Techdirt

Because our government enjoys punishing people far more than it enjoys accountability, the DOJ is prosecuting another whistleblower. A former language analyst for the Air Force and NSA has been charged with espionage for leaking documents detailing the government's drone assassination program to The Intercept.31-year-old David Hale is the whistleblower at the center of the DOJ's latest prosecution. This now puts the Trump Administration at the top of the list for most journalist sources prosecuted for espionage, according to the Freedom of the Press Foundation.

This week, our first place winner on the insightful side is Thad with a thought about the YouTube ContentID fail that took down Beat Saber videos after the game was featured on Jimmy Fallon:

Five Years AgoThis week in 2014, the push for one of two NSA reform bills went somewhat sour as the better bill was watered down so much it got the support of NSA apologists and passed out of the House Judiciary Committee. Meanwhile, the new NSA boss was making extreme understatements about the agency's situation while the former boss (who was also setting up a cybersecurity consulting firm) was defending everything he did. In the UK, at least, parliament finally admitted Snowden's revelations revealed that oversight of the GCHQ was broken.Ten Years AgoThis week in 2009, anti-Google hysteria reached a fever pitch with comparisons to the Taliban, a grandstanding attorney general was threatening Craigslist's management with criminal charges, and pharma giant Merck was caught having created a fake science journal to praise its products. Some folks were making wild estimates about an unknowable number to support their copyright agenda, claiming the leak of the Wolverine film cost millions at the box office, the RIAA was demonstrating the meaninglessness of its recent promises by continuing to file lawsuits, and we saw the formation of a famous copyright nonsense triangle when Cat Stevens stepped in to say Coldplay copied him, not Joe Satriani. We also took a look at all the ways Italy had been demonstrating a very troubling view of the internet.Fifteen Years AgoThis week in 2004, while lots of people were grappling with the unresolved legal implications of WiFi, one smart commentator was cluing in to the fact that camera phones provided the public a way to fight back against surveillance by watching the watchers and filming things like, say, police misdeeds. The mess that was (and is) the patent system was getting some mainstream media attention, as was the ongoing failure of record labels to adapt to the internet (them being too busy suing a grandmother who decided to fight back). The Google IPO had everyone excited about the company (enough to start gobbling up every domain name with "Google" in it), while a meaningless but amusing clerical error led to Microsoft patenting a new breed of apple.

For many, many years now we've been talking about why Congress needs to bring back the Office of Technology Assessment that existed from 1972 until 1995 when Newt Gingrich defunded it as part of his "Contract with America" which apparently (who knew?) included making Congress more ignorant and less informed about technology. Year after year, some in Congress have proposed bringing back the OTA, but it keeps getting voted down. Just recently, we had two Congressional Representatives -- Rep. Mark Takano and Rep. Sean Casten -- write a piece here at Techdirt arguing why we need to bring back the OTA.And it might actually be happening. While Gingrich defunded the OTA in 1995, the law creating it is still on the books. Congress doesn't need to pass any new law to bring it back, it just needs to fund it again. And, perhaps surprisingly, the House put forth an appropriations bill that includes $6 million towards reviving the OTA.Earlier today, a very broad coalition of organizations and individuals (including our sister organization, The Copia Institute) sent a letter to the Senate urging it to support this small level of funding to better educate themselves on technology and technology policy issues. This is not a partisan issue in the slightest (as should be obvious from the coalition of signatories on the letter). This is an issue about spending a very small amount of money to make sure that our legislators actually know what the fuck they're talking about when they're trying to understand and regulate around technology issues.

A few years ago, the National Highway Traffic Safety Administration brought down the heat on itself by teaming with local law enforcement to set up roadside blood/saliva draws. The plan was to compile data on impaired driving, but the "voluntary" sample stations were staffed by cops who flagged motorists down, leading many to believe this was just another DUI checkpoint.Now that the NHTSA is out of the picture, local law enforcement is taking care of this itself. Only it very definitely is mandatory and any data-gathering would be incidental to the real purpose of these checkpoints: arresting impaired drivers. It's 2019 in America and we can only now proudly say we're the Home of the Roadside Blood Draw.

While copyright trolling has continued to be a scourge across many countries, America included, there have finally been signs of the courts beginning to push back against them. One of the more nefarious trolls, Strike 3 Holdings, masquerades as a pornography company while it actually does the far dirtier work of bilking internet service account holders based on non-evidence. Armed typically with nothing more than IP addresses, the whole trolling enterprise relies on using those IP addresses to have ISPs unmask their own customers, under the theory that those customers are the most likely infringers of Strike 3 content. The courts have finally begun catching on to how faulty the very premise is, with more than one judge pushing back on IP addresses even being actual evidence.It's a list that continues to grow, with one Judge in Florida apparently taking issue with the use of IP addresses entirely.

Update: Paul Levy has now put up his own blog post about the case, with many more details. It is worth reading.We've written a few times now about copyright troll Higbee and Associates, which has a long track record of sending highly questionable (to outright bullshit) copyright demands to various people on the internet. Many of the demands are absurd. Frequently the images don't have a registered copyright. Sometimes, it's not even clear if the "client" holds any copyright at all. The demand letters usually come with misleading and threatening language -- often demanding way more than any license would ever bring in.Public Citizen's Paul Levy has been tracking Higbee for quite some time now, and representing a few people who have been hit by Higbee letters. And now he (along with Stanford's law clinic) are taking Higbee to court for declaratory judgment of non-infringement on yet another bogus and exaggerated Higbee threat. The background is quite interesting. Kevin Schlossberg runs a forum website about knives called Blade Forums. Way back in 2007, a user of Blade Forums wrote about the use of wood burls for knife handles -- and in the process deeplinked a photograph taken by Quang-Tuan Luong, and posted on Luong's own website, Terra Galleria.Schlossberg did not host the image. Schlossberg actually had no idea about the deeplinked image at all until Higbee showed up demanding $2,500. In response, he did change the hotlinked image into just a URL, but Higbee still demanded $2,500. Schlossberg did a bit of internet sleuthing and pointed out that this clearly wasn't infringement since he wasn't hosting the image, and pointed to the various Perfect 10 cases. In response, Higbee doubled down, and insisted that the Perfect 10 rulings had been narrowed recently (they have not), that fair use doesn't matter, and that since Schlossberg had only just registered a DMCA agent, that he was not at all protected by the DMCA's safe harbors.At this point, Paul Levy stepped in and wrote one of his standard letters to Higbee detailing how almost everything that Higbee's staff was claiming was wrong. As per usual, it's worth reading the entire letter (which is at the end of the filing as the final exhibit), but here's a snippet:

Early this March, documents obtained by NBC San Diego showed the DHS was targeting journalists. activists, and immigration lawyers for enhanced screenings and device searches by the CBP. The previously-secret database held dossiers on people suspected of doing nothing more than participating in Constitutionally-protected activity.The DHS provided no explanation for this collection of dossiers. The CBP attempted to explain its participation in rights violations by first claiming it was necessary to secure the border. Then it said every one of the 59 journalists, lawyers, and activists in the leaked documents were "present" during "violence" that "broke out at the border" last November. That these people would be present at such an event is unsurprising, given the amount of attention being paid to our southern border and immigration in recent months. That the CPB would decide this justifies dossiers, enhanced screenings, and invasive device searches is a bit more disturbing, as it has the potential to negatively affect a number of Constitutional rights.The Center for Democracy and Technology -- along with dozens of humans rights activists and journalist entities -- have sent a letter to the head of the DHS, demanding this surveillance stop immediately and that an investigation be opened to determine this effort's origins, as well as its extent. It also demands DHS and CBP hand over all policies, guidelines, and documents detailing what information the agencies collected during this possibly-unlawful surveillance.But there's more to the letter than demands and expressed concerns. CDT's letter also recounts further details that have come to light over the past couple of months, including ICE joining the unconstitutional party to engage in immigration and customs enforcement by… surveilling political protests?

The Microsoft Network and Security Fundamentals Certification Bundle has two courses to help you study and prepare for Microsoft Networking Certification Exams. The first course covers all 3 domain objectives of the MTA 98-366 certification exam. The second course prepares you for the MTA 98-367 certification exam. The bundle is on sale for $15.Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

For a few years now we've been covering an absolutely ridiculous copyright lawsuit against Conan O'Brien claiming he and his staff had "stolen" jokes from some guy making silly one-liners on Twitter. As we noted at the time, most of the jokes at issue in the trial were topic jokes that likely lots of people might come up with. Here's one example of one of the key jokes in the case:

We've talked often about how the nation's phone companies, now fixated on video and online advertising, have effectively just been letting their DSL and phone networks fall apart while still charging exorbitant rates. Not only did these companies take billions in taxpayer dollars to build these older copper-based networks, they took billions more in subsidies for fiber upgrades they never fully deployed. Yet increasingly we've watched as they've refused to upgrade or even repair their networks across countless states, leaving customers trapped with expensive service that often doesn't even meet the FCC's standard definition of broadband (25 Mbps).This problem has often been exemplified by Frontier Communications in West Virginia, where local Charleston Gazette reporter Eric Eyre has quietly done an amazing job the last few years chronicling the state's immense corruption and dysfunction, from the state's use of broadband stimulus subsidies on unused, overpowered routers and overpaid, redundant consultants, to state leaders' attempts to bury reports supporting allegations that Frontier engaged in systemic, statewide fraud on the taxpayer dime.Though not quite as profound, similar problems have plagued Frontier's operations in the state of Minnesota. The Minnesota Attorney General's office has been investigating whether Frontier violated state consumer-protection laws for a while now, and not long ago issued a 133 page report (pdf) detailing how terrible the company is at maintaining and repairing its network despite endless taxpayer subsidies. The report clearly illustrated a pattern of the company letting outages go on for months at a time, often putting paying customers at risk:

One of the biggest wins for the general public in recent years was when the Court of Justice of the EU (CJEU), the region's highest court, ruled in 2014 that the 2006 Data Retention Directive was "invalid". That naturally didn't go down too well with many of the governments in the EU, who were keen to keep it for surveillance of their populations. Almost immediately, the European Commission began to "examine the best options for the way forward as regards the retention of telecommunications data", as Erich Möchel reported in 2015. More recently, Statewatch published a draft of an internal document from the Council of the EU (pdf), outlining the EU's plans to re-instate obligatory data retention, while an updated version was obtained and released by ORF.at (pdf). The differences between the two versions give a hint of how the EU might try to play this. The earlier one says:

Apple, the company, has long made it known that it believes that only it can use an apple, the fruit, in a corporate logo. This rather incorrect belief has led the company down some rather silly trademark roads, including disputes with all kinds of companies in unrelated industries, as well as disputes with some political parties for some reason. It's all been delightfully insane and all led by Apple's insistence that it has trademark rights that are far more broad than is the reality.But just when you think it can't get more absurd, Apple goes ahead and files an opposition and sends out cease and desist notices...over a German bicycle path. I fear some explanation may be necessary.

