posted 27 days ago on techdirt
The good news is the Supreme Court's Riley decision forces law enforcement to obtain warrants before searching cell phones. The bad news, apparently, is everything else. To begin with, particularity remains a problem. As the Supreme Court pointed out in its decision, people's entire lives are contained in their cell phones. When searching for what's relevant to the suspected criminal activity, the government is pretty much free to dig through these "lives" to uncover what it needs to move forward with prosecution. The lack of strict parameters (perhaps an impossibility given the nature of digital communications/data) leads to fishing expeditions operating under the cover of Fourth Amendment adherence. There's no way to prevent trolling for evidence of unrelated criminal activity. The only recourse is to challenge it after it happens. Sometimes the courts find the government has gone too far. Other times, courts say the evidence would have been "inevitably discovered" in the course of the search and prevent it from being suppressed. Then there are decisions like the one reached by a federal court in South Dakota -- one that says just because one law enforcement agency deployed a warrant to image the contents of a cell phone doesn't mean other law enforcement agencies can take a look at it without obtaining a warrant of their own. Volokh Conspiracy's Orin Kerr snagged the decision and added some brief analysis. A cell phone seized by local police was also apparently of interest to the federal Bureau of Alcohol, Tobacco and Firearms (ATF), which was running its own investigation on the same subject. The local cops were looking for counterfeiting evidence, while the ATF was interested in firearms-related evidence. The locals obtained a warrant and imaged the phone's contents. In the course of its investigation, the ATF pulled up the suspect's file and noticed the recent arrest and seizure of the suspect's cell phone. The Huron (SD) police department helpfully informed the ATF that it had a copy of the cell phone's contents that the ATF could take a look at. The ATF accepted the offer, but did not perform the crucial step of obtaining a warrant. That misstep cost the ATF its evidence. According to the government, all evidence seized -- even if unrelated to the investigation at hand -- should be accessible to any law enforcement agency without obtaining another warrant. Because teamwork. The court disagrees [PDF], pointing out that the government's asking the court to grant it an open-ended fishing license for all electronic devices seized with a warrant: The government argues that this conclusion is “impractical and is contrary to the nature of police investigations and collaborative law enforcement among different agencies.” The government’s position, however, overlooks the ultimate touchstone of the Fourth Amendment: reasonableness. Riley, 134 S. Ct. at 2482. According to the government, law enforcement agencies can permanently save all unresponsive data collected from a cell phone after a search for future prosecutions on unrelated charges. If the government’s argument is taken to its natural conclusion, then this opens the door to pretextual searches of a person’s cell phone for evidence of other crimes. Under the government’s view, law enforcement officers could get a warrant to search an individual’s cell phone for minor infractions and then use the data to prosecute felony crimes. No limit would be placed on the government’s use or retention of unresponsive cell phone data collected under a valid warrant. The court also disagrees with the government's plain view defense. In order for the "plain view" exception to work, there has to be justification for the "view" itself. In this case, the ATF had no justification for viewing the contents of a cell phone seized by another agency for an unrelated investigation. The government also argued that the exclusionary rule shouldn't be applied to the evidence it obtained without a warrant. The court again disagrees, pointing out that the government will suffer minimally from the exclusion of evidence it apparently wasn't planning to introduce anyway. In addition, a failure to enforce the exclusionary rule in cases like these would just result in more governmental fishing trips. Here, the cost of applying the exclusionary rule is minimized because the evidence is peripheral in nature and not directly related to the firearms offense. The government’s actions also suggest the evidence is not necessary for a conviction. Prior to Agent Fair’s search of the iPhone data, the government was ready to proceed with trial on January 3, 2017. Minutes before voir dire, the parties addressed a late discovery issue, and the court granted a continuance. If the issue had not come before the court, the government would have tried its case, and the iPhone data would not have been used. In contrast, the benefits of applying the exclusionary rule in this case are clear. If the exclusionary rule is not applied, law enforcement agencies will have carte blanche authority to obtain a warrant for all data on a cell phone, keep the unresponsive data forever, and then later use the data for criminal prosecutions on unrelated charges—erasing the protections specifically contemplated in Riley. All well and good as far as it goes for upholding Fourth Amendment protections, but as Orin Kerr points out, the court seems to be balancing the government's losses against the plaintiff's rights before arriving at this conclusion. As I have written before, I don’t think it works to do this kind of case-by-case cost/benefit balancing when applying exclusionary rule precedents. But if the evidence isn’t important, the government isn’t going to file an appeal of the decision granting the motion to suppress. This decision is likely the end of the road in terms of judicial review of the Fourth Amendment issue. They don't call the exclusionary rule a RULE for no reason. When rights are violated, exclusion is the proper remedy. Whether or not it damages the government's prosecution should be a distant secondary concern. Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
The discussion about "fake news" certainly began with good intentions, with participants earnestly focused on how disinformation, shitty journalism and bullshit clickbait were filling the noggins of a growing segment of the public for whom critical thinking was already a Sisyphean endeavor. The solution for this problem was never as clean and easy as most of the conversations suggested, especially given that Americans -- thanks in large part to our struggles with education quality and funding -- have never been particularly adept at spotting disinformation, much less understanding how you expose, undermine and combat it at scale. None of these problems are new. Bad journalism and propaganda have plagued publishing and governments for thousands of years. Donald Trump's violently-adversarial relationship with facts and Vladimir Putin's warehouses full of paid internet trolls have simply taken the conversation to an entirely new level in the internet age. But it's becoming increasingly clear that many of the folks who believe they can somehow legislate this problem away may be doing more harm than good. In fact, much of the moral panic surrounding the initial fake news conversation has quickly degenerated into something that vacillates quickly between comedy and terror. As we've consistently pointed out, a growing number of countries have moved to make fake news illegal -- even before they've taken time to understand what it actually is. Germany's decision to make publishing fake news illegal teeters dangerously close to censorship. Letting politicians define "fake news" (with an obvious incentive toward defining it in their favor) should be a fairly obvious slippery slope. We've already watched as Donald Trump and his supporters have whined endlessly that absolutely any information they don't like should be mindlessly deposited into the "fake news" bin -- without the pesky and annoying effort required to intelligently analyze each piece of data or reporting on its merits. Even over in Syria, Bashar al-Assad has found the term useful when trying to dodge accusations of systemic torture and massive executions: Syria's Assad calls mass-execution allegations 'fake news,' @YasmeenSerhan reports https://t.co/qSZQjOAII6 pic.twitter.com/yO4xIeYezd — The Atlantic (@TheAtlantic) February 10, 2017 And while lies and disinformation are the obvious refuge of authoritarians (or worse), Democracies shouldn't believe they're above the fray when it comes to the fight against fake news being bastardized and weaponized. The line between fighting disinformation and depressing dissent is, as the Washington Post recently noted, significantly thinner than many of our supposedly civilized Democracies would like to pretend: "Of course, Europe’s established democracies have little in common with the Soviet Union or other illiberal regimes. But the legal tools proposed by European politicians to suppress fake news sound alarmingly like those used by authoritarian governments to silence dissent. This is dangerous. Not only are such measures incompatible with the principle of free speech, but also they set precedents that could quickly strengthen the hand of the populist forces that mainstream European politicians feel so threatened by." And while there's this belief that these legislative assaults on fake news will somehow put the seedier, more truth-averse news outlets in their place, there's a very real threat of the exact opposite happening (something you could argue is already happening in many countries): "Above all, rather than strengthening established media institutions, banning fake news might very well undermine them in the eyes of the public. If alternative outlets are prosecuted or shut down, mainstream media risk being seen as unofficial propaganda tools of the powers that be. Behind the Iron Curtain, nonofficial media outlets had more credibility than official media in spite of the fact that not everything they published was accurate or fact-checked. The hashtag #fakenews could become a selling point with the public if it were banned rather than rigorously countered and refuted." Meanwhile, both the United States and Russia continue to lead the world when it comes to showing how having government dictate what media coverage is or isn't true is a losing proposition for all of us. In Russia, while one arm of the government is busy pumping out propaganda twenty-four hours a day (and denying it), another wing of the government has begun more seriously deriding stories and facts Putin doesn't like. This week, Russia launched a new section of the government's website dedicated to highlighting "fake news" in a not so subtle fashion: "Just in case anybody missed the point, each article on the Foreign Ministry website carried a big red label reading “FAKE” in English and a line saying that the information in the article “does not correspond to reality." Russia actually announced something of a fake news double whammy, since the defense minister, Sergei K. Shoigu, told Parliament on Wednesday that the military had created a special task force assigned to wage information warfare, although he did not provide any details." None of this is to say there aren't solutions. Obviously, teaching classroom critical thinking in the new global media age should be a priority, since actually being able to identify propaganda has never been a U.S. forte (especially if it's originating from the States, a well-versed expert on the subject). And many of the efforts by Facebook and others to cull obvious bullshit from news feeds while adding fact-check systems could prove useful. People also need to simply pause and realize that the internet is still relatively new, and it's going to take media -- and the truth -- time to find its footing in the face of oceans of bullshit. That said, it might be a good idea to make sure we're not making things worse as we learn. And it shouldn't require too much pesky critical thinking to realize that the efforts to combat "fake news" can be subverted to aid those trying to rip truth from its very foundation, or that letting politicians define what truth is may only expedite our Orwellian descent toward chilling legitimate expression. Permalink | Comments | Email This Story

Read More...
