posted 25 days ago on techdirt
As you know, last week the FCC made a somewhat historic move, to vote to reclassify broadband internet access as a "Title II" telecommunications service, which allows the FCC to implement specific open internet rules that disallow things such as paid prioritization and blocking. This move has been rightly celebrated by many people. However, it is also being attacked by many others. Some of that is nothing more than spewing big broadband companies' talking points. Some of it is merely partisan bickering, as the "net neutrality" fight became ridiculously partisan, even though a vast majority of voters in both parties support net neutrality. That said, there are some legitimate concerns. They're not the ones that you're likely to hear about (other than on the margin), but rather fall under the fact that this is just one battle in a war that is far from over. So, let's take a look at some of the reasons to still remain quite vigilant in protecting a free and open internet: The details: Yes, as you may have heard, the fully detailed rules are not yet public. This is ridiculous and stupid, but it's the way the FCC operates. If it had released the detailed rules prior to the vote, it would have delayed the entire process. And, while dissenting commissioners Ajit Pai and Michael O'Rielly have been screaming about the travesty that the rules haven't yet been released publicly, what they conveniently leave out is that currently they are the sole reason for the delay. The FCC can't publish the final rules until the FCC has incorporated their dissents, and neither Pai nor O'Rielly have handed in their dissents. And, yes, there may be some devils in the details. One particular concern is the "general conduct rule." As the folks at EFF have warned, a vague "general conduct" rule allows the FCC to more or less reserve the right to examine practices of ISPs to see if they're "harmful to consumers." While that may sound good in practice, the vagueness of the rule could subject all sorts of perfectly reasonable practices to long and drawn out legal fights with the FCC. It's good that the FCC wants to be able to stop practices that are harmful to consumers, but if it's going to do that it should lay out directly what it believes to be harmful, rather than leaving things open to interpretation. There are some other unclear details as well: exactly how will the fight play out over "interconnection" which isn't directly a "net neutrality" issue (which is just focused on the last mile from the broadband provider to your home), but rather a way that the big ISPs accept traffic from service providers. The big broadband providers deliberately allowed those interconnection points to clog up in order to pressure service providers like Netflix to pay up. The new rules are likely to try to address that issue somewhat, but it's not entirely clear how. Another area of concern is how it deals with "zero rating" plans, whereby broadband providers let some traffic not count against a data cap. While the broadband providers argue that this is a consumer benefit, that ignores that they put the data cap on in the first place. Exempting users from your own anti-consumer practices isn't really consumer friendly. It sounds like the new rules will deal with these situations on a "case by case" basis as well, and that can be problematic. How worried should you be? Moderately worried, though the details still very much matter. While anti-net neutrality types are blathering on about tariffs and rate regulations that aren't happening, this is a legitimate concern that could tie up perfectly reasonable practices in uncertainty. Should you blame the new rules? Yup. This one is on the FCC. It sounds like the rules got a lot of stuff right, but this may be a push too far. It could have been much worse, but we should still be concerned about some possible problems with the rules and be vigilant about how they are interpreted and applied. The lawsuits: As you may have heard, pretty much everyone knows that someone is going to sue about the new rules. Last time around, Verizon sued (which was silly because it helped create the incredibly weak rules it sued over, and its "victory" in that case has resulted in these new stronger rules), and either it will sue again or AT&T or Comcast or some combination will sue this time. This will at least create some uncertainty over whether or not the rules will stick, and if the courts toss out these rules too, then we're back to square one -- and in a situation where it may be even tougher to protect net neutrality. How worried should you be? Moderately worried. While some anti-net neutrality folks insist that because the FCC lost lawsuits concerning its last two attempts to craft net neutrality rules, this time is pretty different. The court ruling in the last one more or less laid out this path. The reason it rejected the last rules was because it said the FCC was trying to introduce "common carrier" rules without classifying broadband as a common carrier. The new rules classify it as a common carrier, so it appears to be following the court's instructions. And, if it goes up to the Supreme Court, you can't tell for sure, but the court's earlier rulings have suggested that on this particular question it gives the FCC wide leverage in classifying broadband. And, in what may not make many Republican anti-net neutrality folks happy, Antonin Scalia was the most vehement in an earlier case arguing (in dissent) that broadband was obviously a Title II common carrier service. But... nothing is ever certain in the judicial process, and cases can come out with strange and surprising rulings. So it's entirely possible that we'll be back for another sort of battle three or four years from now. Should you blame the new rules? No. Verizon had indicated early on that it was likely to sue over any rules. While it backed down from that position after other broadband providers started stage whispering "shut up, Verizon..." it's still likely that some broadband provider somewhere would have sued over the new rules no matter what. So the legal uncertainty would have lingered. And, again, last year's ruling in the Verizon case more or less said that if you're going to issue these kinds of rules, you need to reclassify. It's likely that some of the legal challenges will argue that the FCC didn't follow the proper procedures in reclassifying, but that's a long shot given earlier rulings. Congress: Again, it's not at all clear why this has become a partisan issue when the public is all for net neutrality, but it is, in fact, now a partisan issue. And the party that is against net neutrality, the Republicans, has a majority in both houses of Congress. There is already an effort underway by Congress to modify the Telecommunications Act to put in place different "net neutrality" rules that are really just a smokescreen to simply strip the FCC of pretty much all authority to protect consumers against questionable broadband provider practices. Separately, Republicans in Congress have already started to make moves to delay the implementation of the new rules, including demanding that FCC boss Tom Wheeler show up for a hearing to explain himself (seriously). In theory, it would be better to have a clearer law drafted by Congress, rather than having the FCC make the final decision on this thing, but that theory relies on a competent Congress that obeys the will of the people, rather than special interests. Stop laughing. And, of course, you never know how everything will get twisted around later. As Tim Lee at Vox recently noted, it was the Republicans who rewrote the Telecommunications Act in 1996 that pretty clearly intended for broadband to be classified as a Title II service, which they're now freaking out about. How worried should you be? Moderately worried. The new rules have certainly shifted the baseline in one direction such that it would be difficult for Congress to completely undermine an open internet in new rules without setting off massive public backlash. But it can still do some damage. That's perhaps more difficult with an open internet supporter in the White House, but it could flip. Should you blame the new rules? No. The new rules have actually been helpful here. Even if the current proposed change to the Telecommunications Act is a joke, it's much, much, much more friendly towards an open internet than what was being talked about just a few months ago. Furthermore, Congress can change as well and can pass new laws at another time also. There's always the risk that Congress will propose a rewrite to the Telecommunications Act, with or without these rules. But with these new rules in place, it actually may be more difficult to get Congress to completely shift things away from a more open internet. The next FCC: One of the key talking points among anti-net neutrality types is that if this FCC can just make this decision to reclassify, the next one (especially under a Republican president, in which the balance of the FCC would shift to 3 to 2 Republicans to Democrats as commissioners) could just flip it back. Current Republican commissioner Ajit Pai's big filibuster of a speech at the open meeting last week appeared to be his pitch to become the next head of the FCC. And, of course, there's the argument in the other direction, which is that a new FCC with a Democratic majority might go even further with the new rules, and bring back all the "bad stuff" in Title II like rate regulations and tariffs. How worried should you be? Not that worried. Despite what some say, it's not that easy to just flip this switch. Note that this process alone has taken basically a year. The FCC has to propose the rules and allow for the slew of comments and then go through this entire process again before it can switch the rules again. It could happen, but by the time it does we'd already be under the existing rules for some time, and when the predicted "harms" of the new rules don't come to pass, the scare stories from anti-net neutrality types won't be even remotely believable. As for the idea that a new FCC might bring back rate regulations and tariffs, that seems ridiculously unlikely. At this point you have basically no one who supports such an idea -- either on the FCC or in the public. The FCC would have to go through a whole new proposal/comment period on such an idea, and it would be so astoundingly unpopular that it's difficult to see it getting anywhere at all. Should you blame the new rules? Nope. The FCC is going to flip flop back and forth based on the party in the White House anyway, and all the talk claiming the FCC has become "more partisan" is a lot of bunk. There have long been fights along party grounds on certain issues, and that won't change. The lack of competition: This probably remains the largest ongoing issue in the fight for an open internet. For years we've been arguing that the attack on net neutrality is really just a symptom of the lack of competition in the market, and that's still true today. Beyond the new rules, if we want to really protect an open internet, we need much more competition. It's notable that the new rules do not (as some wanted) include unbundling requirements, which would have made infrastructure providers let other service providers buy access wholesale to resell, creating competition at the service level (rather than at the network level). Many other countries have this type of unbundling, and it's resulted in a much more competitive broadband market in those places. This is also why the FCC's other vote last week may turn out to be the bigger deal. This was the FCC's decision to preempt state laws (generally written by the broadband providers themselves) that blocked municipalities from offering up municipal broadband. Municipal broadband is not a panacea, and there have been some notable failures. However, there are plenty of success stories as well, including some impressive ones in which communities join together to create a strong broadband offering where the giant legacy players have failed to keep up. Separately, we're finally starting to see third parties jump into the market. Lots of people point to Google Fiber, but that's just one of a few new and growing entrants. And many of those smaller providers have both embraced the FCC's new rules and pointed out that with those new rules, they may be able to deploy their services more widely, since it will help them get access to things like telephone poles that were blocked in the past. On top of that, while in the past, alternative means of broadband were more hype than reality, the technology for air-based broadband (from wireless systems, satellites, drones, balloons and blimps) is getting rapidly better and may offer a legitimate third-party option. Those technologies are all getting a lot cheaper as well, so it's entirely possible that we could get more significant competition in the future -- especially if there's more open spectrum available. How worried should you be? Absolutely worried. The lack of competition is the real travesty in all of this, and while you can be hopeful about some of the things coming down the road that should add to the competitive market, for many of us, there are almost no competitive choices for broadband. Should you blame the new rules? Nope. Some anti-net neutrality types are trying to argue that the new rules will reduce competition, but it's hard to find any evidence to support that. Enough small, independent and third-party broadband providers have come out in support of the new rules that it's difficult to take seriously the complaint that it will discourage those competitors from entering the market. They seem to be arguing exactly the opposite. The games Comcast/Verizon/AT&T will play: When it became clear that there were going to be open internet rules of some sort on the last mile, all of the big broadband providers played the interconnection trick, letting their interconnection points with Netflix clog up in order to get the same result it wanted in the first place: get the internet companies to pay extra to reach its users, even as everyone is already paying for their own bandwidth. And, lately, there have been various games around "zero rating" in which the broadband players (mainly on the wireless side) pretend that they're offering a "consumer benefit" by exempting certain traffic from the unnecessary data caps that the broadband providers themselves set up. It seems quite likely that even with the new rules, the big broadband providers will look for loopholes and other tricks to try to chip away at an open internet, allowing it to put toll booths into the internet stream. That's been their focus for a decade now, and it's unlikely that they're going to give up now. The big broadband providers simply hate the idea of just being "dumb pipes" and feel like they need to extract extra money for all of the activity happening on those pipes. It's not clear how they'll plant to get around the rules, but it seems inevitable. How worried should you be? Somewhat worried. The big broadband players are incredibly crafty at trying to figure out loopholes and ways through the rules. The interconnection and zero rating cases are just two examples, and both were pretty clever. The zero rating one was particularly clever in that they could pretend to be "consumer friendly" by protecting you from the anti-consumer rules that they themselves set up. It's kind of brilliant in how evil it is. The problem here is that we just don't know what form this attack is likely to take, but it's definitely going to happen. Should you blame the new rules?: No. The big broadband players have been playing these games for ages, and the new rules actually do make it much more difficult for them to play at least some of these games. That's why last week was a victory for the open internet. It should be noted that some net neutrality critics are running around and claiming that these new rules mean the death of the internet, and will lead to the government deciding what content and services are allowed on the internet. If true, that would be an attack on the open internet, but it's simply not true. Don't worry too much about it. That's just FUD. The reality is that last week was a victory, but it's hardly the end of the fight to protect the open internet. There are some legitimate concerns about both the rules that were passed, as well as the actions that others (including Congress, the FCC and broadband players) may take in the future. And we need to be vigilant about all of this in order to make sure that the internet remains open and free.Permalink | Comments | Email This Story

Read More...
