Techdirt

While the Pai FCC is chomping at the bit to approve T-Mobile and Sprint's competition and job killing mega-union, rumors have long been that many DOJ staffers remain highly skeptical about the purported benefits of the deal. After all, history routinely shows that when you reduce the number of overall competitors in the telecom space from four to three, the reduction in competition results in higher prices and worse service (go ask the Canadians or the Irish). Such mergers also pretty routinely are massive job killers, given there's a laundry list of support and middle management personnel who wind up being redundant.To address the competitive impacts, the DOJ is prepared to sign off on a new, elaborate deal that would offload Sprint prepaid brand Boost Mobile and some spectrum to Dish Network in a bid to cobble together a viable, fourth competitor out of sticks and twine:

Reform efforts targeting cash bail, plea deals, and life-altering criminal charges have occasionally hit on the idea of pre-trial diversion. In exchange for payment and possible an educational class or two, people now have the possibility of satisfying their obligation to the government while keeping their criminal record clean.It sounds like a good idea. But there's a huge gap between the theory and the practice. In some cases, corporations like Walmart have inserted themselves into the criminal justice system, freeing shoplifters of criminal charges provided suspects pay the store a few hundred dollars and attend mandatory "don't be a criminal" classes. Unlike the government version, there's no chance you'll be found innocent by a jury of your peers. If Walmart accuses you, you pay the fines, do the classroom time, or get hit with criminal charges anyway.Elsewhere, government agencies are moving forward with pre-trial diversion programs. It makes a limited amount of sense. People don't want to go to jail. And prosecutors don't necessarily want to put in the prosecution work for every rinky-dink case cops toss their way. Yes, there's not a lot of due process in it, but there really isn't much in the system anyway, not when most criminal accusations result in plea deals, rather than jury trials.These programs could result in positive outcomes for accused citizens, who are able to keep their criminal/driving records spotless despite being cited or arrested for violations. Unfortunately, the programs are being warped to serve prosecutors, rather than the public, as Jessica Pishko reports for Politico.In Louisiana, the Rapides Parish District Attorney's office asked for $2.5 million in funding from the cash-strapped parish. The treasurer, Bruce Kelly, dug into the DA's numbers to see what had caused this shortfall. Kelly saw a steady decline in the funds collected by the DA's office for court fines and traffic tickets. He also saw an office in good physical condition with a fleet of new cars. None of this added up. So, Kelly dug deeper.

As we've been talking about for a bit now, there is a new favorite target of the music industry when it comes to anti-piracy efforts: stream-ripping websites. It's important to continue to point out that, despite the plain fact that these sites are quite often used to generate audio-rips of copyrighted music video material, that is most certainly not their only use. Other uses for these sites are non-infringing. But this is the music industry we're talking about, with it's storied history of carpet-bombing technology tools rather than precision bombing actual infringement.Meanwhile, YouTube more recently decided to conspire with the music industry against these sites by blocking several prominent stream-ripping sites without word or warning. From that original post we wrote:

The Eleventh Circuit Court of Appeals has reached a conclusion that defies easy summation. But here's an attempt: it is not well-established that cops shouldn't shoot children they've ordered to lie prone on the ground while trying to shoot a dog that posed no threat to officers.In reversing the lower court's denial of qualified immunity to Officer Michael Vickers, the Appeals Court has opened the door to preventing the stupidest, most-inept cops from being held responsible for their careless blunders.In this case, Vickers and other officers were pursuing a suspect through a neighborhood. This pursuit inserted them into the backyard of Amy Corbitt, where Corbitt's 10-year-old child (known only as SDC in the opinion) and five other children (two of them under the age of three) were playing. The officers entered the yard and demanded everyone present to get down on the ground, including the children. They handcuffed the only adult in the backyard (Damion Stewart) and kept the children on the ground. The officers had the scene secured as they outnumbered the prone children who were still laying on the ground with guns pointing at them.The surprise entrance of the family dog turned this scene from merely-horrific to possibly deadly. From the decision [PDF]:

So if you've been around these parts for a while, you might remember a big stink back in 2006 or so when Google's Street View vehicles were found to have been hoovering up data collected via WiFi. The collection came while the company was collecting Street View data via its army of specially-configured vehicles, and included pretty much any and all unencrypted data traveling over those networks, including telephone numbers, URLs, passwords, e-mail, or video streams. The goal was purportedly to ensure better geographical positioning data, but the data collected went well beyond what was needed for that goal.Initially, Google claimed that the data collection was accidental, something supported by engineering analysis at the time. Here's what Google said in 2010 about the issue:

Here's a bit of a weird one: a First Amendment lawsuit over the "muting" of a player's character. (h/t Volokh Conspiracy)Amro Elansari -- in a handwritten complaint [PDF] -- contends Jagex Inc., the company behind Runescape, violated loads of rights and other things when it apparently muted his character back in March of this year. The allegations include discrimination, violations of his free speech rights along with his due process rights, and other "adverse action."He claims he was muted for no reason and without notification -- this despite being a "streamer + 2000 hours + invested." He also claims this happened while he was streaming and that viewers witnessed this egregious violation of multiple rights as it happened. Elansari's lawsuit asks for the court to order the "mute" removed and whatever else a jury might find proper to award him.Obviously, there's nothing the judicial system can do for him.To start with, Elansari is suing a (UK) company for violating his (American) rights. Even without these particular modifiers, there's nowhere Elansari can go with this. He's suing a private company for violating his Constitutional rights -- something that's almost impossible for a private company to do. Especially First Amendment rights, which can only be violated by the government.Early on in the order [PDF], the court notes there's no federal claim it can even attempt to handle given the particulars of the allegations.