posted 28 days ago on techdirt
Techdirt stories on China tend to paint a fairly grim picture of relentless surveillance and censorship, and serve as a warning of what could happen in the West if government powers there are not constrained. But if you want to see how a real dystopian world operates, you need to look at what is happening in the north-western part of China's huge domain. Xinjiang was originally a turkic-speaking land, but the indigenous Uyghur population is increasingly swamped by Chinese-speaking immigrants, which has caused growing unrest. Violent attacks on the Chinese population in the region have led to a harsh crackdown on the Uyghurs, provoking yet more resentment, and yet more attacks. Last November, we noted that the Chinese authorities in Xinjiang were describing censorship circumvention tools as "terrorist software." Now the Guardian reports on an ambitious attempt by the Chinese government to bring in a new kind of surveillance for Xinjiang: Security officials in China's violence-stricken north-west have ordered residents to install GPS tracking devices in their vehicles so authorities are able to keep permanent tabs on their movements. The compulsory measure, which came into force this week and could eventually affect hundreds of thousands of vehicles, is being rolled out in the Bayingolin Mongol Autonomous Prefecture of Xinjiang, a sprawling region that borders Central Asia and sees regular eruptions of deadly violence. The rollout is already underway -- those who refuse to install the trackers will not be allowed to refuel their vehicles: Between 20 February and 30 June all private, secondhand and government vehicles as well as heavy vehicles such as bulldozers and lorries will have to comply with the order by installing the China-made Beidou satellite navigation system. Beidou is the homegrown version of the US Global Positioning System, completely under the control of the Chinese government. According to Wikipedia, the Beidou system has two levels of accuracy: The free civilian service has a 10-meter location-tracking accuracy, synchronizes clocks with an accuracy of 10 nanoseconds, and measures speeds to within 0.2 m/s. The restricted military service has a location accuracy of 10 centimetres, can be used for communication, and will supply information about the system status to the user. Being able to track any car in the Bayingolin Mongol Autonomous Prefecture of Xinjiang to a few inches should be enough even for the paranoid Chinese authorities. The fear has to be that, if successful, this latest form of extreme surveillance may spread to other regions in China, assuming Beidou could cope with such large-scale tracking. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 28 days ago on techdirt
This week, we were pleased to see a cop lose his a immunity in a case over arresting someone on a baseless warrant, but Anonymous Anonymous Coward won most insightful comment of the week by wondering why that's all that happened: What about the judge who signed the warrant that was so lacking in probable cause? Does the Fourth Circuit have any authority to remove their qualified immunity? Of course not. How about a slap on the wrist? This article, and another I read about the same case do not mention any. Should not rubber stamping by deaf and blind judges get some action? For second place, we head to our post about the ongoing absurd demands from European news publishers that want Google to pay them for linking to them. One commenter brought up the fact that they can always use robots.txt to block Google, and PaulT cut to the heart of the matter and their real intentions: That always gets mentioned, but the fact is this - they don't want to stop Google et al from accessing their content. They simply want to force everyone to pay them, even if those links are increasing traffic anyway. They don't want to find new ways to monetise traffic, they just want to be paid for existing. Just look at their reaction when Google pulled out of certain countries - their reaction was to claim extortion because Google didn't want to pay the extra tax. So, while robots.txt is indeed an easy solution to stopping Google from indexing their content, that's not what they want. They simply want to be paid for doing nothing. For editor's choice on the insightful side, we start out on our post about Apple's amusing claim that Nebraska would become a "mecca for hackers" if it protects the right to repair. TheOtherDude quite reasonably wondered which part of that would actually be a bad thing: I would think Nebraska becoming a Mecca for nearly anything would be good news. If it becomes a mecca for highly skilled technical resources, well sit back and wait for the innovation and in coming economic boom. Seems to me this is more of an argument for the bill then against it. Meanwhile, Mashable was making its own problematic argument against right to repair laws by pushing the concern that people might hurt themselves if they don't know what they are doing. That One Guy highlighted the flaws there by playing a substitution game with their on words: I think it’s a fair concern that Right-to-Drive laws could lead to an explosion of car and truck dealerships. Consumers will wander on foot on on a bike, and drive out with a multi-ton machine of wheeled-death, thinking they can control it. And they will fail, miserably. Plus, what if a consumer's injured during a failed attempt to drive somewhere? They slam a finger in a door, or drive incorrectly, so the vehicle runs into something (and maybe even explodes). It’s the consumer’s fault, obviously, but they could also try to sue Ford or Chrysler. Tl:dr version: Just because you and your friend don't think you can be trusted to do your own repairs doesn't mean the poor public needs to be protected from being able to do so. They're big boys and girls, they can deal with the results from a botched repair job if they're willing to take that risk. Over on the funny side, we start out on the story about German regulators warning parents to destroy an internet-connected doll because it might be used for surveillance. Roger Strong won first place by engaging in some speculative future fiction: Up next: DHS demands your My Friend Cayla doll's MAC address at the border. The FBI demands access to the doll's cloud servers because terrorists. Music collecting societies realize that the audio captured by the dolls might include music, and start demanding royalties. Google uses IFTTT to connect the doll to the self-driving car they place it in, to make it appear that the doll is driving. Highway patrol officers declare the doll's behavior "suspicious", and the car is taken via civil asset forfeiture. For second place, we head back to Apple's "hacker mecca" comments, and specifically that the right to repair bill would "make it very easy for hackers to relocate to Nebraska". One anonymous commenter fleshed out the accusation: And I also hear the Nebraska Right to Repair bill is earmarking money for a hacker gated community, hacker bike sharing program and hacker farmers market in order to further spur their hacker economic recovery plan. For editor's choice on the funny side, we start out with one last response to Apple's comments, this time from TheResidentSkeptic in the form of a nice little story: Sorry Folks, but they are correct to worry. In my mis-spent youth, I used to hop on my bicycle and ride down to Allied to pick up a Sams Photofact on the family TV; then pop the back off, plug in the cheater cord, and start looking for blue tubes (orange good, blue bad). Power down, pop 'em out, back on the bike and over to radio shack. Pop 'em in the tube tester, buy the ones I needed, get the replacement caps, back home and voila, family TV repaired. My slide into the horrors of hacker life had begun. Next I was rebuilding car engines, transmissions, building electronic circuits - and finally into programming. True hacking at its worst. Hell, I still do my own auto work, thus depriving the dealer of excessive profits from $99 oil changes, $199 brake jobs... This hacker lifestyle has just ruined me. And yes, I work on my John Deere myself. Damn 64 year old hacker. I'm Never gonna learn. Finally, we head to our post about the Arizona legislature's bill allowing the seizure of assets from protestors. One commenter, Thad, released a particular kind of virus into the comments... I missed it myself and thus avoided infection, until reviewing the leaderboards for this week's comments where it turned out another commenter was spreading it. And now I'm making it an epidemic. Don't have any idea what the hell I'm talking about? Well, Sorrykb gets the final editor's choice: Thad wrote: http://tvtropes.org/pmwiki/pmwiki.php/Main/ITakeOffenseToThatLastOne Goddammit Thad. [Closes techdirt, revealing 87 open TV Tropes tabs] That's all for this week, folks! Permalink | Comments | Email This Story

Read More...
posted 29 days ago on techdirt
Get I Invented Email, Copymouse and more in the Techdirt Gear store » Right now, there are four different designs in available in the Techdirt Gear store on Teespring: our new Copymouse gear, our limited-time I Invented Email gear, and two different styles of Techdirt logo gear. But, under Teespring's new ongoing-order system, over time we're going to start bringing back some of our designs from last year as permanent fixtures in the store — in some cases with tweaked or updated designs. So, which Techdirt tees would our readers like to see first? There's our popular Takedown gear, the controversial Copying Is Not Theft, and some less-popular but beloved-by-some options like Home Cooking Is Killing Restaurants and Math Is Not A Crime. Of course, there's also the first t-shirt we offered and still the most popular: Nerd Harder. We have some brand new designs in the works too and will be rolling those out in the near future, but first we want to get one or two of these classics back into rotation. In addition to letting us know which ones you're most interested in, feel free to include your thoughts on whether the design needs an update or you'd like to see different products/colors available! Thanks for your feedback, and thanks for supporting Techdirt. Two logo tee styles (plus hoodies, mugs & more) in the Techdirt Gear store » Permalink | Comments | Email This Story

Read More...
