This week, after we expressed some serious concerns about Senator Blumenthal's comments on SESTA, Uriel-238 won most insightful comment of the week by summarizing and questioning the train of thought:

Legislator: This is my bill to stop evil people.

Analyst: This doesn't stop evil people at all. It simply wrecks a chunk of the economy.

Legislator: Evil people use that chunk.

Analyst: Way, way more good people use that chunk. And they'll suffer badly without that chunk. Also it won't stop the evil people from finding another chunk.

Legislator: Well, this is my bill to stop evil people. Until you write a better bill to stop evil people, I'm going to put my support behind this one.

Where do we get the idea that passing a bad law is better than passing no law? These are the motions of a drowning man climbing on and dunking nearby swimmers in desperation.

Meanwhile, over in the UK, Theresa May was making her own insane comments about how internet companies need to remove extremist content within two hours. Anonymous Anonymous Coward won second place for insightful with a short list of just some of the problems with this idea:

I would suggest putting May in the position of finding and analyzing things that might be 'extremist', but it is likely that ANYTHING that did not start out with praise for May and/or her ideals would be deleted without further examination.

Then there is the concept of what constitutes 'extremism'. Extreme could be left or right or up or down or any other label so long as one takes the time to go further than others. What definition will she put into law?

Further, is she employing the concept that what is law in Briton should be law everywhere?

And finally time. Some laws have the ability to be...well let's say intensive (aka very very long) and might take more than two hours to even read, let alone analyze. Is May purporting that all Internet companies hire super fast readers, or people that can watch video at 4 or more times regular speed, and still comprehend it...comprehensively... and have the full faith and credit to NOT take down something that may not be 'extreme'? Or is she going to rely on black box algorithms?

Maybe May should be asked about how she will clean up the messes she is making.

For editor's choice on the insightful side, we start out with one more response to May's impossible demand. Aerinai offered a proposal in response:

I am completely fine with them passing this law... just they also need to pass a few other laws as well.

Law Number 1: This law will find mismanagement of public funds (i.e. graft, kickbacks, improper expenditures, etc.) within the same requisite amount of time within the government. The government heads will then be held responsible any time any of these activities occur and are not caught within 2 hours.

Law Number 2: I also want NHS to be able to identify medical fraud within 2 hours, otherwise the employees will be subject to criminal penalties...

Law Number 3: I want lawmakers to have all of their facts checked and a retraction for their false statements to be done within 2 hours and failure to issue such retraction will result in criminal and civil penalties.

I mean... if asking Google to censor 'extremist' content in 2 hours is fine, these should be a piece of cake as well!

Next, we have a response from Mike Godwin to the strained accusation that Google is behind his opposition to SESTA:

Mr. Anonymous omits facts that undercut whatever point he thinks he's making about me.

(1) I worked for EFF from 1990 to 1999. Google didn't exist then.

(2) I worked for CDT from 1999 to 2003. Google didn't fund CDT then.

(3) I worked for Public Knowledge from 2003-2005. Google didn't fund Public Knowledge.

(4) I worked for Yale University from 2005-2007. Google didn't fund my position at Yale.

(5) I worked or Wikimedia Foundation from 2007-2012. Funded by individual donations, for the most part.

(6) I worked for Internews from 2013 to 2014. Funded by the U.S. government, for the most part.

My work for R Street certainly has benefited from Google funding, as well as funding by many other sources, but my work on Section 230, now more than two decades old, has no roots in Google funding (and certainly not in Backpage funding).

My views about Section 230 are a function of my work on internet-freedom issues dating back now more than a quarter century. Maybe they're incorrect views, but nobody whose sole argument is that I was paid to have those views is likely to be persuasive on that point.

Mike

Over on the funny side, our first place comment comes from TechDescartes in response to HP bringing back ink cartridge DRM:

HP Multifunction

Print/Fax/Scam

In second place, we have a similarly short quip from Roger Strong in response to Verizon cutting off its "unlimited" wireless customers:

I have unlimited respect for Verizon.

Using their definition of "unlimited."

For editor's choice on the funny side, we've got a pair of comments in response to the EFF's resignation from the W3C over the approval of the EME DRM standard. TechDescartes offered up a thought on the lack of detailed information about the vote:

trans•par•ent

So much for transparency.

