It Feels Like The Only Reason ExTwitter Still Has A Trust And Safety Team Is So Elon Can Lay Them Off

Content Moderation

from the yeah,-sure,-that'll-bring-back-the-advertisers dept

Almost everyone I’ve seen talking about this new Insider article about how Elon had a special layoff just of trust and safety employees has shared it with the line “wait, there are still trust & safety employees?”

Elon Musk recently laid off more Twitter employees working on the platform’s trust and safety efforts, roles typically crucial to keeping a social media platform safe for advertisers.

The cuts happened the first week of September, according to two people familiar with the company, one of the first targeted layoffs since he shrunk operations earlier this year. While this layoff only affected a handful of people, five to 10, it was focused entirely on workers in trust and safety.

The article goes on to note that the trust and safety team, which no longer appears to have someone officially running the team (since Ella Irwin quit), has now gone from what had been about 230 people to somewhere around 20:

Now, the team is a fraction of its original size, according to the people familiar. One of the people said there are currently about 20 full-time employees on the trust and safety team, some of whom were contract workers who were promoted over the summer to full-time roles at the company, not long after Linda Yaccarino joined as Twitter’s CEO. The employees mainly engage in content moderation, the person familiar added, while a few members of the team work in legal or policy.

The article further notes that there used to be trust and safety roles working across the entire company, in product, legal, and policy, to ensure that the company didn’t view trust and safety as an afterthought, but rather was a core element of the business.

Now, it is most clearly an afterthought.

It’s unclear what prompted the latest layoff. Since the early layoffs late last year and early this year, Elon insisted that the layoffs were over. Linda Yaccarino has claimed that the company was hiring (though apparently she just meant a bunch of TV execs with no internet experience).

Meanwhile, all this is happening at a time when Musk is claiming that it’s the Anti-Defamation League that is causing advertisers to leave the site, not the fact that the site is a mess and it’s literally damaging the brands that continue to advertise there.

Of course, it’s not difficult to see how this is playing out. Elon has long made it clear that he thinks everything can be handled by AI, so that trust and safety becomes an engineering role now, where the only people working on any of this are simply trying to improve the AI. But all of the evidence so far suggests it’s not working very well, like pretty much all of Elon’s hunches about how to run a social media site.

Filed Under: brand safety, content moderation, elon musk, trust and safety
Companies: twitter, x

EU-Funded ‘Automated Deception Detection’ Border Security Project Concludes, But Public Aren’t Allowed To See Research Details

(Mis)Uses of Technology

from the pay-up-and-shut-up dept

Four years ago, Techdirt wrote about iBorderCtrl, a research project funded by the EU under the Horizon 2020 framework. According to the project’s Web site:

iBorderCtrl provides a unified solution with aim to speed up the border crossing at the EU external borders and at the same time enhance the security and confidence regarding border control checks by bringing together many state of the art technologies (hardware and software) ranging from biometric verification, automated deception detection, document authentication and risk assessment.

“Automated deception detection” is jut a fancy name for lie detection, but with the twist that it uses AI to analyze “non-verbal micro-gestures”. As the earlier Techdirt article pointed out, there’s no hard evidence this approach works. Even the project’s FAQ admits there are issues:

With regard to iBorderCtrl, it can be concluded that the automatic deception detection system (ADDS), which relies on AI, poses various risks with regard to fundamental rights. As the iBorderCtrl cannot provide 100% accuracy, there is always a risk of false positives (people being falsely identified as deceptive) and false negatives (criminals being falsely identified as truthful). This is true of any decision-making system, including those where classifications are made by humans. This might also lead to a stigmatisation or prejudice against affected persons, for instance when talking to a real border guard afterwards.

The FAQ also makes clear that the two main tests of the system, at borders in Hungary and Latvia, have concluded, and that there are no plans to roll it out anywhere in the EU, not least because there are unresolved legal and ethical issues of its approach:

How far the system, or parts of it, will be used at the border in the future will need to be defined. It should be also noted that some technologies are not covered by the existing legal framework, meaning that they could not be implemented without a democratic political decision establishing a legal basis. At the time of doing so, appropriate safeguards would also need to be considered, e.g. as proposed by the iBorderCtrl Consortium, to ensure the system operates with full respect for protect human rights.

