Techdirt

Just as the Supreme Court is considering the legality of extraterritorial demands for communications held by US internet service providers in overseas data storage, Congress is doing all it can to short-circuit the debate. Tucked away towards the back of a 2,200-page spending bill is something called the "Clarifying Lawful Overseas Use of Data Act" or (of course) "CLOUD Act." (h/t Steve Vladeck)The CLOUD Act [PDF - starting at p. 2201] would make any decision by the Supreme Court extraneous. If it agrees with Microsoft -- as lower courts have -- that the US has no right to demand communications stored overseas with a normal warrant, the Act would immediately overturn the decision. If it decides against Microsoft, it will be aligned with the new law. As it stands now, the route most likely to be taken by the Supreme Court is a punt. Legislation on point is in play and the Court will probably be more than happy to let legislators make the final call.Beyond the obvious problem of giving US law enforcement permission to use regular warrants to bypass mutual assistance treaties, the law also allows for reciprocation. We can't go around waving SCA (Stored Communications Act) warrants in foreign lands without expecting pushback from locals. So, we'll have to give foreign countries the same privileges, even if the criminal charges being investigated wouldn't be considered criminal acts in this country and the country enjoying this reciprocation doesn't care much about its own citizens' rights and privacy.The EFF is especially critical of the shoehorned-in CLOUD Act. As it points out, the law would result in backdoor searches of anyone's communications via reciprocal communication demands. In the US, we've already seen the Fourth Amendment circumvented by US government agencies via their access to NSA collections. The same would happen in reverse when other countries start playing by the CLOUD Act's new rules.

Hold on tight to those memories of all the good things the Internet has brought. SESTA has just passed the Senate, and at this point it's a clear legislative path to undermining Section 230, the law that has enabled all those good things the Internet has offered.It is not entirely Facebook's fault: opportunists from Hollywood saw it as a chance to weaken the innovation that weakens their antiquated grip over people's creativity. Ill-informed celebrities, who understood absolutely nothing about the cause they professed to advocate for, pressed their bumper-sticker demands that something be done, even though that something is destructive to the very cause the bumper-stickers were for. Willfully ignorant members of Congress then bought into the bumper-sticker rhetoric, despite all the evidence they had about how destructive this law would be to those interests and online speech generally.Even frequent innovation ally Senator Wyden joined the chorus mounting against the tech industry, lending credence to the idea that when it came to a law that would undermine the Internet, the Internet had it coming.

Keep your skills sharp and stay up to date on new developments with the $89 Virtual Training Company Unlimited Single User Subscription. With courses covering everything from MCSE certification training to animation, graphic design and page layout, you'll have unlimited access to the entire catalog. They have over 1,000 courses, add more each week, and each course comes with a certificate of completion.Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

Another Alabama sheriff has been caught abusing a law that's inexplicably still on the books. Over the course of three years, Etowah County Sheriff Todd Entrekin took home at least $750,000 in funds meant to be used to feed inmates in his jail. Thanks to another bad law, there's no telling how much more than $750,000 Entrekin has pocketed, but he certainly seems to have a lot of disposable income. (h/t Guy Hamilton-Smith)

Another Alabama sheriff has been caught abusing a law that's inexplicably still on the books. Over the course of three years, Etowah County Sheriff Todd Entrekin took home at least $750,000 in funds meant to be used to feed inmates in his jail. Thanks to another bad law, there's no telling how much more than $750,000 Entrekin has pocketed, but he certainly seems to have a lot of disposable income. (h/t Guy Hamilton-Smith)

Last year you might recall that the GOP and Trump administration rushed to not only kill net neutrality at ISP lobbyist behest, but also some pretty basic but important consumer privacy rules. The protections, which would have taken effect in March of 2017, simply required that ISPs be transparent about what personal data is collected and sold, while mandating that ISPs provide consumers with the ability to opt of said collection. But because informed and empowered consumers damper ad revenues, ISPs moved quickly to have the rules scuttled with the help of cash-compromised lawmakers.When California lawmakers stepped in to then try and pass their own copy of those rules, ISPs worked in concert with Google and Facebook to scuttle those rules as well. As the EFF documented at the time, Google, Facebook, AT&T, Verizon and Comcast all collectively and repeatedly lied to state lawmakers, claiming the planned rules would harm children, increase internet popups, and somehow "embolden extremism" on the internet. The misleading lobbying effort was successful, and the proposal was quietly scuttled without too much fanfare in the tech press.Obviously this behavior has some broader implications in the wake of the Cambridge Analytica scandal. Especially given Facebook's insistence this week that it's open to being regulated on privacy, and is "outraged" by "deception" as it tries (poorly) to mount a sensible PR response to the entire kerfuffle:

It took way too long, but Mark Zuckerberg finally responded to the Cambridge Analytica mess on Wednesday afternoon. As we've discussed in a series of posts all week, this is a complex issue, where a lot of people are getting the details wrong, and thus most of the suggestions in response are likely to make the problem worse.To be clear, Mark's statement on the issue is not bad. It's obviously been workshopped through a zillion high-priced PR people, and it avoids all the usual "I"m sorry if we upset you..." kind of tropes. Instead, it's direct, it takes responsibility, it admits error, does very little to try to "justify" what happened, and lists out concrete steps that the company is taking in response to the mess.

