One of the ironies of European outrage over the global surveillance conducted by the NSA and GCHQ is that in the EU, communications metadata must be kept by law anyway, although not many people there realize it. That's a consequence of the Data Retention Directive, passed in 2006, which:
requires operators to retain certain categories of data (for identifying users and details of phone calls made and emails sent, excluding the content of those communications) for a period between six months and two years and to make them available, on request, to law enforcement authorities for the purposes of investigating, detecting and prosecuting serious crime and terrorism.
Notice the standard invocation of terrorism and serious crime as a justification for this kind of intrusive data gathering -- the implication being that such highly-personal information would only ever be used for the most heinous of crimes. In particular, it goes without saying that there is no question of it being accessed for anything more trivial -- like this, say:
Some Dutch telecommunications and Internet providers have exploited European Union laws mandating the retention of communications data to fight crime, using the retained data for unauthorised marketing purposes.
Of course, the news will come as no surprise to the many people who warned that exactly this kind of thing would happen if such stores of high-value data were created. But it does at least act as a useful reminder that whatever the protestations that privacy-destroying databases will only ever be used for the most serious crimes, there is always the risk of function creep or -- as in the Netherlands -- outright abuse. The only effective way to stop it is not to retain such personal information in the first place.
The video discusses the book Three Felonies a Day by Harvey Silvergate, which we've mentioned in the past. However, a point that was perhaps more stunning was mentioning how Rep. James Sensenbrenner asked the Congressional Research Service to list out the criminal offenses under federal law, and they refused, saying it would be too much work:
The task force staff asked the Congressional Research Service to update the calculation of criminal offenses in the federal code, which was last undertaken in 2008, said task force chairman Representative John Sensenbrenner (R-Wis.)
"CRS's initial response to our request was that they lack the manpower and resources to accomplish this task," Sensenbrenner said Friday. "I think this confirms the point that all of us have been making on this issue and demonstrates the breadth of overcriminalization."
There's clearly something very, very wrong about a criminal code where the governmental agency charged with doing basic research for Congress finds it too big a task to list out all of the crimes listed under federal law. At that point, you no longer have a "rule of law." You have a system of loopholes and gotchas, with enough tricks and traps that anyone can be made into a criminal if the authorities decide that's what they want to do. This isn't to suggest that law enforcement regularly goes after people with trumped up charges -- I don't think they do. However, it does happen sometimes. But, far more common, and equally worrisome, is how this allows law enforcement to pile on additional charges and potential punishment for people accused of relatively minor crimes.
It really was just a few months ago that we were pointing out how ridiculous it was that some were calling for the arrest of Meet the Press' David Gregory for doing journalism. DC's attorney general chose not to go after Gregory, and you might think this would make David Gregory a bit more sensitive to the idea that doing journalism around reporting on the law and legal issues is different than doing a crime. But, on this week's Meet the Press, Gregory had on Glenn Greenwald, and towards the end of their initial Q&A (around the 9:30 mark), Gregory pretty directly suggests that Greenwald should be charged as well for "aiding and abetting" Ed Snowden.
The specific question (though, watching the video gives you much more of a sense of the tone and style in which it was asked) was:
"To the extent that you have aided and abetted Snowden, even in his current movements, why shouldn't you, Mr. Greenwald, be charged with a crime?"
After Greenwald hits back hard and points out the ridiculousness of a reporter "embracing" a theory that would outlaw nearly all investigative reporting on the government, Gregory insists he wasn't "endorsing" the idea, but merely raising the questions that others had. However, watching his initial question, it sure looks like he's directly suggesting that Greenwald committed a crime in reporting on such a huge story, making a huge leap in claiming that reporting on some leaked information is akin to "aiding and abetting."
Later in the show, Gregory's NBC colleague Chuck Todd made even stupider comments, suggesting -- based on nothing -- that Greenwald was more "involved" with Snowden than just as a reporter because Greenwald used to be a lawyer.
Of course, as Trevor Timm points out, during the interview, David Gregory himself repeated information that government officials leaked to him concerning a secret FISA court ruling (information that appears to be incorrect, based on the details that Snowden showed Greenwald, by the way). Given that, if Gregory believes that leaking classified information is a criminal act, then shouldn't Gregory be asking himself if he should be prosecuted?
