Just a few weeks ago we wrote about how a group of sex workers, in response to the passing of FOSTA/SESTA, had set up their own social network, called Switter, which was a Mastodon instance. As we noted in our post, doing so was unlikely to solve any of the problems of FOSTA/SESTA, because it's perhaps even more likely that Switter itself would become a target of FOSTA/SESTA (remember, with FOSTA, the targeting goes beyond "sex trafficking" to all prostitution).

And, indeed, it appears I was not the only one to think so. The organization that created Switter, Assembly Four, put up a note saying that Cloudflare had shut down Switter claiming the site was in violation of its terms of service.

Cloudflare has been made aware that your site is in violation of our published Terms of Service. Pursuant to our published policy, Cloudflare will terminate service to your website.

Cloudflare will terminate your service for switter{.}at by disabling our authoritative DNS.

Assembly Four asked Cloudflare to clarify just what term it had violated and the company has now come out and noted that it reluctantly pulled the plug on Switter out of a fear that it would create criminal liability for Cloudflare under FOSTA/SESTA. Cloudflare was among the companies who lobbied against the bill, and they note that they disagree with the way the bill was drafted -- but given the nature of the law, the company feels compelled to take this action:

“[Terminating service to Switter] is related to our attempts to understand FOSTA, which is a very bad law and a very dangerous precedent,” he told me in a phone conversation. “We have been traditionally very open about what we do and our roles as an internet infrastructure company, and the steps we take to both comply with the law and our legal obligations—but also provide security and protection, let the internet flourish and support our goals of building a better internet.”

Remember, this was a site for sex workers to communicate with each other. It was purely a platform for speech. And it's being shut down because of fears from the vague and poorly drafted FOSTA/SESTA bill. In other words, yet more confirmation that just as free speech experts predicted, FOSTA/SESTA would lead to outright suppression of speech.

I've seen some complaints on Twitter that Cloudflare should have stood up for Switter and not done this. I don't think that's reasonable. The penalties under FOSTA/SESTA are not just fines. It's a criminal statute. It's one thing to take a stand when you're facing monetary damages or something of that nature. It's something altogether different when you're asking a company to stand up to criminal charges based on a law that is incredibly vague and broad, and for which there is no caselaw. Yes, it would be nice to have some companies push back and potentially help to invalidate the law as unconstitutional, but you can't demand that of every company.

I am curious, though, how supporters of FOSTA/SESTA react to this. Do they not care that sex workers want to be able to communicate? Do they not care that social networks are being shut down over this? Do they not care about speech being suppressed?

Texas attorney Mark Bennett -- instrumental in getting an unconstitutional "peeping tom" law tossed in 2014 -- has scored another win for the First Amendment by getting an unconstitutional revenge porn law tossed. It's not that anyone (except revenge porn purveyors) wants to see revenge porn go unchecked. It's that there's plenty of laws on the books already to address the problem and those written to target revenge porn tend to do collateral damage to the Constitution.

Mark Bennett began this fight back in 2015, right after the law went into effect. As Scott Greenfield reports, Bennett has secured a win in the 12th District Court of Appeals, reversing the lower court's finding the law was First Amendment-compliant.

As has been argued from the day Mary Anne Franks began her efforts to create a criminal revenge porn statute, it clearly implicated the First Amendment’s prohibition against laws infringing on free expression, to which she merely screamed her denials and did her best to deflect by creating a fantasy interpretation of the First Amendment. The court made swift work of it.

In the instant case, Section 21.16(b) proscribes the disclosure of certain visual material, including any film, photograph, or videotape in various formats. Because the photographs and visual recordings are inherently expressive and the First Amendment applies to the distribution of such expressive media in the same way it applies to their creation, we conclude that the right to freedom of speech is implicated in this case.

