posted 24 days ago on techdirt
For the past couple of years now, the Justice Department has been exploring the so-called "consent decree" around music publishing. This was an agreement, first made in 1941, and then reviewed in 2001, on how music performing rights organizations (mainly ASCAP and BMI) could operate without violating antitrust rules. Without such consent decrees, there was a quite reasonable fear that the performing rights organizations (PROs) would abuse their monopoly positions. This is not a theoretical argument. If you look around the globe, there are many, many, many, many, many stories of these organizations behaving badly. In this case, ASCAP and BMI had been whining that because of those darn internet companies not paying enough, they need to get rid of the consent decree, mainly so that they can do more to jack up rates (there's more to it, but the end result is they want to be able to withhold rights to force rates up). Of course, in opening up this can of worms, they also got the DOJ to start looking more closely at other practices, including an exploration into so-called split works or "fractional licensing." The details here can get confusing, but in short: when a work has multiple copyright holders, many have argued that you need to get a license and/or approval from every copyright holder. But if you look at the legislative history of the 1976 Copyright Act, legislators made it clear that under the act, they intended to make it clear that any copyright holder in a work with multiple authors had the right to license the whole work. And now... the DOJ has agreed. It issued an announcement with two key points: it would not take away the consent decree and it said that the law requires "full work" licenses, meaning a single copyright holder can grant a license for the entire work. This is a good thing. It's a very good thing. The DOJ's explanation for this is pretty straightforward: In the end, the Division concluded that only full-work licenses could fulfill the purpose and meaning of the requirement in the consent decrees that ASCAP and BMI offer blanket licenses that provide users the ability to play all the songs in the PROs’ repertories. Importantly, this does not mean that ASCAP and BMI are required to provide a full-work license to a work when their members cannot grant them the ability to offer such a license. That is, we do not suggest an interpretation of the blanket license that is inconsistent with the Copyright Act. Rather, if the members of ASCAP or BMI are unable to grant to their PRO the rights to license their works on a full-work basis, those works are ineligible for licensing by ASCAP or BMI. Both sides in this debate pointed to past practices they believed supported their view of whether ASCAP and BMI licenses were full-work or fractional. We think the evidence favors the full-work side. Our determination begins with the language of the consent decrees themselves, which unambiguously require ASCAP and BMI to offer licenses to all works or compositions in their repertories, and not to interests in works. For example, in the case of ASCAP, it must provide a license to perform “all of the works in the ASCAP repertory.” Our view is also based on what is required for all participants in the industry to enjoy the substantial procompetitive benefits of the PROs’ blanket licenses – benefits that differentiate the PROs from joint price-setting entities that often present significant problems under the antitrust laws. The Supreme Court described blanket licenses in the BMI case as providing “unplanned, rapid, and indemnified access” to the songs in the PROs repertories. Fractional licenses would not offer the benefits the Supreme Court described. A full-work blanket license from ASCAP or BMI allows the music user to publicly perform, without risk of copyright infringement liability, all works in the licensing PRO’s repertory. Particularly for music users – such as bars and restaurants – that cannot meaningfully control in advance the music they play in public, this feature of the PROs’ licenses benefits both the licensees as well as music creators in that it ensures that users can and will continue to play the creators’ music. Fractional licensing would not offer the same benefits to users. If a PRO’s license granted a user something less than a license to play a particular song, music users seeking to avoid infringement liability would face the daunting task of identifying and ensuring they obtained licenses from all fractional owners – a challenge made more difficult by the lack of a comprehensive, reliable, and transparent catalog of rights. Under those conditions, even music users with control over the music they perform would have to curtail their performance of music until they were certain they had obtained licenses from all fractional owners. As BMI itself argued in a recent rate-court filing, a BMI license grants to a music user “insurance against copyright infringement . . . and immediate access to more than 10.5 million works in BMI’s repertoire.” A fractional license could not provide these benefits. A lot of this was rumored a month or so ago, and a bunch of songwriters and publishers freaked out about it. They shouldn't be freaking out about it. This is actually good for them. Back when the expected result was leaked to the press, even Digital Music News, which frequently sides with the legacy industry, said directly that the songwriters' freak out was wrong and that this was a good thing for the music world -- and also notes that this could help finally create the holy grail in the music industry of a single database of published songs. This should also help create more useful services that will get consumers to use authorized music sources, rather than unauthorized ones. As we've covered, ASCAP played some ridiculous tricks on music services like Pandora, and got slammed for it. But with full work licensing, such gaming will be even less possible, creating more openings for new music services to thrive. Of course, the PROs, ASCAP and BMI, immediately lost their shit over this announcement and promised to fight back. BMI also announced that it will go to court to try to overturn this decision, while ASCAP has decided to focus on getting Congress to fix it through the legislative route (there's a reason for this bifurcated approach: in the cases involving both organizations, both BMI and ASCAP recognize that BMI has a judge that seems more willing to accept BMI's version of the story, whereas ASCAP's slimy behavior was so egregious that the judge covering its case actually understands the issues at play). The end result, though, is the same old story: ASCAP and BMI want to abuse their monopoly position to try to jack up rates. Meanwhile, by not allowing that to happen, most songwriters will actually be better off, allowing more useful services to thrive, creating more opportunities for revenue. It's kind of insane that we have to point this out over and over again, but the legacy industry always fights against new innovations in the false belief that it will harm revenue -- yet when they learn how to embrace the opportunities, it turns out that a larger audience has been created and there are even more ways to make money. But ASCAP and BMI, like the RIAA on the recording side, are so focused on controlling their turf rather than seeing the big picture that they miss this entirely.Permalink | Comments | Email This Story

Read More...
posted 24 days ago on techdirt
The United States Olympic Committee (USOC) must spend a majority of the four-year break between Olympics thinking up new, spectacularly petty demands to make of everyone when the next event rolls around. It's always been overbearing and thuggish, but it seems determined to top itself with each new iteration of its sports-related boondoggle. In the run-up to this year's particularly dystopian Olympic games, being hosted in a city without clean water or a clean police force, the USOC has already demanded: - That a company take down Olympic-related social media posts pertaining to the Olympic athlete the company is sponsoring - That no non-official commercial entities are allowed to use certain hashtags in tweets - That no "non-media" companies are allowed to refer to the Olympic games, outcomes of events, or even share/repost content posted by official Olympic media accounts It's these last two that are being challenged -- not by a megacorporation unable to buy its way into the USOC's good graces, but a Minnesota-located franchise of the Zerorez carpet cleaning business. A small business in Minnesota is suing over the US Olympic Committee’s ban on tweeting about the Olympic games. The Committee announced last month that non-sponsors are banned from even using hashtags like #Rio2016 or #TeamUSA. Zerorez, a carpet cleaning business in Minnesota, will file suit in U.S. District Court on Thursday. So why is this seemingly random floor cleaning business in Minnesota the one suing? They simply want to root for the home team. “They’re very engaged with social media,” Aaron Hall, CEO of the JUX Law firm, told me over the phone. “They felt concerned about being censored on social media, especially at a time when we’re going through a time of pain and negativity.” The JUX Law firm filed its lawsuit [PDF] Thursday, angling for declaratory judgment that would give it permission to do all the things the USOC seems to feel no businesses should be allowed to do when the Olympics roll around. (h/t to JUX Law for sending me a copy of the filing before it hit PACER.) Under 28 U.S.C. § 2201 and Minn. Stat. ch 555 (Uniform Declaratory Judgments Act), Zerorez seeks a declaratory judgment regarding its rights to discuss the Olympics in social media and other online forms of public discourse as follows: a. The examples of social media posts in paragraph 11 do not violate the Ted Stevens Olympic and Amateur Sports Act nor the trademark rights of the USOC; b. Businesses, including those that are not official Olympic sponsors, are not entirely precluded from engaging in conversation about the Olympics, Olympic results, and Olympic athletes on social media; c. It is possible for businesses, including those that are not official Olympic sponsors, to mention the Olympics, Olympic results, and Olympic athletes on social media without violating the legal rights of the U.S. Olympic Committee; d. The U.S. Olympic Committee exaggerated the strength of its legal rights by claiming “commercial entities may not post about the Games on their corporate social media accounts;” e. The U.S. Olympic Committee exaggerated the strength of its legal rights by claiming businesses categorically cannot use its trademarked words and phrases, such as Olympic, Olympian, and Team USA, on social media and websites; f. The U.S. Olympic Committee exaggerated the strength of its legal rights by claiming businesses may not wish good luck to Olympic athletes on social media; g. The mere mention of the Olympics, Olympic results, and Olympic athletes, by a business not sponsoring the Olympics, is not necessarily a violation of rights of the U.S. Olympic Committee; h. The USOC’s trademark rights in hashtags such as #TeamUSA, #Olympics, and #Rio2016, do not categorically prohibit businesses from using those hashtags to accurately reference these Olympic topics; i. The USOC has misrepresented and exaggerated the authority granted to it under the Ted Stevens Olympic and Amateur Sports Act; j. If the Ted Stevens Olympic and Amateur Sports Act were interpreted so broadly as to prohibit all businesses from non-commercial speech regarding the Olympics, the Act would be unconstitutional because it would restrict First Amendment rights; k. The USOC violated fundamental Constitutional rights as set forth in this Complaint; l. Speech is not commercial in nature merely because it is on a business’s social media account; and m. A statement about the Olympics on social media, that does not propose a commercial transaction and reference a specific product or service, is not commercial speech and does not violate the USOC’s rights. The post contains examples of tweets Zerorez would like to send out, but the USCO's new rules apparently forbid it from doing so and place it in danger of being on the receiving end of a lawsuit, rather than dishing one out. Congrats to the 11 Minnesotans competing in 10 different sports at the Rio 2016 Olympics! #rioready Are any Minnesotans heading to #Rio to watch the #Olympics? #RoadToRio St. Cloud native Alise Post is an #Olympian competing in the #Olympic BMX events today. Follow her at @alisepost11 Good luck to our 11 Minnesota Olympians competing in #RIO2016. All very innocuous, supportive and non-deceptive. And all the sort of thing the USOC says no one but official sponsors are allowed to do. I'm not sure this is the sort of declaratory judgment filing Mike was asking for at the end of his post about how the USOC harms Olympic athletes with these stupid social media rules, but it's the only one we have at this point. There are some interesting First Amendment issues tucked in between the USOC's outsized trademark assertions and the lower protections afforded commercial speech. There's zero chance this will even be viewed by a judge until after the Olympic games are underway and any decision will probably arrive after the games have finished. But if it does contain enough actionable claims that the court doesn't toss it after the first motion to dismiss, there's a slim chance the USOC won't be able to be quite so overreaching in the future. If nothing else, Zerorez may find itself freed of USOC stupidity. If it does that, many other commercial entities and nonprofits will probably seek similar judgments of their own. Permalink | Comments | Email This Story

Read More...
