home in April and held him captive in an Atlanta apartment for five days before he was rescued by federal agents. The kidnappers had targeted the daughter as revenge for her prosecution of a gang member, but ended up at the wrong address and decided to abduct the father instead. Janssen believes this law would help shield law enforcement members, along with the rest of the prosecution side of government, from those with "nefarious intentions." Presumably, the general public will still be subjected to nefarious actions, since they aren't being afforded the same luxury. Despite the fact that law enforcement has become a much safer occupation over the last 50 years, we are constantly told that the dangers are increasing, usually as a justification for misconduct, expanded surveillance or the acquisition of military equipment. Presumably, a world more dangerous for law enforcement would also be more dangerous for civilians, but very little thought is given to the wellbeing of the public. Instead, we get statements like this: "Kidnapping and mortal danger are faced by state and federal prosecutors constantly." That's from Robert Guthrie, the president of the National Association of Assistant United States Attorneys. So, this would allow these parties to scrub online info, but the public's can still be public, even though this information is used by "nefarious" people as well, like scam artists, vengeful ex-anythings (employees, spouses, etc.) and other members of the criminal element. But only the chosen few will be allowed to take public information out of public records. And that few may only stay a few for a brief amount of time. If passed, the law would open the door for nearly any entity, inside the government or out, to claim that its members are adversely affected by the publication of personal information in public records and that they too should be allowed to scrub their identifying information as well. If this goes through, North Carolina will have two sets of public records laws -- one for whom danger is considered unacceptable and one for everyone else, where danger is expected to be just part of life. Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
In the begrudging spirit of forced openness, the Office of the Director of National Intelligence (James "Least Untruthful" Clapper, presiding) has released its First Annual Ever Transparency Report. So, what have our intelligence agencies been up to for the last calendar year? Well, a little of this and whole lot of that, all of it broken down into numbers that don't really provide that much transparency. The figure that first stands out is related to the Section 702 program. As defined in intelspeak, the 702 program: facilitates the acquisition of foreign intelligence information concerning non-U.S. persons located outside the United States, creating a new, more streamlined procedure to collect the communications of foreign terrorists. In plain English, the Section 702 program does this: [The] collection done under Section 702 captures content of communications. This could include content in emails, instant messages, Facebook messages, web browsing history, and more. Like other bulk surveillance programs, Section 702 supposedly targets non-US persons but frequently "incidentally" collects content from US persons and other non-targets. This data on Americans is then searchable via backdoor searches. Much of this information is collected directly off the "Internet backbone" as communications flow through NSA collection points. The authority it operates under is incredibly vague and almost completely without adequate oversight. This last sentence explains the following numbers. In contrast with sections 703, 704 and pen register requests -- where the number of targets roughly corresponds with the number of orders -- the 702 program operates under one order… which nets over 89,000 targets. Note -- and this is important -- that the report only says how many "targets" are "affected." It does not say how many other people's communications are "incidentally" collected along the away and made open to those backdoor searches. And, rest assured, that number is likely much larger than 89,000 -- especially since we already know that any communication "about" any target gets swept up, but that won't count towards that number. And, as discussed below, the definition of "target" can often mean something entirely different than what you think it means. This broad collection, one that harvests content rather than (supposedly harmless) metadata, is one of the NSA's favorite tools and explains its willingness to discuss alterations to the Section 215 bulk metadata program, but not to change the 702 program at all. (Not that anything much actually happened to the 215 program, even after all of the discussion.) What's more interesting, though, is the long discussion about the incredibly high number of National Security Letters issued in 2013. The FBI (along with other agencies) is issuing NSLs at the rate of 53 per day. The ODNI's long explanation attempts to portray this huge number as most certainly not evidence of NSL abuse. In addition to those figures, today we are reporting (1) the total number of NSLs issued for all persons, and (2) the total number of requests for information contained within those NSLs. For example, one NSL seeking subscriber information from one provider may identify three e-mail addresses, all of which are relevant to the same pending investigation and each is considered a “request.” So, the FBI (and unnamed other agencies) must issue a new NSL (the "must" is up for discussion) for each account it wishes to collect from, whether it's an email address or some other online account. And if multiple names are used for one target, then new