So, as was leaked a couple of weeks ago, the FTC has now made its $5 billion settlement with Facebook official. There's quite a bit that's interesting in the stipulated order that is worth reading. I'm actually glad to see that this wasn't just about Cambridge Analytica, where I think the "breach" issue was much less concrete. Instead, it does include a bunch of other very real violations by Facebook, including:

Pay what you want for The Complete White Hat Hacker Certification Bundle and you'll get access to the Rootkits & Stealth Apps course, where you’ll learn how to create a rootkit, keylogger, backdoor, and more stealthy threats. If you beat the average price, you unlock 8 more courses covering multiple tools and topics to help you learn more about becoming an ethical hacker.Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

Well, here's a different kind of a "looks like a duck" test when it comes to copyright law:

A little more than 12 years ago, Verizon was forced to strike an agreement with the New York State Attorney General for marketing data plans as "unlimited" when the plans had very clear limits. Carriers have received numerous subsequent wrist slaps for the practice in the decade since, but none of these lessons appear to have gotten through.Case in point: Verizon recently launched its first ever 5G hotspot for use on the company's barely available 5G network. To use it, you'll need to pony up $650, which is three to four times higher than the cost most pay for a comparable 4G hotspot. From there, you'll need to pay Verizon $85 per month for an "unlimited" 5G data plan, which is roughly $10 more per month than a comparable 4G plan. And of course, this being Verizon, the company's "unlimited" data plan is not really unlimited:

An investigation called the "Plain View Project" has uncovered a truly disturbing amount of bigoted, violent social media posts by police officers located all over the United States. The entire database of posts is located here. Anyone wanting to see what their public servants truly think about the people they serve can click through and be horrified.It would be horrifying enough if officers just kept their thoughts to themselves and let those thoughts guide their actions. But these are public posts able to be viewed by anyone and these officers apparently had no qualms about displaying the content of their character. This is just a small sampling:

Update: As a reader helpfully pointed out in the comments, the original source article for this post incorrectly suggested that Weischede had defeated Viacom in a legal battle. In the link included in the comment, which provides far more detail, it turns out that this was resolved when Viacom dropped its opposition as opposed to having it defeated. I have left in the original post and inputted this update for the sake of clarity.You may not recall the name Katharina Weischede, but we wrote about this Filipina teenager from New Zealand back in 2018, when Viacom decided to oppose the 13 year old on trademark grounds because she dared to make and sell "slime" as a business. More specifically, Katharina has earned the nickname in New Zealand of "Slime Princess", which is what she applied for in her trademark application. Viacom opposed the application, citing that its Nickelodeon division has trademark rights for "slime" in the country already.It was an absurd opposition on every level, from Katharina's company carrying something like a $20k valuation at the time, to the overly broad mark which Viacom was purporting to be protecting, to the pure PR nightmare that was getting into a legal battle with a bright teenager looking to start a fun business.And, to make the whole thing worse, The Slime Princess (TM) defeated Viacom at the trademark office.

Back in May, the San Francisco Police Department raided the home of a local "stringer," hoping to discover who had leaked a sensitive police report to the journalists. This raid violated the state's journalist shield law and the First Amendment. Since it was obvious the source of leaked document was an SFPD officer or employee, the raid was also incredibly stupid… unless the real point of the show of force was to discourage journalists from publishing leaked documents.It took a few days before the SFPD police chief was willing to condemn the raid. According to the chief, the still-unseen affidavit glossed over the target's occupation -- an omission that likely would have seen the warrant application tossed if it had been included.Speculation about the contents of at least one of the warrants is about to come to an end. The judge overseeing stringer Bryan Carmody's challenge of the warrant has ordered the affidavit to be unsealed.

Moral panics are nothing new, but they've taken on many new forms in the internet era, and their patterns have rubbed off on other kinds of techno-panics. This week, I join Mike on the podcast to discuss the way we talk about the potentially scary aspects of tech, how to spot a tech panic, and how to start changing the conversation into something more constructive.Follow the Techdirt Podcast on Soundcloud, subscribe via iTunes or Google Play, or grab the RSS feed. You can also keep up with all the latest episodes right here on Techdirt.

The NSA's Inspector General has released its biannual report on its recent investigations. This report is delivered to its Congressional oversight which, let's face it, is generally uninterested in ensuring the Constitutionality of the agency's surveillance programs. Nevertheless, here it is [PDF].Included are things we know… like the agency's inability to collect phone records correctly under the constraints imposed by the USA Freedom Act. The assumption was leaving the phone records in the control of telcos would reduce overcollection. The NSA proved us wrong. It led to more overcollection, rather than less, leading the NSA to conclude it was better off without this program.Overcollection had never been considered a problem before, but perhaps the NSA felt there was only so much massive piles of unrelated data could tell it. It decided to can the phone records collection. But, unless Congress decides to codify this voluntary move, it could decide to start overcollecting again.What is new is the NSA's inability to surveil itself. It has eyes and ears around the world (five at least!) but it can't seem to keep an eye on its own employees. There's a huge disconnect between the agency's surveillance powers and its ability to keep tabs on the staff. It would seem NSA staff would be about the smallest surveillance subset possible, but here we are.We noticed this inadvertent irony several years ago. The NSA has the power to collect email metadata and content in bulk, but when it comes to responding to FOIA requests, it claims it simply doesn't have the skill set to search internal emails efficiently or accurately. The agency's massive budget apparently all goes to outbound searches. Asking it to find stuff its own employees discussed via email results in a shrug and mumbling about "archaic systems."You will either be unsurprised or slightly more chagrined by what's contained in the latest report, given this foreshadowing. Exposed in the Snowden stash back in 2013 was the fact that the NSA did not just collect phone records in bulk. It also collected financial records in bulk, hoovering up credit card transactions with its "Follow the Money" program. The purpose was to trace money flowing to terrorists. To achieve this, the NSA approached credit card companies with FISA-approved warrants or subpoenas. No Constitutional protection is given to these third-party records, thanks to a court system that has consistently found that anything Americans share with others should be "shared" with the government.Given this reach, you'd assume in-house tracking of purchases using… um… company[?] cards would be trivial. Well, that's why assumptions suck. NSA employees are blowing money on unapproved stuff and all the agency can offer is the same shrug it attached to its failed FOIA search.

