|
by Tim Cushing on (#1PWXT)
The magical, wonderful, oft-abused National Security Letters have been deemed Constitutional, thanks to the vague promise of reviews by courts and government agencies to determine whether or not the normally-indefinite gag orders accompanying them can stay in place.The USA Freedom Act took away the "indefinite" part of the equation, stipulating that NSL gag orders must be justified by periodic reviews. Unfortunately, "periodic" was left open-ended. The language only specifies "appropriate intervals." It does place the burden on the government to prove that a NSL's gag order is still necessary, but makes no specific demands on how often the government should have to make these assertions.The FISA court, however, has specified what a "periodic review" should entail -- at least narrowing down what period "periodic" should mean.In this order [PDF], a redacted company exercised its USA Freedom Act option to demand a review of gag orders connected to two NSLs it had received. After some in camera presentations to the FISA court, along with some discussion between the NSL recipient and the FBI, it was agreed that the gag orders could stay in place for the time being, but that the FBI should be given the burden of specifying a time frame for periodic reviews, rather than forcing the recipient to file petitions repeatedly until the gag orders were finally determined to be no longer necessary.The order redacts the number of years these gag orders have been in place, but it's safe to assume the number hidden behind the gray box is larger than one.The court looks to the Attorney General's own gag order termination policy, crafted in response to stipulations in the USA Freedom Act. Unfortunately, it doesn't do much to narrow down what sort of "period" a "periodic review" covers. The policy says the FBI only needs to review its NSL gag orders every three years or at the close of an investigation. As the court notes, this is far from satisfactory.
|
Techdirt
| Link | https://www.techdirt.com/ |
| Feed | https://www.techdirt.com/techdirt_rss.xml |
| Updated | 2026-07-14 03:02 |
|
by Tim Cushing on (#1PWPG)
Kashmir Hill is asking an interesting question over at Fusion: in the wake of Democratic National Committee email hacking, will political leaders start scaling back their war on encryption?
|
|
by Mike Masnick on (#1PWGD)
The case of the monkey selfie keeps getting weirder and weirder. I'm not going to rehash the whole damn story again -- just click the monkey selfie link above and scroll through the posts. Here's the super short version though: A British photographer named David Slater left his camera on the ground in an Indonesian jungle, where a macaque monkey (which we're now, much later, told is named Naruto, though there's some dispute over this) approached the camera and took a selfie. There were all sorts of debates online about whether or not there was any copyright in the photo and, if so, who owned it, with Slater repeatedly insisting that he did (and occasionally having representatives threaten us). A few years later, out of the blue came PETA, claiming that it represented the monkey (Naruto) and was suing Slater for copyright infringement for publishing a book with the photos. A judge, rightly, tossed out the lawsuit, pointing out (as we had argued from the very beginning) that a monkey has no right to a copyright, and the law only applies to human persons. PETA and its actually well-known and until now mostly respected law firm, Irell & Manella, have appealed the ruling.
|
|
by Mike Masnick on (#1PW9J)
Over the past few months, the legacy recording industry has coalesced around a new talking point -- a so-called "value gap" between different kinds of music services. In particular, the phrase is used to attack YouTube and to claim that it's somehow unfair that the ad rates and money made from the ad supported YouTube is much lower than purely subscription services. This has lead to the repeated false claim from the RIAA and others that revenue from vinyl records is more than from ad supported streaming.
|
|
by daily.deal on (#1PW9K)
If you are interested in learning more about Linux, the Linux Essentials Bundle for $39 has what you need to get started. Throughout over 50 hours of training, you'll start from the absolute beginning and work your way through BASH and Shell scripting, administering Linux/UNIX systems, creating apps with Docker, and more.
|
|
by Karl Bode on (#1PW5B)
It's becoming abundantly clear that the lessons of the cord cutting age are not sinking in at Comcast/NBC Universal headquarters. Last Friday night, NBC aired the Olympic opening ceremonies, but spent the weekend being mercilessly ridiculed on social media for a broadcast that was not only showy and hollow, but absolutely slathered with not just ads -- but the same ads shown over and over again. Viewers, many of whom were already annoyed by NBC's refusal to show the opening ceremonies live, made their displeasure abundantly clear:
|
|
by Mike Masnick on (#1PVYQ)
Nearly a decade ago, we wrote about the fact that the BBC supposedly has a fleet of totally secret "detector" vans that drive around trying to figure out who was watching the BBC without paying for it. As you probably know, if you live in the UK, you're forced to buy a BBC license if you have a TV or a TV turner card. And, for years, they've claimed to have had these magical detector vans. When we wrote about them in 2008, it was because a freedom of information request to find out about the vans was denied for the most ridiculous of reasons: revealing the details of the vans "would damage the public's perception of the effectiveness of the TV detector vans." In other words, the "vans" -- if they exist at all -- were more about scaring people into paying, rather than actually detecting those watching the BBC without a license.