Origin from Latin transparere, from trans- ‘um’ + parere ‘no’

In response to that — and, I suspect, inspired by Cory Doctorow's invocation of Terry Pratchett's Lord Vetinari (I am a huge Discworld fan) in a piece at Wired — an anonymous commenter provided another relevant passage regarding the lovable tyrant:

"And these are your reasons, my lord?"

"Do you think I have others?" said Lord Vetinari. "My motives, as ever, are entirely transparent."

Hughnon reflected that 'entirely transparent' meant either that you could see right through them, or that you couldn't see them at all.

That's all for this week, folks!

Five Years Ago

There was all sorts of copyright nonsense this week in 2012, beginning with a claim from the Canadian Mint over a musician's album cover photo that included some pennies sitting on a table. We noticed some disturbing things hiding in the history of US copyright, like the fact that the Copyright Act explicitly says disruptive innovation should be blocked, or that somehow a letter written by John Adams in 1755 had still not entered the public domain. The Spanish octogenarian who gained notoriety after her extremely poor "restoration" of a fresco of Jesus decided, for some reason, to start exercising her copyright over the famous failure, and we also saw the beginning of the copyright dustup over The Innocence of Muslims.

Also, this was the week that the Big Four record labels became the Big Three, with regulators approving Universal's purchase of EMI.

Ten Years Ago

Things weren't much better this week in 2007, with the copyright czar stepping up to sing the praises of the DMCA and copyright holders gloating over every mole successfully whac'd in their pointless crusade. NBC seemed insistent on making life harder for paying customers> (though CBS seemed to have a better handle on internet video), the Canadian recording industry was flip-flopping on private copying levees lest people get the impression downloading was legal, and a book store at Harvard was trying to claim copyright on... its book prices.

Fifteen Years Ago

Guess what? More of the same this week in 2002. The music industry was touting new "CD-killer" music formats without mentioning their real motivation was the enhanced copyright protection of new, pointless devices, while at least one record company was taking the absurd anti-leak action of sending reviewers individual players containing the CD and glued shut. Cablevision gave everyone a preview of the DRM future by accidentally turning on new copyright protection technology for a little while. At least CEA head Gary Shapiro was eloquently making the point that downloading is neither immoral nor illegal, though that sensible understanding of the situation unsurprisingly didn't catch on with the entertainment industries.

By this point, the half-baked security in most internet of things devices has become a bit of a running joke, leading to amusing Twitter accounts like Internet of Shit that highlight the sordid depth of this particular apathy rabbit hole. And while refrigerators leaking your gmail credentials and tea kettles that expose your home networks are entertaining in their own way, it's easy to lose sight of the fact that the same half-assed security in the IOT space also exists on most home routers, your car, your pacemaker, and countless other essential devices and services your life may depend on.

The lack of security in the medical front is particularly alarming. The latest case in point: security researchers have discovered eight vulnerabilities in a syringe infusion pump used by hospitals to help administer medication to patients intravenously. The flaws in the Medifusion 4000 infusion pump, manufactured by UK medical multinational Smiths Group, were discovered by security researcher Scott Gayou. The device is utilized to deliver medications, blood, antibiotics and other fluids to critical care patients, patients undergoing surgery (anesthesia) -- and newborn babies.

The flaws were severe enough to warrant a new warning from the Department of Homeland Security, which issued an advisory that, like similar past advisories, rather downplays the fact these flaws could be utilized by a skilled hacker to kill somebody covertly:

"Successful exploitation of these vulnerabilities may allow a remote attacker to gain unauthorized access and impact the intended operation of the pump. Despite the segmented design, it may be possible for an attacker to compromise the communications module and the therapeutic module of the pump. Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment and specific clinical usage."

Both the FDA and DHS have ramped up the attention they're giving such vulnerabilities, recently having issued similar first ever warnings about flaws in pacemakers by St. Jude Medical, which can be similarly abused to kill patients. And while this is all wonderful news if you're a wetworker operating in an environment where such flaws take years to discover much less fix, it's decidedly less fun for the companies being criticized for half-assed security measures. In most cases, the companies impacted make it their top priority to downplay the risks involved, as the Smiths Group did in its statement on the vulnerabilities:

The possibility of this exploit taking place in a clinical setting is highly unlikely, as it requires a complex and an unlikely series of conditions.

