TKnarr’s Techdirt Profile

tknarr

About TKnarr




TKnarr’s Comments comment rss

  • Apr 10th, 2014 @ 11:15am

    Re: Re:

    There are, believe it or not, standard best practices already out there. Storing hashes of your passwords instead of the cleartext passwords, for instance. Certainly there's a lot of fuzziness about just where the line between being exploited and being negligent lies, but there's also a lot of area where there's no ambiguity at all. It's much like other areas: there may be some ambiguity about whether glancing down to read the incoming call message on the screen of your cel phone is negligent or not, but that doesn't somehow translate to it maybe possibly not being negligent to have both hands off the wheel and your head down digging through a bag on the passenger seat completely oblivious to what's going on as you barrel down the freeway at 95mph.

    I'm really annoyed at the patently false argument that if anything's ambiguous then everything's ambiguous. On maps the idea of a disputed border's simple enough, and the fact that some part of the border's disputed doesn't stop other areas from clearly belonging to one country or another.

  • Apr 9th, 2014 @ 8:34pm

    (untitled comment)

    This ought to come under the heading of "negligence". You don't need specific rules to enforce the general rule that a business is liable for damage due to it's negligence. Not that a business should be liable merely for being hacked, no, but in cases like Tower Records and Wyndham it's not just that they were hacked but that their security measures were so inadequate they were the equivalent of using yellow "do not cross" tape instead of an actual railing to keep people from falling off the balcony of a high-rise building. The business going "But you didn't tell us yellow tape was inadequate!" or "But you didn't issue a rule saying you could ding us for just using yellow tape!" should be responded to with a Gibbs smack.

  • Apr 2nd, 2014 @ 4:25pm

    Re: Re: Re: Re: (as Todd Knarr)

    In trouble, possibly. Not subject to criminal charges under what I suggested, though. They aren't soliciting material the posters don't have permission from the subjects to post, nor are they demanding payment to take the posts down. The people who posted the material may be subject to criminal charges, but not the site itself.

  • Apr 2nd, 2014 @ 1:33pm

    Re: Re: (as Todd Knarr)

    That'd take a slight variation in language. Make it clear that it's not the posting without permission, but the posting without permission of material that the subjects had a legally recognized expectation would not be made public. So, a photograph taken in a public place where photographs were being taken? The subject has no expectation that photographs wouldn't be made public. Photographs taken in your bedroom when they weren't being taken for public distribution, or where they were taken without your knowledge? That's when the site needs to be careful.

    And most celebrity-gossip sites would still be in the clear. They might be asking for embarrassing/unflattering material, but they wouldn't be asking specifically for material the subjects expected wouldn't be public. Much of it would be shots taken in public areas where there's no specific ban on photography or snapping videos with cel phones. And the site wouldn't be demanding payment as a condition of taking anything down. They might argue that the celebrities had no expectation of privacy when the photos were taken and so no right to demand the photos not be published, but the gossip sites aren't typically trying to extort payment to not show the photos.

  • Apr 2nd, 2014 @ 12:09pm

    (untitled comment) (as Todd Knarr)

    It might be better to criminalize, not the hosting of such material, but the solicitation of such material. Revenge-porn websites tend to make it clear they want you to post images and videos without the permission of the people in them. So, criminalize solicitation of posting of material without the permission of the people shown in it, and the demanding of payment to take such material down when the request to take it down comes from a person shown. That'd leave the honest web sites free and clear, while scotching the business model of the revenge-porn sites.

  • Mar 27th, 2014 @ 12:43pm

    Re: what?

    Thing is, in legal terms words don't mean just what you want them to mean. That's what the court noted here: the license used the term "non-commercial", and in German law that term is defined to mean "personal". If you want to use the term "non-commercial" in your license in Germany and want it to mean something other than what German law says it means, you need to provide a specific definition for it in your license and say that whenever you use this term it refers to your definition.

  • Mar 22nd, 2014 @ 10:49am

    Re: Re: they can remove whatever they want for whatever reason they want

    I don't think in principle it would. The key point seems to be whether items are reviewed before they're posted (eg. a newspaper's letters-to-the-editor page, items are generally not posted until an affirmative decision is made by the provider to post them) or after (eg. blog comments, items are generally posted without intervention by the provider and any review is done afterwards). The hard part would be keeping front-and-center the fact that Section 230 says such-and-such about the subject and any cases brought up that contradict that were based on special circumstances that don't apply in this case (arguing that the black letter of the law trumps contradictory case law might sound good, but it's a better argument during appeal than before a district judge and you want to win before having to appeal).

    In practice a comprehensive review policy, where the overwhelming majority of items are reviewed as a matter of course, might weaken an argument that Section 230 protects the provider from liability. Not because the review itself should weaken the protections, but because it gives your opponent an opening to argue that comprehensive review amounts to the provider making an affirmative decision about every item.

