Good And Bad News On Attempts To Implicate DNS Services For Copyright Infringement At The Domains They Resolve

Copyright

from the when-will-it-ever-stop? dept

Two years ago Techdirt wrote about an attempt by Sony Music in Germany to implicate Quad9, a free anycast DNS platform (Cloudflare has technical details on what “recursive” means in this context), in copyright infringement at the domains it resolves. That was bad news for at least two reasons. First, because Quad9 is operated by the Quad9 Foundation, a Swiss public-benefit, not-for-profit organization, whose operational budget comes from sponsorships and donations. It aims to protect tens of millions of users around the world from malware and phishing, receiving nothing in return. More generally, success in this lawsuit would create a terrible precedent for blaming a service that is part of the Internet’s basic plumbing for what passes through its pipes.

Unfortunately, the Regional Court in Hamburg, where the case was heard, issued an interim injunction ordering Quad9 to cease resolving the names of sites that Sony Music alleged were infringing on its copyright. A more recent Techdirt post noted that Quad9 had appealed to the Hamburg Higher Regional Court against the lower court’s decision. Around this time the Regional Court in Leipzig handed down another ruling against the company. Quad9 said that it would be appealing to the Dresden Higher Court against that decision. The good news is that the court in Dresden has now ruled in favor of Quad9. A blog post by Quad9 summarizes what happened:

The appeal with the Higher Regional Court in Dresden follows a decision by the Regional Court in Leipzig, in which Sony prevailed, and Quad9 was convicted as a wrongdoer. Before that, Sony successfully obtained a preliminary junction against Quad9 with the Regional Court in Hamburg. The objection against the preliminary injunction by Quad9 was unsuccessful, and the appeal with the Higher Regional Court in Hamburg was withdrawn by Quad9 since a decision in the main proceeding was expected to be made earlier than the conclusion of the appeal in the preliminary proceedings.

That’s great news, since it confirms that Quad9 benefits here from the liability privileges as a “mere conduit”. Also good news is the court’s ruling that the case “cannot be taken to a higher court and their decision is the final word in this particular case.” Except, as Quad9 explains, it’s not quite over yet:

Sony may appeal the appeal closure via a complaint against the denial of leave of appeal and then would have to appeal the case itself with the German Federal Court. So while there is still a possibility that this case could continue, Sony would have to win twice to turn the decision around again.

There’s also a situation in which a DNS resolver might still be required to block a domain:

it is possible that a DNS resolver operator can be required to block as a matter of last resort if the claiming party has taken appropriate means to go after the wrongdoer and the hosting company unsuccessfully. Such measures could be legal action by applying for a preliminary injunction against a hosting company within the EU. These uncertainties still linger, and we expect that this ongoing question of what circumstances require what actions, by what parties, will continue to be argued in court and in policy circles over the next few years.

Moreover, despite this clear win in Germany, Quad9 has been served with another demand (from media companies once more), this time to block domain names because of alleged copyright infringement in Italy:

Italian legal representatives have presented us with a list of domains and a demand for blocking those domains. Now we must again determine the path to take forward fighting this legal battle, in another nation in which we are neither headquartered nor have any offices or corporate presence.

As to how these legal actions in Germany and Italy can be brought in countries where Quad9 has no corporate presence, the answer is something called the Lugano Convention. And to end on a more positive note, another major DNS service provider, Cloudflare, has also won a legal battle in Germany:

A recent decision from the Higher Regional Court of Cologne in Germany marked important progress for Cloudflare and the Internet in pushing back against misguided attempts to address online copyright infringement through the DNS system. In early November, the Court in Universal v. Cloudflare issued its decision rejecting a request to require public DNS resolvers like Cloudflare’s 1.1.1.1. to block websites based on allegations of online copyright infringement. That’s a position we’ve long advocated, because blocking through public resolvers is ineffective and disproportionate, and it does not allow for much-needed transparency as to what is blocked and why.

Although these victories are welcome, they are hard won. Moreover, the battles between deep-pocketed media companies and not-for-profit organizations like Quad9 are inherently unbalanced. Quad9 itself admits:

Quad9 can only have a few legal fronts open at once – we are nearly entirely dedicated to operational challenges of running a free, non-profit recursive resolver platform that protects end users against malware and phishing. We are not a for-profit company with lawyers on retainer.

And that’s why the lawsuits keep coming – in the hope that one day the people defending the Internet, as Quad9 and Cloudflare have done with success, run out of money or management time to devote to these fights. It’s a risk that has not gone away, despite these recent wins.

Follow me @glynmoody on Mastodon.

Filed Under: cologne, copyright infringement, dns, dresden, germany, italy, leipzig, quad9, switzerland
Companies: cloudflare, quad9, sony music

Florida Supreme Court: Victims’ Rights Law Can’t Be Used To Block Reporting On Police Misconduct

Legal Issues

from the flow-my-tears,-the-policeman-said dept

No one’s more willing to abuse a law than a cop. They pretend they don’t understand the complexities of laws when it suits them. But they’re always right on top of any law that might protect them from the consequences of their own actions.