This was not unexpected, but earlier today the Senate easily passed SESTA/FOSTA (the same version the House passed a few weeks ago) by a 97 to 2 vote -- with only Senators Ron Wyden and Rand Paul voting against it. We've explained in great detail why the bill is bad. We've explained in great detail why the bill won't stop sex trafficking and will actually put sex workers' lives in more danger, while also stomping on free speech and the open internet at the same time (which some see as a feature rather than a bug). The Senate declined to put any fixes in place.Senator Wyden, who had originally offered up an amendment that would have fixed at least one big problem with the bill (clarifying that doing any moderation doesn't subject you to liability for other types of content) pulled the amendment right before the vote, noting that there had been a significant, if dishonest, lobbying effort to kill those amendments, meaning it had no chance. He did note that because of the many problems of the bill, he fully expects that these issues will be revisited shortly.As for the many problems of the bill... well, they are legion, starting with the fact that multiple parts of the bill appear to be unconstitutional. That's most obvious in the "ex post facto" clause that applies the new criminal laws to activities in the past, which is just blatantly unconstitutional. There are some other serious questions about other parts of the bill, including concerns about it violating the First Amendment as well. It seems likely that the law will be challenged in court soon enough.In the meantime, though, the damage here is real. The clearest delineation of the outright harm this bill will cause can be seen in a Twitter thread from a lawyer who represents victims of sex trafficking, who tweeted last night just how much damage this will do. It's a long Twitter thread, but well worth reading. Among other things, she notes that sites like Backpage were actually really useful for finding victims of sex trafficking and in helping them get out of dangerous situations. She talks about how her own clients would disappear, and the only way she could get back in touch with them to help them was often through these platforms. And all that will be gone, meaning that more people will be in danger and it will be that much harder for advocates and law enforcement to help them. She similarly notes that many of the groups supporting SESTA "haven't gotten their hands dirty in the field" and don't really understand what's happening.That's true on the internet side as well. Mike Godwin highlights the history before CDA 230 was law and the kinds of problems that come about when you make platforms liable for the speech of their users.

Last week, we wrote a bit about Donald Trump's nominee to head the CIA, Gina Haspel. That post highlighted a bunch of reporting about Haspel's role in running a CIA blacksite in Thailand that was a key spot in the CIA's torture program. Soon after we published it, ProPublica retracted and corrected an earlier piece -- on which much of the reporting about Haspel's connection to torture relied on. Apparently, ProPublica was wrong on the date at which Haspel started at the site, meaning that she took over soon after the most famous torture victim, Abu Zaubaydah, was no longer being tortured. Thus earlier claims that she oversaw his inhumane, brutal, and war crimes-violating torture were incorrect. To some, this error, has been used to toss out all of the concerns and complaints about Haspel, even though reporters now agree that she did oversee the torture of at least one other prisoner at a time when other CIA employees were seeking to transfer out of the site out of disgust for what the CIA was doing.However, what this incident should do is make it clear that the Senate should not move forward with Haspel's nomination unless the details of her involvement is declassified. As Trevor Timm notes, ProPublica's error was not due to problematic reporting, but was the inevitable result of the CIA hiding important information from the public.

Here's an idea for the FBI, gift-wrapped and signed "From Russia, With Love."

In my last post, I described why it was wrong to focus on claims of Facebook "selling" your data as the "problem" that came out over the weekend concerning Cambridge Analytica and the data it had on 50 million Facebook users. As we described in detail in that post, that's not the problem at all. Instead, much of the problem has to do with Facebook's utter failure to be transparent in a way that matters -- specifically in a way that its users actually understand what's happening (or what may happen) to their data. Facebook would likely respond that it has tried to make that information clear (or, alternatively, it may say that it can't force users to understand what they don't take the time to understand). But I don't think that's a good answer. As we've learned, there's a lot more at stake here than I think even Facebook recognized, and providing much more real transparency (rather than superficial transparency) is what's necessary.But that's not what most people are suggesting. For example, a bunch of people are calling for "Know Your Customer" type regulations similar to what's found in the financial space. Others seem to just be blindly demanding "oversight" without being able to clearly articulate what that even means. And some are bizarrely advocating "nationalizing Facebook", which would literally mean giving billions in taxpayer dollars to Mark Zuckerberg. But these "solutions" won't solve the actual issues. In that article about "KYC" rules, there's the following, for example:

The Project Management Professional Certification Training Bundle features 10 courses designed to get you up and running as a project manager. You'll prepare for certification exams by learning the fundamental knowledge, terminology, and processes of effective project management. Various methods of project management are covered as well including Six Sigma, Risk Management, Prince and more. The bundle is on sale for $49.Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