The iBorderCtrl project received €4.5 million from the EU, so it would not be unreasonable for EU citizens to be able to see what their money was used for. In 2018, Patrick Breyer, a member of the European Parliament, requested access to documents held by the European Commission regarding the development of iBorderCtrl. As Article 19 recounts:

The REA [EU Research Executive Agency] – the agency at the helm of the iBorderCtrl project – granted Breyer full access to one document and partial access to another. They denied him access to numerous additional documents, citing the protection of the commercial interests of a consortium of companies collaborating with the REA on the project.

Breyer challenged this decision, pointing out that there was a strong public interest in having access to information about projects that used controversial technology, as iBorderCtrl certainly did. The EU’s so-called “General Court” published a ruling in December 2021:

the General Court established that a number of access requests denied to Breyer were not sufficiently justified by the REA. While the Court’s recognition of public interest in the democratic oversight of the development of surveillance and control technologies is a step in the right direction, the decision did not go far enough and Breyer appealed. In its decision, the Court suggested that such democratic oversight should begin only after these types of research and pilot projects were concluded. In other words, the Court failed to acknowledge the importance of ensuring transparency is in place at the outset of taxpayer-funded projects with immense impact on citizens, rather than when research and development has already been completed.

Breyer took his case to the main EU Court of Justice (CJEU), which has just issued its judgement:

While the CJEU did recognise that the fact that the obligation of participants in the iBorderCtrl project to respect fundamental rights is not grounds to assume that they will automatically do so, it maintained that because this was a research project, the public’s right to know about the results – rather than the process of the research – was sufficient.

The CJEU agreed with the General Court that the commercial interests of the REA outweighed the public interest. But as a listing of the documents requested indicates, several were about the ethics of the project, and others were general progress reports. It seems entirely legitimate for that information to be available to the public: claims of commercial interests should not be able to stymie the crucial oversight of new surveillance and control technologies funded by taxpayers.

More generally, the idea that people can only see the results of publicly-funded research is absurd. Today there is a recognition that science research needs to be open – not just in its results, but in its entire process. The CJEU ruling that the public can only ask to see the results is retrogressive, and a return to the bad old days of science funding when the public was expected to pay up and then shut up.

Follow me @glynmoody on Mastodon.

Filed Under: ai, article 19, borders, cjeu, commercial interests, ethics, eu, horizon 2020, hungary, iborderctrl, latvia, lie detector, patrick breyer

What State Action Doctrine? Biden Administration Renews Push For Deal With TikTok, Where US Government Would Oversee Content Moderation On TikTok

Content Moderation

from the that's-not-how-any-of-this-works dept

So, for all of the nonsense about what level of coercive power governments have over social media companies, it’s bizarre how little attention has been paid to the fact that TikTok is apparently proposing to give the US government control over its content moderation setup, and the US government is looking at it seriously.

As you likely know, there’s been an ongoing moral panic about TikTok in particular. The exceptionally popular social media app (that became popular long after we were assured that Facebook had such a monopoly on social media no new social media app could possibly gain traction) happens to be owned by a Chinese company, ByteDance, which has resulted in a series of concerns about the privacy risks of using the app. Some of those concerns are absolutely legitimate. But many of them are nonsense.

And, for basically all of the legitimate concerns the proper response would be to pass a comprehensive federal data privacy law. But no one seems to have the appetite for that. You get more headlines and silly people on social media cheering you on by claiming you want to ban TikTok (this is a bipartisan moral panic).

Instead of recognizing all of this and doing the right thing after Trump’s failed attempt at banning TikTok, the Biden administration has… simply kept on trying to ban TikTok or force ByteDance to divest. That’s another repeat of a bad Trump idea, which ended not in the divestiture, but Trump getting his buddy Larry Ellison’s company, Oracle, a hosting deal for TikTok. And, of course, TikTok and Oracle now insist that Oracle is reviewing TikTok’s algorithms and content moderation practices.

But, moral panics are not about facts, but panics. So, the Biden administration did the same damn thing Trump did three years earlier in demanding that TikTok be fully separated from ByteDance, or said the company would get banned in the US. Apparently negotiations fell apart in the spring, hopefully because TikTok folks know full well that the government can’t just ban TikTok.

However, the Washington Post says that they’re back to negotiating (now that the Biden administration is mostly convinced a ban would be unconstitutional), and the focus is on a TikTok proffered plan to… wait for it… outsource content moderation questions to the US government. This plan was first revealed in Forbes by one of the best reporters on this beat: Emily Baker-White (whom TikTok surveilled to try to find out where she got her stories from…). And it’s insane:

The draft agreement, as it was being negotiated at the time, would give government agencies like the DOJ or the DOD the authority to:

• Examine TikTok’s U.S. facilities, records, equipment and servers with minimal or no notice,
• Block changes to the app’s U.S. terms of service, moderation policies and privacy policy,
• Veto the hiring of any executive involved in leading TikTok’s U.S. Data Security org,
• Order TikTok and ByteDance to pay for and subject themselves to various audits, assessments and other reports on the security of TikTok’s U.S. functions, and,
• In some circumstances, require ByteDance to temporarily stop TikTok from functioning in the United States.