posted 24 days ago on techdirt
Is there no goodwill that the Pokemon Company's lawyers won't step in and kill off? With the popularity of Pokemon Go, some third parties had started trying to develop some services to go with it, and as part of that, a few have tried to create Pokemon Go APIs. A user going by the name Mila432 had created an unofficial Pokemon Go API in Python, and posted it to GitHub. If you go now, you may notice that the Readme now reads: see you in court nianticlabs, with love from russia xoxo That's because the Pokemon Company (not the game developer Niantic, but rather the Nintendo subsidiary that owns a piece of Niantic along with all the Pokemon rights) sent Mila432 a legal nastygram claiming that the creation of the API could violate the Computer Fraud and Abuse Act (CFAA). Mila432 posted screenshots to Reddit. We have all the screenshots posted at the end of this post. The letter first claims that creating this API is a violation of Pokemon's Terms of Use as well as Pokemon Go's Terms of Service. But, more importantly (and ridiculously) it claims a violation of the CFAA -- a law we've discussed many times before, mainly for it being the one law "that sticks" when no law was actually broken, but you've done something people dislike "with a computer." Here's what Pokemon's lawyers have to say: Additionally, your actions with respect to the Mila 432/Pokemon_Go_API potentially violate the federal Computer Fraud and Abuse Act ("CFAA"), a statute that prohibits the unauthorized access of servers and access which exceeds authorization, as well as similar state statutes. And your inducement of others to violate numerous terms of service provisions violates the CFAA. While notice is not a prerequisite to liability, Pokemon hereby puts you on notice that you are barred from accessing Pokemon servers or infrastructure, and barred from facilitating access by others. Any continued access, whether directly or at your direction or on your behalf, will be unauthorized. See that language right there, about putting Mila432 "on notice" and saying that s/he is barred? That's straight out of the very recent Facebook v. Power.com decision in California, where the court ruled that once a company (in that case, Facebook) had sent a cease-and-desist notice, any further access was a CFAA violation. We were troubled by that ruling, and the use of it here further illustrates how problematic it was. Now, yes, you can argue that unauthorized APIs can cause problems for games -- and that's true. Of course, it can also help make them more compelling by allowing others to build on the game and add more value. But, wherever you come down on that debate, going legal seems pretty silly. Niantic, for its part, had simply gone the technology route of limiting access to third-party servers, to deal with some quality of service problems created by such third parties accessing its system. That is, rather than totally freak out about such APIs, it noted the actual problem (overloaded machines) and sought to fix it through technology. It's just the Pokemon company that took it up a few unnecessary notches to pull out a big gun like the CFAA. But, I guess, how can I be surprised? This is the same company that legally fucked over a party by Pokemon fans at PAX last year, suing the people who organized it.Permalink | Comments | Email This Story

Read More...
posted 24 days ago on techdirt
We've talked a few times about how incumbent broadband providers often use their ownership of city utility poles (or their "ownership" of entire city councils and state legislatures) to slow Google Fiber's arrival in new markets. In California and Texas, AT&T has often been accused of using the process of pole attachment approval to intentionally block or slow down the arrival of competitors. AT&T also recently sued the city of Louisville for streamlining utility pole attachment rules intended to dramatically speed up the time it takes to attach new fiber to poles. This week this fight extended into Nashville, where Comcast and AT&T are again fighting pole attachment reform. Google Fiber supports "one touch make ready" pole attachment rules, which lets a licensed, insured third party contractor move any ISP's gear on a utility pole (often a matter of inches) to install new fiber. Being incumbents with networks already deployed, Comcast, AT&T and Charter obviously have a vested interest in making sure this doesn't happen. As such, they've started loudly bitching about Google Fiber to local Nashville news outlets: "Just because you spell your name with eight different colors doesn’t mean you can’t play by the rules that everybody else has to fucking play by,” says one operative, venting about Google’s reputation for wooing local officials in various cities into accommodating the company. These incumbents have, as a refresher, spent a generation paying for, writing and lobbying for state and local rules that make it hard or impossible to actually compete with them. That anybody would believe these companies' complaints about "fairness" is dumbfounding, yet given their political power, these arguments go much further than they should. AT&T, for example, is telling Nashville politicians they only oppose Google Fiber's reform plan because they care so much about unions: “While we have not seen the proposed ordinance, we are concerned that a make-ready ordinance would interfere with our contractual commitment to have our skilled employees represented by the Communications Workers of America perform make-ready work on our behalf,” says AT&T Tennessee spokesperson Joe Burgan. “Beyond that, we have serious concerns with other companies being allowed to perform work on our facilities without providing us notice, which could put service reliability and public safety at risk in some circumstances. Additionally, jurisdiction to regulate pole attachments rests with the FCC, and municipalities have no authority under federal or state law to enact the ordinance being proposed here.” To be very clear, such "one touch make ready" reform rules are broadly supported as a way to speed up broadband deployment. Contrary to AT&T's claim, under most implementations of these rules, incumbent ISPs still receive forewarning about upcoming work, they just have to respond and approve (or reject, with reasons) these requests on a much shorter time scale so they can't use the system to unfair advantage. And it's not "other companies" performing the work, it's independent, licensed and insured third party contractors that have already been doing this kind of work all over the country -- often for the incumbents themselves. These are the same companies that bitch endlessly about "burdensome regulations," yet consistently write, lobby for and pass regulations that hinder competitors from disrupting the market. In this case, AT&T's next likely step is to file a lawsuit against Nashville just as it did in Louisville, all the while pretending (despite a generation of contradictory evidence) it's just a stickler for level playing fields.Permalink | Comments | Email This Story

Read More...
posted 25 days ago on techdirt
Techdirt has been following the rise of small, low-cost drones for some years. A major milestone was the release of the FAA's draft rules for the devices, which came out last February. Quartz has just published an interesting report of an FAA conference on the future uses of drones in US airspace, at which the following statistic was quoted: Federal Aviation Administration director Michael Huerta told the gathered crowd that more than consumer 500,000 drones had been registered with the agency since December. Quartz provides some context for the figure of half-a-million newly-registered drones: According to the FAA, it took 100 years for about 320,000 regular aircraft to be registered with US officials -- a feat that drones have surpassed in a matter of months. Granted, even the largest consumer drone is far smaller than the average plane, helicopter or hot-air balloon, but it's an impressive statistic for an agency that has been criticized in the past for moving slowly on regulations that adapt to the growing uses for drones. As that rightly notes, there's a world of difference between today's small drones -- "consumer" in this context means anything weighing more than 0.5lbs -- and traditional aircraft. But in many ways, it's exactly the same difference between the very first PCs, and the mainframes and minicomputer systems that had existed for decades. In that respect, we can see the 500,000 registered drones as an indication that we are now truly in the age of the PD -- the Personal Drone. The conference also touched on a key concern raised by Karl Bode last year, who was worried that over-strict regulation of drones might kill off some promising new business models. Quartz reports: Speakers discussed the potential for drone operations beyond the line of sight in the future. And the FAA is already testing out the feasibility of delivery services like this. Last month it approved a test by the drone delivery service Flirtey and 7-Eleven to deliver some snacks to a household in Arizona. Combined with the sizable installed base of personal drones just revealed, that's a good sign for the future of the sector if it is to continue tracking the PC industry in terms of rapid growth. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 25 days ago on techdirt
Over and over again we've seen people try to interpret anything someone says about them that they don't like as defamatory. But just because you don't like what's said, that doesn't make it defamatory -- and that can also apply even if the statements actually were false. We've written a lot in the past about the importance of protecting anonymous speech online, so it's good to see a good ruling in California protecting the anonymity of an online critic (found via Eriq Gardner's story at The Hollywood Reporter). The story involves an anonymous email that was sent to a Sony exec and a producer working on the movie Goosebumps, raising some issues about a visual effects company, named Vitality, doing work on the film. There's a lot of background here that can get confusing so I'll try to detail it here as simply as possible: A few years ago, a special effects house named Hydraulx did visual effect work on a Sony Pictures film, Battle: Los Angeles. At the same time, Hydraulx was producing an entirely separate (non-Sony) film Skyline that had some similar plot points (aliens invade LA). There was a fairly public dispute in which Sony accused Hydraulx of a variety of things stemming from this apparent conflict of interest. Eventually that dispute was settled. Sony and the producers of Goosebumps hired a visual effects company named Vitality to work on the effects in that movie. There's some more in there, but that should cover the key establishing facts. This lawsuit was against an anonymous person who sent an email to Sony and a producer of Goosebumps suggesting Vitality is actually the same company as Hydraulx and expressing surprise that Sony would work with them again after the earlier dispute -- and also wondering if perhaps Vitality had hidden the Hydraulx connection in getting the job. Here's the email: I hoped I might whistle-blow on Vitality Visual Effects and Hydraulx. I was surprised to see ‘Goosebumps’ on Vitalitys [sic] IMDB as Vitality is co-owned by Greg and Colin Strause of Hydraulx and I thought neither you nor Sony had a good relationship with the Brothers after Skyline/Battle L.A. Vitality and Hydraulx share owners (Greg & Colin), their Exec Guy Botham works for both companies - Vitality and Hydraulx even share L.A. and Vancouver offices, hardware, and infrastructure. If Vitality misinformed you or Sony as to its ownership or profit participants in any way, please take my email into consideration. I am a concerned vfx professional whom, myself, has been burned by Greg and Colin and I do not like people perpetuating what I consider bad business practices. Thank you for your time in reading. I hope this email helps. Regards, A concerned VFX recruit. Separately, Hydraulx and the Strauses were already engaged in a defamation lawsuit against some anonymous critics who had sent emails to a movie studio that Hydraulx was working with, claiming that the company was on the verge of financial collapse. Perhaps thinking this new email was from the same, or a related, individual Hydraulx added this person "Doe 2" to that lawsuit and went about trying to discover who it was. Doe 2 filed an anti-SLAPP claim under California's (pretty good) anti-SLAPP law. A state trial court recognizing (correctly) that you can't reveal anonymous speakers without showing a prima facie case of defamation looked at the various statements in the email and determined that they were enough to show defamation -- and then ordered discovery to go forward to identify Doe 2. To establish the defamation case, there were statements from the various people behind Hydraulx and Vitality insisting that the Strause brothers had no ownership at all in Vitality (there are separate statements in the ruling suggesting that Hydraulx had sold its old equipment to Vitality, but it's never addressed if that's true or not) On appeal, the appeals court has rejected that pretty soundly, noting that a variety of points. But, most importantly, it finds that even though the statement about the same ownership may be false, that isn't enough to reveal an anonymous speaker. The key to rejecting the defamation claim: most of the statements aren't actually about Hydraulx, but Vitality. On top of that, all of the statements can be seen as either statements of opinion or simply not defamatory at all. There's a big discussion on whether or not the use of the word "whistle-blow" implied some sort of criminal activity on the part of Hydraulx, but the court says it does not: The trial court expressed a concern that “in the language of the law,” “whistleblower” implied Hydraulx engaged in criminal or wrongful conduct: “People don’t whistle-blow fun, nice things that are meaningless. People whistle-blow wrongdoing. . . . And the word whistle-blow . . . causes me to read it in a different light.” While we agree that, in the context of litigation, the term “whistle-blow” can imply an allegation of criminal or wrongful conduct, we must consider the word in the context of Doe 2’s emails and measure its use “not so much by its effect when subjected to the critical analysis of a mind trained in the law, but by the natural and probable effect upon the mind of [the] reader.”... The specific wording of the emails, and the order in which the information is communicated, are instructive. Doe 2 opened his emails with cautionary language, saying, “I hoped I might whistle-blow on Vitality Visual Effects and Hydraulx.”