A company by the name of LocationSmart isn't having a particularly good month.

The company recently received all the wrong kind of attention when it was caught up in a privacy scandal involving the nation's wireless carriers and our biggest prison phone monopoly. Like countless other companies and governments, LocationSmart buys your wireless location data from cell carriers. It then sells access to that data via a portal that can provide real-time access to a user's location via a tailored graphical interface using just the target's phone number.

Theoretically, this functionality is sold under the pretense that the tool can be used to track things like drug offenders who have skipped out of rehab. And ideally, all the companies involved were supposed to ensure that data lookup requests were accompanied by something vaguely resembling official documentation. But a recent deep dive by the New York Times noted how the system was open to routine abuse by law enforcement, after a Missouri Sherrif used the system to routinely spy on Judges and fellow law enforcement officers without much legitimate justification (or pesky warrants):

"The service can find the whereabouts of almost any cellphone in the country within seconds. It does this by going through a system typically used by marketers and other companies to get location data from major cellphone carriers, including AT&T, Sprint, T-Mobile and Verizon, documents show.

Between 2014 and 2017, the sheriff, Cory Hutcheson, used the service at least 11 times, prosecutors said. His alleged targets included a judge and members of the State Highway Patrol. Mr. Hutcheson, who was dismissed last year in an unrelated matter, has pleaded not guilty in the surveillance cases."

It was yet another example of the way nonexistent to lax consumer privacy laws in the States (especially for wireless carriers) routinely come back to bite us.

But then things got worse.

Driven by curiousity in the wake of the Times report, a PhD student at Carnegie Mellon University by the name of Robert Xiao discovered that the "try before you buy" system used by LocationSmart to advertise the cell location tracking system contained a bug, A bug so bad that it exposed the data of roughly 200 million wireless subscribers across the United States and Canada (read: nearly everybody). As we see all too often, the researcher highlighted how the security standards in place to safeguard this data were virtually nonexistent:

"Due to a very elementary bug in the website, you can just skip that consent part and go straight to the location," said Robert Xiao, a PhD student at the Human-Computer Interaction Institute at Carnegie Mellon University, in a phone call. "The implication of this is that LocationSmart never required consent in the first place," he said. "There seems to be no security oversight here."

The researcher notes that one of the APIs in the portal was not properly validating the consent response, making it "trivially easy" to skip the portion where the API sends a text message to the end user attempting to obtain consent (Brian Krebs, who first reported the vulnerability, has also confirmed the problem). Given the New York Times story had been making headlines since its May 10 publication, it's obviously possible that others discovered the vulnerability. LocationSmart has since pulled their location data tracking portal offline.

Meanwhile, none of the four major wireless carriers have been willing to confirm any business relationship with LocationSmart, but all claim to be investigating the problem after the week of bad press. That this actually results in substantive changes to the nation's cavalier treatment of private user data is a wager few would be likely to make.

Techdirt has written many stories about facial recognition systems. But there's a step-change taking place in this area at the moment. The authorities are moving from comparing single images with database holdings, to completely automated scanning of crowds to obtain and analyze huge numbers of facial images in real time. Recently, Tim Cushing described the ridiculously high level of false positives South Wales Police had encountered during its use of automated facial recognition software. Before that, a post noted a similarly unacceptable failure rate of automated systems used by the Metropolitan Police in London last year.

Now Big Brother Watch has produced a report bringing together everything we know about the use by UK police of automated facial recognition software (pdf), and its deep flaws. The report supplements that information with analyses of the legal and human rights framework for such systems, and points out that facial recognition algorithms often disproportionately misidentify minority ethnic groups and women.