Obviously, over the past few days there's been plenty of talk about the big mess concerning Cambridge Analytica using data on 50 million Facebook users. And, with that talk has come all sorts of hot takes and ideas and demands -- not all of which make sense. Indeed, it appears that there's such a rush to condemn bad behavior that many are not taking the time to figure out exactly what bad behavior is worth condemning. And that's a problem. Because if you don't understand the actual bad behavior, then your "solutions" will be misplaced. Indeed, they could make problems worse. And... because I know that some are going to read this post as a defense of Facebook, let me be clear (as the title of this post notes): Facebook has many problems, and has done a lot of bad things (some of which we'll discuss below). But if you mischaracterize those "bad" things, then your "solutions" will not actually solve them.One theme that I've seen over and over again in discussions about what happened with Facebook and Cambridge Analytica is the idea that Facebook "sold" the data it had on users to Cambridge Analytica (alternatively that Cambridge Analytica "stole" that data). Neither is accurate, and I'm somewhat surprised to see people who are normally careful about these things -- such as Edward Snowden -- harping on the "selling data" concept. What Facebook actually does is sell access to individuals based on their data and, as part of that, open up the possibility for users to give some data to companies, but often unwittingly. There's a lot of nuance in that sentence, and many will argue that for all reasonable purposes "selling data" and my much longer version are the same thing. But they are not.So before we dig into why they're so different, let's point out one thing that Facebook deserves to be yelled at over: it does not make this clear to users in any reasonable way. Now, perhaps that's because it's not easy to make this point, but, really, Facebook could at least do a better job of explaining how all of this works. Now, let's dig in a bit on why this is not selling data. And for that, we need to talk about three separate entities on Facebook. First are advertisers. Second are app developers. Third are users.The users (all of us) supply a bunch of data to Facebook. Facebook, over the years, has done a piss poor job of explaining to users what data it actually keeps and what it does with that data. Despite some pretty horrendous practices on this front early on, the company has tried to improve greatly over the years. And, in some sense, it has succeeded -- in that users have a lot more granular control and ability to dig into what Facebook is doing with their data. But, it does take a fair bit of digging and it's not that easy to understand -- or to understand the consequences of blocking some aspects of it.The advertisers don't (as is all too commonly believed) "buy" data from Facebook. Instead, the buy the ability to put ads into the feeds of users who match certain profiles. Again, some will argue this is the same thing. It is not. From merely buying ads, the advertiser gets no data in return about the users. It just knows what sort of profile info it asked for the ads to appear against, and it knows some very, very basic info about how many people saw or interacted with the ads. Now, if the ad includes some sort of call to action, the advertiser might then gain some information directly from the user, but that's still at the user's choice.The app developer ecosystem is a bit more complicated. Back in April of 2010, Facebook introduced the Open Graph API, which allowed app developers to hook into the data that users were giving to Facebook. Here's where "things look different in retrospect" comes into play. The original Graph API allowed developers to access a ton of information. In retrospect, many will argue that this created a privacy nightmare (which, it kinda did!), but at the same time, it also allowed lots of others to build interesting apps and services, leveraging that data that users themselves were sharing (though, not always realizing they were sharing it). It was actually a move towards openness in a manner that many considered benefited the open web by allowing other services to build on top of the Facebook social graph.There is one aspect of the original API that does still seem problematic -- and really should have been obviously problematic right from the beginning. And this is another thing that it's entirely appropriate to slam Facebook for not comprehending at the time. As part of the API, developers could not only get access to all this information about you... but also about your friends. Like... everything. From the original Facebook page, you can see all the "friend permissions" that were available. These are better summarized in the following chart from a recent paper analyzing the "collateral damage of Facebook apps."If you can't read that... it's basically a ton of info from friends, including their likes, birthdays, activities, religion, status updates, interests, etc. You can kind of understand how Facebook ended up thinking this was a good idea. If an app developer was designing an app to provide you a better Facebook experience, it might be nice for that app to have access to all that information so it could display it to you as if you were using Facebook. But (1) that's not how this ever worked (and, indeed, Facebook went legal against services that tried to provide a better Facebook experience) and (2) none of this was made clear to end-users -- especially the idea that in sharing your data with your friends, they might cough up literally all of it to some shady dude pushing a silly "personality test" game.But, of course, as I noted in my original post, in some cases, this set up was celebrated. When the Obama campaign used the app API this way to reach more and more people and collect all the same basic data, it was celebrated as being a clever "voter outreach" strategy. Of course, the transparency levels were different there. Users of the Obama app knew what they were supporting -- though didn't perhaps realize they were revealing a lot of friend data at the same time. Users of Cambridge Analytica's app... just thought they were taking a personality quiz.And that brings us to the final point here: Cambridge Analytica, like many others, used this setup to suck up a ton of data, much of it from friends of people who agreed to install a personality test app (and, a bunch of those users were actually paid via Mechanical Turk to basically cough up all their friends' data). There are reasonable questions about why Facebook set up its API this way (though, as noted above, there were defensible, if short-sighted, reasons). There are reasonable questions about why Facebook wasn't more careful about watching what apps were doing with the data they had access to. And, most importantly, there are reasonable questions about how transparent Facebook was to its end users through all of this (hint: it was not at all transparent).So there are plenty of things that Facebook clearly did wrong, but it wasn't about selling data to Cambridge Analytica and it wasn't Cambridge Analytica "stealing" data. The real problem was in how all of this was hidden. It comes back to transparency. Facebook could argue that this information was all "public" -- which, uh, okay, it was, but it was not public in a way that the average Facebook user (or even most "expert" Facebook users) truly understood. So if we're going to bash Facebook here, it should be for the fact that none of this was clear to users.Indeed, even though Facebook shut down this API in April of 2015 (after deprecating it in April of 2014), most users still had no idea just how much information Facebook apps had about them and their friends. Today, the new API still coughs up a lot more info than people realize about themselves (and, again, that's bad and Facebook should improve that), but no longer your friends' data as well.So slam Facebook all your want for failing to make this clear. Slam Facebook for not warning users about the data they were sharing -- or that their friends could share. Slam Facebook for not recognizing how apps were sucking up this data and the privacy implications related to that. But don't slam Facebook for "selling your data" to advertisers, because that's not what happened.I was going to use this post to also discuss why this misconception is leading to bad policy prescriptions, but this one is long enough already, so stay tuned for that one next. Update: And here's that post.