Except six of the vulnerabilities in question simply involve the use of hard-coded credentials, the same problem that has plagued the home router market for years. For its part, Smiths says it's working hard to implement a fix for the flaws -- that might be released in January 2018. In the interim Smiths is urging hospitals to assess the risk, change the default login credentials, and disconnect these devices from the network where necessary. But considering the low quality of IT support in most hospitals (a major reason for a massive spike in hospital ransomware attacks) -- there's certainly no guarantee of any of these mitigation measures actually happening.

Earlier this spring, a jewelry company CEO earned himself a federal indictment for his bespoke reputation management efforts. Realizing it was extremely difficult to erase negative reviews from the net, National Sapphire Company boss Michael Arnstein took one such reviewer to court. He was awarded an injunction after the defendant no-showed, resulting in the delisting of 54 URLs.

But the negative reviews kept coming. Rather than hire a lawyer and bring more defamation suits, Arnstein opted for the initially less-costly option: mocking up delisting orders and forging a judge's signature. This apparently worked well enough Arnstein felt comfortable sharing his fraudulent tactics with others. This swaggering, inculpatory statement was included in the federal complaint.

"No bullshit: if I could do it all over again I would have found another court order injunction for removal of links (probably something that can be found online pretty easily) made changes in photoshop to show the links that I wanted removed and then sent to 'removals@google.com' as a pdf — showing the court order docket number, the judges [sic] signature — but with the new links put in," Arnstein wrote in a July 2014 email, according to his criminal complaint. "Google isn't checking this stuff; that's the bottom line b/c I spent $30,000 fuckin thousand dollars and nearly 2 fuckin years to do what legit could have been done for about 6 hours of searching and photoshop by a guy for $200., all in ONE DAY".

The DOJ -- aided greatly by Arnstein generating plenty of evidence against himself -- pulled the trigger on a federal indictment. And, thanks to several other cases of rep management firms defrauding courts, Google is indeed "checking this stuff," limiting the effectiveness of impersonating judges and/or sliding bogus paperwork past them.

Arnstein has now pled guilty to a conspiracy charge, the DOJ reports.

ARNSTEIN, 40, of Kailua, Hawaii, pled guilty to one count of conspiracy to forge a judicial signature, which carries a maximum sentence of five years in prison. The maximum potential sentence is prescribed by Congress and is provided here for informational purposes only, as any sentencing of the defendant will be determined by the judge.

And one more bit of schadenfreude:

Acting Manhattan U.S. Attorney Joon H. Kim said: "As he admitted today, Michael Arnstein exploited the authority of the federal judiciary in a blatantly criminal scheme. By forging court orders and the signature of a U.S. District Judge, Arnstein was able to effectively erase websites critical of Arnstein's business from its search results. Now Arnstein awaits sentencing in the same court he impersonated."

Some sympathy is warranted for those hoping to battle negative reviews. Even illegitimate negative reviews can be close to impossible to remove from the web. But if the system seems unfair, it has to be. Making it easier to remove bogus reviews would just make it easier for companies/individuals who've earned every acidic word in their negative reviews to scrub the web of bad things.

The internet may be a well-oiled hate machine, but it's also a handy source of reference for customers who want to emerge unscathed from interactions with providers of goods and services. Easy delistings would turn the web into a cheery place where every company appears to exceed expectations, even as they screw their customers over.

Gritted-teeth lip service to freedom of information laws continues in the public sector. If stonewalling and/or outrageous fee demands aren't enough to dissuade requesters from seeking documents, more and more government agencies are deploying Plan C.

Government bodies are increasingly turning the tables on citizens who seek public records that might be embarrassing or legally sensitive. Instead of granting or denying their requests, a growing number of school districts, municipalities and state agencies have filed lawsuits against people making the requests — taxpayers, government watchdogs and journalists who must then pursue the records in court at their own expense.

The lawsuits generally ask judges to rule that the records being sought do not have to be divulged. They name the requesters as defendants but do not seek damage awards.