The draft agreement would make TikTok’s U.S. operations subject to extensive supervision by an array of independent investigative bodies, including a third-party monitor, a third-party auditor, a cybersecurity auditor and a source code inspector. It would also force TikTok U.S. to exclude ByteDance leaders from certain security-related decision making, and instead rely on an executive security committee that would operate in secrecy from ByteDance. Members of this committee would be responsible first for protecting the national security of the United States, as defined by the Executive Branch, and only then for making the company money.

For all the (mostly misleading) talk of the US government having too much say in content moderation decisions, this move would literally put US government officials effectively in control of content moderation decisions for TikTok. Apparently the thinking is “welp, it’s better than the Chinese government.” But… that doesn’t mean it’s good. Or constitutional.

“If this agreement would give the U.S. government the power to dictate what content TikTok can or cannot carry, or how it makes those decisions, that would raise serious concerns about the government’s ability to censor or distort what people are saying or watching on TikTok,” Patrick Toomey, deputy director of the ACLU’s National Security Project, told Forbes.

The Washington Post has even more details, which don’t make it sound any better:

A subsidiary called TikTok U.S. Data Security, which would handle all of the app’s critical functions in the United States, including user data, engineering, security and content moderation, would be run by the CFIUS-approved board that would report solely to the federal government, not ByteDance.

CFIUS monitoring agencies, including the departments of Justice, Treasury and Defense, would have the right to access TikTok facilities at any time and overrule its policies or contracting decisions. CFIUS would also set the rules for all new company hires, including that they must be U.S. citizens, must consent to additional background checks and could be denied the job at any time.

All of the company’s internal changes to its source code and content-moderation playbook would be reported to the agencies on a routine basis, the proposal states, and the agencies could demand ByteDance “promptly alter” its source code to “ensure compliance” at any time. Source code sets the rules for a computer’s operation.

Honestly, what this reads as is the moral panic over China and TikTok so eating the brains of US officials that rather than saying “hey, we should have privacy laws that block this,” they thought instead “hey, that would be cool if we could just do all the things we accuse China of doing, but where we pull the strings.”

Now, yes, it’s true that an individual or private company can voluntarily choose to give up its constitutionally protected rights, but there is no indication that any of this is even remotely close to voluntary. If the 5th Circuit found that simply explaining what is misinformation about COVID was too coercive for social media companies to make moderation decisions over, then how is “take this deal or we’ll ban your app from the entire country” not similarly coercive?

Furthermore, it’s not just the rights of TikTok to consider here, but the millions of users on the platform, who have not agreed to give up their own 1st Amendment rights.

Indeed, I would think there’s a very, very high probability that if this deal were to be put in place, it would backfire spectacularly, because anyone who was moderated on TikTok and didn’t like it would actually have a totally legitimate 1st Amendment complaint that it was driven by the US government, and that TikTok was a state actor (because it totally would be under those conditions).

In other words, if the administration and TikTok actually consummated such a deal, the actual end result would be that TikTok would effectively no longer be able to do much content moderation at all, because it would only be able to take down content that was not 1st Amendment protected.

So, look, if we’re going to talk about US government influence over content moderation choices, why aren’t we talking much more about this?

Filed Under: 1st amendment, biden administration, cfius, china, content moderation, control, doj
Companies: bytedance, tiktok

Daily Deal: Babbel Language Learning

Deals

from the good-deals-on-cool-stuff dept

Learn Spanish, French, Italian, German, and many more languages with Babbel. Developed by over 100 expert linguists, Babbel is helping millions of people speak and understand a new language quickly, and with confidence. After just one month, you will be able to speak confidently about practical topics, such as transportation, dining, shopping, directions, making friends, and much more. It’s on sale for $169.97.

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

Filed Under: daily deal

Court: Lawsuit Can Continue Against Library That Moved All LGBTQ Children’s Books To The Adult Section

Free Speech

from the maybe-try-being-less-of-an-asshole? dept

The First Amendment doesn’t just protect what you say. It also protects your right to hear what others say. It guarantees a right to published information. It protects a whole lot of stuff certain politicians sincerely wish it didn’t because it gets in the way of pushing their bigoted ideals.