Enter the somewhat infamous “Marsy’s Laws” that have been passed in several states around the nation. These laws give more rights to crime victims, including (in certain cases) forbidding the publication of the names of crime victims.

It’s that part of these laws that has been leveraged by law enforcement officers accused of misconduct or criminal activity of their own. As long as they can claim they were “victims” of crime, journalists (and others) are blocked from publishing their names.

It happened in Florida in 2021. Two officers who killed someone invoked the law (via their union reps) to shield their identities, claiming they were actually the victims here, even though both officers are still alive. According to these officers, they were victims of assault by the person they killed. As such — and according to Florida’s version of Marsy’s Law — they were allowed to shield their names from the public.

This resulted in an injunction being secured by the officers preventing the publication of their names. The Florida Court of Appeals reversed a lower court decision that said the law was not designed to shield officers acting in their official capacity, even if they were actually victims of actual crimes. Fortunately, that injunction was dissolved a week later by a judge less inclined to believe a victim’s rights law was designed to protect officers suspected of deploying excessive force.

Now, as CBS News reports (but without including a copy of the decision), law enforcement officers are no longer permitted to invoke the state’s victims’ rights law to shield their identities from the general public.

A 2018 constitutional amendment designed to bolster victims’ rights “does not explicitly” shield the identities of police officers – or any other people – from disclosure, the Florida Supreme Court ruled in a major decision on Thursday.

The unanimous opinion, authored by Justice John Couriel, came in a dispute over the identities of two Tallahassee police officers involved in separate use-of-force incidents in which they were threatened. 

There is no categorical identity shield in the law, according to the state’s top court. So, this decision [PDF] will affect regular people, as well as the law enforcement officers hoping to retain their anonymity. In this case, it wasn’t reporters seeking the officers’ names (although they were) targeted by this lawsuit. The officers (who were involved in separate deadly force incidents) sought to block the City of Tallahassee from releasing their names.

The court notes it’s not here to decide whether or not such a right to anonymity should exist or who it should apply to. It’s here to determine what the law actually says. And the law cited by these officers doesn’t say what they think it does.

Marsy’s Law guarantees to no victim—police officer or otherwise— the categorical right to withhold his or her name from disclosure. No such right is enumerated in the text of article I, section 16(b) of the Florida Constitution. Nor, as a matter of structure, would such a right readily fit with two other guarantees contained in article I: the right expressed in section 16(a) of the criminally accused “to confront at trial adverse witnesses,” and the right found in section 24(a) of every person to inspect or copy public records.

That suggests sending the law back for a rewrite to create this categorical right (one that could be used by police officers who’ve killed someone) will only create more friction between the victims’ rights law and other rights established by the same state constitution.

The key here is what the constitutional amendment actually says. And what it says is nothing about a categorical protection for crime victims’ names.

Marsy’s Law speaks only to the right of victims to “prevent the disclosure of information or records that could be used to locate or harass” them or their families. Art. I, § 16(b)(5), Fla. Const. One’s name, standing alone, is not that kind of information or record; it communicates nothing about where the individual can be found and bothered.

To be sure, a name is a good starting point if someone wants to “locate or harass” someone. But publishing a name alone is not a violation of the victims’ rights law. Publishing other connective information would be. And there are other laws on the books that deal with harassment, so there’s no reason to interpret the amendment as superseding other rights already granted to Florida residents.

The court goes on to note laws can be established that shield people’s identities, pointing to various protections involving medical records. If the legislature meant to expressly prevent the publication of crime victims’ names alone, it certainly could have done so. (Not that it necessarily would have survived a constitutional challenge.) It didn’t do that here. And because it didn’t, these cops (along with crime victims who aren’t protected by the extra rights granted to law enforcement officers) cannot prevent the mere publication of their names.

The lower court’s ruling is reversed. Cops can’t use a law meant to protect the most vulnerable members of society to shield themselves from public accountability. If they want to keep their names out of the news, they should perhaps exercise a bit more discretion when deploying deadly force.

Filed Under: florida, marsy's law, police misconduct, victim rights

We Teamed Up With Bluesky To Tell The Supreme Court How State Social Media Laws Don’t Take Into Account User Empowerment

Content Moderation

from the empowering-users-is-important dept

As you know, the Supreme Court is now considering the NetChoice/CCIA cases challenging two similar (but not identical) state laws regarding social media moderation. The laws in Florida and Texas came about around the same time, and were clearly written to target ideological speech. Both of them put restrictions on how certain social media apps can moderate or even recommend certain speech.

As you’ll recall, district courts in both states found the laws obviously unconstitutional attacks on the 1st Amendment. On appeal, things went differently. The 11th Circuit agreed that most of the Florida law was unconstitutional (we think they’re wrong about the part they weren’t concerned with too). But the 5th Circuit went rogue and said that of course states can set whatever moderation laws they want (which is in conflict with later 5th Circuit rulings regarding state pressure on moderation, but I digress).

Anyway, you can follow along on the docket for the case at the Supreme Court, where NetChoice/CCIA filed their brief recently. This week, a bunch of amicus briefs are being filed, some of which are really interesting.