Via the Fifth Circuit Court of Appeals comes a depressing tale about how cheap life is in jail, even for those who haven't been convicted of a crime.It starts with a family argument. Jose Luis Garza was intoxicated and arguing with his brother. His mother expressed her fear for his safety to the Donna police officers she had called, stating she "feared for his life" and was "afraid he would hurt himself." The officers provided the only assistance they knew how to give: they arrested Garza, charging him with "assault by threat."Garza was taken to the PD's holding facility -- not a prison or jail but somewhere for cops to stash arrestees until they were moved to an actual prison/jail. Garza was placed in a cell with a camera, but soon after being put there, he blocked the camera. The person monitoring the cameras did not notice it had been blocked. This DPD employee claimed watching the cameras wasn't her job once the jailers started their shifts.The jailers started their shift at 8 a.m. They were required to check on detainees every hour. These officers -- Esteban Garza and Nathan Coronado -- may or may not have heard Jose Garza banging on his cell door to get their attention. The record simply doesn't show. The jail log shows a cell check was performed at 8:10 a.m., but there's reason to doubt this check was ever performed. More on that in a bit.When the jailers arrived, they began the important work of… making posters. From the decision [PDF]:

Lots of folks are talking about a new opinion piece in the New York Times by Chris Hughes, one of the small group of college buddies of Mark Zuckerberg who are often called "co-founders" of the company. Hughes left pretty early, and has dabbled (unsuccessfully) in politics and (unsuccessfully) in media. The key point of the opinion piece is obvious from the title: It's Time to Break Up Facebook.It is absolutely worth reading and thinking about. It's also does not make a very compelling argument. It does seem to have people who already think Facebook should be broken up declaring that it's a compelling argument, but that's because it's confirming their prior feelings, not because of anything in the article. To be clear: I'm actually on the fence about the idea of breaking up Facebook. I've previously discussed why I think Elizabeth Warren's plans to break up all of the big internet companies don't make sense, but as a short version, my main issue is that I'm not sure any of these plans actually solve the problems people think they will solve (for a debate on this, listen to my podcast with Cory Doctorow where he and I disagreed over this point).Facebook's value comes from the fact that it's a global service in which everyone can reach everyone. So, you couldn't break up "Facebook" in a way that separates the company into, say, geographic regions or that limits the overall reach of the company. Instead, most of the focus is on splitting off some of its big acquisitions, mainly Instagram and Whatsapp, to create "competing" social media and messaging platforms. Again, I'm not totally against this idea -- it's the cleanest possible setup and at the very least would create some greater competition -- but I'm not convinced that it actually solves any of the "problems" people are really concerned about, such as the company's sucking up lots of data on everyone and (sometimes) exposing some of that data to those who shouldn't have it. It is possible that a broken up Facebook faces more competitive pressure to be a better actor in the space, but I'm not really sure how true that is. For all the claims of people being concerned about privacy, their own actions don't show that in practice. If people were truly concerned about these issues, we'd see more movement to other kinds of platforms, but we haven't yet seen that.So, I'm not convinced that cleaving off Instagram and Whatsapp would necessarily be bad, but I'm equally confused as to how it would actually help deal with any of the concerns people normally raise.That's my bias. Now, let's dig into Hughes' piece.

Fear sells.Fear has always sold. It has sold wars to the public, both real and imagined. It has propelled the endless funding of the War on Drugs and the War on Terror. It has sold the killing of unarmed citizens by police officers to courts. It has sold the diminishment of our Constitutional rights, most notably at our borders. It has sold surveillance creep -- the steady encroachment of cameras in public areas, increasingly coupled with tech that makes anonymity a historical relic.It has sold newspapers and brought eyeballs to newscasts. As the public has shifted its news consumption to the web, the fear salesmen have followed, ensuring what bleeds still leads, even online.The public still buys it, even when the facts don't back up the narrative. A decade of historically low crime levels has made little dent in the public perception that we live in a country overrun by drug cartels, sex traffickers, and assorted lowlifes hellbent on separating us from our possessions and lives.All of this information is a Google search away, but it's ignored in favor of what still brings viewers to websites and funding to government agencies. This would all be sad enough if it weren't for a new wave of tech companies behaving like newspapers riding the fine line between information and sensationalism.Rani Molla's report for Vox about the rise of snitch apps and the use of "neighborhood" platforms to encourage racial stereotyping under the guise of "safety" is a depressing read. But it's a worth a read nonetheless. People apparently love to be afraid, and there's a long list of tech companies willing to indulge this urge.

GlassWire Elite is an all-encompassing safety solution, monitoring your network completely, tracking host change, erecting a secure firewall, and displaying everything visually so you have ultimate control. It'll even track the network activity occurring while you're away, so you can always be in the know of just what your computer has been doing. You can get a 3 year subscription for only $30.Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

You might have noticed in the last week or two that President Trump has suddenly jumped on the silly bandwagon suggesting that internet platforms like Facebook and Twitter don't have a right to kick people off of their platforms. There have been a bunch of misleading tweets he's made, but we'll just post this one that kicked it all off:In it, Trump says:

CBS isn't exactly known for making coherent decisions. You'll probably recall the company sued Dish Network for simply developing DVR ad-skipping technology consumers asked for. It then went so far as to ban its subsidiary CNET from giving Dish an innovation award for the technology at CES. There was also that time the company sued the public domain for simply existing, or those numerous times it obnoxiously hassled Star Trek fans for their fan service.But this week the company did something exceptionally idiotic, even for CBS. Over at the company's CBS All Access streaming video service, some of the company's TV shows have taken some additional liberties traditionally restricted on broadcast television. Characters on its "Star Trek: Discovery" spin off, for example, now occasionally say "fuck." And its show "The Good Fight," a spin off of its broadcast show "The Good Wife," occasionally takes some more pointed stances politically than its more ambiguously scripted predecessor.One recent episode featured a 90-second animated musical segment written by Jonathan Coulton, poking fun at Chinese censorship, the country's terrible treatment of dissidents, the 1989 Tiananmen Square Massacre, and President Xi Jinping's behavior. CBS's response? To try and completely censor the musical segment:

Is this good news or bad news? It's tough to say. The London Metro Police are proud of their many cameras and their cameras' many features, but there doesn't appear to be any improvement in the facial recognition tech its deploying.Three Freedom of Information requests sent to the Metro Police last year returned documents showing its tech was reporting nothing but false positives. The first response reported a 98% failure rate. A follow-up request generated an admission of a 100% failure rate by the Metro's tech. Now another set of FOI requests has gathered more data from the Metro Police and it appears past reports of consistent failure were pretty indicative of future results.