NSLs must be issued to claim that information. And so on, until the government is issuing nearly 20,000 per year. The ODNI attempts to explain how difficult it is to narrow down how many people are being targeted by NSLs. We are reporting the annual number of requests rather than “targets” for multiple reasons. First, the FBI’s systems are configured to comply with Congressional reporting requirements, which do not require the FBI to track the number of individuals or organizations that are the subject of an NSL. Even if the FBI systems were configured differently, it would still be difficult to identify the number of specific individuals or organizations that are the subjects of NSLs. One reason for this is that the subscriber information returned to the FBI in response to an NSL may identify, for example, one subscriber for three accounts or it may identify different subscribers for each account… We also note that the actual number of individuals or organizations that are the subject of an NSL is different than the number of NSL requests. The FBI often issues NSLs under different legal authorities, e.g., 12 U.S.C. § 3414(a)(5), 15 U.S.C. §§ 1681u(a) and (b), 15 U.S.C. § 1681v, and 18 U.S.C. § 2709, for the same individual or organization. All well and good, but the DOJ's transparency report (linked to by the ODNI) breaks that number down just fine. (For whatever reason, the ODNI Tumblr post links to a report for 2012. The PDF of the ODNI's report contains a link to the 2013 version. Both are embedded below.) From the 2013 letter: In 2013, the FBI made 14,219 NSL requests (excluding requests for subscriber information only) for information concerning United States persons. These sought information pertaining to 5,334 different United States persons. From the 2012 letter: In 2012 the FBI made 15,229 NSL requests (excluding requests for subscriber information only) for information concerning United States persons. These sought information pertaining to 6,223 different United States persons. It appears the FBI has the power to narrow down the number of persons targeted by its NSLs, although something must have happened in 2013 that made it append the following footnote to its FY2013 letter. In the course of compiling its National Security Letter statistics, the FBI may over-report the number of United States persons about whom it obtained information using National Security Letters. For example, NSLs that are issued concerning the same US. person and that include different spellings of the US. person's name would be counted as separate U.S. persons, and NSLs issued under two different types of NSL authorities concerning the same US. person would be counted as two US. persons. This statement also applies to previously reported annual US. person numbers. The DOJ's transparency letters again point out that the FISA court is basically approving everything set in front of it. Only one order has been withdrawn in the last two years and only 74 of 3,511 orders presented for "electronic surveillance" and/or "physical searches" were modified. The Section 215 collection requests were sent back for modification more often (roughly 2/3rds of the time) but ultimately, not a single one of those requests were denied. So, there's more transparency than we're used to, but the 702 program still remains the best kept open secret. One order accesses thousands of "targets," and the ODNI hasn't exactly been forthcoming with additional details. Another explanatory note included does, however, point out inadvertently how useless the word "target" is when deployed by the NSA. Within the Intelligence Community, the term “target” has multiple meanings. For example, “target” could be an individual person, a group, or an organization composed of multiple individuals or a foreign power that possesses or is likely to communicate foreign intelligence information that the U.S. government is authorized to acquire by the above-referenced laws. Section 702's "explanation" takes it even farther: In addition to the explanation of target above, in the context of Section 702 the term “target” is generally used to refer to the act of intentionally directing intelligence collection at a particular person, a group, or organization. It's a noun, it's a verb, it's pretty much anything the NSA wants it to be, as Marcy Wheeler explains: Except that it doesn’t admit that, at least in the past, sometimes target means “the switch we know lots of al Qaeda calls to use.” Meaning the term “target” is a misnomer even within the context they lay out. There's still nothing "targeted" about the NSA's supposedly targeted collections. The collection comes first and the targeting comes later -- sometimes using pre-determined selectors and other times by splashing around in the data until something presents itself. What the NSA means by "target" is nothing more than a term deployed to gain access to massive amounts of communications and data, all under the theory that it's somehow "relevant" to its counter-terrorism work. The new report is a step towards transparency, but it's a very calculated move that throws out a few vague numbers while withholding anything that could put them into context. In this sense, it follows the administration's idea of transparency: nothing that goes deeper than the surface. Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
