posted 27 days ago on techdirt
If you've been following the Ross Ulbricht trial, this won't come as much of a surprise, but Ulbricht has been found guilty of all the charges related to creating, running and using the Silk Road dark marketplace: Distribution/Aiding and Abetting the Distribution of Narcotics Distribution/Aiding and Abetting the Distribution of Narcotics by Means of the Internet Conspiracy to Distribute Narcotics Continuing Criminal Enterprise Conspiracy to Commit or Aid and Abet Computer Hacking Conspiracy to Traffic in Fraudulent Identity Documents Conspiracy to Commit Money Laundering Sentencing will be May 15th, but it seems likely that he'll be locked up for a fairly long time. There is likely to be some sort of appeal, and some have made a valid argument that the court very much limited Ulbricht's possible defenses. Also, as with the Kevin Bollaert revenge porn conviction earlier this week, there are concerns to be raised about how this kind of ruling could be used to pin liability on other websites for activities done by users of those websites. It seems likely that some of Ulbricht's direct activities violated the law, but it still appears that some of the charges conflate his own actions with users of his site -- and so it's a concern about what kind of precedent that sets for other cases involving less controversial websites and services. Either way, this kind of result was almost a foregone conclusion. In a criminal case, the defense almost always wins if it gets to trial. Also, even for the more nuanced legal arguments -- or Ulbricht's attorney's chosen path of trying to toss out a bunch of alternate scenarios to sow "reasonable doubt" in the jury -- the simple nature of the fact that many people used Silk Road to buy and sell illegal drugs was always going to cloud the overall case against Ulbricht.Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
In September 2013, in response to a question from Senator Chuck Grassley, the NSA revealed the 12 known cases it had on record over the past decade or so of intentional abuses of the NSA surveillance data, by individuals spying on people they clearly shouldn't have been spying on. Many of these examples were classified as "LOVEINT" (a play on the traditional SIGINT -- for signals intelligence) for people who looked up the private information of those in whom they had a romantic interest. Of course, as we've noted, many of these cases were only discovered after the people self-reported the violation -- and some of that happened years later, suggesting many such abuses go undiscovered. The released report included examples like the following: In 2011, before an upcoming reinvestigation polygraph, the subject reported that in 2004, "out of curiosity," he performed a SIGINT query of his home telephone number and the telephone number of his girlfriend, a foreign national. The SIGINT system prevented the query on the home number because it was made on a US person. The subject viewed the metadata returned by the query on his girlfriend's telephone. And: In 2005, during a pre-retirement reinvestigation polygraph and interview, the subject reported that, in 2003, he tasked SIGINT collection of the telephone number of his foreign-national girlfriend without an authorized purpose for approximately one month to determine whether she was "involved with any [local] government officials or other activities that might get [him] in trouble." And: In 2004, upon her return from a foreign site, the subject reported to NSA Security that, in 2004, she tasked a foreign telephone number she had discovered in her husband's cellular telephone because she suspected that her husband had been unfaithful. The tasking resulted in voice collection of her husband. And: In 2003, the appropriate OIG was notified that an employee had possibly violated USSID 18. A female foreign national employed by the U.S. government, with whom the subject was having sexual relations, told another government employee that she suspected that the subject was listening to her telephone calls. The other employee reported the incident. The investigation determined that, from approximately 1998 to 2003, the employee tasked nine telephone numbers of female foreign nationals, without a valid foreign intelligence purpose, and listened to collected phone conversations while assigned to foreign locations. The subject conducted call chaining on one of the numbers and tasked the resultant numbers. He also incidentally collected the communications of a U.S. person on two occasions. There are more like that as well. Grassley then asked the DOJ, and specifically Attorney General Eric Holder, if the DOJ took any action against these individuals who clearly broke the law in their surveillance activities. The DOJ ignored the request entirely. In January of 2014 (more than a year ago), Grassley asked Holder again during a hearing when he would receive the answer to his question, and Holder again promised he would "do that soon" and that he would provide a "fulsome response to indicate how those cases were dealt with by the Justice Department." Well, more than a year has gone by and guess whether or not Holder fulfilled that promise? If you guessed no, you'd be right. Grassley has now sent a new letter asking just when he can actually expect an answer, and suggesting it ought to happen soon. Recently, however, the NSA released heavily redacted quarterly and annual reports by the NSA to the President's Intelligence Oversight Board ("IOB") that also provide information about these instances of intentional and willful misconduct, as well as other violations by NSA employees, from 2001 to 2013. In its December 23, 2014 press release, NSA asserted that "in the very few cases that involved the intentional misuse of a signals intelligence system, a thorough investigation is completed, the results are reported to the IOB and the Department of Justice as required, and appropriate disciplinary or administrative action is taken." The NSA even referenced its public letter to me that discussed the twelve instances of intentional abuse by NSA employees that led me to write to you back in October 2013. Respectfully. given the date of my original request, your prior commitment to respond "soon," and the recent release of information by the NSA that expressly relies upon the Department of Justice's further review of these matters, I believe it is appropriate that you respond to my original request without delay. Anyone want to guess how the DOJ is likely to respond?Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
As Attorney General Eric Holder is about to leave office, Senator Ron Wyden has sent him a letter more or less asking if he was planning to actually respond to the various requests that Wyden had sent to Holder in the past, which Holder has conveniently ignored. Wyden notes, accurately, that the government's continued secrecy on a variety of issues "has led to an erosion of public confidence that has made it more difficult for intelligence and law enforcement agencies to do their jobs." First up, an explanation of what legal authority the government was using for extrajudicial executions via drones and the like in areas not declared as war zones. Holder ignored that. Wyden would like an answer. As you may recall, the administration has dragged its feet on this issue for a while, and when a court told the DOJ to release the memo, it released a document that just pointed to another secret memo. First, one area of particular importance is the President's authority to use military force outside of declared war zones, and particularly his authority to take lethal action against specific American citizens. In November 2013, Senators Mark Udall and Martin Heinrich and I wrote you a letter asking a number of questions about the limits and boundaries of this authority, and we have not yet received a response to this letter. I ask that you help ensure that we receive a substantive response to the questions in that letter. The second issue is a bit more opaque, because apparently it deals with a secret interpretation of the law that was done by the White House's Office of Legal Counsel in 2003, involving a legal interpretation of commercial service agreements. What, exactly, it covers is not clear and that's part of the problem -- though it seems likely to involve questions of privacy protections and government access to information. Wyden has made it clear that he believes the OLC opinion is directly in contradiction with the text of the law that it is discussing, but it is still in place. This is a key issue in the current fight over "cybersecurity" legislation, because a big part of the legislative proposals is about giving companies liability immunity for sharing info with the government -- but it's not currently clear what the government thinks companies can currently share, thanks to secret interpretations of the law that Wyden says run contrary to a plain reading of the law (and, in the past, when he's said this about other laws, he's later been proven correct). Without going into any details, Wyden and then CIA General Counsel nominee Caroline Krass discussed this issue at her confirmation hearing over a year ago. She admits that the ruling is out of date and that she would not rely on it. Wyden asks about the process for having the opinion withdrawn to prevent other government lawyers from relying on it in the future, but doesn't get much of a response. He noted, in that hearing, that Holder appeared to be ignoring his requests to do something about this secret OLC opinion, and apparently that has continued to this day: Second, I have written to you on multiple occasions about a particular legal opinion from the Justice Department's Office of Legal Counsel (OLC) interpreting common commercial service agreements. As I have said, I believe that this opinion is inconsistent with the public's understanding of the law, and should be withdrawn. I also believe that this opinion should be declassified and released to the public, so that anyone who is a party to one of these agreements can consider whether their agreement should be revised or modified. In her December 2013 confirmation hearing to be the General Counsel of the CIA, the deputy head of the OLC stated that she would not rely on this opinion today. While I appreciate her restraint, I believe the wisest course of action would be for you to withdraw and declassify this opinion, so that other government officials are not tempted to rely on it in the future. I urge you to take these actions as soon as practicable, since I believe it will be difficult for Congress to have a fully informed debate on cybersecurity legislation if it does not understand how these agreements have been interpreted by the Executive Branch. The third item is even more vague than the second -- as he only notes that it raises questions about "the lawfulness of particular conduct that involved an Executive Branch agency." Take a guess what that might be about, because there's a wide range of possibilities. Either way, rather than respond to the question, the DOJ just told Senator Wyden that it had no obligation to respond to him -- basically, the DOJ version of giving Wyden an Executive Branch middle finger: Third, I have asked repeatedly over the past several years for the Department of Justice's opinion on the lawfulness of particular conduct that involved an Executive Branch agency. I finally received a response to these inquiries in June 2014; however the response simply stated that the Department of Justice was not statutorily obligated to respond to my question. I suppose there may not be a particular law that requires the Department to answer this question, but this response is nonetheless clearly troubling. My question was not hypothetical, and I did not ask to see any pre-decisional legal advice -- I simply asked whether the Justice Department believed that the specific actions taken in this case were legal. It would be reasonable for the Department to say "Yes, this conduct was lawful" and explain why, or to say "No, this appears to have been unlawful" and take appropriate follow-up action. Refusing to answer at all is highly problematic and clearly undermines effective oversight of government agencies, especially since the actions in question were carried out in secret. For these reasons, I renew my request for an answer to this question, and I hope that you can help provide one. And, finally, Wyden questions the bizarre claims, as recently discussed, that the DOJ has said in court that it has not even bothered to open the package from the Senate Intelligence Committee that included the full, unredacted CIA torture report (despite having told reporters in the past that the DOJ had read the whole thing). Wyden is quite reasonably perplexed as to why the DOJ would not actually read the report, especially as it details how the CIA misled the DOJ itself during the DOJ's investigation into the CIA's practices. Finally, as you are aware, the Senate Select Committee on Intelligence recently released the declassified executive summary of the committee's bipartisan report on the use of torture by the CIA, and provided copies of the full classified report to several Executive Branch agencies, including the Department of Justice. During your tenure you have been a strong voice against the use of torture, and you have taken some important actions to ensure that it is not used again. This is why it was very surprising to learn that no one in the Justice Department has read the full classified version of the torture report, and that in fact the report has been locked away in a safe instead of being provided to appropriate officials. This report provides substantial detail about how the Department of Justice came to reach flawed legal conclusions based on inaccurate information provided by CIA officials. It will be much more difficult to prevent these mistakes from being repeated if no one at the Justice Department understands how they happened in the first place. I strongly encourage you to disseminate this report to appropriate Justice Department personnel before you leave office, as there seems to be no valid reason why this cannot be done immediately. Somehow, I doubt that Holder is likely to do much of anything in response to this letter. He's spent so many years ignoring these requests, why change now?Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
Almost exactly a year ago, the NSA announced the hiring of Rebecca Richards to be its Civil Liberties and Privacy Officer, leading many to exclaim, wait, the NSA has that job? Indeed it does. Though we haven't heard much from Richards since that hiring, she did appear on the latest "Cyberlaw Podcast" with Techdirt's number one fanboy, Stewart Baker. During the podcast, Richards admits what many of us have been arguing for years (since even before the Snowden revelations), that the NSA is probably making a mistake in relying on "cute" interpretations of the law to claim that it has legal justifications for its actions: "If the law on it's face does not–if you have to go through too many contorted legal [inaudible], I mean what is legal? That's where we need to, not have perhaps cute legal interpretations." This was in response to a question from Baker, in which he claims that it was "devastating" for the NSA to get criticized when it believed everything it was doing was legal. Baker suggests that the NSA is shocked that "staying on the right side of the law didn't actually protect the agency from disaster." Except that's the problem, isn't it? These "cute" and (more importantly) "secret" interpretations of the law aren't about actually staying legal. It's about giving the appearance of being legal and letting the NSA's leadership pretend that what they're doing is okay because someone crafted a twisted legal argument -- not because it's actually the right thing to do. In fact, as we noted the week after the Snowden revelations, the really disturbing thing wasn't even in the actions themselves, but the very idea that what the NSA was doing might actually have been legal. When you're twisting the law in such a way, that you can't even admit to the public how you're twisting the law, then how could it possibly be a surprise when people get upset to learn how you've been twisting the law? The really amazing thing is how tone-deaf Baker, Michael Hayden, Keith Alexander and others are to this argument. They insist up and down that revealing these "secret interpretations" of the law would somehow harm US intelligence practices, yet they can't fathom why the public might possibly be upset that their secret interpretations of the law appear to counter the plain wording of the law. This should be rather simple: if the public knows what the law says and what it means, then the public won't get surprised when it finds out that the NSA acted within the law. The only problem comes when we find out that the NSA has stretched the interpretation of the law to be completely contrary to the plain language of the law. Don't want the public to get upset? Don't twist the law -- or at least be transparent about your twisted belief in what the law says. The law should never be secret. The interpretation of the law should never be secret. Sure, the NSA can keep certain sources and methods secret -- but that is entirely separate from the question of legal authority. And yet, Baker still insists that merely revealing the twisted interpretation of the law would somehow reveal sources and methods: "Isn't the problem there, you say I'm not going to have cute or aggressive legal interpretations, but if you want to explain to people what your new interpretation is you kinda have to put it in a context of facts, and context of facts gives a lot away about how your program actually works." First of all, it's difficult to see how that would be true -- unless, again, that interpretation of the law is questionable and not in line with what the law actually says. What Baker is saying here is a defense of secret law, arguing that the government should be able to make up its own interpretation of the law and then keep it secret. That is the antithesis of democracy. Yet that's what he advocates for. And, ridiculously, Richards immediately agrees: "I don't disagree. I think this is a work in progress." As Conor Friedersdorf notes in posting his take on this story, the answer Richards should have given was: Transparency about what the law actually says is a non-negotiable part of having a government by and for the people. Without at least that much transparency, representative democracy cannot function properly. But, apparently, even the "civil liberties" person at the NSA doesn't seem to recognize that fact.Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
FCC boss Tom Wheeler today confirmed weeks of media leaks by proclaiming he will, in fact, be pushing for Title II based net neutrality rules to be voted on at the agency's meeting on February 26. In an editorial over at Wired, the FCC boss proclaims that the agency's new rules will be the "strongest open internet protections ever proposed by the FCC." Given the FCC's history, this isn't saying much; in fact it's kind of like saying you're the best triathlete in a late-stage cancer hospice ward. Fortunately Wheeler also notes that, unlike the FCC's previous rules, these new rules will apply to wired and wireless networks alike. You'll recall that, originally, Wheeler had been tinkering with the idea of "hybrid" net neutrality rules that left consumer broadband lines classified as is, but reclassified connections between ISPs and edge providers like Netflix under Title II. Most net neutrality advocates weren't impressed by the idea, noting that relying on the "commercial reasonableness" portion of the Telecom Act would only serve incumbent ISPs. Wheeler, prompted in part by the President's sudden surprise November support for Title II, appears to have realized this:"Originally, I believed that the FCC could assure internet openness through a determination of “commercial reasonableness” under Section 706 of the Telecommunications Act of 1996. While a recent court decision seemed to draw a roadmap for using this approach, I became concerned that this relatively new concept might, down the road, be interpreted to mean what is reasonable for commercial interests, not consumers."Wheeler proceeds to once again shoot down the broadband industry narrative that Title II is an industry investment killer, while insisting he has no intention to use Title II to impose broader price controls or force a return to local loop unbundling (aka open access):"All of this can be accomplished while encouraging investment in broadband networks. To preserve incentives for broadband operators to invest in their networks, my proposal will modernize Title II, tailoring it for the 21st century, in order to provide returns necessary to construct competitive networks. For example, there will be no rate regulation, no tariffs, no last-mile unbundling. Over the last 21 years, the wireless industry has invested almost $300 billion under similar rules, proving that modernized Title II regulation can encourage investment and competition."While Twitter neutrality supporters quickly had a collective nerdgasm, it's worth reiterating that hard details are scarce, and this is just the beginning of another, very long chapter in the decade-old neutrality conversation. An FCC fact sheet offered up to the media this afternoon notes that the new rules will ban "paid prioritization," unfair throttling and blocking, while giving ISPs broad leeway to engage in "reasonable network management." As previous leaks suggested the rules will also create a new grievance process to handle interconnection-related complaints and "take appropriate action if necessary," but what this precisely entails remains unclear. Unmentioned by the FCC or Wheeler is the other major front on the net neutrality debate: usage caps or the "creative" ways carriers are using caps to violate neutrality (see: AT&T sponsored data or T-Mobile's Music Freedom). As always, the devil is going to be in the details, and the tougher wing of the consumer advocate community is going to be annoyed that the agency plans to steer clear of using Title II to apply downward pricing pressure or to crack open last mile networks to open access competition. Others will have questions regarding just how large of a loophole the MPAA has managed to carve out for itself in regards to the rules only applying to "lawful content." None of this is to rain too hard on neutrality supporters parade. The fact that a former cable and wireless industry lobbyist has shrugged off industry input to head down the most contentious (but ultimately best available) path for consumers is nothing short of miraculous, and is, in large part, thanks to unprecedented grass roots activism. But there's a long road ahead of semantics, partisan hyperbole and legal wrangling that can undo all of these good intentions in the blink of an eye. If Wheeler's final rules contain too many loopholes, get beaten back by ISP lawsuit, or get gutted after an administration shift, net neutrality supporters can very quickly find themselves right back where they started if a full court press isn't maintained.Permalink | Comments | Email This Story