posted 25 days ago on techdirt
So the whole Hillary Clinton email story is getting worse and worse for Clinton. We already noted that there was no way she couldn't have known that she had to use government email systems for government work, as there was a big scandal from the previous administration using private emails and within the early Obama administration as well. This morning we discovered that Clinton also gave clintonemail.com email addresses to staffers, which undermines the argument made by Hillary's spokesperson that it was okay for her to use her own email address because any emails with staffers would still be archived by the State Department thanks to their use of state.gov emails. But that's clearly not the case when she's just emailing others with the private email addresses. As we noted yesterday, there are two separate key issues here, neither of which look good for Clinton. First, is the security question. There's no question at all that as Secretary of State she dealt with all sorts of important, confidential and classified information. Doing that on your own email server seems like a pretty big target for foreign intelligence. In fact, Gawker points out, correctly, that Hillary's private email address was actually revealed a few years ago when the hacker "Guccifer" revealed the inbox of former Clinton aide Sidney Blumenthal. So it was known years ago that Clinton used a private email account, and you have to think it was targeted. Anonymous State Department "cybersecurity" officials are apparently shoving each other aside to leak to the press that they warned Clinton that what she was doing was dangerous, but couldn't convince her staff to do otherwise: “We tried,” an unnamed current employee told Al Jazeera. “We told people in her office that it wasn't a good idea. They were so uninterested that I doubt the secretary was ever informed.” The AP has a somewhat weird and slightly confused article detailing the setup of the email system, but seems to imply things that aren't clearly true. It was unclear whom Clinton hired to set up or maintain her private email server, which the AP traced to a mysterious identity, Eric Hoteham. That name does not appear in public records databases, campaign contribution records or Internet background searches. Hoteham was listed as the customer at Clinton's $1.7 million home on Old House Lane in Chappaqua in records registering the Internet address for her email server since August 2010. The Hoteham personality also is associated with a separate email server, presidentclinton.com, and a non-functioning website, wjcoffice.com, all linked to the same residential Internet account as Mrs. Clinton's email server. The former president's full name is William Jefferson Clinton. While Eric Hoteham may be a mysterious non-entity, as Julian Sanchez points out, an early Clinton staffer was named Eric Hothem. Of course, Stanford cybersecurity guru Jonthan Mayer also notes that Hillary's old home server is still online and running Windows Server 2008 R2. However, the AP reports that the email has moved around a bit over the past few years: In November 2012, without explanation, Clinton's private email account was reconfigured to use Google's servers as a backup in case her own personal email server failed, according to Internet records. That is significant because Clinton publicly supported Google's accusations in June 2011 that China's government had tried to break into the Google mail accounts of senior U.S. government officials. It was one of the first instances of a major American corporation openly accusing a foreign government of hacking. Then, in July 2013, five months after she resigned as secretary of state, Clinton's private email server was reconfigured again to use a Denver-based commercial email provider, MX Logic, which is now owned by McAfee Inc., a top Internet security company. That likely means the email was much more secure after July of 2013, but it certainly raises questions about how secure it was for years before that. Though, we do know that it was secure from one thing: FOIA requests. That is the second of the two big issues raised by this whole thing. By using her own email setup, she was clearly able to hide important documents from FOIA requests. In fact, as Gawker notes, her staff's defense of the use of her private email, actually now confirms emails as legit that the State Department denied existed back when Gawker made a FOIA request years ago. That's because following that Guccifer hack, Gawker filed a FOIA for those emails and was told they don't exist. Yet, now Clinton staffers point to that old Gawker article to suggest that the private email address is "old news," thus confirming that the emails were legit, even though the State Department denied them. The Clinton camp’s claims about the email account being above-board is also contradicted by the State Department’s response to Gawker’s inquires two years ago. After we published the story about Blumenthal’s correspondence with Clinton, we filed a FOIA request with the agency for all correspondence to date between Hillary Clinton and Sidney Blumenthal, specifically including any messages to or from the hdr22@clintonemail.com account. The screenshots and other documents released by Guccifer—which have now been validated by Clinton’s spokesman—confirmed that such messages existed. But the State Department replied to our request by saying that, after an extensive search, it could find no records responsive to our request. That is not to say that they found the emails and refused to release them—it is conceivable, after all, that the State Department might have attempted to deny the release of the Clinton-Blumenthal correspondence on grounds of national security or Blumenthal’s own privacy. Instead, the State Department confirmed that it didn’t have the emails at all. Which is exactly why Clinton used a non-State Department email server to conduct her official business. According to the NY Times, the State Department says that it won't go back to correct the FOIA requests that it responded to in the past, saying that such records didn't exist. Instead, it will only now search the emails that have been turned over by Clinton's staff. That is another 50,000 emails, but no one knows what emails the staff removed or refused to turn over. Either way, there are two huge problems here. Clinton likely exposed her emails to foreign spies, while keeping them away from the American public.Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
As you may have heard, the law enforcement and intelligence communities have been pushing strongly for backdoors in encryption. They talk about ridiculous things like "golden keys," pretending that it's somehow possible to create something that only the good guys can use. Many in the security community have been pointing out that this is flat-out impossible. The second you introduce a backdoor, there is no way to say that only "the good guys" can use it. As if to prove that, an old "golden key" from the 90s came back to bite a whole bunch of the internet this week... including the NSA. Some researchers discovered a problem which is being called FREAK for "Factoring RSA Export Keys." The background story is fairly involved and complex, but here's a short version (that leaves out a lot of details): back during the first "cryptowars" when Netscape was creating SSL (mainly to protect the early e-commerce market), the US still considered exporting strong crypto to be a crime. To deal with this, RSA offered "export grade encryption" that was deliberately weak (very, very weak) that could be used abroad. As security researcher Matthew Green explains, in order to deal with the fact that SSL-enabled websites had to deal with both strong crypto and weak "export grade" crypto, -- the "golden key" -- there was a system that would try to determine which type of encryption to use on each connection. If you were in the US, it should go to strong encryption. Outside the US? Downgrade to "export grade." In theory, this became obsolete at the end of the first cryptowars when the US government backed down for the most part, and stronger crypto spread around the world. But, as Green notes, the system that did that old "negotiation" as to which crypto to use, known as "EXPORT ciphersuites" stuck around. Like zombies. We'll skip over a bunch of details to get to the point: the newly discovered hack involves abusing this fact to force many, many clients to accept "export grade" encryption, even if they didn't ask for it. And it appears that more than a third of websites out there (many coming from Akamai's content delivery network -- which many large organizations use) are vulnerable. And that includes the NSA's own website. Seriously. Now, hacking the NSA's website isn't the same as hacking the NSA itself, but it still seems notable just for the irony of it all (obligatory xkcd):

Read More...