To be very clear, Facebook is well deserving of the mammoth backlash the company is experiencing in the wake of the Cambridge Analytica revelations. Especially since Facebook's most substantive reaction to date has been to threaten lawsuits against news outlets for telling the truth. And, like most of these stories, it's guaranteed that the core story is only destined to get worse as more and more is revealed about the way such casual handling of private consumer data is pretty much routine not only at Facebook, but everywhere.Despite the fact that consumer privacy apathy is now bone-grafted to the DNA of global corporate culture (usually only bubbling up after a scandal breaks), the outrage over Facebook's lack of transparency has been monumental.Verizon-owned Techcrunch, for example, this week went so far as to call Facebook a "cancer," demanding that readers worried about privacy abuses delete their Facebook accounts. The #Deletefacebook hashtag has been trending, and countless news outlets have subsequently provided wall to wall coverage on how to delete your Facebook account (or at least delete older Facebook posts and shore up app-sharing permissions) in order to protect your privacy.And while this outrage is well-intentioned and certainly justified, a lot of it seems a touch naive. Many of the folks that are busy deleting their Facebook accounts are simultaneously still perfectly happy to use their stock smartphone on a major carrier network, seemingly oblivious to the ugly reality that the telecom sector has been engaged, routinely, in far worse privacy violations for the better part of the last two decades. Behavior that has just as routinely failed to see anywhere near the same level of outrage by consumers, analysts or the tech press.You'll recall that a decade ago, ISPs were caught routinely hoovering up clickstream data (data on each and every website you visit), then selling it to whoever was willing to pony up the cash. When ISPs were asked to share more detail on this data collection by the few outlets that thought this might not be a good idea, ISP executives would routinely play dumb and mute (they still do). And collectively, the lion's share of the press and public generally seemed OK with that.From there, we learned that AT&T and Verizon were effectively bone grafted to the nation's intelligence apparatus, and both companies were caught routinely helping Uncle Sam not only spy on Americans without warrants, but providing advice on how best to tap dance around wiretap and privacy laws. When they were caught spying on Americans in violation of the law, these companies' lobbyists simply convinced the government to change the law to make this behavior retroactively legal. Again, I can remember a lot of tech news outlets justifying this apathy for national security reasons.Once these giant telecom operators were fused to the government's data gathering operations, holding trusted surveillance partners accountable for privacy abuses (or much of anything else) increasingly became an afterthought. Even as technologies like deep packet inspection made it possible to track and sell consumer online behavior down to the millisecond. As the government routinely signaled that privacy abuses wouldn't be seriously policed, large ISPs quickly became more emboldened when it came to even more "creative" privacy abuses.Like the time Verizon Wireless was caught covertly modifying user data packets to track users around the internet without telling them or letting them opt out. It took two years for security researchers to even realize what Verizon was doing, and another six months for Verizon to integrate an opt out function. But despite a wrist slap by the FCC, the company continues to use a more powerful variant of the same technology across its "Oath" ad empire (the combination of AOL and Yahoo) without so much as a second glance from most news outlets.Or the time that AT&T, with full regulatory approval, decided it would be cool to charge its broadband customers hundreds of additional dollars per year just to protect their own privacy, something the company had the stones to insist was somehow a "discount." Comcast has since explored doing the same thing in regulatory filings (pdf), indicating that giant telecom monopolies are really keen on making consumer privacy a luxury option. Other companies, like CableOne, have crowed about using credit data to justify providing low income customers even worse support than the awful customer service the industry is known for.And again, this was considered perfectly ok by government regulators, and (with a few exceptions) most of these efforts barely made a dent in national tech coverage. Certainly nowhere near the backlash we've seen from this Facebook story.A few years back, the Wheeler run FCC realized that giant broadband providers were most assuredly running off the rails in terms of consumer privacy, so they proposed some pretty basic privacy guidelines for ISPs. While ISPs whined incessantly about the "draconian" nature of the rules, the reality is they were relatively modest: requiring that ISPs simply be transparent about what consumer data was being collected or sold, and provide consumers with working opt out tools.But the GOP and Trump administration quickly moved (at Comcast, Verizon and AT&T's lobbying behest) to gut those rules via the Congressional Review Act before they could take effect. And when states like California tried to pass some equally modest privacy guidelines for ISPs on the state level to fill the void, telecom duopolies worked hand in hand with Google and Facebook to kill the effort, falsely informing lawmakers that privacy safeguards would harm children, inundate the internet with popups (what?), and somehow aid extremism on the internet. You probably didn't see much tech press coverage of this, either.So again, it makes perfect sense to be angry with Facebook. But if you're deleting Facebook to protect your privacy but still happily using your stock, bloatware-laden smartphone on one of these networks, you're just trying to towel off in a rainstorm. The reality is that apathy to consumer privacy issues is the norm across industries, not the exception, and however bad Facebook's behavior has been on the privacy front, the telecom industry has been decidedly worse for much, much longer. And whereas you can choose not to use Facebook, a lack of competition means you're stuck with your snoop-happy ISP.We've collectively decided, repeatedly, that it's OK to sacrifice consumer privacy and control for fatter revenues, a concept perfected by the telecom sector, and the Congressional and regulatory lackeys paid to love and protect them from accountability and competition. So while it's wonderful that we're suddenly interested in having a widespread, intelligent conversation about privacy in the wake of the Facebook revelations, let's do so with the broader awareness that Facebook's casual treatment of consumer privacy is just the outer maw of a mammoth gullet of dysfunction.

Across the sea in the UK, offensive speech is still getting people jailed. An obnoxious person who trained his girlfriend's dog to perform the Nazi salute and respond excitedly to the phrase "gas the Jews" is looking at possible jail time after posting these exploits to YouTube under the name Count Dankula. According to Scotland resident Markus Meechan, it was the "least cute" thing he could train his girlfriend's dog to do, apparently in response to her constant gushing about the dog's cuteness.Meechan's video racked up 3 million views on YouTube, but it really didn't start making news until local police started paying attention.

When it comes to content producers reacting to the pirating of their works, we've seen just about every reaction possible. From costly lawsuits and copyright trolling, to attempts to engage with this untapped market, up to and including creatively messing with those that would commit copyright infringement. The last of those options doesn't do a great deal to generate sales revenue, but it can often be seen by the public as both a funny way to jerk around pirates and as a method for educating them on the needs of creators.But Fstoppers, a site that produces high-end tutorials for photographers and sells them for hundreds of dollars each, may have taken the creativity to the next level to mess with those downloading illegitimate copies of their latest work. They decided to release a version of Photographing the World 3 on several torrent sites a few days before it went to retail, but the version they released was much different than the actual product. It was close enough to the real thing that many people were left wondering just what the hell was going on, but ridiculous enough that it's downright funny.

The internet ink has barely dried on Karl's post about an Uber self-driving vehicle striking and killing a pedestrian in Arizona, and we already have an indication from the authorities that the vehicle probably isn't to blame for the fatality. Because public relations waits for nobody, Uber suspended its autonomous vehicles in the wake of the death of a woman in Tempe, but that didn't keep fairly breathless headlines being painted all across the mainstream media. The stories that accompanied those headlines were more careful to mention that an investigation is required before anyone knows what actually happened, but the buzz created by the headlines wasn't so nuanced. I actually saw this in my own office, where several people could be heard mentioning that autonomous vehicles were now done.But that was always silly. It's an awkward thing to say, but the fact that it took this long for AVs to strike and kill a pedestrian is a triumph of technology, given just how many people we humans kill with our cars. Hell, the Phoenix area itself had 11 pedestrian deaths by car in the last week, with only one of them being this Uber car incident. And now all of that hand-wringing is set to really look silly, as the Tempe police chief is indicating that no driver, human or AI, would likely have been able to prevent this death.