USA Today has scored a coup. It has partnered with police accountability nonprofit Invisible Institute to obtain misconduct records from around the nation. These paint a pretty bleak picture of American policing -- not just in the number of incidents, but in the number of incidents that go unpunished.Public records requests have resulted in thousands of documents detailing at least 200,000 incidents of alleged misconduct, along with more than 100,000 internal investigations. The database is completely searchable and leads readers, reporters, researchers, etc. directly to the underlying documents.Here are the morbid stats this database has produced:

At this point, it's plainly obvious that YouTube's ContentID platform for doing automated takedowns of videos that supposedly infringe on copyrights is a full on mess. That mess is multi-pronged. The filters themselves suck at identifying actual infringement, and throw up all kinds of false positives. The filters are also so broadly applied that building any nuance into what is blocked and what isn't is basically impossible. Finally, the whole system is so wide open for abuse that it's laughable.The latest iteration of this concerns Beat Saber, a virtual reality rhythm game where you essentially wield two lightsabers to match the beats and rhythms that go along with the music. The game has become so wildly popular that it was recently featured on The Tonight Show with Jimmy Fallon. That's where things went sideways.

We've noted for years how broadband providers have increasingly imposed arbitrary, confusing, and punitive usage caps and overage fees to cash in on the lack of competition in US broadband. Not only have industry executives admitted these limits aren't technically necessary, they've increasingly been abused to hamstring competitors. AT&T, for example, doesn't impose the limits on its broadband customers who use its streaming video service (DirecTV Now), but will impose the added charges if you use a competitor like Netflix.For many years ISPs have slowly but surely imposed such limits hoping that consumers wouldn't notice (think of the frog in the pot of boiling water metaphor). But as streaming services have increasingly embraced high-bandwidth 4K streaming, consumer usage has started to push back hard against some limits. For example, Charter Spectrum last week noted that the average Charter subscriber (one that doesn't subscribe to traditional TV) consumes just over 400 gigabytes of data per month:

The legal uncertainty created by the General Data Protection Regulation (GDPR) is becoming so common, it’s starting to go unnoticed. In yet another recent example, Poland’s data protection authority (DPA), UODO (“Urząd Ochrony Danych Osobowych” in Polish), fined a European company over €220,000 for failing to comply with a GDPR requirement that companies provide individuals with privacy notices. While it hasn’t drawn considerable attention, this case could have considerable implications for many other European companies. The sanction cuts through expectations that data protection authorities (DPAs) will play a constructive role of both regulators and advisors under the GDPR, and it illustrates that the need to clarify the European privacy law is ever more urgent.Bisnode, a European digital marketing company that specializes in data analytics, had collected and processed personal data from publicly available registers on six million individuals to provide creditworthiness scores to banks. The company used its access to the email addresses of about 679,000 users to inform them of the processing of their personal data—to which, out of a sample of 90,000 users, only 10 percent objected. But the operational costs of sending letters to the remaining 5.7 million users whose emails were unavailable would amount to €8 million of postal charges, an estimate which did not even include the related administrative costs. As a result, the company decided to publish a general statement on its website to alert the remaining data subjects. However, the Polish DPA decided that Bisnode did not go far enough in upholding its obligations under the GDPR.The decision to sanction this company is misguided and sets a worrying precedent for two reasons. First, this penalty is a direct consequence of the privacy law’s vague provisions and misleading language, which EU policymakers must urgently clarify. Under Article 14 of the GDPR, organizations collecting and processing personal data must provide privacy notices directly to data subjects. But this obligation does not apply in case providing this information is “impossible, or would involve a disproportionate effort.” The Polish company thought it had fulfilled its obligations under the GDPR, as the exorbitant cost of reaching out to the remaining users could trigger this exception. But while accepting the company’s calculations, UODO regulators did not assess that €8 million would constitute a sufficiently “disproportionate effort.” What is more, because the GDPR is not prescriptive about how companies must provide users with information, UODO claimed that the law does not oblige them to inform users specifically via registered post. Hence UODO considered that a public statement was insufficient because the company could have used other solutions such as sending SMS messages, even though Bisnode did not have telephone numbers for everyone and the costs of doing so would have been high.Second, this decision calls for a clarification of the role of DPAs under the GDPR. The company had taken a number of proactive steps to comply with the GDPR, yet UODO saw it as nothing more than proof that it was aware of its obligations and thus had intentionally violated them. DPAs should not impose penalties when there is ambiguity in the rules and companies are making an honest effort to comply. Instead, DPAs should play the role of educators so as to facilitate companies’ complex journey towards compliance. Before imposing penalties, they should take into account whether companies acted in good faith when establishing compliance strategies, the extent to which they have implemented compliance procedures internally, and the degree of interpretability of the provisions in question.Many EU companies have yet to comply with the privacy law and do not expect that they ever will. EU policymakers should realize that the privacy law’s strict and complex requirements may be the main reason why. But the Polish decision shows that compliance may not even be enough. Companies cannot interpret unclear regulations, so they will continue to face unpredictable decisions. Even if a company appeals a decision, it will take time before the final outcome establishes jurisprudence.EU policymakers and data protection authorities should focus on clarifying the legislation, specifying the technical requirements to provide information, and take into account the costs and difficulties compliance may impose on companies in some cases. Otherwise European businesses will continue to face difficulties interpreting and complying with the GDPR.Eline Chivot is a senior policy analyst at the Center for Data Innovation, based in Brussels. Daniel Castro is the director of the Center for Data Innovation and vice president of the Information Technology and Innovation Foundation.

You don't own the exploits you've created. That's the lesson the NSA has learned over the past few years as its hacking tools have made their way into the public domain via leaks. Of course, the harshest parts of this lesson have been felt by the general public, rather than the NSA, however. The leaked tools were swiftly repurposed to generate a new strain of ransomware, which took down dozens of businesses and government services around the world.But it's not just a random assortment of internet baddies wreaking havoc with NSA hacking tools and exploits. It's also state-sponsored hackers making use of these tools. A report from Symantec shows other nations are more than willing to turn our state-sponsored attacks against us -- demonstrating the danger of engaging in a cyberwar using weaponized code.