posted 26 days ago on techdirt
A few Florida legislators are looking to do some serious damage to both free speech and the internet. This week, the Florida state legislature is considering a bill that would make it illegal to run any website or service anonymously, if the site fits a vague category of “disseminat[ing]” “commercial” recordings or videos—even the site owner’s own work. Outlawing anonymous speech raises a serious First Amendment problem, and laws like this one have been abused by police and the entertainment industry. The bill (Senate and House versions) seems to be catering directly to the entertainment industry and could give local law enforcement City of London Police-esque powers to act as de facto copyright cops. And its potential stripping of anonymity not only requires disclosure to law enforcement, but everyone else on the web. A person who owns or operates a website or online service dealing in substantial part in the electronic dissemination of commercial recordings or audiovisual works, directly or indirectly, to consumers in this state shall clearly and conspicuously disclose his or her true and correct name, physical address, and telephone number or e-mail address on his or her website or online service in a location readily accessible to a consumer using or visiting the website or online service. Do-it-yourself doxxing! What could possibly go wrong? Handing over your personal information to complete strangers always works out so well. The bill seems only concerned with giving rights holders easier access to potential infringers (still problematic), completely ignoring the unintended consequences of forcing certain site owners to hand out their personal information proactively, rather than only by law enforcement subpoena or court order. On top of that, there's the vagueness of the language. "Directly or indirectly" can mean a lot of things -- like links to alleged infringement elsewhere on the web. And it would potentially force any number of site owners worldwide to give up their anonymity. The bill isn't limited to sites/site owners residing in Florida. All it says is "electronic dissemination… to consumers in this state." If a website can be accessed from Florida, it conceivably falls under the jurisdiction of this proposed law. This would give the Grady "Showboat" Judds of Florida law enforcement all the reason they need to send ad hoc anti-piracy task forces all over the US to shut down infringing sites. Even if the damage was solely confined to Florida, it would still be a bad idea. Similar “true name and address” laws in other states have been used to justify police raids on music studios. In 2007, a Georgia police SWAT team (with RIAA employees in tow) raided the studio of DJ Drama and DJ Cannon, makers of influential “mixtapes” that record labels used to promote their artists. The police arrested the DJs and confiscated their CDs and equipment. Their justification wasn’t copyright law (which is a federal law) but a more limited version of the same law Florida is considering, one that applies only to physical goods. If Florida expands on Georgia’s law by including websites, we could see similar police raids against music blogs or other avenues of online speech. And the works on the site might even be in the public domain, as long as some “owner, assignee, authorized agent, or licensee”—perhaps a broadcaster—complains. If there is a bright side to this proposed law, it's that it doesn't gut Section 230 protections and contains the smallest of nods towards Fair Use. But that's it. Otherwise, it's a mess -- a bill designed to expedite the pursuit of infringers at the expense of free speech and online anonymity. Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
There has been quite a kerfuffle around the apparent fact that Hillary Clinton solely used her personal email account for government business. This piqued my curiosity, especially since I've been playing with a service called Conspire lately. Conspire is a startup that analyzes your email and then seeks to provide you with an email chain with which to introduce you to the desired person. So, say I wanted to email my current business crush, Marcus Lemonis, Conspire's system found a path with which I could ask for an introduction. In my case, my friend Espree could email her friend Nathan for an introduction to Marcus. Neat. I can definitely see how Conspire could become a useful tool, albeit one that raises some very interesting privacy questions. So, I looked for Hillary Clinton's now famous hdr22@clintonemail.com email address in Conspire. No luck. Conspire is still growing, so I suppose it makes sense that none of its members have yet to email Hillary. But then I tried just the clintonemail.com domain in the search, and got one hit. Huma Abedin, Hillary's long-time aide, had an email address with the clintonemail.com domain in Conspire's records. Unfortunately, I have no connection path to Ms. Abedin, so I can't ask the system to facilitate an introduction, but it is fascinating. What other Clinton staffers were using email addresses at the clintonemail.com domain? Seems like at least one was. To be fair, Abedin not only was Clinton's deputy chief of staff in the State Department, but she also continued to work for Clinton after Clinton left office. It is possible that she only got the email address after leaving the government, but it certainly raises some serious questions about whether or not other State Department staffers were provided private clintonemail addresses to avoid transparency requirements. In fact, Politico is reporting specifically that Abedin and other staffers used non-government email addresses while in the State Department, which suggests the clintonemail address may have come earlier: Clinton’s personal aide, Huma Abedin, and her communications adviser, Philippe Reines, regularly used unofficial email accounts for work-related email, former colleagues said. This also makes me wonder what other new communications mediums our government officials are using. Could world leaders be SnapChatting each other? Or perhaps sending international YO's? Or trolling each other on YikYak? And, if they are, are they complying with records retention laws? Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
With the abuses of asset forfeiture being loudly publicized, there has (finally) been some legislative pushback against these abusive programs. Wyoming's legislators -- hoping to institute asset forfeiture reform -- ran into pushback themselves from the state's governor, who vetoed the popular bill (which passed out of the Senate with an 80-9 vote) when it hit his desk. Governor Matt Mead explained his reasons for doing so in a letter to the Senate president Phil Nicholas. According to Mead, he didn't agree that Wyoming has an asset forfeiture problem and saw no reason to curtail a program that is (supposedly) so effective in fighting the Drug War. Now, while Wyoming hasn't made splashy headlines with bogus busts, it's more likely due to the limited population than better laws or better law enforcement. Mead's letter explaining his veto contains three examples he feels prove Wyoming is better-behaved than most when it comes to separating citizens from their possessions. But none of those are particularly persuasive. One deals with $17,000 being returned after "procedural safeguards" were ignored. The other two simply assume the seizure of funds was completely justified, even though no corresponding conviction is noted in his explanation. In one case, a car owner denied knowing whose $327,000 was found in his vehicle. Fully justified, of course, because as Mead explains, the seized funds were spent "to enforce drug laws." In the other case, $415,000 was found in a vehicle being carried on a semi trailer full of vehicles. This, too, was taken and the seizure fully justified because the money was obviously evil in and of itself. Here's Mead's actual sentence explaining what happened to these funds. "The money was taken out of circulation so it could not be used for other illegal activity." Stupid money. It's like it's a troubled teen in need of a grounding. "Don't let it out! It will probably just do illegal things!" Not cited: the "illegal activity" prompting the seizure of the funds in either case. The reform bill didn't ask for much -- just a conviction to go with every seizure -- but that was still too much for Mead, who still carries inside him the beating heart of a long-term prosecutor. To him, these means are perfectly acceptable because drugs are a problem. Case closed. That's likely one of the factors playing into the deployment of his otherwise seldom-used veto power. This is the other: a meeting with the Wyoming Association of Sheriffs and Police Chiefs -- which occurred three days before the veto. I enjoyed meeting w/ the WY Assoc.of Sheriffs & Chiefs of Police.Thanks for serving & protecting the citizens of WY. pic.twitter.com/TRzgXcMyru — Governor Matt Mead (@GovMattMead) February 14, 2015 Beyond all that, Mead simply believes asset forfeiture is a law enforcement tool that simply cannot be questioned. I believe civil asset forfeiture is important and it is right. Too "right" to be even slightly curtailed by the addition of a small but logical stipulation: a conviction of the assets' owner before the assets can be claimed. Mead prefers the way it's been done for years: assets are presumed guilty, the burden of proof rests on those whose assets have been seized and anything not clearly associated with any criminal activity can still be repurposed to fight the Everlasting War on Drugs. Wyoming may not have a history of forfeiture abuse, but it makes no sense not to head off a problem before it becomes one. Everything about its current program lends itself to abuse. Wyoming has horrible civil forfeiture laws, with an F law grade. The state’s final grade is pulled up to a C only by limited use of equitable sharing (an evasion grade of A) to date. The government can seize and subsequently forfeit property with just probable cause that it is subject to forfeiture. This is the lowest standard, far easier for the government than proving criminal guilt beyond a reasonable doubt. A property owner who wishes to claim an innocent owner defense bears the burden of proof, effectively making owners guilty until proven innocent. All of the proceeds from civil forfeiture are distributed to the state Attorney General’s asset fund. In turn, those funds are used as matching funds for federal drug enforcement grants. Finally, although officials are required to collect information on the use of forfeiture, they did not respond to requests. Gov. Mead's view of this program is rosy to the point of blindness. But that's the sort of thing we expect from career prosecutors who question very little if anything about the law enforcement under their purview and who wholeheartedly support strong drug enforcement tactics. Mead may not see any abuse occurring, but I get the feeling he's not looking too hard. Considering how low the bar is set in terms of burden of proof, you'd have to do some serious digging to find seizures not justified by this barely-there requirement. And, considering the funds flow into Mead's former office, I would imagine he's in no hurry to find anything that might threaten the state's revenue stream, or its attendant matching funds grants from the US government. Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
Researchers can program computers to play all kinds of games and even beat the best humans at them. So far, we're not worried about AI that can beat us at chess or Jeopardy, but maybe we'll be more worried when a computer can program another computer to play chess at a grandmaster level. Luckily, there's at least one billionaire willing to chip in a few million bucks to try to keep Terminators from destroying humanity. Google DeepMind has created software that can play old Atari games without humans teaching it how to play -- and the AI plays 22 out of 49 games better than expert human players. Those Atari games are more difficult than you might think, but it's not hard to imagine that humans will be no match for AI playing Pac-man in the near future. [url] A Civilization V match pitted 42 computer-controlled players against each other. It wasn't an endless match (sorry, no Wargames conclusion), and a winner of this "Battle Royale" emerged after 179 turns. [url] Flappy Bird is a pretty hard game for humans to play, but a robot can play it without getting tired or frustrated. It's not exactly a breakthrough in robotics, but this bot demonstrates a big difference in how computers play video games. [url] If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
Well, this is disappointing. Back in September, we were happy to see both Apple and Google announced that their mobile platforms would be encrypted by default (for local storage, not for data transmissions), which has kicked off something of a new round of Crypto Wars, as law enforcement types have shoved each other aside to spread as much possible FUD about the "dangers" of mobile encryption (ignoring that they also recommend mobile encryption to keep your data safe). However, as Ars Technica reported earlier this week, it appears that while Google is encrypting by default on its own Nexus phones that have the latest Android (Lollipop), it slightly eased back the requirements for its OEM partners such as Motorola and Samsung who make their own devices. Default encryption is now "very strongly RECOMMENDED" rather than required. And even with that "very strong RECOMMENDATION," it appears that neither Samsung or Motorola are enabling default encryption on its latest devices. While some will likely jump to the conclusion that law enforcement pressure is at work here, a much more likely explanation is just the performance drag created by encryption. Last fall, Anandtech did some benchmarking of the Nexus 6 both with encryption on and off, and as the site itself says, the results are "not pretty." Given the competitive market, there's a decent chance that the big phone manufacturers didn't want to get bad benchmark ratings when phones are compared, and those made the decision to go against the "very strong recommendation." Hopefully this gets sorted out quickly, as phonemakers can optimize new phones for encryption. And, honestly, as the Anandtech report itself notes, these benchmarks are basically meaningless for real world performance: The real question we have to ask is whether or not any of these storage benchmarks really matter on a mobile device. After all, the number of intensive storage I/O operations being done on smartphones and tablets is still relatively low, and some of the situations where NAND slowdowns are really going to have an effect can be offset by holding things in memory. But, it appears, while mobile phone makers don't want to take the chance of bad benchmarks hurting their reputation, they're less concerned about leaving consumers' data exposed. It's disappointing that this is where things are today, after so much focus on default encryption just a few months ago, but hopefully it's just a temporary situation and we'll get to default encryption very, very soon.Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