Right now, there’s a wave of anti-LGBTQ legislation sweeping the country. Legislators — pretending they care about children — are trying to prevent everyone from accessing certain creative expression (or saying certain things) these politicians don’t agree with.

And pretty much every time they engage in this form of censorship, they get smacked down by courts. The Constitution doesn’t care about your hateful feelings. Rights must be respected, even by petty would-be tyrants undeserving of anyone’s respect.

A lawsuit, filed by patrons of a county library in Arkansas, has been allowed to move forward by a federal court. The First Amendment lawsuit plausibly alleges the library’s decision to move anything determined to be “LGBTQ” from the children’s section to the adult’s section violates the First Amendment right to equitable access to information. (via Courthouse News Service)

Here’s how this started, according to the decision [PDF] that moves this lawsuit forward:

[I]n late 2022 or early 2023 the Crawford County Library System implemented a policy under which its library branches must remove from their children’s sections all books containing LGBTQ themes, affix a prominent color label to those books, and place them in a newly-created section called the “social section.” Plaintiffs allege this policy was imposed on the Library System by the Crawford County Quorum Court in response to political pressure from constituents who objected, at least partly on religious grounds, to the presence of these books in the children’s section.

The use of a court to pressure a (government-funded) library into doing something it had never felt a need to do before is already a pretty plausible First Amendment cause of action. If the quorum court hadn’t imposed this policy, there’s a good chance the library would never have bothered stigmatizing certain content.

This sort of thing is not an anomaly in the United States, much less Arkansas in particular.

This is not the only lawsuit currently pending in the Western District of Arkansas that concerns children’s books in public libraries. In Fayetteville Public Library et al. v. Crawford County, Arkansas et al., Case No. 5:23-cv-5086, a host of public libraries, librarians, library patrons, nonprofits, and booksellers sued various state actors, challenging the constitutionality of Arkansas Act 372 of 2023 (“Act 372”). Section 1 of Act 372 defines a new Class A misdemeanor called “furnishing a harmful item to a minor.” Section 5 requires that “[e]ach county or municipal library shall have a written policy for addressing challenged material that is physically present in the library and available to the public,” and imposes certain minimum criteria that libraries must incorporate into those policies.

It’s a movement in Arkansas, propelled by bigoted legislators and assisted by bigoted residents and the occasional county quorum court. No doubt the listed lawsuit will end with in a loss for the government but, for the time being, these litigants want this particular county library to stop violating the First Amendment.

The state argued the plaintiffs had no standing to bring a lawsuit against the library. Wrong, says the court:

The amended complaint alleges that all three Plaintiffs are “members and users of the Crawford County Library System,” and that their minor children “are also users of the Crawford County libraries.” Their pleadings also allege that the County’s library system has segregated children’s books with LGBTQ themes onto separate shelves in the adult section of the library and affixed stigmatizing labels to them signaling controversial content, and that the motivation for this policy was at least in part religious. Since Plaintiffs are members and users of these libraries, one can reasonably infer from the pleadings that they have directly encountered the shelves at issue here. And Plaintiffs obviously find this practice unwelcome, as they have brought this lawsuit with the goal of ending it. That is sufficient to confer standing upon them to bring their Establishment Clause claim, at least at this early stage of the lawsuit.

It also argued no injury had been suffered because the books were merely moved (and marked with the county’s LGBTQ equivalent of the scarlet letter…), rather than removed. Wrong again, says the court.

As for Plaintiffs’ claim that the County’s policy restricts their First Amendment right to receive information: the County argues Plaintiffs have not been injured because their access to the books in question has not been restricted. Children are still allowed to roam the adult section, and there are no formal limitations on who may browse or check out the books at issue here. However, this argument confuses restriction with outright prohibition. When a plaintiff shows that her ability to access information has been impeded by state action, however minimally, then that is a sufficiently concrete injury to confer standing for a First Amendment claim.

Moving the books is problematic on its own. Making sure anyone who tries to access them has to carry around a “marked” book is worse.

Plaintiffs allege that the County has removed children’s books from the children’s sections of its libraries where children and their parents would expect to find them, and has attached stigmatizing labels to them that could subject individuals who browse them or check them out to embarrassment or opprobrium from library staff members or other patrons. This is a sufficiently concrete burden on Plaintiffs’ ability to access information to give them standing to bring this lawsuit.