  • Mar 1st, 2014 @ 12:20am

    Re: Re: Re: Re: Re:

    True, there's a cost. OTOH there's a cost to not doing it: the cost of fighting to get your content put back up, and the cost of not having your content available while you're fighting the takedown. If the offending parties never suffer any penalty for doing it, they'll just keep doing it and bleed you dry in the process. Slow or fast, pick your poison but you will have to pick a poison.

  • Mar 1st, 2014 @ 12:15am

    Character (as Todd Knarr)

    "Character is what you are in the dark."

    If you're a nice person who turns into a flaming jerkwad when you think nobody can know who you are, you're not in fact a nice person. You're just a flaming jerkwad who's good at covering it up because you'd be ashamed for people to know you're a flaming jerkwad. This is why so many "apologies" for incredibly stupid unintentionally-public statements are phrased the way they are: the people who made them aren't actually ashamed to have made the statement, they're just ashamed that their having said it became public knowledge.

    NB: everybody has at least a bit of this flaw in them. The key is to just man up and accept this fact. It'll get you a bit more respect, and give you the chance to direct your attitude at targets that've done something to deserve it.

  • Feb 27th, 2014 @ 12:25pm

    Re: Re: Re: (as Todd Knarr)

    I think in those cases that more creators need to demand a copy of the DMCA notice and pursue legal action against whoever issued it based on a false claim to be authorized to act for the copyright holder. 17 USC 512(c)(3)(A)(vi) requires a statement under penalty of perjury that the person filing the notice is authorized to act for the copyright holder, so hold them and the courts to the law. Yeah it's expensive, but that's the only way it's going to get stopped.

  • Feb 14th, 2014 @ 4:51pm

    Re:

    That's the problem: the cameras don't hold the driver accountable. They hold the registered owner accountable, without any evidence the registered owner was the driver. Compare this to when a cop writes you a ticket after pulling you over: they take the information from the driver's license of the person behind the wheel, and issue the ticket to the actual driver.

    Seems to me that if your uncle's right, the DC cops could make a killing just by dropping a few cops off at an intersection and having them wait for drivers to do what your uncle describes, then flip the lights to a 4-way red and amble up to the cars and start issuing tickets. Put the announcement on the morning news: "We'll have enforcement teams at 8 intersections during rush hour. Good luck guessing which 8.". The tickets will be air-tight.

  • Feb 11th, 2014 @ 2:39pm

    This may backfire on the ISPs

    Users don't buy Internet service for the ISP. They buy it for everything else out there. The ISP's service is just the pipe as far as most people are concerned. If the ISPs degrade service too far, people will start looking for another ISP to get their pipe from.

    The major choices for broadband here in San Diego are Cox, Time Warner and AT&T. TW and AT&T ought to worry that, when looking at houses I could possibly buy, one of my criteria is "located in an area serviced by Cox" because I just don't want to deal with the ongoing headaches I'm sure to have with the other two.

  • Jan 30th, 2014 @ 8:01pm

    Re: Re: Re: Re: Seems fair

    Part of it's a string of high-profile problems in California where private schools took in payments and then closed their doors, leaving students out the money and not getting any of the classes they paid for. One of the highest-profile was Silver State Helicopters in El Cajon (San Diego area) that closed it's doors abruptly after students had paid $70K each in tuition. Around the same time a private business college here did the same, the tuition wasn't as high but it hit a lot more people. A large part of the regulation was simply to make sure that private schools didn't keep doing this, that if they weren't able to provide the courses students had paid for they had a mechanism in place to insure students got their money back or at the very least could get their classes at another institution without having to pay again.

    If you think the BPPE isn't necessary, I find it interesting that the problematic closures happened in the 2007-2009 timeframe. That's the time between when the previous regulatory body, the BPPVE, ceased to exist because the previous laws governing private postsecondary schools expired, and when the new law formed the BPPE to take over the regulatory role. I have a hard time crediting that as mere coincidence.

  • Jan 25th, 2014 @ 1:43am

    Re: Re: Re:

    It doesn't quite work that way. I can live in California, have all my servers in California, do absolutely nothing myself that would cause me to do business in the UK, and yet you could come along and force me to do business in the UK merely by accessing my Web site. And I can't block you, because you can go through Tor or a VPN and make your IP address appear to be from anywhere in the world you want. I'd literally have to block everything and then whitelist only IP blocks known to belong to network segments physically in the United States, which I can't reliably do because that information isn't known (nobody but IBM for instance knows exactly which of their assigned netblocks is allocated to which physical facilities, assuming they even map them to physical facilities).

    The problem comes from trying to take a different view of on-line businesses vs. brick-and-mortar ones. A b&b business can't control where it's customers live, but we treat it as doing business where the business is located regardless of where the customers come from. On-line we abandon that and try to treat the business as being located wherever it's customers are, not where the business is. Why? Why not treat a b&m business as doing business wherever it's customers live instead? Because, obviously, that would cause exactly the kinds of headaches on-line businesses are subject to, and we consider those headaches unreasonable. So why do we suddenly accept them as reasonable?