|
|
by Mike Masnick on (#1PVMM)
Interesting move by Cory Doctorow and the EFF in sending some letters to the FTC making a strong case that DRM requires some "truth in labeling" details in order to make sure people know what they're buying. We've been pointing out for years, that DRM often means that you don't really own what you think you bought. The argument is pretty straightforward:
|
|
by Mike Masnick on (#1PW33)
You may have heard that tomorrow is the official day for the Australian census to take place... and many people are planning to ignore it, because of massive security concerns and some incredibly stupid plans by the Aussie government to retain and make use of the data collected. Having an accurate population census is an extremely important tool for a wide range of government services, but especially in an age of increasing (and very legitimate) concerns about government overreach and surveillance, some are reasonably worried about what's done with the data. In the US, it's been made quite clear that census data absolutely must be kept secret and not connected to individuals or used for other purposes.
|
|
by Mike Masnick on (#1PV2R)
You may have heard that tomorrow is the official day for the Australian census to take place... and many people are planning to ignore it, because of massive security concerns and some incredibly stupid plans by the Aussie government to retain and make use of the data collected. Having an accurate population census is an extremely important tool for a wide range of government services, but especially in an age of increasing (and very legitimate) concerns about government overreach and surveillance, some are reasonably worried about what's done with the data. In the US, it's been made quite clear that census data absolutely must be kept secret and not connected to individuals or used for other purposes.
|
|
by Leigh Beadon on (#1PSEF)
This week, we noted how the stupid ban on Olympic tweets was harming athletes, and expressed hope that someone would fight back against the IOC. Jason won most insightful comment of the week by suggesting things go a step further:
|
|
by Leigh Beadon on (#1PPWF)
Five Years AgoThis week in 2011, we saw the surprising ruling that MegaUpload could be guilty of direct infringement in a lawsuit brought by Perfect 10. Another court shut down online movie rental site Zediva, establishing the bizarre fact that the length of the cable apparently makes a difference when it comes to infringement. On the flipside, in another Perfect 10 case, we got the excellent and important ruling that copyright infringement doesn't automatically mean irreparable harm.In the UK, the copyright world was in flux following the Hargreaves Report, with the UK Business Secretary stepping up to back many of its recommendations and even go beyond them. Soon, the UK announced surprisingly good copyright plans based on the report — though it didn't address ridiculous copyright term lengths. At the same time, BPI was using a ruling against Newzbin2 to push for much broader copyright censorship powers, while the UK's pioneering copyright trolls were facing sanctions.Ten Years AgoThis week in 2006, inspired by the success of YouTube, the big media companies were racing to crowd the market for video sharing platforms with their own official offerings, creating a huge mess. MSN was actually a leader in the online video space, but it wasn't clear if that really mattered. DVRs were sort of changing how much TV people watch, and digital filming was changing how actors act.Also this week in 2006: Norway was considering banning iTunes, Germany was trying to stop software resale, and a Minnesota ban on selling video games to minors was declared unconstitutional; the music industry was ironically starting to see CDs as a threat while also trying to sell people music on DVDs for some reason; and, following a semi-victory in the Grokster decision, the RIAA officially commenced its legal action against Limewire.Fifteen Years AgoThis week in 2001, the music labels were excited about their new digital music plans even though it was easy to predict that they wouldn't work out that well. Of course, popular piracy alternatives had big problems too, such as KaZaa installing browser-hijacking adware as a business model and leading to an awareness of the plague of "parasite-ware". DVRs were already changing people's viewing habits back in 2001, and one company was already working on a 3D television — except it turned out to be a complete hoax.Three-Hundred And Thirteen Years AgoWe often talk about free speech and satire around here at Techdirt, so this week let's look back at an iconic moment in the history of those concepts. It was on July 31st, 1703 that novelist and pamphleteer Daniel Defoe (of Robinson Crusoe fame) was arrested and put in the pillory for distributing a satirical pamphlet, on charges of seditious libel. Legend has it the people pelted him not with fruits but with flowers — but the truth of this is shaky at best.
|
|
by Leigh Beadon on (#1PPFZ)
Limited time offer: Support Techdirt and get a Vote2016() t-shirt or hoodie!Yesterday, we launched our latest t-shirt/hoodie on Teespring: a common sentiment about the 2016 election expressed in code:It's only available until Monday, August 15th so be sure to order yours soon! T-shirts are $20, hoodies are only $35, and this time we've also added a sticker option for $4. Support Techdirt and get your Vote2016() gear today!