We lost one of the "good guys" when Magistrate Judge John Facciola retired late last year. Facciola was a leading figure in the small -- but important -- "Magistrates' Revolt" that emerged in the wake of the Snowden leaks. Multiple times the government approached Facciola for a signature on overly-broad warrants seeking the entire contents of a phone or an email account, only to find the judge unwilling to help it pack for its fishing trip. More than once, the government was forced to rewrite its requests, and on one memorable occasion, it went "judge shopping" in hopes of obtaining the signature Facciola wouldn't give it, only to be rebuffed by the unamused judge on the opposite coast. Zoe Tillman of the National Law Journal has a fascinating interview with the retired judge. Facciola was one of the few magistrates who actively attempted to understand the legal nuances inherent to today's interconnected world. According to Facciola, magistrate judges who allow technological advances to pass them by aren't doing the public any favors by not staying current. Law enforcement has moved on, and it's tough to act as a check against overreach if you don't understand the subject matter. The mental image of investigators dusting for fingerprints and tossing suspects' residences is completely outdated. Investigative work now involves -- almost exclusively -- more ethereal methods. When asked how his job had changed since he took his post in 1997, Facciola responded: [I]n March 2012, my criminal month, at the end of the month I realized something: I had not issued a warrant or an order for anything that was tactile. Everything I issued was for some form of electronically stored information. Whether it was a Facebook account or cell site information. You almost look forward to the day when a guy will just want to break a door down and go in and get cocaine. Those days are gone forever apparently. This would explain law enforcement's outspoken opposition to any form of electronic encryption. Today's law enforcement agencies seemingly have little stomach for old-fashioned police work. Searching something "tactile," like a suspect's residence, is almost always an afterthought. These agencies would rather dig through every communication they can obtain before they even think about utilizing methods that have worked for years. (And default mode for today's law enforcement has shifted the approach to physical searches as well. Increasingly, handling the "tactile" means going "tactical" with no-knock warrants, military rifles, full body armor, repurposed mine-resistant vehicles and a hell of a lot of guys shouting contradictory instructions/firing weapons in contradictory directions within moments of the "breach.") This nearly-exclusive focus on digital searches poses a problem for the magistrates charged with vetting warrants for Constitutionality, not the least of which are the outdated laws and guidelines governing searches of citizens' communications and data. And this can't be fixed by the courts themselves. [T]he problem is not a judicial one, the problem is Congress has not looked at the Stored Communications Act since 1986. My gosh. 1986. [...] If you look at the opinions about the Stored Communications Act, they are some of the most complicated opinions you will see because it's a classic example of the square peg not fitting in the round hole… There [is] out there a lot of wonderful thinking about how the act could be amended to bring it kicking and screaming into the 21st century. But no movement by Congress. That's deeply troubling. Not that the judicial system hasn't tried. It's just that the conclusions are still unclear and mainly deal with warrantless searches. The Sixth Circuit Court ruled that email contents are covered by the Fourth Amendment, contrary to the claims of those who rely on the outdated SCA. The Supreme Court had a chance to weigh the SCA against the Fourth Amendment in 2010, but chose to carefully avoid the subject. So, if it's to be fixed, it's up to Congress, and there is only a very slim chance that it will be willing to alter a law so thoroughly exploited by law enforcement and intelligence agencies, even given the events of the past couple of years. Particularization is what's needed in the digital realm, according to Facciola, but that's clearly not what the government wants. It wants to dump peoples' computers and devices on the metaphorical carpet and root through the pile until it finds what it's looking for. (Or, as has happened frequently, find something it wasn't looking for and pursue that angle instead/in addition, occasionally necessitating additional warrants.) Particularized searches of ethereal contents is easier said than done, especially when one half of the parties involved has no interest in limiting its searches. Facciola has suggested searches of this type be handled by the third party that holds the data, but that has been shot down by other judges as "impractical." Facciola additionally suggests wholly separating the search team and the evidence review team (using a "Chinese wall") to help assure the search won't exceed the limitations provided by the warrant. The last resort is still the front line, however. The third solution… is more careful supervision of the conduct of the search by the magistrate judge. That's where Facciola fit in. He challenged the government on its broad search requests and forced it to reconsider its tactics. Unfortunately, there's usually been another judge willing to grant warrants that don't meet the standards of more demanding magistrates. In his parting comment, Facciola points out that judges aren't the only technologically-resistant participants in the judicial system. Those on the other side of the bench have their issues as well. We have to get across to lawyers that they really have to read outside of their fields. Every day I read the tech section of The New York Times. I find almost every article has to do with the law. And that's an important thing. I learned from [a law professor] that — did you know this? — the telephone was in existence for 10 years before lawyers started to use it. They thought it was beneath their dignity. You wondered, did they use the elevator?Permalink | Comments | Email This Story

Read More...
posted 26 days ago on techdirt
At this point, we probably don't need any more evidence that the emergence of publicity rights and its conflation with other forms of intellectual property, such as copyright, is a festering cancer in our culture that we'd do well to excise post-haste. Still, necessity isn't the mother of these stories that keep on a-coming anyway. The most recent example of how stupid this all has become is a small Connecticut town taking down a donated painting that includes an image of Mother Teresa over intellectual property concerns. More frustrating is how neutered the press covering the issue is in competently discussing the validity of the issues being raised. Trumbull officials have temporarily removed artwork displayed at the public library over concerns that the use of Mother Teresa's image in the painting infringes on copyright. The painting, which Dr. Richard Resnick donated to the library, shows Mother Teresa and other women marching, holding signs that say messages including "Planned Parenthood," "Mission of Charity," "Feed the Poor," "Remember The Ladies," "Hospital Reform" and "Right to Vote," among others. Let's get the easy stuff out of the way. Resnick had ownership of the painting when he donated it. There wouldn't be a valid copyright claim here even if the original artist was among those raising the issue, which doesn't appear to be the case. The library has every right to display the image. There aren't any copyright questions at all. All the reports this author has seen identify only "independent organizations" as claiming there is a copyright issue here at all. Should the actual claims center instead on publicity rights instead of copyright, that claim, too, would fail. First, there is no commercial use here. It is a painting rightfully owned and then donated to a municipality. Mother Teresa is a public and historical figure. And, again, there has been no indication that the estate of Anjeze Bojaxhiu, commonly known as Mother Teresa of Calcutta, is among those raising the issue. There is simply no applicable intellectual property concern here. However, it seems that everyone involved (perhaps including the reporter) has no clue about any of this: "Our initial research has shown that there is a doctorate of ‘Fair Use’ which allows a party to depict even someone of a public nature when it’s not designed for any commercial purpose," he explained. It would be nice to be able to get a "doctorate" in "fair use" but it's likely the guy means (or even said) "doctrine." And while "commercial purpose" may have an impact on a fair use analysis it's not the only factor. But, more importantly, fair use isn't even an issue here because there's no copyright issue at all. Which, of course, hasn't precluded Trumbull from pulling the painting proactively. The town opted to remove the painting because the library lacks a written agreement with Resnick to protect the town against "any potential liability" from the copyright violation allegation, Herbst said. “After learning that the Trumbull Library Board did not have the proper written indemnification for the display of privately-owned artwork in the Town’s library, and also being alerted to allegations of copyright infringement and unlawful use of Mother Teresa’s image, upon the advice of legal counsel, I can see no other respectful and responsible alternative than to temporarily suspend the display until the proper agreements and legal assurances are in place,” Herbst said in a written statement. And, so, until such a time as the town and the donor can formalize a written agreement protecting themselves against all of this stupidity, stupidity prevails. It's hard to fault Trumbull officials too much for getting their protective documentation in place, I suppose. This is America, after all, the land of the lawsuit. Still, it's a tough pill to swallow to see a public entity bow even temporarily to the pressure of outside parties that have no standing, or apparent familiarity with the actual legal statutes they're pushing. Because, while none of the reports are naming the "independent organizations", everyone pretty much knows what's going on here. Resnick's attorney explains it nicely. Elstein speculates that the controversy may have more to do with Catholic leaders' recent objections to Mother Teresa being depicted alongside a woman holding a "Planned Parenthood" sign. Ah, so again intellectual property gets used to silence speech. Anyone still want to pretend that copyright and publicity rights aren't the favored tools of censors everywhere? Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
As you may have heard, the latest political "scandal" involving a major Presidential contender comes via the NY Times reporting that when Hillary Clinton was Secretary of State, she refused to have a government email address, and conducted all her work via a personal email account. Hillary Rodham Clinton exclusively used a personal email account to conduct government business as secretary of state, State Department officials said, and may have violated federal requirements that officials’ correspondence be retained as part of the agency’s record. Mrs. Clinton did not have a government email address during her four-year tenure at the State Department. Her aides took no actions to have her personal emails preserved on department servers at the time, as required by the Federal Records Act. This is dumb on many, many levels and there appears to be no excuse for it happening. First off, using a personal email as Secretary of State seems like a massive privacy and security risk. While one hopes that there was at least some attempt to better secure her personal account by government security experts, it's still almost certainly less secure. Given how much sensitive information the Secretary of State has to deal with, it seems inexcusable that she was allowed to conduct official business via her personal account. That to me seems like an even bigger deal than the part that everyone else is focused on: the failure to preserve her emails as required by law. Of course, the failure to preserve the emails is a big deal as well. But here's the really stunning thing: there is simply no way that Clinton and others in the administration didn't know that she was supposed to be using a government email address and preserving those emails. That's because both the previous administration and others in her own administration got in trouble for using personal email addresses. As Vox notes, towards the end of the Bush administration there was a similar scandal involving a variety of high level administration members using personal email to conduct government business and to avoid transparency requirements. That scandal unfolded well into the final year of Bush's presidency, then overlapped with another email secrecy scandal, over official emails that got improperly logged and then deleted, which itself dragged well into Obama's first year in office. There is simply no way that, when Clinton decided to use her personal email address as Secretary of State, she was unaware of the national scandal that Bush officials had created by doing the same. That she decided to use her personal address anyway showed a stunning disregard for governmental transparency requirements. Indeed, Clinton did not even bother with the empty gesture of using her official address for more formal business, as Bush officials did. But that's not all. What the Vox report doesn't note is that the scandal actually carried over to the Obama administration also, as the White House's first Deputy CTO was reprimanded for using his personal email address as well, early in 2010. So there was both a scandal about the similar use of private email accounts in the previous administration and in the Obama administration. It's impossible to believe that Clinton or the other key people who worked for her in the State Department were unaware of one or both of these issues while she was using her personal email address. While the White House's email system may be clunky and annoying to use (as I've heard repeatedly), there's simply no excuse for Clinton not to have used it at all -- and for the emails she did send not to be preserved as required under the law. A few years ago, we mocked Homeland Security boss Janet Napolitano for refusing to use email entirely -- though at least she was upfront about the reason. She didn't want to be held accountable for what she said -- though, the reality was she would still have staff members send emails for her. Clinton appears to have wanted to be free of that accountability as well, but to still have the benefits of direct electronic communication herself. In short, she purposely ignored the law for her own benefit.Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