... The words “hoped” and “might” before “whistle-blow” signal that Doe 2 is using the term hyperbolically to introduce a communication of specific information that the recipients may not know. In context, the term explains why he is writing and introduces the information about Vitality and Hydraulx’s supposed shared ownership, which, in and of itself, is not defamatory. The court also notes that just because the common ownership of the two companies, even while false, is not defamatory: Although Greg Strause’s and Bothman’s declarations were sufficient to make a prima facie showing of falsehood with respect to the statements associating Hydraulx with Vitality, the allegation of common ownership is not defamatory on its face and Hydraulx has not offered any extrinsic facts supporting a defamatory innuendo. To the contrary, because Hydraulx’s complaint and declarations portray both companies in a positive light, there is no indication that the inaccurate attribution of common ownership was defamatory. On top of that throughout the email, it's pretty clear that the individual is sharing information that he felt that producers/studio might not know, rather than making defamatory claims. Specifically, the emailer wasn't making new claims that were defamatory but calling attention to previously known information: Hydraulx argues that Doe 2’s offer to “whistle-blow” and references to “bad business practices” and being “burned” imply a defamatory accusation Hydraulx engaged in dishonesty or wrongful conduct beyond the conflicts of interest addressed in the emails. We find that in context, the term “whistle-blow” was used hyperbolically to introduce the disclosed and non-defamatory allegation of common ownership and that Doe 2’s reference to “bad business practices” reasonably referred to the known or disclosed facts: Hydraulx’s Skyline conflict of interest and Vitality’s potential conflict if it failed to disclose common ownership. In context, the only reasonable interpretation of “bad business practices” is in reference to facts known to the recipients of the emails (Hydraulx’s prior conflict of interest) and facts disclosed in the emails (the false allegation of common ownership and Vitality’s potential conflict of interest involving Goosebumps .) Got that? Because the only bad behavior the emailer was referencing by Hydraulx was the already known dispute -- and the only false claim wasn't defamatory, there's no defamation here. Hydraulx isn't claiming that the original stories of conflict of interest around Skyline/Battle:LA are defamatory (because it probably can't), so it can't really say this is defamatory here. Also hurting the defamation case -- the emailed discussions among the folks working on Goosebumps in response to these emails was basically that they didn't even believe it in the first place. The court also finds that the phrase "bad business practices" is so broad and vague that it also cannot be found to be defamatory: The same is true in this case because behavior one person regards as a “bad business practice” may be acceptable to another person and conduct causing one person to feel “burned” may not affect another person at all. Someone might regard something as trivial as failures to return telephone calls as “bad business practices.” Another person might use “bad business practices” to describe fraudulent or unlawful conduct. Similarly, a person might feel “burned” by any range of behavior, from a social snub to a fraudulent transaction. Without some reference to the type of undisclosed misconduct, e.g., “In my opinion, John Jones is a liar,” these comments are too vague and uncertain to be actionable as conveying a defamatory accusation. This is potentially an important ruling on a number of different levels. Sometimes we get so caught up in the "true/false" dichotomy that we don't step back and look at the bigger picture. Indeed, my first impression on reading through the ruling was that the email might, in fact, be defamatory because of the false claims of ownership in Vitality. It was only after walking through the court's careful reasoning that I realized that the court is right here. Just because that claim is false, that doesn't automatically make it defamatory. Defamatory speech needs to not just be false, but false and injure someone's reputation. In this case, the email was clearly trying to portray Vitality in a bad light (and, to a lesser extent, Hydraulx), but the statements making them look bad were either based on factual claims or statements of opinion. The only statement deemed as false didn't harm Hydraulx's reputation at all. It's good to see the court take the time to carefully parse the email this way and break it out. This will provide more protections for anonymous online critics in the future as well.Permalink | Comments | Email This Story

Read More...
posted 25 days ago on techdirt
Getty hasn't been having a very good past few weeks. After getting sued last week by famed photographer Carol Highsmith, after a Getty subsidiary demanded money for her posting her own photographs (which she had donated to the Library of Congress), it's being sued again by independent press agency/wire service Zuma. Zuma claims that Getty was offering 47,048 images of its images for licensing, despite not actually having a license to do so. The full lawsuit is pretty short on details, so it's difficult to assess the legitimacy of the lawsuit. In fact, the lack of detail in the filing makes me wonder if there's a lot more to this story. Most of the filing focuses on highlighting how Getty has rapidly been buying up other photo licensing/stock photo sites, and using that fact to make the assertion (without further evidence) that Getty does not do enough due diligence to make sure the photos it offers for license are properly authorized. It may very well be that Getty screwed up here, but it seems like the complaint should include a few more details. Instead, there's a lot of innuendo. Perhaps the weirdest is using the following tweet from Getty's founder and chairman, Jonathan Klein, back in January as evidence against Getty: What this is in reference to is the fact that Bill Gates had just sold Getty's biggest competitor, Corbis, to the Chinese firm Visual China Group (VCG) while simultaneously, VCG had negotiated a licensing deal with Getty to handle the licensing of all Corbis images outside of China. In short, his reference is pretty clear: for two decades or so, Getty and Corbis had been competing neck and neck, and here was a deal by which he basically got all of Corbis' image collection without having to actually buy Corbis. It's a bit of a crass way to express it, but it doesn't seem that nefarious. In the lawsuit, Zuma paints a much darker picture of this tweet, arguing that there was some sort of secret deal going down that Klein was subtweeting (tweeting about something or someone without directly naming it or them) a deal to get Corbis' imagery without letting the world know the details. Here's how the lawsuit describes it: Upon information and belief, in January 2016, Getty covertly purchased Corbis’ image licensing business via Visual China Group, Getty’s exclusive distributor in China. In response to the clandestine deal, Getty’s then-CEO and current Co-Founder and Chairman, Jonathan Klein tweeted “Almost 21 years but got it. Lovely to get the milk, the cream, cheese, yoghurt and the meat without buying the cow.” @JonathanDKlein, January 22, 2016 at 7:41 A.M. I'm not sure what that has to do with the actual lawsuit at hand, unless something about the Corbis/VCG/Getty deal had something to do with Getty posting Zuma's images. Instead, they just make blanket assertions: Upon information and belief, Getty has been carelessly and recklessly acquiring content, not doing due diligence and not taking adequate measures to prevent infringement as well as falsifying/removing proper copyright management information. In fact, its aggressive acquisition schedule is possible only at the expense of others’ rights. Undeterred by almost two hundred complaints filed with Washington State Attorney General’s Office, despite several lawsuits, and the growing consensus in the industry that its abusive, unethical, and reckless business practices must be addressed, Getty has shown that it cannot and will not reform on its own accord. I'm the last person to go around defending Getty, which I tend to think of as a large copyright troll that has a history of abusive behavior. But a lawsuit like this should be a lot more detailed and have stronger evidence. Perhaps it'll show up later in an amended complaint. It wouldn't surprise me if that was the case -- but filling the initial complaint with random innuendo, rather than directly explaining what Getty did to infringe on Zuma's photographs makes it seem like a weak case.Permalink | Comments | Email This Story

Read More...
posted 25 days ago on techdirt
We're back again with another in our weekly reading list posts of books we think our community will find interesting and thought provoking. Once again, buying the book via the Amazon links in this story also helps support Techdirt. Sometimes when you're focusing on the latest fight over copyright, you forget that the same battles have been fought over and over and over again. Peter Baldwin's book, The Copyright Wars: Three Centuries of Trans-Atlantic Battle does a really great job of highlighting how we're seeing the same battles play out over and over again. We've seen this before -- when we wrote about The Idealist, a book mostly about Aaron Swartz, the first half is really about historical copyright battles, which are incredibly similar to today's battles. Baldwin's book goes into even more detail on centuries upon centuries of battles around copyright law -- what it's for, what it's designed to do and the inevitable tensions it runs into as modern technology changes. It also highlights how some of the battles are really cultural and national battles -- with ideas around openness and sharing stemming more from the American side, while the stronger focus on making copyright solely about protecting creators coming from a more European tradition. This shouldn't be a huge surprise -- things like the Berne Convention which massively expanded copyrights came from a European push and the US was very late in adopting it. But sometimes people get so focused on the expansion of copyright driven by the US film and recording industries that we forget that they were simply co-opting ideas from Europe. Either way, it's an excellent read to put more of our copyright wars into context.Permalink | Comments | Email This Story

Read More...
posted 25 days ago on techdirt
A 23-year-old woman, and mother of a 5-year-old child, is dead. She was killed by police officers who came to serve a warrant for failure to appear charges stemming from a March 11th traffic stop. That this ever escalated to the point where bullets started flying is incomprehensible. Then again, much of what the woman, Korryn Gaines, did was incomprehensible. Gaines apparently considered herself a "sovereign citizen," which meant she chose not to recognize whatever laws she felt weren't worth following -- like registering her vehicle, insuring it, and equipping it with valid plates. Instead, she chose to make plates of her own out of cardboard that made some sort of statement about her sovereign citizen status. The traffic stop on March 11th escalated into an altercation with officers, resulting in more charges being added to the traffic violations. When the SWAT team arrived August 2nd, Gaines warned the officers she would shoot them if they did not leave. At about 9:20 a.m., officers knocked on the door repeatedly with no answer, despite hearing a man and woman inside, as well as a crying child, Johnson said. When officers were able to open the door using a key, they saw Gaines sitting on the floor pointing a 12-gauge shotgun at one of three officers and a 5-year-old near her. Courtney was quickly arrested after running out of the apartment with a 1-year-old boy. Then around 3 p.m., Gaines pointed her weapon at a tactical officer and said, “If you don’t leave, I’m going to kill you,” according to authorities. At that point, officers fired one round and Gaines fired two rounds in return, Johnson said. Authorities fired their weapons again, fatally striking her. The child was also struck by a round during the exchange but did not sustain life-threatening injuries. The twist here is that Gaines was livestreaming the standoff, right up until law enforcement asked Facebook to kill the stream. Facebook complied, and possibly the only record of the incident not controlled by law enforcement disappeared with it. The police issued a statement explaining their actions. “Gaines was posting video of the operation, and followers were encouraging her not to comply with negotiators’ requests that she surrender peacefully,” a spokesperson for the Baltimore County Police Department said. “This was a serious concern; successful negotiations often depend on the negotiators’ ability to converse directly with the subject, without interference or distraction during extremely volatile conditions.” While the assertions made here may be true, the fact that law enforcement can make third-party recordings disappear is highly problematic. While the full statement shows the Baltimore County PD has asked Facebook to retain the video as evidence and will be seeking a search warrant to access the recording, the fact is that the recording will now be in the hands of law enforcement, rather than the public. If any video of the standoff was captured with body cameras, it will be a long time before it's made public -- if it ever is. While very few recordings are truly objective, the one recording of the standoff whose existence can be confirmed is now (mostly) gone. And the unanswered question is whether or not the situation would have been handled differently if the officers knew the public was watching. Facebook's compliance with the request is understandable. I'm sure it has no interest in becoming a live portal for police shootings. It similarly vanished away another live video of a killing by a police officer in Minnesota a few weeks ago, resulting in it harvesting some backlash before it reinstated the recording. Facebook should be far more hesitant to comply in the future. And if law enforcement doesn't like the new status quo, it has nothing but itself to blame. When creating recordings of incidents like these are left to law enforcement, there's rarely anything to show for it. For one, the recordings remain in hands of law enforcement and are only handed over to the public after lengthy delays and with much reluctance. For another -- despite the fact that nearly every vehicle and every officer are equipped with some sort of recording device -- when citizens are killed, there's often no recording of the incident to be found, no matter how many cameras were on the scene. Community activists called on the city to release dashcam and body camera videos from a deadly police shooting last week, but police said a recording of the actual shooting is not available. Police Supt. Eddie Johnson said the actual shooting was not recorded, although all officers on the scene were wearing body cameras. [...] Guglielmi said the body cameras of the two officers who fired into the vehicle were working, but the body camera of the officer who fired the fatal shot was not working. [A] third officer opened fire, hitting and killing the unarmed 18-year-old. An autopsy revealed O’Neal died from a gunshot wound to the back. Sure, that one could have been a fluke, but the PD is still refusing to release the video (which led to the three involved officers being stripped of their powers) for at least 60 days. At least there's some footage, even if the actual shooting wasn't caught on tape. In other incidents, there's nothing at all to see, despite there being plenty of potential "coverage." The college student, John McKenna, was beaten and arrested for assaulting police officers. Cellphone video shot by numerous nearby students clearly showed that the officer attacked McKenna without provocation. When a security camera that should have captured the incident failed to produce any footage, police claimed it had been pointed in another direction. The officer in charge of the security cameras was married to one of the officers accused of beating McKenna. [...] Because of one of the agency’s consent decrees with the Justice Department, all of its police cruisers had been outfitted with cameras. Nine cruisers were at the scene of the incident. The county claimed in court filings that there was no video footage of the altercation because all nine dash cameras had coincidentally malfunctioned, or the tapes had been lost. When it comes to recordings, law enforcement has proven repeatedly it's not up to the job. So, when officers approach third parties to shut down livestreams of volatile situations, these platforms should weigh in law enforcement's track record of opacity against its supposed public safety concerns. Permalink | Comments | Email This Story

Read More...