posted 30 days ago on techdirt
As you may have heard, late yesterday it was revealed that there was a pretty major bug that was potentially leaking all sorts of sensitive data for some companies that use Cloudflare. The bug is being dubbed "Cloudbleed" as it's actually quite similar to what happened a few years ago with OpenSSL in what was known as Heartbleed. Cloudflare was alerted to the bug by some Google security researchers and quickly patched the problem -- but it had gone on for months, with some sensitive data being indexed by search engines (that's all been cleaned up too). At Techdirt, we use some Cloudflare services. It is unclear (and, in fact, unlikely) that any Techdirt data leaked via Cloudbleed. Also, we don't retain sensitive data from our users. However, in an abundance of caution, we have decided to reset everyone's passwords. If you have an account on Techdirt (which is not a requirement), you will be logged out, and will be required to go through the password reset process to get back into your account. Yes, this is a bit of a pain for our users, but despite the low likelihood of people here being impacted, we felt it was the right thing to do. Various security researchers have suggested that people change their passwords at other sites as well, and we recommend using a password generator/wallet (some of which will automatically change passwords at many sites upon request) to do so. Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
Because there's just not enough opacity shrouding police misconduct and not enough slanting of the criminal justice system against defendants, California police unions have decided to get involved in a judicial dispute over lists of law enforcement officers whose half of "our word against yours" isn't quite as bulletproof as is normally assumed. A Los Angeles sheriff is trying to do the right thing, but he's running into opposition from his own supposed "representatives." The Los Angeles County Sheriff’s Department has collected the names of about 300 deputies who have a history of past misconduct — such as domestic violence, theft, bribery and brutality — that could damage their credibility if they testify in court. Sheriff Jim McDonnell wants to send the names to prosecutors, who can decide whether to add them to an internal database that tracks problem officers in case the information needs to be disclosed to defendants in criminal trials. I don't imagine prosecutors are exactly thrilled to be the recipient of information that damages the credibility of their favorite witnesses, but it's probably better than having your witness destroyed in open court by a defense attorney. But prosecutors may never see this information, thanks to the police union's belief that officers shouldn't be held accountable for anything. The union that represents rank-and-file deputies strongly opposes providing the names to prosecutors and has taken the department to court. The Assn. for Los Angeles Deputy Sheriffs argues that the disclosure would violate state laws protecting officer personnel files and draw unfair scrutiny on deputies whose mistakes might have happened long ago. The union is wrong. Officers' misconduct records are a crucial part of their trustworthiness. Burying these just makes the union look like a willing enabler of bad behavior. There would be no "unfair scrutiny" of deputies. Judges and juries are perfectly capable of determining whether past misconduct is relevant to the case at hand. The union's lawsuit seeks to place the determination of officers' credibility solely in the union's hands. And in its hands, all officers are credible until proven otherwise -- something that will be almost impossible to do with exactly zero information on hand. The union's move is a preemptive Brady violation. Brady material is exculpatory evidence and information prosecutors are statutorily required to turn over to the defense. That would include misconduct records, which might point to a testifying officer's lack of credibility, or show a pattern of relevant misconduct. These files would not be made public, which undercuts the union's "privacy violation" claims. True, some of the files' contents would be made public during court proceedings, but it's not as though the sheriff is asking the DA's office to post the contents of the list on its website. The union wants law enforcement officers to have more rights than the people they serve. The body of a person killed by an officer hasn't even begun to cool before department press liaisons are pushing the dead person's criminal background check results into the hands of every reporter covering the incident. No one expresses any privacy concerns when a 20-year-old arrest is used to alter the public's perception of a police shooting victim. But when it comes to cops themselves -- public servants with immense power, layers of immunity, and publicly-funded opacity that separates them from the consequences of their actions -- privacy is of utmost concern. Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
For some time now, famed jewelry retailer Tiffany & Co. has been a staunch defender of intellectual property and an adversary to a free and open internet. You will recall that this is the company that wanted eBay to be held liable for third-party auctions of counterfeit Tiffany products. The company also lent its support to censoring the internet via the seizing of domains it didn't like, as well as its support for COICA (which was the predecessor of the bill that eventually became SOPA). COICA, among other things, was a bill that would have allowed the DOJ to seize so-called "pirate" websites that infringed on others' intellectual property. And because this always seems to happen, it's noteworthy that despite wanting to completely shut down websites due to infringement, Tiffany is now being sued for copyright infringement for using a photograph without permission or attribution. Tiffany & Co. is in a bit of hot water over a photograph it is using in connection with one of its jewelry lines. Last Friday, New York-based photojournalist Peter Gould filed suit against the famous jewelry company in the U.S. District Court for the Southern District of New York, a federal court in Manhattan, citing copyright infringement. According to Gould’s complaint, the Tiffany & Co. website “features the photograph to sell [the company’s] Elsa Peretti Jewelry.” The complaint further states that at all times Gould “has been the sole owner of all right, title and interest in and to the photograph, including the copyright thereto.” Perhaps more significantly, Gould also alleges that Tiffany & Co. didn't merely use his photograph of Peretti without his permission, but also actively stripped out the copyright information on the photograph to relieve him of any attribution for it as well. That, of course, is a federal no-no spelled Section 1202 of the Copyright Act. Given its vehement defense of intellectual property in the past, the complaint says Tiffany & Co. knew or should have known that such removal of copyright attribution would be seen as an attempt to slide its infringement of Gould's photograph under the legal radar. Given that the photograph is being used on its website, I'm sure the folks at the company would understand if tiffany.com were seized by the government over such allegations, should they prove to be true. Right? Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
Late last year, Thomas Fox-Brewster of Forbes uncovered a strange search warrant among a pile of unsealed documents. The warrant -- approved by a magistrate judge -- allowed law enforcement officers to demand that everyone present at the searched location provide their fingerprints to unlock devices seized from the same location. In support of its request, the government cited cases dating back to 1910, as though they had any relevance to the current situation. The most recent case cited was 30 years old -- still far from easily applicable to today's smartphones, which are basically pocket-sized personal data centers. The judge granted it, stating that demands for fingerprints, passwords, or anything (like encryption keys) that might give law enforcement access to the devices' content did not implicate the Fourth or Fifth Amendments. While the magistrate was correct that no court has found the application of fingerprints to unlock devices to be a violation of the Fifth Amendment, the other access options (passwords, encryption keys) might pose Fifth Amendment problems down the road. Riana Pfefferkorn has uncovered a similar warrant request, but this one has been rejected by the magistrate judge. Pretty much across the board, the order is the antithesis of the one revealed last year. The judge finds [PDF] that the broad request to force everyone present at the residence to apply their fingerprints to seized devices to unlock them implicates multiple Constitutional amendments. The issues presented in this warrant application are at the cross section of protections provided by the Fourth and Fifth Amendments. Essentially, the government seeks an order from this Court that would allow agents executing this warrant to force "persons at the Subject Premises" to apply their thumbprints and fingerprints to any Apple electronic device recovered at the premises. (See Attach. B, tT 12.) The request is neither limited to a particular person nor a particular device. And, as noted below, the request is made without any specific facts as to who is involved in the criminal conduct linked to the subject premises, or specific facts as to what particular Apple-branded encrypted device is being employed (if any). The judge notes the government is able to detain and search persons located at the premises being searched, but that does not extend to forcing every single person in a residence at the time of a search to comply with attempts to unlock seized devices. Because the warrant affidavit contained no particularity about the devices or who in the household the government suspected of engaging in criminal activity, the court can't find anything that justifies the broad, inclusive language contained in the request. This Court agrees that the context in which fingerprints are taken, and not the fingerprints themselves, can raise concerns under the Fourth Amendment. In the instant case, the government is seeking the authority to seize any individual at the subject premises and force the application of their fingerprints as directed by government agents. Based on the facts presented in the application, the Court does not believe such Fourth Amendment intrusions are justified based on the facts articulated. The court has other problems with the affidavit -- beyond the government's unwarranted extension of Fourth/Fifth Amendment jurisprudence to cover any devices/fingerprints encountered at a searched location. Early in the order, it notes the government is deploying boilerplate nearly as outdated as its case citiations. Despite the apparent seriousness of the offenses involved, the Court notes that some of the "boilerplate" background information included in the warrant is a bit dated, such as its explanation that "[t]he internet allows any computer to connect to another computer [so] [e]lectronic contact can be made to millions of computers around the world;" its explanation that a "Blackberry" is a common "Personal Digital Assistant" and its suggestion that the use of "cloud technology" is the exceptional way of transferring files and that transferring images to a computer by directly connecting a cable to a camera or other recording device is the expected means of data transfer. The judge notes outdated boilerplate isn't enough to undo probable cause assertions, but it certainly doesn't help -- especially not when the government is requesting this sort of broad permission. The inclusion of this somewhat dated view of technology certainly does not distract from the application's