Your car needs routine checkups to ensure its health. Keep tabs on your car's health with the KOBRA. This wireless scanner can interpret over 3,000 code definitions of generic and manufacturer-specific trouble codes. You just need a WiFi connection and you can diagnose any car problem and unlock massive amounts of data on your car's performance in real time. It works on all cars manufactured after 1996, and is compatible with apps like DashCommand, OBD Auto Doctor, and Torque Pro. It's on sale for $15.Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

There's an unfortunate belief among some internet trolls and grandstanding politicians that Section 230 of the Communications Decency Act requires platforms to be "neutral" and that any attempt to moderate content or to have any form of bias in a platform's moderation focus somehow removes 230 protections. Unfortunately, it appears that many in the press are incorrectly buying into this flat out incorrect analysis of CDA 230. We first saw it last year, in Wired's giant cover story about Facebook's battles, in which it twice suggested that too much moderation might lose Facebook its CDA 230 protections:

We've long discussed how the Pai FCC's net neutrality repeal was plagued with millions of fraudulent comments, many of which were submitted by a bot pulling names from a hacked database of some kind. Millions of ordinary folks (like myself) had their identities used to support Pai's unpopular plan, as did several Senators. Numerous journalists have submitted FOIA requests for more data (server logs, IP addresses, API data, anything) that might indicate who was behind the fraudulent comments, who may have bankrolled them, and what the Pai FCC knew about it.But the Pai FCC has repeatedly tried to tap dance around FOIA requests, leading to several journalists (including those at the New York Times and Buzzfeed) suing the FCC. Despite the Times' lawyers best efforts to work with the FCC to tailor the nature of their requests over a period of months, the agency continues to hide behind FOIA exemptions that don't really apply here: namely FOIA exemption 6 (related to protecting privacy) and 7E (related to protecting agency security and law enforcement activity).In court filings made last week, the FCC also reiterated its claim that the primary reason it won't release more data is because it's just super concerned about user privacy:

Because it's so much easier to bust websites than actual criminals, police in Israel have decided to arrest the people behind a dark web site that made the dark web searchable. Zack Whittaker has the details for TechCrunch.

As many of you will be aware, there is a small town in South Dakota, Sturgis, that turns into the place to be if you're into motorcycle rallies. Many of you may not be aware, however, that this rally and town have become the center of a years-running trademark dispute. Sturgis Motorcycle Rally Inc. (SMRI), which helps put on the rally, moved to trademark the name of the town and the rally, and then began bullying local Sturgis businesses for daring to use the town's name or the name of the event. This was done, according to SMRI, for the purpose of protecting the event and town, which makes little to no sense. In the end, the two trademarks in question were one that was a geographical name and one that was almost purely descriptive of a social event.As it turns out, subsequent rulings on the matter did not go in SMRI's favor. This is creating some confusion in Sturgis, as SMRI's strategy for dealing with the legal losses appears to be simply pretending that they didn't occur.

As Techdirt noted a year ago, the entertainment industry has been trying to convince the authorities around the world that "fully-loaded" Kodi boxes, which allow the viewing of unauthorized video streams, are the devil's spawn, and must be eradicated. That obsession has led to efforts to stop even vanilla Kodi boxes being promoted and sold, despite the fact that the open source software they run is perfectly legal. TorrentFreak has a report about the latest salvo in this war on Kodi, and its interesting consequences.It concerns a third-party Kodi add-on called "Exodus", which, like many others, allowed unauthorized streaming videos to be viewed with little effort. The excellent design and resulting popularity of Exodus meant that it was soon targeted by copyright companies. The pressure worked, and the development of the add-on was halted, leaving millions of happy users somewhat less happy. But Exodus had an important hidden feature: it was released under an open source license. That meant that anyone could pick up the code and continue its development independently of the original, without needing to ask permission from anyone. As TorrentFreak points out, that is precisely what has happened, and on a surprisingly large scale. The TVAddons site recently published an article that discusses 12 forks of Exodus, which is only part of the Exodus ecosystem: "Too many Exodus forks are out there to investigate them all."This "hydra" effect -- chop off one head, and two grow in its place -- makes eliminating open-source add-ons for Kodi extremely difficult. Although individual developers may be persuaded to stop working on a particular fork, the code is still out there, and can easily be maintained and improved by others. Since the latter can be anywhere in the world, that makes shutting them down even harder. However, TorrentFreak rightly notes that this doesn't mean that the efforts of the copyright companies are entirely in vain:

The regulation of technology is an extremely important issue that impacts all our lives, but it tends to take a back seat in the world of mainstream politics, and when it does come to the fore, the lack of knowledge on display among elected representatives can be... disheartening, to say the least. In some ways that's starting to change as a generation of people who grew up with modern technology gets more and more involved in politics, but we're still a long, long way away from having a majority of tech-savvy (or even tech-literate) lawmakers. This week, we're joined by lawyer and pioneering law blogger Denise Howell to discuss the challenge of even determining whether a politician knows what they are talking about when it comes to tech.Follow the Techdirt Podcast on Soundcloud, subscribe via iTunes or Google Play, or grab the RSS feed. You can also keep up with all the latest episodes right here on Techdirt.

