We recently wrote about the (somewhat surprising) ruling by Judge Posner in the 7th Circuit appeals court's Flava Works vs. myVidster case, in which Posner pointed out that a site providing links to infringing content is not infringing. He actually ruled that just watching the videos or embedding them are not direct infringement either. As we noted that seemed to have direct bearing on a number of other cases out there, including the criminal charges against Rojadirecta (and against TVShack's Richard O'Dwyer). It appears that Rojadirecta's lawyers wasted little time in letting the judge in their cases know about the ruling. While Rojadirecta's fight is in the 2nd Circuit, hopefully this helps the courts to recognize how ridiculous the governments' charges are. Even if they don't quite agree with Posners' ruling, just the fact that there are significant questions over whether or not linking/embedding are legal, should raise significant questions about the "willfulness" needed to show criminal copyright infringement.

Visually impaired folks have access to more technology than ever before. Despite various setbacks that prevent some ingenious innovations, plenty of developers are still working on hardware and software tools to help out people with disabilities. Here are just a few examples of some interesting projects for the blind.

• An iPhone app called VizWiz helps blind users by letting them take a picture of something that is confusing -- and then crowdsourcing a helpful description to make things clear. This app uses Amazon's Mechanical Turk service to obtain helpful people, and the average turnaround time for a description is 27 seconds. [url]
• The Poet image description tool is open source software that helps to crowdsource image descriptions for digital books. This tool is aimed at textbook illustrations that aren't too helpful for people who can't see them. [url]
• The Tacit project is developing a hand-held sonar device with haptic feedback -- a technological take on the white cane. It's still just a prototype device, but so far, users seem to be able to use it fairly quickly without much training. [url]
• Haptic shoes could help people navigate by vibrating different parts of the shoe to tell the wearer if there are obstacles ahead. These shoes, like the Tacit project's handheld, are based on open Arduino hardware -- allowing other developers to contribute improvements and build upon existing tools. [url]

If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post.

We've written plenty of stories about ridiculous (and ridiculously slow to adapt) government policies that simply don't keep up with the times, which then hinder new, innovative and disruptive services. One company that seems to be running into such things all the time is Uber, who is taking on local state and city regulations around the country as it tries to offer its innovative (and quite useful) transportation service in various metropolitan areas. You may remember the big fight in DC about some regulations that would have hindered Uber by forcing it to charge high prices. Up in Boston, things are even more bizarre. The company has been effectively told to cease and desist from offering its service. This has happened elsewhere, due to various silly regulations regarding cab and livery services, but in Massachusetts they seem to do everything in an especially screwed up manner and this is no exception.

The reason Uber can no longer serve the Boston region: Because they were making use of this crazy newfangled technology called "GPS" to measure the distances that cars traveled for the purpose of billing users.

It seems that the Massachusetts Division of Standards, and its laws covering "weights and measures," is so out of date that it has not been updated to recognize GPS as an appropriate "weight and measure" system for distance. As if to prove just how incredibly out of touch these folks are, in the official letter ordering Uber to stop service, they repeatedly refer to the iPhone as an "I phone." They also refer to the Global Positioning System as the Global Positioning Services. These are the people in charge of killing off innovation. Incredible.

Basically, the state had someone sign up for Uber, take a ride in the car as a "sting" (one of the people in the car's job title is -- and I'm not joking -- the "Sealer of Weights & Measures") and then cite the driver after seeing that he (*gasp*!) used a GPS device on his phone to measure the distance traveled. When Uber pointed out that GPS has been around and widely used for decades, the Massachusetts Division of Standards argued that may well be... but since GPS is not for commercial purposes they can't accept it. Seriously.

Global Positioning Services (GPS ) technology is not an issue as it is and has been widely used in non-commercial applications for a number of years. However, GPS has not been used in commercial applications for assessing transportation charges until Uber Technologies, Inc. introduced its use for this purpose. The major problem at this time is the fact that there are no established measurement standards for its current application and use in determining transportation costs similar to that of approved measurement systems for taximeters and odometers. Massachusetts law does not sanction unapproved devices for use in commercial transactions.

The idea that GPS isn't used in commercial applications is silly. GPS has been widely used by the military for decades and has been used in commercial applications for quite some time as well. It's beyond silly to think that because some clueless "Sealer of Weights and Measures" is still focused on last century's technology that GPS is not a viable (or even common) technology for this purpose. This seems like a clear case of a totally out of date bureaucracy actively hindering innovation for no reason other than general luddism.