Read More...
posted 28 days ago on techdirt
As you probably have heard by now, in the wake of the Charlie Hebdo attacks in Paris, Mark Zuckerberg came out with a seemingly wonderful statement on the value of free and open speech, clearly in the context of his social media empire. The language was wonderfully clear on the matter, in fact. Yet as I reflect on yesterday's attack and my own experience with extremism, this is what we all need to reject -- a group of extremists trying to silence the voices and opinions of everyone else around the world. I won't let that happen on Facebook. I'm committed to building a service where you can speak freely without fear of violence. Almost before the boss of Facebook's fingers had lifted away from the keyboard, the social media giant spun around on its digital heel and mooned all those that had been cheering on Zuckerberg's words. Only two weeks after Facebook CEO Mark Zuckerberg released a strongly worded #JeSuisCharlie statement on the importance of free speech, Facebook has agreed to censor images of the prophet Muhammad in Turkey — including the very type of image that precipitated the Charlie Hebdo attack. It’s an illustration, perhaps, of how extremely complicated and nuanced issues of online speech really are. It’s also conclusive proof of what many tech critics said of Zuckerberg’s free-speech declaration at the time: Sweeping promises are all well and good, but Facebook’s record doesn’t entirely back it up. But the real issue isn't really that an international company that happens to be led by an American has divorced itself from a moral stand. That kind of thing happens all the time and can be chalked up to the simple fact that, in capitalism, money is king and values are the jester entertaining the masses. And, just to be clear, I'm not arguing that there is even anything wrong with the above. The problem is the promise and what it is designed to do. That promise was meant to accomplish two things. The first is the obvious public relations benefit Facebook received from going all Western values in public. The audience that would read Zuckerberg's proclamation was always going to be largely in favor of the values expressed. That same audience likely largely won't ever make themselves aware of Facebook's kneeling before the censorious Turkish government. And that's not a bug, it's a feature. What the divisions in values allow statements like Zuckerberg's and the subsequent actions Facebook took in Turkey to do is make everyone feel like they've won something, while the status quo is maintained. Westerners cheer on as the gauntlet is thrown down for free speech in the arenas which will appreciate such a stand, while a Turkish government and the religious zealots that appear to live solely to show their subjects that Western values are as fleeting as a wisp of smoke claim victory as well. Everyone is in exactly the same place as they were before, except perhaps slightly more emboldened, but feels like they're progressing their agenda. And that's about as dangerous as it gets in the arena of an exchange of ideas and ideals. The cure for the plague of censorious government and/or organizations, be they religious or otherwise, is for the clash of culture to happen. That will never happen so long as companies like Facebook bend to the will of the enemies of speech while also successfully placating the pro-speech populous with PR statements. That promise is what lets us pat ourselves on the back, thinking we have an ally, when that ally is really a con-man playing both sides against the middle for the most cynical of reasons: money. Please don't let them get away with it, even if only in your own mind. Permalink | Comments | Email This Story