This isn't the first time we've discussed this on the podcast, and it probably won't be the last — disinformation online is a big and complicated topic, and there are a whole lot of angles to approach it from. This week, we're joined by Renee DiResta, who has been researching disinformation ever since the anti-vaxxer movement caught her attention, to discuss what exactly it means to say social media platforms should be held accountable.Follow the Techdirt Podcast on Soundcloud, subscribe via iTunes or Google Play, or grab the RSS feed. You can also keep up with all the latest episodes right here on Techdirt.

For the past few years, there's been a dedicated effort by some to get mandatory filters into EU copyright rules, despite the fact that this would destroy smaller websites, wouldn't work very well, and would create all sorts of other consequences the EU doesn't want, including suppression of free speech. Each time it pops up again, a few people who actually understand these things have to waste a ridiculous amount of time lobbying folks in Brussels to explain to them how disastrous the plan will be, and they back down. And then, magically, it comes back again.That appeared to happen again last week. EU Parliament Member Julia Reda called attention to this by pointing out that, despite a promise that mandatory filters would be dropped, they had suddenly come back:

For the first time since the FISA court opened for national security business, the DOJ is considering declassifying FISA warrant applications. The documents are linked to the FBI's surveillance of former Trump campaign aide, Carter Page. Both sides of the political aisle have asked for these documents, which is something you'd think they'd have wanted to see before issuing their takes on perceived surveillance improprieties.Devin Nunes -- following the release of his memo -- sent a letter to the FISA court asking it to clear the warrants for public release. The court's reply, penned by Judge Rosemary Collyer, pointed out two things. First, the FISA court had never released these documents publicly, nor was it in the best position to do so. It is only tasked with determining whether or not surveillance is warranted and to what restrictions it must adhere. It does not have the innate power to declassify documents, nor can it arbitrarily decide what documents have gathered enough public interest to outweigh the government's perpetual demands for secrecy.The court did point out this release could be achieved much faster if Nunes directed his question to the DOJ, which does have the power to declassify its own investigation documents. It doesn't appear Devin Nunes has approached the DOJ but litigants in an FOIA lawsuit have, and they're looking at possibly obtaining the documents Devin Nunes requested from the FISA court.

The 2018 Arduino Enthusiast E-Book Bundle contains 10 ebooks of project based instruction to help you master all things Arduino. Pay what you want and get the Arduino Computer Vision Programming ebook where you'll learn how to develop Arduino-supported computer vision systems that can interact with real-life by seeing it. Beat the average price ($10 at the time of writing) to unlock access to 9 more ebooks. You’ll learn to create your own wearable projects by mastering different electronic components, such as LEDs and sensors. Discover how to build projects that can move using DC motors, walk using servo motors, and avoid barriers using its sensors. From home automation to your own IoT projects and more, these books have you covered.Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

Facebook -- and Sheryl Sandberg in particular -- have been the most vocal supporters of SESTA. Sandberg wrote a bizarre Facebook post supporting the horrible SESTA/FOSTA Frankenstein bill the day it was voted on in the House. In it, she wrote:

Cable providers like Comcast and Charter continue to quietly secure a growing monopoly over American broadband. A new report by Leichtman Research notes that the nation's biggest cable companies added a whopping 83% of all net broadband subscribers last quarter. All told, the nation's top cable companies (predominately Charter Spectrum and Comcast) added 2.7 million broadband subscribers in 2017, while the nation's telcos (AT&T, Verizon, CenturyLink, Frontier) saw a net loss of 625,000 subscribers last year, slightly worse than the 600,000 subscriber net loss they witness in 2016.A pretty obvious pattern begins to emerge from Leichtman's data, and it's one of total and absolute cable industry dominance:

Police in Raleigh, North Carolina are using Google as a proxy surveillance dragnet. This likely isn't limited to Raleigh. Google harvests an astounding amount of data from users, but what seems to be of most interest to law enforcement is location info.

We've just written about calls for a key legal communications system to be open-sourced as a way of re-building confidence in a project that has been plagued by problems. In many ways, it's surprising that these moves aren't more common. Without transparency, there can be little trust that a system is working as claimed. In the past this was just about software, but today there's another aspect to the problem. As well as the code itself, there are the increasingly-complex algorithms, which the software implements. There is a growing realization that algorithms are ruling important parts of our lives without any public knowledge of how they work or make decisions about us. In Germany, for example, one of the most important algorithms determines a person's SCHUFA credit rating: the name comes from an abbreviation of its German "Schutzorganisation für Allgemeine Kreditsicherung", which means "Protection Agency for General Credit Security". As a site called Algorithm Watch explains:

Violent video games have once again found themselves in the role of scapegoat after a recent spate of gun violence in America. After the Florida school shooting, and in the extended wake of the massacre in Las Vegas, several government representatives at various levels have leveled their ire at violent games, including Trump, who commissioned an insane sit-down to act as moderator between game company executives and those that blame them for all the world's ills. Amid this deluge of distraction, it would be easy to forget that study after study after study have detailed how bunk the notion is that you can tie real-world violence and violent games is. Not to mention, of course, that there has never been more people playing more violent video games in the history of the world than at this moment right now, and at the same time research shows a declining trend for deviant behavior in teens rather than any sort of upswing.But a recent study conducted by the Max Planck Institute and published in Molecular Psychiatry further demonstrates the point that violence and games are not connected, with a specific methodology that carries a great deal of weight. The purpose of the study was to move beyond measuring behavior effects immediately after short, unsustained bursts of game-playing and into the realm of the effects on sustained, regular consumption of violent video games.