Of all the places you might expect philanthropy to flow to unknown musicians, the Hard Rock Cafe would seem to be one of the unlikeliest. Despite its name, the Hard Rock Cafe is known best for being a t-shirt an upscale chain restaurant whose hook is music memorabilia, rather than a forward-thinking music-inclined entity with a constant eye on the cutting edge . While plenty of artists have played their venues over the years, the chain seemed to be happier catering to the fans of music's past, rather than actively promoting new music.

Word comes via the Daily Swarm that the Hard Rock brand is now affixing itself to a boutique label. But this is a label without multi-page contracts or onerous royalty demands. Hard Rock Records is set up to lose money from day one, all in the interest of giving bands that catch its ear a leg up.

The brainchild of CMO John Galloway and A&R co-heads Blake Smith and James Buell, Hard Rock Records is only in its first year and thus far has just one act signed to its roster – the Gulfport, Mississippi roots-rock act Rosco Bandana. More interesting than its late entrance into the record label game is that Hard Rock Records is marking itself as an "altruistic" label, or a non-profit, so to speak.

"We had discussed different variations of a label a few years ago," Buell explains to Rolling Stone. "Everything was netting back to how were we going to make money. After we did our research, it just never seemed like a good idea."

Last year during Lollapalooza, where Chicago's Hard Rock Hotel is the annual ground zero for the fest's biggest after-parties, Galloway approached the two and told them to move forward with the label. "He said, 'No, that's the thing, that's the catch – we're NOT going to make any money," explains Buell.

This is another example of content as advertising. There's little doubt the Hard Rock logo will be displayed prominently wherever these bands play, but in exchange, they'll get tour support and be able to take advantage of Hard Rock's promotional skills and reach. And since there's no catch, each of the four bands signed will be able to keep all the money they've earned and walk away free and clear after 12 months. Not a bad deal at all.

"It's kind of like music philanthropy," adds Smith. "We want to find bands that need a leg up. We take them for a year, make a record with them, give them video money, give them a van, get a booking agent to help them get on the road, and hopefully find them another label that is going to house and better build them for the long-term. We do all this with them, and they keep every penny of everything and they walk after 12 months."

Hard Rock has this built into its advertising budget, which is probably the best P&L line to put it on. A band receiving $25,000 with no strings attached and nothing to recoup is going to find it very hard not to talk up the Hard Rock brand. If nothing else, it will be mentioned every time someone asks the band, well, pretty much anything, really. It might be tough to gauge the ROI from this, but as it's set up now, no one seems to be too concerned. It certainly generates a ton of goodwill for Hard Rock, which usually translates to brand loyalty. 

I don't imagine this experiment will find itself leading a bandwagon, though. There aren't many companies willing to invest $100K into something as ethereal as "karma." But it does add another wrinkle to the music business, bringing back the concept of patronage and treating your artistic investment as some sort of loss leader. Hard Rock does have itself set up to take advantage of any additional business this might drum up. Syncing up new bands and a promotional tour will be frictionless with its existing venues and sponsored festivals. The question isn't how much money the band might make, but how much Hard Rock will see added to its bottom line from dipping its toe into the music industry. Setting the expectation at $0 for the trial run is probably wise, as it makes it nearly impossible to undershoot the goal, as it were.

It's not a business plan by any stretch of the imagination and it's certainly not going to bring about a brave new world of artistic patronage, but it's hard to knock a bit of altruism for its own sake (corporate advertising opportunities, notwithstanding). It's also great news for four bands, who'll get a $25K kickstart and year of worry-free money making. 

With CISPA still floating around in a heavily-revised state and tons of words being thrown at all things cyber-related, it certainly woud seem as though the "defensive" half of the cyber-struggle is covered. But for all the time, effort and money being thrown at the problem, it appears that a very important aspect of "cyber-defense" is being forgotten.

It's an aspect that hackers are well aware of, but is often overlooked in the discussion. Many times, a successful hacking has nothing to do with the weaknesses of this:

and everything to do with the weaknesses of this:

(Photo: CC BY-SA 3.0 Deutsche Fotothek)

The human element is generally considered to be something that sits on the other side of the item doing all the work. But even most robust software and hardware can be rendered as useless as an eMachine loaded with bloat-, mal- and spy-ware by social engineering.

The recent Def Con Hacking Conference delivered a rather chilling reminder of this fact, when contestant Shane MacDougall took home the coveted Black Badge for coaxing 75 pieces of information out of a Wal-Mart store manager in less than 20 minutes.