The UK situation is fairly well known. There's been less coverage of automated facial recognition systems in the US, and the Big Brother Report offers some comments from experts about what is happening there. For example, Clare Garvie from the Georgetown Law Center on Privacy and Technology, writes:

Face recognition surveillance -- identifying people in real-time from live video feeds -- risks being an imminent reality for many Americans. Are we comfortable with a society where face recognition allows police to identify anyone with a driver’s license, without suspicion or consent? Are we comfortable with a society where the government can find anyone, at any time, by continuously scanning the faces of people on the sidewalk? Face recognition fundamentally changes the nature of privacy in public spaces. As government agencies themselves have cautioned, face recognition surveillance 'has the potential to make people feel extremely uncomfortable, cause people to alter their behaviour, and lead to self-censorship and inhibition,' chilling the exercise of the rights protected under the First Amendment and calling into question the scope of protections offered by the Fourth Amendment.

Alongside its report, Big Brother Watch has launched the "Face Off" campaign calling for the UK public authorities to stop using automated facial recognition software with surveillance cameras, and to remove the thousands of images of unconvicted individuals from the UK's Police National Database. Given the UK authorities' world-famous love of CCTV and surveillance, it's unlikely they will take much notice.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

This week, both our winning comments on the insightful side came in response to our post about some police realizing that SESTA/FOSTA has made their job harder. The curiously-named any moose cow word won first place with a simple statement:

FOSTA and SESTA, like most "morality" legislation, is much more about sweeping problems under the rug and pretending they don't exist rather than doing anything substantive to address the real underlying issues.

In second place, it's an anonymous response to a strange comment questioning why we worry about one bad law when there are lots of bad laws:

OK: I'll bite.

We get annoyed at just this one today to bring awareness to it, so that it can be changed. Without public awareness and public shaming of public figures, we will not have change.

So why go after one when there are 500,000+ more laws?

Because each journey starts with a single step. Once THIS law is taken care of, there are 499,999+ laws, and we can work on the next item.

Your attitude only results in things getting continually worse. It is the attitude the Russian troll farms use to promote apathy.

Be part of the solution and pick a law you feel is unjust, and see it through to being removed.

For editor's choice on the insightful side, we've got a pair of responses from our two frequent "That" commenters to our post about the congressional push to protect police with hate crime laws — both addressing the common arguments about police having a dangerous job. First up it's That One Guy:

Yeah, no-one's arguing that it's a risk free job, but here's the thing: The ones in it either knew that ahead of time that it carried risk and accepted that anyway, or they were so clueless that that fact flew completely over their head, and they need to quit immediately and let someone with a working brain take their position.

I face heightened risk every time I wake up and get out of bed. I face heightened risk every time I get in a car. Countless things cause 'heightened risk', if they can't deal with a historically safe job because it carries anything higher than no risk then they most certainly have no business in a profession that carries extra risk and is already well protected by the laws.

This is yet another boot-licking, 'All animals are equal, but some animals are more equal that others' move that will widen the gap between the public and police once more, which, ironically enough, stands to make things even riskier for police.

And next it's That Anonymous Coward:

Pretty sure the number of people ending up dead or beaten after interaction with cops is much higher than the number of dead cops.

They know the job is dangerous...
A woman might knock on your window requiring lethal force.
A car might backfire requiring pursuit & 40+ bullets fired while standing on the hood of the car.
The house of an innocent person the warrant isn't for might get uppity wondering why these jackbooted thugs broke in.
A baby might need to be flash banged for officer safety.
A dog might wag its tail in the vicinity of a cop requiring its execution.
A young officer might freak out & blow someone away in their panic & require being comforted before anyone seeks help for the person who was shot.
A driver might reach for his ID after being instructed to & be shot by a cop for following directions.
A body cam might be turned off or have the audio muted after a citizen is shot by a cop so they can get the story right.
A department might run a fucking black site that the CIA would be proud of torturing citizens until they admit to crimes to make the pain stop.
A department might steal millions in military gear handouts & just hand them out to various citizens around town.

But yes, please codify what a large percentage of the population already know... Cops are a special group who can do no wrong, can not be held responsible for their actions, and can repeatedly lie on the stand... but sure lets give them another law to use against critics or them uppity citizens who know their rights & the law.

Good faith exceptions.
Using stereotypes of demons to justify murder.
Abusing citizens.
Throwing them into paddy wagons & giving them a rough ride to teach them a lesson (or paralyze them for life).