Some CIA phone hacking tools made their way into the wild back in 2017. It didn't take long for the DOJ to find a suspect to charge. Joshua Schulte, a former NSA and CIA operative, was hit with a long list of charges, including espionage, child porn possession, and (at least momentarily) copyright infringement -- the last one on the list being the result of feds discovering a bunch of pirated movies and music on Schulte's server.As this prosecution has slowly moved forward, it has gotten wilder. The DOJ claimed Schulte was continuing to leak classified info, even after being jailed while awaiting his trial. According to the DOJ's filing, Schulte was using a number of smuggled-in phones to smuggle out classified documents turned over to him by the DOJ in response to discovery requests. The government's filing also made mention of "significant encryption" stymieing its attempts to break into Schulte's contraband phone but left the definition of that term open to discussion.Marcy Wheeler (of Emptywheel) was the first to come across Josh Schulte's latest filing in his case. And it's… something. Schulte has been openly critical of his incarceration and the US prison-industrial complex generally. Now, he's attempting to nail down the specifics by filing a complaint [PDF] against the US government for depriving him of a number of his rights and demanding, in a Dr. Evil-esque move, 50 BILLION DOLLARS.The 88-page [!] complaint opens with Schulte's handwritten claim the government has ended a career headed for Bill Gates/Jeff Bezos-level personal fortune. The "Relief" section says:

It is possible that if the Ninth Circuit panel truly realized how badly it messed up Section 230 it might have thought twice about it. So we’ve asked the court to give it a second thought. As did Airbnb and Homeaway, who were most immediately affected by the Ninth Circuit’s recent decision in their challenge of the Santa Monica ordinance that, like the San Francisco ordinance, and ordinances increasingly sprouting up around the country, seeks to make them liable for their users’ expression.The problem: that’s exactly what Section 230 is supposed to prevent – holding a platform liable for user generated content that is wrongful in some way. If Santa Monica, San Francisco, and all those other cities want to make it illegal for people to list homes to rent, that’s fine. It may or may not be good local policy, but it won’t break the Internet. What breaks the Internet is when the law doesn’t just make people legally responsible for their own expression but makes the platform they used to express it liable for it too. Section 230 is supposed to prevent that, because if platforms can be held liable for all the myriad things that can be wrong with all the enormous amounts of user expression they intermediate, then they won’t be able to be platforms anymore. It will simply be too expensive to mitigate and manage this risk, at least not in a way that doesn’t result in enormous amounts of censorship of user content that isn’t even legally wrongful at all.So Airbnb and Homeaway filed a petition for rehearing and rehearing en banc to ask the Ninth Circuit to review their case again, and last week the Copia Institute, along with the R Street Institute, filed an amicus brief in support of their petition. In our brief we reminded the court of what we have discussed here. First, that threatening platforms with liability forces platforms to have to monitor all their user expression, which may or may not even be possible, and at the expense of any monitoring that might be more effective. For instance, in this case, all these cities are asking Airbnb and Homeaway to ensure that every listing it allows to be rented be compliant with the registration requirement, but it might be better if instead they could focus their resources on building a more usable and secure platform, helping to eliminate fraud, or working to satisfy any other priority that would benefit the public more. Threatening platforms with liability for user content inevitably co-opts platforms’ resources, diverting them away from the sort of beneficial monitoring Congress tried to incentivize them to do with Section 230 and into monitoring that is solely self-protective.Secondly, it may likely not even be possible for platforms to do enough monitoring to protect themselves. Although the Ninth Circuit’s decision spoke to the Santa Monica ordinance, there is nothing about the decision that is limited to this specific ordinance in this specific city. A core problem with the decision is the degree to which the court minimized how difficult it will be for Airbnb and Homeaway to even just monitor their user listings to see if they comply with even just this registration requirement in even just this city. But other cities now have ordinances too, thus vastly expanding the task. There is also nothing in the decision that limits what the ordinance can demand for compliance – today it may be registration, but tomorrow it might be habitability concerns, which are even more infeasible for platforms to police, or any other arbitrary policy demand. And there is nothing limiting this tearing open of Section 230’s pre-emption provision preventing local liability from being imposed on platforms for user content to just this sort of local regulation relating to short-term rental platforms. It opens the door to absolutely everything every jurisdiction everywhere can dream up to hold against platforms. There is no way for platforms to be able to successfully monitor every regulatory demand every jurisdiction can make on user expression, so they will either give up and shut down completely or adjust their practices to comply with the most restrictive jurisdiction’s demands and ultimately end up censoring an awful lot of perfectly lawful content – or both. Section 230 was supposed to prevent platforms from finding themselves in this impossible position, and our brief reminded the Ninth Circuit of this fact.Also, as we previously pointed out, the fundamental error of the decision is that it split out facilitating the hosting of user expression from the facilitating of a transaction related to that user transaction. If this were a legitimate distinction, it would make it impossible to ever monetize one’s platform services, because every revenue transaction would always be connected to user content that could be wrongful. It doesn’t do anything to insulate platforms from the hosting of that content if it doesn’t insulate them from being able to afford to host that content. A decision like this one directly threatens the commercial viability of the Internet, which is definitely not what Congress wanted to have happen when it passed Section 230 in order expressly to protect that economic vitality.

The Project Management Professional Certification Training Bundle features 10 courses designed to get you up and running as a project manager. You'll prepare for certification exams by learning the fundamental knowledge, terminology, and processes of effective project management. Various methods of project management are covered as well including Six Sigma, Risk Management, Prince and more. The bundle is on sale for $49.Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

As you'll recall in the run up to passing FOSTA last year, supporters of the bill -- backed in secret by Hollywood lobbyists whose sole goal was to create liability for internet companies and force them to install filters -- kept insisting that it was all about "protecting women." There was an infamously misleading Public Service Announcement that supporters of the bill put together, staring into the camera and talking grimly about how necessary it was to amend Section 230 to save women. It starred a bunch of famous actors, including Amy Schumer, Tony Shalhoub, Josh Charles, Seth Meyers, and others.Of course, since FOSTA passed, it has yet to be used against any website. Indeed, the website that everyone kept holding up as proof for why FOSTA was needed, Backpage, was actually shut down a week before FOSTA became law under existing laws.And yet, FOSTA has created tremendous real world damage. A bunch of sites and individuals have been silenced out of fear that it might be used against them, creating massive chilling effects -- including chilling effects on advocacy and information providing groups who try to help sex trafficking victims, but who now may violate FOSTA in continuing to do that work.Lura Chaberlian has now published a deep dive into how FOSTA is a "hostile law" with "a human cost" for Fordham Law School. The quick summary of the paper is that FOSTA hasn't done anything to help sex trafficking victims, but has created real harms for many women, especially those engaged in consensual sex work.