Read More...
posted 28 days ago on techdirt
This is hardly surprising, but even as the head of the US Copyright Office, Maria Pallante, has called for the US to roll back the Sonny Bono Copyright Term Extension Act, so that copyright would last the life of an author plus an additional 50 years -- rather than the 70 years it is today -- the USTR is working to make sure that can't happen. The latest report from the latest round of negotiations for the Trans Pacific Partnership (TPP) agreement says that the US has effectively bullied all the other participants into agreeing that the floor for copyright terms must be life + 70. Officials settled on the arrangement after agreeing with the US's position on the length of term for copyrights. US representatives want copyrights to last 70 years from the release date of films and music and the deaths of authors of books. As we've noted repeatedly, this is an old trick for copyright maximalists. Go into secret, backroom international trade agreement negotiations, and get them to agree to something like this -- and then when the issue comes up for reform in Congress, scream loudly how we can't possibly reduce the term of copyrights, because it would "violate our international obligations" and create havoc. We've been reporting on this kind of trick for about a decade and it's been going on for much longer than that. The plan is really nefarious. You get very friendly USTR officials (whose next job will likely be working for the industry to push things through in this secret negotiation, for which there is no public debate or ability to let the public have real input on. Then, when an issue actually comes up for debate in Congress, insist that it's impossible to change due to the "international obligations" that these same industries were responsible for slipping into the agreement in the first place. It's really a disgusting practice -- and despite being called out on it over and over again, the USTR seems to be more than willing to simply do it again. This is yet another reason why Congress should not give the USTR "fast track" authority, as it will back them into a corner, and block their ability to reform copyright law as they would like and the way that even the Copyright Office itself has said copyright law should be reformed.Permalink | Comments | Email This Story

Read More...
posted 28 days ago on techdirt
We've of course been covering for some time Keurig's attempt to lock down the coffee pod market via the "java DRM" it embedded in its latest Keurig 2.0 coffee maker. The technology effectively tries to stop consumers from being able to use competitors' replacement pods (or the reusable pods), something the company's CEO originally (and quite feebly) tried to insist was necessary for the performance of the product and safety of the consumer. Not surprisingly, the effort resulted in a lot of mockery and a number of lawsuits, and it didn't take long for consumers to figure out ridiculously simple ways to beat the technology. In an entirely new level of entertainment, Keurig competitors have now taken things one step further, and are giving away free Keurig 2.0 hacks that allow consumers to use whatever pods they like. Rogers Family Company Coffee and Tea's new plastic "Freedom Clip" simply attaches to the inside of the maker and fools the embedded scanner into believing all inserted coffee pods have been sanctioned by the great Keurig coffee authorities on high:Granted you can do the same thing with a piece of tape, but it's a more permanent and convenient solution for those who still insist on using a Keurig (instead of a traditional espresso machine like a civilized person). Rogers is, of course, milking Keurig's ham-fisted attempt at market dominance for all it's worth over at the company website:"It does this by visually identifying a special ink on the lidding. Any cup without this “special” ink is rejected by the machine thus ensuring Keurig’s marketplace dominance. While other companies are quickly working to adopt this special ink to their cups we at Rogers Family Company believe that your right to choose any option is imperative...This clip is our gift to you. Now go forth and brew with freedom."So really, all Keurig managed to accomplish with its ham-fisted java-bean DRM is make itself look incompetent and greedy, while at the same time giving competitors a massive new marketing opportunity by offering choice and freedom back to Keurig customers. Surely these lessons will be reflected in Keurig 3.0, right?Permalink | Comments | Email This Story

Read More...
posted 28 days ago on techdirt
Given Germany's high-profile attachment to privacy, it's always interesting to hear about ways in which its spies have been ignoring that tradition. Here, for example, is a story in the German newspaper Die Zeit about the country's foreign intelligence agency BND gathering metadata from millions of phone records every day: Zeit Online has learned from secret BND documents that five agency locations are involved in gathering huge amounts of metadata. Metadata vacuumed up across the world -- 220 million pieces of it every single day -- flows into BND branch offices in the German towns of Schöningen, Reinhausen, Bad Aibling and Gablingen. There, they are stored for between a week and six months and sorted according to still-unknown criteria. Exactly where the BND obtains the data remains unclear. The Bundestag [German parliament] committee investigating the NSA spying scandal has uncovered that the German intelligence agency intercepts communications traveling via both satellites and Internet cables. The 220 million metadata are only one part of what is amassed from these eavesdropping activities. It is certain that the metadata only come from "foreign dialed traffic," in other words, from telephone conversations and text messages that are held and sent via mobile telephony and satellites. As in the US and UK, the German spies attempt to pull the "it's only metadata, so it's not surveillance" trick: Many people don't realize how much information can be derived from metadata -- and the BND is working hard to keep it that way. For example, during hearings before the Bundestag committee investigating the NSA affair, intelligence officials have consistently spoken about "routine traffic" whenever they have actually meant metadata. Given that the German word for "traffic" is the same as that for "intercourse," this has sounded more like bad sex and has aimed to obscure the fact that hidden behind it was comprehensive, groundless and massive surveillance. What's more, the officials have argued that they are permitted to vacuum up this kind of routine traffic all over the world without any restrictions and to use it as they see fit. However, Peter Schaar doesn't share this view at all. Instead, the German government's former commissioner for data protection and freedom of information believes that metadata should also be protected by the basic right of privacy of correspondence, posts and telecommunications guaranteed by Article 10 of Germany’s Basic Law. This long and interesting report is important for the insight it gives us about what the BND is up to -- despite Germany's stringent laws -- as well as the news that the German intelligence service passes 500 million pieces of metadata to the NSA every month. General Michael Hayden, former director of the NSA and the CIA, famously said: "We kill people based on metadata." That means privacy-loving Germany could be implicated in some of those deaths. And there's another aspect to the story worth noting. Nowhere does Die Zeit say that this information comes from Edward Snowden. Once again, it looks as if his example is inspiring others to shine a little light on the murky world of surveillance. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 28 days ago on techdirt
An estimated 285 million people (worldwide) have some blindness or visual impairment. About 43% of those visually impaired around the world are people who need glasses but don't have them. However, there are obviously blind people who have more severe vision problems that are more technologically difficult to fix. Some kids with blindness are learning how to echolocate nowadays, but that's a skill that gets harder to learn as a person ages. Here are just a few other ways that might restore vision to people someday. A chemical injection into mouse eyes has been shown to make "blind" cells in the retina sensitive to light again. The effects of acrylamide-azobenzene-quaternary ammonium (AAQ) eventually wears, but it is far less invasive than retinal implants or other procedures. [url] Retinal prostheses are being developed, too. However, implants require an invasive surgical procedure, and so far the resolution isn't quite comparable to a Geordi La Forge visor. [url] Eye injuries are a serious problem for the military, so doctors are coming up with plausible ways to perform entire eye transplants. The University of California, San Diego School of Medicine has some funding to work on eye transplants and how to regrow cells to mend severed optic nerves. [url] If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.Permalink | Comments | Email This Story