goal of establishing probable cause. However, the dated "boilerplate language" is problematic for what is not included. There is absolutely no discussion of wireless internet service and the possibilities and capabilities that wireless service presents in this context. For example, an unsophisticated intemet user, or a careless one, may fail to properly encrypt his wireless service or may share the password injudiciously. Such practices leave open the possibility that it is not an inhabitant of the subject premises that has used the internet to gather and distribute child pornography, but rather it is a person who has access to the internet service at the subject premises. Obviously, this possibility holds true in all investigations that track the investigation outlined in the instant application. The limitations of this investigation are not fatal to establishing probable cause, but, in the Court's view, these limitations do impact the ability of the government to seek the extraordinary authority related to compelling individuals to provide their fingerprints to unlock an Apple electronic device. Then there's the other assertions. The government's application does nothing to narrow down which resident it's seeking or what device(s) might contain evidence of criminal activity. What it does appear to be certain about -- for reasons not included in the application -- is that the devices it seeks are Apple products. A footnote in the order questions this assertion. Why Apple devices are likely to be found at the premises is not explained. The Court is aware that Apple has a large market share in online hardware, but Microsoft's Windows operating systems continue to dominate the overall market share of operating systems used. What makes these broad, unsupported assertions even worse, especially when combined with the outdated boilerplate, is that this is apparently the direction the government is heading with its search warrants. In closing, upon presentation of the warrant application to this Court, the government identified for this Court that the warrant application was seeking the forced fingerprinting discussed herein. The government further noted "[t]his is the language that we are making standard in all of our search warrants." This declaration of standardization is perhaps the crux of the problem. As the Court hopes it is plain from the above, the issues presented here require a fact-intensive inquiry both for purposes of the Fourth Amendment and the Fifth Amendment. More particularity, better probable cause, and fewer assumptions about the Fourth and Fifth Amendment's application in a post-Riley world are what's needed from the government, according to this order. Even though this application was rejected, it's safe to say this same approach has worked elsewhere. We've seen one approved warrant already and there are likely several more safely hidden from the public eye in the government's multitudinous sealed cases. What's troubling about the government's assertions in this application is its apparent belief it's found an encryption workaround: one that blows past Fourth and Fifth Amendment concerns using little more than boilerplate that still considers cables to be an essential part of "cloud computing," and magistrate judges willing to buy its outdated legal arguments. Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
"Every vote counts." "Throw the bastards out." "Election platitude #10." Every bit as meaningless as Trump's promise to "drain the swamp." The Beltway Swamp is drain-proof. The process that populates the swamp is rigged. Not in the "millions of illegal votes from illegals" way... or even the "I can see the Russians hacking the election from my house" way. It's rigged because the only federal agency charged with making sure the election process is fair and equitable can't -- actually, won't -- do a single thing to ensure the process' integrity. Two years ago, the Federal Election Commission Chairwoman had this to say about the FEC's powerlessness/uselessness: “The likelihood of the laws being enforced is slim,” Ann M. Ravel, the chairwoman, said in an interview. “I never want to give up, but I’m not under any illusions. People think the F.E.C. is dysfunctional. It’s worse than dysfunctional.” Post-election, this diagnosis has been confirmed. As government accountability research site MapLight reports, an FEC member has decided to exit the dysfunctional commission. On her way out the door, Ann Ravel released a letter and a report [PDF] plainly stating the FEC effectively serves zero purpose. Ann Ravel, an FEC member appointed to the six-member regulatory panel in 2013 by former President Barack Obama, said the commission’s routine deadlocked votes are sending clear signals that campaign finance laws won’t be enforced. “This incredibly significant Commission is not performing the job that Congress intended, and violators of the law are given a free pass,” Ravel wrote in “Dysfunction and Deadlock,” a 25-page report released with her resignation letter to President Donald Trump. “Because of this, candidates and committees are aware that they can ignore the laws enacted to protect the integrity of our elections.” Partisan politics aren't limited to the halls of Congress. The FEC is composed of six members -- three from each side of the political aisle. (Third parties/independents aren't recognized as possible participants in this process.) Reported campaign finance violations received by the Commission can only be addressed if a majority of members agree on moving forward. Because of the ideological split, fewer and fewer violations are being addressed. From the report: The bloc has used the four vote requirement to take most action as unchecked veto power to delay and dismiss flagrant violations, impose significantly lower penalties, and leave major cases without resolution. In 2006, commissioners deadlocked in just 2.9% of substantive votes in Matters Under Review (“MURs”—also known as enforcement cases) closed that year. For MURs closed in 2016, the Commissioners deadlocked on 30% of all substantive votes taken in those matters. In 2006, only 4.2% of MURs closed had at least one deadlocked vote. However, in 2016, 37.5% of all MURs closed had at least one deadlocked vote. This partisanship undercuts the commission's singular purpose. The Supreme Court may hand down rulings on campaign finance transparency, but the court's word is meaningless when no one's willing to enforce it. As the report points out, since the court's 2010 Citizens United decision, more than $800 million has flowed to federal election campaigns without its sources being disclosed. Over the past ten years, the FEC has just become another inhabitant of the swamp it was supposed to help drain -- long before President Trump made it a campaign platform. The FEC has devolved into separate factions glaring at each other over a stack of campaign finance violations neither is willing to address if it might adversely affect "their" party. Suck it up, voters. The system only works as well as those who benefit from it most will allow it to. A house divided against itself cannot stand stands to profit from years and years of two-party status quo. Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
The $39 Hacking for National Security Training courses are designed to help you prepare to get the Certified Ethical Hacker (CEH) credential and to get the Certified Network Defense Architect (CNDA) certification. There are 19 modules covering topics from routing out worms and viruses to network reconnaissance and more. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team. Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
Building legislation on top of the political equivalent of an urban myth is never a good idea. Fold in something routinely abused by law enforcement and you've got a proposed bill whose short name should be "Shit Sandwich." That's the (tentative) plan in Arizona, where the existential threat of "paid protesters" has resulted in a terrible bill that promises to use a handful of Constitutional amendments as a doormat. (via Raw Story) SB1142 expands the state’s racketeering laws, now aimed at organized crime, to also include rioting. And it redefines what constitutes rioting to include actions that result in damage to the property of others. Nothing good can come from the expansion of racketeering laws, which are already abused by government agencies and citizens alike. But it gets worse. A lot worse. It doesn't just apply to protesters who damage property. It applies to anyone possibly connected to a protest in which damage occurs, even if they don't induce or encourage the destruction. (Perhaps even if they speak out against violent acts, but still support the demonstration's premise.) And, to top it all off, police officers would not only be authorized to arrest people engaged in First Amendment activity just because someone down the street broke a window, but also to enrich themselves in the process. But the real heart of the legislation is what Democrats say is the guilt by association — and giving the government the right to criminally prosecute and seize the assets of everyone who planned a protest and everyone who participated. And what’s worse, said Sen. Steve Farley, D-Tucson, is that the person who may have broken a window, triggering the claim there was a riot, might actually not be a member of the group but someone from the other side. Supporters of asset forfeiture always claim it's a great tool for defunding criminal ventures. I can only imagine the verbal gymnastics that will need to be deployed to justify taking cash, cars, whatever from protesters, especially when the state's existing laws already criminalize rioting but without the added "bonus" of depriving rioters of their cash, homes, cars, etc. Do the legislators actually believe protesters are being paid in small, unmarked bills and mid-priced sedans? The "guilt by association" aspect allows law enforcement to apply its discretion, which is seldom a good thing. The moment anything is damaged, it's open season on protest attendees. In fact, it's open season on non-attendees as well, if cops can dredge up anything that appears to be evidence of protest planning. Acquiring a permit pre-demonstration is no longer an act of good faith. It's self-incriminating. One supporter of this truly stupid legislation believes the state's existing riot laws don't work because… wait for it… the bail system exists. Sen. Sylvia Allen, R-Snowflake, said the new criminal laws are necessary. “I have been heartsick with what’s been going on in our country, what young people are being encouraged to do,’’ she said. She agreed with Quezada that there already are laws that cover overt acts. But Allen said they don’t work. “If they get thrown in jail, somebody pays to get them out,’’ she said. “There has to be something to deter them from that.’’ I don't often can't even, but... here we are. People have argued against the bail system because it's stacked against the poorest criminal suspects, but I've never heard the system portrayed as faulty because it works exactly the way it's intended to. And the new law wouldn't change anything this legislator is concerned about. Brand new criminal charges stemming from the stupid bill would still allow suspects to post bail. The only difference is they may not have the cash to do it or a car to drive home if they make bail. Maybe that's what Allen is referring to: extra layers of punitiveness because most current protests are targeting the senator's party -- which also happens to be the party in power at the moment. This made it past a House vote in Arizona, suggesting the state's craziness isn't confined to Maricopa County. It won't survive a Constitutional challenge if it somehow manages to stumble out the governor's desk without being vetoed. Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