Sorry Russian trolls (oh, and also all you people insisting that Section 230 doesn't and or shouldn't allow Facebook to kick trolls off its platform), but a court has made it clear that Facebook is clearly protected in kicking trolls off its platform. In this case, the Federal Agency of News (FAN) was kicked off Facebook soon after the 2016 election, when Facebook realized that various Russian trolling outfits had used the platform to push propaganda, often directed by the Russian "Internet Research Agency." Among the pages that Facebook removed was FAN's. For what it's worth, the "General Director" of FAN was one Aleksandra Krylova, who is among those who were indicted by Robert Mueller last year, for trying to influence the US election.Somewhat incredibly, FAN decided to sue Facebook over this, claiming a violation of the First Amendment along with some other claims -- which I'll just note in passing seem oddly similar to the claims used by white supremacists and other trolls who have sued social media for being removed. This includes claims of a civil rights violation under both federal law and California's Unruh Civil Rights Act, a breach of contract claim and a breach of "implied covenant of good faith and fair dealing."All of this fails. Miserably. For all the reasons we've discussed for years. Judge Lucy Koh points out that CDA 230 clearly applies here, and walks through why each of FAN's arguments are legally nonsense. We'll give a few examples, mainly highlighting the silly arguments that (other?) trolls keep putting forth lately to argue why CDA 230 does not protect such content moderation. First up, an argument that the CDA is only supposed to apply to obscenity or other kinds of "offensive" content, and therefore doesn't apply to garden variety trolling. Nope, nope and nope:

The Mighty Mac Bundle features 10 apps designed to ramp up the power of your Mac. You'll get VPNSecure to help keep you safe online, CrossOver18 to run Windows apps right from your Mac dock, CleanMyMac X, WALTR 2 to transfer any music, ringtone, video, PDF and ePUB file with a simple drag and drop, and Dropshare. You'll also receive ActiveDock, Folx Pro, Chronicle Pro, MacPilot 10, and the Complete Web Developer Bundle. It's on sale for $30.Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

Last week, when I wrote about Senator Graham's crazy "But think of the children online!" moral panic hearing, I highlighted comments from a guy named Christopher McKenna, who runs an organization called "Protect Young Eyes," which is one of those organizations that freaks parents out about all the evil things your kids might be up to. Among many of the crazy and misleading comments McKenna made, was one that was actually accurate, but interpreted incorrectly. McKenna whined that it was impossible to "watch over" kids online all the time. His solution was to force companies (and politicians) to censor the internet with filters and other tools. Or, at the very least he seemed to think parents needed better tools to spy on their kids' online activities.As we pointed out, another person on the panel suggested that rather than spying on our kids all the time, it would be better for parents to educate kids how to be good digital citizens, how to avoid danger, and how to better interact with the world around them. He was almost entirely ignored for the rest of the panel.This divide in parenting techniques is a big deal, however. Thanks to new technologies it is much easier to spy on kids all the time. But we should be wary of that. Wired just had an article about how the app Life360 is ruining kids' summer as parents are tracking everything they do:

However bad Facebook's privacy issues are, the telecom sector's have long been as bad, if not worse. That's been most recently exemplified by the industry's headaches surrounding the collection and sale of sensitive customer location data. Scandal after scandal has revealed that for the better part of the last decade, cellular phone companies have been collecting and selling your location data to a long line of often dubious companies and organizations, who then did the bare minimum to secure this data. Everyone from law enforcement to stalkers has been allowed to abuse this data, and your privacy.The latest case in point: a new investigation by Think Progress found that Steve Bannon also managed to get a hold of this data and use it for political targeting purposes. According to the report, Bannon and a group dubbed CatholicVote used the cell-phone location data of people who had visited Roman Catholic churches in Dubuque, Iowa, in 2018 to target them with get-out-the-vote ads:

The UK government already has the cameras -- thousands of them. So, why not add facial recognition to the mix? A number of UK law enforcement agencies already have. UK police forces compiled a legally-questionable database of 18 million face photos and went to work.Nobody did well. Failure after failure followed the rollout, with the London Metro police repeatedly claiming the "worst of the worst" title for itself. Despite this resounding lack of success, the Home Office feels the UK needs more failure, not less.

There are many, many ways for big companies' attempts to use social media or smart apps to go horribly wrong. Usually these happenings involve either hacked into accounts repurposed for lulz, rogue employees having a bit too much to drink on beer Friday and then going off, or companies doing something stupid and then blaming either of the previous for it.And then there's the American Hockey League's mobile app, which for some reason alerted users that Stewart Zimmel apparently both owes someone $6k and threatens to punch people in the throat.

Last month, we wrote a fairly long post about some interesting elements (demonstrating the flimsiness of "copyright" existing for many photographs) in a copyright lawsuit filed against model Gigi Hadid for reposting a cropped paparazzi photo on her Instagram. As we noted in that post, despite all of the interesting arguments made regarding copyright and photos, it seemed clear that this case was going to get tossed on purely procedural grounds -- namely that the lawsuit, filed by a photo agency called Xclusive-Lee (who may or may not even hold the rights to the photo), was filed prior to the photo receiving a registration from the Copyright Office. Back in March, the Supreme Court said that copyright law is quite clear that you need to wait until the registration is obtained.Here, that was not the case. It was filed before the registration was granted, and thus it's no surprise that (as first pointed out by the Hollywood Reporter) that this case was thrown out for that reason alone.