All well and good no damages are being sought, but what happens to the requesters-turned-defendants? The records they originally sought might have been had for little to nothing, in terms of out-of-pocket expenses. But now, thanks to the actions of government agencies, they're obliged to rack up expenses fighting the lawsuit, or otherwise cede the battle to the government and never get their hands on the requested records.

Those deploying this tactic say there's nothing wrong with proactive lawsuits against records requesters. According to these entities, the courts can make the best determination whether requested records are eligible for release.

But they're wrong.

Records requesters have the option to sue when records are denied and the court can make the determination then. This leaves the power in the hands of the people, who can choose whether or not they want to make the time/money investment of filing a public records lawsuit. If they succeed, the government can be forced to pay their legal fees.

Skipping this step puts the burden solely on the requesters. They have to front their own legal costs and, because the government is the moving party, they have zero chance of recouping legal fees even if the court finds in favor of the records requesters.

If nothing else, the tactic greatly increases the delay between the request and the delivery of records. In newsworthy cases, the preemptive lawsuit option can least put some time and distance between government misconduct and records revealing the misdeeds. It's nothing more than a low-risk cheap shot that that makes a mockery of public records laws.

Fortunately, the AP reports, changes are being made to public records laws to prevent the government from engaging in these transparency-thwarting efforts.

In Michigan, the state House voted 108-0 earlier this year in favor of a bill that would make it illegal for agencies to sue public records requesters. The proposal came in response to a county’s lawsuit against a local newspaper that had sought the personnel files of two employees running for sheriff. A judge dismissed the lawsuit, saying the county had to approve or deny the request.

The documents, ultimately released days before the election, showed that one of the candidates had been disciplined for carrying on an affair while on-duty in 2011. That candidate lost.

But there are only a couple of exceptions to the rule. And the bill in Michigan has yet to be signed into law. For the most part, the government only risks some reputational damage when suing records requesters. Most don't have much to spare, but are more than willing to part with it if it means keeping the public in the dark.

Turkish president Recep Erdogan is at it again. Not content to merely be viewed as a megalomaniacal, ring-coveting authoritarian, Erdogan is using his time in mixed company to assure the world he's angling for the title of "tyrant."

Erdogan's long history of abusing laws to shut critics up has been covered extensively here. He's gone from a comical but dangerous politician to the leading abuser of his own constituents in record time. When not attempting to push foreign countries to play by his censorship rules, Erdogan is locking up dissidents and journalists at an alarming rate.

Of course, they're not journalists… at least not when Erdogan's telling the story. While speaking at the Bloomberg Global Business Forum in New York City, the Turkish president had this to say about the journalists in his country's jails.

You have been misled, Erdogan told Bloomberg News editor-in-chief John Micklethwait, who interviewed him on stage. "The ones who have been sentenced, who have been imprisoned, are not journalists. Most of them are terrorists."

Define "terrorist." In the wrong hands/minds, the word "terrorist" could be used to describe anyone threatening to the party in power, even if nothing more dangerous than words or thoughts have been deployed. I have no doubt Erdogan believes journalists are terrorists, even if they've never done anything more than criticize him and his policies.

But Erdogan at least went into a little more detail about this claim. He explained the vast amount of terrorism participated in by the terrornalists he's tossed in his jails.

"Many have been involved in burglaries and some have been caught red handed as they were trying to empty ATM machines."

Odd. That sounds more like normal criminal activity. It does not sound like terrorism. I realize terrorists need to fund their activities, but this doesn't sound like terrorist acts. This sounds like bog standard theft.

So, these journalists Erdogan calls "terrorists" (because of their alleged burglaries) remain in jail. There's at least 150 still imprisoned, according to the Quartz article. But that's not the limit of Erdogan's abuse of the press. Erdogan shut down hundreds of media outlets in an initial assault on the press, following it up with mass arrests. A few thousand journalist were swept up by Erdogan's post-coup-attempt purge, most of whom ended up with no place to work and no press credentials to use.

After this, Erdogan went on to make many more counterfactual statements, including claiming he doesn't take proactive steps to stifle criticism and spinning the beatings handed out by his bodyguards during his visit to the White House as an all-out assault by crazed anti-Turkey Americans while US law enforcement officers stood idly by.