I wanted to focus on one brief in particular in this post: our own, written by Cathy Gellis. We teamed up with Bluesky (the alternative microblogging service that is building a federated protocol for social media) and Chris Riley (in his personal capacity as the operator of a Mastodon instance) to make some points that we don’t think other amici are likely to make.

The key point we tried to make is that so much of the arguments being thrown back and forth are really about who it is that gets to determine how a website moderates: should it be the government or should it be the website? If those are the only two options there are, then it already does seem obvious that it should be the website, not the government.

But, the key to our brief is pointing out that this assumes, falsely, that this is the only possible model out there. Instead, we highlight, that it is possible to envision a world in which users themselves get to decide, and any ruling that says the government gets to decide would fundamentally make that kind of user freedom and empowerment impossible.

A fundamental part of my Protocols, Not Platforms article (which, in part, helped inspire Bluesky) was that it would empower users to have more control themselves, or at least let them choose which intermediaries they trust to help them with algorithms and moderation, rather than relying on the same platform that they use for the hosting of the content itself.

For example, Bluesky has an amazingly useful feature called “custom feeds” and it has created a marketplace of algorithms so that you can create your own algorithms and share them with others, or you can just decide to use someone else’s algorithm (or even adapt it further yourself). That is, rather than relying on a company like Twitter or Facebook to decide what you should see, on Bluesky, you get to make those decisions yourself, or hand them off to someone you trust.

But, in that architecture, it means that Bluesky often won’t even know what algorithms people are using (the algorithms don’t have to live on Bluesky’s servers, indeed, Bluesky itself might never even be aware of them). But should these laws (or laws like them) apply to Bluesky, that kind of ecosystem basically would be effectively barred, because the law would limit what kinds of algorithms could work on Bluesky, and Bluesky itself would have no way to control those third party algorithms.

This ecosystem of platforms is necessary in order for there to be meaningful choices in what expression Internet users experience online. Platform choice, and the customization algorithmic choice enables, are what helps realize the expression-promoting value of the Internet and ensures it captures a diversity of expression by putting the choices of what expression to be exposed to in the hands of users. It is not for the government to take away this choice, creating a platform or algorithmic monoculture, which is what the Florida and Texas laws threaten.

Similarly, we used the example of how comments here at Techdirt are moderated, in which much of the moderation is actually handled by community votes, and how there’s no way to comply with these laws for such community moderation practices either:

But while the Copia Institute’s moderation practices can be described in broad strokes, they cannot be articulated with the specificity that the Texas law would require. For instance, the law requires that platforms disclose their moderation standards. See, e.g., TEX. BUS. & COM. CODE § 120.051. And it also puts limits on how platforms can do this moderation. See, e.g., TEX. CIV. PRAC. & REM. CODE § 143A.002 (banning certain moderation decisions, including those based on the “viewpoint” of the user expression being moderated). But even if the Copia Institute wanted to comply with the Texas law, it could not. For instance, it could not disclose its moderation policy because its moderation system is primarily community-driven and subject to the community’s whims and values of the moment. Which also means that it could not guarantee that moderation always comported with a preannounced “Acceptable Use Policy,” which the Texas law also requires. TEX. BUS. & COM. CODE § 120.052. It would also be infeasible to meet any of the Texas law’s additional burdensome demands, including to provide notice to any affected user, TEX. BUS. & COM. CODE § 120.103, maintain a complaint system, TEX. BUS. & COM. CODE § 120.101,24 or offer a process for appeal,25 TEX. BUS. & COM. CODE § 120.103. None of these faculties are features the Copia Institute has the resources or infrastructure to support. In other words, the Texas law sets up a situation where if the Copia Institute cannot host user-provided content exactly the way Texas demands, it effectively does not get to host any user-provided content at all. Or, potentially even worse, it would leave Techdirt in the position of having to host odious content, including content threatening to it, its staff, or others in its reader community, in order to satisfy Texas’s moderation requirements.

There are all sorts of other important 1st Amendment reasons why these laws are deeply problematic. But we assumed (almost certainly correctly) that the briefs from NetChoice/CCIA and other amici will cover all of that.

Our brief was more focused on highlighting how these issues go beyond just the 1st Amendment concerns of big websites, but how they might impact a new generation of social media platforms, like Bluesky and Mastodon, whose very models and infrastructure are fundamentally different from the “giant silos” of today’s major social media platforms.

Too much of the discussion assumes that there are only two parties who might have a say in the moderation of social media: governments and the platforms. But we want to make the court aware that a new generation of services are focused on enabling the users themselves to make that choice, and if these laws are allowed, it could wipe out that possibility.

Filed Under: community moderation, content moderation, decentralized, federation, fediverse, florida, protocols, social media, supreme court, texas
Companies: bluesky, ccia, copia institute, netchoice

Wyoming’s Top Court Says It’s OK To For Cops To Steal Money Obtained From Legal Drug Sales

Legal Issues

from the nation's-road-pirates-strike-again! dept

Possibly legally-obtained funds traveling from Point A to Point B? Those belong to the law enforcement middlemen. That’s how Wyoming’s top court explains things, in a decision [PDF] that says money obtained from legal drug sales in other states can be stolen by cops who operate in a state where this drug isn’t legal.