A federal judge has just let a plaintiff know there's a big difference between providing hosting for infringing content and actually participating in copyright infringement. ALS Scan sued basically everybody for copyright infringement after discovering adult images that it owned posted all over the web. In addition to Steadfast Holdings -- the defendant just dismissed from this suit -- ALS Scan sued Cloudflare, Juicy Ads, and a number of other hosting services and Does. One by one, these defendants have been excused from the suit. The underlying logic for the dismissals is solid. Providing web hosting is not the same thing as contributory infringement, no matter how much ALS Scan wants it to be. In the Steadfast ruling, Wu said that merely hosting a pirate site does not make the hosting service liable for any copyright infringement actions the site may be guilty of. In its motion to dismiss, Steadfast argued that it did not manage or operate the Imagebam site, and that it only provided computer storage. "The court is unaware of any authority holding that merely alleging that a defendant provides some form of 'hosting' service to an infringing website is sufficient to establish contributory copyright infringement," Wu wrote. “The court would therefore find that the [complaint] fails to allege facts establishing that Steadfast materially contributed to the infringement,” Wu wrote. There's a lot more Steadfast (and the other hosting companies) would have to do to be considered contributory infringers, and the hosting companies are doing none of those things. ALS Scan wants hosting sites to do more than they're legally obligated to do. But it can't sue just because it doesn't agree with their practices. From the opinion [PDF]: [T]he only allegations specific to Steadfast that are raised in the SAC are that Steadfast “hosts” pirate sites, including Imagebam, and that Plaintiff has sent numerous notifications to Steadfast of infringing content on Imagebam, but Steadfast has failed to implement or enforce a repeat infringer policy by removing Imagebam from its servers. Beyond that, ALS's complaint contains nothing that shows evidence of its claims. Steadfast also contends that the SAC fails to allege material contribution or inducement. The Court would agree. The SAC alleges only that Steadfast “hosts” pirate sites that feature infringing content. It is entirely unclear what services Steadfast provides to Imagebam; what type of infringing activity Imagebam conducts (or even what Imagebam is); or how Steadfast contributes to or facilitates that infringing activity. As such, the Court would find that the SAC fails to plead material contribution. The same goes for the rest of the allegations. Steadfast did not induce or contribute to infringing activity at hosted sites, nor did it somehow violate ALS's trademarks by hosting sites where infringing images could be found. As Judge Wu's opinion points out, it's not up to the court to determine whether sued websites are "responsive enough" to rightsholders' demands. The law rightsholders wanted -- the DMCA -- sets the rules and as long as sites and hosts follow the statutory requirements, they're insulated from most infringement claims. It appears ALS is engaging in pray-and-spray litigating. Beyond the Does, there's been no attempt made to target those actually participating in copyright infringement. Instead, ALS sued a bunch of hosting companies (and an ad network) in hopes of landing a settlement or two before its allegations were exposed as weak and baseless by the presiding judge. Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
So when we last checked in with Comcast, the company was whining about a now deceased FCC plan to bring some much-needed openness and competition to your dusty old cable box. The FCC had proposed requiring that cable providers let users pick the cable box of their choice, later modifying the plan (after endless industry pearl-clutching) to simply requiring that cable providers bring their existing content in app form to existing streaming boxes. Granted, Comcast was at the heart of a massive, bizarre disinformation effort claiming the plan would end civilization as we know it. Of course, what it would have ended was not only $21 billion in cable box monopoly rental fees, but a cornerstone of the closed, locked down walled garden that helps prop up the cable industry's gatekeeper power. Comcast, for what it's worth, claimed that bringing its content to third-party devices would harm copyright, increase piracy, hinder cable industry "innovation," and was technically impossible anyway. Regardless, the FCC's plan is dead, and it's not coming back any time soon. But Comcast still has to drive the impression that it's listening to consumers and driving innovation, so the cable giant recently announced it would be bringing its Xfinity cable TV service to Roku streaming hardware. The app, currently in beta, lets users access their existing Comcast TV content without the need for a cable box, highlighting, Comcast insists, the company's innovation in the TV space: "Featuring an immersive guide with rich graphics, imagery, personalized recommendations and detailed information for tens of thousands of movies and TV shows, the app will allow Xfinity TV customers to watch live and on demand programming, including local broadcast and Public Educational and Governmental channels, as well as their cloud DVR recordings, delivered over Comcast’s secure private managed network, on Roku devices in the home." On its surface this sounded great. But this being Comcast, the company couldn't allow itself to be innovative without saddling customers with entirely unnecessary fees. Reports quickly began to emerge that Comcast would be charging customers that use Roku in this fashion an additional $7.95 every month, for no coherent reason whatsoever: "What makes this fee striking is that it's not designed to pay for any particular cost to Comcast's business. The $9.95 fee that 99 percent of cable customers pay for set-top boxes is listed on bills as an equipment "rental fee." Even the Cablecard fee includes a bit of hardware from the cable operator. But the Roku app is purely software. It doesn't require a piece of equipment supplied by the cable company, nor does it require a technician to come to your home to set it up." But Gigi Sohn, who served as a senior adviser to former FCC Chairman Tom Wheeler, said she knows why. "It's gravy to them," Sohn said. "You're already paying handsomely for the service. And now they're making you pay a second time." It is, in effect, a $7.95 "because we can" fee, and a big reason the FCC wanted to standardize this process to keep cable executive "creativity" under control. Of course, this being Comcast, the company was also quick to make sure this service wouldn't count against the completely unnecessary broadband usage caps it continues to deploy across the least competitive portions of the company's footprint. Comcast's FAQ on the new Roku beta correctly notes that this technically isn't a net neutrality violation, because this traffic never actually touches the general internet: The Xfinity TV service delivered through the Xfinity TV Beta app is not an Internet service and does not touch or use the Internet. Rather, it is a Title VI cable service delivered solely over Comcast's private, managed cable network, so it will not count toward your Xfinity Internet Data Usage Plan. So yeah, while not technically a violation of net neutrality (not that those rules will be around long anyway), it still gives Comcast a competitive advantage. If you're trying to choose between a new streaming live TV service like Sony's Playstation Vue or Dish's Sling TV or Comcast's offering, the fact that those services will erode your Comcast usage cap could very likely drive you back into the arms of Comcast. Of course, that's quite by design, and is a perfect example of how every "innovation" Comcast pushes into the market tends to have a nasty underlayer of price gouging and anti-competitive shenanigans. Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
Remember the good old days, when trade deals were so boring nobody even cared they were happening? That started to change with the Anti-Counterfeiting Trade Agreement, (ACTA), where the copyright industries rather foolishly tried to slip in some proposals that would have had big impacts on the online world. As Techdirt reported at the time, that led to an unprecedented awareness of, and resistance to, ACTA that ultimately caused its defeat in the European Parliament. After that, things were never the same again in the world of trade deals, because digital activists were now on the lookout for the bad stuff hidden in the stultifyingly dull language. They soon found it in TPP, which people realized was basically "Son of ACTA," but worse. Then came TAFTA/TTIP, which publicly dropped its ACTA-like elements in a desperate attempt to stave off criticisms and mass protests. That didn't work, of course; TTIP soon ground to a halt, and remains in limbo. Even though TPP was eventually concluded after years of delays, it was derailed by the election of Donald Trump as US President, who promptly withdrew from the deal. But if you thought things had finally quieted down for a while -- TISA too has dropped off the radar recently -- think again. There's a new twist in the global trade deal saga, as the Handelsblatt newspaper reports: The European Union is positioning itself to fill any vacuum left behind by the United States as the Trump administration spurns trade deals in Asia and Latin America. E.U. Trade Commissioner Cecilia Malmström said Brussels has been in close contact with several Asia-Pacific countries since the White House decided to withdraw from the Trans-Pacific Partnership. "We have seen that many of the TPP countries are now approaching us and saying 'we still want to do deals,' " Ms. Malmström told Handelsblatt. "We are engaged with basically all of them, either negotiating or have a deal or preparing negotiations." Yes, those wily Europeans are trying to take advantage of the US's apparent withdrawal from multilateral trade negotiations to stitch up deals with the other Pacific rim countries that have just been left at the TPP altar. An agreement with the EU, whether individually or as a bloc, could be a good option for the ex-TPP nations. It would allow each of them to move forward with a trade deal after expending so much political capital on the failed TPP, and it would show that being jilted by the US is not the end of the world. For the EU, it would signal that it can take the initiative and become the flag-bearer for free trade at a time when Trump seems to be embracing protectionism, and turning his back on Europe. It's early days yet, and if the previous five years have taught us anything, it is that nothing is certain in the world of trade deals. It's still possible that the Trump administration will perform a U-turn and embrace TPP, perhaps with some token changes to justify the move. But of one thing we can be sure: we're not going back anytime soon to the days when trade deals were boring. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