And that’s obviously the point of this unconstitutional exercise: to “out” patrons who express an interest in content the government (under pressure from resident bigots) has decided needs to be not only segregated, but clearly marked as something the government dislikes.

The state also argued there was no First Amendment right to access information, at least not in this context. It quoted a Supreme Court decision dealing with public school libraries and claimed this meant public county libraries weren’t subject to this part of First Amendment protections. Unsurprisingly, it’s wrong here as well.

This argument is simply wrong, on two fundamental levels. First, Supreme Court majorities have in fact repeatedly acknowledged, in a wide variety of contexts, that the First Amendment protects the right to access information. See, e.g., Stanley v. Georgia, 394 U.S. 557, 564 (1969) (“It is now well established that the Constitution protects the right to receive information and ideas.”) (collecting cases); see also Griswold v. Connecticut, 381 U.S. 479, 482 (1965) (“The right of freedom of speech and press includes not only the right to utter or to print, but the right to distribute, the right to receive, the right to read . . . .”). The precise contours of that right may sometimes be complicated or unclear, but there can be no reasonable debate as to whether the right exists and enjoys First Amendment protection.

Second, although the County is correct that Pico dealt with the right to access information in a school library rather than in a library that was open to the general public, this indicates that the right’s scope is broad—not narrow.

In that case, dealing with a public school library, the Supreme Court weighed the right to access against the limitations on minors’ rights that are part of the school experience. In cases like these, schools may have more latitude to restrict access to information for other overriding government concerns. Even if the court had decided public schools had blanket permission to restrict access to information (and it didn’t), that doesn’t apply to a case involving a county library accessible by anyone, not just minors/students.

Right now, the bigot-propelled status quo will remain in place. The lawsuit moves forward but the books still remain segregated and labelled. As the court notes, an injunction preventing the library from moving books would prevent it from featuring popular books or moving frequently requested books to a more easily accessed area. But the lack of injunction doesn’t mean there’s no plausible First Amendment allegations.

Eventually, this will end in the desegregation of these books or the county passing a law attempting to codify its First Amendment violation. Either way, the government will lose and the people will win. And yet, it’s clear to anyone observing the state of the nation that losing lawsuit after lawsuit is doing nothing to deter bigots from violating rights in hopes of oppressing certain people and suppressing certain views.

Filed Under: 1st amendment, arkansas, crawford county, lgbtq, libraries

Despite Some Progress, iFixit Says Apple’s Dedication To ‘Right To Repair’ Still Sucks

(Mis)Uses of Technology

from the we've-changed-but-not-really dept

Apple has never looked too kindly upon users actually repairing their own devices, or using lower cost independent repair services. The company’s ham-fisted efforts to shut down, sue, or otherwise imperil third-party repair shops are legendary. As are the company’s efforts to force recycling shops to shred Apple products (so they can’t be refurbished and re-used).

Recently, Apple has made a few pivots on this front, including, most notably, its apparent about face on California right to repair legislation. And while Apple has also made some modest progress in backing off its attempt to monopolize repair (see: its Self-Service Repair Program), outside organizations like iFixit say the tech giant still has a long, long way to go.

iFixit recently dropped the reparability score for the iPhone 14 from a recommend 7 out of 10 to a do-not-recommend 4. Why? The organization took heat from hardware geeks who noted the 7 out 10 score wasn’t accurate because Apple is still using “parts pairing” to ensure that independent, affordable repair is either cumbersome as hell or simply impossible.

From a pure hardware perspective the reparability architecture of the iPhone has definitely improved, but only if you follow Apple’s sanctioned process and buy the parts from Apple. If you buy the parts independently, the new parts you or your independent repair shop installed won’t work due to Apple’s sophisticated software protections:

“Today, you need one more thing: a software handshake, using Apple’s System Configuration tool. It contacts Apple’s servers to “authenticate” the repair, then “pairs” the new part to your system so it works as expected. Of course, it can only authenticate if Apple knows about your repair in advance, because you gave them the exact serial number of your iPhone, and they’ve pre-matched it to a display or battery. This is only possible if you buy the screen or battery directly from Apple. Forget harvesting parts—which is a huge part of most independent repair and recycling businesses. It’s also impossible to pair any aftermarket parts—which means only Apple-authorized repairs can truly restore the device to full functionality.”

That’s a lot of environmental waste and added consumer costs and restrictions created by a company that claims to have seen the light on “right to repair.” And as iFixit notes, Apple implements systems like this without much in the way of meaningful transparency:

“In a move that will not surprise close observers of Apple, they have developed the system without notifying the people who do the actual repair work that it impacts.”