Those who pass through Wyoming with large quantities of cash beware — the state can confiscate cash linked to drug marketing that might be legal elsewhere, but is illegal here.  

Wyoming Supreme Court Justice Keith Kautz penned a Thursday opinion on behalf of the high court, saying that the state can keep $75,000 found in possession of a man who was reportedly transporting the cash and marijuana as he passed through from Illinois to California. The state can keep that money because it was linked to drug transactions that would be illegal if committed in Wyoming.  

Holy hell. That is a bad ruling. There’s an “if” in that sentence, and that “if” draws the line between legality and illegality. That should matter. If the out-of-state transactions were legal in those states (this case involves both California and Illinois — two states that have legalized marijuana in some form), the simple fact that the funds passed through a state that hasn’t legalized marijuana use/purchases shouldn’t matter.

But the court here holds that it does. Even though no crime was committed in Wyoming, the state’s highest court says nothing else matters but the fact that marijuana possession/use/distribution is illegal in Wyoming.

Not that this should surprise anyone. Wyoming’s forfeiture laws, despite recent reforms, still leave a lot to be desired. That any reform actually occurred is something of a miracle, considering the state’s top lawmakers still seem to believe taking money from random people (without prosecuting them for alleged crimes) somehow slows the flow of drugs in (or through) a state no one really considers to be a top destination for narcotics. And they still insist this is true, even when cops do things like take $92,000 from a traveling musician just because he violated the state’s seat belt law.

In this case, $75,000 was at stake. That was enough to push the state attorney general, Bridget Hill (whose office directly benefits from forfeitures) to appeal the lower court’s ruling, which sided with the person who had his money stolen by Wyoming law enforcement officers.

The decision notes there was possible criminal activity afoot when Lorenzo Gallaga was pulled over by state troopers for doing 84 mph in a 75 mph zone on Interstate 80.

On July 29, 2020, a Wyoming highway patrol trooper stopped Mr. Gallaga for speeding while he was driving westbound on Interstate 80 in Laramie County. Mr. Gallaga told the trooper he was traveling from Illinois to California. As they were talking, the trooper smelled raw marijuana; when questioned about the smell, Mr. Gallaga “produced a carton of hemp cigarettes as the explanation for the odor.” The trooper detained Mr. Gallaga to search the vehicle, which yielded $75,000 in U.S. currency and numerouscontrolled substances including marijuana, concentrated tetrahydrocannabinols (THC), and MDMA (otherwise known as Ecstasy). Law enforcement also discovered five cell phones and written records showing transactions involving the sale of marijuana products. Downloads from the cell phones revealed voicemails discussing what law enforcement believed to be marijuana growing and distribution operations.

Now, most of the “controlled” substances (excluding the MDMA) were only “controlled” in Wyoming. They were legal elsewhere, including the two states (California, Illinois) Gallaga referenced during the traffic stop. Not only that, but he provided the most-likely source for the “raw marijuana” the state trooper claimed he smelled. The phones and MDMA weren’t discovered until after Gallaga was arrested and his car was searched more thoroughly before being towed.

At the point the legalized theft occurred, the trooper had nothing more than a speeding ticket and a logical explanation for the origin of the weed odor. The “downloads” obtained later add nothing to the probable cause, seeing as they likely discussed completely legal grow operations and transactions in either California or Illinois.

Sure, criminal charges were brought. But the state DA realized it would be far more profitable (and easy) to pursue this under civil forfeiture, which means the state troopers and the DA could be expected to profit from this unexpected windfall without ever having to prove Gallaga’s money or THC was illegal (or illegally-obtained) in the state of Wyoming.

Consequently, the government opted to move forward with a civil forfeiture, which it believed would be an easy win. Much to its surprise, it suffered a loss in the lower court, even as that court admitted Gallaga’s testimony did not create a credible paper trail for the money or the drugs found in his possession. Even so, the most uncomfortable fact could not be denied: if any criminal activity occurred, it did not occur in Wyoming. (All emphasis mine.)

Based upon its findings of fact, the district court concluded the State “proved by clear and convincing evidence that, on and prior to July 29, 2020, [Mr.] Gallaga was actively engaged in the cultivation, promotion, use, sale, and distribution of controlled substances” in other states, specifically California and Illinois. Nevertheless, it ruled the $75,000 was not subject to forfeiture because the State did not “prove any date or location of any purported or intended exchange” of money for controlled substances, “no dollar amount of such an exchange, no specific quantity of controlled substance, and no identified participant other than [Mr.] Gallaga.”

According to the court, the State did not prove Mr. Gallaga “intended to, or did, business of any sort in Wyoming” or that the currency “was furnished in exchange for a controlled substance in violation of the Wyoming Controlled Substances Act[.]” Instead, Mr. Gallaga merely “pass[ed]-through” Wyoming with the currency. In other words, the district court concluded Mr. Gallaga had not violated the Wyoming Controlled Substances Act.