Perhaps a better use of time & resources would have been a hate crime law protecting citizens from cops. I mean, we have the higher body count & we didn't have to pad the numbers by including desk riding doughnut gobbling warriors who had a heart attack.

Over on the funny side, our first place winner is Thad making a small correction to Mike's point that a certain rabidly anti-regulation commenter on Techdirt sounds like a high-school student:

That's not fair.

High school students know how to use quotation marks correctly.

In second place, it's Jinxed with another comment about SESTA/FOSTA:

Perhaps Techdirt reach out to one of the authors of the bill?
Here, I'll help:
https://www.mpaa.org/who-we-are/#contact-us

For editor's choice on the funny side, we start out on our post about breathalyzers inflating results by as much as 6%, where one commenter suggested this isn't really a problem and McCrea quickly corrected that notion:

And we should prosecute everyone who does 50mph in a 55 zone a speeding ticket be "Oh, he wasn't "SPEEDING" when crashed into you isn't any solace."

Personally, I find you far more than 6% short of being reasonable. Only 6% over the fine line of sanity. Only 6% short of a full deck? Only 6% dimmer than a burnt out bulb?

Geez, first time in two years I've logged into to make a comment. I guess I only respond to 6% of the trolls.

Finally, since it's one more chance to shamelessly plug our Kickstarter campaign for CIA: Collect It All (which ends on Tuesday!), we've got a comment from last weekend's post about the game. In response to an angry commenter who seems to think selling a physical product undermines our opinions on digital economics, That One Guy got sarcastic:

Wait a tic, you mean it's possible to make money off of something despite it being freely available, thanks to someone adding value to the free part(in this case by saving you the trouble of constructing them yourself)?

You are blowing my mind here man, who could have ever thought you could make money off of something that people could get for free? That you can in fact compete with free?

That's all for this week, folks!

We're nearing the end of the Kickstarter campaign for CIA: Collect It All, our polished and fully-playable version of a formerly top secret card game used by the CIA to train new recruits. In this special Saturday edition of the podcast, the three of us working on the project — myself, Mike, and Randy Lubin of Diegetic Games — sit down to talk all about what players can expect from CIA: Collect It All.

Follow the Techdirt Podcast on Soundcloud, subscribe via iTunes or Google Play, or grab the RSS feed. You can also keep up with all the latest episodes right here on Techdirt.

I'm not sure why any nation with at least a passing respect for civil liberties would continue treating Turkish president Recep Tayyip Erdogan as a world leader worth discussing ideas with. Erdogan rolled into the United States with his entourage of thugs and thought he could have critics beaten and unfriendly journalists tossed from press conferences. He continually petitions other countries to punish their own citizens for insulting him.

Back at home, Erdogan is jailing journalists by the hundreds, claiming they're terrorists. A failed coup set off the latest wave of censorial thuggery, with Erdogan bolstering his terrorist claims by pointing to criminal acts like… robbing ATMs. A massive backlog of "insulting the president" cases sit in the country's court system -- a system that's certainly aware it's not supposed to act as a check against executive power.

And yet, world leaders continue to act as though Erdogan is an equal, rather than an overachieving street thug with an amazingly fragile ego. UK Prime Minister Theresa May, hoping to strike a trade deal with Turkey, invited Erdogan to not only discuss a possible deal, but speak publicly.

May tried to keep Erdogan from being Erdogan…

May said that while it was right that those who sought to overthrow a democratically elected government were brought to justice, “it is also important that in the defence of democracy… Turkey does not lose sight of the values it is seeking to defend”.

May added: “That is why today I have underlined to President Erdoğan that we want to see democratic values and international human rights obligations upheld.”

But Erdogan was always going to be Erdogan:

At a press conference in Downing Street alongside May, Erdoğan made no reference to May’s remarks about human rights, but instead urged her to do more to extradite Turkish exiles from the Gulenist or Kurdish movements, saying that if she did not act act against terrorists, it would come back to bite her.