As the court notes, the restriction on revenge porn is content-based. Content-based restrictions require greater scrutiny to adhere to the Constitution and Texas' law cannot hold up to this level of scrutiny. From the decision [PDF]:

In the instant case, the State conceded at oral argument that Section 21.16(b) properly is subject to strict scrutiny analysis. We agree. Here, Section 21.16(b)(1) does not penalize all intentional disclosure of visual material depicting another person. See TEX. PENAL CODE ANN. § 21.16(b)(1). Rather, Section 21.16(b)(1) penalizes only a subset of disclosed images, those which depict another person with the person’s intimate parts exposed or engaged in sexual conduct. See id. § 21.16(a)(1), (3), (b)(1). Therefore, we conclude that Section 21.16(b)(1) discriminates on the basis of content.

The state tried to claim revenge porn is always obscene material. As the court points out, the state cannot make this determination on its own. It needs the court's help and, further than that, courts need a jury's help to determine whether or not disputed content is actually obscene.

Then it points out the obvious flaw in this argument -- one the state should have caught before arguing a new, unconstitutional law was needed to regulate obscenity.

Here, Section 21.16 does not include language that would permit a trier of fact to determine that the visual material disclosed is obscene. Moreover, if, as the State argues, any visual material disclosed under Section 21.16(b) is obscene, the statute is wholly redundant in light of Texas’s obscenity statutes.

Having dispensed with the state's attempts to salvage a redundant law, the court gives it this send off -- a light kick to ass of legislators and the state's legal counsel: DO BETTER.

At the very least, Section 21.16(b)(2) could be narrowed by requiring that the disclosing person have knowledge of the circumstances giving rise to the depicted person’s privacy expectation. But because Section 21.16(b) does not use the least restrictive means of achieving what we have assumed to be the compelling government interest of preventing the intolerable invasion of a substantial privacy interest, it is an invalid content-based restriction in violation of the First Amendment.

Once again, it's not that revenge porn should be ignored. It's that it's almost impossible to craft a law targeting revenge porn without doing damage to the First Amendment. As multiple prosecutions have shown, revenge porn purveyors tend to break plenty of existing laws. Prosecutors and regulators have had little problem shutting down sites using laws not specifically created to target revenge porn. The problem is most legislators like to appear to be doing something about societal issues, but often have little interest in ensuring their proposed statutes are Constitutionally-sound before pushing them across governors' desks. As the court points out here, a little care taken during the crafting process would have gone a long way towards keeping this law alive.

Just as places like Russia are getting more aggressive with companies like Google and Amazon in seeking to stop online communications they can't monitor, Google made a move that really fucked over a ton of people who rely on anti-censorship tools. For years, various anti-censorship tools from Tor to GreatFire to Signal have made use of "domain fronting." That's a process by which services could get around censorship by effectively appearing to send traffic via large companies' sites, such as Google's. The link above describes the process as follows:

Domain fronting works at the application layer, using HTTPS, to communicate with a forbidden host while appearing to communicate with some other host, permitted by the censor. The key idea is the use of different domain names at different layers of communication. One domain appears on the “outside” of an HTTPS request—in the DNS request and TLS Server Name Indication—while another domain appears on the “inside”—in the HTTP Host header, invisible to the censor under HTTPS encryption. A censor, unable to distinguish fronted and nonfronted traffic to a domain, must choose between allowing circumvention traffic and blocking the domain entirely, which results in expensive collateral damage. Domain fronting is easy to deploy and use and does not require special cooperation by network intermediaries. We identify a number of hard-to-block web services, such as content delivery networks, that support domain-fronted connections and are useful for censorship circumvention. Domain fronting, in various forms, is now a circumvention workhorse.

In short, because most countries are reluctant to block all of Google, the ability to use Google for domain fronting was incredibly useful in getting around censorship. And now it's gone. Google claims that it never officially supported it, that this was a result of a planned update, and it has no intention of bringing it back:

“Domain fronting has never been a supported feature at Google,” a company representative said, “but until recently it worked because of a quirk of our software stack. We’re constantly evolving our network, and as part of a planned software update, domain fronting no longer works. We don’t have any plans to offer it as a feature.”