I'm no conspiracy theorist, generally speaking, but I have to admit the apparent systematic militarization of domestic police forces throughout the country scares the hell out of me. You've seen it, too. Officers, once clad in powder blue uniforms, are suddenly dressed in blues that are so dark they might as well be black. Small-town police forces are gobbling up military-style equipment for god-knows-why. Regulatory agencies are sending out armed forces to rescue wildlife. Whatever your politics, it's pretty clear that there is some kind of imbalance on display here. The good news, however, is that these are public servants we're talking about here, so they're subject to a certain degree of transparency and information requests from John Q Public. Right? Right!?! Wrong, at least according to SWAT teams in Massachusetts, which are bizarrely claiming protection from such requests due to Massachusetts SWAT teams now being part of a private corporation. As part of the American Civil Liberties Union's recent report on police militarization, the Massachusetts chapter of the organization sent open records requests to SWAT teams across that state. It received an interesting response. As it turns out, a number of SWAT teams in the Bay State are operated by what are called law enforcement councils, or LECs. These LECs are funded by several police agencies in a given geographic area and overseen by an executive board, which is usually made up of police chiefs from member police departments...Some of these LECs have also apparently incorporated as 501(c)(3) organizations. And it’s here that we run into problems. According to the ACLU, the LECs are claiming that the 501(c)(3) status means that they're private corporations, not government agencies. And therefore, they say they're immune from open records requests. Yes sir, law enforcement just went private. It makes no sense, of course, because these LECs are in charge of oversight for local law enforcement agencies, LEC employee lists include all manner of public servants, and LEC SWAT teams are used to conduct raids on the citizenry. All of this is funded, by the way, with public money. Our money. That this money is funneled in from the public coffers of local police agencies doesn't make a lick of difference. The argument is essentially that if an LEC uses our money to set up its own oversight authority and then slapps a 501(c)(3) label on it, it no longer has to respond to public records laws. And, per the ACLU, this ain't some small-time problem we're discussing here. Approximately 240 of the 351 police departments in Massachusetts belong to an LEC. While set up as “corporations,” LECs are funded by local and federal taxpayer money, are composed exclusively of public police officers and sheriffs, and carry out traditional law enforcement functions through specialized units such as SWAT teams. Police departments and regional SWAT teams are public institutions, working with public money, meant to protect and serve the public's interest. If these institutions do not maintain and make public comprehensive and comprehensible documents pertaining to their operations and tactics, the people cannot judge whether officials are acting appropriately or make needed policy changes when problems arise. Which, of course, is the entire point. They're hiding from public scrutiny behind the veil of incorporation, which may rank right up there among the most cynical things a government organization has ever done. It's a move one might find in the corporate republic of some dystopian novel. I say that because it's truly not as though the police departments in question are attempting to claim some kind of exemption within public records law. They're just putting up a stone wall. “You can’t have it both ways,” Jessie Rossman, a staff attorney for the Massachusetts ACLU, told me in a phone interview. “The same government authority that allows them to carry weapons, make arrests, and break down the doors of Massachusetts residents during dangerous raids also makes them a government agency that is subject to the open records law. “They didn’t even attempt to claim an exception,” Rossman says. “They’re simply asserting that they’re private corporations.” Now, the ACLU is suing, claiming that these LECs have received both local and federal funding from government tax coffers, but others are suggesting this attempt to claim privatization is not without its pitfalls for those same law enforcement organizations. Pretending to be a private corporation to avoid freedom of information requests is one thing, but wouldn't that also mean giving up other things as well? The claim by the Massachusetts LECs in response to the ACLU's demand under Freedom of Information laws is a cute attempt to twist corporate law with public authority law, but it is sheer, unadulterated nonsense. They can be one or the other. They cannot, by definition, be both. The curious question is that if a cop claims to be exercising police authority on behalf of a private entity, does he lose qualified immunity for his actions, and subject himself to the same tort law as anyone else? It would seem so, not because he’s right about working for an LEC private corporation, but because he subjectively disavows the protections he would otherwise have if he functioned under the authority of the state. He stripped himself of immunity, as well as authority. You can already hear the tortured back peddling that would be on display should such a situation arise, can't you? But that's just trying to get some fun out of what is clearly a claim by public institutions that cannot be allowed to stand. Allowing this move to be successful would only open the door to every other public institution that desired private oversight status to employ the same technique, the result of which would be public tax money propping up an officially private corporate government in which transparency is granted at that same corporate government's pleasure and never otherwise. It's the germination of an unholy mixture of corporatocracy and fascism and it would be the undoing of the very concept of the American government. Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