|
|
Frustrated Public Defender Appoints Governor -- And Licensed Attorney -- To Provide Indigent Defense
by Tim Cushing on (#1PN3B)
Providing public defenders for criminal defendants may be Constitutional but it certainly isn't popular. When states look for places to cut budgets, far too often they find trimming public funding for defense lawyers is an easy way to find extra money without suffering any significant public backlash. After all, this is just money being wasted defending guilty people, right? It's just shady lawyers ensuring criminals are back on the street as swiftly as possible by exploiting loopholes in the system citing violations of their clients' Constitutional rights. To many members of the public, this is money that could be better spent elsewhere -- even as they enjoy the benefits of the Constitutional amendments (4th-6th, mostly), public defenders are constantly protecting from additional damage.So, a right guaranteed by the Constitution becomes a privilege extended by the grace of the state, subject to clawback and only offering defendants the promise that someone with an already-unmanageable caseload will try to fit them in somewhere. Meanwhile, defendants who can't make bail get to sit around in a jail cell until someone from an underfunded public defender's office can attempt to suss out the weaknesses in the prosecution's case in between all the other cases they're already falling behind on.Over in Missouri, Governor Jay Nixon is currently being sued by the state's public defenders after threatening to withhold more than three-quarters of its budget increase.
|
|
by Tim Cushing on (#1PMYG)
Various degrees of hand-wringing (and hasty resignations) have greeted the news that our old Cold War foe -- the Russkies -- were behind the hacking of the Democratic National Committee's computers. (And the eventual embarrassment of those caught on unofficial record jumping on the Hillary Clinton bandwagon well before it became clear Bernie Sanders wasn't going to land the nomination.)Certainly, Vladimir Putin gives absolutely no indication that he cares at all what the rest of the world thinks of him, much less the United States. And if the US government feels the Russian government can't be trusted, a) it's probably right and b) Putin will remain unperturbed. There are indications this was done to assist Trump in his presidential run, but I imagine it makes little difference to those handing down hacking orders -- just as long as it embarrassed US government officials and political leaders.But if there's a high road to be had, the US government can't really claim it. As James Bamford explains in his commentary piece for Reuters, US spy agencies haven't exactly stayed out of world affairs, including local elections.
|
|
by Tim Cushing on (#1PMR2)
The fallout from the FBI's surreptitious bugging of county courthouses in California has coalesced into two motions to suppress -- with two very different outcomes. What makes this even more interesting is that both decisions were issued in the same judicial district.Judge Phyllis Hamilton denied a motion to suppress last week. While she had concerns about the location of the bugs used in the FBI's investigation of property auction price fixing, she reached the conclusion that the recording of conversations that occurred in a public area did not violate the defendants' expectation of privacy. The decision hinted Judge Hamilton would be hard pressed to find any conversation in public -- no matter what attempts were made to prevent bystanders from listening in -- worthy of an expectation of privacy.Judge Charles Breyer, however, has reached the opposite conclusion. Breyer dug deeper into the location of the recording devices and questioned whether the FBI was crossing a line by placing them in areas where privileged conversations might occur.In a decision [PDF] handed down on August 1, Judge Breyer has tossed 200 hours of recordings made by the FBI on the grounds that the eavesdropping violated the defendants' expectation of privacy. (via Joe Mullin at Ars Technica)
|
|
by Tim Cushing on (#1PMJJ)
The Oregon Supreme Court has handed down a ruling that should help prevent the state's computer crime laws from turning into a local level CFAA -- something that can be easily abused by prosecutors to, say, toss someone in jail for two years for 40 minutes of headline altering at a news website.Caryn Nascimento was arrested for theft after using a convenience store's lottery machine to print off thousands of dollars of tickets she never paid for. But rather than settle for the theft charges, the state chose to charge her with unauthorized use under Oregon's broadly-interpreted computer crimes statute.The state appeals court upheld the conviction, prompting the EFF to intervene in her case when it headed to the state supreme court. The EFF pointed out that the appeals court decision would criminalize a lot of behavior normally only subject to companies' internal disciplinary processes.
|
|
by Mike Masnick on (#1PM9Y)
This shouldn't be a surprise. All the way back in 2004, in Adam Jaffe's and Josh Lerner's excellent book about our dysfunctional patent system, Innovation and Its Discontents, one of the key problems they outlined with the system was the fact that there was strong incentives for patent examiners at the US Patent Office to approve shit patents. That's because they were rewarded for how "productive" they were in terms of how many patent applications they completed processing. Now, you might think that shouldn't encourage approvals -- except that there's no such thing as a true "final rejection" from the patent office (they have something called a final rejection, but it's not -- applicants can just make some changes and try again... forever). So rejecting a patent, inevitably, harms your productivity rates as an examiner. Approving a patent gets it off your plate and is considered "done." Rejecting it means having to spend many more hours on that same patent when the inventor comes back to get another chance.