A small crack in the FBI's Stingray secrecy has appeared. A 2012 pen register application obtained by the ACLU was previously sealed, but a motion to dismiss the evidence obtained by the device forced it out into the open. Kim Zetter at Wired notes that the application contains a rare admission that Stingray use disrupts cellphone service. [I]n the newly uncovered document (.pdf)—a warrant application requesting approval to use a stingray—FBI Special Agent Michael A. Scimeca disclosed the disruptive capability to a judge. “Because of the way, the Mobile Equipment sometimes operates,” Scimeca wrote in his application, “its use has the potential to intermittently disrupt cellular service to a small fraction of Sprint’s wireless customers within its immediate vicinity. Any potential service disruption will be brief and minimized by reasonably limiting the scope and duration of the use of the Mobile Equipment.” Notably, the application (and the magistrate's approval) do not refer to the device by any of the common names (Stingray, IMSI catcher, cell tower spoofer, etc.), but rather as "mobile pen register/trap and trace equipment." While it does admit the device will "mimic Sprint's cell towers," it downplays the potential impact of the device's use. The fact that Stingray devices disrupt cell service isn't new, but an on-the-record admission by law enforcement is. The warrant application claims that numbers unrelated to the ones being sought will be "released" to other cell towers. The unanswered question is how long it takes before this release occurs. “As each phone tries to connect, [the stingray] will say, ‘I’m really busy right now so go use a different tower. So rather than catching the phone, it will release it,” says Chris Soghoian, chief technologist for the ACLU. “The moment it tries to connect, [the stingray] can reject every single phone” that is not the target phone. But the stingray may or may not release phones immediately, Soghoian notes, and during this period disruption can occur. The problem with the so-called "release" is related to the amount of disruption that occurs when the device is used. Advances in cell technology have surpassed the ability of Stingray devices to capture calling info and location data. Upgrades are available and law enforcement agencies are scrambling to get their cell tower spoofers up-to-date, but the general process still involves "dumbing down" everyone's connection to the least secure and most easily-intercepted connection: 2G. In order for the kind of stingray used by law enforcement to work, it exploits a vulnerability in the 2G protocol. Phones using 2G don’t authenticate cell towers, which means that a rogue tower can pass itself off as a legitimate cell tower. But because 3G and 4G networks have fixed this vulnerability, the stingray will jam these networks to force nearby phones to downgrade to the vulnerable 2G network to communicate. If a device is in operation nearby, all calls that can't find a better connection will be routed to the cell tower spoofer. This means calls won't be connected, texts won't be sent/received and internet service will be knocked offline. While Stingrays are supposed to allow 911 calls to pass through without interruption, these are far from the only type of "emergency" communications. If the device is deployed for any considerable length of time, citizens completely unrelated to the criminal activity being investigated may find themselves unable to communicate. And while the targeted number apparently belonged to Sprint, the warrant application notes that all service providers in the area will be asked to turn over a large amount of subscriber information. [D]irecting AT&T, T-Mobile U.S.A., Inc., Verizon Wireless, Metro PCS, Sprint-Nextel and any and all other providers of electronic communication service (hereinafter the "Service Providers") to furnish expeditiously real-time location information concerning the Target Facility (including all cell site location information but not including GPS, E-911, or other precise location information) and, not later than five business days after receipt of a request from the Federal Bureau of Investigation, all information about subscriber identity, including the name, address, local and long distance telephone connection records, length of service (including start date) and types of service utilized, telephone or instrument number or other subscriber number or identity, and means and source of payment for such service (including any credit card or bank account number), for all subscribers to all telephone numbers, published and nonpublished, derived from the pen register and trap and trace device during the 60-day period in which the court order is in effect… This request seems to run contrary to what's asserted earlier in the warrant application, in reference to the Stingray device itself. In order to achieve the investigative objective (i.e., determining the general location of the Target Facility) in a manner that is the least intrusive, data incidentally acquired from phones other than the Target Facility shall not be recorded and/or retained beyond its use to identify or locate the Target Facility. It appears there is a "catch-and-release" policy when it comes to Stingray devices, but the FBI's data request to every cell phone service provider in the area contains no such assurances about minimization. Additionally, the request for data on "all subscribers to all telephone numbers" covers a 60-day period, while the use of the tower spoofer is limited to two weeks. So, not only did the FBI potentially disrupt cell service while searching for the robbery suspects, it also collected a massive amount of data on every subscriber whose phone happened to connect with its fake tower. It's not really "catch-and-release" if additional call/location data on unrelated subscribers is obtained from from other providers. This broad request was granted without question or additional stipulations by the magistrate judge -- the only limitation applied (in a handwritten addition, no less) being that the FBI would not be able to use the device "in any private place or when they have reason to believe the Target Facility is in a private place." (This falls in line with the FBI's "warrant requirement," which is written in a way that ensures the FBI will never have to seek a warrant for Stingray use.) The FBI, along with other law enforcement agencies, has refused to answer questions about the disruptive side effects of Stingray device usage. With the unsealing of this document, their silence no longer matters. These agencies are well aware of these devices' capabilities -- something they're clearly not comfortable discussing. The excuses deployed routinely involve "law enforcement means and methods" and claims about "compromising current and future investigations," but with more heat being applied by the nation's legislators, this code of silence may finally be broken. The use of these devices -- despite being fully aware that critical communications may be at least temporarily prevented -- sends a continual implicit message to the public: your safety and well-being is subject to law enforcement's needs and wants.Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
Capcom's never really had much of a consumer-friendly reputation. Between being all about SOPA and utilizing innovative DRM measures such as "You only get one save file per game cartridge ever at all," it would be tough for the company to claim some kind of goodwill dividend should it screw up and find the need for one. And, boy, could Capcom ever use such a dividend amongst PC gamers right now. The screw up was advertising on Steam that the RE-reboot, Resident Evil Revelations 2, would include a local, split-screen co-operative mode, selling the game under the umbrella of that promise, and then revealing only after sales had begun that local co-op had never been planned for the PC version of the game. Owners of the PC version of Capcom's action horror game Resident Evil Revelations 2 have discovered that, unlike the console versions, it does not include local co-op - despite advertisements claiming it would. The game's Steam page had promised offline co-op as part of a bullet point list of features. However, the Steam page was recently amended to state the PC version does not support offline co-op play in the Campaign or Raid mode. (Raid mode, it should be noted, will support online co-op shortly after launch via a patch.) Confusingly, the "assistive co-op play" bullet point that mentions offline co-op remains on the Steam page. I'm not a lawyer, but I'm fairly certain that advertising a game to a passionate fan-base as having a much-wanted feature and then yanking the rug out from under those fans only after sales had begun is not only a PR nightmare, it's a legal no-no as well. And, of all people to pull this on, passionate PC gamers may be the worst targets. This is a group that expects to be treated as much like desired customers as console-owners and, because the PC gaming landscape is littered with differences between its games and those that appear on consoles, it's a group that tends to pay very close attention to the specifics about the features of the games they buy. Not the kind of group, in other words, that you could pull this kind of false advertisement on and actually get away with it. Perhaps worse, the tone-deaf defiant and non-apologetic nature of Capcom's response isn't going to help matters. Here's Capcom's statement in full: "The PC version of Resident Evil Revelations 2 supports a variety of customisable visual settings and resolutions. The decision to prioritise a single local screen was made to ensure a stable user experience across a variety of different PC settings and devices. Raid mode will support online co-op shortly after launch when a free patch is available for players to download which adds this feature, but the main campaign on PC will only be available to play in single local screen." Great, except none of that was the point or cause of the outrage. You told consumers there was a feature in the game at the time of purchase, then revealed that feature was not now or ever planned to be included post-purchase. That's shitty. Come out with refunds and an actual apology next time.Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
Readers of Techdirt have been hearing about corporate sovereignty -- the ability of foreign investors to sue governments directly in special courts over alleged losses, also known as Investor-State Dispute Settlement (ISDS) -- for a while now. For others who have yet to discover this particular feature of so-called trade agreements, Senator Elizabeth Warren has a good, approachable summary of the key issues in a Washington Post opinion piece. In fact, it was clearly so good that the White House Blog felt obliged to try to rebut its main arguments (there's also a great point-by-point response to that response by the Cato Institute's Simon Lester.). The White House Blogt post, written by Jeff Zients, Director of the National Economic Council, pretty much concedes that the criticisms of ISDS are valid, but would have us believe that everything has been fixed now: ISDS has come under criticism because of some legitimate complaints about poorly written agreements. The U.S. shares some of those concerns, and agrees with the need for new, higher standards, stronger safeguards and better transparency provisions. Through TPP and other agreements, that is exactly what we are putting in place. There are two massive problems with that assurance. First, the extreme secrecy of the TPP negotiations means that we have no idea just how strong those "safeguards" are. And secondly, in some sense it doesn't even matter: companies can use the mere threat of an ISDS action to cast a chill over future regulatory action. That's why the following comment is true but misses the point: The reality is that ISDS does not and cannot require countries to change any law or regulation. The ability to use ISDS to discourage governments from introducing inconvenient laws or regulations is no mere theoretical fear. As this important 2001 article in The Nation explains: Carla Hills, the US Trade Representative who oversaw the NAFTA negotiations for Bush I and now heads her own trade-consulting firm, was among the very first to play this game of bump-and-run intimidation. Her corporate clients include big tobacco -- R.J. Reynolds and Philip Morris. Sixteen months after leaving office, Hills dispatched Julius Katz, her former chief deputy at USTR, to warn Ottawa to back