As Techdirt has noted, the UK's Investigatory Powers Act, better known as the Snooper's Charter, has been dubbed "the most extreme surveillance law ever passed in a democracy." It may be the worst, but it's not an isolated case. Governments around the world are bringing in laws that grant them powers to spy on innocent citizens using "bulk collection" of information -- mass surveillance, in other words. As the Dutch site Bits of Freedom reports, the latest country to join the super-snooper club is the Netherlands, where the lower house has just passed the bill for the new Intelligence and Security Services Act: The controversial new law will allow intelligence services to systematically conduct mass surveillance of the internet. The current legal framework allows security agencies to collect data in a targeted fashion. The new law will significantly broaden the agencies' powers to include bulk data collection. This development clears the way for the interception of the communication of innocent citizens. Another worrying trend is for spies around the world to pass on information they have gathered to intelligence services in other countries. The Dutch law is particularly bad in this respect, for the following reason: Under the passed bill, Dutch security agencies may also share collected data without having analyzed it first. But when we hand over data to foreign governments without performing some form of data analysis prior to the exchange, we run the risk of not knowing what potentially sensitive information falls into foreign hands, and the consequences that might have for citizens. The Bits of Freedom post also notes that much in the proposed law has yet to be defined, which is hardly a happy state of affairs. That includes limitations on the powers and how oversight will be carried out. However, more positively, among the revisions made to the bill when it was put out for public consultation in 2015 are some important improvements. Here's what happens next: It's now the Senate's turn to review the bill. A bill that, in all likelihood, will not meet the minimum safeguards dictated by European law. If the parliamentary groups in the upper house abide by those in the lower house, the bill will be cleared with a comfortable majority. The mention of the safeguards of European law is significant. As we reported in December, the Court of Justice of the European Union (CJEU) confirmed that general and indiscriminate data retention is illegal in the EU. Assuming the Dutch law is passed as expected, a legal challenge at the CJEU could follow, and would seem to stand a good chance of getting the law struck down in its present form. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
Here is something you, the dear Techdirt reader, may not have known about me: I had always thought that there was only one proper spelling for the name "Lindsey." I'm not sure why I thought that, but I was certain that name was only spelled with an "e" before the "y." But, it turns out, spelling it as "Lindsay" is a perfectly common and accepted alternate spelling for the name. And the only reason that I now know that is because Linsday, with an "a," Lohan will not let her lawsuit against Take-Two Interactive -- for appropriating her likeness for several characters, which didn't actually happen -- die its final death. First, a refresher. Lohan decided that a side quest character in Grand Theft Auto 5, which was actually an amalgam of several Hollywood starlet tropes, violated her publicity rights. She also claimed that an entirely different character that was used on some of the game's marketing and packaging was also her and also violated her publicity rights. The case wove its way through the past half-decade, largely with the court and Take-Two casting narrow eyes at the mountains of paperwork Lohan's legal team was able to produce while somehow maintaining an inability to come up with claims that were in any way credible, before the court finally tossed the lawsuit entirely. The court at the time made it clear that Take-Two's characters weren't direct appropriations of Lohan's likeness and that the parody amalgam starlet it had created was clearly protected by the First Amendment. But, for some reason, it appears that LiLo's legal team was, like, "nuh uh!" Lindsay Lohan has been granted an appeal in her lawsuit against the maker of the Grand Theft Auto video games. Last year, the Appellate Division Courthouse of New York State tossed the case, stating it was without merit. Her appeal was accepted by the New York Court of Appeals on 16 February. It must be nice to have the kind of money required to keep the legal team going on a lawsuit that's been a loser at every turn. Still, it's perplexing that this lawsuit hasn't been put out of its misery at this point. The nature of the characters and their status as protected speech seems as clear cut as it gets. And, perhaps more importantly, the character that Lohan is desperate to associate herself with for the purposes of this lawsuit is one that is depicted engaging in sex acts in a public setting and being photographed doing so. I'm struggling to understand why one would want to engage in this kind of legal reach under those circumstances. Her legal staff should be informing her that it's time to give this whole thing the Ol' Yeller treatment. Why they aren't doing so is beyond me. Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
For a while now, we've discussed how your children's toys are quickly becoming the latest and greatest privacy threat courtesy of cryptic or half-cooked privacy policies and the treatment of device security as an afterthought; rather part and parcel now for the privacy dumpster fire that is the internet of not-so-smart things era. Numerous privacy groups have complained that smart Barbies and other toys not only now hoover up and monetize childrens' prattle, but leave the door open to the devices' being used nefariously by third parties. The problems culminated in a lawsuit last December here in the States against Genesis Toys, maker of "smart" toys like the My Friend Cayla doll and the i-Que Intelligent Robot. The lawsuit accuses the company of violating COPPA (the Childrens' Online Privacy Protection Act of 1998) by failing to adequately inform parents that their kids' conversations and personal data collected by the toys are being shipped off to servers and third-party companies. The privacy policy for the toys does warn users that companies like Nuance Communications, also a government defense contractor, will receive this data for analysis: "We may use the information that we collect for our internal purposes to develop, tune, enhance, and improve our products and services, and for advertising and marketing consistent with this Privacy Policy." It continues, “If you are under 18 or otherwise would be required to have parent or guardian consent to share information with Nuance, you should not send any information about yourself to us." The lawsuit alleges the toys are violating COPPA because they're marketed to "ages 4 and up" and being mostly used by kids under age 18. Under COPPA, companies gathering kids' data have to provide notice to, and obtain consent from parents regarding data collection. They also have to provide parents tools to access, review and delete this data if wanted, as well as the parental ability to dictate that the data can be collected, but not shared with third parties. The complaint suggests neither Nuance or Genesis Toys are doing any of this. But Genesis is also under fire for the fact that these toys just aren't all that secure. A report by the Norwegian Consumer Council (pdf) found that a lot of the data being transmitted by these toys is done so via vanilla, unencrypted HTTP connections that could be subject to man-in-the-middle attacks. While Genesis faces a lawsuit here in the States, the FTC has yet to act against the company. Overseas however, German regulators are taking a different tack and urging parents to destroy the data-collecting dolls entirely: "An official watchdog in Germany has told parents to destroy a talking doll called Cayla because its smart technology can reveal personal data. The warning was issued by the Federal Network Agency (Bundesnetzagentur), which oversees telecommunications. Researchers say hackers can use an unsecure bluetooth device embedded in the toy to listen and talk to the child playing with it. As it stands, German regulators say that a bluetooth-enabled device could connect to Cayla's speaker and microphone system within a radius of 33 feet. As a result, the doll is being effectively treated as a "concealed transmitting device," illegal under an article in German telecom law. A spokesman for the Federal Network Agency said it doesn't really matter what shape the device took; "it could be an ashtray or fire alarm" and would still be illegal. While demanding destruction of the dolls may be overkill, it's just another example of how privacy and security apathy continue to haunt the IoT space. Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
California's IMDb-targeting "ageism" law looks as though it won't be able to survive the website's Constitutional challenge -- an outcome that should have been foreseen while the bill was still in its crafting phase. The law was passed to address apparent age discrimination by movie studios. For whatever reason, the California legislature decided the best way to handle this was to force a web site to stop publishing actors' ages, rather than just, you know, enforcing the state's existing anti-discrimination laws. Sure, other similar sites would also (theoretically) be affected, but IMDb is the only one that's actually been sued by an aggrieved actress over its publication of facts. Politico's Josh Gerstein reports the presiding federal judge doesn't see much to like in the new law and has granted a temporary restraining order to IMDb while everything gets sorted out it rolls to its inevitable victory. A federal judge has barred the State of California from enforcing a new law limiting online publication of actors' ages. Acting in a case brought by online movie information website IMDb, U.S. District Court Judge Vince Chhabria ruled Wednesday that the California law likely violates the First Amendment and appears poorly tailored to proponents' stated goal of preventing age discrimination in Hollywood. The order [PDF] is only three pages long, but it's more than enough space to detail the serious problems with California's law. With respect to the first part of the preliminary injunction test, it's difficult to imagine how AB 1687 could not violate the First Amendment. The statute prevents IMDb from publishing factual information (information about the ages of people in the entertainment industry) on its website for public consumption. This is a restriction of non-commercial speech on the basis of content. Going beyond the First Amendment issue, Judge Chhabria goes on to attack the premise underlying the ridiculous legislation. To be sure, the government has identified a compelling goal – preventing age discrimination in Hollywood. But the government has not shown how AB 1687 is "necessary" to advance that goal. In fact, it's not clear how preventing one mere website from publishing age information could meaningfully combat discrimination at all. And even if restricting publication on this one website could confer some marginal antidiscrimination benefit, there are likely more direct, more effective, and less speech-restrictive ways of achieving the same end. For example, although the government asserts generically that age discrimination continues in Hollywood despite the long-time presence of anti-discrimination laws, the government fails to explain why more vigorous enforcement of those laws would not be at least as effective at combatting age discrimination as removing birthdates from a single website. Because the government has presented nothing to suggest that AB 1687 would actually combat age discrimination (much less that it's necessary to combat age discrimination), there is an exceedingly strong likelihood that IMDb will prevail in this lawsuit. The Screen Actors Guild, which supports the new law, expressed its disappointment in the judge's ruling and stated it was "looking forward" to presenting evidence that targeting IMDb for publishing actors' ages will somehow reduce discriminatory practices by movie and TV studios. I'm looking forward to that as well, although for very different reasons than SAG is. Defending indefensible laws isn't much fun for those doing the defending, but it's an incredibly entertaining spectator sport. Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