|
|
by Tim Cushing on (#1PM31)
A Louisiana sheriff has just inserted himself into a mess of First and Fourth Amendment violations by using his power to go after an anonymous blogger who claimed he was corrupt. Naomi LaChance of The Intercept has more details.
|
|
by Mike Masnick on (#1PKZ5)
Limited time offer: Support Techdirt and get a Vote2016() t-shirt or hoodie!Techdirt tends to care about policy a lot -- and politics very, very little. But you have to admit that the 2016 Presidential election is fascinating on many different levels -- in part because the unfavorability ratings of both major party candidates is at record breaking levels, and perhaps for good reason. Since you guys seem to have really appreciated our first few t-shirts/hoodies, we decided to create a new one that reflected a more techie perspective on this election, and the recognition of how many people may be voting... expressed in code. Buying one not only gives you a chance to express your opinion (and geek-cred) on the election, but it also helps support Techdirt.Once again, we're using Teespring for this campaign, which means if you want in on the initial run, it's only available until Monday, August 15th, so order yours today. The t-shirts are only $20 and the hoodies are also a steal at $35 — and this time, it's also available as a sticker!
|
|
by Mike Masnick on (#1PKXQ)
There are constant debates over the value of the public domain. As you know, in the US, Congress has repeatedly expanded and extended copyright law to effectively wipe out the public domain. No new works have gone into the public domain because of copyright law (other than works by the Federal government) in many years, and that likely won't change for many years either. The only way works go into the public domain these days are through some sort of public dedication, such as by using the Creative Commons CC0 license -- though very careful lawyers may remind you that even this is not technically putting the work in the public domain. Under the current Copyright Act there really isn't a way to officially put something in the public domain. A copyright holder can only make an effective promise that the work should be treated as if it's in the public domain by declaring it so.
|
|
by daily.deal on (#1PKW3)
The newly updated two-course CompTIA A+ 2016 Certification Prep bundle will give you all the prep materials you need to pass the 220-901 and 220-902 CompTIA A+ certification exams. These certifications validate your understanding of the most common hardware and software technologies in business, and certify the skills necessary to support complex IT infrastructures. This bundle is available for only $24 in the Deals store.
|
|
by Mike Masnick on (#1PKNW)
For the past couple of years now, the Justice Department has been exploring the so-called "consent decree" around music publishing. This was an agreement, first made in 1941, and then reviewed in 2001, on how music performing rights organizations (mainly ASCAP and BMI) could operate without violating antitrust rules. Without such consent decrees, there was a quite reasonable fear that the performing rights organizations (PROs) would abuse their monopoly positions. This is not a theoretical argument. If you look around the globe, there are many, many, many, many, many stories of these organizations behaving badly.
|
|
by Tim Cushing on (#1PKH5)
The United States Olympic Committee (USOC) must spend a majority of the four-year break between Olympics thinking up new, spectacularly petty demands to make of everyone when the next event rolls around. It's always been overbearing and thuggish, but it seems determined to top itself with each new iteration of its sports-related boondoggle.In the run-up to this year's particularly dystopian Olympic games, being hosted in a city without clean water or a clean police force, the USOC has already demanded:
|
|
by Mike Masnick on (#1PK55)
Is there no goodwill that the Pokemon Company's lawyers won't step in and kill off? With the popularity of Pokemon Go, some third parties had started trying to develop some services to go with it, and as part of that, a few have tried to create Pokemon Go APIs. A user going by the name Mila432 had created an unofficial Pokemon Go API in Python, and posted it to GitHub. If you go now, you may notice that the Readme now reads:
|
|
by Karl Bode on (#1PJKP)
We've talked a few times about how incumbent broadband providers often use their ownership of city utility poles (or their "ownership" of entire city councils and state legislatures) to slow Google Fiber's arrival in new markets. In California and Texas, AT&T has often been accused of using the process of pole attachment approval to intentionally block or slow down the arrival of competitors. AT&T also recently sued the city of Louisville for streamlining utility pole attachment rules intended to dramatically speed up the time it takes to attach new fiber to poles.
|
|
by Glyn Moody on (#1PJ0D)
Techdirt has been following the rise of small, low-cost drones for some years. A major milestone was the release of the FAA's draft rules for the devices, which came out last February. Quartz has just published an interesting report of an FAA conference on the future uses of drones in US airspace, at which the following statistic was quoted:
|
|
by Mike Masnick on (#1PHC9)
Over and over again we've seen people try to interpret anything someone says about them that they don't like as defamatory. But just because you don't like what's said, that doesn't make it defamatory -- and that can also apply even if the statements actually were false.
|
|
by Mike Masnick on (#1PH3K)
Getty hasn't been having a very good past few weeks. After getting sued last week by famed photographer Carol Highsmith, after a Getty subsidiary demanded money for her posting her own photographs (which she had donated to the Library of Congress), it's being sued again by independent press agency/wire service Zuma. Zuma claims that Getty was offering 47,048 images of its images for licensing, despite not actually having a license to do so.