posted 25 days ago on techdirt
The FCC's attempt to bring some much needed competition to the cable box has birthed an absolute torrent of lobbying shenanigans by the cable and entertainment industries. They've pushed a flood of misleading editorials in major papers and websites claiming the plan is somehow racist and will unveil a piracy apocalypse. They've nudged Congressional campaign contribution recipients to bash the plan as an extreme case of government over-reach. They've also managed to convince the press and some FCC staffers the idea is an attack on copyright, when copyright has absolutely nothing to do with it. Quick background: under the FCC's original proposal (pdf), the FCC wants cable companies to provide programming access to third-party hardware vendors without the need for a CableCARD, the goal being to generate competition in the space resulting in better, cheaper and more open cable boxes. Under the proposal cable operators would be able to use any copyright protection or DRM standard they choose to deliver this content to companies like Google, Amazon or TiVO -- and the FCC has repeatedly stated any final rules would respect existing copyright and financial arrangements between cable and the customer. But because the plan would cost cable providers $21 billion annually in rental fee revenue and result in more open cable boxes (more likely to direct viewers to third party streaming competitors), they've been trying to use a false definition of "copyright" to protect its monopoly stranglehold over cable hardware. And now, the cable industry has another ally in their attempt to mislead the press and public on this subject: The United States Copyright Office. For months the Copyright Office has been quietly going around "educating" DC regulators and politicians on the FCC's cable box reform plan, falsely claiming that the plan is an attack on copyright. These efforts have been effective in getting some of the FCC Commissioners that originally voted to approve the plan to waffle on their decision. The behavior resulted in a number IP lawyers (including Annmarie Bridy) recently warning the Office that it's giving horrible advice and ignoring legal precedent as to the scope of copyright. Undaunted, the Copyright Office this week doubled down on its misleading arguments, sending a letter to Congress (pdf) that's absolutely jam-packed with claims ranging from the incredibly misleading to downright bullshit. At its core, the Office's letter continues to pretend that the FCC’s NPRM would require copyright owners to give their content away for free exploitation by third party devices. That the FCC's plan lets "big tech" hijack cable's innovation and re-purpose it for all manner of nefarious use has been a cable lobbyist argument for the last year, and it pops up repeatedly in the structural underpinnings of the Office's own argument:"The Office's principal reservation is that, as currently proposed, the rule could interfere with copyright owners' rights to license their works as provided by copyright law, and restrict their ability to impose reasonable conditions on the use of these works through the private negotiations that are the hallmark of the vibrant and dynamic MPVD marketplace."Use of phrasing like "vibrant and dynamic" to describe the most-hated industry in the United States gives you a pretty solid sense of the objectivity of the Office's argument. But again, this idea that third parties can simply take cable company programming, throw their own ads on it, and present it as their own isn't what the FCC's proposing. At all. All the same licensing arrangements, consumer cable pricing, advertising, and DRM will remain intact (for better or worse). Throughout the letter, the Copyright Office repeatedly claims that copyright gives cable companies more control than they actually have. While copyright obviously gives an author some control over the copying and redistribution of their works, these rights can't magically be extended wherever and whenever one chooses, especially, as the EFF this week argued in a great reply to the letter, when it conflicts with the rights of the end user:"Once a copyright holder has released their work to paying customers, like cable subscribers, those customers have their own set of rights: to view TV programs at home or on the go, to skip around within the programs as they wish, to search for and organize the programs and other content they’re entitled to see, and to choose tools that enable them to do these things. The Copyright Office’s letter implies that cable and content companies could create new rights for themselves just by writing them into private contracts between each other: the right to control which “platforms and devices” customers can use, the right to limit time-shifting and other fair uses, and the right to “exclude” other software from a customer’s device. While private companies are free to negotiate conditions like these between each other, nothing in the law gives copyright holders the power to impose those conditions on the whole world, snuffing out the rights of users.Of course that's precisely what the cable industry wants to do. For decades the cable industry has enjoyed a captive monopoly over cable hardware, resulting in expensive household rental fees and an erosion in consumer viewing rights. As the more open PC era arrived and challenged the inflexible mantra of traditional cable, the cable industry has worked harder on protecting this model than it has on evolving. Finally faced with a viable threat to monopoly hardware control, cable is falsely claiming that copyright gives it the right to continue imprisoning customers in an antiquated walled garden smelling faintly of old people and mothballs. But here's the important part: copyright law cannot be used for this purpose -- and you'd think the Copyright Office would know that. The Copyright Office is twisting the fact that two private parties can negotiate away fair use and other rights for themselves, but the absolutely cannot negotiate away those rights for the public. Yet that's exactly what the Copyright Office is claiming. In short this isn't a debate about copyright, it's a debate about control. The idea that these new cable boxes and associated services might interfere with contractual agreements around windowing and tiering is simply not a copyright concern and yet here is the Copyright Office incorrectly claiming that it is. The Copyright Office also ignores that these changes don't eliminate or weaken DRM, and that customers using these new, more open cable boxes would still be cable customers, paying the same high prices they always have. Also ignored by the Copyright Office is the fact that these changes would be a net benefit to consumers and countless companies alike. Needless to say, consumer advocacy groups like Public Knowledge were equally unimpressed with the Copyright Office's selective reasoning:"Under the Copyright Office's analysis, the interests of consumers are irrelevant, and fair use is an obstacle to be overcome. This letter is another example of how the Copyright Office has become dedicated to the interests of some copyright holders -- as opposed to providing an accurate interpretation of copyright law."In short, the Copyright Office is being used as a puppet to defend one of the least liked industries in America, distorting the very definition of copyright to help protect said industry's monopoly control over the cable box.Permalink | Comments | Email This Story

Read More...
posted 25 days ago on techdirt
Whether you're on your daily commute or a long road trip, the $25 DashCam Hi-Res Car Video Camera and 8GB MicroSD Card can record what's happening while you're driving with high-quality, up to 1920 x 1080p resolution video. You can store photos and video from your trips on the microSD card. The camera features G-Sensor technology that records even when there is a sudden jerk or shake in case of a sudden stop or an accident. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.Permalink | Comments | Email This Story

Read More...
posted 25 days ago on techdirt
Paul Resnikoff's Digital Music News site is a worthwhile read, often turning up some really interesting news. However, the site pretty consistently takes the legacy music industry's point of view in the various debates on copyright and music services. To me, it has a somewhat unfair bias against many of the new innovators and music platforms that have helped drag the industry (kicking and screaming all the way) into the internet era. But it's still well written and thoughtful, and I appreciate the work that Paul does, even if I don't always agree with his opinion. So consider it quite a surprise to see Resnikoff call out the RIAA on its completely bullshit attacks on YouTube over the past few months. Resnikoff isn't pulling any punches. He points out that basically all of the music video views on YouTube are licensed, and ContentID (for better or for worse) has basically made it easy for the labels to do a "notice and staydown" like they've been demanding for the past few years: But new data not only shows that YouTube isn’t breaking the law, they aren’t even abusing existing copyright law. A recent report from music industry research group Midia revealed that just 2% of YouTube’s music video content is unauthorized. These are illegal UGC uploads of concerts, lyrics videos, the actual videos, or other material that rights owners didn’t green light beforehand. The rest, about 98%, are not only completely authorized, about 75% of them are high-quality and supplied by the labels themselves through Vevo, according to the same dataset. So, if just 2% of music videos are unauthorized and can be taken down using DMCA procedures, what’s the problem here? The Recording Industry Association of America, an organization that represents the three major labels, has been leading the charge against widespread DMCA abuse by video giant. “YouTube takes advantage of the dysfunctional DMCA to do less about piracy than it could and pay unfairly low royalty rates,” RIAA chief executive Cary Sherman declared. “It doesn’t have to be like this.” But is that even true? Adding to the confusing is Content ID, a system created by YouTube to allow content owners to automatically flag their content if it appears on YouTube without permission. Once identified, the owner has the option to remove that content, monetize it, or even strip the audio out of it (for example, if paired with a group of people singing karaoke). YouTube says that system, part of a self-contained copyright ecosystem, makes the DMCA irrelevant in most situations. In other words, if you don’t want your video on YouTube, then you should just remove it. To be clear, looking at the details from Midia itself, it's not saying that only 2% of the videos are unauthorized, but 2% of music video views on YouTube are of unauthorized videos. And that's still an important point. It suggests that, contrary to what the industry likes to claim, the kids these days aren't spending very much time at all using YouTube to watch unauthorized streams. It's almost non-existent. The same report also found that music represents just 12% of all YouTube viewing time. That kinda shows how the claims of the industry about how YouTube is supposedly only successful because of music uploads is complete hogwash. He notes that most musicians themselves recognize the promotional value of YouTube as well, and they'd probably freak out if the labels removed their videos from YouTube (remember, for all the hype about Taylor Swift removing her music from Spotify and other streaming services... she kept her YouTube videos up). As Resnikoff points out, the labels are upset about the amount of money that YouTube pays, but it's pretty clear that the overall value that YouTube provides in terms of audience, exposure, marketing and, yes, some money, is clearly worth it: It’s a simple economic calculation: YouTube offers more value than just a fractional penny rate, and artists and labels are making a calculation that it’s worth it. Otherwise, they would leave. He goes on to point out that the RIAA's complaints make no sense other than as whining because they're upset that Google is so rich... and they're not. In the end it's good to see this data. To hear some in the recording industry explain things, the act as if YouTube is entirely built off of pirated music. I've literally seen some musicians complain that YouTube deliberately allows piracy because that's the only thing that keeps the site afloat. That appears to be based on conspiracy theories, not reality.Permalink | Comments | Email This Story

Read More...