As Ars Technica notes, companies like Google may be concerned that it could lead to larger blocks that could harm customers. But, as Access Now points out, there are larger issues at stake, concerning individuals who are put at risk through such censorship:

“As a repository and organizer of the world’s information, Google sees the power of access to knowledge. Likewise, the company understands the many ingenious ways that people evade censors by piggybacking on its networks and services. There’s no ignorance excuse here: Google knows this block will levy immediate, adverse effects on human rights defenders, journalists, and others struggling to reach the open internet,” said Peter Micek, General Counsel at Access Now. “To issue this decision with a shrug of the shoulders, disclaiming responsibility, damages the company’s reputation and further fragments trust online broadly, for the foreseeable future.”

“Google has long claimed to support internet freedom around the world, and in many ways the company has been true to its beliefs. Allowing domain fronting has meant that potentially millions of people have been able to experience a freer internet and enjoy their human rights. We urge Google to remember its commitment to human rights and internet freedom and allow domain fronting to continue,” added Nathan White, Senior Legislative Manager at Access Now.

Google doesn't need to support domain fronting, and there are reasonable business reasons for not doing so. But... there are also strong human rights reasons why the company should reconsider. In the past, Google has taken principled stands on human rights. This is another time that it should seriously consider doing so.

Look, trademark law can be confusing. If you're not spending some significant portion of your life either practicing trademark law or writing about trademark law, you might misunderstand how it works. In particular, the requirement for entities to be in the same business or market often times trips people up, with them either not realizing that this provision exists for there to be trademark infringement in most cases, or else not understanding exactly what it means to be competing in the same marketplace.

But my understanding and generosity in this is heavily strained when a winery sues a construction company just because the winery built stuff on its property.

According to a filing in San Francisco’s U.S. District Court, dated March 2, Sonoma’s Caymus Capital is being sued, along with other related parties, by Caymus Vineyards of Napa.

The suit cites the defendants’ “unauthorized and unlawful use of Plaintiff’s famous, incontestable federal trademark registration for the mark ‘Caymus’ and Plaintiff’s corporate and trade name ‘Caymus Vineyards.’”

By way of background, Caymus Capital is related to Caymus Builders, Caymus Residential Recovery, and other related businesses, all of which are also named in Caymus Vinedyards' lawsuit. To be clear, none of these companies are in the wine business. All of them are in the building and construction business. Readers of this site will already be scratching their heads wondering what argument the winery might be making in order to assert that any of this is trademark infringement.

Well, there are two arguments in the lawsuit, both of which are equally flimsy. First, as part of its wine business, Caymus Vineyards asserts in its filing that it builds stuff.

The suit explains that Caymus Vineyards has engaged in building projects on its own properties, primarily in the Napa Valley, and is currently developing a winery, bottling and distribution complex in Solano, where it does business as Caymus-Suisun.

None of which makes it a builder or construction company in the commercial marketplace. Were this to equate to trademark infringement, construction companies would likely have to go unnamed entirely, because every industry has to build stuff to be an industry.

In the complaint itself, Caymus Vineyards also complains that Caymus Builders, which is located in nearby Sonoma, tried to help with the recovery efforts from last year's devastating wildfires that rocked Wine Country.

Since that time, Defendant Caymus Builders LLC has advertised its services along the Napa-Sonoma corridor, presumably as part of the re-building process. … The highly visible signage advertising Defendant’s goods and services alongside vineyard properties will likely cause confusion, mistake, or deception as to the source, affiliation, sponsorship or authenticity of Defendant’s goods and services.

Say it with me now: none of this makes Caymus Vineyard a builder, nor does it make Caymus Builders a winery. All of this complaining is silly, as are claims that anyone is going to confuse the quite famous Caymus Vineyards winery with a construction company.

Hopefully the court will see clear to putting the cork back in this disaster of a trademark suit.

As Techdirt has pointed out a number of times, attacking the huge free online repository of academic papers, Sci-Hub, is wrong from a number of viewpoints. It's wrong because Sci-Hub is not a site aiming to profit from the labor of others, but is simply trying to make knowledge accessible to everyone. That's also what academic publishers like to claim they are doing, except that strangely many of the largest end up with profit margins of 30%-40%, and the papers aren't accessible to all, just to those rich enough to pay the "egregious price increases" that roll in every year. It's wrong because most of the research published was paid for by the public through their taxes, who surely ought to be able to access it from convenient repositories that are as easy to use as Sci-Hub. It's also provided free of charge for publishers to repackage, often with few changes. And yet the latter want people to pay again, typically $30 for a single article.