Violent video games have once again found themselves in the role of scapegoat after a recent spate of gun violence in America. After the Florida school shooting, and in the extended wake of the massacre in Las Vegas, several government representatives at various levels have leveled their ire at violent games, including Trump, who commissioned an insane sit-down to act as moderator between game company executives and those that blame them for all the world's ills. Amid this deluge of distraction, it would be easy to forget that study after study after study have detailed how bunk the notion is that you can tie real-world violence and violent games is. Not to mention, of course, that there has never been more people playing more violent video games in the history of the world than at this moment right now, and at the same time research shows a declining trend for deviant behavior in teens rather than any sort of upswing.But a recent study conducted by the Max Planck Institute and published in Molecular Psychiatry further demonstrates the point that violence and games are not connected, with a specific methodology that carries a great deal of weight. The purpose of the study was to move beyond measuring behavior effects immediately after short, unsustained bursts of game-playing and into the realm of the effects on sustained, regular consumption of violent video games.

Despite worries about the reliability and safety of self-driving vehicles, the millions of test miles driven so far have repeatedly shown self-driving cars to be significantly more safe than their human-piloted counterparts. Yet whenever accidents (or near accidents) occur, they tend to be blown completely out of proportion by those terrified of (or financially disrupted by) an automated future.So it will be interesting to watch the reaction to news that a self-driving Uber vehicle was, unfortunately, the first to be involved in a fatality over the weekend in Tempe, Arizona:

The old truism is in play again with the FBI's renewed CryptoWar: if X is outlawed, only criminals will have X. In this case, it's secure encryption. The FBI may not be trying to get encryption banned, but it does want it weakened. No backdoors, claims FBI director Chris Wray, just holes for the government to use at its pleasure. So, if the FBI gets it way, the only truly secure encryption will be in the hands of criminals… exactly the sort of people the FBI claims it needs weakened encryption to catch.

Everyone knows you shouldn't be fumbling with your phone while you're driving. Now, you can stay safer with Muse, the Bluetooth device that brings the power and convenience of Amazon Alexa into your car. Just pair it with your smartphone, plug it into your car, and tell Alexa what she can do for you. Muse performs more than 30,000 Alexa skills from playing music and audiobooks to opening the garage door, ordering food, and more. It provides hands-free entertainment with support for Amazon Music, iHeartRadio, and others. The Muse is on sale for $59.99.Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

Earlier today, in discussing a long list of possible fixes for SESTA, we noted that the only one that even has a remote chance (i.e., the only fix that actually has the potential of being considered by the Senate) is Senator Wyden's amendment, which is designed to solve the "moderator's dilemma" issue by clarifying that merely using a filter or doing any sort of moderation for the sake of blocking some content does not automatically append liability to the service provider for content not removed. Senator Portman -- the sponsor of the bill -- has insisted (despite the lack of such language in the bill) that this is how SESTA should be interpreted. Specifically, Portman stated that SESTA:

It appears that sometime this week (or even possibly today), the Senate is unfortunately likely to vote (perhaps by an overwhelming margin) for SESTA, despite the fact that it's a terribly drafted bill which no one can explain how it will actually stop sex trafficking. Indeed, it's a bill that many victims advocates are warning will not just make problems worse, but will put lives in danger. And that's leaving aside all of the damage it will do to free speech and tons of websites on the internet.Much of this could have been avoided if anyone in Congress were actually interested in understanding how the internet worked, and how to write a bill that actually addressed problems around sex trafficking -- rather than buying into a false narrative (pushed mainly by Hollywood) that the liability protections of CDA 230 were magically responsible for sex traffickers using the internet. Two academics who are probably the most knowledgeable experts on intermediary liability, Daphne Keller at Stanford and Eric Goldman at Santa Clara University, have each posted thoughts on how to "salvage" SESTA. If Congress were serious, it would listen to them. But that's a big "if."Let's start with Keller's suggestions that she helpfully put into a Twitter thread:

This week, following our coverage of the disturbing actions of a cop that led to a high-speed crash killing an infant, one commenter for some reason felt it was time to turn the blame around on the mother, suggesting the death must have been caused by her negligence. A reply from Alexander won first place for insightful:

Five Years AgoThis week in 2013, the Prenda situation positively exploded. As we awaited Monday's hearing, we learned more about Allan Mooney and saw Verizon get involved. Then, of course, the Prenda team itself didn't show up in court, meaning they escaped (at great cost) an absolutely crazy hearing with a very unhappy judge (written up for us by Ken White of Popehat fame). The judge ordered a second hearing and made it clear Prenda was expected to actually show up, while transcripts of John Steele's intimidating phone calls to Alan Cooper hit the docket, and Paul Duffy was scrambling to do some too-little-too-late damage control.Ten Years AgoThis week in 2008, following the death of HD-DVD, the next question was whether Blu-Ray would actually catch on in a big way. We now know it did, though early price hikes didn't help. But it certainly had nothing to fear from an ill-advised late entrant into the format wars. Meanwhile, having expressed displeasure with the agency's approach, EMI decided it wouldn't quit the IFPI, but would stop paying so much for its lawsuits against fans, while the IFPI was turning its sites on ISPs instead (and unsurprisingly triggering the Streisand effect when trying to block websites).Fifteen Years AgoThis week in 2003, we watched the steady emergence of video game development courses at colleges, had an early discussion about Americans using the internet to find alternative news sources, and perhaps didn't realize just quite how revolutionary Amazon's focus on web services would be. There were still five big record labels but they were looking to merge (while betting a tad too heavily on enhanced CDs), McDonald's became the second huge chain to start offering free wi-fi, and we looked at the debunking of a hoax story about a cyberwar virus targeting Iraq (though that idea wouldn't seem so crazy seven years later when we all learned about Stuxnet in Iran). Also, Techdirt got chosen by Forbes as one of the five best tech blogs.