And went on to make it clear that by "terrorists," he also meant journalists who may or may not have been caught engaging in burglary, but otherwise can be assumed to be political targets jailed to ensure silence.

You can't keep treating an overgrown child like an adult. No one should be doing business with Turkey until it cleans up its civil rights violation record. And that's not going to happen as long as Erdogan is president. Gently nudging him towards not being a completely evil asshole obviously doesn't work. All it does is make the government's hosting his off-the-cuff remarks on censorship and jailing journalists look like enablers of oppression.

You may recall that way back in early 2015, we discussed the absurd story of the New Jersey Turnpike Authority suing Jersey Boardwalk Pizza for trademark infringement. At issue was that the pizza joint's owners, both from New Jersey, had crafted a clever logo that mimicked the logo for the Garden State Parkway, except it altered all the words to be the parlor's name and the food it served. It was a clear homage. Nobody denied it. That didn't change the fact, however, that the NJ Turnpike Authority is both not in the business of selling pizza, nor is it in the business of being in Florida. As such, there was zero potential for customer confusion, and the court dismissed the case.

You would have thought that would be the end of this story. But, no, the NJTPA decided to go the trademark office and try to have the pizza parlor's trademark invalidated. Why in the hell it bothered doing so is anyone's guess. Regardless, it didn't work out well for the Garden State.

Three administrative judges with the United States Patent and Trademark Office ruled Monday that Jersey Boardwalk Pizza can continue to use its logo, which the New Jersey Turnpike Authority argued was confusingly similar to the Parkway logo.

In dismissing the authority's claims, the patent office's governing board noted the similarities, but the restaurant's business is unrelated to the roadway. The case was heard in February and took three months to decide.

All sorts of questions leap to mind. What exactly did the folks at the NJTPA think was going to happen at the PTAB after a U.S. District Court refused to entertain this bullshit? Who exactly makes up the legal staff for the NJTPA and are they, or are they not, fully functioning human beings? Is there some kind of gas leak we should be aware of, or perhaps some sort of underground radiation resting just under this legal team's offices?

The most important question, however, is this: how much taxpayer money was flushed down the litigious toilet, all because a couple of New Jersey transplants wanted a callback to their home state for a Florida pizza business? If the answer to that question is greater than zero, it sure feels like there should be exit interviews going on post-haste.

It's kind of incredible how frequently we see people who seem to think that the fact that social media platforms are so bad at moderating the content on those platforms is because they just don't care or don't try hard enough. While it is true that these platforms can absolutely do a much better job (which we believe often involves providing the end user more tools themselves), it's still amazing at how many people think that deciding what content "belongs" and what content doesn't belong is somehow easy. Earlier this month, in Washington DC there was the Content Moderation at Scale "COMO" conference. It was a one day event in which a bunch of companies revealed (sometimes for the first time) how they go about handling questions around content moderation. It was a followup to a similar event at Santa Clara University held back in February (for which we published a bunch of the papers that came out of the event).

For the DC event, we teamed up with the Center for Democracy and Technology to produce a live game for everyone at the event to play -- turning them all into a trust & safety team, tasked with responding to "reported" content on a fictional social media platform. Emma Llanso from CDT and I ran the hour-long session, which included discussions of why people chose their decisions. The video of our session has now been posted which helpfully edits out the "thinking/discuss amongst yourselves" part of the process:

Obviously, many of the examples we chose were designed to be challenging (many based on real situations). But the process was useful and instructive. With each question there were four potential actions that the "trust & safety" team could take and on every single example at least one person chose each option. In other words, even when there was a pretty strong agreement on the course of action to take, there was still at least some disagreement.

Now, imagine (1) having to do that at scale, with hundreds, thousands, hundreds of thousands or even millions of pieces of "flagged" content showing up, (2) having to do it when you're not someone who is so interested in content moderation that you spent an entire day at a content moderation summit, and (3) having to do it quickly where there are trade-offs and consequences to each choice -- including possible legal liability -- and no matter which option you make, someone (or perhaps lots of someones) are going to get very upset.

