Twitter and Steven Biss (Devin Nunes' rather busy, but still terrible, lawyer) were in court on Friday to continue Nunes' frivolous SLAPP suit against a satirical internet cow who makes fun of Nunes. The current issue remains Twitter's unwillingness to reveal who is behind the @DevinCow account. Twitter, correctly, continues to point out that it doesn't need to give up the account info, that it's protected from doing so under Section 230, that the Cow has engaged in 1st Amendment protected speech, and more. And Biss's response appears to be... "but Twitter's mean to us, so it's not fair, it's not, it's not, it's not."Needless to say, this is not a very good argument.
The killing of George Floyd by Minneapolis police officer Derek Chauvin has triggered a shock wave across the country. The nation has seen the full horror of law enforcement's indifference to the lives of black people, this time personified by Officer Chauvin's knee on Floyd's neck. In full view of several citizens' cameras, the officer choked Floyd to death, leaving his knee on his neck for nearly three minutes after another officer failed to detect a pulse.Cities are responding to a fact they can no longer ignore. So are some police departments. And the courts are starting to take notice. The Fourth Circuit Court of Appeals has denied qualified immunity to police officers involved in another killing of a black man, pointing out that this pattern of violence against black citizens has not only been seen by the courts, but will weigh against officers in future civil rights lawsuits. (h/t Matthew Segal)The opinion [PDF] starts with a concise recounting of the events leading to this lawsuit, delivered with a dryness that does nothing to eliminate the horrific aspects of the officers' actions.
This week, our first place comment on the insightful side comes from aerinai in response to our post about John Oliver's show about defunding the police:
Five Years AgoThis week in 2015, legislators were working to take money from the DEA to buy bodycams for cops and calling for mandatory data collection on police shootings, while we took a look at the way (even with cameras) cops and the media cooperate to disparage victims of police violence and paint every kill as a "good" kill, and how law enforcement stretches the definition of "reasonable suspicion" to cover just about everything and make the 4th Amendment useless in lots of cases. Meanwhile, there were efforts to shut down bulk phone record collection during the transition to the new USA Freedom Act, but the DOJ had different ideas and the House Intelligence Committee was working to block the Privacy & Civil Liberties Board from doing its job. Canada, in the mean time, passed its own "anti-terror" bill to take away civil liberties.Ten Years AgoThis week in 2010, we saw a terrible court ruling that said forwarding a link can be considered defamation, while the UK was considering a new libel law that was a mixed bag at best, and Andrew Cuomo kicked off his recently-announced campaign for Governor of New York by threatening to sue a social network for its users' actions. Meanwhile, many targets of the US Copyright Group's shakedown scheme were claiming their innocence while another law firm that tried to get in on the racket was suing Wordpress over critical blogs. We debunked the ludicrous idea that pirated handheld games have cost the economy $41.6-billion, and the idea that the RIAA is a success, and also pointed out how Hollywood's constant copyright lawsuits were at odds with its celebration of rampant copyright infringement in the show Glee — nearly as hilariously ironic as the New York Times getting confused about its own RSS feed and ordering takedown of an iPad RSS reader.Fifteen Years AgoThis week in 2005, we saw an early case of an artist being shut down for offering torrents of their own content, while the UK's new Creative Minister was fighting to expand copyright to stop Elvis Presley songs from hitting the public domain, Sweden's private recording industry police got a wrist-slap for breaking the rules, and the press was patting itself on the back for parroting the recording industry's misleading statements and studies. And always-on-the-ball Sony was repeating its mistakes with the Aibo robotic dog when it came to the PSP, by doing everything possible to block hackers and modders from making the device more useful.
Almost exactly a year ago, we first wrote about a trademark lawsuit brought by AM General LLC, the company that makes Humvee vehicles, and Activision. At issue is the inclusion of historically accurate Humvee vehicles in the publisher's Call of Duty games. AM General decried those depictions as trademark infringement, leading Activision to say its use was protected by the First Amendment, given that the entire goal here was to accurately depict warfare in an artistic fashion. Shortly after, the ESA chimed in with an amicus brief siding with Activision. Given the implications for the gaming industry should AM General win the suit, this was no surprise.Well, fortunately for creative expression in gaming, the court has ruled and has sided with Activision.
If you've been around the content moderation/trust and safety debates for many years, you may remember that in the early 2000s, Yahoo got understandably slammed for providing data to the Chinese government that allowed the government to track down and jail a journalist who was critical of the Chinese government. This was a wake up call for many about the international nature of the internet -- and the fact that not every "government request" is equal. This, in fact, is a key point that is often raised in discussions about new laws requiring certain content moderation rules to be followed -- because not all governments look at content moderation the same way. And efforts by, say, the US government to force internet companies to "block copyright infringement" can and will be used by other countries to justify censorship.The video conferencing software Zoom is going through what appears to be an accelerated bout of historical catch-up as its popularity has rocketed thanks to global pandemic lockdown. It keeps coming across problems that tons of other companies have gone through before it -- with the latest being, as stated above, that requests from all governments are not equal. It started when Zoom closed the account of a US-based Chinese activist, who used Zoom to hold an event commemorating the Tiananmen Square massacre. Zoom initially admitted that it shut the account to "comply" with a request from the Chinese government:
We've noted for a while that the "race to 5G" is largely just the byproduct of telecom lobbyists hoping to spike lagging smartphone and network hardware sales. Yes, 5G is important in that it will provide faster, more resilient networks when it's finally deployed at scale years from now. But the society-altering impacts of the technology are extremely over-hyped, international efforts to deploy the faster wireless standard aren't really a race, and even if it were, our broadband maps are so terrible (often by monopolist design), it would be impossible to actually determine who won.A huge part of the idiotic "race to 5G" narrative involves ample fear mongering over China, or the idea that if China somehow deploys 5G faster to Chinese residents, that somehow means... anything to the consumers in the US already facing high prices and patchy availability. The reality is that China is well ahead of the United States in terms of 5G deployment already, and the 5G being deployed here in the States is notably slower than many overseas 5G deployments because of a lack of mid-band spectrum (aka policy failure). It's simply not a race, and the monopoly-dominated US telecom sector isn't likely to "win" it.Yet another aspect of the whole "race to 5G" narrative is the endless pearl-clutching and face-fanning about Chinese telecom giant Huawei, and its role in helping build global 5G networks. The Trump administration has repeatedly tried to claim that Huawei should be unequivocally banned from participating in global 5G builds. Many lawmakers in Germany and the UK have repeatedly balked at this request, quite correctly noting that nobody in the Trump administration has been able to provide any public evidence that Huawei has spied on Americans or Europeans at scale.Companies like Microsoft have expressed skepticism as well:
Not long ago, the Electronic Frontier Foundation published a comprehensive look at the ways that Facebook could and should open up its data so that users could control their experience on the service, making it easier for competing services to thrive.In the time since, Facebook has continued to be rocked by scandals: privacy breaches, livestreamed terrorist attacks, harassment, and more. At the same time, competition regulators, scholars and technologists have stepped up calls for Facebook to create and/or adopt interoperability standards to open up its messenger products (and others) to competitors.To make matters more complex, there is an increasing appetite in both the USA and Europe, to hold Facebook and other online services directly accountable for the actions of its users: both in terms of what those users make available (copyright infringement, political extremism, incitements to violence, etc) and in how they treat each other (harassment, stalking, etc).Fool me twice…Facebook execs have complained that these goals are in conflict: they say that for the company to detect and block undesirable user behaviors as well as interdicting future Cambridge Analytica-style data-hijacking, they need to be able to observe and analyze everything every user does, both to train automated filters and to allow them to block abusers. By allowing third parties to both inject data into their network and pull data out of it—that is, allowing interoperability—the company's ability to monitor and control its users' bad behavior will be weakened.There is a good deal of truth to this, but buried in that truth is a critical (and highly debatable) assumption: "If you believe that Facebook has the will and ability to stop 2.3 billion people from abusing its systems and each other, then weakening Facebook's control over these 2.3 billion people might limit the company's ability to make that happen."But if there's one thing we've learned from more than a decade of Facebook scandals, it's that there's little reason to believe that Facebook possesses the requisite will and capabilities. Indeed, it may be that there is no automated system or system of human judgments that could serve as a moderator and arbiter of the daily lives of billions of people. Given Facebook's ambition to put more and more of our daily lives behind its walled garden, it's hard to see why we would ever trust Facebook to be the one to fix all that's wrong with Facebook.After all, Facebook's moderation efforts to date have been a mess of backfiring, overblocking, and self-censorship, a "solution" that no one is happy with.Which is why interoperability is an important piece of the puzzle when it comes to addressing the very real harms of market concentration in the tech sector, including Facebook's dominance over social media. Facebook users are eager for alternatives to the service, but are held back by the fact that the people they want to talk with are all locked within the company's walled garden.Interoperability presents a means for people to remain partially on Facebook, but while using third-party tools that are designed to respond to their idiosyncratic needs. While it seems likely that no one is able to build a single system that protects 2.3 billion users, it's certainly possible to build a service whose social norms and technological rules are suited to smaller groups. Facebook can't figure out how to serve every individual's and community's needs -- but those individuals and communities might be able to do so for themselves, especially if they get to choose which toolsmith's tools they use to mediate their Facebook experience.Standards-washing: the lesson of Bush v GoreBut not all interoperability is created equal. Companies have historically shown themselves to be more than capable of subverting mandates to adhere to standards and allow for interconnection.A good historic example of this is the drive to standardize voting machines in the wake of the Supreme Court's decision in Bush v Gore. Ambiguous results from voting machines resulted in an election whose outcome had to be determined by the Supreme Court, which led to Congress passing the Help America Vote Act, which mandated standards for voting machines.The ensuing process included a top-tier standards development organization to oversee the work: the Institute of Electrical and Electronics Engineers (IEEE), which set about creating a standard for voting machines. But rather than creating a "performance standard" describing how a voting machine should process ballots, the industry sneakily tried to get the IEEE to create a "design standard" that largely described the machines they'd already sold to local election officials.In other words, rather than using standards to describe how a good voting machine should work, the industry pushed a standard that described how their existing, flawed machines did work with some small changes in configurations. Had they succeeded, they could have simply slapped a "complies with IEEE standard" label on everything they were already selling and declared themselves to have fixed the problem... without making the serious changes needed to fix their systems, including requiring a voter-verified paper ballot.Big Tech is even more concentrated than the voting machine industry is, and it's far more concentrated than the voting machine industry was in 2003 (most industries are more concentrated today than they were in 2003). Legislatures, courts or regulators that seek to define "interoperability" should be aware of the real risk of the definition being hijacked by the dominant players (who are already very skilled at subverting standardization processes). Any interoperability standard developed without recognizing Facebook's current power and interest is at risk of standardizing the parts of Facebook's business that it does not view as competitive risks, while leaving the company's core business (and its bad business practices) untouched.Even if we do manage to impose interoperability on Facebook in ways that allow for meaningful competition, in the absence of robust anti-monopoly rules, the ecosystem that grows up around that new standard is likely to view everything that's not a standardized interoperable component as a competitive advantage, something that no competitor should be allowed to make incursions upon, on pain of a lawsuit for violating terms of service or infringing a patent or reverse-engineering a copyright lock or even more nebulous claims like "tortious interference with contract."Everything not forbidden is mandatoryIn other words, the risk of trusting competition to an interoperability mandate is that it will create a new ecosystem where everything that's not forbidden is mandatory, freezing in place the current situation, in which Facebook and the other giants dominate and new entrants are faced with onerous compliance burdens that make it more difficult to start a new service, and limit those new services to interoperating in ways that are carefully designed to prevent any kind of competitive challenge.Standards should be the floor on interoperability, but adversarial interoperability should be the ceiling. Adversarial interoperability takes place when a new company designs a product or service that works with another company's existing products or services, without seeking permission to do so.Facebook is a notorious opponent of adversarial interoperability. In 2008, Facebook successfully wielded a radical legal theory that allowed it to shut down Power Ventures, a competitor that allowed Facebook's users to use multiple social networks from a single interface. Facebook argued that by allowing users to log in and display Facebook with a different interface, even after receipt of a cease and desist letter telling Power Ventures to stop, the company had broken a Reagan-era anti-hacking law called the Computer Fraud and Abuse Act (CFAA). In other words, upsetting Facebook's investors made their conduct illegal.Adversarial interoperability flips the scriptClearing this legal thicket would go a long way toward allowing online communities to self-govern by federating their discussions with Facebook without relying on Facebook's privacy tools and practices. Software vendors could create tools that allowed community members to communicate in private, using encrypted messages that are unintelligible to Facebook's data-mining tools, but whose potential members could still discover and join the group using Facebook.This could allow new entrants to flip the script on Facebook's "network effects" advantage. Today, Facebook is viewed as holding all the cards because it has corralled everyone who might join a new service within its walled garden. But legal reforms to safeguard the right to adversarial interoperability would turn this on its head: Facebook would be the place that had conveniently organized all the people whom you might tempt to leave Facebook, and even supply you with the tools you need to target those people.Revenge of CarterfoneThere is good historic precedent for using a mix of interoperability mandates and a legal right to interoperate beyond those mandates to reduce monopoly power. The FCC has imposed a series of interoperability obligations on incumbent phone companies: for example, the rules that allow phone subscribers to choose their own long-distance carriers.At the same time, federal agencies and courts have also stripped away many of the legal tools that phone companies once used to punish third parties who plugged gear into their networks.The incumbent telecom companies historically argued that they couldn't maintain a reliable phone network if they didn't get to specify which devices were connected to it, a position that also allowed the companies to extract rental payments for home phones for decades, selling you the same phone dozens or even hundreds of times over.When agencies and courts cleared the legal thicket around adversarial interoperability in the phone network, it did not mean that the phone companies had to help new entrants connect stuff to their wires: manufacturers of modems, answering machines, and switchboards sometimes had to contend with technical changes in the Bell system that broke their products. Sometimes, this was an accident of some unrelated technical administration of the system; sometimes it seemed like a deliberate bid to harm a competitor. Often, it was ambiguous.Monopolists don't have a monopoly on talentBut it turns out that you don't need the phone company's cooperation to design a device that works with its system. Careful reverse-engineering and diligent product updates meant that even devices that the phone companies hated -- devices that eroded their most profitable markets -- had long and profitable runs in the market, with devoted customers.Those customers are key to the success of adversarial interoperators. Remember that the audience for a legitimate adversarial interoperability product are the customers of the existing service that it connects to. Anything that the Bell system did to block third-party phone devices ultimately punished the customers who bought those devices, creating ill will.And when a critical mass of an incumbent giant's customer base depends on—and enjoys—a competitor's product, even the most jealous and uncooperative giants are often convinced to change tactics and support the businesses they've been trying to destroy. In a competitive market (which adversarial interoperability can help to bring into existence), even very large companies can't afford to enrage their customers.Is Facebook better than everyone else?Facebook is one of the largest companies in the world. Many of the world's most talented engineers and security experts already work there, and many others aspire to do so. Given that, is it realistic to think that a would-be adversarial interoperator could design a service that plugs into Facebook without Facebook's permission?Ultimately, this is not a question with an empirical answer. It's true that few have tried to pull this off since Power Ventures was destroyed by Facebook litigation, but it's not clear whether the competitive vacuum is the result of potential competitors being too timid to lock engineering horns with Facebook's brain-trust, or potential competitors and investors whose legal departments won't let them even try.But it is instructive to look at the history of the Bell system after Carterfone and Hush-a-Phone: though the Bell system was the single biggest employer of telephone technicians in the world, and represented the best, safest, highest-paid opportunities for would-be telecoms innovators, after Carterfone and Hush-a-Phone, Bell's rivals proceeded to make device after device after device that extended the capabilities of the phone network, without permission, overcoming the impediments that the network's operator put in their way.Closer to home, remember that when Facebook wanted to get Power Ventures out of its network, its primary tool of choice wasn't technical measures -- Facebook didn't (or couldn't) use API changes or firewall rules alone to keep Power Ventures off the service -- it was mainly lawsuits. Perhaps that's because Facebook wanted to set an example for later challengers by winning a definitive legal battle, but it's very telling that the company that operated the network didn't (or couldn't!) just kick its rival out, and instead went through a lengthy, expensive and risky legal battle when simple IP blocking didn't work.Facebook has a lot of talented engineers, but it doesn't have all of them.Being a defender is hardFacebook's problem with would-be future challengers is a familiar one: in security, it is easier to attack than to defend. For Facebook to keep a potential competitor off its network, it has to make no mistakes. In order for a third party to bypass Facebook's defenses in order to interoperate with Facebook without permission, it has only to find and exploit a single mistake.Facebook labors under other constraints: like the Bell system fending off Hush-a-Phone, the things that Facebook does to make life hard for competitors who are helping its users get more out of its service, are also making life harder for all its users. For example, any tripwire that blocks logins by suspected bots will also block users whose behaviors appear bot-like: the more strict the bot-detector is, the more actual humans it will catch.Here again, Facebook's dizzying scale works against it: with billions of users, a one-in-a-million event is going to happen thousands of times every day, so Facebook has to accommodate a wide variety of use-cases, and some of those behaviors will be sufficiently weird to allow a rival's bot to slip through.Back to privacyFacebook users (and even non-Facebook users) who want more privacy have a variety of options, none of them very good. Users can tweak Facebook's famously hard-to-understand privacy dashboard to lock down their accounts and bet that Facebook will honor their settings (this has not always been a good bet).Everyone can use tracker-blockers, ad-blockers and script-blockers to prevent Facebook from tracking them when they're not on Facebook, by watching how they interact with pages that have Facebook "Like" buttons and other beacons that let Facebook monitor activity elsewhere on the Internet. We're rightfully proud of our own tracker blocker, Privacy Badger, but it doesn't stop Facebook from tracking you if you have a Facebook account and you're using Facebook's service.Facebook users can also watch what they say on Facebook, hoping that they won't slip up and put something compromising on the service that will come back to haunt them (though this isn't always easy to predict).But even if people do all this, they're still exposing themselves to Facebook's scrutiny when they use Facebook, which monitors how they use the service, every click and mouse-movement. What's more, anyone using a Facebook mobile app might be exposing themselves to incredibly intrusive data-gathering, including some surprisingly creepy and underhanded tactics.If users could use a third-party service to exchange private messages with friends, or to participate in a group they're a member of, they can avoid much (but not all) of this surveillance.Such a tool would allow someone to use Facebook while minimizing how they are used by Facebook. For people who want to leave Facebook but whose friends, colleagues or fellow travelers are not ready to join them, a service like this could let Facebook vegans get out of the Facebook pool while still leaving a toe in its waters.What's more, it lets their friends follow them, by creating alternatives to Facebook where the people they want to talk to are still reachable. One user at a time, Facebook's rivals could siphon off whole communities. As Facebook's market power dwindled, so would the pressure that web publishers feel to embed Facebook trackers on their sites, so that non-Facebook users would not be as likely to be tracked as they use the Web.Third-party tools could automate the process of encrypting conversations, allowing users to communicate in private without having to trust Facebook's promises about its security.Finally, such a system would put real competitive pressure on Facebook. Today, Facebook's scandals do not trigger mass departures from the service, and when users do leave, they tend to end up on Instagram, which is also owned by Facebook.But if there was a constellation of third-party services that were constantly carving escape hatches in Facebook's walled garden, Facebook would have to contend with the very real possibility that a scandal could result in the permanent departure of its users. Just the possibility would change the way that Facebook made decisions: product designers and other internal personnel who argued for treating users with respect on ethical grounds would be able to add an instrumental benefit to being "good guys": failing to do so could trigger yet another exodus from the platform.Lower and upper boundsIt's clear that online services need rules about privacy and interoperability setting out how they should treat their users, including those users who want to use a competing service.The danger is that these rules will become the ceiling on competition and privacy, rather than the floor. For users who have privacy needs -- and other needs -- beyond those the big platforms are willing to fulfill, it's important that we keep the door open to competitors (for-profit, nonprofit, hobbyist and individuals) who are willing to fill those needs.None of this means that we should have an online free-for-all. A rival of Facebook that bypassed its safeguards to raid user data should still get in trouble (just as Facebook should get in trouble for privacy violations, inadequate security, or other bad activity). Shouldering your way into Facebook in order to break the law is, and should remain, illegal, and the power of the courts and even law enforcement should remain a check on those activities.But helping Facebook's own users, or the users of any big service, to configure their experience to make their lives better should be legal and encouraged even (and especially) if it provides a path for users to either diversify their social media experience or move away entirely from the big, concentrated services. Either way, we'd be on our way to a more pluralistic, decentralized, diverse Internet.