We've been saying that the Aereo ruling is going to create a litigation headache for a number of companies... and here we go. You may recall that a bunch of TV broadcasters have sued Dish over its attempts to provide innovative features to consumers, such as its Dish AutoHopper and its Dish Anywhere streaming offering. So far, those lawsuits have gone nowhere and fast. But Fox sees renewed life in its effort to shut down innovation thanks to the Supreme Court's unfortunate "looks like a duck" test. Within hours of Wednesday's ruling, Fox had run to the 9th Circuit appeals court with the news. The 9th Circuit had previously rejected Fox's attempt to shut down the Dish technology, but Aereo has renewed its hopes of killing some innovation: Fox's lawyers believe the Aereo ruling strengthens their case against Dish. In a letter to the court Richard Stone, partner at Jenner & Block, wrote that the supreme court had ruled Aereo's service constitutes an "unauthorized public performance of Fox's copyrighted works." "Dish, which engages in virtually identical conduct when it streams Fox’s programming to Dish subscribers over the internet – albeit also in violation of an express contractual prohibition – has repeatedly raised the same defenses as Aereo which have now been rejected by the supreme court," he wrote. Stone highlighted that the court had specifically rejected Aereo's assertion that it is "merely and equipment provider" and that Aereo's subscribers were the ones transmitting content. Get ready, because Aereo is going to get cited a lot by the legacy entertainment industry as they quickly seek to destroy innovation.Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
We recently noted that former NSA boss Keith Alexander is running around asking for $600k to $1 million per month for his new "cybersecurity" consulting firm. While some people thought that the number was "low" for banks, that doesn't make any sense. You could hire a lot of really good actual security professionals for that kind of cash. So it made us wonder just what banks thought they were getting for that $1 million. Actual security professional Bruce Schneier wondered that as well, and wondered aloud if the one difference was that... Alexander could give them classified info -- such as where he hid the backdoors in their routers. That statement apparently caught the attention of Rep. Alan Grayson, who has been a vocal opponent of NSA overreach. He's now sent a letter to the Financial Service Rountable to point out that selling classified info is a crime: Security expert Bruce Schneier noted that this fee for Alexander's services is on its face unreasonable. "Think of how much actual security they could buy with that $600k a month. Unless he's giving them classified information." Schneier also quoted Recode.net, which headlined this news as: "For another million, I'll show you the back door we put in your router." This arrangement with Mr. Alexander may also include additional work with the shadow regulatory firm The Promontory Group, with whom Alexander apparently will partner "on cybersecurity matters." According to Promontory spokesman Chris Winans, Mr. Alexander "and a firm he's forming will work on the technical aspects of these issues, and we on the risk-management compliance and governance elements." Disclosing or misusing classified information for profit is, as Mr. Alexander well knows, a felony. I question how Mr. Alexander can provide any of the services he is offering unless he discloses or misuses classified information, including extremely sensitive sources and methods. Without the classified information that he acquired in his former position, he literally would have nothing to offer to you. Grayson also demands "all information related to your negotiations with Mr. Alexander, so that Congress can verify whether or not he is selling military or cybersecurity secrets to the financial services industry for personal gain. Sure, it's a snarky move, but there is a point behind it. Alexander can't command those sums because of his actual technical expertise. The reality, of course, is that he's selling his connections to the government. But it certainly raises the question of appearances.Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
Following the Aereo ruling in the Supreme Court this week, lots of folks are sifting through the decision and opining on what it all means. To give a brief summary, the general consensus is that the Supreme Court's "looks like cable" test is so devoid of actual legal standards and/or reasoning that perhaps the "best" result might be the fact that it gives no real guidance to anyone. The Court's decision rests almost entirely on the fact that Aereo "looked like" something else, totally ignoring the very important technical differences. The most ridiculous part of the ruling was where the majority totally admits that it's not going to even bother to look inside the black box to see if Aereo actually infringes, but rather will just say that it's infringement because of the similarity to cable: Viewed in terms of Congress' regulatory objectives, why should any of these technological differences matter? They concern the behind-the-scenes way in which Aereo delivers television programming to its viewers' screens. They do not render Aereo's commercial objective any different from that of cable companies. Nor do they significantly alter the viewing experience of Aereo's subscribers. That rationale should be scary to anyone who believes in the rule of law. The Supreme Court is flat out saying "we have no interest in opening up the black box to see if it's infringing, instead, we're going to look at the inputs and outputs and assume that it must be infringing, because those inputs and outputs