The higher court says none of this matters. What matters is whether or not it’s easy to steal stuff in the supposed furtherance of enforcing state and federal drug laws. The state does not need to prove Gallaga is guilty of violating state law. All it needs to show is (at a standard much lower than probable cause) that the money might have been obtained by actions that are illegal in Wyoming, but not necessarily illegal in Gallaga’s home state or destination state (Illinois and California). If you drive through Wyoming to conduct legal drug business in other states, I guess you should probably leave your money at home.

The State also proved the $75,000 was proceeds of, or used to facilitate, a conspiracy to cultivate and distribute marijuana, as required for forfeiture under § 35-7-1049(a)(viii). Contrary to the district court’s conclusion, the State was not required to show the currency was proceeds from a specific transaction or exchange of controlled substances so long as it proved a connection between the currency and the conspiracy to engage in conduct which would violate the Wyoming Controlled Substances Act.

Well, that’s fucked up. No government at any level will bring criminal charges (or extremely weak criminal allegations) against people conspiring to commit a completely legal act. But this decision says Wyoming’s law enforcement is more than welcome to do this, especially if it allows people to walk away from dismissed charges but only if they do so without their personal property that has been seized by opportunistic law enforcement officers.

Lots of things “would” violate law. But they only violate law when they actually violate law. In this case, drug transactions taking place in two states where such drug transactions are legal has nothing to do with Wyoming law, which only governs activity that takes place within the borders of Wyoming.

Having ignored all logic, the state Supreme Court comes to this conclusion:

The State met its burden of proving by clear and convincing evidence the $75,000 seized from Mr. Gallaga was traceable to the exchange of controlled substances or otherwise used to facilitate activities which, if undertaken in this state, would violate the Wyoming Controlled Substances Act.

And there it is. The state’s highest court says things that violate state law allow officers to seize property and bring criminal charges even if the state can’t demonstrate — at any level — the illegal activity took place within the state’s borders.

This is an insane holding. Even if just restrict ourselves to traffic violations, this means Wyoming cops can cite people for not having a front license plate (even if it’s not required in their home state) or for emissions violations (even if the driver’s home state has no such emissions requirement). This makes everyone who passes through Wyoming subject to the particularities of its laws, even when drivers aren’t residents, aren’t expected to know the local laws, and would be — in the other 49 states — fully compliant with state regulations.

State laws apply to state residents. For everything else, federal law and the Constitution control. This decision says what might be illegal in Wyoming controls the activities of people who just happening to be using its roads temporarily. This is a bullshit decision backed by bullshit reasoning. The lower court had it right: Gallaga did not commit criminal activity within Wyoming’s borders. Everything that followed his stop was just law enforcement enriching itself at the expense of someone just passing through.

Filed Under: asset forfeiture, civil asset forfeiture, legalized theft, lorenzo gallaga, wyoming

Daily Deal: Kodak Slide N Scan Film & Slide Scanner

Deals

from the good-deals-on-cool-stuff dept

Embrace the evolution of image scanning technology with the Kodak Slide N Scan Digital Film Scanner. This state-of-the-art device is designed to digitally preserve and enhance your cherished memories, ensuring they stay vivid for years to come. The Slide N Scan Digital Film Scanner can effortlessly scan color and B&W negatives (135, 110, 126) and 50 mm slides (135, 110, 126). With integrated controls, this scanner lets you adjust color, rotate images, and more, truly bringing your treasured memories back to life. It’s on sale for $180 and use code KODAK at checkout to get an extra $10 off.

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

Filed Under: daily deal

Indian Court Orders Reuters To Take Down Investigative Report Regarding A ‘Hack-For-Hire’ Company

Failures

from the huh,-will-you-look-at-that dept

Over the years we’ve written about plenty of “cyberespionge” companies. Some engage in spyware or surveillance ware. Others actively hack devices. Almost all of these eventually get exposed through dogged investigative reporting.

A few people reached out to point to this rather concerning Editor’s note that was posted to Reuters this week:

Reuters has temporarily removed the article “How an Indian startup hacked the world” to comply with a preliminary court order issued on Dec. 4, 2023, in a district court in New Delhi, India.

Reuters stands by its reporting and plans to appeal the decision.

The article, published Nov. 16, 2023, was based on interviews with hundreds of people, thousands of documents, and research from several cybersecurity firms.

The order was issued amid a pending lawsuit brought against Reuters in November 2022. As set forth in its court filings, Reuters disputes those claims.

I had missed the original article, now that the court has forced Reuters to take it down, it seems likely to get much more attention. You can find archives of it in multiple places. Though who knows if those will remain up. You can also find articles building on Reuters’ investigative reporting.

The basic summary of the Reuters report is that an Indian firm, Appin Software Security, has been offering what is effectively “hack for hire” services for over a decade.

Notably, Reuters reporters handed over the data they found to SentinelOne who did their own analysis of what was found, and it’s pretty damning. Notably, the SentinelOne report appears to still be online.