With demonstrations against police brutality occurring all over the nation, cops dealing with protests are saying dumb things about encryption.The NYPD invited CBS New York to come behold the power of its citywide surveillance system. The network is suitably impressive.
The Epic Python Developer Certification Bundle has 12 courses aimed at anyone having little or no experience in coding and a great desire to start learning Python from scratch. This hands-on training takes you from "Hello World!" to advanced Python topics in just a few hours. You will then put your knowledge into practice by answering quizzes, exercises, and doing the actual coding. It's on sale for $40.Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.
It appears that Senators Marco Rubio, Josh Hawley, Kelly Loeffler, and Kevin Cramer don't mind looking like total fools who don't understand some fairly basic concepts about the law, so long as they can perform for their ignorant base. The latest is that they have sent a letter to the FCC, picking up on President Trump's silly executive order and asking FCC chair Ajit Pai to reinterpret Section 230 at direct odds with the plain language of the law and the way that every single court to this day has interpreted it.The thing is, these Senators know what a silly project this is, but because the Emperor demands fealty, and they know that their own base now depends on bowing down to insanity, they're playing it up. Everything about this letter is silly. But because some people might take it seriously, let's go through why it's silly.
Major ISP Cox Communications has begun throttling the connections of entire neighborhoods for what the ISP deems "excessive usage." More specifically, the ISP has begun severely throttling the upstream connections of internet users who consume too much bandwidth for the ISP's liking, even if those users have paid the company extra for faster, unrestricted service.Despite ISPs making it repeatedly clear that their networks are handling COVID-19 related strain very well, complaints about the new restrictions have been popping up at Reddit over the last month. While Cox confirmed to Ars Technica that it had started throttling the upstream speeds of entire neighborhoods, it wasn't willing to clarify how many neighborhoods are impacted and just how much data is deemed "excessive" by the cable giant:
I thought there was still a Drug War being fought in this county. I guess it's not as important as billions of annual budget dollars would indicate it is. When the going has gotten mildly tougher for US law enforcement agencies, the DEA is there to help out by placing people engaged in First Amendment activities under surveillance.The demonstrations over George Floyd's death at the hands of Minneapolis police officers have provoked all sorts of responses from government entities. The DEA's is one of the worst. As usual, it's FOIA terrorist Jason Leopold who's managed to obtain a document the DEA probably didn't want shared publicly.
Two years ago we wrote a post about famed burger-slinger In-N-Out's bullshit strategy for keeping its trademarks in Australia active and valid. That strategy amounts to the chain doing a popup restaurant briefly once every five years, essentially the minimum to keep a trademark active through use in the country. This has been going on for some time, which makes it fairly clear that In-N-Out has no real plans to have a permanent presence in Australia. And, yet, it goes about keeping its trademarks active.Why? Well, at least in part, apparently, so that it can bully other companies that might brand themselves in a similar fashion. From our earlier post, In-N-Out went after an Australian burger chain calling itself Down 'N Out, which used marketing that was clearly an homage to the California chain. That kind of homage would certainly land a company in trademark hot water in a competing market... except In-N-Out is only in the Australian market in the most transient sense possible. Despite that, an Australian court recently ruled that Down 'N Out wasn't complying with its trademark ruling in favor of In-N-Out and, even though the former plans to appeal the ruling, it must now turn over all physical signage for Down 'N Out to In-N-Out and destroy all digital material for that brand as well.
Thanks to a laundry list of lazy companies, everything from your Barbie doll to your tea kettle are now hackable. Worse, these devices are now being quickly incorporated into some of the largest botnets ever built, resulting in devastating and historic DDoS attacks. In short: thanks to "internet of things" companies that prioritized profits over consumer privacy and the safety of the internet, we're now facing a security and privacy dumpster fire that many experts believe will, sooner or later, result in even bigger security and privacy headaches than we're seeing today.One problem is that consumers often don't know what they're buying, which is why groups like Consumer Reports have been working on an open source standard to include security and privacy issues in product reviews. Another big problem is that these devices are rarely designed with GUIs that provide transparent insight into what these devices are doing online. And unless users have a semi-sophisticated familiarity with monitoring their internet traffic via a router, they likely have no idea that their shiny new internet-connected doo-dad is putting themselves, and others, at risk.This lack of transparent data for the end user also extends to company privacy policies and company privacy practices, which are often muddy and buried beneath layers of fine print, assuming they're even truthful in the first place.Enter the CyLab Security and Privacy Institute at Carnegie Mellon, where researchers say they're hoping to create a standardized "nutrition label" of sorts for IOT devices. Researchers say the labels will provide 47 different pieces of information about a device’s security and privacy practices, including the type of user and activity data the device collects, with whom the data is shared, how long the device retains data, and how frequently this data is shared. The goal is to take something incredibly confusing to the average user and simplify it in a way that's more easily understandable.To do so, the researchers say they consulted with 22 security and privacy experts across industry, government, and academia to design the easy to understand labels:They've also built a label generator for those interested. Ideally, by including more accurate labels and privacy and security issues in reviews, you could ideally shame at least some companies into trying a little harder, and help consumers and businesses alike avoid platforms and companies that pretty clearly couldn't care less about end user privacy and security. A more detailed breakdown of a device's habits would be available for experts or researchers looking to know more about a particular device or its habits:
Thanks to a laundry list of lazy companies, everything from your Barbie doll to your tea kettle are now hackable. Worse, these devices are now being quickly incorporated into some of the largest botnets ever built, resulting in devastating and historic DDoS attacks. In short: thanks to "internet of things" companies that prioritized profits over consumer privacy and the safety of the internet, we're now facing a security and privacy dumpster fire that many experts believe will, sooner or later, result in even bigger security and privacy headaches than we're seeing today.One problem is that consumers often don't know what they're buying, which is why groups like Consumer Reports have been working on an open source standard to include security and privacy issues in product reviews. Another big problem is that these devices are rarely designed with GUIs that provide transparent insight into what these devices are doing online. And unless users have a semi-sophisticated familiarity with monitoring their internet traffic via a router, they likely have no idea that their shiny new internet-connected doo-dad is putting themselves, and others, at risk.This lack of transparent data for the end user also extends to company privacy policies and company privacy practices, which are often muddy and buried beneath layers of fine print, assuming they're even truthful in the first place.Enter the CyLab Security and Privacy Institute at Carnegie Mellon, where researchers say they're hoping to create a standardized "nutrition label" of sorts for IOT devices. Researchers say the labels will provide 47 different pieces of information about a device’s security and privacy practices, including the type of user and activity data the device collects, with whom the data is shared, how long the device retains data, and how frequently this data is shared. The goal is to take something incredibly confusing to the average user and simplify it in a way that's more easily understandable.To do so, the researchers say they consulted with 22 security and privacy experts across industry, government, and academia to design the easy to understand labels:They've also built a label generator for those interested. Ideally, by including more accurate labels and privacy and security issues in reviews, you could ideally shame at least some companies into trying a little harder, and help consumers and businesses alike avoid platforms and companies that pretty clearly couldn't care less about end user privacy and security. A more detailed breakdown of a device's habits would be available for experts or researchers looking to know more about a particular device or its habits:
COVID-19 has thrust old questions about privacy into the spotlight, often with new and different framing, and has raised the big question of whether our conception of privacy needs to change entirely in the midst of a pandemic. On this week's episode, we're joined by reporter, analyst and investor Esther Dyson to discuss the challenging ethical quandaries raised by the pandemic.Also, as a bonus, Dyson (who is a former founding chair of ICANN) takes a moment at the beginning to respond to our recent episode with Mike Godwin.Follow the Techdirt Podcast on Soundcloud, subscribe via iTunes or Google Play, or grab the RSS feed. You can also keep up with all the latest episodes right here on Techdirt.