"Gary Darnell" from Walmart's home office in Bentonville, Ark., called a store in Western Canada. He lamented having to work the weekend.

He explained that NATO was shopping around for a private retailer who could serve as part of its supply chain in the event of a pandemic.

"Or at least that's what they say it's about," Darnell cracked with the store manager. "Who knows, maybe they're practicing for an alien invasion — don't know, don't care — all I know is that the company can make a ton of cash off it."

Darnell told the manager he'd be coming up to Canada to help plan the exercise, which would see NATO types coming in to survey products and later, to buy them in a hurry, as they would in an emergency.

He just needed a little information first.

A "little" information included such detailed store security information, the after-hours cleaning service, its garbage disposal contractor, who provides IT support and what computers, operating systems and anti-virus programs were in use.

Rather than put man-hours into attacking systems designed from the ground up to repel hackers, criminals are returning to the old standby: social engineering. Humans remain the weakest link in any security chain, due to an inherent desire to help people solve their problems.

Case in point: last week's uber-destructive hacking of Wired writer Mat Honan's "entire digital life." It wasn't a matter of brute force, dictionary attacks or any other method commonly associated with cracking passwords. It was a phone call.

At 4:33 p.m., according to Apple's tech support records, someone called AppleCare claiming to be me. Apple says the caller reported that he couldn't get into his Me.com e-mail — which, of course was my Me.com e-mail.

In response, Apple issued a temporary password. It did this despite the caller's inability to answer security questions I had set up. And it did this after the hacker supplied only two pieces of information that anyone with an internet connection and a phone can discover.

Despite safeguards being set up to prevent this sort of thing from happening, a hacker was able to bypass most of the hurdles simply by talking to another human being. From that point on, Honan's life went into nightmare mode:

At 4:52 p.m., a Gmail password recovery e-mail arrived in my me.com mailbox. Two minutes later, another e-mail arrived notifying me that my Google account password had changed.

At 5:02 p.m., they reset my Twitter password. At 5:00 they used iCloud's "Find My" tool to remotely wipe my iPhone. At 5:01 they remotely wiped my iPad. At 5:05 they remotely wiped my MacBook. Around this same time, they deleted my Google account. At 5:10, I placed the call to AppleCare. At 5:12 the attackers posted a message to my account on Twitter taking credit for the hack.

By wiping my MacBook and deleting my Google account, they now not only had the ability to control my account, but were able to prevent me from regaining access. And crazily, in ways that I don't and never will understand, those deletions were just collateral damage. My MacBook data — including those irreplaceable pictures of my family, of my child's first year and relatives who have now passed from this life — weren't the target. Nor were the eight years of messages in my Gmail account. The target was always Twitter. My MacBook data was torched simply to prevent me from getting back in.

This desire to be "helpful" can lead to these situations. As in the Def Con experiment, this innate helpfulness is often combined with another human trait: the willingness to obey authority figures, even when doing so means going against your better judgement. MacDougall's impersonation went straight to the top of the ladder: Wal-Mart's home office. The following, very disturbing example, uses another form of authority. Over the course of a decade, a man claiming to be a police officer used a phone and social engineering to do what can only be described as "hacking" actual human beings:

The McDonald's strip search scam was a series of incidents occurring for roughly a decade before an arrest was made in 2004. These incidents involved a man calling a restaurant or grocery store, claiming to be a police detective, and convincing managers to conduct strip searches of female employees or perform other unusual acts on behalf of the police. The calls were usually placed to fast-food restaurants in small rural towns.

The details of one incident are particularly horrifying:

"Officer Scott", and gave a vague description of a slightly-built young white woman with dark hair suspected of theft. Summers believed this described Louise Ogborn, a female employee on duty. After the caller demanded that the employee be searched at the store because no officers were available at the moment to handle such a minor matter, the employee was brought into an office and ordered to remove her clothes, which Summers placed in a plastic bag and took to her car at the caller's instruction. Another assistant manager, Kim Dockery, was present during this time, believing she was there as a witness to the search. After an hour Dockery left and Summers told the caller that she was also required at the counter. The caller then told her to bring in someone she trusted to assist.