These are all hallmarks of a sociopathic authoritarian -- the type of person who always believes they're right even when the rest of the world agrees they're wrong. His sweeping away of facts with provably untrue statements shows he really doesn't care if anyone believes him, but will still do everything in his power to make sure those that don't believe can't be heard.

As more documents are released -- whether due to FOIA lawsuits or the Intelligence Community's begrudging attempts at transparency -- more evidence continues to pile up indicating the NSA has always abused/misused its collection programs.

A report written for Demand Progress by foremost NSA wonk Marcy Wheeler compiles a 12-year run of NSA overcollection and underreporting. These findings are summarized (lol) in a couple-thousand-word piece Wheeler wrote for Motherboard. Either route you take, you'll see the NSA has been given a long leash by its overseers. The end result of this mostly hands-off approach speaks for itself. From the Demand Progress white paper [PDF]:

For almost 12 years, both under Section 702 and other programs before it, NSA was always engaging in or retaining some kind of electronic surveillance the FISC would go on to deem unauthorized, and NSA would only fix the problem when threatened with criminal sanctions.

The FISA Court may often appear to be a rubber stamp, but it's often constrained by a lack of information. The NSA goes to court facing no adversaries, so the assertions it makes about lawful collection and careful use of surveillance powers are rarely challenged. When they are, it's only because the problem has become too big for the NSA to ignore and, generally, too big to hide from the court.

When the FISA Court finally has enough info to take on improper surveillance, years of unconstitutional collection have already occurred. Section 702 powers have never not been abused by the NSA, as the court belatedly noticed in 2011.

After reviewing the government's plan for MCTs [multiple communication transactions], Judge John Bates explained that “[u]nder the totality of the circumstances, then, the Court is unable to find that the government’s proposed application of NSA’s targeting and minimization procedures to MCTs is consistent with the requirements of the Fourth Amendment.”

That came three years after these powers had been granted with the 2008 FISA Amendments Act. Judge Bates' decision did almost nothing to push the NSA towards more constitutional collection efforts.

The government failed to keep those promises, and for over five more years, the government conducted queries on upstream collection in violation of procedures Judge Bates approved in response to the 2011 disclosures. After the new violations were revealed in late 2016, FISC Judge Rosemary Collyer called those queries “a very serious Fourth Amendment issue,” and she later scolded the government for “the extent of non-compliance with ‘important safeguards for interests protected by the Fourth Amendment.

The FISA Court's rulings made it clear the NSA had been overcollecting in one form or another since 2004. Despite this, the NSA took its time purging the unlawful collections from its databases. In addition to these violations, the FISA Court has found five years of repeated violations in the NSA's bulk internet metadata program, along with unconstitutional phone record collection efforts that swept up domestic records it was never supposed to have, thanks to flaws in the NSA's de-tasking procedures. That overcollection apparently spanned five years, from 2008-2013.

The recently retired "about" collection was another problematic collection, almost guaranteed to net purely domestic communications with its keyword searches and lack of targeting. The shutdown was likely spurred by the FISA Court's refusal to approve the NSA's 2015 Section 702 requests. It may also have been a mercy killing meant to prevent oversight members like Ron Wyden from ever obtaining an answer on domestic communications swept up by the program.

But that shutdown doesn't prevent "upstream" collection of communications travelling along internet backbones in foreign countries, far beyond the reach of Section 702's limitations. Upstream collections will continue to snag domestic communications and the NSA seemingly has no way (or little interest) in preventing analysts from accessing these.

The report is a harrowing read that makes it explicitly clear the NSA's oversight is mostly nonexistent. It relies heavily on self-reporting by the NSA, which tends to guarantee surveillance violations will only be brought to the court's attention after years of misuse by the agency. The same goes for its Congressional oversight, which has zero power to compel more timely -- and complete -- reporting.

Beyond its surveillance issues, the NSA is also involved in other Constitutional violations.

When Congress passed the FISA Amendments Act in 2008, it required the government to follow the same notice provisions as used under traditional FISA. If prosecutors want to use “any information obtained or derived from” Section 702 in a trial, they must tell the defendant. Yet when the government pointed to attacks prevented using Section 702 in the wake of the Edward Snowden leaks, defendants in those cases had not received the required notice. For example, the defendant in the most celebrated case involving an attack thwarted using Section 702, Najibullah Zazi, did not receive notice until July 2015, over five years after he pled guilty.