Tech industry lobbyists are increasingly using their influence to ensure right to repair laws don’t cover the most problematic industries on right to repair (like medical equipment, game consoles, or autos), then they’re increasingly using software restrictions to make make affordable, independent repair as cumbersome and annoying as possible. All while soaking up media praise for having seen the light.

Filed Under: cellular, hardware, independent repair, iphone, right to repair, tinker, wireless
Companies: apple, ifixit

Boise State’s Silly Trademark For ‘Non-Green Football Fields” May Finally Get Challenged

Trademark

from the black-and-blue dept

Almost exactly seven years ago, we discussed the absolute silliness that was Boise State University somehow getting the USPTO to grant it a trademark for a football field that is “non-green.” If you’re not a college football fan, some context is in order. Decades back, the school didn’t want to pay to have its field resodded with grass, so it instead put in cheaper turf that was colored royal blue. If you’ve never seen the field on television or in person, it’s absolutely ugly. So ugly, in fact, that it’s also absolutely awesome and has become a distinctive part of the BSU brand. Because of that, getting the original trademark the school got for the blue-colored field made some sense. But in 2010, the school managed to expand the mark to include all fields that are “non-green.” From my original post on the matter:

Now, we could sit around and argue whether or not having a blue football field was a thing fit to be trademarked. Personally, considering the specific color the school used, I could buy an argument that fans that see the field do indeed think of Boise State. I certainly do. But the school expanded the trademark in 2010 to fields not just blue, but fields that are “non-green.” And that’s crazy. Bradlee Frazer, an IP attorney working with the school, has stated that any non-green athletic field carries with it the risk of confusion pertaining to Boise State. He can say that all he wants, but such a stance likely wouldn’t survive a challenge from another school.

But those challenges have never come, mostly because Boise State is quite liberal with freely licensing the ability to have non-green fields to other schools.

And that has continued to be true. Colleges and high schools that have decided to use non-traditional color schemes for their football fields have traditionally sought approval from BSU. And, to be clear, BSU has continued to be fairly sanguine about approving such uses, so long as there is no real callback to BSU. Because of that, the obviously and overtly broad trademark BSU has hasn’t ever been challenged.

That may be changing. SUNY Morrisville, a Division 3 school, recently put in its own synthetic turf, colored deep black. And the school reportedly didn’t seek any sort of approval from BSU in doing so.

By going emo, the school joined a handful of select college programs that have, over the last two decades, broken from the traditional gridiron greens, including Coastal Carolina, Eastern Washington, Eastern Michigan and Central Arkansas.

And yet, in joining the ranks of these non-verdant outliers, SUNY Morrisville went a step bolder by breaking a norm that has been dutifully conformed to by the other nonconformists: seeking permission from Boise State University, which, in 1986, became the first university to implement a non-traditional athletic field color with its now-famous, blue “smurf turf.”

And now we get to see whether BSU really wants to try to enforce its trademark and claim this is infringement, or else it risks breaking the precedent that all these schools need to seek permission for football fields that are not colored the traditional grass-green.

I certainly hope BSU does try to enforce its mark, if only so that SUNY Morrisville can fight back and get this stupid trademark invalidated, or at least pared back to covering the royal blue colored field. I can’t account for how or why the USPTO allowed such an overly broad trademark to be approved in the first place, but I am damned sure that any competent attorney for SUNY Morrisville could get it rescinded upon challenge.

Filed Under: football fields, non-green field, trademark
Companies: boise state, suny morrisville

Council Of Europe Says Most Use Of NSO’s Pegasus Spyware Is Probably Illegal

Legal Issues

from the nice-racket-you-got-there,-NSO dept

I mean, that’s what we all were thinking, right? When you carve out a niche selling to outlaws, there’s a good chance your product will be used illegally, no matter who’s buying it.

That’s how it all plays out for NSO Group and its infamous Pegasus zero-click phone exploit — one capable of fully compromising targets’ phones. And what a list of targets it is! Journalists, human rights activists, opposition leaders, religious leaders, lawyers, and dissidents were all included on the list of NSO malware targets obtained by journalists in 2021.

Two years of bad news followed. Not just negative press, but investors, founders, and even the Israeli government backing away slowly from this suddenly toxic asset. At its peak, NSO had a long list of customers, most of them doing their own citizens dirty with routine human rights abuses. At its current nadir, NSO limps along, trying to find someone willing to pay it to put itself out of its self-inflicted misery.