For the third time in two months, a US city has banned the use of facial recognition tech by local government agencies.San Francisco started this movement (oh god please let it be a movement) back in May, booting the tech out of the city before local agencies had even gotten a chance to fool around with it. Earlier this month, Somerville, Massachusetts took home the silver in the anti-surveillance-state games, enacting a local ban on facial recognition tech.Oakland, California has become the third city in the nation move forward with a facial recognition tech ban, as KPIX reports:

Maybe the LAPD doesn't have the experience its counter-coastal counterpart has in inflicting damage to rights and liberties, but it's trying, dammit! The NYPD's brushes with the Constitution are numerous and perpetual. The LAPD may have spent more time working on the Fourth and Fifth Amendments during its Rampart peak, but now it's rolling up on the First Amendment like a repurposed MRAP on a small town lawn.

As you may have heard, a couple weeks ago, President Trump hosted what he called a "social media summit," where he brought in various Trump-supporting social media people, and where they all got to whine about the completely made up concept of anti-conservative censorship on social media sites (and, because I know the same three of you are going to show up in the comments and scream your heads off that I'm being blind to such censorship: you have yet to show any actual evidence to support your claims -- and, no, a few anecdotes of trolls, assholes, revisionists and propagandists being blocked does not actually prove your point). Trump gave a long speech at that event, most of which made literally no sense. However, he seemed pretty damn sure that social media sites are censoring conservatives.

The Microsoft PowerShell Certification Bundle has 3 courses to get you up to speed with PowerShell. You'll cover a variety of topics crucial to understanding PowerShell so you can automate small daily tasks and improve your work efficiency. Gradually, you'll scale up towards more complex tasks. You'll also discover how to automate your daily work related to Active Directory Management, and how to integrate with non-Microsoft products as well. It's on sale for $19.Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

You may be shocked to learn this, but nearly all of the promises AT&T made in the lead up to its $86 billion merger with Time Warner wound up not being true.The company's promise that the deal wouldn't result in price hikes for consumers? False. The company's promise the deal wouldn't result in higher prices for competitors needing access to essential AT&T content like HBO? False. AT&T's promise they wouldn't hide Time Warner content behind exclusivity paywalls? False. The idea that the merger would somehow create more jobs at the company? False.Of course the press and public aren't the only folks AT&T misled. To glean the support of the telecom sector's biggest union, the Communications Workers of America, AT&T apparently promised that newly acquired Time Warner (and subsidiary) workers would be able to join the union. But when the time came to actually allow those employees in, guess what? AT&T suddenly declared that wouldn't be happening for the vast majority of them:

It's becoming a tradition. A week ago, we wrote about a Friday evening news "leak" (almost certainly from Facebook) about the FTC approving a settlement with Facebook over privacy violations. And, this past Friday evening, there was a similar news dump about a similar settlement with YouTube (though at a much lower dollar amount). In both cases, the Friday evening news dump was almost certainly on purpose -- in the hopes that by Monday, something bigger will have caught the news cycles' attention. Thankfully, we don't work that way.Let's cut to the chase, though. No one (outside of, perhaps, YouTube/Google/Alphabet execs) is "happy" with this. Pretty much everyone will point out, accurately, that a "multi-million dollar" fine is effectively meaningless to YouTube. No one believes that this will magically lead to a world in which internet companies take privacy more seriously. No one believes this will lead to a world in which anyone's privacy is better protected.And while I'm sure some people will complain about the amount (pocket change for Google), I'm not sure the amount really makes much of a difference. Remember, last week's angry response to the $5 billion that the FTC is allegedly getting from Facebook. That's a much higher amount (by a massive margin) the largest the FTC has ever gotten from a company.Perhaps there's a larger issue here: this system of expecting private companies and overworked/understaffed federal (or state) agencies to somehow manage our privacy for us does not work -- no matter what your viewpoint on all of this is. Perhaps we should be looking for solutions where users themselves get better direct control over their data, and aren't reliant on giant fines or government bureaucrats "protecting" it for them. Because if we're just going to go through this charade over and over and over again, it's not clear what the benefit is for anyone.If you don't trust Google/Facebook, then no fine is going to be enough. If you do trust them to hold onto the data they collect, then this whole thing feels like a bit of privacy theater. No one ends up happy about it, and nothing is actually done to protect privacy. I've been pointing out for a while now that we're bad at regulating privacy because most people don't understand privacy, and I think these kinds of things are a symptom of that. There's this amorphous concept out there of "privacy," and people -- egged on by media stories that aren't always accurate -- have a concern that the companies don't do a very good job protecting our privacy. And they're right about that. But, there's no agreement on what privacy means or how you actually "protect" it. And the only tools in the toolbox right now are fines or crazy, confusing, misguided regulations that seem to only lock in large players and hand them an even more dominant position (allowing them to do more things that people are uncomfortable with).There needs to be a better approach -- and it has to be one that starts more from first principles about what it is that we're actually trying to accomplish here, and what will actually get us there. What we have now is not that.