The government only started giving such notices after it emerged that Solicitor General Don Verrilli falsely informed the Supreme Court that such defendants get notice, when in fact DOJ had a policy that ensured no defendant received notice of Section 702 surveillance for nearly five years.

Going hand-in-hand with these violations are the FBI's access to privileged communications -- harvested by the NSA -- despite having policies in place meant to prevent this very behavior.

Another persistent violation involves FBI’s failure to abide by its own minimization procedures requiring that the communications for targets who have been federally indicted be reviewed and, if pertaining to the charged matter, sequestered. This means that agents may have access to attorney-client communications collected using Section 702 at the same time the government is criminally prosecuting the target of the surveillance.

To think things are better now is to ignore how the NSA has acted over the past decade-plus. The National Intelligence Director is playing nice with (limited) transparency, but underlying flaws in the NSA's collection and minimization procedures are likely still causing multiple violations. Thanks to the secretive nature of its work and its rather lax oversight, violations happening today likely won't be revealed for years to come. And this report only covers what's known about the NSA's Section 702 collections. There are other authorities we know almost nothing about, like Executive Order 12333, which may allow the NSA to continue its Fourth Amendment violations but without having to fear after-the-fact reprisal from the FISA court.

Whether you're a developer, blogger, graphic designer, or anything in between, chances are a lot of your workday is spent flipping between tabs and digging through folders to find specific things you need for a project. It's high time you get organized. Freeter Pro is the personal productivity app that lets you gather everything you need in one easy-to-use interface. Quickly and directly access analytics, open Task Manager, fire off a line of code—whatever your project needs, Freeter makes it easy to find it and implement it. It's on sale for $9.99 and good for use on any computer and operating systems where you are the primary user.

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

One of Backpage's most vocal critics in law enforcement has been Cook County Sheriff, Thomas Dart. As you may recall, this has been a nearly decade-long obsession with Sheriff Dart, in which he has been slapped down many, many times by courts. In 2009 he sued Craigslist for hosting adult ads, only to get slapped down pretty hard by a court explaining to him that you can't blame an online service for how its users use it. Once the ads on Craigslist moved to Backpage, Dart had a new target, which he regularly complained about in the press. In 2015, knowing he couldn't sue Backpage directly, he instead (successfully) strongarmed all the payment companies that worked with Backpage into cutting off service.

In response, Backpage sued Dart and very quickly won. The district court quickly pointed out that this seemed like a pretty clear First Amendment violation, with a government official using the law to attack non-criminal actions, creating classic prior restraint. The appeals court agreed with a masterful ruling by Judge Posner, about how this appeared to be a clear abuse of power by Sheriff Dart to bankrupt a company he disliked, but over whom he held no jurisdiction.

The case was then sent back to the lower court on a few points, and the two sides have been flinging paper back and forth for a while -- mostly to no avail. There had been little to no action in the case for many months... until last week Sheriff Dart suddenly sprung up to ask the court to reopen the process so he can issue subpoenas to Backpage, to dig more into what he insists must be criminal activity.

He's basing this on media reports related to a separate investigation into Backpage, which at the very least do raise some questions about whether Backpage is truly involved in the creation of its ads (which would take away its CDA 230 protections). Dart claims this proves that Backpage was lying to the court about how much of a hand it had in crafting ads on its site.

This July, THE WASHINGTON POST and NBC NEWS each published explosive articles reporting that Backpage is actively recruiting prostitutes and even creating ads for them to post on its website. Copies of these articles are attached as Exhibits A and B, respectively. While “Backpage has always claimed it doesn’t control sex-related ads, [n]ew documents show otherwise.” Exhibit A. Backpage has been “aggressively soliciting and creating sex-related ads.”...

The articles explain that the discovery of incriminating documents showing Backpage’ s solicitation and ad creation came about accidentally following the seizure of computers from one of Backpage’s Philippine agents in an unrelated civil lawsuit, but the fact that the revelations were accidental does not take away from their explosive character. The seized documents, if authentic and the reporting about them correct, prove that the essential premise of the original and amended complaints—that Backpage does not provide any of the content of the ads soliciting prostitution—is not well grounded in fact. Backpage has been lying to this Court...