posted 25 days ago on techdirt
While I don't play Pokemon Go, I've still found the public hysteria surrounding the game to be endlessly entertaining. I've laughed as "get off my lawn" types bitch and moan simply because people are having harmless fun in ways they don't understand. I've chuckled as Pokemon Go players forget that the rules of reality still apply while in augmented reality. And I've laughed at the absurd new lawsuits popping up to try and cash in on the phenomenon. Continuing the trend of hysterical reactions to a relatively simple game, New York Governor Andrew Cuomo this week took the step of making online games a violation of parole for sex offenders. Not just Pokemon Go....all "similar games," whatever that winds up meaning. In a prepared statement by the Governor, Cuomo insisted that Pokemon Go was a dangerous new avenue allowing sexual predators to prey on helpless tots:"Protecting New York’s children is priority number one and, as technology evolves, we must ensure these advances don't become new avenues for dangerous predators to prey on new victims," Governor Cuomo said. "These actions will provide safeguards for the players of these augmented reality games and help take one more tool away from those seeking to do harm to our children."Cuomo also sent a letter to Pokemon Go creator Niantic (pdf) urging the company to help keep Pokemon Go out of the hands of sexual predators:"The State has taken action to prohibit sex offenders from using this game, but we need your assistance to make certain that sex offenders will not continue to use Pokémon GO by technologically barring their use. Working together, we can ensure that this danger today does not escalate into a tragedy tomorrow."So yeah, there's obviously a number of huge problems with this. Sex offender registries are already seen as highly controversial and potentially ineffective. The majority of people on them aren't the kind of scary "sexual predators" out to grab kids that the media and politicians like to suggest. In some cases they include people who were caught urinating in public or having consensual sex in semi-public areas. In other words, the vast majority of people on the list have zero interest or likelihood of using the game to go hunting for victims. On top of that, banning the playing of all online games is a pretty major step in potentially ruining the lives of people trying to get back on track. Banning a specific subset of people from playing Pokemon Go alone would be incredibly difficult, but banning the playing of all online games in an age when even single player games often have an online component? It's quite frankly impossible. Meanwhile, such a ban would do nothing to stop a child molester from simply hanging out near obvious "pokestops" without ever having to fire up the game. Cuomo's reaction appears driven by a new report by New York State Senators Jeffrey D. Klein and Diane J. Savino. The report took a list of 100 registered sex offenders across New York City, and compared it to locations where Pokemon Go players gather to fight monsters or collect in-game items. They found 59 instances where a pokéstop or "gym" was within half a block of a sex offenders' home. Granted this being the dense grid that is Manhattan, your chance of being near a sex offender's residence at any given moment is already arguably very high. In short we're talking about potentially demolishing a life for playing games, using new rules that won't be enforceable anyway. That's before you even get to the potential constitutional questions about the freedom of assembly and due process. All so, let's be honest, Cuomo and other politicians can piggyback on the Pokemon Go phenomenon in order to promote themselves as selfless defenders of tots and toddlers.Permalink | Comments | Email This Story

Read More...
posted 25 days ago on techdirt
A few years back, we noted how AT&T had begun charging broadband users a significant premium if they wanted to opt out of the company's Internet Essentials advertising program. Under that program, AT&T uses deep packet inspection to track consumer browsing behavior around the Internet -- down to the second. By default, AT&T users are opted in to the program. If they want to opt out of this data collection, consumers need to not only navigate a confusing array of options, but they also need to pay $44 to $62 more per month. AT&T, in typical fashion, has actually claimed this is a "discount." With the FCC's Title II and net neutrality rules upheld, the agency is now considering new basic broadband privacy protections primarily focused on two things: ensuring ISPs properly disclose what's being collected and sold, and ensuring that ISPs provide customers with clear, working opt-out tools. But the agency is also considering banning ISPs from turning your privacy into an expensive luxury option. Needless to say, Comcast isn't too pleased with this decision. In a new filing with the FCC (pdf) documenting a meeting at the agency, everybody's least liked cable company argues that stopping them from charging more for privacy would, amusingly, hurt consumers by making services more expensive:"We also urged that the Commission allow business models offering discounts or other value to consumers in exchange for allowing ISPs to use their data. As Comcast and others have argued, the FCC has no authority to prohibit or limit these types of programs. Moreover, such a prohibition would harm consumers by, among other things, depriving them of lower-priced offerings, and as FTC Commissioner Ohlhausen points out, “such a ban may prohibit ad supported broadband services and thereby eliminate a way to increase broadband adoption." Yes, that's Comcast actually trying to argue that charging customers more money for privacy is a good thing because it will lower rates and improve broadband adoption. Except as we all know, it's the lack of competition in the broadband space that sets broadband pricing and adoption. And there's yet to be an ISP that has seriously embraced the idea of offering a lower-priced service if consumers agree to have their behavior monetized. All AT&T is doing is taking an already expensive broadband service and tacking a very steep privacy surcharge on top of it. In addition to trying to argue that the FCC doesn't have the authority to police such behavior (not true, it's simply updating existing Title II privacy rules governing phone network CPNI and applying them to broadband), Comcast said that making privacy a luxury option is simply a "bargained-for exchange of information for service":"A bargained-for exchange of information for service is a perfectly acceptable and widely used model throughout the U.S. economy, including the Internet ecosystem, and is consistent with decades of legal precedent and policy goals related to consumer protection and privacy."Again though, the implementation of this idea at AT&T is unique because in the broadband market, users can't switch providers if they don't like their privacy practices. Meanwhile, AT&T not only makes opting out expensive, it makes it incredibly cumbersome and confusing -- ensuring that the least number of users actually take the option. These ISPs consistently argue that they should be treated just like Google and Facebook when it comes to privacy regulations, intentionally ignoring the lack of competition in last mile broadband. As they push harder into content and ads, Comcast, AT&T, and Verizon have all repeatedly tried to argue that there should be absolutely no privacy rules governing broadband because they can self-regulate in the absence of meaningful competition. But as we saw when Verizon was busted for covertly modifying wireless packets to track consumers (one of the things that drove the FCC to take this route to begin with), it's abundantly clear that's simply not the case.Permalink | Comments | Email This Story

Read More...
posted 25 days ago on techdirt
The fact that the best-known music streaming service, Spotify, is still struggling to turn a profit despite its huge popularity, is often held up as proof that making money in a world of digital abundance is almost impossible. Of course, here on Techdirt, we've published many posts about people and companies that have adopted various innovative strategies to get around the problem. But what about music streaming as a mass medium: will it ever be possible to make money in this sector? A fascinating article on Mashable shows that it is already happening, but perhaps not where most people are looking. QQ Music is part of the extensive digital empire of the Chinese giant Tencent, best known for its messaging app WeChat, and now the largest Internet company in Asia. Last year, its turnover was $15.8 billion (pdf). As the Mashable article explains, QQ Music's general manager revealed last week that the service is now profitable. One reason is the sheer scale of Tencent's user base: As one of China's biggest dotcoms -- WeChat has 762 million active users -- the company has far better negotiating power at the table with record labels. Back in 2014, Tencent already used this to its advantage, striking exclusive Chinese distribution deals with large music producers the likes of Sony, Warner Music and South Korea's YG Entertainment. Similarly, QQ Music is itself large compared to Spotify: QQ Music reports 100 million daily active users, and 400 million monthly actives. Spotify, in comparison, has about 100 million monthly actives, although it has 30 million paying subscribers -- three times QQ's 10 million paying subscribers. The secret to QQ Music's profitability seems to be the following: Chinese analyst iResearch estimates that over half of [QQ Music's] users in China would have paid for something on their music apps this year. That could be a one-off purchase like an album or concert tickets, even if it's not an ongoing subscription. Moreover, beyond the 57% that already buy ancillary items, a further 20% said they were willing to do so at some point. That means over three-quarters of QQ Music's users have or will buy other goods. Crucially, Tencent makes that as easy as possible by offering its own payment system as standard. That emphasizes a key point about making money in a world of digital abundance: success flows from removing as many barriers as possible, so that people can pay you for things they want at the moment they want them. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
It's not just FBI agents playing with Home-Grown Terrorist™ Erector Sets. It's also Canada's top law enforcement agency, the Royal Canadian Mounted Police. When there apparently aren't enough actual terrorists to be found, agencies like these need to front the $40 at Wal-Mart for terrorist supplies, or dupe someone with an IQ of 51 into becoming the latest Indictment Du Jour. Despite this, courts have largely gone along with the charade. It's almost impossible for someone to successfully raise an entrapment defense, whether it's a group of senior citizens who've been molded by undercover agents into an ad hoc terror unit or a bunch of easily-impressed thugs being hounded into stealing nonexistent drugs from fake stash houses. Up in Canada, though, the law enforcement game may be played by the same rules, but one court isn't willing to encourage the RCMP's Build-a-Terrorist shenanigans. A British Columbia couple convicted of terrorism charges have had their verdicts tossed out in a scathing court decision that flays the RCMP for its “egregious” conduct in manipulating naive suspects into carrying out a police-manufactured crime. [...] B.C. Supreme Court Justice Catherine Bruce said the Mounties used trickery, deceit and veiled threats to engineer the terrorist acts for which Nuttall and Korody were arrested on Canada Day three years ago. The RCMP, like its US equivalent, only seeks the best of the best when attempting to turn citizens into terrorists. In this case, the RCMP found two easy marks -- both heavily dependent on welfare checks and methadone -- and convinced them they were going to be involved in a revolutionary pressure cooker bombing at some point in the future. Judge Bruce noted that the two suspects contributed almost nothing to the RCMP's plan. In fact, the judge stated that without the RCMP's incredible amount of assistance, any plans to bomb anything likely would never have materialized. The indicted pair weren't exactly self-starters, and the RCMP's undercover agent basically had to act like a maniacal cult leader to get them to do anything at all. She also condemned the behaviour of the primary undercover officer who, at the direction of the operation’s overseers, discouraged Nuttall and Korody from seeking outside spiritual guidance and convinced them he was a member of a powerful international terrorist group that would likely kill them if they failed to follow through. “He was their leader and they were his disciples,” said Bruce, who stayed the proceedings, which threw out the convictions and allowed the couple to walk free after more than three years behind bars. The government is appealing the decision and still firmly believes that the only party that did anything wrong here were the methadone users who hardly did anything. And for their minimal contributions to the RCMP's master plan, the Crown is hoping to get a second chance at putting these two away for the rest of their lives. Judge Bruce's statement when tossing the charges should be repeated on this side of the border, where the FBI seems to expend a majority of its anti-terrorism time and energy pushing reluctant, inept, mostly-incapable people into becoming the bumbling, sacrificial figureheads of ISIS: West. “The world has enough terrorists. We do not need the police to create more.” There appears to be no shortage of legitimate (so to speak…) criminal activity for law enforcement to pursue and investigate. And yet, given the choice, they'd rather craft both criminals and criminal activity from the ground up, scoring easy goals against unguarded nets -- making the world a little less safe while ensuring their budgets are never endangered. Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