We recently wrote about an important judgment from the EU's top court, the Court of Justice of the European Union (CJEU). The ruling said that that corporate sovereignty provisions included in trade deals between the EU's member states were illegal. Significantly, the logic behind that decision suggests that any form of investor-state dispute settlement (ISDS) -- the official name for the corporate sovereignty framework -- even in trade deals involving countries outside the EU, would be forbidden too. Christina Eckes, professor of European law at the University of Amsterdam and director of the Amsterdam Centre for European Law and Governance, believes that the implications of the CJEU ruling are even broader.Eckes says that in the wake of the judgment, serious doubts hang over the investment chapter in the Canada-EU trade deal, CETA, which has still not been ratified by all EU member states yet -- a process that is necessary before it comes into force definitively. In fact, Belgium has explicitly asked the CJEU to rule on the legality of the Investor Court System (ICS) in CETA, which is the modified version of corporate sovereignty that supposedly addresses its flaws. As a result, a ruling on whether CETA's investment chapter is legal is definitely on its way, and could have major implications for CETA and its ratification. However, Ecke points out that there is something called "EU loyalty", which:

Buzzfeed has obtained files the NYPD never wanted the public to see. This isn't the result of a protracted public records battle, but rather the work of an anonymous whistleblower. Presumably, those further up the chain of command are already familiar with the department's disinterest in holding officers accountable, so there's no whistleblowing outlet there. Also, presumably, the Civilian Complaint Review Board's hands are tied and it cannot hand out disciplinary reports for officers never formally disciplined. So, leak it is. And what a leak it is.

In all of our conversations about video game piracy and the DRM that studios and publishers use to try to stave it off, the common refrain from those within in the industry and others is that these cracking groups are nearly nihilism personified. Nothing is sacred to these people, goes the mantra, and they care nothing for the gaming industry at all. If the gaming industry is destroyed, it will be because of these pirate-y pirates simply not giving a damn.This notion is belied by the story of Crackshell, makers of indie spinoff of the Serious Sam franchise called Serious Sam's Bogus Detour, and Voksi, an individual that runs a game-cracking ring. Voksi has been featured in our pages before as one of the few people out there who has been able to consistently defeat the Denuvo DRM, helping propel the software's precipitous fall from grace. If a game developer and a game-cracker seem to be natural enemies, it will come as a surprise to you that they have recently teamed up to try to resurrect Bogus Detour from the bin of failure.The whole story is useful for debunking the notion that these pirate sites and those that run them are pure venom for the game industry, but it's particularly useful to hear how this relationship came to be.

A chief federal judge in Chicago has handed down a scathing opinion calling ATF stash house stings an "ends justifies the means" evil that needs to be "relegated to the dark corridors of our past." The opinion shuts the door on two defendants hoping to show the ATF's fake robberies of fake stash houses filled with fake drugs were racially-biased, but it does show even without the taint of bias, the sting operations are exploitative and useless. (via Brad Heath)The opinion [PDF] has nothing good to say about the stash house stings. It opens with numbers that certainly appear to show racial bias and it doesn't let up from there.

It's become quite fashionable these days to gripe about the Internet. Even some of its staunchest allies in Congress have been getting cranky. Naturally there are going to be growing pains as humanity adapts to the unprecedented ability for billions of people to communicate with each other easily, cheaply, and immediately for the first time in world history. But this communications revolution has also brought some extraordinary benefits that we glibly risk when we forget about them and instead only focus the challenges. This glass is way more than half full but, if we're not careful to protect it, soon it will be empty.As we've been talking about a lot recently, working its way through Congress is a bill, SESTA/FOSTA, so fixated on perceived problems with the Internet (even though there's no evidence that these are problems the Internet itself caused) that it threatens the ability of the Internet to deliver its benefits, including those that would better provide tools to deal with some of those perceived problems, if not outright make those same problems worse by taking away the Internet's ability to help. But it won't be the last such bill, as long as the regulatory pile-on intending to disable the Internet is allowed to proceed unchecked.As the saying too often goes, you don't know what you've got till it's gone. But this time let's not wait to lose it; let's take the opportunity to appreciate all the good the Internet has given us, so we can hold on tight to it and resist efforts to take it away.Towards that end, we want to encourage the sharing and collection of examples of how the Internet has made the world better: how it made it better for everyone, and how it even just made it better for you, and whether it made things better for good, or for even just one moment in one day when the Internet enabled some connection, discovery, or opportunity that could not have happened without it. It is unlikely that this list could be exhaustive: the Internet delivers its benefits too frequently and often too seamlessly to easily recognize them all. But that's why it's all the more important to go through the exercise of reflecting on as many as we can, because once they become less frequent and less seamless they will be much easier to miss and much harder to get back.

Lean Six Sigma is a business management methodology that combines Lean and Six Sigma, two methodologies intended to improve performance by systematically removing waste. With the Official Lean Six Sigma Training and Certification Bundle, you'll learn how to tackle the 8 kinds of waste in projects: Time, Inventory, Motion, Waiting, Over-production, Over-processing, Defects, and Skills. Work your way through Yellow Belt, Green Belt, and Black Belt to hone your skills using Six Sigma methodologies, Lean concepts, and DMAIC methodologies. Each course includes a certification exam at the end. The bundle is on sale for $49.99.Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

The UN has decided it's possibly Facebook's fault things are going so badly in Myanmar. Muslims have been fleeing the country in droves thanks to Myanmar security forces engaging in widespread acts of violence (including rape) against them, urged on by hardline nationalist monks.For all intents and purposes, Facebook is Myanmar's internet. Loosening of restrictions on social media access has resulted in a large portion of the population getting all their news (along with all the hate speech the UN is complaining about) via the social media giant. The UN is looking into genocide accusations but has decided to speak up against Facebook first.

Last fall, the Department of Justice announced it would be suing to block AT&T's $86 billion acquisition of Time Warner. According to the DOJ, it sued to block the lawsuit to protect consumers, arguing that the deal would likely make it harder for streaming competitors to license the content they need to compete with AT&T (especially HBO programming). Consumer advocates have long argued that AT&T (with its decade of well-documented and often comedic anti-consumer behavior in tow) would simply use its greater leverage and power to hamstring competition and jack up rates for consumers (especially with net neutrality dying).While some have argued that the DOJ is simply following antitrust protocol, others (including AT&T lawyers) think the lawsuit is driven by other motivations.That's not a hard case to make given the Trump administration's anti-consumer, anti-innovation, and anti-competition tendencies on other fronts (like net neutrality). Trump's pick to head the DOJ's antitrust division, Makan Delrahim, was also on record, before joining the DOJ, stating he saw no real problems with the deal. Meanwhile Trump's disdain for Time Warner-owned CNN is also well established, and reports have indicated that Trump pal Rupert Murdoch spent much of last year trying to scuttle the deal for competitive reasons (Muroch has also approached AT&T twice about buying CNN).Adding fuel to this fire was a bipartisan group of ex-DOJ officials (from US Attorney Preet Bharara and Nixon White House counsel John Dean) that, last week, filed an amicus brief with the court urging an inquiry into whether any potential laws were broken. The brief doesn't even mention Murdoch, and instead focuses on the obvious, inherent problems in scuttling a merger just because the President doesn't like one of the media outlets involved:

We've made the point for a long time that, on a long enough timeline, pretty much everybody is a pirate. The point is that the way copyright laws have evolved alongside such useful tools as the internet makes knowing whether common sense actions are actually copyright infringement an incredibly dicey riddle to solve. Often times without even trying, members of the public engage in infringing activities, up to and including the President of the United States.And, it appears, up to and including entire branches of the United States military, though claims of accidental infringement in this case would appear to be rather silly. Bitmanagement, a German software company that produces virtual reality software, is accusing the US Navy of what can only be described as massive levels of copyright infringement.

Given the sensitive nature of their work, lawyers need to take particular care when communicating online. One way to address this -- quite reasonable, in theory -- is to create a dedicated system with strong security built in. That's the route being taken by Germany's Federal Bar Association (Bundesrechtsanwaltskammer -- BRAK) with its "besondere elektronisches Anwaltspostfach" (special electronic mailbox for lawyers, or beA). However, the reality has not matched the theory, and beA has been plagued with serious security problems. As a post on the Free Software Foundation Europe (FSFE) site explains (original in German)

Supposedly completely of its own volition, Maryland's court system has decided to extend extra rights to law enforcement officers. Going to bat for opacity, the Maryland Judiciary has made it harder for the public to find out what officers are doing (or how often they're being sued). This comes against a backdrop where more sunlight would seem essential, what with several Baltimore police officers facing corruption charges in a wide-ranging investigation that has already netted a handful of convictions and guilty pleas.Citing a favorite cop excuse, the state's courts have decided the public should be less informed.

Law professor Danielle Citron -- best known at Techdirt for her attacks on Section 230 immunity -- has written a paper attacking Google, Facebook, etc., but not for the reasons you might think. Her paper [PDF] points out policy changes that have been made by several tech companies not in response to users or US government activity, but to get out ahead of increasing regulatory pressure in Europe. In the recent past, these platforms routinely defended the rights of everyone around the world to engage in free speech, even if that meant offending local governments. Now, with the internet headed towards enforced Balkanization backed by hefty fines, US companies are now routinely engaging in preemptive censorship of content perfectly legal in the US (and arguably legal elsewhere).

We've written about Trump's long-term personal lawyer Michael Cohen a few times before. The first time was back in 2015 when he made a particularly stupid threat against reporters for reporting on Cohen's own stupid comments. In case you don't remember:

Spoilers suck, sure, but this is the internet and some things cannot be avoided. Still, for those that produce content, there are better and worse ways to handle the issue of spoilers. Some large entertainment groups try to sue over spoilers, but it rarely works. Others settle for mere DMCA takedowns. Most entertainment groups, meanwhile, don't do a damn thing about spoilers, because that's the correct course of action.Still, even with that wide spectrum of past responses, sending legal threats to journalists over spoilers, such as the Lucha Underground wrestling show has done, is a new one for me. The legal threats rest on the NDAs the audience has to sign before attending a show.

NetSpot Pro lets you visualize, optimize, and troubleshoot your wireless networks with any PC so you can get the best connection possible at all times. Use the mapping feature to view dead zones to help ensure that hotspots are placed correctly and radio channels are assigned properly. You can load a visual map, collect survey data, and build a comprehensive heatmap of a network, and more. NetSpot Pro is available for Windows or Mac and is on sale for $39.Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

Update: Late this evening ProPublica retracted and corrected a story from last year, saying that Haspel was in charge of the Thai CIA prison site while Zubaydah was tortured. That does suggest that some of the accusations against Haspel actually should be blamed on her predecessor. As the correction notes, she did not arrive to run the base until October of 2002, after Zubaydah's torture had concluded. However the report quotes the NY Times saying that she did still oversee the torture of Abd al-Rahim al-Nashiri and that she was still involved in the destruction of the video tapes of the torture sessions -- both of which should be disqualifying from the job.In addition, these kinds of mistakes wouldn't be made if the government actually came clean over what it did and who did it. Revealing who ran that prison site and what they did would not harm national security. It would provide an accurate accounting of what really went down. I'm sure that some Haspel supporters will argue that this correction mean that all of the concerns about Haspel are "fake news" even though that's clearly not true at all. Instead, this seems like even more evidence for why the details of her involvement needs to be declassified prior to facing confirmation hearings in the Senate. Our original article is below.As you've probably heard, with the latest in the neverending rotating cast of characters that makes up the current Trump administration, a set of dominoes has been knocked over with the tweeted firing of Secretary of State Rex Tillerson and the nomination of CIA boss (and former Congressional Rep/longtime defender of surveillance and torture) Mike Pompeo to replace him. While Pompeo was a vocal supporter of the CIA's torture program, he didn't actually have any hand in running it. Instead, that distinction goes to Gina Haspel, whom Trump has nominated to take Pompeo's place. Haspel not only oversaw parts of the CIA's torture program, she was also directly involved with the destruction of the video tapes showing the torture procedures. The still classified 6,700 page Senate report on the program apparently contains a lot of details about the program that Haspel ran while running a CIA blacksite in Thailand. Annabelle Timsit has helpfully pulled together some details of what is currently known from the heavily redacted declassified executive summary (you may recall we spent years writing about the fight to just release that summary). What's stunning is that the program so disgusted CIA employees that some were at the "point of tears and choking up" and multiple people on site asked to be moved to other locations if the CIA was going to continue these torture techniques. From the report (see the update above, noting that these quotes were from a couple months before Haspel took over):