Georgia Governor Brian Kemp is very involved with the electorate. Well, perhaps not that involved with the residents of the state, but he does seem to keep a very close -- and very partisan -- eye on election security. Election security is important, especially as more states move to electronic ballots, but Kemp has spent most of the last four years using election security as a political football to score points with.When President Obama was still leading the nation, Kemp (while still Georgia's Secretary of State) claimed the DHS had breached his office's firewall during its security testing -- something he had directly asked it not to do. Kemp claimed his state had already implemented the DHS's recommendations and had asked to be left out of this nationwide testing. The DHS apparently ignored that, resulting in Kemp making lots of noise about an overreaching federal agency.Kemp's tune changed once Trump was elected. While running for the job of governor against Democrat Stacey Abrams, Kemp -- a Republican -- generated a lot of bad press for himself by allegedly engaging in voter suppression efforts. He capped this off with a bad judgment two-fer.First, he insisted the Democratic Party was trying to hack the voter registration system. The only evidence Kemp had for this is that a hacking attempt had been made. He responded to this by opening an investigation into the Democratic Party based on apparently nothing more than his animosity towards it. This was capped off a few days later when Kemp released a ton of absentee voting info, including names, addresses, and the reason they voted absentee.Two years later, ProPublica -- using documents obtained from the Georgia Bureau of Investigation (GBI) -- has published the investigation's findings. No surprise, GBI's conclusions don't agree with Kemp's baseless and partisan assertions.
I have written at least two (admittedly) incendiary posts for this site responding to the response (and -- one level further -- commenters' responses) to the killing of George Floyd by Minneapolis police officer Derek Chauvin. Chauvin has been arrested and is now facing a shifting set of charges -- some of which are unlikely to be sustained. Minneapolis is still burning. And it will probably burn again once the justice system is done with what's left of Chauvin and his criminal charges.In these posts, I openly advocated for the targeted destruction of government property. I do not apologize for that. If the problem is law enforcement, it should be law enforcement's stuff that burns. Say what you will for peace and reason, but we're dealing with unreasonable forces that consider themselves soldiers in a warzone, rather than public servants in troubled areas where a little kindness on their part would go a long way.Peaceful protests can effect change. I'm not arguing that they can't. But decades of peaceful protests -- interrupted occasionally by violent civil uprisings -- haven't changed much in this nation. And that's just the last 50 years of this on/off cycle. The anger presenting itself now dates back more than 300 years to slavery. And the 300 years following that haven't been much better. Nearly 100 years after slaves were freed, governments in America -- along with the populace supporting them -- treated blacks as subhumans only worthy of very limited rights and privileges.But let's go with the argument that peaceful protests will bring peaceful resolutions. Here's how that's playing out around the nation.
The Limited Edition Mac Bundle includes 11 award winning app for productivity, photography, privacy, and more. It features Parrallels Desktop, which lets you run thousands of Windows apps like Microsoft Office, Internet Explorer, Access, and even graphic-intensive games and CAD programs without compromising on performance or rebooting. Other app include PDF Expert, iMazing, Disk Drill Pro, Windscribe VPN, NetSpot Pro, and more. It's on sale for $60.Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.
On Friday we wrote about the uproar regarding the terrible op-ed piece by Senator Tom Cotton in the New York Times, calling for the use of the US military against protesters in the US. There was widespread anger against the decision to run the op-ed, and then a backlash from some who argued that this showed the people complaining about it were somehow "unwilling to listen" to viewpoints they disagreed with. In my piece, I argued that if the NY Times didn't publish my op-ed on why the Opinions Editor James Bennet was an incompetent dweeb, then clearly, they hated free speech and were unwilling to confront difficult ideas.Over the weekend, the news came down that Bennet had resigned, leading to a new round of hand-wringing from people who want to appear to be among the Serious Thinkers™, fretting that American newsrooms were "becoming college campuses" full of "safe spaces" and "political correctness."Again, this is just silly. I'm probably more extreme than most in arguing for free speech and the importance of listening to viewpoints and ideas that people disagree with. And while there have been incidents on college campuses where students have pushed back on hearing uncomfortable ideas, there's a big difference between an unwillingness to listen to "uncomfortable" ideas and an unwillingness to support disingenuous ideas that are simply designed to rile people up.Again, as we discussed last week, while some people were freaking out about so-called "censorship," the issue was actually about editorial discretion -- which is something wholly different. When you consider every act of editorial discretion to be the same as censorship, then the real problem is on your end. You can disagree with the decision (in either direction) and speak out about it (because there are many ways to speak out these days). But a single platform choosing to publish a terrible, disingenuous op-ed whose entire point appeared to be to piss people off, and then the person in charge resigning following the controversy, has nothing at all to do with censorship or safe spaces or avoiding difficult conversations.The issue, again, is whether or not the editorial discretion is well applied. And the evidence -- which goes way beyond that one op-ed -- says that it was not. Indeed, an honest look at Cotton's piece showed that it was incredibly dishonest and deceptive in describing a "problem" that did not really appear to exist, and a solution that would have made actual problems much, much worse. That's why people said it was dangerous to publish -- not because they were afraid to discuss and debate ideas, or because of political correctness.It comes down to this simple point: there are certain elements in society now who are simply trolling. And Tom Cotton is a giant troll. Whether he intends to be or not, he has all of the characteristics of an internet troll. He's posting dishonest claptrap, designed to enrage. He's cherry picking his facts and ignoring any countervailing evidence. He frames his nonsense with claims about wanting to be a part of the debate, but as anyone who has ever dealt with internet trolls knows, that's all part of the game to keep people engaged.The general rule of thumb on the internet is "don't feed the trolls." I don't always agree with that wisdom, as there is sometimes value in a one-off response to trollish behavior to highlight for others why the troll's disingenuous claims are bullshit. But, there's an issue beyond just not "feeding" the trolls: you never need to elevate them and act as if they are in the debate for honest and reasonable reasons. That's where the NY Times Opinion section has failed miserably over the past few years. In its attempt to "both sides" every damn issue, it has ignored constructive debate in favor of elevating trolls who are simply playing the Times and (until now) Bennet, using the fact that the Times wants to appear to host "multiple viewpoints" to their advantage.You can feed the trolls in the comment section if you want, but the NY Times shouldn't be elevating them. That's not because they're college campuses, too politically correct, or afraid of difficult ideas. It's because if you want serious debate you figure out who the trolls are and leave them in the comment section. There are serious, non-trollish people with opposing viewpoints. Editorial discretion is finding them. Bennet didn't. And now he's out of a job.
Another day, another electronic voting system that's simply not up to the task.Over the weekend, researchers at MIT and the University of Michigan released a paper (pdf) showcasing how OmniBallot, an electronic voting system made by Seattle-based Democracy Live, is vulnerable to hack attacks and vote manipulation. OmniBallot is currently being used used in Colorado, Delaware, Florida, Ohio, Oregon, Washington, and West Virginia. Courtesy of the pandemic, these and several additional states are considering their expanded use of the platform. But the study makes it abundantly clear that may not be a particularly good idea:
Civic leaders are finally at least talking tough about reforming the police departments they've barely overseen for years. Protests -- some of them violent -- have erupted all over the nation, ensuring very few law enforcement agencies can consider themselves above the fray… or above reproach.We'll see how much of this talk remains tough (or turns into action) once the heat dies down a bit, but for now, it's good to see political leaders stepping up to call out their law enforcement agencies as part of the problem.Chicago has one of the nation's worst police forces -- one that has taken full advantage of the historically-corrupt political system in that city. Add to that another problematic entity that's found almost everywhere -- police unions -- and you have a bunch of officers who fear no reprisal, no matter what behavior they engage in.The internal investigation process for cops accused of criminal acts and misconduct is a black hole where complaints go in but almost nothing comes out, even years after the investigations have closed. This lack of accountability is enforced by the city's contract with police unions, who have fought every minimal reform effort with gusto.Chicago Mayor Lori Lightfoot knows this. She headed the Chicago Police Board, another oversight effort made mostly toothless by union interference and the police department's lack of interest in allowing anyone to police it.So, her comment to NPR doesn't exactly tell anyone what they're not already aware of. But it does show Mayor Lightfoot is willing to directly address the root cause of multiple accountability issues.