Read More...
posted 28 days ago on techdirt
So, last week, the FTC came down on revenge porn's Craig Brittain, and this week another big revenge porn/extortionist Kevin Bollaert was found guilty by a jury for his revenge porn site, YouGotPosted.com. As we wrote when he got arrested, the claims against him that made sense were the extortion claims, and he was found guilty on six extortion counts, along with 20 counts for identity fraud. No verdict was reached on charges of conspiracy. As with Brittain's "David Blade III" and his "TakedownLawyer/Takedownhammer" website, Bollaert's YouGotPosted directed people to a website called ChangeMyReputation, where they could pay $300 to $350 to get their photos taken down off the site. That's where the extortion charges come in. It's good to see these guys go down for what they did, but some of the specifics do matter. It's unclear from the posted reports so far what the specific charges he was found guilty for cover, and whether or not some of them were the ones we pointed out initially that could be seen as problematic. It's also quite possible that Bollaert will appeal -- at which point the specifics will become a lot more important. It does seem likely that some of what he did was very much criminal extortion, as the jury found, but one hopes that the nature of what he was doing and the type of site didn't cloud the issue, such that he was also blamed for protected activity or activity by users in addition to his own activities. It's easy to want to see someone like Bollaert be taken down on criminal charges -- but we should worry about precedents that may later apply to other site operators who aren't running revenge porn sites.Permalink | Comments | Email This Story

Read More...
posted 28 days ago on techdirt
The Privacy and Civil Liberties Oversight Board -- reconvened in a hurry after Snowden began leaking -- has just released a followup report on its recommendations for NSA surveillance program fixes. What it found was that some progress had been made, but most of its major recommendations (like shutting down the Section 215 program) were barely underway. In some cases, its recommendations had been ignored completely -- like its call for some measure of the Section 215 and Section 702 program's effectiveness in fighting terrorism. To date, no data has been provided by the NSA that would justify these bulk surveillance programs. The Office of the Director of National Intelligence has just released a list of surveillance program tweaks for the NSA (and the agencies that dip into the haystacks: the FBI and CIA). Changes are being made, although many of them are minimal and others are hidden behind a wall of secrecy. The administration -- which ordered the convening of the PCLOB and backed up its findings -- has said very little about the NSA's programs over the intervening months. The New York Times, covering the rule tweaks, was only able to obtain statements from unnamed government officials. The exposure of surveillance on foreign leaders in allied countries (primarily Germany's Angela Merkel) generated a lot of heat, ultimately resulting in a rare promise from President Obama himself that this would be discontinued. Presumably, other world leaders have been dropped from the surveillance list, but it's anyone's guess which ones are no longer being eyeballed by the NSA. Mr. Obama has never said whom, beyond Ms. Merkel, he took off the list of foreign leaders whose conversations are monitored, but it appeared that programs in Mexico and Brazil continued, while several dozen leaders have been removed. “There’s now a process in place that the National Security Council runs,” said one senior official. But the results of that process — especially the names of leaders whom the White House plans to keep monitoring — will remain secret. The administration has announced some smaller tweaks as well, including some targeting one of its most abused pieces of paper: the National Security Letter. When a warrant or information request is rejected, agencies (mainly the FBI) deploy these instead. NSLs will still be abused, but the public may have a chance to finally see the abuse for themselves. In the new rules, “the F.B.I. will now presumptively terminate National Security Letter nondisclosure orders at the earlier of three years” after the opening of an investigation, the administration will announce, or at the close of the investigations. But an exception can be made if a midlevel F.B.I. official offers a written justification for continued secrecy. The exception can be expected to swallow the rule. Rarely, if ever, does any judge challenge the government's national security claims -- which will likely be the "written justification" used most to push NSL gag orders in the direction of "forever." There is a small chance legislators will allow the Section 215 program to die. The expiration date for the bulk metadata program is June 1st. The companies affected by these orders have demanded they be "compelled" to turn over the data, which would take an act of Congress. If Congress isn't up for it, the expiration date could pass and finally end the controversial (and useless) program. But given recent terrorist attacks and highly-visible ISIS activity, the legislative pendulum is likely swinging back towards more surveillance and fewer surveillance reforms. The changes that are being implemented don't solely affect the NSA. As noted above, the FBI and CIA also have access to the NSA's collections under these programs (phone metadata, email content). It's no secret the FBI has used NSA data in the past (along with other related agencies), disguising its origin through parallel construction. The programs' guidelines allow the NSA to pass on information related to criminal activity or possible criminal activity. This may no longer be the case. The wording is vague but as Marcy Wheeler (of the essential surveillance-focused blog Emptywheel) reads it, it seems to suggest the FBI will no longer have this option. If FBI is adopting "new" policy of only using 702 info against people in NatSec cases that means existing policy was? The old policy can be somewhat gleaned from FISA court opinions obtained via FOIA lawsuits. FISA judge Roger Vinson noted this in his 2007 decision granting the NSA permission to continue with its email collection program (Section 702): Information that is not foreign intelligence information, but reasonably appears to be evidence of a crime that has been, is being, or is about to be committed, may be disseminated (including United States person identities) to the FBI and other appropriate federal law enforcement authorities, in accordance with 50 U.S.C. 1806(b), Executive Order No. 12333… This would indicate the FBI has used these programs in its investigative work over the past seven years, if not longer. The parallel construction hid the information's origin from both the courts and defendants. There was simply no way the government was going to expose its domestic surveillance programs in court, at least not until Snowden's leaks made its secrecy moot. Now, after multiple years of the FBI allowing the NSA to do its dirty work in the name of "national security" (something the FBI would never be allowed to do under the auspices of law enforcement), the system is finally being reset to where most Americans always assumed it had been: NSA for national security and FBI for law enforcement, rather than the perversely symbiotic relationship the agencies talked legislators and the FISA court into supporting. Not that this means the FBI won't have access to the data (it is in the national security business as well), but it should curtail its tendency to use the easiest available method, regardless of legality. Permalink | Comments | Email This Story

Read More...
posted 28 days ago on techdirt
The FBI's decision to impersonate repair technicians in order to perform a warrantless search is backfiring. Last July, FBI agents investigating an illegal gambling operation worked with Caesars Palace Casino to cut the internet connection to three villas it believed were the operation's ad hoc headquarters. It then sent agents disguised as repairmen to "fix" the problem. Once inside, these agents took photos, recorded video and otherwise observed what they believed to be an illegal bookmaking operation. Shortly after this warrantless search, the FBI decided it was time to get a search warrant. In its warrant request, it conveniently left out the part where it cut the DSL connection and sent in agents dressed as repairmen. Because of this "fatally flawed" application, a Nevada magistrate judge is recommending the federal district court toss the warrant and suppress the evidence. [Decision pdf link] Magistrate Judge Peggy Leen ruled that the failure to mention that the original case was born from the "ruse" meant the judge who signed a search warrant this summer didn't have all of the facts. Nowhere in the search warrant request, however, did the authorities mention that they allegedly saw illegal wagering on computers after posing as technicians who in reality briefly disconnected the DSL. "The investigators' suspicions that Phua was engaged in illegal sports betting at Caesars Palace may be borne out by the evidence recovered in the execution of the warrant," Magistrate Judge Peggy Leen ruled "However, a search warrant is never validated by what its execution recovers." The material omission of the probable cause's origin (a warrantless search using agents posing as repairmen) should have been enough to get this warrant tossed. The FBI, of course, claimed it omitted this information because it was "law enforcement sensitive." One would think a magistrate judge should have access to sensitive material because it's part of the "law enforcement" field, but the FBI apparently felt otherwise. Beyond that, there were several flaws in the application -- flaws Judge Leen says weren't intentional but "reckless." The FBI skewed the minimal amount of information it had collected from its illegal entry to make it seem as though it had actually acquired much more damning evidence. The affidavit was written in a way to suggest investigators had much more information linking Phua to an illegal sports betting operation or wire room connected with the occupants of villa 8888. The affidavit’s repeated use of the phrase “Phua’s and his associates” or “Phua’s associates” or “at the behest of Phua or one of his associates” suggests that Phua was making requests and engaging in conduct which he was not. And that's only one small part of the affidavit. According to Judge Leen, nearly everything the FBI stated in support of its warrant request completely misrepresented what was actually happening at the Caesar's Palace villas. (Keep the following in mind the next time you visit Las Vegas. In an FBI agent's vivid imagination, your normal, lawful gambling can easily acquire very sinister connotations.) The application failed to disclose to the issuing magistrate judge that Wood and SA Lopez defied the butler’s instruction to remain in the butler’s pantry and entered the villa in violation of the Fourth Amendment. The application also falsely stated that Wood was fearful for his safety and was too afraid to accompany SA Lopez on a subsequent entry into villa 8882. A video of Wood’s interaction with the butler taken on July 4, 2014, and produced by the government in discovery reveals this claim is false. [...] The affidavit falsely stated that an unidentified “associates” of Paul Phua reserved all three villas and that the residents of the villas arrived close in time to each other. In fact, the principal resident of villa 8888, Hui Tang, made his own arrangements with Caesars and arrived several days later than the warrant application claims… [...] The application is grossly misleading in claiming that eight separate internet lines were installed, and by omitting the fact that the only unusual amount of computer equipment was in villa 8888 and was installed at the request of that villa’s occupants. Caesars installed a single line in each of the six villas in the building, including three villas whose occupants were unrelated to this case. [...] The agents were working with Caesars’ DSL contractor, Wood TMS, and knew by July 4, 2014, that Caesars had decided to install DSL internet service in each villa as an alternative means of internet access because of pervasive problems with the internet service provided by Cox Communications. The installation of a single DSL line in 8882 did not signify any unusually large amount of internet traffic, and there was no evidence that the residents of 8882 made any unusual requests for equipment or technical support. [...] The affidavit described deposits to Caesars and transactions between Phua and his associates through Caesars which grossly distorted the nature of those transactions…[T]here is nothing suspicious about gamblers transferring money to their casino accounts. “Front money” deposits are common, and the casino frequently requires a deposit to extend credit. The application omitted references to these facts and attempted to characterize the deposits as suspicious. [...] The application represents that Phua transferred $3 million to Gyouye Huang. Huang was a guest in villa 8882. Caesars’ record actually indicates “signed marker MKR for $3Mil trans to 4266598 [Huang Caesars player number] Chen Husan per MG/Bing.” The search warrant application omitted reference to the fact that that it is common for gamblers to share credit lines and that specific individuals involved in this investigation had done so in prior years on prior gambling trips. Even assuming the agents were “confused,” confusion is not probable cause, and the credit line was not fairly characterized to the issuing magistrate judge. And then there's the testimony of Special Agent Minh Pham, which contains an interesting statement caught by Marcy Wheeler of Emptywheel. After Pham submitted and obtained the search warrant, he learned the affidavit contained errors. Specifically, it stated that Paul Phua wired $4 million into a Caesars account to secure a credit line. Pham later discovered it was actually Seng Chen “Richard” Yong that requested the wire to secure both their lines of credit. However, at the time Pham submitted the search warrant affidavit, he believed it was correct that Paul Phua had initiated this transfer. The affidavit also stated Paul Phua had transferred approximately $900,000 from a casino in Fort Lauderdale, Florida, to the Caesars account. However, Pham later learned that Paul Phua had been only one of the individuals who signed the consent to have that money wire-transferred into Yong’s account. At the time Pham submitted the affidavit, he believed the statement was true based on documents from Caesars concerning monetary transfers that he had received. Pham referred to the spreadsheet contained in government’s Exhibit 2F as a document he relied upon to support his statement in the affidavit. The font size was very small and difficult to read. He also discovered another error in the affidavit days later. There were transfers for $3 million between individuals in the villas. He looked at the spreadsheet, and it was off by one or two lines,” which caused him to associate the wrong name with the transfer. As Wheeler notes, the FBI seems to have a malleable baseline when it comes to font sizes. What Caesars turned over voluntarily was "very small and difficult to read." But the agents used it without demanding something more legible. Compare that to the high-profile government takedown of encrypted email developer Ladar Levison. You’ll recall that when the FBI went after Lavabit to get its crypto key, Lavar Levison tried to comply by providing a printout of the key. But the government complained it was illegible, and got Levison held in contempt. So, Levison's 4-point printout of his encryption key was too small for the FBI, which complained to the court until it got its way. In this case, a "too small" printout was used without complaint, ultimately resulting in several flawed assertions being made in a warrant affidavit. "Too small" must be another part of the FBI's double standards -- one that makes concessions to third parties more amenable to the agency's aims. A district court judge will make the final decision as to whether this warrant remains tossed. The saddest part about this is that the FBI gave itself an (illegal) head start and still managed to hand in a warrant request loaded with bad detective work and worse conjecture. Permalink | Comments | Email This Story