Like a ton of people and companies, we've been using Slack here. While we saw some folks claim it was revolutionary, we found it to be a nice, but somewhat marginal, upgrade to our previous use of Skype chat rooms. But, over time, it has certainly gotten comfortable, and there have been some nice feature add-ons and integrations that have made it a pretty cool service overall -- though if you really want to use it to its fullest extent and switch to the paid version, it can get pretty pricey, pretty quickly. I also am in a bunch of other group Slack chats, as it's basically become the platform of choice for group discussions. However, in these days where hacked emails are in the headlines, I can see why some might get nervous about using a tool like Slack. Not that there have been any known breaches of Slack that I'm aware of, and I'm sure that the company takes security very seriously (it would undermine its entire business if it failed on that front...), it's been interesting to see other options start to pop up, which might be more appetizing for those who are extra security conscious. Just as we've been encouraged to see greater use of encryption on mobile phones, email and on websites, it's good to see new entrants trying to take on Slack with a focus on security and privacy. The most recent, and perhaps most interesting, player in the space is SpiderOak, which recently launched its Semaphor Slack competitor on the market. I've been playing around with it -- and while it's early on, it certainly has potential. SpiderOak is the company you should already know of that provides an encrypted "zero knowledge" cloud backup solution. Since you keep the keys, even though it's hosted in the cloud, SpiderOak has no way to decrypt your files should anyone hack in, or should the government come calling. It's now taken that approach to Semaphor, which obviously takes its inspiration from Slack (and feels quite similar), but with the same zero knowledge encrypted setup. You get a key and that encrypts all of the data in your group messaging. There are some limitations there -- of course -- because any team member might leak their key (though whoever gets in would just have access to whatever that team member can see). And, because of this setup, it's not as easy to do "integrations" with third-party apps and services, which is a key selling point of Slack. Semaphor is apparently trying to work its way around this limitation by creating bots that act as their own users within Semaphor (something Slack has also), but where the bots themselves become the key to integrations. It's a bit more clumsy, but if it helps keep things secure, that seems promising. SpiderOak also, kindly, makes the Semaphor client source code available for anyone to audit, which is necessary if anyone's going to take their encryption seriously. Of course, Semaphor is, like Slack, working off a Freemium model, where additional features require per user fees, which can add up. One nice feature of Semaphor that Slack doesn't have: the ability for individuals to pay their own way. That is, there are lots of Slack groups that are general interest groups around certain topics, and not a company's own internal group. Those groups are never going to use a paid option, because there's no "company" to pay for all users. Semaphor offers an alternative, where each user can just pay their own way -- which might be appealing to some user groups. The other alternatives that have been getting some attention lately are a couple of attempts to basically create a truly open source Slack clone that can be self-hosted. The two big players here are Mattermost and RocketChat. Both have built open source, self-hosted Slack clones (and both try to make money by offering paid hosting for those who want it). Mattermost is quite upfront that it's building a Slack alternative -- it's all over its website -- though it also points out that it's tried to improve on some things in Slack. RocketChat doesn't seem to mention Slack, and, frankly, feels a bit behind Mattermost in development (though it also announced that it's about to run a Kickstarter campaign to jumpstart more development. Now, whether or not a self-hosted open source alternative is more secure than Slack... may depend. If you're doing the self-hosted version then you're basically relying on your own ability to keep the implementation secure. That might work. Or, whoever you have securing your installation might not be as good or as responsive as, say, the security team at Slack. But, using an open source solution that you host obviously does provide you with a lot more control and the ability to make any changes you think are necessary. As someone who talks quite frequently about how competition drives innovation, it's great to see all of this happening. I don't think any of them will harm Slack's place in the market, which has become pretty standard in a lot of companies, but as more and more companies are realizing that they need to really think through security of their communications tools, it's a very good thing to see competition popping up. Hopefully, these competitors get stronger as well, and help drive more overall innovation -- including the focus on security and encryption -- across the entire market.Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
Enigma Software joined the long line of aggrieved companies who feel that legal threats and questionable lawsuits are the best form of reputation management. It sued BleepingComputer over a "defamatory review" -- which was actually just a forum post by a member that detailed (with supporting links) its questionable SpyHunter software and its "rogue tactics" over the years. In addition to the defamation claims, Enigma Software also argued that BleepingComputer only did this to steer site readers towards its own products, alleging a handful of Lanham Act violations. Unfortunately, Enigma Software's dubious claims have survived a motion to dismiss by BleepingComputer, thanks to some similarly dubious reasoning [PDF] by the judge presiding over the case. Not only are the Lanham Act claims given far too much credence (thanks to some twisted judicial analysis that assumes that because trademark is a part of the Lanham Act, false advertising claims under the Lanham Act are also intellectual property claims, exempt from Section 230 of the CDA), but the court's decision to allow the lawsuit to process also punches a few more holes in Section 230 protections. Because the author of the post was a third-party contributor, BleepingComputer should not have been held responsible for the content of the post. However, the court appears to be bothered that the user in question was referred to as a "staff member" by BleepingComputer, even if it was actually a volunteer administrative post and BleepingComputer did not directly control the content of the user's contributions. Eric Goldman, in his analysis of the decision, points out that BleepingComputer could have done a better job delineating between actual site administrators and those just helping out, along with providing more comprehensive disclaimers about "superusers" and their contributions to the site. So what did Bleeping do wrong? In retrospect, calling super-users “staff members” is probably not the best titling. At least to this judge, “staff” sounds too much like “employee.” The court also says that site disclosures saying super-users could be “trusted to give correct…answers” meant that Bleeping communicated that these super-users were authorized to post on its behalf. I don’t see that interpretation of the disclosure at all, but it’s also easy to imagine rewording Bleeping’s disclosures to downgrade the risks. For example, Bleeping could make disclosures that super-users had been selected because of their consistently reliable advice, but they remain independent and fallible. That being said, the court's decision does more damage to Section 230 protections by holding websites responsible for the content of certain third-party posts. This determination may be only temporary and fall apart as the lawsuit proceeds, but it still gives those filing questionable lawsuits a glimmer of hope that their dubious claims might survive to fight another day. If nothing else, the assertions made by the court will keep the lawyers fed. Still, I’m irritated by the court’s glossy handling of the Section 230 super-user precedent. I’m also frustrated by the court’s insensitivity to how this ruling undermines Section 230. It green-lights plaintiffs to allege that a user was the site’s implied agent to survive a Section 230 motion to dismiss, even if those allegations fail later in the case. Everyone loses (except the lawyers, of course) when unmeritorious cases get past a Section 230 motion to dismiss. Other issues present themselves as well in this decision. The statute of limitations of defamation (one year) gets an extension, thanks to the court considering certain links to older posts as "republication," flying in the face of several other decisions on the same topic. (It actually doesn't say quite as much, but refuses to "resolve the issue" at this point.) And, on the subject of linking to content to support claims made in an allegedly defamatory post, the court seems to find that something done to deter claims of defamation is actually just the creation of a defamatory echo chamber. The court says this conclusion is reinforced by Bleeping’s and Quietman7’s self-laudatory statements about their credibility and expertise. Thus, the court distinguishes the recent trend of judges presuming that readers don’t take online comments seriously (a trend partially attributable to the NY Sandals case). Also, “[t]he manner of Quietman7’s written presentation—one using footnotes and citations—conveyed further that his advice was based on an ‘investigation’ of verifiable facts.” (Contrast the cases holding that linking to source materials can reduce defamation liability). The court disregards Quietman7’s qualifier statements “[m]y personal recommendation” and “[i]n my opinion.” One of the most infuriating assertions made in this decision is that Enigma Software is still, somehow, a private entity that only needs to make the most minimal of damage assertions to continue pursuing this lawsuit. The court rejects Bleeping’s argument that Enigma is a limited-purpose public figure (which would require Enigma to allege facts showing Bleeping had actual malice) because Enigma’s complaint “does not allege any facts suggesting that ESG has taken a public position on the integrity of its business practices or the quality of its products.” FFS. While focusing on the complaint’s four corners is technically permissible under the legal standards for a motion to dismiss, the judge is allowed to take judicial notice of public statements where Enigma–LIKE EVERY OTHER BUSINESS IN THE UNIVERSE SINCE THE BEGINNING OF TIME–says it does a great job. While this is not a decision in favor of one party or another, the judge's determinations make it clear that BleepingComputer will be paying a whole lot more in legal fees before this lawsuit (hopefully) is resolved in its favor. Enigma's claims -- not including the severely-stretched "unfair competition" assertions -- were so threadbare as to be almost nonexistent. Its defamation accusations included words not actually used in the post and some complete rewriting of certain post sentences in order to shore up its bogus claims. Goldman's very thorough assessment of the decision does find that BleepingComputer could have done a few things in a smarter way to avoid potential Section 230 entanglements, but his overall take is that a decent anti-SLAPP law would have gone a long way towards making this lawsuit disappear before dragging the defendants into expensive discovery proceedings. While he grants that motions to dismiss are viewed in the light most favorable to the non-moving party (Enigma Software), the court here has gone out of its way to keep a highly-questionable defamation lawsuit alive -- and has done damage to Section 230 protections in doing so. Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
Python is an extremely efficient language that can accomplish complicated tasks with minimal amounts of code. This makes it particularly well-suited to system administration and performing security testing tasks. With the Professional Python and Linux Administration Bundle you'll learn about Python, how to administer a Linux system with Python, and how to create and build websites and apps with Python and Django. You get over 60 hours of training for only $49. Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
Last year, we noted how the FCC updated its rules governing routers in the 5 GHz band over safety concerns, stating that some illegally modified router radios operating in the unlicensed bands were interfering with terminal doppler weather radar (TDWR) at airports. The rule changes prohibited tinkering with just the RF capabilities of the devices. But engineers, the EFF, hobbyists and custom-firmware developers feared that because many routers have systems-on-a-chip (SOC) where the radio isn't fully distinguishable from other hardware -- vendors would take the lazy route and block third-party firmware entirely. That only partially happened. While the FCC told us explicitly that locking down third-party firmware was not its intent, router manufacturers like TP-Link did indeed take the lazy route -- locking down its routers to prevent third-party firmware installs, then blaming the FCC for it. Fortunately other router manufacturers like Belkin/Linksys took the opposite tack, going so far as to use the new rules as a marketing opportunity, highlighting how they'd continue to support tinkerers (at least in regards to its WRT line of routers). Companies like Asus also stated they'd continue supporting the tinkering community. Fast forward to this week, when the FCC took some interesting steps to try and force TP-Link's hand on the subject. The regulator announced that it had reached a $200,000 settlement with TP-Link (pdf) for marketing routers to consumers that operated outside of FCC parameters. The FCC's full consent decree (pdf) offers a bit more detail, noting that TP-Link effectively let some router models be modified to operate outside of accepted U.S. parameters via a toggle setting that let users pretend they lived in other countries, opening the door to potential interference. Note that this settlement involved routers in the 2.4 GHz band, while the rule changes above governed the 5 GHz band. But in an interesting wrinkle, the FCC used the settlement to push TP-Link back toward supporting open source third-party firmware for 5 GHz devices:"TP-Link has also agreed to take steps to support innovation in third-party router firmware by committing to investigate security solutions for certain 5 GHz band routers that would permit the use of third-party firmware while meeting the Commission’s security requirements and maintaining the integrity of critical radio parameters."The FCC stated the move was an attempt to balance RF safety and interference policy while supporting the freedom to tinker:"The Commission’s equipment rules strike a careful balance of spurring innovation while protecting against harmful interference,” said Travis LeBlanc, Chief of the Enforcement Bureau. “While manufacturers of Wi-Fi routers must ensure reasonable safeguards to protect radio parameters, users are otherwise free to customize their routers and we support TP-Link’s commitment to work with the opensource community and Wi-Fi chipset manufacturers to enable third-party firmware on TP-Link routers."Note it's not entirely clear just how hard the FCC will push to ensure TP-Link compliance, and what "steps" TP-Link has to take to return to supporting third-party open source firmware remains a little murky. It's also likely that other router manufacturers will continue to take the lazy route and shut out tinkerers from installing third-party firmware. Still, it's a solid signal from the FCC that it at least realizes the value in open source modifications (or the bad PR in hindering it), an increasingly rare position in an era where you often no longer actually own the hardware and devices you buy.Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