We can disagree (vehemently and at length) about the most effective means of societal change. But we've seen a blend of tactics that no one unanimously agrees are helpful or harmful, but are still pushing legislators and other government officials towards meaningful change.Maybe we'll never fully understand what motivates society as a whole. (And yet we live in one.) Let's celebrate the steps forward -- especially one that have occurred despite certain government officials (including our President) declaring almost any anti-government action to be stupid, criminal, and useless.No one asked for cops in schools. At least, very few students did. Maybe some parents did. To be sure, a whole lot of school administrators did because it meant they could offload every disciplinary problem -- no matter how small -- to cops trained to handle serious criminal acts rather than underage acts of defiance. It made things easier for administrators who used this void they'd created in their own responsibility to enact a number of "zero tolerance" policies that relieved them of the pressure of using common sense and restraint when dealing with troublesome students. The end result was objectively awful.Now, with law enforcement agencies having proven themselves objectively awful by badly reacting to a cop-created problem, Minnesota schools are deciding to kick cops to the curb.
If I had to come up with a more 2020 headline than the above, I'm not sure I could. Still, this is also in the Techdirt wheelhouse as far as topics are concerned. For background, I think it's fair to say that the Trump Campaign, and Donald Trump as well, have both built a reputation for themselves as being particularly litigious when it comes to all things IP, defamation, etc. etc. amen. Whatever your politics, it simply can't be denied that on First Amendment grounds, our current president and his organizations have an abysmal reputation on matters of free speech, so long as that speech could potentially pierce the notoriously thin skin of Donald Trump.This continues to today, of course. You can see it when there are executive orders issued just because social media companies point the public to facts about the President's claim. You can also see it more recently in the Trump campaign issuing a takedown with Redbubble for a parody cartoon over the trademark on MAGA hats.
We've posted a bunch of times when John Oliver has said pretty much exactly what we've been saying here at Techdirt, but he always does it much better, more pointedly, and (much, much) funnier than we do. The latest is no exception. It was all about the systemic racism that has created, enabled and encouraged so much police brutality, especially against black communities. Just watch it:It goes over a ton of things that we've written about in the past, and some stuff we haven't. It talks about the history of policing -- much of which was literally designed as a racist tool to keep black communities down. It covers the ridiculous "drug wars" from the 1970s and 1980s, that we now know were designed explicitly as a tool to target black Americans by Richard Nixon. It mentions the debunked concept of "broken windows policing," that (again) was used specifically to target black Americans by police. Oh, and also the unconstitutional stop and frisk policies used by the NYPD and elsewhere which (stop me if you've heard this one before...) were used by police to target black Americans.It goes on to talk about how politicians across the political spectrum focused on putting more and more money into police departments, while cutting and slashing all other social services, leaving the police to deal with the fallout. So, when we don't have services for the mentally ill... it falls to the police (who too often step in and shoot the mentally ill rather than help them). We've turned drug addiction from a medical problem (for which many people cannot get medical help) into a criminal problem (again inserting the police).Then he discusses the insane police militarization that we've been highlighting here for the better part of a decade. The whole setup of a militarized police has never made sense, in part because it literally sets up two things you don't want if you want reasonable policing: (1) the attitude that your town or city is "at war," and (2) the view that the public is "the enemy." Both of these are the exact opposite of what effective policing would be. From there, it covers how police training reinforces these concepts, and has literally nothing to do with protecting the public, but often more to do with making the police feel good about themselves.There's also a good discussion of just how evil police unions are, and how they seem to focus on protecting the ability of cops to violate everyone's rights with impunity. And that, of course, brings us right to one of the biggest travesties around: the concept of qualified immunity, which is about as close to a literal "get out of jail free" card as there is from almost all police misbehavior. Oliver then goes on to talk about how the federal government could step in, but (especially under this administration) usually chooses to look the other way.All of this brings Oliver around to the discussion that gained prominence last week about "defunding the police." On social media, I've seen a bunch of people push back on this idea as somehow a bridge too far, but they're wrong, and Oliver makes the point quite clearly why. The issue is not a "few bad cops." It's not that police need better training. The problem is that the entire system is built to reinforce its own problems. Put more simply: the problem right now is not that the system needs reform, it's that it's working as intended. The entire concept of policing in America is broken. And you don't fix that with reform. You need radical change from top to bottom.And that's what the "defund the police" movement is about. It's about a total rethink of what "policing" means. And, that can include wiping out entire police departments and starting from scratch with a new approach. Oliver mentions Camden, New Jersey, which did exactly that. In 2013 it shut down its police department and started again from scratch. And the results are pretty stunning (though, even there, there are arguments that they could have gone much further and been even more successful).As Oliver highlights for people who really need to hear it: defunding the police doesn't mean ending any kind of law enforcement. It means completely rethinking the entire structure of terrible policing we've built up over decades (while simultaneously wiping away the other various safety nets and infrastructure that support people in need putting more of that work onto police shoulders, who are ill-equipped, at best, to handle it).So, please, if you think "defunding" the police, or some of our posts from the last few weeks are going "too far," please watch Oliver. Or watch some of the many other smart people who have been speaking out about this for years.The problem is not a few bad cops. The problem is the system itself. The system is working as intended, and that is the problem.
It may be the tech giants that dominate the headlines when it comes to privacy, but it's startups that stand the most to lose in the ongoing debate about consumer privacy.With every major misstep from the industry's biggest companies, consumers lose trust in the Internet ecosystem. It's the new startups that don't have long standing reputations and relationships with users that consumers that abandon first. At the same time, startups don't have the seemingly endless resources of their big tech counterparts to navigate the resulting legal and regulatory landscape if privacy laws are written with only the biggest tech companies in mind.We've already seen this happen in Europe and California. Without necessarily meaning to, those sets of privacy rules create obligations and requirements that larger companies can navigate while small companies simply cannot. One of the biggest reasons behind this disparate impact is the fact that startups almost always have to rely on a wide network of vendors to do everyday business activities, from data processing, to analytics, to cybersecurity management. Whereas the largest companies can often build these capabilities in house, startups and medium-sized companies need these third parties to keep their companies running.In Europe, two years after its General Data Protection Regulation (GDPR) went into effect, startups have had to either leave or forgo European markets or shoulder the high cost of ensuring compliance. According to Google, the company spent "hundreds of years of human time" on GDPR compliance, something a startup with a small staff and bootstrap budget can hardly afford. And the burden of GDPR compliance can fall disproportionately on smaller companies. The law distinguishes between "processors" and "controllers" and carries different responsibilities and obligations around consumer data first-party controllers and third-party processors. To comply with GDPR, companies that rely on third-party service providers, or processors, have to negotiate their contracts with those providers and put in place data protection agreements that ensure compliance as user data travels from the controller to the processor. For a small startup relying on dozens of third-party service providers for everyday business needs, that renegotiation process is incredibly costly and time consuming.And in California, the California Consumer Protection Act—which went into effect in January and will be enforced next month, even though the state's Attorney General recently submitted final rules, which might not be finalized before the July 1 enforcement deadline—is expected to cost businesses $55 billion in total, with small businesses spending up to $50,000 each on compliance. As the cost estimate report commissioned by the California's Department of Justice notes, "Small firms are likely to face a disproportionately higher share of compliance costs relative to larger enterprises." The report cites apparently "overstated" concerns about the impact of GDPR on large companies "while many smaller firms have struggled to meet compliance costs."One of the biggest open questions about complexity in CCPA compliance, and therefore increased compliance costs, is the law's overly broad definition of "sale," which some are worried could include benign and necessary data sharing. The law defines a sale as "selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information by the business to another business or a third party for monetary or other valuable consideration." Coupled with limitations on service providers and how they can use consumer data, the broad definition of "sale" in the law could make it more complicated for a startup to work with its many third-party vendors.These complexities get even worse for startups when the rules vary across state lines. Thanks to the Internet, a startup in one state can launch and grow in all fifty states and even abroad without having a large reserve of legal resources. That could leave, for instance, a two person startup in North Dakota on the hook for complying with different privacy laws in every state where they have users.Ideally, the varying state laws would be similar enough or build upon each other such that complying with the most stringent law for all users also satisfies a company's obligations in each state where it has users. Unfortunately, this is not the case, and even slight differences in state privacy laws can lead to huge compliance costs, which will fall disproportionately on startups. For instance, some privacy rules considered by state governments cabin the standard consumer rights to access, correct, and delete data to data held by a company that is easily identified. On the other hand, some proposed laws would allow consumers to request to access, correct, and delete any data a company has on them, sparking concerns that companies that follow good data hygiene practices by stripping users' data of identifying information will be forced to re-identify users' data to comply with their requests.And even if a small startup were able to comply with the varying state laws as they're passed, the goal of privacy compliance has moving goalposts. The number of states considering enacting privacy laws is constantly growing, and even California—a state that already has a comprehensive consumer privacy law on the books—is just now figuring out what exactly compliance with the CCPA looks like less than a month before the state starts enforcement and as voters consider adding a second privacy law in the state later this year.With a lack of federal action, it makes sense that state governments and the concerned consumers they represent want to see meaningful privacy protections, but the resulting landscape will be one that small and medium sized companies have trouble navigating. Instead, Congress should pass a federal privacy law that builds off of the goals of the efforts already in place and harmonizes obligations for companies.One set of strong, sensible, and straightforward privacy protections can protect consumers and promote competition instead of rushed, uninformed rules that will hamper competition without providing consumers with meaningful protections.Kate Tummarello is the Policy Director at Engine, an advocacy organization representing the startup community
A whole lot of attention -- and thousands of cellphone cameras -- are focused on law enforcement officers. Nationwide protests sparked by the killing of George Floyd by Minneapolis PD officer Derek Chauvin have aimed a lot of unblinking eyes at officers around the country.Unfortunately for the protesters -- and Americans in general -- a great number of officers have chosen to behave badly. Journalists have been targeted, teargassed, and arrested. Peaceful protests are being greeted with violence from police officers, who seem unable to comprehend just how quickly and thoroughly they're making the protesters' points for them.Via Adam Steinbaugh comes yet another protest-related act of violence and stupidity by a law enforcement officer. This one, however, sits at the top of his county's food chain. And he's apparently unaware of the First Amendment, Supreme Court precedent, or how to properly respond to nothing more than a (self-censored no less!) profanity.Actual video exists of this confrontation, which has led to stupider and stupider things in the days following this sheriff's initial reaction:
The concepts of Big Data and Machine Learning can be a little bit intimidating for beginners, and specifically for people without a substantial background in complex math and programming. The Complete 2020 Big Data and Machine Learning Bundle training is a soft starting point to walk you through the fundamental theoretical concepts. You'll become familiar with the basic definition of concepts and then gradually move on to more advanced applications. Courses cover Elasticsearch, Kears, Scala, Apache Spark, Hadoop, and more. It's on sale for $39.90Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.