We've discussed, for years, how copyright maximalists have continually played with and twisted the language to make infringement sound much, much worse. For years, of course, they liked to just call it "piracy," though in the last few years, they've sometimes shied away from that word, complaining that it made it seem glamorous. More recently, it seems they've been focused on calling it "content theft," somehow believing that that's more likely to get a reaction.
Of course, as we've also pointed out time and time again copying is not theft, and the two are exceptionally different:
Of course, the second you start to go down this path, the copyright maximalists accuse you of playing semantics (which really means they don't like it when you prove their analogy isn't accurate at all). However, what if we accept their claim that copyright infringement is somehow "content theft"? Just as a thought experiment, let's grant them their ridiculous premise... and compare the punishment to similar forms of "theft." That's exactly what copyright lawyer Andrew P. Bridges has done, noting that since copyright infringement isn't anything like typical theft (since no product is missing), it could be described in similar terms to other "crimes" that involve someone failing to pay the required amount:
Under the “theft” conception of copyright law, what, exactly, is the deprivation when someone makes illegal copies? It really boils down to just one thing: money. Copyright infringement – renamed copyright theft — deprives the copyright holder of some of his or her expected profit from exploiting the copyright.
What are other, similar kinds of “theft” by depriving someone of expected money? Failure of a tenant to pay the agreed rent to a landlord is one. Parking in a parking space without putting money in the meter is another. Jumping the turnstile to ride on a subway without paying the fare is a third. (And, of course, failure of a studio or record label to pay artists or actors the promised contractual royalties for their work on a record or film is a fourth. But something tells me the studios and labels sponsoring the current bills won’t go near that topic. The bills don’t include rogue studios and labels in their scope.)
Okay, so if we grant them their premise, and then compare it to similar cases where people don't pay the requested fee, but still get the "benefit," then what is the punishment in those other cases? Bridges notices that there appears to be one... um... outlier in the group:
How do the civil damages or penalties for the different types of such “theft” compare? Failure to pay expected money under a contract doesn’t trigger a penalty: contract law usually says that a party can recover the money she expected but not punitive damages or attorneys fees (unless parties have specifically bargained to pay attorneys fees for a breach). Failure to pay rent usually requires payment of rent to cure the default. Failure to put money in the parking meter prompts a ticket for $60. In New York City, failure to pay the $2.50 subway fare results in a maximum fine of $100.
Copyright “theft” is a very different story. Copyright infringement statutory damages in civil litigation can be as high as $150,000 for infringement of a single work. Yes, a single work such as a single song with an iTunes download value of $1. A copyright holder can claim such statutory damages without needing to prove a single penny of damage or loss. Think such sky-high damages aren’t realistic? Think again. In the RIAA’s case against single mother Jammie Thomas, a jury awarded $1,500,000 for the download of 24 songs, with no proof that she had transmitted songs to others. The federal judge thought that was ridiculous and reduced the total award to $54,000 – and the RIAA and MPAA are now arguing strenuously on appeal that the jury verdict should return to the original figure, $62,500 per downloaded song.
What if we work backwards, and see how the law might punish those other, similar, infractions with a damages system similar to copyright:
If we take copyright law’s maximum-penalty-to-price ratio as applied to an illegal download, and apply that same penalty-to-price ratio to the New York subway, the maximum penalty for jumping that turnstile and avoiding the $2.50 fare would be $375,000 instead of $100. Copyright industries are on to a really good thing under current law. One could say it’s a steal.
And yet the industry claims that copyright laws are too weak currently? That seems difficult to square with reality.
A few folks sent over this report of efforts by some researchers at UCLA to create an algorithm that can accurately take data on existing gang-related crimes, and use it to predict what gangs were involved in new crimes. It certainly has that "minority report -- pre-crime" feel to it, though I can certainly see where it could be useful. What concerns me, though, is that systems like this are only as accurate as the data they use. And, as has been reported elsewhere, one of the unintended consequences of such computer analysis of crime data is that it drives police departments to falsify or change crime reports in order to make their own numbers look better. So it makes you wonder how accurate those reports will be if the incentives to fudge the actual crime data continue to be in place.