Appin is considered the original hack-for-hire company in India, offering an offensive security training program alongside covert hacking operations since at least 2009. Their past employees have since spread to form newer competitors and partners, evolving the Appin brand to include new names, while some have spread into cybersecurity defense industry vendors. Appin was so prolific that a surprising amount of current Indian APT activity still links back to the original Appin group of companies in one form or another. Campaigns conducted by Appin have revealed a noteworthy customer base of government organizations, and private businesses spread globally.

Our analysis and observations corroborate the June 2022 reporting from Reuters noting some of Appin’s customers tied to major litigation battles. The group has conducted hacking operations against high value individuals, governmental organizations, and other businesses involved in specific legal disputes. Appin’s hacking operations and overall organization appear at many times informal, clumsy, and technically crude; however, their operations proved highly successful for their customers, impacting world affairs with significant success.

Of course, I might never have heard about this at all if a court in New Delhi hadn’t ordered Reuters to delete the story. And it’s possible that you wouldn’t have heard about it either.

Someone should come up with a name for that sorta situation.

I will note that in the original Reuters article, they note that the company’s US legal representatives is the law firm Clare Locke, which we’ve spoken about before. They’re the lawyers who often appear to brag about how their aggressive tactics are known to get stories killed in the media. Their website literally lists all the major media outlets they’ve gone after in the past.

So I guess it’s little surprise that the firm would seek to suppress the story about them.

But the data and the report seen by SentinelOne are pretty damning.

The cybersecurity firm’s exhaustive analysis of data that Reuters journalists collected showed near-conclusive links between Appin and numerous data theft incidents. These included theft of email and other data by Appin from Pakistani and Chinese government officials. SentinelOne also found evidence of Appin carrying out defacement attacks on sites associated with the Sikh religious minority community in India and of at least one request to hack into a Gmail account belonging to a Sikh individual suspected of being a terrorist.

“The current state of the organization significantly differs from its status a decade ago,” says Tom Hegel, principal threat researcher at SentinelLabs. “The initial entity, ‘Appin,’ featured in our research, no longer exists but can be regarded as the progenitor from which several present-day hack-for-hire enterprises have emerged,” he says.

Factors such as rebranding, employee transitions, and the widespread dissemination of skills contribute to Appin being recognized as the pioneering hack-for-hire group in India, he says. Many of the company’s former employees have gone on to create similar services that are currently operational.

Reuters’ report and SentinelOne’s review have cast fresh light on the shadowy world of hack-for-hire services — a market niche that others have highlighted with some concern as well.

And the demand that the Reuters piece get removed only should draw that much attention towards Appin’s behavior.

Filed Under: espionage, hack for hire, india, reporting, streisand effect, takedown
Companies: appin, clare locke, reuters, sentinelone

Senator Markey Sends Automakers A Letter Criticizing Their Nonexistent Privacy Standards

Privacy

from the what-if-we-passed-a-privacy-law dept

Back in September Mozilla released a scathing report showing how modern vehicles are a privacy shitshow. After studying vehicle systems for over 600 hours, researchers found that most cars hoover up vast swaths of sensitive location and other information on consumers, then, like most companies, sell access to that data to pretty much any nitwit with a nickel.

The problem is particularly severe if you routinely attach your phone to your vehicle via Bluetooth, something that required an entirely different report showcasing how automakers also recklessly collect data from your mobile device and monetize it. Often without getting permission. And often with zero transparency as to security and encryption standards.

Mozilla’s report got the attention of Senator Ed Markey, who this week penned a letter to the auto industry asking for more details:

“These practices are unacceptable. Although certain data collection and sharing practices may have real benefits, consumers should not be subject to a massive data collection apparatus, with any disclosures hidden in pages-long privacy policies filled with legalese. Cars should not—and cannot—become yet another venue where privacy takes a backseat.”

The data collected stems from location data (down to the meter), to even biometric data collected on drivers (pulse rate, breathing patterns). As with everything else you now do online, that data is then “anonymized” (a useless term) and sold to a rotating crop of barely regulated data brokers, who in turn merge this data with other datasets to build vast profiles on every consumer alive.

The potential for abuse is obvious in the post-Roe authoritarian dipshit era, yet Congress still hasn’t managed to pass even a baseline privacy law or regulate data brokers. In part because of lobbyist-induced apathy, but also because the U.S. government has grown fat and comfortable buying this kind of data to bypass warrants.

Whether Congress will do more than chirp after Markey receives the data he’s looking for (he gave automakers until December 21 to answer numerous questions about their data collection practices) is unclear, but if history’s any indication this probably ends with zero substantive reform whatsoever.

It’s not clear what kind of scandal will be required for Congress to shake off its legislative, lobbyist-induced apathy (aka corruption) on privacy, but it’s clearly going to require the kind of massive scandal that makes the ugly problems we’ve seen so far look like child’s play by comparison.

Filed Under: automakers, carmakers, cars, consumer rights, ed markey, mozilla, privacy, security

Colorado Becomes 2nd State To Strike ‘Excited Delirium’ From The Law Enforcement Vernacular

Legal Issues

from the time-to-start-thinking-up-a-new-excuse dept

In October, California became the first state in the nation to ban “excited delirium” as an official cause of death. While this was a positive development, the question remains: why did it take so long?