It's not just wrong: it's really foolish on the part of the publishers to pursue Sci-Hub in this way. It simply provides another example of the Streisand Effect, with every legal action alerting more people to Sci-Hub's existence, and encouraging them to find out more. It's foolish, too, because it underlines the fundamental inability of publishers to stop people sharing online, which probably leads others to start doing so. Techdirt has already covered previous failures to shut down Sci-Hub. A new post on TorrentFreak provides us with an update on that continuing fiasco, with details of a new injunction obtained by one of Sci-Hub's arch-enemies, the American Chemical Society:

The amended injunction now requires search engines, hosting companies, domain registrars, and other service or software providers, to cease facilitating access to Sci-Hub. This includes, but is not limited to, the following domain names.

'sci-hub.ac, scihub.biz, sci-hub.bz, sci-hub.cc, sci-hub.cf, sci-hub.cn, sci-hub.ga, sci-hub.gq, scihub.hk, sci-hub.is, sci-hub.la, sci-hub.name, sci-hub.nu, sci-hub.nz, sci-hub.onion, scihub22266oqcxt.onion, sci-hub.tw, and sci-hub.ws.'

Obtaining an injunction is one thing; applying it is another. As the TorrentFreak post notes, many of the non-US service companies involved aren't interested in obeying US injunctions. At the time of writing, a list of Sci-Hub mirrors around the world showed several still operating without any difficulty. And even if some service providers go on to shut down Sci-Hub's domains, it would be easy to come up with new names for mirrors, whether close to "Sci-Hub" in form, or quite different. And ultimately people can use Tor to access sites that are even harder to take down. In the meantime, all that these vindictive and pointless legal moves achieve is to ensure that Sci-Hub remains in the public eye, and gains ever-more users and supporters.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Another whistleblower will be going to jail. Thanks to the application of the Espionage Act, former FBI special agent Terry Albury wasn't able to defend his leaking of FBI internal documents to journalists (most likely The Intercept) by claiming he leaked to expose noxious FBI tactics and behavior. Defenses predicated on public interest aren't allowed in Espionage Act trials, meaning Albury's decision to plead guilty is there to limit the number of years he'll spend incarcerated, rather than an indication his leaks were meant to harm the government.

Albury's attorneys released this statement to the Columbia Journalism Review shortly after his court hearing.

Terry Albury is a good and honorable man. His conduct in this case was an act of conscience. It was driven by his belief that there was no viable alternative to remedy the abuses he sought to address. He recognizes that what he did was unlawful and accepts full responsibility for his conduct, which he has demonstrated by reaching an agreement with the government to plead guilty.

Albury's statement while entering his plea pointed to internal FBI problems that personally affected him. These apparently pushed him towards leaking documents, as the issues described likely made use of proper channels impossible. When the problem is systemic racism, there's little hope an African-American agent is going to find anything more than vindictive behavior and recrimination by staying within the walls of the Bureau.

In his plea, Mr. Albury acknowledged that the facts outlined by the government were accurate and that he had acted with the knowledge that he was breaking the law. His lawyers, JaneAnne Murray and Joshua Dratel, said in a statement that he viewed his disclosures as “an act of conscience” in the face of racism at the F.B.I.

“It has long been a critique of the F.B.I. that it consists of and reflects a predominantly white male culture, which, as a result, has often treated minority communities with suspicion and disrespect,” the statement said. It added that Mr. Albury — who was the only African-American field agent in the Minneapolis office — had decided to act after he was assigned to the bureau’s counterterrorism team and “was required firsthand to implement F.B.I. investigation directives that profiled and intimidated minority communities in Minnesota and other locations.”

The leaks cited here are only part of the set of documents given to journalists. They detailed the FBI's internal rules for finding and developing informants. Agents are given a lot of latitude to pursue people they want to turn into informants. The lack of controls or oversight led to plenty of profiling by the agency, resulting in the targeting of marginalized groups disproportionately. This process allowed FBI agents to leverage anything and everything against targets to turn them into confidential informants. This included the threat of deportation or blocked visa applications if the target was a foreign citizen in the United States. As the article at The Intercept notes, the FBI would routinely deport informants whenever they ceased being useful.