|
|
by Mike Masnick on (#1PGTC)
We're back again with another in our weekly reading list posts of books we think our community will find interesting and thought provoking. Once again, buying the book via the Amazon links in this story also helps support Techdirt.
|
|
by Tim Cushing on (#1PGNQ)
A 23-year-old woman, and mother of a 5-year-old child, is dead. She was killed by police officers who came to serve a warrant for failure to appear charges stemming from a March 11th traffic stop. That this ever escalated to the point where bullets started flying is incomprehensible. Then again, much of what the woman, Korryn Gaines, did was incomprehensible.Gaines apparently considered herself a "sovereign citizen," which meant she chose not to recognize whatever laws she felt weren't worth following -- like registering her vehicle, insuring it, and equipping it with valid plates. Instead, she chose to make plates of her own out of cardboard that made some sort of statement about her sovereign citizen status. The traffic stop on March 11th escalated into an altercation with officers, resulting in more charges being added to the traffic violations.When the SWAT team arrived August 2nd, Gaines warned the officers she would shoot them if they did not leave.
|
|
by Karl Bode on (#1PGDH)
The FCC's attempt to bring some much needed competition to the cable box has birthed an absolute torrent of lobbying shenanigans by the cable and entertainment industries. They've pushed a flood of misleading editorials in major papers and websites claiming the plan is somehow racist and will unveil a piracy apocalypse. They've nudged Congressional campaign contribution recipients to bash the plan as an extreme case of government over-reach. They've also managed to convince the press and some FCC staffers the idea is an attack on copyright, when copyright has absolutely nothing to do with it.
|
|
by daily.deal on (#1PGDJ)
Whether you're on your daily commute or a long road trip, the $25 DashCam Hi-Res Car Video Camera and 8GB MicroSD Card can record what's happening while you're driving with high-quality, up to 1920 x 1080p resolution video. You can store photos and video from your trips on the microSD card. The camera features G-Sensor technology that records even when there is a sudden jerk or shake in case of a sudden stop or an accident.
|
|
by Mike Masnick on (#1PG71)
Paul Resnikoff's Digital Music News site is a worthwhile read, often turning up some really interesting news. However, the site pretty consistently takes the legacy music industry's point of view in the various debates on copyright and music services. To me, it has a somewhat unfair bias against many of the new innovators and music platforms that have helped drag the industry (kicking and screaming all the way) into the internet era. But it's still well written and thoughtful, and I appreciate the work that Paul does, even if I don't always agree with his opinion. So consider it quite a surprise to see Resnikoff call out the RIAA on its completely bullshit attacks on YouTube over the past few months. Resnikoff isn't pulling any punches. He points out that basically all of the music video views on YouTube are licensed, and ContentID (for better or for worse) has basically made it easy for the labels to do a "notice and staydown" like they've been demanding for the past few years:
|
|
by Karl Bode on (#1PG04)
While I don't play Pokemon Go, I've still found the public hysteria surrounding the game to be endlessly entertaining. I've laughed as "get off my lawn" types bitch and moan simply because people are having harmless fun in ways they don't understand. I've chuckled as Pokemon Go players forget that the rules of reality still apply while in augmented reality. And I've laughed at the absurd new lawsuits popping up to try and cash in on the phenomenon.
|
|
by Karl Bode on (#1PFJB)
A few years back, we noted how AT&T had begun charging broadband users a significant premium if they wanted to opt out of the company's Internet Essentials advertising program. Under that program, AT&T uses deep packet inspection to track consumer browsing behavior around the Internet -- down to the second. By default, AT&T users are opted in to the program. If they want to opt out of this data collection, consumers need to not only navigate a confusing array of options, but they also need to pay $44 to $62 more per month. AT&T, in typical fashion, has actually claimed this is a "discount."