Read More...
posted 28 days ago on techdirt
Cybersecurity has become a big buzzword in Washington, and there have been plenty of calls for legislation, usually focused on "information sharing" setups that allow companies and the government to compare notes on threats without fear of any legal liability. But the actual issues of cybersecurity are never clearly defined, nor is the need for various legislative changes fully explained. Is the problem really as big as it's made out to be? Or is the whole thing just a bureaucratic turf war? Follow the Techdirt Podcast on Soundcloud, subscribe via iTunes, or grab the RSS feed. You can also keep up with all the latest episodes right here on Techdirt. Permalink | Comments | Email This Story

Read More...
posted 28 days ago on techdirt
Jeremy Hammond -- a member of various Anonymous offshoots -- had the misfortune of being prosecuted in the United States. While his UK accomplices in the Stratfor hack were sentenced to 1-3 years, Hammond received a 10-year sentence (along with three years of supervised release) for his participation. The length of Hammond's sentence was mainly due to the CFAA (Computer Fraud and Abuse Act) being a horribly-written law (and there's a possibility it will get much worse in the future), and the FBI's willingness to toss the hacktivist under the bus for the sins of Anonymous, while glossing over the fact that it was an FBI informant (Hector Monsegur, aka Sabu) who handed out hacking targets to Hammond. Hammond's lengthy prison sentence may also have to do with other bad laws written by legislators who didn't have a full understanding of the issues they were attempting to address. A leaked document obtained by the Daily Dot [pdf link] shows the FBI put Hammond on the government's terrorist watchlist more than a year (Date/Time Entered: 1/19/2011) before he was arrested for the Stratfor hack. A leaked document originating from the New York State Division of Criminal Justice Services (DCJS) reveals that Hammond was considered a "possible terrorist organization member," and indicates that he was placed on the multi-agency Terrorist Screening Database (TSDB), alongside individuals suspected of ties to Al Qaeda, Somalia-based extremists al-Shabaab, and Colombia's leftist FARC guerilla movement. Here's the pertinent information is all of its teletyped glory: The document also includes Hammond's rap sheet, which up to that point, only includes fraud and unauthorized computer access related to the theft of credit card information from a conservative website. What it doesn't include is anything that might justify his addition to the terrorist watchlist -- unless the FBI considers protests to be a terrorist activity. Of course, the government agencies that have the power to place US citizens on terrorist watchlists don't seem interested in providing justification for their decisions. Just having a vague sense of unease seems to be all the "evidence" any agent/official needs to declare a person a threat to this country. Nearly 40% of those currently on the government's terrorist watchlist have "no known affiliation to recognized terrorist groups." The government has long shown it doesn't understand hacking and is no fan of activism -- generally viewing both activities as some sort of threat. So, on the watchlist Hammond went, something that presumably played a part in the prosecution's push for a decade-long sentence for the hacktivist. His actions and motives were often far from pure, but his imprisonment appears to be a result of the FBI throwing an unwitting operative onto the judicial scrapheap before moving onto its next sting operation. Permalink | Comments | Email This Story

Read More...
posted 29 days ago on techdirt
When laws intersect with human sexuality, they usually do so badly. Teens are sexting -- something many people believe is normal, but many, many more people believe is somehow wrong. This sort of behavior has existed since the introduction of the Polaroid camera, but with nearly every teen in possession of both a camera and a transmission device, the trading of sexually explicit photos has increased exponentially. Sure, some sexting leads to bullying or the uninvited sharing of supposedly "private" photos, but for the most part, it seems to be consensual behavior. The Problem That (Mostly) Isn't is usually tackled by criminalizing the behavior. What law enforcement and legislators fail to understand is that criminalizing normal human behavior just creates more criminals, rather than curbing the undesired behavior. One "solution" has been to twist sexual offense laws into incredibly abnormal shapes to fit this "crime." If Teen Boy Doe takes a photo of his own genitalia and sends it to a willing recipient, he's just created and distributed child pornography. Anyone who receives it is now in possession of child pornography. Everyone involved now has a chance to kiss their futures goodbye by taking a trip to the sexual offender registry. Turning a child into his or her own pornographer boggles the mind, and yet, some feel this is a perfectly acceptable response. The other "fix" is legislation. Armed with more good intentions than functioning brain cells (and backed by parents who feel the government is better equipped to raise their children), legislators craft specific laws to criminalize normal human behavior. It's only slightly better than the first option, in that it usually doesn't result in people being accused of producing their own child pornography, directed by and starring themselves. But it still doesn't fix the "problem," and it still results in criminal records for minors who haven't really done anything criminal. If you're Florida -- the United States' mentally unstable, pill-addled uncle -- you fuck it up completely. (via Reason) Here’s the sorry story of the state’s latest legal mishap: In 2011, the legislature passed a “sexting” statute barring minors from sending images of nudity (their own or somebody else’s) to other minors. The first offense would qualify as only a civil infraction; minors who violated the law would merely have to perform court-ordered community service or pay a $60 fine. The second and third offenses, however, would qualify as misdemeanors, while the fourth offense would qualify as a felony. While Florida legislators congratulated each other on their savvy solution -- one that would deter sexting without overcriminalizing it -- they failed to notice a glaring loophole in the newly-minted law. This didn't become apparent until the state tried to enforce it by using it against a student who took a vagina selfie (out of "boredom") and sent it to others. Florida law doesn’t give any court jurisdiction of civil infractions by juveniles—as opposed to criminal infractions—and the sexting statute doesn’t grant any court this kind of jurisdiction. Accordingly, no court in the state currently has legal authority to hear a case involving minors sexting. So, if the first infraction is always a civil matter -- and the courts can't touch a civil case involving a juvenile -- this means no juvenile can ever be prosecuted under Florida's anti-sexting law. It's the law that isn't, which indicates it really shouldn't have been written in the first place. [B]ecause that first offense is a civil infraction—and because no court can hear civil cases involving minors—it is legally impossible for any minor to be charged with that first offense. As a result, there simply cannot be a second, third, or fourth offense. Sexting between teens—even sexting images of a minor’s nude body—is now functionally legal in Florida. No doubt legislators are now rushing back to their DoSomethingmobiles to "fix" a law that shouldn't have been enacted in the first place. And whatever they slap into place with the glue of good intentions and old-fashioned moral panic will likely be worse than this inadvertent legalization of teen sexting.Permalink | Comments | Email This Story