off its proposed law to require plain packaging for cigarettes. If it didn't, Katz said, Canada would have to compensate his clients under NAFTA and the new legal doctrine he and Hills had helped create [ISDS]. "No US multinational tobacco manufacturer or its lobbyists are going to dictate health policy in this country," the Canadian health minister vowed. Canada backed off, nevertheless. Nor was that an isolated incident: A former government official in Ottawa told me: "I've seen the letters from the New York and DC law firms coming up to the Canadian government on virtually every new environmental regulation and proposition in the last five years. They involved dry-cleaning chemicals, pharmaceuticals, pesticides, patent law.Virtually all of the new initiatives were targeted and most of them never saw the light of day." Zients goes on to say that corporate sovereignty chapters are needed because foreign courts can't be trusted to provide justice: U.S. investors often face a heightened risk of bias or discrimination when abroad. But Warren already answered that with several extremely powerful points: Countries in the TPP are hardly emerging economies with weak legal systems. Australia and Japan have well-developed, well-respected legal systems, and multinational corporations navigate those systems every day, but ISDS would preempt their courts too. And to the extent there are countries that are riskier politically, market competition can solve the problem. Countries that respect property rights and the rule of law — such as the United States — should be more competitive, and if a company wants to invest in a country with a weak legal system, then it should buy political-risk insurance. Zients also tries to argue that since the US hasn't suffered as a result of ISDS cases in the past, it'll be fine in the future: There have only been 13 cases brought to judgment against the United States in the three decades since we’ve been party to these agreements. By contrast, during the same period of time in our domestic system, individual and companies have brought hundreds of thousands of challenges against Federal, state, and local governments in U.S. courts under U.S. law. We have never lost an ISDS case because of the strong safeguards in the U.S. approach. And because we have continued to raise standards through each agreement, in recent years we have seen a drop in ISDS claims, despite increased levels of investment. But that line of reasoning ignores why there have been so few cases in the past: because corporate sovereignty provisions were mainly included to protect US investments in developing countries with weaker legal systems. By definition, such nations are unlikely to have the resources to make many or significant investments in the US, and therefore have few opportunities to use the ISDS system. That is what will change dramatically with TAFTA/TTIP, as this analysis by Public Citizen explains: TAFTA would vastly expand the investor-state threat, given the thousands of corporations doing business in both the United States and EU that would be newly empowered to attack public interest policies. More than 3,400 EU parent corporations own more than 24,200 subsidiaries in the United States, any one of which could provide the basis for an investor-state claim. This exposure to investor-state attacks far exceeds that associated with all other U.S. "free trade" agreement partners. In fact, the US may be about to find out about the modern reality of billion-dollar corporate sovereignty lawsuits, thanks to the 21-year-old NAFTA agreement, and the controversial Keystone XL project, which President Obama recently vetoed. Here's Politico's explanation of how corporate sovereignty could enter the equation: President Barack Obama may decide to kill Keystone XL for good, but that could be no easy task -- thanks in part to the North American Free Trade Agreement. The 21-year-old free-trade pact allows foreign companies or governments to haul the U.S. in front of an international tribunal to face accusations of putting their investments at risk through regulations or other decisions. The CEO of Keystone developer TransCanada has raised the prospect as a potential last resort if Obama rejects the $8 billion project, although for now the company is focused on getting him to say yes. Administration officials involved in reviewing the proposed Canada-to-Texas pipeline are aware of the potential for a NAFTA challenge and the importance of minimizing that risk in the event the president rejects Keystone. So even though the President retains full powers to reject Keystone, it’s easy to see how the threat of a billion-dollar ISDS lawsuit might encourage him to approve it anyway. That would offer the perfect demonstration of how corporate sovereignty chapters can interfere with democratic decision-making -- at even the highest levels. Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
Trademarks on generic terms and phrases make for the silliest, and often the strangest, battles. In particular, I find it detestable when companies that are serving small, niche groups of people who have every reason to band together in solidarity, instead bicker unnecessarily over even the most common kinds of language. This was the case when comic conventions went to battle over the now generic term "comic-con." It's been the case when game-makers have gone after other game makers over a phrase as generic as "would you rather." And now, for reasons I can't particularly fathom, a company out of Florida called Gay Days Inc. has forced a gay pride festival in Southern California to change its name from "Gay Days" because apparently the LGBT community doesn't have bigger fish to fry besides bickering over insanely generic trademarked terms. Organizers for the festival over Easter weekend changed the name from Cathedral City Gay Days to Cathedral City LGBT Days after a Florida company notified the city about a trademark it owns on the phrase "gay days." Gay Days Inc., the company behind gay parties in Orlando, Las Vegas and Orlando, said in a Jan. 12 email from company President Chris Alexander-Manley it would take all necessary steps to protect the trademark "including, but not limited to, the institution of formal legal proceedings." On the one hand, I suppose it's kind of a nice symbolic moment in the progression this country has undergone in how we look at the civil rights of the LGBT community that rather than focusing on solidarity, there are court fights over "gay days." On the other hand: what the shit? How does the USPTO even grant a mark on such a generic term, one that, by the way, has been in use long before Gay Days Inc. used it or was granted the trademark? Cathedral City, a wonderfully progressive city, appears to be asking the same questions. The switch happened well before a major marketing push for the April 3-5 event got underway, said Chris Parman, spokesman and events manager for Cathedral City, a city that neighbors gay-friendly Palm Springs in California's Coachella Valley. The festival is set to include a bar hop, film screenings in downtown Cathedral City, a Saturday night disco party and Easter egg hunt on Sunday morning. It's taking place at the same time as the Dinah Shore Weekend in Palm Springs. "To me the name ('gay days') is so generic. I don't see how on Earth anyone could have that be a trademarked phrase," Parman said. "It's no different than 'pride parade,' or 'pride' or 'gay pride.' I think if you look, all of them have tried to be trademarked at some point." But, hey, this is America, after all. The land of the free to lock up language and use it against the very people who share your own interests unnecessarily. Progress of a kind, I suppose. Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
Carbon gets a lot of negative publicity because it's associated with carbon dioxide as a greenhouse gas, but the element itself is critical to life and has numerous fascinating properties. Carbon comes in a variety of allotropes, and we're discovering other carbon-based structures all the time. Here are just a few more examples. Volleyballene is a combination of carbon and scandium atoms that forms a volleyball shape -- analogous to how carbon can form a classic soccer ball shape (aka the 60-carbon atom buckyball). Okay, so this molecule hasn't been synthesized or observed, but computer simulations say it should be remarkably stable. [url] Penta-graphene is a sheet of pure carbon (yet another allotrope!) that hasn't been synthesized yet, but if it can be made, it might be useful as a semiconductor to complement electrically-conducting graphene. Simulations predict penta-graphene is stable, assuming anyone can actually make it. [url] Aerographite is a lighter-than-air material made of a carbon foam. It is extremely compressible, electrically conductive and is one of the least dense materials ever made. [url] If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
REM's music has found itself at the center of copyright disputes in the past, but those instances have mostly occurred in the more traditional sorts of disputes, such as accusations that one band copied another band and blah blah blah. It's part of a series of stories that are old, tired, and contrary to the way popular culture works these days, but at least they contain a shadow of relevance to the original purposes of copyright. However, this time what is on display is the result of a culture of permission run amok, as an Australian politician had his video reading mean tweets about him removed because an REM song was playing in the background. On Thursday, Baird tweeted a video link of him reading mean tweets, a take-off of US talk show host Jimmy Kimmel’s popular videos. Everybody Hurts by REM played in the background as Baird read the hate mail, including a tweet that said: “You look like the ‘smiling assassin’. Your charming smile hides your black, Liberal heart.” But by Friday, YouTube had pulled the clip, citing a copyright claim by Warner Chappell, which publishes the US band’s music. “Mean tweets video removed,” Baird tweeted on Friday. “Working with YouTube and Warner to resolve. Fact: everybody hurts, sometimes.” Welcome to our world, Mr. Politician, where copyright and the culture of permission have been so twisted into insanely idiotic knots as to remove a funny video under the notion that a portion of an REM song somehow inhibits REM's ability to make new music. Picture, if you will, teleporting the original creators of copyright law into the present, sitting them down at a boardroom table, and having the executives over at Warner Chappell explain to them how the copyright provisions authored so long ago would result in this sort of thing. After those old guys were done accusing you of witchcraft for showing them the video in the first place, there would likely be much head-scratching over how this whole thing could have gotten so misused. One can only hope that having this happen to a politician that deigns to have a personality such as Baird might be the impetus for some kind of reform, even if it's only local reform. He appeared confused about a tweet that said “The Premier hates Justin Bieber”. “Yeah, of course I hate Justin Bieber. Who doesn’t hate Justin Bieber?” Or the current state of the application of copyright, for that matter. Because this kind of thing isn't what copyright was meant to be. Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
Here's a little bit more evidence to throw on the pile marked "You Don't Need to Destroy the First Amendment/Section 230 to Stop Revenge Porn." Eric Chanson and Kevin Bollaert, proprietors of the revenge porn site YouGotPosted, are now on the hook for $450,000 each, thanks to a default judgment. This lawsuit rests heavily on the duo's violation of child pornography laws, so it's not a complete win for revenge porn opponents, but it does suggest a way out for minors who find themselves posted on sites operated by similar blights on humanity. Defendants watermarked sexually explicit photographs of Plaintiff, a minor, with a “You Got Posted” logo and then posted them on the Website, along with identifying information including Plaintiff’s name and state of residence (California). Defendants did not take any steps to verify Plaintiff’s age before posting her photographs. Nor did Defendants obtain Plaintiff’s consent or that of her parents. According to the complaint, Defendants were aware that Plaintiff was a minor and that the images constituted child pornography when they posted the images on the Website. Defendants used Plaintiff’s photographs to advertise the Website and profited from using Plaintiff’s images. Neither of the defendants mounted much of a challenge to the allegations. Chanson filed a motion for dismissal after being served but the court denied it nine months later. Chanson was deemed to have defaulted in June of last year, based on his lack of communication after his September 2013 motion. Bollaert, on the other hand, was detained by more pressing matters -- like his arrest for extortion, online harassment and identity theft. All of the charges were problematic (especially the harassment charge, which somehow managed to bypass established Section 230 protections), but they did manage to keep Bollaert otherwise occupied as the lawsuit against him proceeded. Still, Bollaert was served two months before his arrest and had the option to file a response at any point, seeing as his conviction on the extortion charge (the most logical of the charges brought -- considering Chanson and Bolleart ran a side business taking down YouGotPosted material for a fee) didn't actually occur until February of 2015. All in all, the pair's accuser was awarded $150,000 (from each) in statutory damages under US child pornography laws, along with $150,000/each in punitive damages and another $150,000/each for violations of California's ridiculous "publicity rights" law. It may seem slightly more palatable when it's being used to punish revenge porn site operators, but that still doesn't make that bad law any less stupid or easily abused. It all adds up to $450,000 from each of the defendants and the option to pursue legal fees is still open. If you're looking to shut down revenge porn site operators, this particular case doesn't have a whole lot to offer, other than the likelihood that pursuing a lawsuit could easily result in a default judgment if your allegations are solid. Judging from past events, it seems unlikely that many revenge porn site operators are interested in defending their actions in front of a judge. It also provides some comfort for minors whose photos and information have been posted at these sites. On the other hand, easily-abused laws (with the exception of California's publicity rights statute) weren't abused to pursue these site owners. There was no suggestion that posting pictures without authorization is automatically copyright infringement or any desire expressed to punch holes in Section 230 protections. That's a plus for the internet in general. And the outcome shows there are a multitude of ways to approach the revenge porn problem that don't involve carving out chunks of the First Amendment. Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