Summers called her fiancé, Walter Nix, who arrived and took over from Summers. Told that a policeman was on the phone, Nix followed the caller's directions for the next two hours. He removed the apron the employee had covered herself with and ordered her to dance and perform jumping jacks. Nix then ordered the employee to insert her fingers into her vagina and expose her genital cavity to him as part of the search. He also ordered her to sit on his lap and kiss him, and when she refused he spanked her until she promised to comply. The caller also spoke to the employee, demanding that she do as she was told or face worse punishment. Recalling this period of time, the employee said that "I was scared for my life".

After the employee had been in the office for two and a half hours, she was ordered to perform oral sex on Nix.

This involved two people in management positions, who ostensibly should have "known better," but instead displayed irrational, but completely "normal" behavior: a willingness to obey an authority figure, even one that was nothing more than a disembodied voice. Social engineers know this, and nearly every scheme will leverage this human trait to its advantage.

With as much as companies are spending on hardware, software and security experts, you'd think a little more care and attention would go into hiring, selecting and training the people who can render thousands of dollars of computing power completely useless. And it's more than just trying to drill security principles into their heads. Def Con had a few suggestions for businesses to keep them from becoming victims of something akin to MacDougall's thorough "hacking" display.

 • Never be afraid to say no. If something feels wrong, something is wrong.

• An IT department should never be calling asking about operating systems, machines, passwords or email systems — they already know. If someone's asking, that should raise flags.

• If it seems suspicious, get a callback number. Hang up and take some time vetting the caller to see if they are who they say they are.

• Set up an internal company security word of the day and don't give any information to anyone who doesn't know it.

• Keep tabs on what's on the web. Companies inadvertently release tons of information online, including through employees' social media sites. "Deep-dive" to see what information is out there.

Of all these suggestions, two stand out. First, an internal "security word" would help trim down the number of successful hacks... at least at first. Once someone lets another person slide because they forgot or didn't get the memo or showed up late for work or "just need to get into the system for a second," it's all over. If this situation is not handled swiftly and dramatically, the "exceptions" to the rule will soon become the rule. That's also human nature.

The second one, tracking what's out on the web, is more useful and should help rein in what's available to outside attackers. But if social media sites are included in this sweep, you'll need a ton of paperwork on the HR end to make it fly, usually earning you the resentment of your employees.

Because the weakest link in the security chain will always be human beings, these humans need to be selected and cultivated properly. Not solely "trained." No amount of role play or instructional videos will prepare them for determined social engineers. This won't be because companies fail to recognize the importance of the job they perform, but because these companies will fail to recognize the importance of the individual(s) entrusted with keeping them secure.

Without a doubt, you need the right people for the job. Because the job itself often devolves into little more than keeping logs and handling password/privilege requests, it's often mistaken as being something anyone could do with the proper training. If you're in charge of staffing security, it's not enough to simply trust them. They have to trust you.

It's a two-way street. First and foremost, the security personnel need to know that you can protect them from the eventual fallout that comes as a result of doing their job properly. It's not tough to imagine a situation where a higher-up is in need of a password change but can't meet any of the requirements needed to approve this change. Denying a request to the wrong person (i.e., someone powerful within the company) could put jobs on the line just as quickly as handing out user info to an outside attacker.

As the head of this staff, you need to prevent this fallout from settling on your team. Feeling heat or receiving retribution for doing a job the way it's supposed to be done damages the security of the company, turning well thought-out rules into mere guidelines and worse, turning good employees resentful. If the security staff feels they'll be the scapegoat for common situations like these, it impairs their ability to make solid decisions and opens the door for social engineers to appeal to their basic humanity (dignity, confidence, etc. -- anything that's been damaged by scenarios like this) in order to get the information they want.

Protecting the staff from this sort of retribution shows them that they're covered if things go wrong. This frees them up to make better decisions, rather than tangling them in the minutia of day-to-day compliance. If they know, and have seen it proved, that they're trusted to make the right decisions, rather than micro-managed or forced to run checklists against a policy manual, they'll work with more confidence. More confidence in their own skills and intuition will make them less susceptible to being flattered (by appealing to the power they wield and/or resurrecting their sense of duty for a "higher cause") into allowing access to the system and information they're in place to protect.

TL;DR: The trust an entity has in its security staff is less important than the trust the security staff has in the entity it's protecting. Any policies and protocol put in place are only as good as the people behind them.