But there's more to the leaks than pursuing Muslims or black teens or whoever the FBI felt would be most-easily leveraged or likely to have criminal contacts. The leaked documents also contained info about the FBI's surveillance of journalists -- all part of the Obama Administration's war on leakers.

In 2015, after several scandals involving the surveillance of reporters from the Associated Press and Fox News during the Obama administration, former Attorney General Eric Holder announced an update to the Justice Department’s “media guidelines,” which implemented strict rules for when the government is allowed to use subpoenas, court orders, or warrants to spy on reporters’ communications. However, the guidelines conspicuously exempted NSLs from the rules, meaning the FBI or Justice Department could use NSLs to circumvent the strict media guidelines and spy on reporters without any court oversight.

This may look like a crackdown on FBI spying, but in reality, it allowed the FBI to misuse NSLs to obtain records pertaining to journalists' contacts, presumably in hopes of sniffing out leakers and whistleblowers. The only check against abuse is internal: an agent deploying an NSL targeting a journalist must obtain permission from the FBI General Counsel or a supervisor in the national security division. Considering both the GC and NatSec brass would be just as interested in finding and exposing whistleblowers and leakers, obtaining permission for an NSL is likely laughably easy.

What Terry Albury exposed was the FBI's abuse of internal rules to target certain demographics and surveil journalists. This was classic whistleblowing but it's being treated as classic espionage, despite the absence of malicious motive or the direct delivery of documents to an enemy foreign power. But that's the way this law rolls. And as long as it can be used to punish whistleblowers, it will never be changed.

I haven't had a chance to write much about the latest attempt to update copyright law in the US, under the title of the "Music Modernization Act," but in part that was because Congress did something amazing: it came up with a decent solution to modernizing some outdated aspects of copyright law, that almost everyone agreed were pretty decent ideas for improvement. The crux of the bill was making music licensing easier and much clearer, which is very much needed, giving what a complete shit show music licensing is today.

There was a chance to have this actually create a nice solution that would help artists, help online music services and generally make more works available to the public. It was a good thing. But... leave it to the RIAA to fuck up a good thing. You see, with there being pretty much universal support for the Music Modernization Act, the RIAA stepped in and pushed for it to be combined with a different copyright reform, known as the "CLASSICS Act."

What is the CLASSICS Act? Well, it's actually based on a good idea -- fixing the mess that is pre-1972 sound recordings. We've written about this for years, and without getting too deep into the weeds, the basic thing is that prior to February of 1972, sound recordings were not covered by federal copyright. Compositions were still protected, but not the actual recording. To deal with that, various states set up their own state-based copyright laws for those works -- sometimes in statute, sometimes through common law. But, as part of the "transition" of bringing sound recordings into federal copyright, Congress also (ridiculously) said that sound recordings prior to 1972 would remain under whatever ridiculous state copyright laws existed until 2047. And thanks to Sonny Bono, that got pushed back to 2067. As Public Knowledge points out, that's created a ridiculous situation, keeping important works out of the public domain for nearly two centuries:

State copyrights are, for all intents and purposes, indefinite. Back in 1972 -- when Congress first federalized (new) sound recordings -- Congress sought to “fix” this problem by declaring that all state copyrights in pre-’72 sound recordings would expire on February 15, 2047. They picked 2047 so that recordings made immediately prior to the new law’s passage (i.e. the last sound recordings protected only by state copyright) would be kept out of the public domain for a full 75 years, the same as their newer, federally-protected counterparts.

However, because that 2047 date applied indiscriminately to all sound recordings made before 1972, recordings ended up with mind-boggling terms of potential state protection. Thomas Edison’s original sound recordings, made in 1877, wouldn’t be guaranteed to enter the public domain until 170 years after it was first created. Congress doubled down on this decision in 1998, pushing the date back another 20 years, to 2067. That Edison recording now is kept out of the public domain for 190 years -- enough to provide theoretical royalties to eight generations of the original artist’s descendants. As a result, with a few exceptions (mostly when artists have affirmatively committed their works to the public domain) there are no sound recordings in the public domain in the United States, period.