Back in March, the Pai FCC proclaimed that new FCC data indicated that the agency's decision to effectively neuter itself at telecom lobbyist behest was resulting in vast, wonderful benefits for American consumers. According to the FCC, its blind fealty to AT&T, Verizon, and Comcast quickly resulted in massive steps toward "closing the digital divide," something Pai has repeatedly claimed is the top priority of his tenure:

An 18-year-old resident of New York City is suing Apple for $1 billion. His lawsuit alleges Apple uses facial recognition technology as part of its stores' security systems and that this led directly to him being accused of multiple thefts across a handful of states… despite him bearing zero resemblance to the thief caught on tape.Ousmane Bah's lawsuit [PDF] alleges Apple failed in its duty of care by attributing all these thefts to him, despite him not being the thief, resulting in numerous harms and injuries.

We cover a fair amount of video game news here, with much of it revolving around either intellectual property concerns or the common claims that video games are responsible for all the world's ills. The latter posts can be separated into two categories: one in which the violence in games is blamed for violence in the real world and one in which those who do not enjoy the medium blaming games for producing young people who those same people decide are deficient in some way.It's enough to make you think there are really only two camps. One camp thinks video games are evil in all of the possible ways. The other camp thinks video games are great in all of the possible ways. But this isn't how the real world works. Like any other artistic medium, some products are good, some are not. Some are wholesome or thought-provoking, while others are empty calories. Even the notion that video games are solely an artistic or entertainment medium is a false premise, as demonstrated by a recent use of gaming to help identify Alzheimer's Disease before serious symptoms show up.

Former Michigan State Trooper Mark Bessner is going to jail. Bessner originally faced a second-degree murder charge for tasing a teen riding an ATV, but was ultimately convicted of a lesser charge. The details here are provided by the New York Times, which seems to be trying to further exonerate the former law enforcement officer with its reporting.

Much of the time we bring up the Trademark Office and the trademarks it approves or denies, our focus tends to be on how the general posture seems to be one geared towards approval and the often laughable approved marks that come out of that. The only example I'm going to continue to cite of this ridiculousness in these trademark posts is going to be that of the San Diego Comic-Con, which somehow has an approved trademark on "comic-con" and its variants, despite that being a plainly descriptive mark. The chaos that has caused has resulted in ongoing coverage here, but it is hardly the only example.Making it all the more frustrating are the occasions when the Trademark Office gets things right. One will occasionally catch glimpses of the USPTO doing nuanced analysis and actually applying the standards of trademark law and public confusion, and denying a trademark application. For instance, Universal Music Group attempted to get a trademark for the phrase "As Heard On TV" for its music catalog of tracks designed to be used in television. That application was denied.

This is the price we're paying to win fight stand our ground during participate in a drug war. We take criminals under our wing, turn them into informants, and send them out into the general population to engage in criminal activity -- all under the assumption this will eventually lead to the dismantling of a drug cartel.Of course, this is the same rationale propelling civil asset forfeiture. But no matter how much property is taken from people never charged with crimes, drug cartels remain intact and their products continue to flow into the country. But that's only dollars and cars and houses lost. This case [PDF] -- presided over by the Tenth Circuit Appeals Court -- deals with the loss of innocence and life… all at the hands of a DEA informant.The backstory of the DEA informant is so much easier to take than the backstory of the lawsuit, so we'll start there.

Students socialize via the internet more often than not... you know, just like the rest of us do. More and more frequently, they're being surveilled by their schools. This first came to light a half-decade ago, when documents surfaced showing a California school district had purchased social media monitoring software to keep tabs on its students. Similar stories followed, including one incident where a test publisher admitted to monitoring social media posts of students taking its tests.In about half the country, this is now standard operating procedure for schools. The Brennan Center for Justice reports schools are purchasing social media monitoring tools with increasing frequency, allowing them to track and surveil students far past the borders of the school grounds.

The Complete Machine Learning A to Z Bundle has 9 courses designed to help you become proficient with this important technology. Deep learning isn't just about helping computers learn from data—it's about helping those machines determine what's important in those data sets. This is what allows for Tesla's Model S to drive on its own or for Siri to determine where the best brunch spots are. You'll learn TensorFlow, Python's scikit-learn, Apache MXNet, PyTorch, and more. You'll learn how to build chatbots with Google DialogFlow and Amazon Lex, and you'll learn to build voice apps for Amazon Lex. It's on sale for $35.Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

Like a teenaged heterosexual boy, it appears that Facebook has no clue how to deal with naked female breasts. Going back over a decade, the quintessential example used to show the impossibility of coming up with clear, reasonable rules for content moderation at scale is Facebook and breasts. In the early days, as Facebook realized it needed to do some content moderation, and had to establish a clear set of rules that could be applied consistently by a larger team, it started with a simple "no nudity" policy -- and then after that raised questions, it was narrowed down to define female nipples as forbidden. As a wonderful episode of Radiolab detailed last year, questions kept getting raised about how specific do you need to be (each paragraph here is a different speaker, but since Radiolab doesn't supply transcripts, I'm not entirely sure who's speaking):