"Cybercrime" investigator Rob Holmes has an interesting post arguing that seizing domains is a recipe for making the problems of illegal activity online even worse. He takes credit for being one of the first to suggest that domains could be viewed as "tools" of a criminal, thus making them ripe for seizure. However, he's not impressed by those in law enforcement who are eagerly seizing domains by the dozens -- in part because he thinks it helps actual criminals more than it hurts them:

The reason we are fighting the good fight is to stop people from doing bad things and hold them accountable for their actions. Whether you are enforcing trademark rights or car thefts, this has to be done one person at a time. In 2010 a client asked me what we could take away from the offenders to make them stop. My simple answer was “Their freedom.” Entrepreneurs will always find a way to do business. Bad guys need to be put away to reflect on their actions. Nothing else will stop them. When you take away only the tool, you are training the criminal to improve. I am not in the business of training crooks. Are you?

This, of course, is a different perspective. Most of us have been concerned about the free speech and collateral damage issues raised by domain seizures. But Holmes is making the argument that, even when we're talking about confirmed criminal activity, domain seizures are counterproductive because they're going after a tool rather than those actually responsible.

We've had plenty of stories about attempts to reveal anonymous commenters. Time and time again, we've pointed out that there needs to be a very high bar for legally requiring the identification of such commenters, because the right to anonymous speech is recognized by the courts as being protected by the First Amendment. Yet, many seem to ignore this -- and quite frequently we even see government officials themselves seeking to uncover anonymous commenters. However, as Paul Levy has pointed out, Shelby County, Tennessee has taken an attempt to uncover the identities of anonymous commenters to new levels: seeking the identities on somewhere around 10,000 anonymous comments posted to the website of Memphis' local newspaper, the Commercial Appeal.

The link explains the reasoning behind this, but the short summary is that Shelby County (home to Memphis) is trying to push back on a state law. The reasons Shelby is pushing back may be noble (it appears to feel that the reasons for the law itself are based on racism), but even so, that's no excuse for stripping away anonymity on thousands of comments. Levy is helping in trying to block these subpoenas:

The Commercial Appeal, standing on its own First Amendment rights as well as the rights of customers who have registered to post comments on its web site, has served Rule 45 objections to the subpoena. The objections, which I signed along with Lucian Pera, long-time counsel to the Commercial Appeal, argue that this theory – assuming that it is the basis for the subpoena – is not a sufficient reason for depriving members of the public of the First Amendment right to debate the propriety of government policy on an anonymous basis. In addition, we argue that because the subpoenas have been issued by government bodies, they are precluded by federal statutes that limit government access to such information to cases involving a probability of criminal wrongdoing. Indeed, the very same firm that is representing Shelby County was forced to withdraw a subpoena on behalf of the City of Memphis, seeking to identify a blogger who criticized the city's police chief, for the same statutory reasons.

Furthermore, he points out that the attempt to reveal such a massive number of commenters, indiscriminately, is somewhat breathtaking. The very scale of the attempt clearly suggests that the goal here has little to do with actually uncovering illegal activities, and is almost entirely about creating a chilling effect on public speech. Even if that speech itself is reprehensible (such as racist commentary), that doesn't mean that we should support such a blanket subpoena wiping way First Amendment rights.

Even apart from the question whether the legal theory behind the subpoena can meet the test of a compelling state interest, needed to overcome the right to speak anonymously, is the sheer indiscriminateness of the subpoena, seeking to identify everybody who spoke about the issue underlying the legislation regardless of whether they favored the consolidation or opposed it, and whether they expressed racist views or not. In past cases involving Doe subpoenas, it has often seemed to me that the plaintiff had the germ of a good case, and perhaps a reason to identify one or two critics, but then obscured the merit of its case by throwing everything but the kitchen sink into the subpoena. Here, the very breadth of the subpoena suggests that County's motive is to chill public discussion of an important policy question, by sending the message that if you speak out, you will be subpoenaed.

In the dozen years that I have been litigating cases involving Internet anonymity, I cannot recall any case involving close to so many anonymous speakers. In Pilchesky v. Gatelli, the chair of the Scranton Pennsylvania City Council sought to identify about ninety different Scranton citizens who has posted hurtful comments about her on a community message board established by one of her critics, and in Donato v. Moldow, officials of the Borough of Emerson, New Jersey sought to identify the authors of more than one hundred critical comments. In both of these cases, the trial courts upheld the right to speak anonymously and quashed the subpoenas (with a small number of exceptions in the Pennsylvania case – and those identities were preserved on appeal). A large number of posters were also involved in my first case involving a subpoena to identify anonymous speakers, when Northwest Airlines sought to identify flight attendants who had advocated a "sickout" during collective bargaining negotiations.