This week, our first place winner is Gary with a simple and important take on the idea of the government seizing pharma patents:

Five Years AgoThis week in 2014, new revelations from Edward Snowden painted a bad picture of the culture at the GCHQ while, in an interview, he also described the NSA practice of "routinely" passing around intercepted nude photos — something the agency quickly insisted it would stop if it knew about it. The NSA was also saying it had more emails from Snowden when he still worked for the agency, but would not release them.Also this week in 2014: Google finally dumped its ill-fated real names policy, the MPAA was going after Popcorn Time, and the Supreme Court refused the Arthur Conan Doyle estate's last-gasp attempt to stop Sherlock Holmes from becoming public domain.Ten Years AgoThis week in 2009, we saw the ninth misguided lawsuit over trademark in Google AdWords, the Guinness Book of World Records used a bogus takedown to try to hide the records of a very embarrassing website fail, New Zealand was considering copyright reform but not really anything meaningful, and the newly-hugely-popular So You Think You Can Dance was blocked from doing a Michael Jackson tribute. A Norwegian ISP was fighting back against the Pirate Bay ban, the National Portrait Gallery was threatening Wikimedia over downloading public domain images, and Stephen Fry stepped up as an ally against corporate copyright abuse.Fifteen Years AgoThis week in 2004, the CEO of Streamcast was presenting evidence of collusion among record labels to blacklist file sharing companies, while a somewhat unclear study was suggesting BitTorrent usage was way up. The RIAA was predictably defending the INDUCE Act (which it basically wrote) in a letter full of misleading and untrue statements, while at the same time some people were asking if the agency's new anti-filesharing system Audible Magic was in violation of wiretapping laws, and its counterpart in Canada was fighting against a court ruling that said ISPs don't have to turn customer names over to the industry.

As I mentioned when we recently discussed Dean Guitars' pushback and counter-suit against Gibson Guitar's trademark lawsuit, Gibson CEO James Curleigh's vague declaration of a relaxed position on IP enforcement has calcified into something of an official corporate program. It's not all bad, but it's not all good either.We'll start with the good. Gibson has decided to recognize that there are fans inspired by its designs who want to create their own guitars and even sell them on occasion. In recognition of this, Gibson is starting an "authorized partnership" program to allow those creators to build guitars without fear of legal threat.

By now the half-baked security in most internet of things (IOT) devices has become a bit of a running joke, leading to amusing Twitter accounts like Internet of Shit that highlight the sordid depth of this particular apathy rabbit hole. And while refrigerators leaking your gmail credentials and tea kettles that expose your home networks are entertaining in their own way, it's easy to lose sight of the fact that the same half-assed security in the IOT space also exists on most home routers, your car, your pacemaker, and countless other essential devices and services your life may depend on.Case in point: just about two years ago, security researchers discovered some major vulnerabilities Medtronic's popular MiniMed and MiniMed Paradigm insulin pumps. At a talk last year, they highlighted how a hacker could trigger the pumps to either withhold insulin doses, or deliver a lethal dose of insulin remotely. But while Medtronic and the FDA warned customers about the vulnerability and issued a recall over time, security researchers Billy Rios and Jonathan Butts found that initially, nobody was doing much to actually fix or replace the existing devices.So Rios and Butts got creative in attempting to convey the scope and simplicity of the threat: they built an app that could use the pumps to kill a theoretical patient:

Carl Malamud is one of Techdirt's heroes. We've been writing about his campaign to liberate US government documents and information for over ten years now. The journal Nature has a report on a new project of his, which is in quite a different field: academic knowledge. The idea will be familiar to readers of this site: to carry out text and data mining (TDM) on millions of academic articles, in order to discover new knowledge. It's a proven technique with huge potential to produce important discoveries. That raises the obvious question: if large-scale TDM of academic papers is so powerful, why hasn't it been done before? The answer, as is so often the case, is that copyright gets in the way. Academic publishers use it to control and impede how researchers can help humanity:

In the past, law professor Eric Goldman has suggested that when it comes to infringing content, courts have an uncanny ability to ignore the actual law, and make up their own rules in response to the belief that "infringement bad!" An ongoing lawsuit against Cloudflare seems to be a case in point. As covered by TorrentFreak, a judge has allowed a case against Cloudflare to move forward. However, in doing so, it seems clear that the judge is literally ignoring what the law says.The case itself is... odd. In the complaint, two makers of bridal dresses are upset about the sale of counterfeits. Now, if we're talking about counterfeits, you'll probably think that this is a trademark lawsuit. But, no, Mon Cheri Bridals and Maggie Sottero Designs are trying to make a copyright case out of this, because they're arguing that sites selling counterfeits are using their copyright-protected photos to do so. And Cloudflare is, apparently, providing CDN services to these sites that are selling counterfeit dresses using allegedly infringing photographs. It is odd to go after Cloudflare. It is not the company selling counterfeit dresses. It is not the company hosting the websites of those selling counterfeit dresses. It is providing CDN services to them. This is like suing AT&T for providing phone service to a counterfeit mail order operation. But that's what's happening. From the complaint:

Palantir is the 800-pound gorilla of data analytics. It has created a massive surveillance apparatus that pulls info from multiple sources to give law enforcement convenient places to dip into the data stream. Law enforcement databases may focus on criminals, but Palantir's efforts focus on everyone. Whatever can be collected is collected. Palantir provides both the data and the front end, making it easy for government agencies to not only track criminal suspects, but everyone they've ever associated with.Palantir is big. But being the biggest player in the market doesn't exactly encourage quality work or accountability. Multiple problems have already been noticed by the company's numerous law enforcement customers -- including the company's apparent inability to responsibly handle data -- but complaints from agencies tied into multi-year contracts are pretty easy to ignore. Palantir says it provides "actionable data." Sounds pretty cool, but in practice this means things like cops firing guns at innocent people because the software spat out faulty suspect/vehicle descriptions.Agencies must see the value in Palantir's products because few seem willing to ditch these data analytics packages. The company does a fairly good job dropping a usable interface on top of its data haystacks. It sells well. And it's proprietary, which means Palantir can get into the policing business without actually having to engage in the accountability and openness expected of government agencies.Fortunately for the public, government agencies still have to respond to public records requests -- even if the documents sought detail private vendors' offerings. Vice has obtained part of a user's manual for Palantir Gotham, which is used by a number of state and federal agencies. This software appears to be used by "fusion centers," the DHS-created abominations that do serious damage to civil liberties but produce very little usable intelligence.The manual [PDF] seems to be written for the California law enforcement agencies that work with local fusion centers. The amount of data Palantir's software provides access to is stunning:

Cloud computing has revolutionized industry and changed the way businesses manage their digital infrastructure.The Cloud Computing Architect Certification Bundle has nine courses geared to help you get familiar with one of technology's fastest growing fields. There are 3 introductory courses to introduce to the basic concepts of cloud computing. After those, the other courses cover Microsoft Azure, AWS and Google Cloud Platform. It's on sale for $39.Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

We've written a few times in the past about the serious problems with the CASE Act, a bill that will create a thriving industry of copyright trolling and shakedowns. On Thursday, the Senate Judiciary Committee passed the CASE Act out of Committee, meaning that it could go to the floor for a full vote. Stan Adams, from CDT, has written a detailed, and thoughtful critique, noting that even if there are good intentions behind the CASE Act, it has many, many problems. We're reposting it here, under CDT's CC-BY license.Sometimes ideas based in good intentions are so poorly thought out that they would actually make things worse. This seems to be especially prevalent in the copyright world of late (I'm looking at you, Articles 15 and 17 of the EU Copyright Directive), but the most recent example is the Copyright Alternative in Small-Claims Enforcement Act of 2019 (CASE Act). This bill intends to give photographers and small businesses a more streamlined way to enforce their rights with respect to online infringements by reducing the costs and formalities associated with bringing infringement claims in federal court. Pursuing infringement claims can be expensive and time-consuming, so this may sound like a good thing, especially for rightsholders with limited resources. It is not.The CASE Act would establish a quasi-judicial body within the Copyright Office (part of the legislative branch) empowered to hear a limited set of claims, make "determinations" about whether those claims are valid, and assign "limited" damages. The bill structures the process so that it is "voluntary" and lowers the barriers to filing claims so that plaintiffs can more easily defend their rights. Without the "quotes", this description might sound like a reasonable approach, but that's because we haven't talked about the details. Let's start at the top.The bill would establish a Copyright Claims Board (CCB) in the Copyright Office. This would not be a court and would be entirely separated from the court system. The only option to appeal any of the CCB's determinations, based on the CCB's legal interpretation, would be to ask the Register of Copyrights to review the decision. It would be theoretically possible to ask a federal court to review the determination, but only on the grounds that the CCB's determination was "issued as a result of fraud, corruption, misrepresentation, or other misconduct" or if the CCB exceeded its authority. So if you disagree with the CCB's legal interpretation, or even its competence to make a decision, you are out of luck. This raises red flags about potential due process and separation of powers problems under the Constitution.The "small claims" part of the bill is also troubling, in that the CCB can award damages up to $30,000 per proceeding. This amount is only considered small in the context of copyright statutory damages, which range between $750-30,000 per work infringed, unless the infringement was willful, in which case, damages can be $150,000 per work. The $30K cap is a 2x-10x multiple of the maximum awards for small claims courts in 49 of 50 states. (Side note: what's going on, Tennessee?) So losing a single small-claims action before the CCB could be a financial disaster for many people, potentially for nothing more than uploading a few pictures to your blog.You may be thinking, "I won't infringe copyright, I'll just make sure not to use any protected works." Here's why that will not be as easy as you might think. First, copyright is automatic. This means that when someone snaps a new photo, they immediately hold the rights to it. If you found a photo or other work that you wanted to use, you would need to get permission from the rightsholder. In some cases, determining who to ask is relatively easy. You may know the photographer or there may be clues indicating who likely owns the rights, such as watermarks or attribution information (photo courtesy of x). However, the only sure way to identify the rightsholder for any given work is to check with the Copyright Office to see who registered the work.Even though the Supreme Court recently ruled that the registration process must be completed (either the Copyright Office granted or denied the application for registration) before filing infringement claims, registration is not required to bring an action under the CASE Act. This leaves everyone (other than the original author/photographer) with no guaranteed way to determine who holds the rights to unregistered works. Even if you identified someone as a potential rightsholder, it could be difficult or impossible to verify their claim of ownership without the official recognition by the Copyright Office. So even if you are acting in good faith and attempt to obtain permission before using a work, you may not be able to do so and there is no guarantee that you will have obtained permission from the correct party, leaving you exposed to claims via the CASE Act.For example, you see an image (perhaps a vacation photo) on a friend's social media page and ask their permission to share it with your network. They agree and you share, not realizing that your friend copied that image from somewhere else, perhaps a travel company website. Your friend did not have the rights to that photo, and you made and distributed an unauthorized copy, exposing you to the possibility of an infringement claim from the actual photographer. Sharing that single photo could cost you $7500.So, to recap, it may be impossible to obtain the correct permissions to use a work, and using a work with or without permission (relying on the fair use doctrine) may leave you exposed to claims up to $30,000, which will be determined by a panel of non-judges, whose decision you will have almost no way to appeal. Once their decision is final, you are also barred from relitigating your loss in federal court (unless you can prove fraud, etc). You may remember that this process is "voluntary." Let's talk about what that means in reality.The process created in the CASE Act allows defendants to opt-out of the process. Specifically, defendants are given 60 days from when they are notified of the claim to tell the CCB that they do not wish to be subject to the procedure. (This is how the bill's drafters hope to skirt around all the constitutional issues—by getting people to voluntarily give up their due process rights and willingly accept the legal determinations of a non-judicial body.) So it's easy, right? Simply opt-out.Yes, for many would-be defendants, especially the more legally sophisticated ones like large internet companies, opting out of each claim brought against them is not likely to be difficult, even if it is time and resource intensive. However, think about what you might do if you received an envelope claiming to be from a governmental body you have never heard of and asserting that you are potentially liable for infringing copyright. Many would simply ignore it or simply not understand the significance or the potential consequences. Others might perceive this notification as a form of phishing or a potential scam. 60 days elapse and you are now subject to the determinations of the CCB. The next letter you receive may be correspondence from a law firm (on behalf of the claimant) offering you a settlement deal that lets you buy your way out of the legal fight and the possibility of a $30,000 liability. Now what should you do: settle or try to defend yourself at the risk of a higher liability amount?This litigation model is often called "trolling" and the CASE Act sets up a process that serves that model well. Sure, the process is voluntary, which means that only the least legally savvy people will be defendants. Yes, the statutory damages are reduced (compared to those available through federal courts), but they are still plenty high enough to push defendants toward settlement, especially given the limited options for appeal.Despite its good intentions, the CASE Act is a legal disaster waiting to happen.