|
|
by Glyn Moody on (#1PF21)
The fact that the best-known music streaming service, Spotify, is still struggling to turn a profit despite its huge popularity, is often held up as proof that making money in a world of digital abundance is almost impossible. Of course, here on Techdirt, we've published many posts about people and companies that have adopted various innovative strategies to get around the problem. But what about music streaming as a mass medium: will it ever be possible to make money in this sector?A fascinating article on Mashable shows that it is already happening, but perhaps not where most people are looking. QQ Music is part of the extensive digital empire of the Chinese giant Tencent, best known for its messaging app WeChat, and now the largest Internet company in Asia. Last year, its turnover was $15.8 billion (pdf). As the Mashable article explains, QQ Music's general manager revealed last week that the service is now profitable. One reason is the sheer scale of Tencent's user base:
|
|
by Tim Cushing on (#1PEE1)
It's not just FBI agents playing with Home-Grown Terroristâ„¢ Erector Sets. It's also Canada's top law enforcement agency, the Royal Canadian Mounted Police. When there apparently aren't enough actual terrorists to be found, agencies like these need to front the $40 at Wal-Mart for terrorist supplies, or dupe someone with an IQ of 51 into becoming the latest Indictment Du Jour.Despite this, courts have largely gone along with the charade. It's almost impossible for someone to successfully raise an entrapment defense, whether it's a group of senior citizens who've been molded by undercover agents into an ad hoc terror unit or a bunch of easily-impressed thugs being hounded into stealing nonexistent drugs from fake stash houses.Up in Canada, though, the law enforcement game may be played by the same rules, but one court isn't willing to encourage the RCMP's Build-a-Terrorist shenanigans.
|
|
by Mike Masnick on (#1PDRE)
Like a ton of people and companies, we've been using Slack here. While we saw some folks claim it was revolutionary, we found it to be a nice, but somewhat marginal, upgrade to our previous use of Skype chat rooms. But, over time, it has certainly gotten comfortable, and there have been some nice feature add-ons and integrations that have made it a pretty cool service overall -- though if you really want to use it to its fullest extent and switch to the paid version, it can get pretty pricey, pretty quickly. I also am in a bunch of other group Slack chats, as it's basically become the platform of choice for group discussions.
|
|
by Tim Cushing on (#1PDKG)
Enigma Software joined the long line of aggrieved companies who feel that legal threats and questionable lawsuits are the best form of reputation management. It sued BleepingComputer over a "defamatory review" -- which was actually just a forum post by a member that detailed (with supporting links) its questionable SpyHunter software and its "rogue tactics" over the years.In addition to the defamation claims, Enigma Software also argued that BleepingComputer only did this to steer site readers towards its own products, alleging a handful of Lanham Act violations.Unfortunately, Enigma Software's dubious claims have survived a motion to dismiss by BleepingComputer, thanks to some similarly dubious reasoning [PDF] by the judge presiding over the case. Not only are the Lanham Act claims given far too much credence (thanks to some twisted judicial analysis that assumes that because trademark is a part of the Lanham Act, false advertising claims under the Lanham Act are also intellectual property claims, exempt from Section 230 of the CDA), but the court's decision to allow the lawsuit to process also punches a few more holes in Section 230 protections.Because the author of the post was a third-party contributor, BleepingComputer should not have been held responsible for the content of the post. However, the court appears to be bothered that the user in question was referred to as a "staff member" by BleepingComputer, even if it was actually a volunteer administrative post and BleepingComputer did not directly control the content of the user's contributions.Eric Goldman, in his analysis of the decision, points out that BleepingComputer could have done a better job delineating between actual site administrators and those just helping out, along with providing more comprehensive disclaimers about "superusers" and their contributions to the site.
|
|
by daily.deal on (#1PDJH)
Python is an extremely efficient language that can accomplish complicated tasks with minimal amounts of code. This makes it particularly well-suited to system administration and performing security testing tasks. With the Professional Python and Linux Administration Bundle you'll learn about Python, how to administer a Linux system with Python, and how to create and build websites and apps with Python and Django. You get over 60 hours of training for only $49.
|
|
by Karl Bode on (#1PDA7)
Last year, we noted how the FCC updated its rules governing routers in the 5 GHz band over safety concerns, stating that some illegally modified router radios operating in the unlicensed bands were interfering with terminal doppler weather radar (TDWR) at airports. The rule changes prohibited tinkering with just the RF capabilities of the devices. But engineers, the EFF, hobbyists and custom-firmware developers feared that because many routers have systems-on-a-chip (SOC) where the radio isn't fully distinguishable from other hardware -- vendors would take the lazy route and block third-party firmware entirely.
|
|
by Tim Cushing on (#1PD2D)
If you'd like some more evidence on how civil asset forfeiture has become legalized theft, you need only look at this investigative report by Curt Prendergast for Tuscon.com. Not only is it extremely easy for the government to claim assets are tied to criminal activity, but the obstacles placed in front of individuals to reclaim seized assets are numerous and expensive to navigate -- sometimes outweighing the value of the items seized.On top of that, even when the state loses, it still wins. Arizona residents who have seen their vehicles seized for extremely tenuous connections to criminal activity are still forced to pay an incredible amount of money to reclaim items the state has agreed to return to their owners.
|
|
by Mike Masnick on (#1PCWH)
It's a bit of "common wisdom" on the internet that you hear people repeat all the time, even though it's hogwash: the idea that people act trollishly online because they're anonymous. So many people want to blame the anonymity and demand real name policies. Yet, as we've been pointing out for many years, plenty of people troll under their real names -- and tons of valuable content is posted by anonymous users (including right here at Techdirt).