“Excited delirium” was never a real thing. It has always been a convenient excuse for deaths at the hands of law enforcement officers. Almost without exception, “excited delirium” diagnoses only occur after officers have killed someone.

That’s why it’s not recognized by any medical association as an actual medical condition. The last holdout — the American College of Emergency Physicians — withdrew its paper supporting the diagnosis the same month the California government enacted its ban.

The term became part of the mainstream thanks to Taser (now Axon). The stun gun company’s lawyers needed something to distance it from the deaths caused by its devices. It landed on “excited delirium” and urged officers (and their lawyers) to push this as a cause of death. Law enforcement complied and “excited delirium” began to appear pretty much anywhere someone had been choked, suffocated, beaten, or Tased to death by police officers.

The change in California law doesn’t mean cops will stop killing people. It just means they’ll have to be a bit more creative when blaming victims for their own deaths. The same thing will now be happening in Colorado, although this is a result of police action, rather than legislation.

Colorado’s law enforcement officers will no longer recognize “excited delirium” after a state regulatory board voted to strike the controversial diagnosis on Friday from all training documents starting in January.

The move, which was passed at the state Peace Officers Standards and Training board meeting unanimously and without debate, comes as two Aurora paramedics face felony charges for giving Elijah McClain, an unarmed, innocent Black man, an overdose of ketamine, in part, because they believed he was suffering from the condition.

You may notice this involves felony charges against two paramedics. But they didn’t act alone. The entire chain of events was set into motion by Aurora police officers, who brutalized McClain before handing him over to EMTs, along with a narrative about the now-brain-dead man’s superhuman feats of strength.

McClain, a 23-year-old massage therapist, was walking home from a convenience store in August 2019 when three Aurora police officers stopped him after receiving a call about a suspicious person. He was forcibly taken to the ground, given two carotid holds, which cut blood flow off to his brain, and handcuffed while he was vomiting into the mask he was wearing and inhaling it. 

When paramedics arrived, he was given, involuntarily,  500mg of the powerful sedative ketamine, which was too large a dose for his body weight.

McClain was catatonic and not speaking at that time, but law enforcement officers can be heard on body-worn cameras telling the medics that he was exhibiting “crazy” strength and that he nearly did a push-up with all three officers holding him down at one time.

It’s only the paramedics currently facing charges. Two officers were charged and acquitted. The third officer was convicted of criminally negligent homicide. If the paramedics weren’t thinking “excited delirium” as they drove to the medical emergency, they were certainly thinking it after hearing the officers’ attempt to explain why they had nearly killed McClain. The ketamine, however, finished McClain off.

In defense of their actions, the paramedics chose the go-to excuse for cops:

Cooper and Cichuniec, who are amid their trial now as co-defendants, followed their protocol for “excited delirium” in 2019, their attorneys said in opening statements, which calls for use of chemical sedation.

Fortunately, this will no longer be an option, at least for the state’s law enforcement officers. Presumably, the medical community in Colorado will be making its own changes to strike this term from its lists of credible diagnoses, as well as terminating any protocols that suggest paramedics should treat anyone at all for any reason with lethal amounts of sedatives.

Sure, this means officers will have to be a bit more creative when attempting to separate themselves from deaths they’ve caused. The good news is the POST board has already taken a couple more exonerative terms off the table:

State officials also voted to strike other terms from law enforcement training manuals, including “cocaine psychosis” and “sudden in custody death.”

It’s good to see a law enforcement entity take the initiative to remove a few go-to terms from cops’ mouths. Whether this will ultimately result in better handling of people suffering actual medical/mental crises remains to be seen. And as much as I’d like to believe this alone would deter a certain amount of police violence, the rot in cop culture runs too deep to be rooted out by removing some convenient excuses for killings committed by officers. Still, it’s a positive step. Hopefully, we see more of this elsewhere in the near future.

Filed Under: colorado, excited delirium

No, Trademark Squatting On Anti-Israel Phrase Won’t Keep It From Use

Trademark

from the not-gonna-work dept

For some reason, there are enough people who are ignorant enough about trademark law such that every once in a while you get people who don’t like a thing trying to trademark that thing thinking they can prevent that thing from being done or used. It’s a form of trademark squatting. Confused? An example would be one man who thought he could keep the NFL’s Raiders in Oakland merely by applying for a trademark on “San Antonio Raiders,” where the team was rumored to relocate to. Stuff like that doesn’t work, primarily because you have to actually show a use of the trademark in commerce, or at least a valid intent to use it. You don’t get to go out and trademark something merely to sit on it and prevent someone else from using it.

Which brings us to the war between Israel and Hamas. The brutal conflict is raging once more, as are various political discussions around it. One phrase you are likely to have heard at some point is: “From the river to the sea, Palestine shall be free.” To be clear, that phrase is a hateful, anti-Israel rallying cry that calls for the abolition of the state of Israel. That isn’t to say that there shouldn’t be a Palestinian state, of course, but to pretend like that statement calls for anything less than the destruction of Israel as a state is silly.

Equally silly is two Jewish men in America somehow thinking that they’re going to control the use of the phrase merely by trying to trademark it.