This report [PDF], compiled by the Council of Europe and written by the Netherlands’ Pieter Omtzigt, says what everyone knows. But it says it for the benefit of those who know, but still refuse to stop engaging in abusive deployments of the Pegasus malware.

Here’s the main takeaway, as summarized by Suzanne Smalley for The Record.

The PACE’s Committee on Legal Affairs and Human Rights, which produced the report, asked at least 14 European Union countries which have bought or used the tools, including the Netherlands, Germany, Belgium and Luxembourg, to “clarify the framework of its use and applicable oversight mechanisms” within three months.

Additionally, the report singles out Poland, Hungary, Spain, Greece and Azerbaijan, which have already weathered public scandals related to their use of the NSO Group’s Pegasus spyware and similar tools, to undertake “effective, independent and prompt investigations” on all confirmed and alleged cases of spyware abuse.

Some things to note before we take a deeper look at the report:

First, it was composed by a representative of a government that has been (at least somewhat) critical of the EU’s attempts to undermine encryption with client-side scanning mandates. Second, the countries named as participants in likely illegal surveillance include Greece and Spain. Greece has been dealing with the fallout of illegal spying efforts utilizing other malware created by yet another Israeli-based spyware company. Spain has been engaged in open oppression of Catalan dissidents and wholeheartedly believes the EU should give it even more power to repress those who seek to have this region’s independence recognized by the Spanish government.

The other countries on the list have rarely been considered havens of personal freedom, with Poland being a bit more progressive in its protection of human rights than Hungary or Azerbaijan. That being said, Poland hasn’t exactly kept its hands entirely clean when it comes to domestic surveillance.

The problem is the malware itself, which is extremely powerful and, for most targets, undetectable. Given these aspects, the Parliamentary Assembly of the Council of Europe (PACE) doubts any use of the spyware could possibly comply with European law.

The Parliamentary Assembly notes that Pegasus is a highly intrusive surveillance spyware, which grants the user complete and unrestricted access to all sensors and information of the targeted mobile phone. It turns the smartphone into a 24-hour surveillance device, accessing the camera and microphone, geolocation data, e-mails, messages, photos, videos, passwords, and applications. While some spyware tools require some action on the part of the victim, such as clicking on a link (for instance, Predator) or opening an attachment, Pegasus is installed through a so-called “zero click attack”. Given its unprecedented level of intrusiveness into the private life of the targeted individual and all the target’s contacts, the Council of Europe Commissioner for Human Rights and the European Data Protection Supervisor have expressed serious doubts as to whether its use could ever meet the proportionality requirement and therefore be human-rights compliant.

This is followed by the name-and-shame portion of the presentation. The Council notes the malware has been deployed in both Poland and Hungary to spy on journalists, opposition leaders, lawyers, prosecutors, and activists. In Spain, 65 infections of phones possessed by Catalan pro-independence activists have been verified. Azerbaijan has both deployed it against its own people (journalists, activists) as well as targets in Armenia.

Since almost any deployment of Pegasus will, at the very least, likely violate European privacy laws, the Council requests that all EU nations inform the Assembly about any past, present, or planned Pegasus use, provide redress to those illegally-targeted, apply sanctions (if needed) against the entities deploying the malware, and conduct investigations to determine whether any past deployments have flown under the oversight radar.

The report delivers more details on potentially illegal Pegasus deployments throughout the rest of the report. Most of these were uncovered by security researchers, like the invaluable Citizen Lab. None of the discovered infections were the result of self-reporting by government agencies who purchased NSO spyware. In a few cases, government investigations have uncovered abusive deployments by government entities, but most of the legwork is still being done by the private sector.

While the Council is entitled to make these demands of EU nations, it doesn’t actually have the power to make any of this happen, unfortunately. Back to Suzanne Smalley and The Record:

The Council of Europe was established in the wake of World War II to promote human rights and democracy. While it cannot enact laws, it describes itself as being able to “push for the enforcement of select international agreements reached by member states on various topics.” 

It’s not much, but maybe it will be enough. NSO is on the ropes and very few self-respecting governments want to be caught with Pegasus on their hands. There will always be competitors willing to fill the void created by NSO should it choose to exit the market. But maybe efforts like these will make EU nations think twice before doing business with malware merchants more than happy to get in bed with any autocracy that will have them.