I don't think that their attacks are necessarily illegal or immoral. As long as they don't break into other people's computers, launching DDoS should not be treated as a crime by default; we have to think about the particular circumstances in which such attacks are launched and their targets. I like to think of DDoS as equivalents of sit-ins: both aim at briefly disrupting a service or an institution in order to make a point. As long as we don't criminalize all sit-ins, I don't think we should aim at criminalizing all DDoS.
That's part of a larger post, where he worries that the government will overreact to these forms of attacks and use it to try to get greater oversight over the internet, and force less anonymity online. Of course, I would imagine that any such attempt to do so would backfire, and simply drive forward efforts to create more truly distributed and underground connections.
Later, Morozov notes that, in Germany at least, courts have said that activism-driven DDoS's are, in fact, the equivalent of a sit-in.
I can see both sides of this argument. Of course, you can also argue that a basic sit-in is a form of trespassing, and thus against the law, but we tend to tolerate it for the most part. But, like many sit-ins, I think the bigger issue is that I'm not convinced these DDoS attacks are even remotely effective. Do they get attention? Yes, absolutely. Especially the attacks on Visa and MasterCard. But will it actually do anything productive? That's not clear. It might make some companies think twice before doing certain things, but I'm not sure it will really matter that much.
The longer term effects may be more damaging. I'm not convinced the government would actually be able to successfully crack down via any attempt to get greater oversight on internet usage, but I think that there is the potential that these forms of attacks will backfire and could make people take the real issues behind censorship and online freedom less seriously, as they're associated with what's viewed as a sort of immature and sophomoric approach to the discussion.
There's been lots of talk about whether or not Google's Street View effort violates anyone's privacy -- and also whether or not it's proper for police to use photos that were uploaded online in charging people with crimes. How about a combination of the two? A property owner in Canada was caught illegally chopping down some trees on a lot, and Google's Street View images appear to catch the tree choppers red handed. It's not yet clear if the Street View images will be used in the prosecution, but it does seem like valid evidence, though again it will raise privacy questions. However, I'm not sure what the argument really would be there, since it would really be no different than a neighbor taking a photograph (it was the neighbors who complained about the tree chopping in the first place).
We've long known that the boundary between US law enforcement and the enforcement wings of certain lobbyist organizations like the RIAA is way too blurry, but TorrentFreak is raising some important questions about why the police will call in RIAA investigators on certain cases, such as one where a speeding stop in Illinois resulted in a cop calling in the RIAA after spindles of writeable DVDs and CDs was found in the car. While the RIAA and law enforcement have a history of working closely together (and many people go back and forth between the two), the RIAA is still a highly biased party here, and shouldn't be involved in investigations where it has a personal stake. While some politicians are trying to turn US law enforcement into the private police of the entertainment industry, that doesn't mean that police should just consider RIAA investigators their peers. So can anyone explain why RIAA investigators should be allowed to be involved in such cases and why no one's called US law enforcement on things like this before?
We've been seeing plenty of stories lately that incorrectly place the blame when people film themselves doing something illegal and put that video online. This should be something where politicians and the police should be thrilled. After all, it makes it that much easier for the police to find them, arrest them and convict them of a crime. If people are so stupid to post evidence of their crime in public, then isn't that a good thing? Yet, politicians who incorrectly like to put the blame for the crime on the video of the crime, come up with harebrained proposals like a new one in New York that will make putting a video of yourself committing a violent crime online a felony in itself (above and beyond whatever charges you might face for the violence). Think about that for a second. New York politicians are basically telling people that they'll get charged with even greater crimes if they decide to incriminate themselves by posting evidence online. This makes no sense.
The reasoning behind the bill is that politicians believe people are committing these kinds of crimes for the publicity in the first place. The thinking is that such crimes wouldn't happen at all if they couldn't be put online. However, that's rather meaningless. If someone is going to commit a violent crime -- punish the violence itself. Not the fact that the idiots handed over the evidence as part of a publicity stunt. If the (small number) of idiots who commit violent crimes and post the videos online are getting caught and arrested for the violence itself, shouldn't that act as enough disincentive?