|
|
by Mike Masnick on (#1PCMN)
Okay, okay, I know that Canada doesn't have a First Amendment like we do down here -- even if people like to joke about it being the 51st state -- but it still seems quite bizarre that comedian Mike Ward has been told to pay $42,000 for making an offensive joke about a singer named Jeremy Gabriel. Ward is planning to appeal, but the fact that he's been found guilty of a "human rights" violation seems ridiculous enough. To be clear, the joke was not a particularly nice joke, but still:
|
|
by Andrew Crocker, EFF on (#1PCGC)
The EFF has put a lot of thought into how we should deal with the issue of government hacking and how it impacts digital security, and so we're reposting Andrew Crocker's excellent article here.In our society, the rule of law sets limits on what government can and cannot do, no matter how important its goals. To give a simple example, even when chasing a fleeing murder suspect, the police have a duty not to endanger bystanders. The government should pay the same care to our safety in pursuing threats online, but right now we don't have clear, enforceable rules for government activities like hacking and "digital sabotage." And this is no abstract question—these actions increasingly endanger everyone's security.The problem became especially clear this year during the San Bernardino case, involving the FBI's demand that Apple rewrite its iOS operating system to defeat security features on a locked iPhone. Ultimately the FBI exploited an existing vulnerability in iOS and accessed the contents of the phone with the help of an "outside party." Then, with no public process or discussion of the tradeoffs involved, the government refused to tell Apple about the flaw. Despite the obvious fact that the security of the computers and networks we all use is both collective and interwoven—other iPhones used by millions of innocent people presumably have the same vulnerability—the government chose to withhold information Apple could have used to improve the security of its phones.Other examples include intelligence activities like Stuxnet and Bullrun, and law enforcement investigations like the FBI's mass use of malware against Tor users engaged in criminal behavior. These activities are often disproportionate to stopping legitimate threats, resulting in unpatched software for millions of innocent users, overbroad surveillance, and other collateral effects.That's why we're working on a positive agenda to confront governmental threats to digital security. Put more directly, we're calling on lawyers, advocates, technologists, and the public to demand a public discussion of whether, when, and how governments can be empowered to break into our computers, phones, and other devices; sabotage and subvert basic security protocols; and stockpile and exploit software flaws and vulnerabilities.Smart people in academia and elsewhere have been thinking and writing about these issues for years. But it's time to take the next step and make clear, public rules that carry the force of law to ensure that the government weighs the tradeoffs and reaches the right decisions.This long post outlines some of the things that can be done. It frames the issue, then describes some of the key areas where EFF is already pursuing this agenda—in particular formalizing the rules for disclosing vulnerabilities and setting out narrow limits for the use of government malware. Finally it lays out where we think the debate should go from here.Recognizing That Government Intrusion and Subversion of Digital Security Is a Single IssueThe first step is to understand a wide range of government activities as part of one larger threat to security. We see the U.S. government attempt to justify and compartmentalize its efforts with terms like "lawful hacking" and "computer network attack." It is easy for the government to argue that the FBI's attempts to subvert the security of Apple iOS in the San Bernardino case are entirely unrelated to the NSA's apparent sabotage of the Dual_EC_DRBG algorithm. Likewise, the intelligence community's development of the Stuxnet worm to target the Iranian nuclear program was governed by a set of rules entirely separate from the FBI's use of malware to target criminals using Tor hidden services.These activities are carried out by different agencies with different missions. But viewing them as separate—or allowing government to present it that way—misses the forest for the trees. When a government takes a step to create, acquire, stockpile or exploit weaknesses in digital security, it risks making us all less safe by failing to bolster that security.Each of these techniques should involve consideration of the tradeoffs involved, and none of them should be viewed as risk-free to the public. They require oversight and clear rules for usage, including consideration of the safety of innocent users of affected technologies.There is hope, albeit indirectly. In the United States, high-ranking government officials have acknowledged that "cyber threats" are the highest priority, and that we should be strengthening our digital security rather weakening it to facilitate government access. In some cases, this is apparently reflected in government policy. For instance, in explaining the government's policy on software vulnerabilities, the cybersecurity coordinator for the White House and the Office of the Director of National Intelligence have both stated in blog posts that the there is a "strong presumption" in favor of disclosing these vulnerabilities to the public so they can be fixed.But the government shouldn't engage in "policy by blog post." Government action that actively sabotages or even collaterally undermines digital security is too important to be left open to executive whim.Finding Models for Transparency and Limits on When Government Can Harm Digital SecurityWhile government hacking and other activities that have security implications for the rest of us are not new, they are usually secret. We