As we've noted for years, the proper way to fix this is just to put pre-1972 sound recordings under federal copyright law, and give them the same public domain date they would have received if they had been covered by federal copyright law all along. This is not, by any means, a perfect solution. It has some additional drawbacks, but at a high level, it puts all sound recordings on a level playing field and makes sure that there isn't confusion over different treatments for a song recorded in March 1972 from one recorded in March of 1971.

But that's not what the CLASSICS Act does. While it claims to put those works on the same footing as federal copyright law, it only does that part way. It sets it up so that streaming services providers will now have to pay performance royalties on the pre-1972 works (after a bunch of court rulings -- but not all -- have suggested they don't need to pay such fees). Again, that's fine if it puts all the works on the same level playing field. But the CLASSICS Act doesn't quite do that. It just adds the "pay the RIAA" part, and leaves out the "oh yeah and let these works go into the public domain on the same schedule as all other works" part. In other words, under the CLASSICS Act, these royalties will have to be paid way beyond when those works should go into the public domain.

Public Knowledge further points out that the CLASSICS Act also ignores termination rights, which would benefit artists (but hurt the labels) and could also cause serious harm to archives and libraries:

Most of the protections that libraries, archives, and other nonprofits rely upon apply specifically to reproduction and distribution of works, but not to their public performance. CLASSICS/MMA 2 creates a federal right that covers performance, but not reproduction or distribution -- those parts of the copyright regime that serve as the lifeblood of these institutions.

EFF highlights some more issues with the CLASSICS Act, including how it would basically lock in existing providers like Pandora, Spotify and Sirius XM, but cause problems for any upstart:

Creating new barriers to the use of old creative works is not what copyright is for. Copyright is a bargain: authors and artists get limited, exclusive rights over their works as an incentive to create. In return, the public is enriched by new art and authorship and can use works in ways and times that fall outside the rightsholder’s zone of exclusivity. Creating new rights in recordings that have been around for 46 years or more doesn’t create any new incentives. It simply creates a new subsidy for rightsholders, most of whom are not the recording artists. The CLASSICS Act gives nothing back to the public. It doesn’t increase access to pre-1972 recordings, which are already played regularly on Internet radio stations. And it doesn’t let the public use these recordings without permission any sooner: state copyrights will continue until 2067, when federal law takes over fully.

The CLASSICS Act will put today’s digital music giants like Pandora and Sirius XM in a privileged position. Many of them already pay royalties for some pre-72 recordings as part of private agreements with record labels, on terms that simply won’t be available to smaller Web streamers like college and independent radio stations.

Unfortunately, this combined Frankenstein of the bill with both the good stuff and the bad sailed through the Judiciary Committee this week.

You will, undoubtedly, see stories celebrating this bill moving forward. And many of them will make accurate statements about how parts of this bill are really good. But parts of it are really bad and damaging to the public domain. The proper response would be to fix the CLASSICS Act such that it actually modernizes pre-1972 works by putting them under federal copyright law, rather than this half-assed way that only adds in the licensing requirements, without the rest of what copyright law is supposed to bring us.

Kevin Poulsen of The Daily Beast has obtained a warrant application showing even the most ardent of surveillance state defenders aren't immune from the all-seeing eyes they feel are ever so essential to keeping this nation safe. It appears none other than former NSA and CIA boss Michael Hayden was subjected to the government's magnifying glass for allegedly leaking sensitive information to reporters.

The FBI sought a search warrant for the email account of former CIA and NSA chief Gen. Michael Hayden in 2012, according to a newly unsealed court filing. The warrant application was part of a broader Obama-era investigation into a leak of classified information to the press. Another official later pleaded guilty in connection to the disclosure.

The targeting of Hayden’s AOL email account drives home just how aggressively the Obama administration pursued leaks, in this case following a relatively thin lead all the way to the private email account of a retired four-star general. Hayden served as director of the National Security Agency from 1999 to 2005, and later led the CIA until his retirement in 2009.