Two very different stories, but both with some startling parallels. First, Radley Balko's story about how police and attorneys in Louisiana apparently flat out lied to claim that a process server "assaulted" a police officer he was serving (in a police brutality case, no less). There are lots of details there, but suffice it to say, the process server, Douglas Dendinger, did not assault Chad Cassard at all -- even though he was soon arrested for it, and Cassard managed to present seven witnesses (including police officers and two prosecutors who witnessed Dendinger serving the papers on Cassard). Dendinger went through two years of hell because of this, before the case was dropped when cell phone videos made by Dendinger's wife and nephew showed that there was no assault at all. Police and prosecutors lying to protect one of their own? Sure, it happens. But now that it's been exposed, Balko has an important question: Why aren’t the seven witnesses to Dendinger’s nonexistent assault on Cassard already facing felony charges? Why are all but one of the cops who filed false reports still wearing badges and collecting paychecks? Why aren’t the attorneys who filed false reports facing disbarment? Dendinger’s prosecutors both filed false reports, then prosecuted Dendinger based on the reports they knew were false. They should be looking for new careers — after they get out of jail. If a group of regular citizens had pulled this on someone, they’d all likely be facing criminal conspiracy charges on top of the perjury and other charges. So why aren’t these cops and prosecutors? I could be wrong, but my guess is that they’ll all be let off due to “professional courtesy” or some sort of exercise of prosecutorial discretion. And so the people who ought to be held to a higher standard than the rest of us will once again be held to a lower one. Second, we have last week's story about Total Wipes sending an automated takedown notice to Google demanding tons of perfectly legitimate, non-infringing web pages be taken out of Google's index for infringement. Total Wipes blamed it on a "bug" in its program, which would be more convincing if it hadn't happened before. This second story has Rick Falkvinge, quite reasonably, wondering why the penalties for false takedowns aren't equivalent to the penalties for infringement, saying that this is the way it works in other parts of the law: The thing is, this should not even be contentious. This is how we deal with this kind of criminal act in every – every – other aspect of society. If you lie as part of commercial operations and hurt somebody else’s rights or business, you are a criminal. If you do so repeatedly or for commercial gain, direct or indirect, you’re having your ill-gotten gains seized. This isn’t rocket science. This is standard bloody operating procedure. The copyright industry goes ballistic at this proposal, of course, and try to portray themselves as rightsless victims – when the reality is that they have been victimizing everybody else after making the entire planet rightsless before their intellectual deforestation. The irony is that at the same time as the copyright industry opposes such penalties vehemently, arguing that they can make “innocent mistakes” in sending out nastygrams, threats, and lawsuits to single mothers, they are also arguing that the situation with distribution monopolies is always crystal clear and unmistakable to everybody else who deserve nothing but the worst. They can’t have it both ways here. Of course, his claim that this is true in "every" other area is proven somewhat false by the first story above. But the underlying factors in both cases are nearly identical, and it actually goes back to a previous concept that Falkvinge has written about: the "high court" and the "low court." The "nobility" gets a special court when they break the law, with limited consequences. The lowly commoners have to go to the "low court" where the consequences are quite severe. Falkvinge's original point is that we still seem to have the same thing today, and that's clearly shown in both stories above. If you're in power, you can lie about things to accuse others of serious things that can have serious consequences for them, and there's no real punishment. Instead, it's brushed off as not being important -- sometimes with expressions of understanding about how "these things can happen." I'm reminded of the phrase that we "judge ourselves according to our intentions, but others based on their actions," and that seems to be partly at work here as well (though I question the "intentions" of the prosecutors who lied above). The lies are written off as minor "mistakes," whereas those accused are given no such benefit of the doubt. It's a big problem in the copyright space, certainly, but it's true in many other areas of society as well.Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
Back in December, we noted that Google had gone to court to try to stop a ridiculously broad subpoena issued by Mississippi Attorney General Jim Hood. For quite some time now, Hood has been publicly attacking Google, based on what appears to be near total ignorance of both the law and technology. Oh, and maybe it also has something to do with the MPAA directly funding his investigation and authoring the letters that Hood sent. Either way, Google pointed out that the broad subpoena that Hood issued to Google clearly violated Section 230 of the CDA in looking to hold Google accountable for other's actions and speech. It pointed out other problems with the order as well -- and while Hood insisted that his subpoena was perfectly reasonable, it appears that a federal court isn't so sure. Today the court told Hood that he's granting a temporary injunction on the subpoena, noting that Google's argument is "stronger." This certainly is nowhere close to over, but it does highlight that Hood's repeated arguments that he has every right to hold Google accountable for the fact that sometimes people use the search engine to find illegal stuff, isn't particularly convincing to at least one federal judge.Permalink | Comments | Email This Story

Read More...
posted 27 days ago on techdirt
While the FCC may have buckled to public demand and voted to finally approve tougher net neutrality rules last week, if you thought that meant an end to the hysterical over-reaction to what appear to be some fairly basic consumer protections, you're going to be gravely disappointed. From editorials lamenting the FCC's attempt to "strangle startups in their cribs", to claims the agency is murdering "innovation angels", we're clearly entering an entirely new, bloody chapter when it comes to divorcing net neutrality reality from rhetoric. At the vanguard of this assault are ISP-loyal politicians, who intend to throw everything but the kitchen sink at the FCC over the next few months in the hopes of if not destroying the rules -- at least delaying them -- while publicly flogging the FCC for good measure. That apparently starts with FCC Commissioners Ajit Pai and Michael O'Rielly lagging on providing their dissenting edits so the rules can't be released, followed by a gauntlet of at least five potential hearings over the next month aimed at shaming the FCC for destroying the Internet. A letter from the House Judiciary Committee Members (pdf) to FCC boss Tom Wheeler complains that the FCC is pursuing the "most oppressive and backward regulatory option possible," which is odd since a growing list of companies that actually sell broadband -- like Cablevision, Frontier, Sprint and Sonic -- all say the rules won't impact their businesses in the slightest, since most of the heavier utility-components of Title II won't be applied. So why is the House Judiciary Committee fighting the rules? Because they're just super worried about the health of the Internet:"We will not stand by idly as the White House, using the FCC, attempts to advance rules that imperil the future of the Internet. We plan to support and urge our colleagues to pass a Congressional Review Act resolution disapproving the “Open Internet” rules. Not only will such a resolution nullify the ‘Open Internet’ rules, the resolution will prevent the FCC from relying on Title II for any future net neutrality rules unless Congress explicitly instructs the FCC to take such action."Of course any measure that makes its way to the President's desk will be vetoed -- and a Congressional Review Action still requires a presidential signature or enough votes to override a veto, both of which are extremely unlikely. The only real way to overturn the agency's new laws is either via lawsuit (which the FCC has gone to great length to avoid losing this time after the courts repeatedly told them they needed to classify ISPs as common carriers to be on solid footing) or through a party change (and therefore an FCC leadership shift) in 2016. Until then, the House Judiciary Committee hopes to keep the hysteria momentum rolling by flinging around some now well-worn falsehoods, like claiming that the White House acted improperly when it publicly proclaimed it preferred Title II rules:"We are also troubled by the manner in which the ‘Open Internet’ rules were formulated. On November 10, 2014, President Obama urged the FCC to impose Title II regulations on the Internet. Shortly thereafter, you began making statements in support of a Title II approach. Certainly, the timing of your support for Title II following the President’s recommendation calls into question the degree, if not the existence, of the FCC’s independence from the White House."Yes, because the "timing" of things is enough to make them illegal, right? You'll note the letter falls well short of claiming the White House broke the law, because despite whatever disdain the White House has for the law on a wide variety of topics, they did nothing wrong here. As we've noted previously, it's perfectly routine and legal for the White House to express its policy desires to the FCC, and every President in the last thirty years has done so (like when George W. Bush pushed the FCC for weaker media consolidation rules, or Bill Clinton urged the FCC to ban hard liquor ads on TV). Republicans were already planning a rewrite this year of the Communications Act, and you can be dead certain that effort will be rekindled with a keen and aggressive eye on making regulators as ill-equipped as possible when it comes to doing anything about the nation's stagnant telecom duopoly. You know, for the health of the Internet.Permalink | Comments | Email This Story

Read More...
posted 28 days ago on techdirt
Over the years, many folks in the broadcast and entertainment industries have made it increasingly clear they'd love to see tools like VPNs or proxy services made illegal. Sure, both are perfectly legal and have a myriad of valid purposes, but because they can allow users to dodge anti-piracy snooping efforts (like the not-really effective U.S. six strikes program) or geo-blocks (like say watching Netflix in unsupported countries) -- apparently they should be outlawed entirely. You know, like in Iran -- and now Russia. Canadian law professor Michael Geist notes that several Rogers, Bell and Shaw executives recently gathered for the Content Industry Connect conference in Toronto. There, Rogers Senior Vice President David Purdy spent some time complaining that VPNs "aren't fair" and -- according to at least one attendee -- suggested that the government should think about banning them. You know, just because: Purdy - need the govt to shut down VPNs, enforce copyright then can have a viable business #cicto — Kelly Lynne Ashton (@klashton27) February 26, 2015 Purdy: if gov not willing to stop piracy, VPNs, BitTorrent not fair #cicto — Marcia Douglas (@Marcia_Douglas) February 26, 2015 Rogers' "me too" streaming video service Shomi isn't really resonating with consumers, and blocking Canadian VPN/Netflix users would certainly be easier than actually competing. As Geist is quick to note, it's unlikely that the Canadian government is going to want to wade into the minefield of banning VPNs, so all Purdy managed to do is make him and his company seem somewhat narrow-minded and unnecessarily aggressive:"If Rogers is upset over VPN use to access U.S. Netflix, it should take it up with Netflix. Instead, focusing on consumer VPN use by suggesting that the solution lies in blocking legal technologies in order to stop consumer access is a dangerous one. Countries like China have tried to regulate VPNs, while Iran and Oman have tried to ban them. A Canadian attempt to do so would be subject to an immediate legal challenge, particularly since virtual private networks are widely used within the business community and play a crucial role for consumers in preserving user privacy, enabling access to information, and facilitating free speech."After Geist posted a number of attendee Tweets citing Purdy's disdain for VPNs, a Rogers spokesperson denied that Purdy said anything of the sort, lamenting that it's "hard to communicate a discussion via Twitter." I've yet to find a transcript of the comments (and Purdy doesn't appear to be responding to media inquiries), but given Rogers' ugly history as a front-runner when it comes to net neutrality violations, quietly dreaming of a ban on VPNs certainly wouldn't be out of character for the company.Permalink | Comments | Email This Story

Read More...