While Facebook (usually justly) gets the lion's share of privacy criticism, wireless carriers haven't been too far behind. In the last few years we've learned that they're frequently hoovering up your daily location data and then selling it to a long chain of often dubious companies. More recently they've been busted even selling access to E-911 location data, which is increasingly even more accurate in tracking users than traditional GPS. We've noted repeatedly that lax ethical standards result in this data often being abused by dubious third parties, or used illegally by law enforcement or those pretending to be law enforcement.Throughout these evolving scandals, the Pai FCC hasn't done much of anything to ensure the public this is being adequately looked into. There's been no critical statement about this practice issued by the FCC, and no meaningful investigation launched (at least publicly). And while wireless carriers have insisted they've stopped collecting and selling this data (which they've been doing for the better part of the last decade without anybody in either party much caring), their promises historically haven't been worth all that much when it comes to the subject of privacy.To truly address the location data scandal(s), carriers need to voluntarily or by force make it transparently clear they've stopped collecting and selling this data (which in several instances like E-911 data is against the law). Hoping to add a little fuel to the fire, FCC Commissioner Jessica Rosenworcel this week ramped up her criticisms of the practice and the FCC's apathy:

Law enforcement officers tend to frown on citizens interfering with their revenue generation. This has led to a number of First Amendment lawsuits from people arrested for warning others about [check notes] the existence of police officers in the vicinity.One citizen was told as much when he was arrested for holding up a sign reading "Cops Ahead." One cop kept on script, referring to the man's actions as "interfering with an investigation." It wasn't an investigation. It was a distracted driving sting. The cop actually hauling him to the station was more to the point, telling the man he was arresting him for "interfering with our livelihood." First Amendment violation or felony interference with a business model? Why not both?A lawsuit was filed in 2018 seeking a declaration that honking a car's horn is protected expression. And, all the way back in 2011, a class action lawsuit was filed over citations and arrests for flashing headlights to warn drivers of unseen officers.A federal judge has decided -- albeit not very firmly -- that at least one of these actions is protected by the First Amendment. Wisconsin Magistrate Judge Stephen Crocker says flashing your headlights to warn drivers of speed traps is expressive speech -- something cops would be better off not trying to punish. (via Volokh Conspiracy)Andrew Obriecht passed a speed trap outside Caledonia, Wisconsin. After passing it, he flashed his headlights to warn oncoming drivers to slow down. He was then pulled over by a state trooper, who issued him a citation for violating a state statute that doesn't really appear to fit the alleged crime:

This week, our first place winner on the insightful side is Nathan F with a simple question about the Supreme Court's request for the White House to weigh in on API copyrights:

Five Years AgoThis week in 2014, while Senators Feinstein and Chambliss were taking yet another shot at a new, concerning cybersecurity bill, they were also backing down on attempts to require transparency from the administration regarding drone strikes. The German government blocked Ed Snowden from testifying before parliament to mollify the US, we learned that the UK'S GCHQ had hidden its access to the NSA's PRISM database from its parliamentary overseers, and we were wondering why Verizon's pushback against bulk records requests was so much weaker than it could have been. This was also the week that John Oliver's Last Week Tonight debuted, with its first episode featuring an interview with Keith Alexander that we couldn't help but notice might be the toughest interview he'd yet faced, even with all the jokes.Ten Years AgoThis week in 2009, dumb tweets about swine flu led to an early preview of concerns about disinformation on social media. The BBC was happily promoting MPAA propaganda about movie piracy while claiming it was being balanced, German publishers were demanding ISPs block file sharing sites, France was still trying to adopt a three strikes law even as Nicolas Sarkozy was paying up for his own copyright infringement, and in general legacy industries were showing a real sense of entitlement with regards to the internet (not that piracy freak-outs regarding technology were anything new). The USTR finally got Canada bumped up to its Priority Watchlist for intellectual property (for some reason), Warner Music made the very foolish decision to issue a DMCA takedown of a presentation by Larry Lessig, and we learned just how bad the revolving door is with the revelation that former RIAA lawyers now working for the government only had to stay away from issues impacting their former employees for one year.Fifteen Years AgoThis week in 2004, we took a look at the one-sided file sharing propaganda being foisted on school students by the entertainment industry — and boy did it ever seem like brainwashing. The Senate was looking at four different intellectual property bills including one that would let the FBI start filing civil suits for its entertainment industry buddies, and one that would expand California's ban on video cameras inside movie theaters. TiVo was pushing advertiser dollars onto the web, an attempt to force cable companies to offer a la carte channels fell through, self-publishing was shedding some of its stigma as it got easier, and the first federal charges were brought under the recent CAN SPAM laws. This was also the week that, after much anticipation, Google officially filed for its IPO — which of course everyone had to weigh in on, including us.

When it comes to how game developers react and interact with those that pirate their games, there are obviously plenty of ways to go about it. There's the ineffective legal route, which puts developers in a bad PR light. There's the DRM route, which is a hellish waste of time. And, on the other end of the spectrum, there are devs that choose to embrace the internet and attempt to monetize piracy through human connections and innovative business models.Somewhere in the middle is the less-traveled path of simply fucking with infringers. Whether its embedding antipiracy messages into the gameplay itself, or simply overlaying the entire game with the drone of a vuvuzela, there are a couple of recent examples where developers figured out how to detect cracked versions of their games and using that to torture pirates. While I would argue there are better ways developers could be spending this time and human capital, such as innovating, it's also true that it's hard not to smile when the pirates get messed with.But this goes back much further than the last few years. The always excellent Tech Rules YouTube channel put out the following video on how Spyro 2 on the Playstation 1 tortured those using pirated copies of the game.The slow burn of this prank on pirates is what makes it both so effective and so infuriating if you believe, as I do, that all of this is mostly time wasted. The joke being played here, with the effects of using a pirated version of the game getting incrementally and progressively more profound, is indeed funny. You can just picture the person playing a cracked version of the game very, very slowly realize he or she is being screwed with.But it also appears to have taken quite an effort to pull off. And for what? We have no idea how many would-be pirates were converted into paying customers of Spyro 2 by any of this, but I cannot imagine anyone thinks that unknown number is significant. The game was reviewed well, and sold well in several regions, but not at numbers that would seem to justify the time commitment spent to convert whatever the fraction of pirates turned into customers was.So, again, funny? Yes, absolutely. Mean or harmful? Nah. A useful use of the game developers' time? I can't see an argument for that, so why bother with any of this?