Again, this is not to say that internet platforms shouldn't strive to do better -- they should. But one of the great things about attending both of these events is that it demonstrated how each internet platform is experimenting in very, very different ways on how to tackle these problems. Google and Facebook are trying to throw a combination of lots and lots of people plus artificial intelligence at the problem. Wikipedia and Reddit are trying to leverage their own communities to deal with these issues. Smaller platforms are taking different approaches. Some are much more proactive, others are reactive. And out of all that experimentation, even if mistakes are being made, we're finally starting to get some ideas on things that work for this community or that community (and remember, not all communities work the same way).

As I mentioned at the event, we're looking to do a lot more with this concept of getting people to understand the deeper questions involved in the tradeoffs around moderating content. Setting it up as something of a game made it both fun and educational and we'd love some feedback as we look to do more with this concept.

It appears the concept of "extreme vetting" at our borders has been backburnered. The Washington Post is reporting ICE has scrapped plans to acquire software capable of strip-mining immigrants' social media accounts and converting this info into a RATE MY DANGEROUSNESS number. However, it does not appear the concept is being done away with entirely.

Immigration and Customs Enforcement officials told tech-industry contractors last summer they wanted a system for their “Extreme Vetting Initiative” that could automatically mine Facebook, Twitter and the broader Internet to determine whether a visitor might commit criminal or terrorist acts or was a “positively contributing member of society.”

But ICE quietly dropped the machine-learning requirement from its request in recent months, opting instead to hire a contractor that can provide training, management and human personnel who can do the job. Federal documents say the contract is expected to cost more than $100 million and be awarded by the end of the year.

No more one-click snooping on entrants. Instead, this job will be farmed out to vendors who will probably never accidentally leak the large amount of personal data they're collecting for the government. This isn't a case of ICE/DHS realizing this isn't just intrusive but unnecessary and quite possibly useless. Instead, this is a case of ICE not liking what vendors had to offer on the software front.

An ICE official briefed on the decision-making process said the agency found there was no “out-of-the-box” software that could deliver the quality of monitoring the agency wanted.

For the time being, it won't be AIs and algos doing the vetting. Instead, it will be a government contractor doing the work, presumably using some live humans. What ICE was seeking was a mythical piece of software. It wanted a rigorous vetting system that predetermines the risk levels of immigrants at a touch of a button -- all without troubling civil liberties and/or conflicting with numerous other databases ICE controls or has access to.

There's no doubt the government can acquire something that harvests massive amounts of data. The problem is making that data useful, something even our most experienced data harvesters in the NSA frequently have trouble doing. But ICE wanted it to be more than a database of past social media behavior. It wanted the program to hand it a thumbs up/down rating on visa applicants, something that's not really advisable, if even actually possible. And there doesn't appear to be anything that fits the description.

“Have they realized only that it doesn’t exist now, which is important in its own right, or have they also recognized that this really was an idea that was built on a complete fantasy?” said Rachel Levinson-Waldman, senior counsel at the Brennan Center for Justice, a left-leaning policy institute. “That you can somehow take these hugely disparate sources of information, in lots of different languages, and make a prediction about what somebody’s value and worth is?”

Content moderation, but for humans. That hasn't worked well anywhere. It usually leads to profiling, false positives, and wastes of the government's human resources, which are far more limited than its data-hauling capabilities. Extreme vetting isn't going away. It's just going be far more iterative than ICE would like, however. Visions of "Minority Report" (and for actual minorities!) have been dashed by the cold water of tech reality. Concerns about mass violations of privacy and civil liberties had nothing to do with this partial reversal of course.