And it is a very thin lead. All that's included in the warrant affidavit [PDF] is the fact that Hayden engaged in email conversations with two unnamed reporters a total of 30 times in 18 months. Given his position, it's surprising it didn't happen more often. Officials are always contacted by reporters when writing about subjects/programs/etc. they oversee. In the affidavit, the special agent notes many of these contacts were to "confirm quotes" to be used in published articles and books.

The inquiry here apparently centered on news of the Stuxnet virus and the US's involvement in the cyberattack. The only quote about Stuxnet attributed to Hayden was fairly innocuous, stating only that this was the first time a cyberattack had been used to "effect physical destruction."

As Poulsen points out, this investigation lead to a dead end, at least as far as its pursuit of Hayden as a leaker.

The FBI found no evidence that Hayden did anything wrong. But using similar tactics, the FBI eventually tracked the story to retired Marine Gen. James Cartwright. In 2016 Cartwright acknowledged he was a source for the article and pleaded guilty to a single count of lying to the FBI. Cartwright’s prosecution was widely criticized by freedom-of-the-press groups and government insiders, and Obama pardoned Cartwright shortly before leaving office.

What this dead-ended investigation does show is how aggressively our government pursues leakers and whistleblowers. NSLs, warrants, and anything else the government might find useful are being deployed to sniff out journalists' sources. The government may hesitate to place a journalist under direct surveillance, but it has no problem achieving the same ends by deploying these backdoor searches. Working its way backwards from government employees, the government can sweep up communications that would raise serious First Amendment issues if approached head-on. And it obviously has no qualms about grabbing the personal communications of team players who've fully bought into the system.

WordPress powers nearly half the world's websites, making it the single most important web platform. The WordPress Essentials Bundle has four courses designed to help you master this popular platform. You'll design and build your own site, learn how to host a site, master the box model of CSS, and more. You'll also learn how to write your own copy and cover the basics of the most popular programming languages. The bundle is on sale for $19.

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

The French government has been pushing for a stupid "backdoors" policy in encryption for quite some time. A couple years ago, following various terrorist attacks, there was talk of requiring backdoors to encrypted communications, and there was even a bill proposed that would jail execs who refused to decrypt data. Current President Emmanuel Macron has come out in favor of backdoors as well, even as he's a heavy user of Telegram (which isn't considered particularly secure encryption in the first place).

But now, the French government is apparently moving forward with its own, homegrown, encrypted messaging system, out of a fear that other -- non-French -- encrypted messaging apps will be forced into providing backdoors to their own systems:

The French government is building its own encrypted messenger service to ease fears that foreign entities could spy on private conversations between top officials, the digital ministry said on Monday.

None of the world’s major encrypted messaging apps, including Facebook’s WhatsApp and Telegram - a favorite of President Emmanuel Macron - are based in France, raising the risk of data breaches at servers outside the country.

There are a number of silly things here. First off, the fact that they're doing this should make it clear why it's been so stupid to have the government itself calling for backdoors. Clearly, the French government understands the risks involved, or it wouldn't be doing this in the first place. The message it seems to be sending is that keeping messages and communications secure is important... but only for government officials. For the peasants? Let them eat insecure messages, I guess.

Second, there should be questions about how well this will be implemented. The report does note that they're using "free-to-use code found on the Internet," which (hopefully?) means they're basing it on Open Whisper Systems' encrypted messaging code, which is freely available and is generally considered the gold standard (Update: actually it's based on Riot/Matrix and apparently the plan is to open source it -- which is good). However, doing encrypted messaging well is... difficult. It's the kind of thing that lots of people -- even experts -- get wrong. Rolling your own can often get messy, and you have to bet that a government rolling its own encryption for government officials to use is going to be a clear target for nation-state level hackers to try to break in. That's not to say it can't be done, but there are a lot of tradeoffs here, and I'm not sure that the best encryption is going to come from a government employee.

Also, the report suggests that this technology "could be eventually made available to all citizens," which would certainly be interesting, but would seem to contradict with all of those reports and statements about demanding backdoored encryption. Given how often the French government (and the President) have asked for backdoors, would any French citizen ever feel particularly secure using an "encrypted" messaging system offered up by that same French government?