[....]

Defendant now seeks leave to obtain through subpoena the very documents discussed in the two news articles—documents which, if authentic, corroborate the Red Beauty Sting and prove that Backpage has encouraged and participated in illegal activities, including the creation of advertisements that would destroy its Communications Decency Act defense that it is merely a web platform posting the advertisements of others.

Indeed, if it comes out that Backpage was actively involved in the creation of the content, it does not get CDA 230 protections. Under the Roommates.com standard, you can lose 230 protections if you "develop" the comment -- which means "materially contributing to its alleged unlawfulness." I have no idea if Backpage actually goes that far, but if it does, then its 230 protections go out the window and it's in a lot of trouble.

But here's the important point: for all the hubbub over the supposed "need" to break CDA 230 with SESTA in order to go after Backpage for this activity, Sheriff Dart's motion shows that there's no reason for SESTA. If Backpage truly did what those media reports are claiming, then CDA 230 won't apply and Backpage is hosed.

This is something that gets completely lost in all of the talk about CDA 230, where people (falsely) think that it completely takes away any liability for criminal activity. It does not. It just makes sure that the liability is actually on the parties engaged in the criminal activity. If it's the end users, CDA 230 does nothing for them. And if it's the platforms themselves, then CDA 230 also doesn't protect them from their own activities. The fact that Sheriff Dart is arguing that he can now go after Backpage again, and that the CDA 230 protections are gone, is a good reminder that we don't need SESTA to go after Backpage if it really violated the law.

So far this week, we've explained why SESTA is such a bad bill and how it will create a massive chilling effect that could impact nearly every online service. And while the Senate hearing on the bill wasn't as bad as we feared it would be, it certainly had its problematic moments -- such as when the bill's co-author, Senator Richard Blumenthal, argued that companies that couldn't afford to moderate/filter everything should be prosecuted. However, in the days since the hearing, I've had a few thoughts about aspects of the debate that are, to say the very least, troubling.

"Do Something Now!": While it was good to see many Senators at least pay lip service to the idea that the bill needed changes to not have massive unintended consequences for the entire internet, it was troubling the way they approached this process. Prior to the hearing, Emma Llanso wrote up a list of four important questions Senators should ask during the hearing -- and none of them were asked. The key questions were fairly fundamental ones: what actual gap is there in the law and will this fix it? It was disturbing that no one seemed to discuss that at all.

After all, under CDA 230 today, nothing stops federal law enforcement from going after Backpage (other than if the DOJ doesn't think Backpage broke the law). CDA 230 does not cover federal government law enforcement. Similarly, CDA 230 does not cover content "developed" by a company itself. So, if as many people claim, Backpage develops illegal content itself, it's still liable. Finally, just a few years ago, Congress passed the SAVE Act, with the exact same stated intent: to carve a hole in CDA 230 to go after Backpage by making it a federal crime to advertise sex trafficking. That law hasn't been used -- and none of the Senators seem to be asking why.

Instead, there's very much the traditional politician's syllogism of "we must do something, this is something, we will do it." A few times during the hearing, Senators demanded from the two opponents to SESTA that they provide better language if they're concerned about this language. Notice the problem here: they were admitting that this language is problematic, but seemed to have no interest in understanding why or how to fix it -- instead, demanding that others give them new language, with the implicit threat that if they don't, this language will stay because this is "something."

That may be all too common, but it seems like a dreadful way to make policy.

The knowledge standard is a mess: This is important, and got some discussion during the hearing, but not nearly enough. The "knowledge" standard in the bill is a complete and total mess. The supporters of the bill brushed it off as no big deal, often by misstating what the bill actually says. California Attorney General Xavier Becerra focused solely on the criminal standards for knowledge, saying he needed to prove "beyond a reasonable doubt" that there was intent, while NCMEC's Yiota Souras insisted the knowledge standard was very narrowly tailored.

Both of them are wrong -- in somewhat staggering and dangerous ways. Again, the actual text of the bill says the following:

The term ‘participation in a venture’ means knowing conduct by an individual or entity, by any means, that assists, supports, or facilitates a violation [of sex trafficking laws.]