Read More...
posted 29 days ago on techdirt
The NYPD has created yet another special unit to handle the myriad problems that arise from being terrorists' occasional target. The SRG (Strategic Response Group) will be tasked with handling certain situations, most of which did not occur in New York City. “It is designed for dealing with events like our recent protests, or incidents like Mumbai or what just happened in Paris,” the commissioner [Bill Bratton] said. So… it's designed for dealing with protests -- the most recent of which were kicked off by the clearing of a cop who choked an unarmed man to death. The other two incidents have nothing to do with New York other than the fact that the NYPD sent its own officers overseas at the request of nobody. Apparently, the new unit will be armed to the teeth, as behooves riot protest cops. “They’ll be equipped and trained in ways that our normal patrol officers are not,” Bratton said. “They’ll be equipped with all the extra heavy protective gear, with the long rifles and machine guns — unfortunately sometimes necessary in these instances.” Or not, said the department when its new counterprotest unit began taking heat for Bratton's conflation of terrorism and tying up traffic. When asked if New Yorkers should expect to see police officers with “machine guns” at city protests, a spokesman for the NYPD told The Intercept, “No. They’re not carrying them at protests.” In general, however, the spokesman said officers would have access to the weapons “either on them or in their vehicles.” So, they won't carry machine guns while policing protests, but they'll be in easy reach. Bratton stated that responding to protests and terrorist attacks require "overlapping skills," hence the creation of a single unit. There has been no further clarification on what these "skills" might be, other than possibly being able to discern whether it's a protest or terrorist attack they're dealing with and, consequently, whether the machine gun stays in the squad car. This new unit must be something special. Or its already-existing counterpart must be something awful. SRG also will supplement the 1,000-officer NYPD counterterrorism program, which has also been trained in heavy-weapons tactics, a police official said. In addition to the 1,350 counterterrorist cops, there will be more surveillance. The NYPD's push to turn the city into the next London continues, with the promised addition of cameras in every subway car, accessible to both the conductor and "offsite" viewers within the PD. Bratton is also pushing for something less lethal than "long rifles" to be carried by his cops. The commissioner said he will also ask Mayor Bill de Blasio for more funding to buy more Tasers as an alternative to the use of force. Bratton reportedly wants at least 450 cops — five or six at each of the city’s 77 precincts — to carry Tasers on them, not leave them in their cars… Well, I'd say Bratton need to fix the second part first. There's no reason to buy new Tasers if you can't get cops to carry them. Locking them up in the glovebox pretty much ensures that the only force officers can deploy will be of the "deadly" variety. The difference between tasing someone into submission and shooting someone into submission is often the difference between life and death. Of course, NYPD officers are also fond of other such "less-lethal" tactics like chokeholds and unprovoked beatings. Adding a Taser just means some citizen's going to have electricity pumped into his system on top of anything else the officers feel like deploying. Using the word "terrorism" in a sentence is an easy way to route funds to your law enforcement agency. New York -- being both highly populated and an American icon -- is certainly high on the list of terrorist targets. But years of counterterrorist investigations have done very little to reduce the threat. The NYPD has been overselling and under-delivering on the "imminent terrorist threat" front for years. Because it has so little to police at home, it's been sending its officers around the world to actual terrorist attacks -- a tactic that has earned it little more than the irritated scorn of those actually charged with policing much more dangerous parts of the world. Above and beyond all of this, there's Bratton's assertion that the same special unit should be tasked with counterterrorism and handling protests, as if the two were remotely related in any way. The message is clear: civil disobedience is an attack on New York City itself -- and Bratton's boys and girls trained in the art of counterterrorism will be on hand to break up the next one. To dissent is to strike terror into the NYPD -- itself a pleasant thought. But once the SRG hits the streets, it probably won't end well for those would-be terrorists and their evil protests. Permalink | Comments | Email This Story

Read More...
posted 29 days ago on techdirt
The nanny-state arms race marches on, apparently. Whereas the previous intersection of overbearing government and technology has resulted in politicians attempting to ban the use of headphones while walking across the street, governments introducing all manner of silly policies in the name of "protecting the children", and even municipalities attempting to run psy-ops on citizens to keep them from smoking, Taiwan appears to be taking an even more direct approach with plans to fine the parents of children the government has deemed spend too much time with electronics. Under rules passed last Friday by Taiwanese politicians, children under the age of two should be completely banned from using electronic devices, Xinhua, China's official news agency reported. Meanwhile under-18s should not be allowed to "constantly use electronic products for a period of time that is not reasonable". It means electronic products are now listed alongside cigarettes and alcohol as potentially dangerous vices. And you can see their point, assuming you're a crazy person. Because electronics are tools primarily of communication and productivity, even if they're also used for entertainment, and government intrusion on young people's ability to communicate, learn, and be entertained is so far removed from alcohol and tobacco that one wonders how the argument was made with a straight face to begin with. The prospective "too much time" part of this legal equation has yet to be ironed out, but the brainchild for the law is, shall we say, more than slightly aggressive on the topic. The new regulation is the brainchild of Lu Shiow-yen, a Taiwanese member of parliament who said his intention was to protect young people by stopping them using electronic devices for more than 30 minutes at a time. Parents who break the rules can be hit with fines of up to about £1,000 although it remains unclear how authorities will determine what amount of time is unreasonable. There's a million reasons why this is stupid, but I'll boil it down to one specific reason: baseball. Baseball is huge in Taiwan. Baseball is enjoyed primarily on television and streaming electronic devices. And baseball, for all its wonderful aspects, takes roughly as much time as it takes for a mountain to form in the Nebraska prairie. Thirty-minute stretches of time as a limit effectively outlaws youngsters watching baseball. Put in that context, and really any other context, these sorts of artificial limitations on the electronics that dominate our lives (in a good way) are ludicrous. Expect either the backlash here to be huge, or the law to go largely ignored. Either way, this is a political non-starter. Permalink | Comments | Email This Story

Read More...
posted 29 days ago on techdirt
As we've been covering, the cable and broadcast industry's response to the shift toward Internet video appears to be a three-staged affair. Stage one was largely denial, with cable and broadcast executives either mocking (or denying the existence of) cord cutters, while going out of their way to try and ignore any data disproving their beliefs. Stage two is a one-two punch of desperately trying to milk a dying cash cow (like endless price hikes) while pretending to be innovative by offering largely uninteresting walled-garden services like TV Everywhere. I'll get to stage three later, but here in stage two, the industry remains very focused on doubling down on very bad ideas in the hopes an increasingly annoyed customer base won't notice. As we've been noting, the viewership for both cable and broadcast TV is dropping, particularly in segments like kids programming, where parents are finding better value (and fewer ads) via services like Netflix. What's cable's response to this growing threat? Start shoving more and more ads into each viewing hour:"Beset by declines in audience, a majority of U.S. cable networks stuffed more commercials onto their air in the fourth quarter, with Viacom boosting its ad load by 13% across its cable networks; A+E Networks increasing the number of commercials it runs by 10%; and Discovery Communications adding 9% more TV spots, according to research released Wednesday by independent analyst Michael Nathanson. On the broadcast side, Fox raised the number of spots it aired by 15% in the quarter, Nathanson said, while ABC and CBS reduced theirs by 2% and NBC cut its by 6%."Of course, cable and broadcast companies can get away with this because -- despite all the grumbling about cable companies -- the vast majority of consumers continue to pay an arm and a leg for vast bundles of cable content that they barely watch. By the time the numbers start to veer more sharply toward cord-cutting, many of these cable, phone or telco TV operators are going to be well behind the Netflix and Amazon eight ball. That will bring us to phase three, where cable and broadcast companies that refused to adapt will turn to their stranglehold over the broadband last mile, and start extracting their pound of flesh via usage caps.Permalink | Comments | Email This Story