posted 28 days ago on techdirt
Your law enforcement panic of the day: an app that automatically uploads recorded footage and forwards it to the ACLU. New Jersey's ACLU branch put together "Police Tape" back in 2012, an app which allowed anyone to record cops with a press of a button. The app then hid itself while the recording continued. If the recording was interrupted, the app would automatically send the recording to the ACLU. The app also advised those confronted by cops of their rights in various situations. The app is apparently no longer available, but ACLU-NJ reported 30,000 downloads within the first few months of its availability. Widespread coverage of this police accountability app led to a somewhat overwrought response from (of all places) the Burbank, California Police Department. "OFFICER AWARENESS," the bulletin yells, before heading into a brief summation of the app's capabilities. It takes a turn for the truly absurd when Lt. Eric Deroian attempts to portray the app as potentially dangerous to officers. Both apps [including the "stop and frisk" app developed by ACLU-NY] will notify other app users within a defined area if someone has activated their app, with the exact location of the police action. This may result in officer safety issues if community groups are able to pinpoint various police actions, and respond to the location in the form of a flash mob. First off, let's deal with the why of this app's existence. It is only because officers have routinely (and illegally) confiscated, shut down or deleted recordings from civilians' cell phones that an automatic archival process is needed. Despite being told repeatedly by judges, the DOJ and their own internal policies that citizens have the right to record police officers in public areas, many cops still seem to believe this isn't actually a right but a privilege completely subject to any recorded officer's willingness to oblige. Because cops doing bad things hate to be held accountable for their actions, they often turn on those recording their actions. And because officers have power, weapons and the benefit of a doubt eternally on their side, it's usually pretty easy to shut down recordings. The tide is slowly turning, but civilians are still severely limited in their options when confronted by a cop who doesn't want to be recorded. That's why apps like these even exist, and cops have only themselves to blame for this situation. Now, let's address the inadvertent hilarity of the "flash mob" claim. Even if there were enough people with the app installed in the area, it's highly unlikely a coordinated (and apparently threatening) response would be mounted. The thing about successful flash mobs is that they're usually coordinated ahead of time. The best ones are, anyway. There are some that gel unexpectedly, but flash mobs usually require participants to be at least a little prepared. Being suddenly alerted about some unexpected police bullshittery isn't generally going to provoke anything more than additional cameras and angry voices. I've seen tons of police video captured by citizens and I have yet to see crowds physically attack officers no matter how much of a beatdown they're putting on some unlucky individual. A lot of yelling and swearing? Yeah. But nothing more "threatening" than that. Even when a cop is choking the life out of someone, everyone stands a few feet away and hurls nothing more dangerous than epithets and criticism. Here's the other thing: You know who else can "notify [others] in their area" and "pinpoint various police actions?" Cops. And their "flash mobs" usually arrive at high speed with sirens blaring, and armed to the teeth with a variety of lethal (and slightly less-lethal, depending on application) weapons. This "mob" has the force of law behind it, as well as a large number of options citizens don't have -- like departments and unions willing to justify nearly any amount of misconduct, as well as various levels of legal immunity should the "police action" result in a civil lawsuit. They'll also be acting out of "fear for their safety," so the occasional kidney punch/emptied gun magazine will be almost instantly forgiven. All the unfriendly citizen flash mob has is… well, their voices and their cameras. Nothing like bringing a Galaxy 4 to a gun/Taser fight. Bottom line: there's nothing to fear from police accountability apps like these except the accountability. This is what Lt. Deroian's warning is really about. He closes it by noting that a "suspect" had the app installed on his phone, but leaves the details of this person's crime wholly up to the overactive imaginations of the officers reading this "alert." A better "Officer Awareness" memo might have addressed the fact that citizens have a right to record and that patrolling OFFICERS should be AWARE their actions have a good chance of being recorded, so try not to violate too many rights/beat down too many "suspects." And be careful out there.Permalink | Comments | Email This Story

Read More...
posted 28 days ago on techdirt
Last week we noted that while AT&T has been trying to match Google Fiber pricing in small portions of several markets, it has been busily doing it in a very AT&T fashion. While the company is offering a $70, 1 Gbps service in some locations, the fine print indicates that users can only get that price point if they agree to AT&T's Internet Preferences snoopvertising program. That program uses deep packet inspection to track your online behavior down to the second -- and if you want to opt out, that $70 1 Gbps broadband connection quickly becomes significantly more expensive. While most people thought this was rather dumb, AT&T actually received kudos on some fronts for trying something new. Apparently, the logic goes, AT&T charging you a major monthly fee to not be snooped on will result in some kind of privacy arms race resulting in better services and lower prices for all. While sometimes that sort of concept works (Google and Apple scurrying to profess who loves encryption more, for example), anybody who believes this is a good precedent doesn't know the U.S. telecom market or AT&T very well. As Stacey Higginbotham at GigaOM notes, it's not as simple as just paying AT&T a $30 to not be snooped on. AT&T actually makes it very difficult to even find the "please don't spy on me option," and saddles the process with a number of loopholes to prevent you from choosing it. In fact, you're not even able to compare prices unless you plug in an address that's in AT&T's footprint, but currently doesn't have AT&T service. Meanwhile, according to Higginbotham's math, even if you're successful in signing up, that $30 privacy fee is actually much more depending on your chosen options. If you just want broadband, opting out of AT&T snoopvertising will actually run you $44:"Gigabit service costs $99 per month under the Standard Plan plus a $7 monthly fee modem rental fee and a $99 one-time activation fee, that nets out to a monthly cost of $114. The Internet Preference Plan waives the one-time activation and monthly modem fee which means you pay only $70 a month, giving you a true cost of $44 a month if you choose the privacy-preserving option."It's worse if you want to sign up for television services:"The Standard Plan has a higher cost of $149 per month plus the $7 monthly fee and a one-time $49 activation fee. Only you also add in a $10 monthly service fee for HD TV and a $16 monthly fee for HBO Go which are included in the Internet Preference Plan. So the comparable plan nets out to $186, which costs $66 more than the $120 you’d pay for letting AT&T sneak a peek at your home broadband web surfing habits."So no, AT&T isn't opening up some brave new frontier here where consumers have greater control of privacy. It's charging you a huge premium just to opt out of deep packet inspection, and making it as expensive and as confusing as possible to do so.Permalink | Comments | Email This Story

Read More...
posted 28 days ago on techdirt
This week, the Komodia/Superfish scandal got even worse. So bad, in fact, that the only appropriate response was sheer sarcasm, which Rich Kulawiec provided in our most insightful comment of the week: Oh, come now, this isn't so bad It's not like they did something really bad, something so destructive and damaging to the privacy and security of millions of people that it required immediate attention from federal law enforcement agencies combined with the threat of aggressive prosecution that could result in decades in prison...something like, oh, I don't know, downloading scientific research papers? Meanwhile, when we looked at the creative abuses of wireless data caps, TheResidentSkeptic took second place for insightful by boiling it down to basics: A different viewpoint the most ham-fisted abuse of usage caps is simply that they exist. For editor's choice on the insightful side, we'll look at two other examples of people abusing power, the law, the market or all of the above. First up, after Total Wipes decided the word "download" meant infringement and proceeded to abuse the DMCA to take down all kinds of innocent sites, That One Guy opined on the inevitability of it all: Natural result of a one-sided law When a system or law has absolutely no penalty for abuse, it will be abused, and to expect anything less is foolish. Companies who file clearly bogus DMCA claims face no penalty whatsoever for doing so, even if the claims are blatantly false, yet the ones receiving them are still forced to treat them all as valid, unless they want to face harsh legal penalties. If the DMCA was intended to be even remotely balanced, then there would be hard penalties for sending such obviously false claims, but as it stands, it's working exactly as it was intended to, completely favoring one side, at the cost of the other. Next, though Rep. Mike Rogers said a lot of pretty worrying things about the NSA and privacy this week, Jason zeroed in on what might be the most offensive statement of them all: Of everything said in that interview, what I personally found the most offensive was this: “Be grateful that you live in a nation that is willing to have this kind of dialogue,” Rogers told the audience. (from here) We don't. We're having "this kind of dialogue"---such as it is---only because the government and intelligence community has been dragged, kicking and screaming and pronouncing the immediate doom of us all, into it. I cycle through a lot of emotions as I keep up with all this... concern, mistrust, whatever. But comments like that make me genuinely angry. Over on the funny side, we start out by returning to the Total Wipes story, where one anonymous commenter won first place with a different take on the whole situation: What about me? I have a site with a download link. Am I not important enough? Can I sue them for discrimination? Next we head to the post about our brief Twitter exchange with revenge porn jerk/king of irony Craig Brittain, who is on a crusade against Google's supposed copyright infringement. Among the many amusing hypocrisies and general stupidities in his position, Somedumbgeek pointed out that his request for our coverage of the Perfect 10 lawsuit was among the most amusing: So... At the end, when he asked where he could read about it. Did it never occur to him that he could just google it? For editor's choice on the funny side, we start by circling back to the story about wireless data caps, where orbitalinsertion gave an excellent name to the practice of letting big companies buy "sponsored data" to route around caps (and block smaller competition): Deep Pocket Inspection. Last but not least, we've got an anonymous commenter who has daringly taken the side of government officials demanding a magical, un-abusable backdoor key to encrypted devices. The engineers have insisted such a thing is fundamentally impossible, but clearly they were just too lazy to hammer out the code: It's so simple if (guy = good){ key.golden.letIn(True) else key.golden.letIn(False) } (There appear to be some syntax errors there, including the use of an assignment operator instead of a comparison one, which would make every "guy" register as "good" automatically. Which means this approach should be just about as secure as any genuine attempt would.) That's all for this week, folks! Permalink | Comments | Email This Story

Read More...