If you'd like some more evidence on how civil asset forfeiture has become legalized theft, you need only look at this investigative report by Curt Prendergast for Tuscon.com. Not only is it extremely easy for the government to claim assets are tied to criminal activity, but the obstacles placed in front of individuals to reclaim seized assets are numerous and expensive to navigate -- sometimes outweighing the value of the items seized. On top of that, even when the state loses, it still wins. Arizona residents who have seen their vehicles seized for extremely tenuous connections to criminal activity are still forced to pay an incredible amount of money to reclaim items the state has agreed to return to their owners. The fortunes of a local woman took a disastrous turn when she loaned her car to her son so he could take her granddaughter to school. Her son was arrested on suspicion of credit-card fraud in Oro Valley and police seized the woman’s orange 2005 Mini Cooper, which she said in court documents she needed to drive to her $14-an-hour job at Red Lobster. She hired a lawyer — the court does not provide lawyers in civil matters — to challenge the seizure and subsequent forfeiture proceedings. Authorities agreed on July 7 to return her car, but first she had to pay $2,000 into the Pima County Anti-Racketeering Fund, with $1,500 going to Oro Valley police and $500 to the County Attorney’s Office. The state is the only entity allowed to engage in racketeering, apparently. Someone has to make sure all of these agencies who have already penciled in expected seizures on theirs annual budgets can still hit their numbers. Even if the government withdraws its claim on an asset, every agency with its hand out still needs a cut of the bogus take. This case isn't an anomaly. It's standard operating procedure in Arizona when the government decides to "return" a vehicle. Attorney Rogers, who represented a man who loaned his 2002 BMW to a friend arrested for selling drugs, said the case was typical and ended with a compromise in which his client agreed to pay $1,500 to the multi-agency Counter Narcotics Alliance and $500 to the County Attorney’s Office, as well as $190 in storage and towing fees. Officers seized a 2013 Toyota Corolla in August 2015 at an illegal marijuana grow site in Tucson. The owner of the car said he let his son, who was arrested at the grow site, use the car, but that he had no knowledge of the grow site. His son’s name was on the registration, but the father said his son did not pay for the car in any way. Prosecutors agreed to return the car in February in exchange for $3,431 and $316 in storage and towing fees. The Counter Narcotics Alliance received $2,573 and the County Attorney’s Office received $858. As can be ascertained by these stories, there's no innocent third-party defense available to people whose vehicles have been used for criminal activity while not in their direct control. If you loan a vehicle to someone, you're directly responsible for their actions while using it. The local district attorney claims -- in comments to Prendergast -- that there were no "innocent" parties here… or possibly ever. This ensures a steady flow of ~$2,000 payments by unfortunate car owners in exchange for the full release of their vehicle by the agency performing the seizure. Not that there's any shortage of seized vehicles. The county attorney's annual list of "significant accomplishments" always includes the dollar amount of seized assets, as though the abuse of a process meant to deter criminal activity still means something when it's used to separate innocent car owners from their vehicles. Presumably this dollar amount also includes payments resulting from the government's relinquishment of a person's vehicle -- but not its apparent entitlement to a hefty payout in exchange for returning belongings to their rightful owners. Prendergast notes that the attorney's office tracks every vehicle it seizes. It's not quite as enthusiastic about providing information on the number of vehicles it's returned to owners at $2,000/per. There's a reason the forfeiture process is largely opaque. It does law enforcement agencies no favors when citizens find out they're viewed more as revenue streams than people with rights and property. [W]hat began as a means to a laudable end has, in many instances, become the end itself, where law enforcement authorities appear to focus more on forfeiting money and property than catching and convicting criminals. The reason for this is the perverse profit incentive built into civil forfeiture law: Much, if not all, of the proceeds of successful forfeiture cases are retained by the agencies that do the initial seizing, providing them with a funding mechanism that is totally outside the normal legislative appropriations and oversight process. Police and sheriff’s departments and prosecutors’ offices often end up having a significant budgetary stake in the outcome of forfeiture cases and of the process in general. Indeed, a deputy sheriff in Kane County, Illinois, wrote in a training book that “[a]ll of our home towns are sitting on a tax-liberating gold mine.” And what a gold mine it is. When the government can cushion its losses with a $2,000 fees, there's nothing discouraging law enforcement agencies from seizing everything they can get their hands on, no matter how tenuous the connection to criminal activity. Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
It's a bit of "common wisdom" on the internet that you hear people repeat all the time, even though it's hogwash: the idea that people act trollishly online because they're anonymous. So many people want to blame the anonymity and demand real name policies. Yet, as we've been pointing out for many years, plenty of people troll under their real names -- and tons of valuable content is posted by anonymous users (including right here at Techdirt). And now we've got a bit of research to back that up. Some recent research found that trolls can actually act even worse when they troll under their real name. From the research: Results show that in the context of online firestorms, non-anonymous individuals are more aggressive compared to anonymous individuals. This effect is reinforced if selective incentives are present and if aggressors are intrinsically motivated. Now, this is just one report on one dataset, and there may be a variety of other factors at play. But it certainly matches with our own experience here as well. The idea that people only act like jackasses because they're anonymous just doesn't fit with the pattern we've seen in the over 1 million comments we have on this site. Yes, sometimes there are anonymous jerks, just like there are sometimes named jerks. But on the whole, anonymity doesn't seem to magically lead to worse comments.Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
Okay, okay, I know that Canada doesn't have a First Amendment like we do down here -- even if people like to joke about it being the 51st state -- but it still seems quite bizarre that comedian Mike Ward has been told to pay $42,000 for making an offensive joke about a singer named Jeremy Gabriel. Ward is planning to appeal, but the fact that he's been found guilty of a "human rights" violation seems ridiculous enough. To be clear, the joke was not a particularly nice joke, but still: Gabriel became well known in Quebec after he was flown to Rome to sing for Pope Benedict in 2006. He has Treacher Collins syndrome (TCS), a genetic condition that causes disfigurement. In Ward's 2010 comedy bit, he said he was happy Gabriel — or as he called him, Petit Jérémy — was getting so much attention following the papal visit because he believed Gabriel had a terminal illness and was going to die. Ward thought the papal visit was part of the Make-A-Wish Foundation, an organization that grants wishes to children with life-threatening medical conditions. "But now, five years later, and he's still not dead! … Me, I defended him, like an idiot, and he won't die!" Ward said, adding that Gabriel wasn't dying, but "ugly." It's definitely a kind of punching down joke that feels a bit overly mean, but there are plenty of comics who make their living saying outrageous stuff like that -- which is funny because it's so outrageous. In the end, the decision came down to a clash between the right of freedom of expression... and a right to "dignity, honour and reputation" along with "equality." The court eventually decided that freedom of expression lost to the other two. The court was particularly disturbed by the fact that Ward singled out Gabriel and made fun of his appearance (apparently some other jokes about him were okay). In the end, it said he had to pay Gabriel $35,000 ($10,000 of which were punitive damages). He then had to pay another $7,000 to Gabriel's mother. Beyond filing an appeal, Ward is apparently still doing the joke in his act... but in the context of the new ruling: "One day, the caller ID read: Human Rights Tribunal. When I answered. the woman said, 'Mr. Ward, we're calling you about one of your jokes. We think you know the one," he told the crowd. He went so far as to repeat the same jokes about Gabriel that were at the centre of the complaint from years ago. Anyway, yes, as noted above, the joke is kind of mean, but it's a joke. It's how some comics get laughs -- by saying completely outrageous things. Making that potentially illegal seems like a way to kill off an entire part of comedy. Separately, what kind of world is it when you have a "right to honour and reputation." Aren't those the kind of things you earn, rather than get via a right? I'm not saying that Gabriel doesn't deserve honor and a good reputation, but it seems like a strange thing to include that in the rights of citizens and seems like the kind of thing ripe for widespread abuse any time anyone is offended over almost anything.Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
The EFF has put a lot of thought into how we should deal with the issue of government hacking and how it impacts digital security, and so we're reposting Andrew Crocker's excellent article here. In our society, the rule of law sets limits on what government can and cannot do, no matter how important its goals. To give a simple example, even when chasing a fleeing murder suspect, the police have a duty not to endanger bystanders. The government should pay the same care to our safety in pursuing threats online, but right now we don't have clear, enforceable rules for government activities like hacking and "digital sabotage." And this is no abstract question—these actions increasingly endanger everyone's security. The problem became especially clear this year during the San Bernardino case, involving the FBI's demand that Apple rewrite its iOS operating system to defeat security features on a locked iPhone. Ultimately the FBI exploited an existing vulnerability in iOS and accessed the contents of the phone with the help of an "outside party." Then, with no public process or discussion of the tradeoffs involved, the government refused to tell Apple about the flaw. Despite the obvious fact that the security of the computers and networks we all use is both collective and interwoven—other iPhones used by millions of innocent people presumably have the same vulnerability—the government chose to withhold information Apple could have used to improve the security of its phones. Other examples include intelligence activities like Stuxnet and Bullrun, and law enforcement investigations like the FBI's mass use of malware against Tor users engaged in criminal behavior. These activities are often disproportionate to stopping legitimate threats, resulting in unpatched software for millions of innocent users, overbroad surveillance, and other collateral effects. That's why we're working on a positive agenda to confront governmental threats to digital security. Put more directly, we're calling on lawyers, advocates, technologists, and the public to demand a public discussion of whether, when, and how governments can be empowered to break into our computers, phones, and other devices; sabotage and subvert basic security protocols; and stockpile and exploit software flaws and vulnerabilities. Smart people in academia and elsewhere have been thinking and writing about these issues for years. But it's time to take the next step and make clear, public rules that carry the force of law to ensure that the government weighs the tradeoffs and reaches the right decisions. This long post outlines some of the things that can be done. It frames the issue, then describes some of the key areas where EFF is already pursuing this agenda—in particular formalizing the rules for disclosing vulnerabilities and setting out narrow limits for the use of government malware. Finally it lays out where we think the debate should go from here. Recognizing That Government Intrusion and Subversion of Digital Security Is a Single Issue The first step is to understand a wide range of government activities as part of one larger threat to security. We see the U.S. government attempt to justify and compartmentalize its efforts with terms like "lawful hacking" and "computer network attack." It is easy for the government to argue that the FBI's attempts to subvert the security of Apple iOS