Filed Under: council of europe, malware, privacy, spyware
Companies: nso group

Last Week 5th Circuit Said Gov’t Can’t Pressure Websites, This Week It Says Gov’t Mandated ‘Health’ Messages Are Perfectly Fine

Free Speech

from the when-republicans-do-it,-it's-fine dept

It can always get dumber. And when we’re talking about the 5th Circuit, you have to assume it will always get dumber. And that’s what has happened now with the 5th Circuit issuing a stay on an injunction that had blocked an obviously unconstitutional law. But we’ll get to those details in a moment.

Just last week we wrote about the decision in the 5th Circuit saying that the government cannot coerce websites regarding how they moderate content. We noted that this seemed to be in near total conflict with last year’s 5th Circuit ruling saying that of course governments can tell websites how to moderate (the only point on which they are consistent is that “it’s okay when Republicans do it, and not okay when Democrats do it”).

But that ruling last year was even crazier than it sounds. As you may recall, Texas passed this law, HB 20, that told social media websites how they had to moderate (or not moderate) certain content. A federal district court issued an injunction blocking the law, laying out in great detail how very, very, very obviously unconstitutional the whole thing was. It appeared that the judge in that case knew full well that the 5th Circuit was likely to muck it up and was trying to convince them not to.

Somewhat incredibly, the 5th Circuit mucked it up in spectacular fashion, overturning the injunction and reinstating the law immediately with zero explanation. Normally, when you issue a ruling stopping an injunction (or issuing one) you… explain why. But the three judge panel just issued a one-line ruling saying that the motion was granted. No explanation. This resulted in a mad dash to the Supreme Court which (perhaps surprisingly!) told the 5th Circuit that this was procedurally inane, and put the law back on hold.

Eventually, many, many, many months later, the 5th Circuit explained its reasoning in an opinion authored by Judge Andy Oldham, reinstating the law again (which was then put on hold while it was appealed to the Supreme Court, where we’re still waiting to see what happens). Oldham’s reasoning basically overturned a century’s worth of “settled” 1st Amendment law.

So, anyway, that’s the history from last year. Onto this year. Earlier this year, Texas passed a law requiring both age verification and a mandatory “health warning” message on all adult content websites. The Free Speech Coalition sued to stop the law going into effect (as it was scheduled to do on September 1st) and, as we reported, the court reasonably granted the injunction blocking the law, noting that it was pretty clearly a violation of the 1st Amendment for both the age verification bits and for the mandatory health warning, which forces adult websites to say that “Texas Health and Human Services” has claimed that pornography leads to eating disorders, impaired brain development and an increase in demand for child exploitation even though, as the judge blocking the law noted, Texas Health and Human Service’s department never found any such thing.

As the court clearly notes “this is compelled speech.”

Anyway, with the court rejecting it, we figured there would be some time for it to go through the usual appeals process.

But we did not count on good ol’ 5th Circuit Judge Andy Oldham. Because a three judge panel that includes Oldham reinstated the law, putting an “administrative stay” on the preliminary injunction that blocked the law in the first place. Once again, the ruling gives no details at all. It’s two sentences this time (up from one the last time), and just effectively removes the preliminary injunction, meaning that the law is immediately in effect. The only difference from last year’s similar nonsense is that the court says the appeal is “expedited” to the next available oral argument panel.

5th Circuit lawyer Raffi Melkonian wrote on Bluesky that there’s some procedural weirdness to all this, noting the 5th Circuit will often issue an administrative stay while considering a motion for a stay, but here it’s not even yet considering the actual stay because it’s saying that it will deal with it during oral arguments.

Either way, the law is now in effect and we have no idea what that means because the 5th Circuit has explained nothing.

And, again, between these two 5th Circuit rulings, a week and a half apart, we are being told by the very same court that governments cannot do anything to coerce speech on some platforms, but absolutely can compel speech on other platforms.

If that seems contradictory, the reality is that what the 5th Circuit is saying, in a truly partisan way, is that when Republicans compel speech, that’s fine. It’s not only fine, but the court doesn’t even need to explain why it passes constitutional muster. When Democrats highlight content that could lead to harm for websites to look at and decide for themselves if they want to host it, that is the worst censorship scandal in the history of America, and the government should be barred from speaking to the companies at all.

The 5th Circuit is a joke, and its main court jester seems to be Andy Oldham.

There is no workable theory of the 1st Amendment here. There is nothing but a distorted partisan filter.

Filed Under: 1st amendment, 5th circuit, age verification, andrew oldham, andy oldham, compelled speech, free speech, hb 1181, texas
Companies: free speech coalition