Perhaps no entity generates more fake news than the FBI's counterterrorism unit. Several times a year, a press release is issued announcing the bust of a so-called terrorist. Almost invariably, the "terrorist" has been handcrafted through the relentless intercession of undercover FBI agents. Here's how the DOJ website describes its latest self-crafted anti-terrorism coup: Robert Lorenzo Hester, Jr., 25, of Columbia, Missouri, was charged in a criminal complaint with attempting to provide material support to the Islamic State of Iraq and al-Sham (ISIS), a designated foreign terrorist organization. Hester was charged in federal court based on his role in making preparations to launch a terrorist attack with persons he believed were associated with ISIS, who were actually undercover law enforcement personnel. And here are the far more mundane and sad details behind the official statement, as provided by Murtaza Hussain of The Intercept. Robert Lorenzo Hester of Columbia, Missouri, didn’t have the $20 he needed to buy the 9-volt batteries, duct tape, and roofing nails his new FBI friends wanted him to get, so they gave him the money. The agents noted in a criminal complaint that Hester, who at one point brought his two small children to a meeting because he didn’t have child care, continued smoking marijuana despite professing to be a devout Muslim. This is the supposed terrorist who would have killed hundreds of people on President's Day if the FBI hadn't stepped in to intervene. But the FBI's "intervention" looks suspiciously like "encouragement…" or "entrapment." [T]he only contact Hester had with ISIS was with the two undercover agents who suggested to him that they had connections with the group. The agents, who were in contact with him for five months, provided him with money and rides home from work as he dealt with the personal fallout of an unrelated arrest stemming from an altercation at a local grocery store. Undercover agents began working with/on Hester shortly after this arrest. Seizing on his anti-government social media posts [good lord], the agents told Hester they could put him in touch with someone with direct terrorist connections. This "direct connection" was just another FBI agent. It was the FBI that suggested acquiring weapons. And it was the FBI who chose to take Hester seriously, despite his nonexistent terrorist group ("the Lion Guard") sporting a name that had been pulled from a cartoon his children watched. It was also an FBI agent who suggested that even thinking about planning a terrorist attack was an irrevocable act -- and that entertaining second thoughts about committing acts of violence would be rewarded with acts of violence. The agent cautioned Hester that once he decided to proceed there was “no turning back.” He also told Hester that under no circumstances was he to do conduct any sort of operation on his own. The agent, referred to in the complaint as UC-2, then “threatened to come back and find HESTER if he learned that HESTER reneged on the promise. For emphasis, and for the purpose of mitigating the security threat posed by HESTER, UC-2 displayed a knife and reminded HESTER that UC-2 knew where HESTER and his family lived, among other forceful words.” After threatening his family, FBI agents continued to push Hester forward with "his" plan to commit an act of terrorism. His plans required $20 worth of supplies… which Hester couldn't afford. But Hester did promise to be more materially-supportive in the near future: Hester promised that he would help buy ammunition for the weapons once he had received the money from his tax refund. A lot of the FBI's standard counterterrorism M.O. is on display here. The agency prefers to work with people in desperate or dire circumstances -- people who don't have the financial independence or mental toughness needed to create and carry out plans on their own. And when they get cold feet, agents apparently suggest their dire circumstances will be made even worse. The end result is the government congratulating itself for rounding up "terrorists" that likely never would have gone beyond anti-government Facebook posts if they'd been left alone. And for the few who appear capable of committing violent acts, the government pushes these people towards extremism rather than attempt to pull them back from this precipice. Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
Google, being the search giant that it is, has been banging the drum for some time about the silly way the DMCA has been abused by those that wield it like a cudgel. Here at Techdirt, we too have described the many ways that the well-intentioned DMCA and the way its implemented by service providers has deviated from its intended purpose. Still, the vast majority of our stories discuss deliberate attempts by human beings to silence critics and competition using the takedown process. Google, on the other hand, has been far more focused on statistics for DMCA takedown notices that show wanton disregard for what it was supposed to be used for entirely. That makes sense of course, as the abuse of the takedown process is a burden on the search company. In that first link, for instance, Google noted that more than half the takedown notices it was receiving in 2009 were mere attempts by one business targeting a competitor, while over a third of the notices contained nothing in the way of a valid copyright dispute. But if those numbers were striking in 2009, Google's latest comment to the Copyright Office (see our own comment here) on what's happening in the DMCA 512 notice-and-takedown world shows some stats for takedown notices received through its Trusted Copyright Removal Program... and makes the whole ordeal look completely silly. A significant portion of the recent increases in DMCA submission volumes for Google Search stem from notices that appear to be duplicative, unnecessary, or mistaken. As we explained at the San Francisco Roundtable, a substantial number of takedown requests submitted to Google are for URLs that have never been in our search index, and therefore could never have appeared in our search results. For example, in January 2017, the most prolific submitter submitted notices that Google honored for 16,457,433 URLs. But on further inspection, 16,450,129 (99.97%) of those URLs were not in our search index in the first place. Nor is this problem limited to one submitter: in total, 99.95% of all URLs processed from our Trusted Copyright Removal Program in January 2017 were not in our index. Now, because Google is Google, the company doesn't generally have a great deal of sympathy hoisted upon it by the public, never mind by copyright protectionists. But, come on, this is simply nuts. When the number of claims coming through the system that don't even pertain to listed results by Google can be logically rounded up to 100%, that's putting a burden on a company for no valid reason whatsoever. Even if you hate Google, or distrust it, it should be plain as day that it's unfair for it to have to wade through all this muck just to appease the entertainment industries. And, it's important to note that this isn't all of the notices received, but just those coming through the Trusted Copyright Removal system -- meaning that these are organizations that supposedly are supposed to have at least some credibility not to be submitting totally bogus notices. But, apparently, they don't actually give a damn. The problem, as you may have already guessed, is that most of these claims are being generated through automated systems designed to shotgun-blast DMCA notices with reckless abandon. These numbers of simply staggering with only a tiny number of millions of requests reflecting actual pages in the search index. Rather, 99.95% of the processed URLs from Google’s trusted submitter program are machine-generated URLs that do not involve actual pages in the search index. Given that data, Google notes that claims that the large number of requests correlates to infringing content on the Internet is incorrect: Nor is the large number of takedown requests to Google a good proxy even for the volume of infringing material available on the Internet. Many of these submissions appear to be generated by merely scrambling the words in a search query and appending that to a URL, so that each query makes a different URL that nonetheless leads to the same page of results. The claim by the entertainment industry that one can see what a problem piracy is by looking at the sheer volume of DMCA notices sent to search engines shall hereby be declared dead, having been buried by the industry's fellow takedown-notice-filers. That claim never made much sense, but these stats sever any link between takedown notice numbers and actual piracy completely. And there needs to be a remedy for this, whether its punishment upon the abusers or rules for how notices can be filed. Because these numbers are ridiculous. Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
Python is a simple, yet powerful programming language that allows developers to build complex websites without complex code. The $44 Python Power Coder BONUS Bundle is a series of 8 courses designed to take you from the basics of Python to more advanced concepts and uses. Over 70 hours of content and hands-on projects will have you feeling confident in your coding skills. This bundle is a part of a special collection of courses we're highlighting with an extra deal this week. Select this course or any from the collection and type in the code LEARN50 at checkout to receive an additional 50% off of your purchase. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team. Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
There aren't many rights extended to anyone in the "Constitution-free zones" we like to call "borders." You may have rights 100 miles inland, but the government's needs and wants outweigh citizens' and non-citizens' rights wherever immigration officers roam. According to the Supreme Court, warrants are required for cell phone searches. But neither the Constitution nor Supreme Court rulings apply within 100 miles of the border, where the government's needs and wants are considered more important than the protections they can avail themselves of everywhere else in the country. Senator Ron Wyden is looking to change that. Rather than cede more ground to the rights-swallowing concept of "national security," Wyden is looking to change the laws governing the "Constitution-free zones." Sen. Ron Wyden will soon introduce legislation to prevent Customs and Border Patrol agents from demanding the passwords to online accounts and mobile devices from American travelers without a warrant. In a letter to Secretary of Homeland Security John Kelly dated Feb. 20, the Democratic senator from Oregon said border searches that take place without a warrant circumvent the right to privacy and “weaken our national and economic security.” We'll see how that sits with John Kelly. Kelly appears to be on board with the new administration's "extreme vetting" immigration stance. He's offered to take the DHS's requests for immigrants' social media account info to the next level -- moving it from a voluntary request on visa application forms to mandatory demands for account passwords. Chances are, Kelly has about as little use for citizens' rights as he has for non-citizens in general. The security of the nation is prized above presenting the appearance of a Constitutional republic to the outside world. Given the current climate in the White House, the legislation will be facing a steep uphill grade. But while we wait for the security vs. privacy legislative fistfights to commence, perhaps DHS head John Kelly will help us pass the time by explaining exactly what it is that he feels gives him the right to search devices without a warrant and/or demand this country's visitors hand over their social media account passwords. From Wyden's letter [pdf]: 1. What legal authority permits CBP to ask for or demand, as a condition of entry, that a U.S. person disclose their social media or email account password traveler? 2. How is CBP use of a traveler's password to gain access to data stored in the cloud consistent with the Computer Fraud and Abuse Act? 3. What legal authority permits CBP to ask for or demand, as a condition of entry, that a U.S. person turn over their device PIN or password to gain access to data? How are such demands consistent with the Fifth Amendment? 4. How many times in each calendar year 2012-2016 did CBP personnel ask for or demand, as a condition of entry, that a U.S. person disclose a smartphone or computer password, or otherwise provide access to a locked smartphone or computer? How many times has this occurred since January 20, 2017? 5. How many times in each calendar year 2012, 2013, 2014, 2015, and 2016 did CBP personnel ask for or demand, as a condition of entry, that a U.S. person disclose a social media or email account password, or otherwise provide CBP personnel access to data stored in an online account? How many times has this occurred since January 20, 2017? Then again, perhaps not. Government officials are kind of used to ignoring questions they don't feel like answering. This will put Wyden back in a familiar position: repeatedly asking unanswered questions of agency officials at any Congressional hearing his opponents can't keep him from attending. Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