As we noted, last Tuesday, in the midst of a pandemic and nationwide protests about police brutality, the Senate Judiciary Committee's IP Subcommittee (well, three members of it, at least, one of whom seemed to think that Section 512 of the DMCA was actually Section 230 of the CDA) decided it was a priority to host a hearing on copyright law. Specifically, the hearing was in response to the Copyright Office's bizarre, ahistorical take on Section 512 of the DMCA that ignores the public as a stakeholder. It seemed particularly bizarre to have as the first speaker on the panel, Don Henley, who is one of the most successful recording artists of all time -- his albums are literally the 1st and 3rd best selling albums of all time -- with a history of being wrong about the internet.Henley seemed to recognize that it was a bad look for a super successful, aging rocker to be the voice of musicians on the panel (good for him) and insisted that he was really there to speak up for less well known musicians who didn't have his reach.
For the last few years, broadband customers have complained that Frontier Communications, the nation's third-biggest telco, has been charging its customers a $10 per month rental fee for modems they already purchased and own. Normally, you're supposed to be able to buy your own modem instead of paying your ISP a rental fee upwards of $10 per month. To nab some extra dough from captive customers, Frontier basically decided to charge its customers a rental fee anyway, giving them a polite, though giant, middle finger when they complained.And because the Trump FCC is a glorified rubber stamp for the industry's biggest players, consumers who complained to the agency received little more than a glassy eyed stare.Fast forward to last January when the problem was fixed, shockingly enough, by the US Congress. A massive US government spending bill approved by Congress and signed by President Trump (who I'd all but guarantee didn't understand the scope of what he was signing) not only included some updates to the Communications Act cracking down slightly on bullshit cable TV fees, but also included a little noticed provision that formally bans the nonsense Frontier has been engaged in.Here's the wrinkle. While that law was supposed to take effect this month, a clause included in the measure gave the FCC the right to delay the restriction by six months. So that's precisely what the FCC did. And the FCC justified the move by claiming that the pandemic simply made it too onerous for a big ISP to stop ripping people off:
This week, Stephen T. Stone took both of the top spots for insightful with responses to Tim Cushing's first post reacting to the protests in Minneapolis and across the country. In first place, it's his opening take on the subject:
Five Years AgoThis week in 2015, one court was apparently forgetting the First Amendment exists while ordering a newspaper to delete an article, while the Supreme Court was punting on an important 1A question. The USA Freedom Act was marching forward with Mitch McConnell trying to destroy it with amendments with all failed. The House passed an amendment on another bill, in order to block funding for undermining encryption, while on top FBI official was claiming that preventing encryption should be the first priority of tech companies.Ten Years AgoThis week in 2010, a Michigan politician was trying to regulate journalists and choose which ones are trustworthy, while the FTC was trying to "save journalism" but only in the form of old newspapers, and a Senator in France was trying to outlaw anonymous blogging. Copyright trolls were teaming up and getting cooperation from Verizon.Meanwhile, while on court was giving border patrol permission to take people's laptops, we took a look at how cops and courts abuse wiretapping laws to arrest people for filming the police.Fifteen Years AgoThis week in 2005, we learned about the startling lengths copyright defenders would go to, such as the recording industry operating private round-the-clock surveillance of the owner of Kazaa and the MPAA pitching in to help fund surveillance cameras in downtown Los Angeles. We were also seeing some early battles and tactics around manipulating Google's memory of the past, and the emergence of citizen journalism happening in the comments sections of newspaper websites.
Of all the mediums where intellectual property makes the least amount of sense, actual food and drink must certainly be among the most absurd. Not the trade dress of food packaging, mind you. I'm talking about the actual food and drink products themselves, be they craft beer or a plate of food. And, yet, you see this sort of thing crop up from time to time. A pizzeria somehow thinks it can trademark the taste of its pizza. Or, more apropos for today's post, a German court that says taking pictures of plated food could violate the copyright of the chef.Plating food is now coming up again, with a post on the blog of the California Law Review site suggesting that plated food, if artistic enough, does in fact deserve copyright protection. While the entire post is detailed and thorough, the real question of whether plated food merits copyright protection has less to do with the creative aspect of plating -- of which there are some true creative aspects -- than with the question of fixability. To warrant copyright, a work must be both original in its creativity and created in a fixed medium. There are a couple of key historic cases that address what it means for a work to be in a fixed medium, helpfully laid out in this John Marshall Law School article.
In this time of coronavirus and social unrest, you'd think the government -- at all levels -- would engage in a little more care not to make either problem worse. Of course they haven't. Cops are arresting journalists and tear-gassing peaceful protesters as the President himself calls for domestic military action targeting US citizens. Dystopian fiction writers have been put on notice: the usual shit just isn't going to sell anymore. The ideas you thought wouldn't sustain suspension of disbelief are swiftly becoming reality.Stepping into the breach for reasons it will probably never be able to fully explain is the federal government, using nationwide protests as a reason to suspend as many rights as possible until everyone agrees the government is not an oppressive force -- even when personified as a white cop strangling a black man to death by putting his knee on his neck.Good luck with that. The government needs all the goodwill it can collect. It has apparently failed to realize the importance of harvesting goodwill in difficult times. And when the lawsuit inevitably gets filed, it will have to explain why it chose to do this massively stupid thing. Ryan Reilly reports for the Huffington Post about an apparent First/Fourth Amendment double-punch.
Here's an interesting tidbit: the latest move by Twitter to deal with a tweet related to President Trump is that it pulled down a Trump campaign video that was presented as a "tribute" to George Floyd, the Minneapolis man murdered by police last week, and whose senseless death has brought so many thousands to the streets across the US. The video remains on YouTube for the moment. It includes a lot of still photos and a few short video clips. It appears that the copyright holder on one (or perhaps more) of those images and clips likely didn't like it to be included for use by a President for a propaganda video they disagreed with, and filed the DMCA claim.I think there's a very strong fair use argument here for a whole variety of reasons (and, yes, I fully understand the moral claims that whoever took this photo may feel about it being used in this way, but copyright is not supposed to be used in that way).But seeing as this comes so soon after Trump's complete and total meltdown over Twitter and Section 230 after it added some additional context to one of his tweets -- leading him to state publicly that Section 230 should be revoked -- I do wonder if this move, in which a video was actually taken down (unlike with his tweets), will have him similarly rage against copyright law? Will we see an executive order demanding an impossible reinterpretation of Section 512's notice-and-takedown provisions? Or does it not work like that?Of course, what this really demonstrates is why Trump and his fans should absolutely support Section 230, rather than pan it. Section 230, among other things, gives Twitter the freedom to decide how best to run its site, and to date, that's meant bending over backwards to keep the President's tweets online and available for people to view. However, Section 230 explicitly exempts intellectual property. For copyright, there's Section 512 of the DMCA, which is much, much weaker than CDA 230. With CDA 230, there's an immunity -- if there's 3rd party content, a site is not liable and also a site cannot be liable for its moderation choices. With DMCA 512, it's a "safe harbor." Where if you meet certain conditions, you can then be protected. But one element of that safe harbor, is that to retain it you have to take down the content upon receipt of a valid DMCA takedown notice.I've long argued that this aspect of the DMCA 512, in which the threat of significant liability from the state (i.e., the court system) raises serious 1st Amendment issues. That's because the law heavily favors silencing content with the threat of massive liability if you don't. And the system is heavily imbalanced as there's no effective punishment for false notices, meaning the system is weighted very, very heavily in favor of censorship.So here's a good point to compare how the two different "intermediary liability" regimes actually work. Under CDA 230, free speech is much more protected. Indeed, the very nature of it is that the courts under 230 cannot force sites to take down speech (they leave that choice up to the sites themselves). Under DMCA 512, however, the liability issue makes it very, very easy to issue bogus takedowns that lead to content being removed.It's interesting that this is all coming a week after Trump's bizarre tirade against 230, and the same week that the Senate argued that we should make the censoring power of the DMCA even more censorial.It seems a much better approach would be to leave 230 alone, but fix DMCA 512 by getting rid of the imbalanced nature in putting tremendous state pressure on websites to remove content based solely on an accusation of infringement.