Read More...
posted 29 days ago on techdirt
It has long been evident that TAFTA/TTIP is not a traditional trade agreement -- that is, one that seeks to promote trade by removing discriminatory local tariffs on imported goods and services. That's simply because the tariffs between the US and EU are already very low -- under 3% on average. Removing all those will produce very little change in trading patterns. The original justification for TTIP recognized this, and called for "non-tariff barriers" to be removed as well. Those "non-tariff barriers" include regulations and standards introduced to protect the public -- for example, through health and safety laws or environmental regulations. Removing those "barriers" in order to increase trade might be great for companies, but increases the social costs through weakened protection for the environment, or greater health risks. The outcry caused by this prospect has led both negotiating parties to insist that TTIP will not lower standards. But it's hard to see how those non-tariff barriers can be harmonized without a race to the bottom in terms of regulations, since no one is calling for a race to the top. Even "mutual recognition," which would allow both standards to be used, would inevitably see the lower standard becoming the norm because it would be cheaper to implement, and thus offer competitive advantages. However, a leak back in December 2013 gave a clue about how it might be possible for the US and EU governments to promise that the TAFTA/TTIP agreement would not lower standards, and yet provide a way to dismantle those non-tariff barriers (pdf). This would be achieved after TTIP was ratified, through the creation of a new body called the Regulatory Council, which would play a key role in how future regulations were made. Effectively, it would provide early access to all new regulations proposed by the US and EU, allowing corporations to voice their objections to any measures that they felt would impede transatlantic trade. This regulatory ratchet would push standards downwards and reduce costs for business, but only gradually, and after TTIP had come into force -- at which point, nothing could be done about it. Since then, things have been quiet on the regulatory front, not least because corporate sovereignty in the form of investor-state dispute settlement emerged as the most contentious issue -- in Europe, at least -- which has rather eclipsed earlier concerns about this supranational regulatory body. But now, in a single week, we have had two important leaks in this area, both confirming those initial ideas sketched out in 2013 are still very much how TAFTA/TTIP aims to bring about the desired regulatory harmonization. Corporate Europe Observatory obtained a very recent draft copy of the EU's proposals for the chapter covering regulatory co-operation (pdf), which describes a new transatlantic organization, now called the Regulatory Cooperation Body. Here's Corporate Europe Observatory's summary of how it would work: According to the proposal, as soon as a new regulation is in the pipeline, businesses should be informed through an annual report, and be involved. This is now called "early information on planned acts", until recently called “early warning”. Already at the planning stage, "the regulating Party" has to offer business lobbyists who have a stake in a piece of legislation or regulation, an opportunity to “provide input”. This input "shall be taken into account" when finalising the proposal (article 6). This means businesses, for instance, at an early stage, can try to block rules intended to prevent the food industry from marketing foodstuffs with toxic substances, laws trying to keep energy companies from destroying the climate, or regulations to combat pollution and protect consumers. Along with this new opportunity for lobbyists to try to shape, slow down or even block new regulations, the EU proposes to hand them a powerful weapon -- the impact assessment: New regulations should undergo an "impact assessment", which would be made up of three questions (article 7, reduced from seven in the earlier proposal): - How does the legislative proposal relate to international instruments? - How have the planned or existing rules of the other Party been taken into account? - What impact will the new rule have on trade or investment? Those questions are primarily tilted towards the interests of business, not citizens. Thanks to the “early information” procedure, businesses can make sure their concerns are included in the report, and should it go against their interests, the report will have to cite a detrimental impact on transatlantic trade. As Corporate Europe Observatory points out, the only criteria taken into account are impacts on trade or investment. So, for example, new environmental rules might well do wonders for reducing air pollution, but if they have an adverse effect on US or EU companies' sales or investments, they would be marked as undesirable. This is likely to have a severe chilling effect on bringing in new standards that protect the public but might impose new costs on business. The other leak, obtained by the Greens MEP Michel Reimon, concerns regulatory co-operation in the field of finance (pdf). This is a contentious area: the US is reluctant to harmonize financial regulations through TAFTA/TTIP because Europe's are weaker; for the same reason, the European finance industry is keen to use TAFTA/TTIP as a way of undermining America's more stringent rules. The leak is of note for the following section: The Joint EU/US Financial Regulatory Forum shall agree on detailed guidelines on mutual reliance adapted for each specific area of financial regulation no later than one year from the entry into force of this agreement. That is, the European Commission wants the US to sign up to TTIP without any specification of exactly how the new Financial Regulatory Forum will work, or what powers it will have. This seems a clear effort to sneak in elements later that the US is currently resisting. What these important leaks confirm is that the regulatory co-operation that lies at the heart of TAFTA/TTIP would undermine sovereignty on both sides of the Atlantic. The Regulatory Cooperation Body would provide an important new forum for corporate lobbyists to intervene even earlier in the life of proposed rules and regulations than they do now -- and long before lawmakers have a chance to express their views. The end-result is likely to be an impoverishment not just of public policy-making, but of democracy itself. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+Permalink | Comments | Email This Story

Read More...
posted 29 days ago on techdirt
As artificial intelligence gets more and more advanced, the differences between how computers recognize patterns and how humans do may become harder and harder to discern. However, it's obvious there are differences -- which might matter significantly if we're going to put these image recognition algorithms in control of autonomous cars or military threat detection systems. Check out a few of these image processing algorithms. You can fool some of the people some of the time, but you can fool some AI all of the time. Apparently, it's possible to create self-training software that can fool state-of-the-art image recognition algorithms with images specifically evolved to generate false positive recognition (and that look nothing like the objects that were supposedly represented). It's almost like making a kind of Rorschach test for AI. [url] Several tech companies are developing advanced image recognition systems: Baidu, Google, IBM, Yahoo, Facebook, Twitter, Dropbox, etc. Baidu's Deep Image team has recently claimed to be the top-ranked system, beating out the performance of Google's team in the 2014 ImageNet computer vision competition. [url] When detectives in a show look at a photo and say "enhance" on a small part of an image, there really isn't any magic technology that can reconstruct reflections off a disco ball... or not yet, at least. SparkleVision is an image reconstruction algorithm that can unscramble images from some kinds of distorted reflections. Complex image processing is getting a lot better, but it's not quite as good as Hollywood makes it look. [url] If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.Permalink | Comments | Email This Story

Read More...
posted 29 days ago on techdirt
We've been noting how the trend du jour among news outlets has been to not only kill off your community comments section, but to proudly proclaim you're doing so because you really value conversation. It's of course understandable that many writers and editors don't feel motivated to wade into the often heated comment section to interact with their audience. It's also understandable if a company doesn't want to spend the money to pay someone to moderate comments. But if you do decide to reduce your community's ability to engage, do us all a favor and don't pretend it's because you really adore talking to your audience. The latest war on comments comes courtesy of the folks over at Bloomberg. You may have noticed that the Bloomberg media empire recently went through a bit of a consolidation and redesign under the leadership of former Verge editor-in-chief Josh Topolsky. Buried among the vertigo-inducing fonts and amusing new 404 warning, is, you'll note, a very obvious lack of user comments. This is, to hear Topolsky tell it, because comments don't actually reflect your community:"I've looked at the analytics on the commenting community versus overall audience. You’re really talking about less than one percent of the overall audience that’s engaged in commenting, even if it looks like a very active community,” he says. “In the grand scheme of the audience, it doesn't represent the readership."In other words, because most users can't be bothered to comment, we're going to eliminate a major artery for input for those users who do choose to closely participate with the authors and website. No worry, says Topolsky -- just because Bloomberg no longer gives a damn what you say to its authors regarding individual pieces, that doesn't mean the website isn't listening to its userbase when it comes to quirky color and font schemes:"Nothing about the new Bloomberg is set in stone; Topolsky says the entire process is iterative, and that includes the comments. The digital team will be monitoring reader behavior across desktop and mobile to see how they’re reacting to and interacting with the new site. For example, on launch day, they experimented with header height so see what readers like better. On mobile, where they’re working to “find the right balance between design and imagery and text,” Topolsky plans to experiment with different formats — more text versus more color versus a grid — to figure out what draws readers in."While at least Topolsky seems open to the idea of comments returning, he still misses the point: watching analytics to judge responses to design changes isn't the same as actually allowing a conversation with your audience. If you actually do value your readership, you wouldn't be outsourcing their conversations to the feral and intellectually-stunted Facebook mind pool. As some Techdirt regulars have noticed, local comments encourage local community, and despite all the hand-wringing about trolls out of control, studies have recently shown it only takes treating commenters like real people (and a little moderating) to dramatically raise the discourse bar. This is your audience and your community, not a raging cacophony of encroaching cybernetic hyenas in need of a good napalming. I still think the lowly comment section is getting a bad rap during this latest site redesign phase (led by folks like ReCode and Vox), and it's leading to a continued droll homogenization of not only website design, but of participatory news conversation itself.Permalink | Comments | Email This Story