Shelby County subpoena outstrips these cases in indiscriminateness by a factor of ten or even a hundred – more than 9300 comments remain on the stories, and the removed comments likely take the number of comments at stake in this case beyond ten thousand. Many of the comments were posted by repeat customers (we can tell because, as on most newspaper web sites, only registered users can post comments), but the estimate so far is that more than 2000 separate people are facing possible denial of the right to speak anonymously. Even most file-sharing cases pale by comparison: the recording or movie companies typically sue and seek to identify only hundreds of anonymous uploaders at a time.

Hopefully the county pulls back the subpoena.

In June, we underlined the disturbing UK ruling that found Anton Vickerman guilty of "conspiracy to defraud" for operating SurfTheChannel, a TV link indexing website that hosted no infringing content whatsoever. The case raised huge concerns from the very start, when police invited FACT (a private anti-piracy group) to join the raid on the STC offices—and it culminated in a man facing up to 10 years in jail for building a popular website, despite not actually facing charges of copyright infringement since he did no such thing. The "conspiracy" charge allowed a conviction on the basis of Vickerman maybe-kinda-sorta being adjacent or somehow connected to infringement even though no specific copyright laws were broken.

Now, the sentencing has come down, and Vickerman will be spending four years in prison. Four years of his life... for operating a non-infringing website. All on the basis of a charge that failed against two extremely similar sites. Not only does this seem like an insane punishment, it is going to create a massive chilling effect on innovative online services. Of course, FACT is extremely proud of both these things:

"This case conclusively shows that running a website that deliberately sets out to direct users to illegal copies of films and TV shows will result in a criminal conviction and a long jail sentence," FACT Director General Kieron Sharp says.

"The sentencing indicates the severity of the offenses committed and the sophistication of [Vickerman's] criminal enterprise and should send a very strong message to those running similar sites that they can be found, arrested and end up in prison."

That's quite the picture to paint of STC. In reality, the site did not aim to direct users to illegal copies—merely to help users find film and TV content online. There happens to be a lot of it—including lots of legitimate content from a variety of sources like Hulu and the networks own websites. STC, with its community-driven model where users submit and vote on the quality of links, indexed all those legitimate sources—as well as many infringing links that were also submitted. STC even had commercial partnerships with networks like A&E and the Discovery Channel—and there were suggestions that the MPAA pressured those networks into ending the relationships before the trial, in order to better paint STC as a dedicated piracy service. And there was little or no evidence that Vickerman was involved in uploading or even sourcing the community content, infringing or otherwise, which is why a direct charge of copyright infringement didn't happen. Meanwhile, merely linking is not a crime. So what's left? Just the vague charge of "conspiracy to defraud", which sounds a lot like "felony interference with a business model", or basically "doing something we just don't particularly like." This isn't the first time UK conspiracy laws have been used in highly questionable ways—in fact, it's been a subject of controversy there since the 70s, when a judge infamously stated that a conspiracy charge could be based on as little as "a nod and a wink."

Anton Vickerman is paying the price for doing nothing more than making it easy to find content online. It's not unlike Google being browbeat into filtering results from supposed pirate sites—the entertainment industry doesn't want to compete by offering more legitimate options, and it doesn't want to go after the actual people doing the infringing, so it tries to find ways to put all the pressure on intermediate third parties who aren't directly guilty of anything, just because it's easier and faster. Innovation gets blocked, innovators get put in jail, and the industry doesn't have to lift a single competitive finger. This is an unfortunate outcome that, once again, does absolutely nothing to stop piracy, since eliminating one ultra-popular site like STC only clears the top spot for the hundreds of similar sites that are jockeying for the position. Even if it was effective at scaring all such sites out of the UK, they would only pop up in other countries, or people would just move on to the next easy method of finding what they want. Vickerman's questionable conviction and ridiculous sentence send only one message that has any impact: don't operate user-driven websites in the UK.

A French porn star, Celine Tran, more widely known as "Katsuni," is suing the rapper Bow Wow (real name: Shad Gregory Moss) and his label, Universal Music, for using clips from a video she did for a different music act in his own video. In the interest of understanding the details of the lawsuit, I watched both videos, which are embedded here. While there's no actual nudity, there's a fair bit of pole dancing in very little clothing, which -- depending on your workplace -- may be considered not safe for work. Consider yourself warned (or more interested, as the case may be). First up, the video Katsuni did with the French band, Electronic Conspiracy, for a song called "Conspiracy Strip Club." Next up, Bow Wow's video, for a song called "Drank in my Cup." From the original description, I had thought that the producer of the Bow Wow video had just found someone to perform the same dance moves, and perhaps it was a Beyonce-like situation over copying choreography. But, watching the two videos, it's pretty clear that whoever made Bow Wow's video just used the original footage in his video. As the legal filing makes clear, 62% of Bow Wow's video is actually footage from the other video. That's pretty damning.