Months into the global pandemic, governments, think tanks, and companies have begun releasing comprehensive plans to reopen the economy, while the world will have to wait a year or longer for the universal deployment of an effective vaccine.A big part of many of these plans are digital tools, apps, and public-health surveillance projects that could be used to contain the spread of COVID-19. But even if they’re effective, these tools must be subject to rigorous oversight and laws preventing their abuse. Corporate America is already contemplating mandatory worker testing and tracking. Digital COVID passports that could grant those with immunity or an all-clear from a COVID test the right to enter stores, malls, hotels, and other spaces may well be on the way.We must be ready to watch the watchers and guard against civil rights violations.Many governments and pundits are turning to tech companies that are promising digital contact tracing applications and services to augment the capacity of manual contact tracers, as they work to identify transmission chains and isolate people exposed to the virus. Yet civil society groups are already highlighting the serious privacy implications of such tools, underscoring the need for robust privacy protections.The potential for law enforcement and corporate actors alike to abuse these tracking systems is just too great to ignore. For their part, most democratic governments have largely recognized that the principle of voluntary adoption of this technology — rather than attempts at state coercion — is more likely to encourage use of these apps.But these applications are not useful unless significant percentages of cellphone users use them. An Oxford University study suggests that for a similar app to successfully suppress the epidemic in the United Kingdom, 80 percent of British cellphone users would have to use it, which equates to 56 percent of the overall UK population. If the numbers for a digital contact tracing program to succeed stateside were similar, that would mean activating more than 100 million users.The level of adoption will dictate just how well these technologies prevent the spread of the virus, but no matter how widespread such voluntary adoption may be, there is still potential for coercion, abuse, and targeting of specific users and communities without their consent. Some companies and universities are already planning to develop their own contact tracing systems and require their employees or students to participate. The consulting firm PricewaterhouseCoopers is advising companies on how to create these systems, and other smaller tech firms are designing Bluetooth beacons to facilitate the tracking of workers without smartphones.An unaccountable regime of COVID surveillance could represent a great near-term threat to civil rights and privacy. Already marginalized communities suffering most from this crisis are the most exposed to the capricious whims of corporate leaders eager to restart supply chains and keep the manufacturing and service sector operating.Essential workers are subject to serious health risks while doing their jobs during a pandemic, and employers mandating use of these technologies without public oversight creates another risk to worker rights. This paints a particularly tragic picture for the Black community which has been disproportionately affected by the pandemic in terms of sickness, death, and unemployment.Black and Latinx people are more likely to work as cashiers in grocery stores, in nursing homes, or in other service-industry jobs that make infection far more likely. Many such workers are already subject to pervasive and punitive workplace surveillance regimes. But now, there may be real public-health equities at play. When these workers go to work, they have to do so in close proximity to others. Employers must protect them and digital tracking tools may well be part of saving lives. But that balance ought to be struck by public-health officials and worker-safety authorities in consultation with affected employees.This system of private-health surveillance may not just affect workers. Grocery store, retail, and restaurant owners, eager to deploy this kind of technology to regain the confidence of shoppers, may well see the logic in incentivizing widespread public deployment as well.Those same stores could offer a financial incentive to customers who can prove they have a contact-tracing app installed on their phone, or they could integrate it into already existing customer loyalty apps. Coordinated efforts from businesses to mitigate losses due to sick workers or the threat of repeated government shutdowns could make incentivizing or demanding COVID-passports worth the investment to them. We may well find ourselves in a situation where a digitally checkpointed mall, Whole Foods, or Walmart feels like an oasis — the safest place in the world outside our homes.Unaccountable deployment of these systems threatens to create further divides between workers and consumers, the tracked and untracked, or perilous division between those who can afford repeated testing and those who can’t.So far, few officials have weighed these tradeoffs. As of yet, the only federal legal guidance on these questions has come from the Equal Employment Opportunity Commission, which has ruled that employers can legally institute mandatory temperature checks and other medical exams as conditions of continued employment.Lawmakers have to do more. They must provide protections for the unauthorized use of this information and not allow access to places of public accommodation - a core civil right - to be determined by a mere app. We must seriously consider what it would mean for a free society, should businesses find it makes financial sense to invest in their own health-surveillance systems or deny people access to corner markets or grocery stores if they aren’t carrying the right pass on their person.We do not have to be resigned to the deployment of a permanent state surveillance apparatus or the capriciousness of the private sector. If our post-9/11 experience is a guide, then we know that unaccountable surveillance infrastructure implemented during a crisis is wildly difficult to dismantle.We must not construct a recovery that casts a needless decades-long shadow over our society, entrenches the power of large corporations, and further exacerbates class and racial divides. Governments must proactively decide the permissible uses and limits of this technology and the data it collects, and they must demand that these surveillance systems, private or otherwise, be dismantled at the end of the crisis.Gaurav Laroia is the Senior Policy Counsel at consumer Group Free Press, working alongside the policy team on topics ranging from internet-freedom issues like Net Neutrality and media ownership to consumer privacy and government surveillance.
President Trump is fond of non-disclosure agreements. He's been this way for far longer than he's been president, but his insistence on foisting them on anyone who has worked for him has become problematic now that he's the ultimate public figure.Some of these NDAs have been broken inadvertently during the course of dubious lawsuits filed by former Trump associates against journalists. In other cases, the DOJ itself has gotten involved, trying to invoke possibly non-existent agreements with the government to block publications by former Trump staffers.Now, a former Trump campaign staffer is in court challenging the legality of the NDA she signed when managing phone banks for Trump before moving up to be his director of Hispanic engagement. She argues the NDAs serve no purpose but to block speech critical of her former employer. (Non-paywalled version here.)
The 2020 Adobe Graphic Design School has 3 courses to help you learn more about top Adobe apps and elements of graphic design. The first course covers Adobe Photoshop and all aspects of the design process from the importing of images right through to final production considerations for finished artwork. The second course covers Adobe Illustrator and will lead you through the design process, where you’ll learn a variety of ways to produce artwork and understand the issues involved with professional graphic design. The third course will help you discover how to harness the power of Adobe InDesign to develop different types of documents, from simple flyers to newsletters, and more. The bundle is on sale for $49.Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.
Buckle up, because this one is going to be quite the long road trip, and I hope you won't rush to the comments without joining me on the entire journey first. But if you want a sense of where we're heading, here's the route map: the New York Times published an insane warmongering Senator's push to turn our own soldiers on protesting Americans, people (including many Times journalists) complained, the Times tried to defend the decision, and then admitted "mistakes were made," and a bunch of very silly people who pretend to be "serious thinkers" whined nonsensically about free speech and the "unwillingness to listen to opposing ideas," all while refusing to listen to opposing ideas. And all of it's nonsense: because editorial discretion is not a free speech issue and calling out a terrible paean to fascism is not an unwillingness to listen to "opposing ideas."Off we go.If you've been paying attention to the world of media in the past few days, you've probably already seen some of the loud and raucous debate. On Wednesday, the Times made the incredibly bad decision to publish the truly awful op-ed from Arkansas Senator Tom Cotton, suggesting that President Trump should send the US military to invade US cities, because, while the vast majority of protests around the nation have been peaceful (other than all those disrupted by police violence), there have been a few cases of some people breaking windows, setting fires, and stealing goods. There seems to be little evidence that this is as widespread a problem as the President and his supporters make it out to be, but in an effort to control the narrative, they're claiming that there's widespread violence and attacks overshadowing protests.Cotton's op-ed is bad. Just to take one bit of it, this paragraph is utter hogwash:
Apple has never looked too kindly upon users actually repairing their own devices. The company's ham-fisted efforts to shut down, sue, or otherwise imperil third-party repair shops are legendary. As are the company's efforts to force recycling shops to shred Apple products (so they can't be refurbished and re-used). As is Apple's often comical attacks on essential right to repair legislation, which only sprung up after companies like Apple, Microsoft, Sony, John Deere, and others created a grass-roots "right to repair" counter movement via their attempts to monopolize repair.Since 2017 or so, Apple has been harassing the owner of an independent repair shop in Norway named Henrik Huseby. After Norway customs officials seized a shipment of 63 iPhone 6 and 6S refurbished, replacement screens on their way to Huseby's repair shop, Apple threatened to sue the store owner unless they agreed to stop using aftermarket screens and pay a hefty settlement. Huseby decided to fight the case, and despite being out-manned five Apple lawyers to one, managed to win in 2018. At least initially.Apple then took its complaint to Norway's Court of Appeals, claiming that the refurbished parts used by Huseby "unlawfully appropriated Apple's trademark." The appeals court ruled in Apple's favor, and this week, the Norway Supreme Court upheld that decision (pdf). Needless to say, the US and overseas right to repair movement isn't particularly impressed by the court sanctioned bullying of a small business owner:
A COP IN EVERY HOUSE: that's the American dream. Maybe they can't enter the home, what with the Fourth Amendment and all, but they can be invited to every online get-together thrown by apps that promise neighborhood unity while asking law enforcement to get in on the action.Ring, Amazon's doorbell/camera company, has made the relationship between neighborhood "sharing" and law enforcement explicit. It's right there in the term sheets. While Ring takes the PR reins to steer the official discourse, it's offering cops steeper discounts on Ring cameras they can hand out to citizens in exchange for pushing citizens to sign up for Neighbors, Ring's snitch app. Once attached to the app, Ring makes sharing of camera footage seamless and encourages homeowners to report suspicious people and activities. Unsurprisingly, many of the suspicious people reported are minorities.It's not just Ring and Neighbors, as Citylab has discovered. Nextdoor -- a hyperlocal Facebook clone (and hotbed of bigotry) -- is courting cops as forcibly silenced partners in its plans to increase its user base.