  • Jan 24th, 2014 @ 8:52pm

    Re:

    Yes, and those companies are wrong. You have to take reasonable steps to protect your trademark, but one of those reasonable steps can be to evaluate the usage and determine that it isn't confusingly similar to your trademark and thus doesn't warrant any action at this time.

    I'm waiting for King to step into an Apple trap.

  • Jan 15th, 2014 @ 2:23am

    (untitled comment) (as Todd Knarr)

    The ISDS mechanism isn't about protecting companies. It's to give companies a mechanism to remove laws they find... inconvenient.

  • Jan 10th, 2014 @ 1:56pm

    Re: Re: (as Todd Knarr)

    Because companies would move the equipment, damage it in the process, then try and claim they hadn't done anything (how many times have we heard that from users?), move the machine back to where it was originally if need be and try and get the manufacturer to cover the repairs. So rig the equipment so there's no problem if it's left alone, but if it's moved significantly it locks itself. If the owner's followed the service contract they'll never have this happen because they'll have you there during the move and you'll unlock the machine as part of checking that it's installed properly in the new location. And if you get a service call for a "faulty" machine and it turns out it's been locked because it was moved, the owner can't try and make you foot the bill for damage they caused. Most of these machines that I've dealt with can have the lockdown disabled, and the manufacturer will do exactly that for you if you're not renewing the service contract (although they'll also usually require you to sign a statement that you understand the equipment will not be covered by a warranty or service agreement after this point and if it needs repairs it'll all be on your dime).

    I was taught to do something similar on cars. I'd chalk-mark parts before work was done, so I could tell afterwards if they'd moved stuff they shouldn't've or failed to move stuff they ought to have. Worst case was catching a dealer trying to tell me they'd put a completely new transmission in (manufacturer recall, the transmission was to be completely pulled and replaced, housing and all), but there on the "new" transmission were the exact chalk marks I'd put on the old one marking the alignment with the engine and the drive shaft.

  • Jan 10th, 2014 @ 12:11pm

    (untitled comment) (as Todd Knarr)

    There's another reasonable reason to lock a machine like this: there's some fairly delicate parts in these machines that can be easily damaged if the machine's not moved properly or isn't placed and leveled correctly. Most manufacturers already say "If you don't have us assisting in moving it to make sure everything's done right, we won't do repairs on it and won't support it from that point on until we've come in and done a complete prep-and-install on the machine to make sure everything's right again. And it will be at your expense.". It's much the same reason companies I worked for put ShockWatch tags on expensive equipment we were shipping, to be able to tell when it arrived whether it'd been mishandled. Policy was that if it arrived with a ShockWatch tag showing red, we were to document everything including photos and make sure the damage claim form was filled out and signed by the driver before we accepted delivery. If they'd broken it in transit we wanted their insurance to be picking up the tab for replacing a hundred grand worth of tool, not us.

  • Jan 6th, 2014 @ 11:22pm

    Ad networks

    That's one of the problems with ad networks: Yahoo has no direct control over what ads get carried and may not know exactly who's placing ads on their site. That's one reason I'd never allow an ad network onto a site I run, I want to know who I'm dealing with and I can't if there's a middleman in between.

  • Jan 2nd, 2014 @ 11:42am

    Re: Lost a Dem for Life

    They aren't losing me. Frankly, both the Democrats and the GOP are about as bad when it comes to personal rights. The Dems are somewhat better, but neither's particularly good so that point's a wash. And the Dems are closer to my positions on all those other issues. So why in the world would I abandon any hope of progress on those other issues just to fail to make a point about personal rights? I hold no political loyalty to the Democrats, but as long as they're a better choice overall than the GOP I'm going to tend to vote for them. The only time I wouldn't is when there's an even better overall option who stands a reasonable chance of being elected. But I'm not going to spend my vote on someone who's got no chance of being elected unless there aren't any other acceptable options. I'd rather get 70% than lose 100%.

    An example is the San Diego mayoral primary. The GOP candidate "won", but didn't carry a majority because the Democratic vote was split between 2 candidates (one of whom had withdrawn and endorsed the other, but once the slate is set candidates can't be removed). Unfortunately for the GOP the rules are that if no candidate gets a majority then the top two go into a runoff election, and the people who voted for the #3 Democrat are... unlikely to vote GOP against the #2 Democrat. But you can see the issue: if I vote in favor of a candidate I 100% agree with but who isn't going to poll enough to even be in the running, I may end up seeing the candidate I 100% disagree with elected over the one I 70% agree with. Which is one reason I favor preferential voting, where I rank candidates in order with my vote going to my highest-ranked candidate who's still in the running and if no candidate has a majority the one with the fewest votes is dropped from the field and the votes re-tallied until one of them wins >50% of the votes.

More comments from TKnarr >>