Two Jewish American men have submitted separate trademark applications for the expression “from the river to the sea,” triggering a flurry of reactions. A prominent legal expert has cautioned that the move might have unintended consequences for both the Jewish community and Israel.

Joel Ackerman and Oron Rosenkrantz filed trademark applications for the phrase that refers to the geographic area between the Jordan River and the Mediterranean Sea, encompassing Israel and the Palestinian territories. 

This is pointless at best, and potentially counterproductive to the goal at worst. It’s pointless for a number of reasons. For starters, it’s very unlikely that either trademark application will be approved at all. It’s a widely used political phrase that does nothing to serve as a source identifier of a good. But even if it were granted, it would be for an extremely limited type of goods, such as t-shirts and hats. No such mark would prevent the phrase from being said, chanted, written, nor used on all sorts of other products. It’s simply not going to stifle any real use of the phrase, so what’s the point?

“We don’t know for sure what the outcome will be, but the chances [of their receiving these trademarks] is not that good,” Katzenelson said. “Since it only applies to hats and shirts, stopping its use on other services and goods would be very difficult.”

The counterproductive piece is somewhat akin to the Streisand Effect. Whatever contact the general public has had with this anti-Israel message, now that message is being written and talked about all the more thanks to this attempt to trademark it. And there’s certainly no guarantee that those who come across the message, thanks to all of this, will take the same view of it as these two gentlemen.

Now, again, I don’t expect that these applications will be approved at all. But the point is that there was no reason to attempt any of this to begin with.

Filed Under: from the river to the sea, hamas, israel, palestine, trademark, trademark abuse, trademark squatting

Court Tosses Libel Suit Brought Against A Legal Doc Site For ‘Failing’ To Report On A Settlement Agreement

Defamation

from the reporting-facts-is-never-defamatory dept

We’ve seen lots of… shall we say… misguided libel lawsuits here at Techdirt. We’ve also seen plenty of lawsuits filed for the sole purpose of bullying someone into silence for reporting inconvenient facts.

This case is more of the “misguided” variety. Someone who clearly doesn’t understand the basics of libel law filed a lawsuit against a legal document site, Leagle. That would be unsurprising if the litigant was representing himself. But he had a lawyer, David Epstein, who apparently didn’t understand the basics of libel law.

John Thomas and his lawyer actually filed a lawsuit in federal court claiming it was defamatory for Leagle to host a copy of a decision by the California Court of Appeals that ruled Thomas had abused the discovery process during a lawsuit where Thomas was the defendant and $1.2 million in damages was awarded to the plaintiff.

This was all factual. This actually happened and was documented in a court decision that Leagle posted to its site. That wasn’t the end of this particular litigation, however. On remand, a settlement was reached.

According to Thomas (and his legal rep), the failure of Leagle to publish the decision noting the settlement was defamatory.

Defendants maintain an internet website that purports to provide information about legal cases. Defendants published and continue to publish information regarding a legal case against plaintiff which left the false impression that judgment was in effect against him, including for fraud, when in fact the case was dismissed. In spite of amicable demand, defendant failed and resumed to remove or correct the information, causing damage to plaintiff’s reputation and business interests.

Yeah… that’s not defamation. Posting one set of facts is factual reporting. That those facts were (sort of) superseded by another set of facts doesn’t make the original posting (which, we must reiterate, was nothing more than the posting of court decision) any less factual. It definitely doesn’t make it libel.

Leagle never responded to the lawsuit and Thomas moved for a default judgment. Despite facing no one and no motions to the contrary, he still loses. And that’s because the law simply does not work the way Thomas would like it to.

This is from the short decision [PDF] dismissing Thomas’ ridiculous libel lawsuit:

Here, Legale’s publication of the trial court order finding Plaintiff liable for civil fraud is unquestionably a “fair and true” reflection of what happened during a judicial proceeding. Although the order that Legale published was reversed, the appellate court’s reversal does not change the fact that Plaintiff was found liable in the trial court, and thus does not alter the accuracy of Legale’s reporting. Thus, Leagle’s reporting is protected by the fair report privilege and the motion should be denied.

The law protects reporters and reporting, the court goes on to say. The public’s interest is served by court reporting, including the publication of court documents. Requiring reporters (and legal doc sites like Leagle) to constantly monitor all courts and all motions, rulings, etc. to ensure every publication is the latest publication would just lead to fewer entities engaging in this important public service.

Requiring reporters to continuously update stories on trial proceedings to account for appellate developments would disincentivize coverage of trial proceedings.

While it does indeed subjectively suck for Thomas to be memorialized on Leagle as someone who committed court fraud, those were the facts at the time Leagle published the ruling. It’s just the way it is, and what Thomas believes is libel is just the way reporting works. What happened actually happened. Leagle cannot possibly defame anyone by publishing court documents. And Thomas should have recognized this fact long before he decided to be taken for a ride by a lawyer who, at the very least, should have recognized this fact and apprised Thomas of his inability to win this lawsuit.

Filed Under: 1st amendment, david epstein, defamation, fair and true, john thomas, journalism, truthful reporting
Companies: leagle