As Techdirt has reported, the open access movement seeks to obtain free access to research, particularly when it is funded by taxpayers' money. Naturally, traditional academic publishers enjoying profit margins of 30 to 40% are fighting to hold on to their control. Initially, they tried to stop open access gaining a foothold among researchers; now they have moved on to the more subtle strategy of adopting it and assimilating it -- rather as Microsoft has done with open source. Some advocates of open access are disappointed that open access has not led to any significant savings in the overall cost of publishing research. That, in its turn, has led many to urge the increased use of preprints as a way of saving money, liberating knowledge, and speeding up its dissemination. One reason for this is a realization that published versions in costly academic titles add almost nothing to the freely-available preprints they are based on.An excellent new survey of the field, "Preprints in the Spotlight", rightly notes that preprints have attained a new prominence recently thanks to COVID-19. The urgent global need for information about this novel disease has meant that traditional publishing timescales of months or more are simply too slow. Preprints allow important data and analysis to be released worldwide almost as soon as they are available. The result has been a flood of preprints dealing with coronavirus: two leading preprint servers, medRxiv and bioRxiv, have published over 4,500 preprints on COVID-19 at the time of writing.The publishing giant Elsevier was one of the first to notice the growing popularity of preprints. Back in 2016, Elsevier acquired the leading preprint server for the social sciences, SSRN. Today, Elsevier is no longer alone in seeing preprints as a key sector. A post on The Scholarly Kitchen blog describes how all the major publishers are active in preprints:
Even a cursory review of just the headlines on our posts about YouTube's ContentID will demonstrate a theme. That theme mostly centers around how the automagic copyright detection system that YouTube put in place is mostly useful for creating collateral damage on non-infringing material, often times at the expense of the rightsholders themselves. Whenever this happens, there are usually apologies issued, blame cast on ContentID for the mistake, and then everything continues on with no changes made. Which is absurd. These situations identify a flaw in the ContentID system, or the use of an automated system of any kind, and yet we never do anything about it.Which is why this sort of thing keeps happening. The most recent example of this concerns tons of Super Mario Bros. speedruns being issued copyright notices because the YouTube channel for the Guinness Book of World Records uploaded a record-holding speedrun itself. From there, ContentID did its thing.
We are so hip here at Techdirt that we've been writing about Section 230 long before it was cool. But even though everyone and their President seems to be talking about it these days, and keen to change it, it does not seem like everyone necessarily knows what it actually says or does. Don't let this happen to you!The embedded video below is of a presentation I gave earlier this year at ShmooCon where I explained the magic of Section 230 through the lens of online cat pictures. As we head into more months of lockdown, our need for a steady supply of cat pictures has never been more important. Which means Section 230 has never been more important.In this presentation I explain why we have Section 230, what it does, why it works, and how badly we jeopardize our supply of online cat pictures (as well as a lot of other good, important stuff) if we mess with it.Tune in!
For many years, we've said that if the public library were invented today, the book publishers would sue it out of existence. It appears that the big book publishers have decided to prove me right, as they have decided to sue the Internet Archive for lending ebooks without a license.Over the last few months, we've discussed why publishers and authors were overreacting in their verbal attack on the Internet Archive's decision to launch a "National Emergency Library" to help out during a pandemic. While many publishers and authors declared this to be "piracy," that did not square with reality. The Internet Archive was relying on a variety of precedents regarding the legality of libraries scanning books and lending books, as well as around fair use, to argue that what it was doing was perfectly legal. Indeed, the deeper you looked at the issue, the more it looked like the publishers and authors were upset with the Internet Archive for being a library, since libraries don't need special licenses to lend out books.In other words, this was yet another attack on property rights. Publishers and some authors were trying to argue that the Internet Archive needed extra licenses to lend out legally made scans of legally obtained books. And to respond to a few common criticisms of the NEL: they were doing this since so many libraries and schools around the world were shuttered due to the pandemic, meaning that millions of books were literally collecting dust on shelves, un-lendable. More importantly, the NEL was not targeting recent releases (all books in the NEL are over 5 years old, and the commercial life of nearly every book is much shorter than that). Finally, contrary to some claims, the books in the NEL are not "bit for bit copies" of high quality ebooks. They are relatively low quality scans. If a more legit version is available, nearly any reasonable person would go for that instead (indeed, I've personally purchased multiple books after first borrowing copies from the Open Library before deciding to get a permanent copy). Also, most of the books available in the NEL are simply not available at all in ebook format, meaning that they're not available at all during the pandemic for many people.There was some chatter that publishers might choose not to sue the Internet Archive over this, because losing this fight would seriously challenge a bunch of other copyright claims that they rely on. But, come on. These guys are so obsessed with copyright, how could they not sue? So, earlier this week, all the big publisher teamed up to sue the Internet Archive, represented by former RIAA lawyer Matt Oppenheim, who has a long history of being on the bad side of nearly every big copyright case.Here's the thing, though: the publishers didn't just decide to sue over the National Emergency Library: instead they're also suing over the entire "Controlled Digital Lending" process. That's the program that the Authors' Guild has been whining about, which is the underpinning of the NEL. The CDL/Open Library program involves letting libraries lend out digital books if they retain a physical copy of the book on the shelf (so maintaining a one-to-one relationship between books lent out and books that the libraries have in their possession). The NEL took away that limitation, with the argument that this was allowed due to their reading of fair use in the midst of a pandemic with so many books locked up.While I support the NEL -- I can recognize that courts may not buy their fair use arguments. On the CDL/Open Library front, though, that's just blatantly attacking a very standard library procedure. There can be no argument of "lost revenue" from the CDL, unless you're attacking the very basis of libraries themselves. And that's what the lawsuit appears to do.
Facebook is implementing end-to-end encryption in its Messenger service. This has made a number of government officials unhappy. Claiming this will lead to an increase in child sexual exploitation, multiple governments (including our own) have pounded their respective tables in Facebooks' direction, demanding the company not give its users secure communications.Now, it's more than just government officials. The BBC reports some of Facebook's shareholders have been swayed by the international table-pounding.
The hit FRESHeBUDS earbuds are back and better than ever with the new Pro model. Even more water and sweat resistant to stand up to any outdoor activity, these new buds have enhanced battery life, and automatically pair to your phone when pulled apart so you don't have to go through any setup. They're on sale for $30.Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.
The Center for Democracy and Technology appears to be the first out of the gate in suing Donald Trump to block his silly executive order on Section 230. In the aftermath of the EO being issued I know some people wondered if it was actually worth suing over, since it actually did so little in practice. But, as I discussed in this week's podcast, it can still be used to create havoc.The basic argument in the lawsuit is that the executive order is clearly retaliatory against Twitter for its 1st Amendment protected speech in fact-checking the President, and thus violates the 1st Amendment:
On one end, you've got wireless carriers implying that 5G is some type of cancer curing miracle (it's not). On the other hand, we have oodles of conspiracy theorists, celebrities, and various grifters trying to claim 5G is some kind of rampant health menace (it's not). In reality, 5G's not actually interesting enough to warrant either position, but that's clearly not stopping anybody in the post-truth era.But it's all fun and games until somebody gets hurt.Baseless conspiracy theories about the health impact of 5G have gone next level during the pandemic. To the point where facts-optional nitwits are not only burning down cell towers in the UK, but putting razor blades and needles underneath protest posters on telephone poles (apparently you solve public health risks by... putting peoples' health at risk?). We've seen a few attacks on telecom infrastructure and employees here in the States, but it's been notably worse in the UK, where telecom engineers are now being routinely insulted and threatened:
Techdirt