should demand more transparency and real, enforceable rules.Fortunately, this isn't the first time that new techniques have required balancing public safety along with other values. Traditional surveillance law gives us models to draw from. The Supreme Court's 1967 decision in Berger v. New Yorkis alandmark recognition that electronic wiretapping presents a significant danger to civil liberties. The Court held that because wiretapping is both invasive and surreptitious, the Fourth Amendment required "precise and discriminate" limits on its use.Congress added considerable structure to the Berger Court's pronouncements with the Wiretap Act, first passed as Title III of the Omnibus Crime Control and Safe Streets Act of 1968. First, Title III places a high bar for applications to engage in wiretapping, so that it is more of an exception than a rule, to be used only in serious cases. Second, it imposes strict limits on using the fruits of surveillance, and third, it requires that the public be informed on a yearly basis about the number and type of government wiretaps.Other statutes concerned with classified information also find ways of informing the public while maintaining basic secrecy. For example, the USA Freedom Act, passed in 2015 to reform the intelligence community, requires that significant decisions of the FISA Court either be published in redacted form or be summarized in enough detail to be understood by the public.These principles provide a roadmap that can be used to prevent government from unnecessarily undermining our digital security. Here are a few areas where EFF is working to craft these new rules:Item 1: Rules for When Government Stockpiles VulnerabilitiesIt's no secret that governments look for vulnerabilities in computers and software that they can exploit for a range of intelligence and surveillance purposes. The Stuxnet worm, which was notable for causing physical or "kinetic" damage to its targets, relied on several previously unknown vulnerabilities, or "zero days," in Windows. Similarly, the FBI relied on a third party's knowledge of a vulnerability in iOS to access the contents of the iPhone in the San Bernardino case.News reports suggest that many governments—including the U.S.—collect these vulnerabilities for future use. The problem is that if a vulnerability has been discovered, it is likely that other actors will also find out about it, meaning the same vulnerability may be exploited by malicious third parties, ranging from nation-state adversaries to simple thieves. This is only exacerbated by the practice of selling vulnerabilities to multiple buyers, sometimes even multiple agencies within a single government.Thanks to a FOIA suit by EFF, we have seen the U.S. government's internal policy on how to decide whether to retain or disclose a zero day, the Vulnerabilities Equities Process (VEP). Unfortunately, the VEP is not a model of clarity, setting out a bureaucratic process without any substantive guidelines in favor of disclosure, More concerning, we've seen no evidence of how the VEP actually functions. As a result, we have no confidence that the government discloses vulnerabilities as often as claimed. The lack of transparency fuels an ongoing divide between technologists and the government.A report published in June by two ex-government officials—relying heavily on the document from EFF's lawsuit—offers a number of helpful recommendations for improving the government's credibility and fueling transparency.These proposals serve as an excellent starting point for legislation that would create a Vulnerabilities Equities Process with the force of law, formalizing and enforcing a presumption in favor of disclosure. VEP legislation should also:
|
|
by Karl Bode on (#1PC1B)
Since Pokemon Go launched last month, we've seen an endless stream of players oddly forget that "augmented reality" doesn't mean the rules of traditional reality no longer apply. Players have spent the last month playing the game in some admittedly "inappropriate" places, while wandering in and out of private property or unsafe areas in a quest to capture virtual monsters. This did, as you might expect, involve a slight learning curve for the nation's police departments as they slowly figured out what augmented reality was:
|
|
by Glyn Moody on (#1PBGV)
As Tim Cushing wrote a few months back, recording the police is a complex and contentious issue in the US. But what about in China? Given the increasing clampdown on the Internet world, it's pretty easy to guess that the Chinese authorities wouldn't take too kindly to members of the public trying to hold the police to account in this way. Easy to guess -- and yet wrong, according to this story in the South China Morning Post (SCMP):
|
|
by Timothy Geigner on (#1PB0J)
We've talked surprisingly little about Whole Foods here at Techdirt. I suppose that the hipster's grocery paradise has somehow evaded most of the trappings of intellectual property concerns. Good on them for that. Less good is the company's recent simultaneous attempts to expand internationally while also applying for a trademark with the USPTO for "World's Healthiest Grocery Store." Neither are going very well, it seems, and it turns out they're interrelated.
|
|
by Mike Masnick on (#1PAPE)
By now, hopefully, you already know about Moxie Marlinspike, the security researcher/encryption guru/creator of the important open source encrypted messaging protocol Signal. However, it's still worth reading Andy Greenberg's big profile on Moxie over at Wired (and, no, he still will not reveal his original name or much more about his history). The whole thing is a good read, but there's one crazy part, where Greenberg asks an FBI official for their thoughts on the guy who is making encryption that he deliberately says he hopes will be used to keep the FBI from spying on certain conversations. The FBI, not surprisingly, is not a fan. But, still, it seems like quite a leap to then make an analogy with the KKK:
|