This is problematic on multiple levels. First "knowing conduct" by itself is vague and not clearly defined. As Professor Eric Goldman suggested during the hearing, knowing conduct could just mean that a platform knows it's doing something, but has no idea of the outcome. For example, if we knowingly allow users to post comments on our site -- and someone uses that to post sex trafficking ads -- even though we didn't know they were posting sex trafficking ads, our conduct in enabling comments was "knowing." If that sounds like a crazy scenario to you, fair enough -- but shouldn't the law state that much more clearly? Make it clear that the knowledge is not just of its own conduct, but that the conduct is specifically targeted at breaking the law.

The second problem with the knowledge standard is the claim that you can violate the law if your "knowing conduct" "by any means"... "assists, supports or facilitates a violation" of sex trafficking laws. As we explained earlier, assists, supports or facilitates is super broad. It's possible to read this to mean that hosting a website where someone sets up a blog to advertise sex trafficking makes you automatically liable -- even if you knew nothing of the actual content. After all, you did "knowing conduct" (hosting a website) and that website was used to "assist, support or facilitate" a violation of sex trafficking laws. We would not read the law this way, but as the language is currently written, it could very well be read that way.

And that means it will be read that way by someone. We've seen tons of civil lawsuits filed against deep-pocketed companies (and not so deep-pocketed companies) on a much more flimsy basis. If you don't think a bunch of lawyers won't be searching for such cases to bring, you haven't paid much attention.

And these lawsuits can be very costly and time-consuming. Remember the Viacom v. YouTube case? That was an intermediary liability case that was almost entirely focused on the question of whether YouTube had the requisite knowledge to be liable (sound familiar?). And it went on for more than seven years before it was finally settled, rather than having a court issue a final ruling. With such a weak knowledge standard (even weaker than the DMCA's that was fought over in the Viacom case), you can bet there will be long and costly lawsuits over just what the hell Congress meant by "knowledge."

It's fairly stunning and concerning that those pushing for the bill insist there's no problem with the knowledge language. It's as if they have no idea of the fairly recent litigation history over this very issue.

A lack of enforcement isn't fixed by blaming intermediaries: As mentioned, nothing in CDA 230 stops the Justice Department from going after intermediaries if they break the law. When this was (barely) brought up during the hearing, one response was that the DOJ is either overwhelmed or isn't doing its job -- and by opening up prosecutions to state law enforcement, it would allow more of these kinds of cases to be brought. And while that may be true, that seems like a really weird way to solve the problem. If the true problem is a lack of willingness or resources by the DOJ to take on these cases, then why isn't the discussion and legislation directly targeting that problem? Why isn't there a discussion of allocating more resources, or finding out why the DOJ isn't bringing these cases, and offering legislation or resources to solve whatever may be blocking action.

Instead, it seems like a very strange approach to say the answer to a lack of will or resource is... to make more companies liable.

A profound misunderstanding of CDA 230. This one bothers me quite a bit. If we're talking about amending CDA 230, at least get the facts on CDA 230 right. Unfortunately, many Senators and some of the witnesses did not. There's this incorrect belief that CDA 230 leaves no recourse for victims of sex trafficking. That is not even remotely true. The actual perpetrators of sex trafficking are still very much in violation of the law. And, again, if platforms actually develop illegal content themselves, then CDA 230 protections don't apply.

Finally, so many of the Senators and commentators act as though because of CDA 230, no company does anything to moderate their platforms. This is laughable. Basic public pressure has lead most platforms to moderate their platforms thoroughly -- and that's one of the features of CDA 230, in that it says that any effort to moderate/filter your platform to remove content you don't want to see (even if legal) does not attach any liability. SESTA changes that standard (even as its authors claim it doesn't). Because of the "knowledge" standard, moderating content may now be seen as evidence of "knowing conduct." So this effectively wipes out one of the most important tools that platforms have used to stop their platforms from being used for sex trafficking -- and no one seems to want to acknowledge that.

Unless the supporters of this bill are willing to face up to these basic facts and problems with the bill, their headlong rush into "doing something" seems likely to cause a lot more harm than good.