Read More...
posted 29 days ago on techdirt
Canada looks to be next in line for broadly-written, government-expanding "anti-terror" legislation. This new legislation was prompted by a couple of recent attacks on government employees. The first attack involved a man said to be "inspired by the Islamic State" who ran over two soldiers in a Quebec parking lot before being killed. The second attack struck a bit closer to home, when a gunman shot a soldier at the national war memorial before making his way into Parliament. An attack on the government's turf will always provoke a legislative reaction. One might think some security fixes at Parliament would be in the offing, but Prime Minister Stephen Harper has much bigger plans. Canada will introduce new anti-terror laws that will make it a crime to encourage terrorism against Canadians, Prime Minister Stephen Harper announced Friday in response to two recent attacks. The laws will also allow anyone suspected of being involved in a terror plot to be detained without charge for up to seven days, and empower Canada's spy agency to thwart attacks directly in a significant expansion of their powers. If this sounds eerily close to the laws enacted after the 9/11 attacks, there's a reason for that. For those with government expansion and broader spying powers on the mind, a scary, but ultimately ineffectual, attack on prime government property is an opportunity -- not an isolated incident. Peter Watts (an "an awk­ward hy­brid of bi­ol­o­gist, sci­ence-fic­tion au­thor, and [ac­cord­ing to the US De­part­ment of Home­land Se­cu­rity] con­victed felon/tew­wow­ist") sums up the birthing of this horrendous legislation beautifully at his No More Moods, Ads or Cutesy Fucking Icons blog: We had a shooting up here in Canada the other day. Like most things Canadian it was a modest, self-effacing affair, nothing that even a couple of losers from Columbine would write home about: a single death, a geriatric hero. A Prime Minister cowering in the closet, scribbling back-of-the-napkin notes on how best to exploit this unexpected opportunity. He didn’t have to think very hard. Harper’s always seemed almost pathetically eager to turn Canada into a wannabe iteration of the US— think the dweeby eight-year-old, desperate to emulate his idolized older brother— and the Patriot Act has, I suspect, always been his Beacon on the Hill (or his Castle Anthrax grail-shaped beacon, depending on your cultural referents). So our beloved leader is once again trying to resurrect all those measures he couldn’t quite sneak into C-52, or C-10, or C-30— all those measures that no sane citizen would ever oppose, unless of course we chose to “stand with the child pornographers“. You know the list: lowered evidentiary standards. Increased powers of police surveillance. Increased powers of detention and “preventative arrest”. Increased data sharing with the US. Basically all that stuff they were doing anyway with impunity, only now more of it will be legal. Canada's Security Intelligence Service (CSIS) will receive broadened powers. It will be allowed to directly perform "police work" rather than turning intelligence over to law enforcement agencies. It will also be able to disrupt Canadian citizens' travel plans unannounced. The new law will also allow the Canadian Security Intelligence Service, the country's spy service, to directly approach terror suspects in order to disrupt their plans. CSIS is currently permitted only to collect intelligence and pass the information on to police. The spy agency will now be able to cancel plane or other travel reservations made by Canadians suspected of being involved in terrorism. The new activities by CSIS will require approval by a judge. Police already have many of these powers that CSIS will acquire but the government wanted the spy agency to be able to act right away if they see a threat. We've seen how well secret "no-fly" lists work here in the US. Once you're on the list, you can't get off it, barring an expensive lawsuit. We've also seen how well the US government's "terrorist watchlist" works, what with 40% of those "watchlisted" having "no recognized terrorist group affiliation." If this legislation passes (and seeing that Parliament is stocked with Harper supporters, there's no reason to believe it won't), Canadians can expect the same sort of secretive incompetence. Supposedly, citizens will be able to challenge their appearance on the "no fly" list, but given the wording used in the legislation, they may as well throw their written requests into the nearest wastebasket. If the Minister does not make a decision in respect of the application within 90 days after the day on which the application is received, or within any further period that is agreed on by the Minister and the applicant, the Minister is deemed to have decided not to remove the applicant’s name from the list. Not making a decision is one of the easiest things anyone can do. Not making a decision in a timely manner is even easier. The "administrative recourse" process effectively ends the minute it hits the Minister's desk. To take someone off the list is to take a risk. To simply do nothing for 90 days is easier and safer. Harper himself has been selling the bill to the public, tossing out statements no public should willingly get behind. Under current law it is a crime to make a specific threat. The new law will make it a crime to call for a terror attack against Canadians generally. It includes any public threat including online. "We cannot tolerate this any more than we tolerate people that make jokes about bomb threats at airports," Harper said. "Anyone engaging in that kind of activity is going to face the full force of the law in the future." Wonderful. This is sort of zero-tolerance thinking that gets careless Twitter users arrested. "Joking" about non-specific threats will soon be indistinguishable from actually making terroristic threats -- and subjects jokers to a possible five-year prison sentence. New problems also arise for website owners. If the court is satisfied, on a balance of probabilities, that the material is available to the public and is terrorist propaganda or computer data that makes terrorist propaganda available, it may order the computer system’s custodian to delete the material. So, linking to "terrorist propaganda" is illegal, which would make retweeting anything terrorist-related a potentially criminal act. And the legislation provides no safeguard for websites and platforms that host or transmit third-party content. Instead of addressing the users who post this content, the government is looking to just pin it on whoever's URL happens to be at the top of the webpage. As for the CSIS, the nation's spy service will enjoy expanded powers to spy on both foreigners and domestic citizens alike. The legislation suggests the spy agency's domestic powers will be more limited inside Canada… The Service shall not take measures to reduce a threat to the security of Canada if those measures will contravene a right or freedom guaranteed by the Canadian Charter of Rights and Freedoms or will be contrary to other Canadian law… before going on to strip away most of these protections by the end of the sentence: ...unless the Service is authorized to take them by a warrant issued under section 21.1. Section 21.1 is being heavily amended as well and ties warrant application rejection/approval to : ...the facts relied on to justify the belief on reasonable grounds that the warrant continues to be required to enable the Service to take the measures specified in it to reduce a threat to the security of Canada… Goodbye, probable cause and say hello to national security exceptions and a lowered bar of "reasonable grounds." It's the PATRIOT Act all over again. Only the flag in "flag-waving" has changed. It's not that legislators actively wish for attacks on their constituents and fellow government employees. It's just that they're so quick to leverage attacks into expanded government power. Permalink | Comments | Email This Story

Read More...
posted 29 days ago on techdirt
It took a while, but Verizon appears to finally have gotten the message that consumers don't like companies fiddling with their traffic and ignoring all of their privacy preferences (weird, right?). The wireless carrier has taken heat for several months now for its practicing of embedding all wireless user traffic with a unique identifier traffic header (or UIDH). That header was intended to help Verizon track user online behavior via its own programs, but because it's transmitted for everyone to see, the potential for abuse was high and -- despite Verizon's claims to the contrary -- it pretty quickly wound up being abused. One of the biggest problems with the program (aside from modifying user traffic to begin with) was that if a user opted out of Verizon's program, they were only able to opt out of personalized ad delivery -- not the embedding of the UIDH. After months of staying largely mute on the subject, Verizon has issued a statement saying that its opt-out service will actually work -- sometime "soon":"Verizon takes customer privacy seriously and it is a central consideration as we develop new products and services. As the mobile advertising ecosystem evolves, and our advertising business grows, delivering solutions with best-in-class privacy protections remains our focus. We listen to our customers and provide them the ability to opt out of our advertising programs. We have begun working to expand the opt-out to include the identifier referred to as the UIDH, and expect that to be available soon. As a reminder, Verizon never shares customer information with third parties as part of our advertising programs."Again, you're not "taking customer privacy seriously" when you develop and use a system that not only makes all of their privacy choices completely irrelevant, but broadcasts their online behavior for any unethical nitwit to abuse. That would, by fairly strict definition, be not taking consumer privacy seriously. While not engaging in this practice at all (or requiring that users opt in) would be a preferred solution, functional opt out would at least be an improvement, though it still raises questions about what kind of privacy protections need to be in place to prevent us from playing Whac-a-Mole with an endless parade of bad ideas just like this one. Back in 2008, Verizon stated that the wireless industry didn't really need consumer privacy protections because public shame would keep them honest; though it's worth repeating that this program was in play for two years before security researchers even noticed it. It stumbled forth another four months before Verizon finally stated it would do something about it -- eventually. Verizon's decision came a day after the company received a letter from the Committee on Commerce, Science and Transportation asking for more details on the program. So while the company's hoping to avoid tougher consumer protections (like oh, any location data privacy protections whatsoever or Title II), it's once again proving quite clearly why we actually need someone guarding the privacy henhouse with notably sharper teeth.Permalink | Comments | Email This Story

Read More...
posted 29 days ago on techdirt
If you've been following along with our coverage on how the French are using the Charlie Hebdo attacks as cover to completely lose their minds, you probably thought it couldn't get any worse than declaring war on the internet and news agencies. It's gotten worse. So, so much worse. On Wednesday the French government launched a website to counter terrorism in the wake of the Charlie Hebdo attacks. Its message of national unity, aimed at young people who could be radicalised as well as the general public, quickly made a splash on the internet. The site was liked 17,000 times on Facebook; its official Twitter hashtag (#StopDJihadisme) was used 12,000 times; and a slick video meant to counter jihadist recruiters got over half a million hits. But it didn't take long for sarcasm to emerge. And it was the government's infographic about radicalisation that seemed to catch the internet's attention most of all. Here's the infographic in all of its glory. See that image in the upper right-hand corner? You know, the one that looks like a baguette that has been crossed out? Well, it's part of the larger government-inspired fear propaganda that lists out all of the supposedly tell-tale signs that a person you thought was cool has, like, totally gone all Jihad, dude. Those signs include people who have dropped old friendships, withdrawn from their sports teams, or have recently changed the way they dress. You know, teenagers. But that baguette thing. Boy, that really got the snark rolling. "The government invites you to be wary of those who do not eat baguettes," said one user, in a theme that was echoed by many others. Jonathan Russell, Political Liaison Officer at the London-based counter-extremism Quilliam Foundation, told BBC Trending that sarcasm is to be expected when it comes to government-run campaigns. "The general response is that people don't like to be told how to think," he said. "This doesn't mean that those doing the mocking are supportive of extremism. It's more that because it is a centrally run campaign it lacks an element of credibility". It's more dire than that, actually. People, for all of their failings, recognize government BS when they see it. Much like when older Americans were taught to sit underneath their desks in case of a nuclear strike by those pesky commies, a government that informs its citizens to be on the watch for people who change their dietary habits is equal parts laughable and fully-expected. Because when government tries to do this kind of catch-all "be on the lookout," it almost always does it poorly. Those that can't grasp how silly this kind of thing is, on the other hand, fall victim to the fear-based hysteria. Permalink | Comments | Email This Story

Read More...