in the San Bernardino case are entirely unrelated to the NSA's apparent sabotage of the Dual_EC_DRBG algorithm. Likewise, the intelligence community's development of the Stuxnet worm to target the Iranian nuclear program was governed by a set of rules entirely separate from the FBI's use of malware to target criminals using Tor hidden services. These activities are carried out by different agencies with different missions. But viewing them as separate—or allowing government to present it that way—misses the forest for the trees. When a government takes a step to create, acquire, stockpile or exploit weaknesses in digital security, it risks making us all less safe by failing to bolster that security. Each of these techniques should involve consideration of the tradeoffs involved, and none of them should be viewed as risk-free to the public. They require oversight and clear rules for usage, including consideration of the safety of innocent users of affected technologies. There is hope, albeit indirectly. In the United States, high-ranking government officials have acknowledged that "cyber threats" are the highest priority, and that we should be strengthening our digital security rather weakening it to facilitate government access. In some cases, this is apparently reflected in government policy. For instance, in explaining the government's policy on software vulnerabilities, the cybersecurity coordinator for the White House and the Office of the Director of National Intelligence have both stated in blog posts that the there is a "strong presumption" in favor of disclosing these vulnerabilities to the public so they can be fixed. But the government shouldn't engage in "policy by blog post." Government action that actively sabotages or even collaterally undermines digital security is too important to be left open to executive whim. Finding Models for Transparency and Limits on When Government Can Harm Digital Security While government hacking and other activities that have security implications for the rest of us are not new, they are usually secret. We should demand more transparency and real, enforceable rules. Fortunately, this isn't the first time that new techniques have required balancing public safety along with other values. Traditional surveillance law gives us models to draw from. The Supreme Court's 1967 decision in Berger v. New York is a landmark recognition that electronic wiretapping presents a significant danger to civil liberties. The Court held that because wiretapping is both invasive and surreptitious, the Fourth Amendment required "precise and discriminate" limits on its use. Congress added considerable structure to the Berger Court's pronouncements with the Wiretap Act, first passed as Title III of the Omnibus Crime Control and Safe Streets Act of 1968. First, Title III places a high bar for applications to engage in wiretapping, so that it is more of an exception than a rule, to be used only in serious cases. Second, it imposes strict limits on using the fruits of surveillance, and third, it requires that the public be informed on a yearly basis about the number and type of government wiretaps. Other statutes concerned with classified information also find ways of informing the public while maintaining basic secrecy. For example, the USA Freedom Act, passed in 2015 to reform the intelligence community, requires that significant decisions of the FISA Court either be published in redacted form or be summarized in enough detail to be understood by the public. These principles provide a roadmap that can be used to prevent government from unnecessarily undermining our digital security. Here are a few areas where EFF is working to craft these new rules: Item 1: Rules for When Government Stockpiles Vulnerabilities It's no secret that governments look for vulnerabilities in computers and software that they can exploit for a range of intelligence and surveillance purposes. The Stuxnet worm, which was notable for causing physical or "kinetic" damage to its targets, relied on several previously unknown vulnerabilities, or "zero days," in Windows. Similarly, the FBI relied on a third party's knowledge of a vulnerability in iOS to access the contents of the iPhone in the San Bernardino case. News reports suggest that many governments—including the U.S.—collect these vulnerabilities for future use. The problem is that if a vulnerability has been discovered, it is likely that other actors will also find out about it, meaning the same vulnerability may be exploited by malicious third parties, ranging from nation-state adversaries to simple thieves. This is only exacerbated by the practice of selling vulnerabilities to multiple buyers, sometimes even multiple agencies within a single government. Thanks to a FOIA suit by EFF, we have seen the U.S. government's internal policy on how to decide whether to retain or disclose a zero day, the Vulnerabilities Equities Process (VEP). Unfortunately, the VEP is not a model of clarity, setting out a bureaucratic process without any substantive guidelines in favor of disclosure, More concerning, we've seen no evidence of how the VEP actually functions. As a result, we have no confidence that the government discloses vulnerabilities as often as claimed. The lack of transparency fuels an ongoing divide between technologists and the government. A report published in June by two ex-government officials—relying heavily on the document from EFF's lawsuit—offers a number of helpful recommendations for improving the government's credibility and fueling transparency. These proposals serve as an excellent starting point for legislation that would create a Vulnerabilities Equities Process with the force of law, formalizing and enforcing a presumption in favor of disclosure. VEP legislation should also: Mandate periodic reconsideration of any decision to retain a vulnerability; Require the government to publish the criteria used to decide whether to disclose; Require regular reports to summarize the process and give aggregate numbers of vulnerabilities retained and disclosed in a given period; Preclude contractual agreements that sidestep the VEP, as in the San Bernardino case, where the FBI apparently signed a form of non-disclosure agreement with the "outside party." The government should not be allowed to enter such agreements, because when the government buys a zero day, we should not have to worry about defending ourselves from a hostile state exploiting the same vulnerability. If tax dollars are going to be used to buy and exploit vulnerabilities, the government should also eventually use them to patch the security of affected systems, with benefits to all. Above all, formalizing the VEP will go a long way to reassuring the public, especially members of the technology industry, that the U.S. government takes its commitment to strengthening digital security seriously. Item 2: Preventing Disproportionate Use of Government Malware and Global Hacking Warrants EFF has also long been concerned about state-sponsored malware. It's at the heart of our suit against the government of Ethiopia. Even in the United States, when the government seeks court permission to use malware to track and surveil suspects over the Internet, it can endanger innocent users as well as general network security. A particularly egregious example is the Playpen case, involving an FBI investigation into a Tor hidden service that hosted large amounts of child pornography. The FBI seized the site's server and operated it as a honey pot for visitors. A single warrant authorized the FBI to install malware on any and all visitors' computers in order to breach the anonymity otherwise provided by Tor. By not specifying particular users—even though the list of users and logs of their activity was available to the FBI—the warrant totally failed to satisfy the Fourth Amendment requirement that warrants particularly describe persons and places to be searched. What's more, the FBI asked the court to trust that it would operate its malware safely, without accidentally infecting innocent users or causing other collateral damage. Once defendants began to be charged in these cases, the government staunchly refused to turn over certain information about how the malware operated to the defense, even under seal, arguing that it would compromise other operations. As a result, defendants are left unable to exercise their right to challenge the evidence against them. And of course, anyone else whose computer is vulnerable to the same exploit remains at risk. In these cases, the FBI flouted existing rules: the Playpen warrant violated both the Fourth Amendment and Rule 41 of the Federal Rules of Criminal Procedure. Other cases have involved similarly overboard uses of malware. EFF has been working to explain the danger of this activity to courts, asking them to apply Fourth Amendment precedent and require that the FBI confront serious threats like Playpen in a constitutional manner. We have also been leaders of a coalition to stop an impending change that would loosen the standards for warrants under Rule 41 and make it easier for the FBI to remotely hack users all over the world. Item 3: A "Title III for Hacking" Given the dangers posed by government malware, the public would likely be better served by the enactment of affirmative rules, something like a "Title III for Hacking." The legislative process should involve significant engagement with technical experts, soliciting a range of opinions about whether the government can ever use malware safely and if so, how. Drawing from Title III, the law should: Require that the government not use invasive malware when more traditional methods would suffice or when the threats being addressed are relatively insignificant; Establish strict minimization requirements, so that the targets of hacking are identified with as much specificity as the government can possibly provide; Include public reporting requirements so that the public has a sense of the scope of hacking operations; and Mandate a consideration of the possible collateral effects—on individuals and the public interest as a whole—on the decision to unleash malware that takes advantage of known or unknown vulnerabilities. Even if the VEP itself does not encompass publicly known vulnerabilities ("N-days"), using remote exploits should impose an additional requirement on the government to mitigate collateral damage, through disclosure and/or notice to affected individuals. The same principles should apply to domestic law enforcement activities and foreign intelligence activities overseen by the FISA Court or conducted under the guidelines of Executive Order 12333. Of course, these sorts of changes will not happen overnight. But digital security is an issue that affects everyone, and it's time that we amplify the public's voice on these issues. We've created a single page that tracks our work as we fight in court and pursue broader public conversation and debate in the hopes of changing government practices of sabotaging digital security. We hope you join us. Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
Since Pokemon Go launched last month, we've seen an endless stream of players oddly forget that "augmented reality" doesn't mean the rules of traditional reality no longer apply. Players have spent the last month playing the game in some admittedly "inappropriate" places, while wandering in and out of private property or unsafe areas in a quest to capture virtual monsters. This did, as you might expect, involve a slight learning curve for the nation's police departments as they slowly figured out what augmented reality was:Please don't try it out at 1 AM and walk into someones backyard to catch one. Please. Pretty please.#PokemonGO https://t.co/olEv6GipbS — Wyoming, MN Police (@wyomingpd) July 11, 2016 Please stay off the fishing pier. The Pokemon will hopefully be there when it reopens. Had calls about this already pic.twitter.com/KtnarsXPaE — Edmonds Police (@EdmondsPolice) July 10, 2016 Apparently fed up with the phenomenon (or just looking for a payday), a New Jersey man last Friday filed a lawsuit in California federal court against Niantic Labs and Nintendo. The 16-page complaint is quick to play up complaints about Pokemon Go players catching monsters in places like the Holocaust Memorial Museum, and says the game makers actively invited "unwanted incursions" on to private property when they populated reality with augmented reality monsters:"Niantic has encouraged Pokémon Go’s millions of players to make unwanted incursions onto the properties of plaintiff and other members of the class—a clear and ongoing invasion of their use and enjoyment of their land from which defendants have profited and continue to profit."The lawsuit is seeking class action status, an injunction and damages, disgorgement or other monetary relief. And it's no wonder; plaintiff Jeffery Marder's own experience with the game sounds utterly terrifying; involving five whole people politely knocking on his door to ask if they could capture monsters in his yard:"At least five individuals knocked on plaintiff's door, informed plaintiff that there was a Pokemon in his backyard, and asked for access to plaintiff's backyard in order to 'catch' the Pokemon. Defendants have shown a flagrant disregard for the foreseeable consequences of populating the real world with virtual Pokemon without seeking the permission of property owners."How the plaintiff survived such a harrowing ordeal is not spelled out in the complaint. Marder's lawyer and the law firm representing him (Jennifer Pafti of Pomerantz) have been busy on the class action front, having lead class actions against everyone from Fitbit to Etsy in recent years. For what it's worth, the guidelines for the game urge players to "not trespass, or in any manner gain or attempt to gain access to any property or location where you do not have the right or permission to be." So while potentially annoying, there's no actual harm being done by the game manufacturers, who at least make an effort to remind players that the rules of reality still apply in augmented reality games. Either the players are trespassing, harassing others and violating the law here in the real world -- or they aren't. There's (clearly) no law prohibiting people from being annoying or stupid, and while Mr. Marder's experience of having five people politely knock on his door certainly must have been traumatizing, it's a stretch to suggest Niantic and Nintendo are actively encouraging public stupidity.Permalink | Comments | Email This Story

Read More...