But... this isn't a copyright claim.

And that's where this gets a bit more interesting from the legal perspective. Whoever holds the copyright on the original video may have a very legitimate copyright claim here. But that's not who's suing. It's Katsuni, who is the woman who performs in the video. But she doesn't hold the copyright -- so, instead, she's using a publicity rights claim. We've talked a lot about how popular publicity rights claims have become lately, and the concept is a bit of a mess, in part because it's based on state laws, and they're all different. This one relies on California's publicity rights law, and claims that Bow Wow is using her "likeness and image to promote BOW WOW's career and music."

It's interesting to see how she's basically using publicity rights as a poor man's copyright here (though, perhaps the copyright holder will sue as well). It gives us a hint of what may happen much more frequently thanks to the performer's rights treaty signed in Beijing a few months ago, giving performers like Katsuni extra special copyright-like rights in all of their performances. We haven't changed the law in the US yet to implement that, but in the short term, it looks like publicity rights claims may get the job done.

Either way, once again, we're seeing how a major label -- the same ones screaming about others copying their stuff -- seems to think that different rules apply when they copy the works of someone else. Universal Music is the largest record label on the planet and one of the most aggressive in enforcing its copyrights. But, apparently it has no problem copying someone else's video...

We've written a couple of times about Indian ISPs overblocking websites in response to vague court orders to try to prevent copyright infringement of a particular film. The responses seemed like massive overkill, such as blocking complete access to certain sites -- including sites like Vimeo -- that have perfectly legitimate reasons for existing. It seems that this overkill may be coming back to haunt some ISPs. Airtel has now been penalized by a Consumer Forum in India for going too far with its blocks. Airtel was ordered to pay one of its customers 20,000 rupees (or about $360) for "deficiency in Internet service, thereby causing mental anguish to the complaintant."

The order said that Airtel misinterpreted the original court order, and couldn't justify its actions by hiding behind it.

“By misinterpreting the Madras High Court order, Airtel blocked entire websites. It is needless to say that the company’s actions amount to deficiency in service as well as unfair trade practice,” said the forum.

Of course, the article goes on to note that there has been some confusion over what was originally asked to be blocked. The anti-piracy company, Copyright Labs, who asked for the block order, claimed that it had only asked for specific infringing URLs to be blocked, but a freedom of information request revealed that it had actually asked for blocking of entire websites.

All in all, this highlights some of the many problems that occur when you give copyright holders the power to order outright censorship. It's good to see some push-back. If other customers in India file similar complaints, perhaps ISPs will think twice before engaging in widespread censorship.

Not too long ago, we wrote about how lots of fans of (then) Kentucky basketball player Anthony Davis were creating and buying bootleg merchandise based on the phrase "fear the brow!" which is associated with him because of his prominent unibrow. Of course, after graduating and turning pro, Davis immediately sought the trademark on the phrase, so that only he could profit from it. But now, Stephan Kinsella points us to another college athlete for whom "bootleg" apparel is apparently an issue. LSU football player Tyrann Mathieu has been nicknamed "Honey Badger" after this famous memetastic YouTube video about how "Honey Badger don't care." Not surprisingly, fans of Mathieu want to support him, and have created various apparel and signs and the like, making use of the Honey Badger name, as well as statements from the video. All of this resulted in LSU warning that Honey Badger Does Care and that its "Compliance Office" was sending out cease & desist letters to any products that have the name or likeness of Mathieu, including the phrase "honey badger" accompanied by Mathieu's uniform number (7), his name, image or anything that associates it with LSU.

Now, much of this is because of completely asinine NCAA rules against selling products that advertise student athletes (even without their knowledge or permission). But, the overall concept seems even more ridiculous when you realize that the whole Honey Badger meme comes from somewhere else entirely. Is it really that wrong that fans of Mathieu want to celebrate a player they like?