sorta kinda match this other system that was infringing." But that deliberately blocks off what the actual dispute was about: whether or not what's happening in the black box infringes. And because of that, lots of other internet services are... suddenly left swimming in the dark. Even if they (as Aereo did) follow the letter of the law to avoid infringing, if the Supreme Court (or another court) suddenly decide that they look like an infringing system because the court puts a black box around the specifics, they can be found infringing too. Yikes! Law professor Mark McKenna has a really good analysis of why this "looks like something that infringes" test is such a mess: It would be one thing if the consequence of this approach were simply to block Aereo from offering its services. That would be a loss to consumers who don't want to pay $150 a month for cable subscriptions, but at least the damage might be contained. Unfortunately, the problem is bigger than that, for in glossing over technological details, the opinion potentially implicates a wide range of other services. What about Dropbox and other cloud computing services, for example, all of which use their own equipment to retransmit what they receive to their customers, often transmitting many user-specific copies of the same works? How do those avoid liability? Not to worry, says the court, those technologies might be different. Why? Because cable system. The most obvious way to insulate many of the cloud computing technologies would be to hold, as the dissent suggested, that a party does not infringe when it “does nothing more than operate an automated, user-controlled system.” But that is apparently not the rule, because it would have insulated Aereo from liability, too. Thus, while the court assures us that user control over a system might, in some cases, make a difference, it gives us no guidance as to when that might be true, except to say that it isn't true here. And... what that means is there will now be a ton of litigation, as old gatekeepers attack new innovations, testing out every angle of this bizarre "looks like an infringing system" test. Law professor James Grimmelmann, interviewed by Tim Lee at Vox, similarly notes what a mess this will become: "The court is sending a very clear signal that you can't design a system to be the functional equivalent of cable," says James Grimmelmann, a legal scholar at the University of Maryland. "The court also emphasizes very strongly that cloud services are different. But when asked how, it says, 'They're just different, trust us.'" Sure, we now know that if it "looks like a cable system" then it's not legal. But now get ready for a whole host of "looks like x" lawsuits. Lots of different online services might "look like Grokster." After all, that's what Viacom claimed about YouTube. Would YouTube have survived the Viacom lawsuit with this test? Unclear. As Sarah Jeong notes in her write up about the ruling, the really scary part is that we'll "never know the technologies that could have existed, the services that could have been," because many won't even bother trying.Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
Any video game producer who produces a product for which online play is a large component also has to fight an ongoing arms-race against cheaters and hackers who gain an unfair advantage in the game and threaten the gamer ecosystem. It's annoying, it sucks, and the fight is unending. For online games, that's just kind of the deal. Most companies work with programmers and 3rd party service providers, like Steam, to try to ban players who cheat. Other companies, such as Blizzard, choose to try to twist copyright law into some kind of anti-cheater pretzel. Japan, on the other hand, appears to be done screwing around. Newspapers in the land of the rising sun are reporting that three teenagers have been arrested for cheating in the online first-person shooter Sudden Attack. Yes, arrested. Yomiuri Online, one of Japan's largest newspapers, reports that this is the first time gamers have had criminal liability charged against them in Japan for allegedly using cheat programs. One of the gamers is a university freshman, another is a 17 year-old vocational school student, and the last of the trio is a 17-year-old high school student. In Nexon's statement about the legal charges, the company explains that these three players allegedly used the cheat tools repeatedly in the game. IT Media reports that distribution of cheats was also allegedly involved. Yup, things just got a little more real in the realm of pretending to shoot everyone you see. Yes, cheating is annoying. But criminal? That seems like a massive overreaction and tremendously dangerous. Cheating in online games goes back all the way to the dial-up days and companies have always taken it upon themselves to keep cheaters out of their games. They may not like the arms race, but that hardly means it should reach the level of criminal liability -- especially when the line between cheating and just gaining some kind of advantage may get blurry pretty fast. It's reasonable to argue that if the game maker allows something to happen in the game, then it's on that game maker to set things up to block actions it doesn't like. Opening it up to the criminal justice system seems like a recipe for disaster. Cheating is wrong, but couldn't Nexon simply ban these players? Maybe the company tried, but was unsuccessful. Or maybe Nexon should've tried harder to combat the cheats. But making them a crime? It's easy to point at cheaters and say they aren't worth defending, but nobody really wants to open up this can of worms where we can all be charged with crimes for messing around in a game. Permalink | Comments | Email This Story

Read More...