Netflix has certainly enjoyed its flight to the top of the heap of the streaming space, now streaming video to 60.1 million US subscribers. That's more than pay TV giants like AT&T or even Comcast, who've done their best (via usage caps and lobbying shenanigans) to unsuccessfully hamper Netflix's meteoric rise.But there's some indication that the company may have started to reach its high water mark. Netflix this week revealed it lost 130,000 subscribers last quarter, the company's first quarterly subscriber loss in history. The losses come despite Netflix having spent $3 billion on programming last quarter, and another $600 million to market its its wares. The loss was quick to rekindle memories of Netflix's bumbled Qwikster, price hike debacle from back in 2011:

The London Metropolitan Police's spectacular run of failure continues. Sky News reports the latest data shows the Met's facial recognition tech is still better at fucking up than doing what it says on the tin.

Moore's Law is well known. But many people think it's about how chip processing power keeps increasing. It's actually about the number and/or density of components on silicon. As such, it applies just as much to memory storage products as to processor chips. It's why you can now buy a one terabyte microSD card for $449.99. Never mind the price: although it's steep, it will inevitably tumble in the next few years, just as happened with lower-capacity microSD cards. What's much more important is what you can store with one terabyte on a tiny, tiny card. Mashable has done the calculations:

Earlier this month, we discussed how Gibson Guitar CEO James Curleigh had recently announced a shift in its IP enforcement strategy to try to be more permissive. That has since calcified into an actual formal plan, but we'll get into that more in a separate post because there is enough good and bad in it to be worth discussing. What kicked Curleigh's reveal, however, was backlash from a recent lawsuit filed by Gibson against Armadillo Distribution Enterprises, the parent owner of Dean Guitars. Dean sells several guitars that Gibson claims are trademark violations of its famed "flying v" and "explorer" body shapes. There are differences in the designs, to be clear, but there are also similarities. Even as Curleigh's plans for a more permissive IP attitude for Gibson go into effect, this lawsuit continues.But not without Armadillo punching back, it seems. In response to the suit, Armadillo has decided to counter-sue with claims that Gibson's designs are not only too generic to be worthy of trademark protection, but also that Gibson's actions constitute interference with its legitimate business. We'll start with the trademarks.

We've noted a few times now how the protectionist assault against Huawei hasn't been supported by much in the way of public evidence. As in, despite widespread allegations that Huawei helps China spy on Americans wholesale, nobody has actually been able to provide any hard public evidence proving that claim. That's a bit of a problem when you're talking about a global blackballing effort. Especially when previous investigations as long as 18 months couldn't find evidence of said spying, and many US companies have a history of ginning up security fears simply because they don't want to compete with cheaper Chinese kit.That said, a new report (you can find the full thing here) dug through the CVs of many Huawei executives and employees, and found that a small number of "key mid-level technical personnel employed by Huawei have strong backgrounds in work closely associated with intelligence gathering and military activities." This full Twitter thread by the study's author is also worth a read:

When the City of Baltimore agreed to settle with a victim of police brutality, it inserted the usual clauses that come with every settlement. There was the standard non-admission of wrongdoing, along with a "non-disparagement" clause the city's attorney told courts was used "in 95% of settlements" to prevent those being settled with from badmouthing the entity they sued.Ashley Overbey received a $63,000 settlement from the city for allegations she was beaten, tased, verbally abused, and arrested after calling officers to her home to report a burglary. When a local newspaper published a story about the settlement, the City Solicitor chose to disparage Overbey by saying she was "hostile" when the police arrived at her home. As the comments filled up with invective against Overbey, she showed up in person to fire back at her detractors, claiming the police had been in the wrong and detailing some of the injuries she suffered.The City -- which had chosen to skew public perception against Overbey by commenting on the settlement -- decided Overbey's defense of herself violated the non-disparagement clause. So, it clawed back half of her settlement -- $31,500 -- for violating its STFU clause.Overbey sued again, claiming this clause violated her First Amendment. Now, seven years after police showed up at her home and treated like the perpetrator -- rather than a victim -- of a crime, the Fourth Circuit Court of Appeals has ruled [PDF] these non-disparagement clauses are unconstitutional bullshit.The City argued Overbey's acceptance of the clause was actually an action of free expression. By opting for a payout, she was (and I am quoting the City here) "exercising her right not to speak in exchange for payment." Alternatively, it argued that even if it was an unconstitutional waiver of rights, the court has no reason to intercede and nullify the clause.The court agrees that it's a waiver of rights, but disagrees about what it's allowed to do about it:

Our nation's immigration agencies wield a considerable amount of power. So much power, in fact, that they're free to dump incoming immigrants off the space-time continuum at will. If a CBP officer decides a person isn't the age they say they are, they can alter the person's age so it matches the officer's beliefs.How does the CBP accomplish this neat little trick? Well, oddly, it involves X-rays. A recent episode of This American Life details the surreal nature of this CBP-induced time warp -- one it inflicted (repeatedly!) on a 19-year-old Hmong woman coming to the United States to reunite with her fiance.Yong Xiong was questioned by Customs officers at the Chicago airport. The CBP officer thought she was being trafficked and didn't believe the birth date on her passport. After a round of questioning meant to determine whether or not Yong was being trafficked, the CBP officer arrived at the conclusion she was, despite the officer marking "No" on ten of the eleven trafficking indicators.So, how does the CBP try to determine someone's age when officers don't believe the person or the documents in front of them? They call in a dentist. Yong's teeth were x-rayed to determine her age. This may involve science on the front end, but the back end is mainly educated guesswork.From This American Life's Nadia Reiman:

Pay what you want for the Lean Six Sigma Certification Training Bundle and you get access to the Design of Experiments (DOE) course and the Measurement Systems Analysis course. If you beat the average price on the site, you'll unlock 6 more courses including the Lean Six Sigma Green, Yellow and Black Belt courses, the Statistical Process Control course, and more.Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

Drug prices are sky high. This is not news. A bunch of incredibly dumb policy decisions have been stacked up for decades and brought us to this place where drug prices -- especially for life-saving drugs -- would bankrupt most people. A huge part of the problem is our patent system and how we literally grant monopolies to companies over these drugs. Combine "life saving" with "monopoly" and, uh, you don't have to have a PhD in economics to know what happens to the price. Add into that our fucked up and convoluted hospital and insurance healthcare system, in which prices are hidden from patients, and you have a recipe for the most insanely exploitative "marketplace" ever.The NY Times has taken notice of this and its editorial board recently put forth some partial solutions that could be done right away to ease the burden. This includes having the federal government flat-out seize patents:

If you've spent any time on Twitter, you've probably seen a rising tide of folks expressing worry about the health impact of 5G.

Biometric databases have a hunger for data. And they're getting fed. Government agencies are shoving every face they can find into facial recognition databases. Expanding the dataset means adding people who've never committed a crime and, importantly, who've never given their explicit consent to have their personal details handed over to federal agencies.Thanks to unprecedented levels of cooperation across all levels of government, FBI and ICE are matching faces using data collected from millions of non-criminals. The agencies are apparently hoping this will all work out OK, rather than create a new national nightmare of shattered privacy and violated rights. Or maybe they just don't care.

Between crowdsourcing and the explosion of indie video game developers, many of which are far more permissive in IP realms and far better at actually connecting with their fans, we are perhaps entering a golden age for fan involvement in the video games they love. And it's not just the indie developers getting into this game either; the AAA publishers are, too. One example of this came up last year, when Ubisoft worked with HitRECord to allow fans of the Beyond Good and Evil franchise to submit potential in-game music creations. On HitRECord, other fans would be able to vote and even remix those works. At the end of it all, any music Ubisoft used for Beyond Good and Evil 2 would be paid for out of a pool of money the company had set aside. Cool, right?Not for some in the gaming industry itself. Many who work in the industry decried Ubisoft's program as denying those who make music professionally income for the creation of the game music. Others called Ubisoft's potential payment to fans for their creations "on-spec" solicitations, in which companies only pay for work that actually makes it into the game, a practice that is seen as generally unethical in the industry. Except neither of those criticisms were accurate. Ubisoft specifically carved out a few places for fans to put music into the game, not the entire game. And the "on-spec" accusation would only make sense if these fans were in the gaming music industry, which they weren't. Instead, Ubisoft was actually just trying to connect with its own fans and create a cool program in which those fans could contribute artistically to the game they love, and even make a little money doing so.Fortunately, Ubisoft has apparently not let the criticism keep it from continuing with these experiments, as the company has put out the call for the same sort of program for its next Watchdogs game.

Another small victory for Constitutional rights comes via the same federal magistrate who previously rejected another law enforcement request to compel production of fingerprints to unlock a phone.In May, federal magistrate judge Ronald E. Bush said compelled production of fingerprints violates both the Fourth and Fifth Amendment. He declared the fingerprint application itself to be a search, one performed with the assistance of the suspect. There's the Fourth Amendment issue.And since the government hadn't provided evidence tying the suspect to the phone, producing fingerprints would provide the government with testimonial evidence it didn't have. The government wanted to search the phone for "indica of ownership" -- something it hoped to perform after it had already compelled production of fingerprints. The government had no "foregone conclusion" to work with, so forcing a suspect to give up information only they know (namely, possibly verifying ownership by unlocking the phone) implicated his Fifth Amendment protections against being forced to testify against himself.In this case, Judge Bush has handed down another denial [PDF]. Once again, the government wants to compel the unlocking of a device but doesn't have everything it needs. What the government does have isn't much. The evidence tying the suspect to child porn possession is mostly ephemeral: IP addresses, email addresses, and online accounts. Using this as probable cause, the government is asking to search electronics seized from a searched residence. (The government also wants to search the suspect's car, presumably in case any electronics are stashed there.)As the court points out, the government wants to do things to a phone it hasn't shown will actually need to have this stuff done to it. It's working off an assumption and that assumption isn't enough for the judge to agree to the government's proposed rights violations.