Gizmodo.com published an article, Smoke & Mirrors: The Greatest Scam in Tech, about Redmond's venture, Peep Telephony. In addition to using the word "scam" in the title, the article had lots of denigrating things to say about Peep and about Redmond's prior initiatives. (The opinion lays out the beefs, although some of the hot spots are apparent from a quick review of the initial article). Gizmodo subsequently published Redmond's rebuttals. Later, Redmond apparently decided the rebuttal wasn't enough and asked Gizmodo to remove both articles, which Gizmodo declined to do. Redmond then sued Gizmodo's parent Gawker Media for defamation. The court dismissed the case on anti-SLAPP grounds, and that means Redmond will owe a check to Gawker for his lawsuit.

The court has no problem finding that Peep Telephony's activities were a matter of public interest, as Peep Telephony had received some high-profile coverage from technology reporters before Gizmodo's story, and Redmond apparently had been trying to stir up press coverage in advance of the 2011 CES conference. The court summarizes that the "Gizmodo article was a warning to a segment of the public--consumers and investors in the tech community--that Redmond's claims about his latest technology were not credible."

The court also says that Redmond's beefs relate to statements of opinion, not fact. The court notes that the word "scam" as not a factual assertion (a dicey outcome), the article was written in a "casual" and "sarcastic" first-person style ("the article's general tenor and language would give a reasonable reader the impression the authors were expressing subjective opinions, not reporting facts"), and the article used weasel words, such as "seems," "arguably," "looks like," etc., to qualify key fact-like assertions.

The most interesting part of the opinion is where the court talks about the article's "transparency." The court says (emphasis added):

The sources upon which the authors rely for their conclusions are specified, and the article incorporates active links to many of the original sources--mainly Web sites and promotional material created and maintained by Redmond and his ventures....Having ready access to the same facts as the authors, readers were put in a position to draw their own conclusions about Redmond and his ventures and technologies....Statements are generally considered to be nonactionable opinion when the facts supporting the opinion are disclosed.

This is true, of course, but a point often lost when defamation plaintiffs are breathing fire. A properly-cited article, filled with hyperlinks to original source materials, should be extra-resistant to defamation claims--even if written with typical blogger snark. Readers can easily inspect the source materials themselves and make their own judgments about the article's veracity. Thus, either the citations provide proper factual support for the article's opinion, or the links should eliminate any problems with the author's knowledge (where that matters to the prima facie defamation claim, which would have been the situation here). Either way, the defamation claim should fail, as it did here.

So this decision is a great ruling for bloggers. Unfortunately, it's unpublished (like far too many California appellate court opinions), which limits its precedential effect. To fix this, my RA and I are planning to request that the court publish it. Even if it remains unpublished, perhaps the ultimate takeaway--that defamation claims against well-cited blog posts will be quickly dismissed by anti-SLAPP laws and lead to the plaintiff paying money to the defense--will help dissuade similar lawsuits nonetheless. Especially in a situation like this, where the potential plaintiff already had gotten an on-the-spot rebuttal, suing over a blog post like Gizmodo's rarely makes sense.

From time to time, we talk about the issue of orphaned works and how these out of print books are doing nobody any good. The public loses out as they are out of print and very often can't be found. The authors or owners of the copyright lose out because no one is buying them any more. Often times, the person who owns the copyright has no idea they own it. There is a definite need to help all parties involved in this murky area by bringing these works back to life. That is what one recently opened book store, Singularity & Co., plans to do.

Via BoingBoing, we learn that this store plans to rescue one out of print sci-fi book each month by seeking out the owner of the copyright and purchasing the rights to publish the ebook.

We love books. A lot. And we love sci-fi books, new and old. But mostly old. And there are a lot of great old sci-fi books out there that are out of print, out of circulation, and, worst of all, not available in any sort of digital format. Given the subject material, that’s just not right. So here’s what we’re going to do. We’re going to open a bookshop, both online and in real life, in Brooklyn, NY where we live and work. It doesn’t have to make much money. It doesn’t have to make any money at all, since our day jobs cover our rent.

But what it will do is let us choose one great out of print work or classic and/or obscure sci-fi a month, track down the people that hold the copyright (if they are still around), and publish that work online and on all the major digital book platforms for little or no cost. Every month on this website visitors will get to vote on the next great but not so well remembered work we will rescue from the obscurity of the past.

This is certainly a huge undertaking, especially if the community votes to revive a work that has a really tough to find copyright holder. But as they succeed in bringing these books back from obscurity, they will achieve success, not just in this endeavor, but also as a book store. We have mentioned before that if brick and mortar book stores want to compete in the modern age, they have to think outside the box. This particular effort may not succeed (though we hope it will), but these kinds of experiments keep happening, and inevitably will lead to interesting new success stories.