The Copyright Office's study concerning Section 512 of the DMCA (the notice-and-takedown/safe harbors part of the law) had its second comment period end this week -- which is why you're seeing stories about how the RIAA is suddenly talking about piracy filters and notice-and-staydown. Via our think tank arm, the Copia Institute we filed our own comments, pointing out the already problematic First Amendment issues with the way the current notice-and-takedown system works. Remember, there's a very high standard set by the Supreme Court before you can take down expressive content. But the notice-and-takedown system ignores all of that: Because this takedown system functions as a system of extra-judicial injunctions it is critical that the speech they target have at least as much protection as speech targeted by any request for injunctive relief. Ordinarily someone seeking to enjoin speech would need to properly plead and then prove that the targeted speech was indeed actionable. Under present practice, however, senders of takedown notices have not needed to overcome these sorts of hurdles prior to effecting the removal of targeted content via their takedown demands. A significant reason takedown notice senders have been able to evade these constitutional requirements is because there is no effective consequence for sending non-meritorious takedown demands. Unfortunately, the likes of the RIAA and others are pushing to make the system even worse, and we point out to the Copyright Office how that would exacerbate the First Amendment issues from the DMCA: Under no circumstance should the Copyright Office advocate for exacerbating any of the consequences to speech that the DMCA already inflicts. For instance, any proposal to increase the power of a takedown notice, such as by turning it into a permanent injunction through “takedown-and-staydown” proposed by Question #12, would only increase the severity of the Constitutional injury the DMCA inflicts, as would requiring any additional delay in restoring content after receiving a counter-notice, as proposed by Question #5. If the Copyright Office is to do anything it should only be to encourage alleviation of the incursions on free speech that these unchecked takedown notices allow. In our comment, we also note our concerns about some of the recent court decisions that seem to expand the DMCA in very dangerous ways that could also have serious free speech implications: ... those recent cases have also suggested that these takedown notices effectively start a clock on the intermediary, where once it learns too much about a user’s predilection for potentially infringing activities it must act to remove that user’s access to its systems entirely. These cases are troublesome for several reasons, not the least of which being that, like jurisprudence relating to Section 512(f), they also infer a statutory requirement not actually in the statute. Section 512(i) only says that an intermediary must have a policy for terminating repeat infringers; it is otherwise silent as to what that policy should be, and post-hoc decisions by a court threaten to make safe harbor protection illusory, given that a platform can never be sure if it has complied with the statute or not. They are also troublesome because they give the takedown demand a sort of power that such demands would never have outside of the DMCA. As discussed above, and in prior comments and proceedings, infringement allegations can often be false (or even merely mistaken), which is why injunctions are not granted without due process. Due process allows the allegations to be tested, so that only the meritorious accusations can result in any penalty. Allowing a penalty for unproven allegations, particularly with respect to speech, amounts to prior restraint, which is itself anathema to the First Amendment. A penalty that censors speech is bad enough, but a penalty that censors speakers altogether raises the constitutional injury to a whole other level. We have already seen malevolent actors abuse takedown notices to try to suppress criticism. We should not also be handing them the power to use takedown notices to suppress critics’ ability to speak out at all. It's unfortunate that there has been little to no review at all of the First Amendment implications of the DMCA. And, no, we're not saying that infringement is free speech (heading off the comment that we're sure someone is already itching to make below). But we are saying that any system that removes expression has to take into account the First Amendment. But the DMCA doesn't discriminate and is regularly used to take down content that is clearly not infringing, as well as lots of content where it's not truly determined if it is actually infringing. And without that analysis exploring the First Amendment implications, we now have the RIAA, MPAA and their friends trying to make the powers to censor even stronger, which is quite ridiculous coming from two organizations that often highlight their commitment to the First Amendment. Permalink | Comments | Email This Story

Read More...
posted about 1 month ago on techdirt
21 states have passed laws hamstringing the rights of local communities when it comes to improving broadband infrastructure. Usually dressed up as breathless concern about the taxpayer -- these bills have one purpose: protect the telecom mono/duopoly status quo -- and the campaign contributions it represents -- from the will of the people. Countless towns and cities have built their own next-generation networks, usually because nobody else would. But these bills, usually ghost written by ISPs for politicians with ALEC's help, either ban locals from making this decision for themselves, or saddle these operations with enough restrictions to make them untenable. Missouri's just the latest state to either pass a new protectionist bill, or update old laws so they're more restrictive. Like many of these bills SB 186 does its best to impose all manner of restrictions on towns and cities looking to bring better broadband to under-served state communities. SB 186 is actually the third time in as many years that incumbent ISPs have tried to pass expanded community broadband restrictions. Last year, a similar Missouri bill got "unwanted" attention when AT&T got a lawmaker to try and bury it in an unrelated traffic proposal. Like the last few iterations, SB 186 words itself in such a way to avoid the impression of an outright community broadband "ban," even if that's effectively what it is. Usually this is done by stating a community can't build and operate a broadband network if an existing provider already services the area, intentionally ignoring the fact that said "existing provider" is usually a fat and lazy telco trying to sell users 2002-era 3 Mbps DSL speeds at next-generation prices. SB 186 also saddles these operations with all manner of restrictions on how these networks can be funded, marketed, and expanded. Often, the bills require a protracted additional public comment period, during which deep-pocketed lobbyists use push polls and other disinformation to convince locals that community broadband is one step up from devil worship, even if it's really just an organic reaction to telecom market failure. The history of these disinformation efforts goes back decades, with ISPs resorting to push polls with questions implying that taxpayer funds would be used for pornography, and government would ration your TV usage. Should the networks actually get built, they'll then often face incumbent ISP lawsuits. When said lawsuits inevitably saddle these local efforts with delays and added costs, ISPs are quick to point to the problems they caused as proof positive that community broadband doesn't work. But community broadband is like any business plan: if the plan itself is sound, the network succeeds (as is the case in places like Chattanooga, Tennessee). Historically, most of the twenty-one protectionist state laws have been passed quietly with minimal controversy, in large part thanks to an either misinformed or apathetic public. But as companies like Google and Ting have more recently attempted to disrupt the telecom market, reporters have highlighted not only the lack of broadband competition -- but the protectionist laws responsible for keeping things that way. Last month, Google, Netflix and Ting fired off a letter to Missouri lawmakers (pdf) highlighting the absurdity of such laws: "SB 186 would amount to a virtual ban on local choice, harming both the public and private sectors, stifling economic growth, preventing the creation or retention of jobs around the State, particularly in rural areas, hampering work-force development, and diminishing the quality of life in Missouri. In particular, SB 186 will hurt the private sector by derailing or unnecessarily complicating and delaying public-private partnerships, by interfering with the ability of private companies to make timely sales of equipment and services to public broadband providers, by denying private companies timely access to advanced networks over which they can offer business and residential customers an endless array of modern products and services, and by impairing economic and educational opportunities that contribute to a skilled workforce from which businesses across the state will benefit." The companies also point out that, hey, maybe local infrastructure decisions should be left up to locals, not AT&T, Comcast, CenturyLink and other ISP lawyers and lobbyists with a vested interest in turf protection: "These are fundamentally local decisions that should be made by the communities themselves, through the processes that their duly elected and accountable local officials ordinarily use for making comparable decisions. They should also be able to use their own resources as they deem appropriate to foster economic development, educational opportunity, public safety, and much more, without having to comply with the restrictive bottlenecks that SB 186 would impose." ISPs seriously worried about towns and cities getting into the broadband business could have pre-empted these efforts by offering better service at better prices. But given the pay-to-play nature of most state legislatures, it's much easier to just throw money at politicians, who'll happily throw the public interest -- and their state's economic welfare -- in the toilet to fund their next election campaign. Permalink | Comments | Email This Story

Read More...