If you've been following how much the record labels stumbled around the internet for the past couple of decades, then you know the basics here. But time has a way of erasing some of the nuances of history, and I find it incredible to watch the RIAA and the record labels these days walking around proudly acting as if they were the ones who "saved" the music industry by embracing streaming services that now make up the bulk of the recording industry's revenues. Indeed, as we've pointed out for years, the recording industry has a very long history of overvaluing the music and undervaluing the services that people want. They've spent so long insisting that the music is the sole source of the value of what they produce, that they always downplay (or entirely erase) the rest of the equation: getting the music to fans in a manner that is convenient, reasonable, and non-burdensome. Instead, they always focus on killing the golden goose -- insisting that any successful music tech service pay them more and more until they're squeezed dry.

Over at Motherboard, Ernie Smith, has a good history of how the recording industry screwed up streaming in the early days (unfortunately he does what most people do and refers to what's really the "recording industry" as the "music industry" -- and also simplifies the history to be just one round of mistakes, rather than many, many mistakes leaving a graveyard of dead tech companies in its wake -- but the overall article is still excellent). It's a very instructive piece in detailing exactly how the record label bosses were so focused on making sure that they had control and limits, that they didn't care at all about providing a service that people actually wanted. Much of it focuses on the two idiotic music label-approved streaming services that the industry tried to launch MusicNet and PressPlay (which we dubbed MusicNot and PressPause way back in 2001). Smith details how both services were built entirely focused on "how do we protect our revenue stream" rather than "how do we serve the customer." Thus, you had lots of DRM and lots of stupid limits:

Their offerings were slightly different—for a $9.95-per-month fee MusicNet allowed for 100 temporary downloads and 100 on-demand streams at launch, according to Billboard, while Pressplay allowed for 300 streams and 30 downloads and offered limited CD-burning capabilities at higher price points—but the tissue tying the two approaches together was DRM.

It certainly wasn’t music, as the services made no effort to collaborate with one another. In the post-Napster era, the combination of limited libraries and competition from peer-to-peer file sharing services put the companies at a major disadvantage.

Incredibly, inside the industry, executives so believed their own bullshit that they really thought these consumer-unfriendly services would win over piracy:

Stephen Witt, in his 2015 book How Music Got Free, portrayed Universal Music’s then-CEO, Doug Morris, as being overly excited about PressPlay, to the point where Recording Industry Association of America President Hilary Rosen, frequently portrayed as an “enemy combatant” of the Napster era during this time, had a hard time talking him off the ledge. (Rosen, it should be said, was simply sharing the company line because it was her job.)

“On several occasions he told Rosen to stop talking to Napster, to stop negotiating with the Fannings, to stop worrying so much, because he had something that would ‘make it all go away,’” Witt wrote. “In later years, PressPlay would be a reliable starting point for listicles of the ‘Top All-Time Tech Busts.’”

If you don't remember Doug Morris, he was the guy who, back in 2007, gave a stunning interview where he insisted that the reason why the labels missed the boat on the internet was... because they didn't know anyone who understood technology and then blatantly admitted that he didn't know how to hire someone who would have understood technology. To me, that seemed like evidence for why the board should have fired him and brought in someone who actually understood the market. For Morris it just meant he remained a revered leader of the recording industry.

But really the thing that screams out through Smith's piece is the same old thing: the record labels seem to believe that the only thing that matters -- the only thing that provides any value at all -- is the music (which, coincidentally, is the one thing they have some element of control over thanks to copyright). And thus, the idea that the technology or service matters, or that making a service that people actually want is considered barely even worth considering.

Indeed, reading through the article, it basically shows how the tech industry -- in the form of Apple and Spotify -- more or less rescued the recording industry from their own incompetence. And the incredible thing today is that the record labels still whine and complain that the tech industry that saved them is "taking advantage" of them, rather than showing them the way forward.

We're all for thinner laptops, but those sleek designs mean fewer ports to plug into, which can get frustrating when you need to power up and plug in external devices. The smallest adapter of its kind, the CASA Hub PDC601 connects via your laptop's USB-C port and expands your plugging potential with six additional ports (USB Type-C PD port, three USB 3.1 Type-A ports, a SD Card slot, and a microSD Card slot). Now you can print files, backup data, and more while juicing up your device on the move. There are four colors to choose from and they're on sale for $49.

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.