Five Years Ago

This week in 2013, we learned that in addition to communications the NSA was keeping millions of credit card transaction records, and then we finally got a look at the secrett FISA court ruling that permitted bulk phone data collection, in which it was revealed that Verizon and AT&T never fought back. The court also made the untrue claim that all of congress already knew all the details, and of course we wondered why the ruling was ever secret to begin with. Meanwhile, Michael Hayden was making some crazy claims about terrorists using Gmail and the US's right to spy on the internet it invented, while also making some childish prognostications about Ed Snowden's likely future of alcoholism — though other defenders of the agency were sticking to the same tired talking points, plus the new euphemism that Snowden's activities were "masked by his job duties".

Ten Years Ago

This week in 2008, Apple made the decision to block a competitive podcast app from the App Store, leading to significant backlash, while a court in Germany was getting in on similar action in its own way by banning VOIP on the iPhone at the behest of T-Mobile. NBC was bragging about its ability to lock down online Olympic footage, the movie industry was making yet another attempt to build the mythical "good" DRM, and the cops were continuing to bring in the RIAA to help with investigations where it would clearly be biased. There was a glimmer of light for online entertainment though: this was also the week that BandCamp launched, and its easy-to-build pages quickly became one of the best tools for musicians to distribute their work online.

Fifteen Years Ago

This week in 2003, as file-sharers were going deeper underground, a study showed that most online copies of movies were coming from industry insiders — which perhaps explains the industry's insane plan for self-destructing DVDs. While RIAA head Carey Sherman was struggling to defend the agency's lawsuit strategy (and totally missing the point), the Senate was gearing up for hearings over the lawsuits, and considering a bill to close the DMCA's special subpoena powers — also a major issue in the ongoing court battle between the RIAA and Verizon.

Strangest trademark story of the month? Strangest trademark story of the month! As you may have heard, back in March, a former Russian spy who had been a double agent for the UK, Sergei Skirpal (and his daughter), was poisoned in the UK with a nerve agent. Earlier this month, UK officials moved to charge two Russians with attempted murder over that event. They named Alexander Petrov and Ruslan Boshirov as being behind the plot. Along with the announcement, the Crown Prosecution Service admitted that it will not seek to extradite the men from Russia, as Russia will not extradite its own nationals.

Somewhat bizarrely, the two men (who many believe are not actually named Petrov and Boshirov) then decided to go on Russian TV to profess their innocence, claiming, improbably, that they were just tourists with no connections to Russian intelligence who had really wanted to go visit a cathedral in Salisbury where the attacks took place. A somewhat fascinating Bellingcat investigation has torn to shreds most of their story and suggested pretty strong evidence connecting them to the Russian government (and that their names are fake).

That TV interview has been mocked and described as a farce, but as the NY Times described, it may have been intentionally so, with the hope of mocking the west. And, that leads us to a story that's more normal for us around here: one about trademarks. Apparently, a Russian company, "Golden Brand," decided to apply for a trademark in the two suspects' "names" and (har har) have that trademark cover "production of chemical compounds and perfume." And the idea is that the trademark will then be handed over to the guys to do what they want with it. According to the Moscow Times:

Russia’s Golden Brand company has applied to trademark the phrase “Petroff & Boshiroff,” its spokesperson told The Moscow Times on Wednesday.

"After the name gets registered, we will gift it to Bashirov and Petrov, and they can start a company if they want,” a spokesperson for the company said.

"We did it as a marketing tool; it's good for public relations," she added.

The trademark will allow its holders to manufacture and sell industrial chemicals and perfume, as well as operate fitness centers and travel agencies

At least they admit it's a publicity stunt. But what a bizarre use of trademark. Trademark law in Russia may be different than elsewhere, but in the US, you're supposed to actually be intending to actually use the mark in commerce in order to register it. And, uh, while these two guys may have "used" a chemical, it wasn't in commerce (not to mention, they deny having done so). Also, if they wanted a trademark, they could file it for themselves, without needing some random company to file it for them. The whole story is obviously bizarre, but I didn't expect trademark to play a role in it.

The Long Beach Police Department has bravely struck a blow against police accountability. An investigation by Al Jazeera uncovered use of self-deleting messaging by the department.

Current and former officers from the Long Beach Police Department in Southern California have told Al Jazeera that their police-issued phones had Tiger Text installed on them.

The Tiger Text app is designed to erase text messages after a set time period. Once the messages have been deleted, they cannot be retrieved - even through forensic analysis of the phone.

The police officers who spoke with Al Jazeera said the confidential messaging system was used to share details of police operations and sensitive personnel issues.

This may be true. But even if this was the full extent of TigerText usage, it's still a problem. Personnel issues can become matters of public interest, especially in civil rights lawsuits. Details of police operations are normally inaccessible to the public, but in rare cases, these too become matters of public interest.

On top of that, there's a good possibility some of these vanished discussions may have been pertinent to criminal trials. Defendants should have the chance to obtain relevant discussions that may help their defense, but Tiger Text ensures information that prosecutors might be obligated to turn over to the defense is now completely inaccessible.

In fact, the Al-Jazeera article quotes two former officers as claiming their superiors told them to use TigerText specifically to prevent conversations from being discoverable. The department has denied giving officers these instructions, but former officers claim the PD's participation in the discovery process is anything but "on the up and up."

The Long Beach PD had more than 100 officers using TigerText to preemptively destroy possible public records and/or evidence. The use of self-destructing messages, if nothing else, violates record preservation laws. Depending on what disappeared into the ether, there's a good chance criminal cases were also affected by the rolling destruction of communications.

It didn't take long for the Long Beach PD to reverse course after having its shady texting exposed. The LA Times reports the department has already officially ditched TigerText.

The Long Beach Police Department has suspended its use of a mobile texting application that permanently erases messages after civil liberties advocates and media outlets raised concerns that the app could be used to hide evidence useful to the other side in criminal and civil court cases.

In a statement, the city said the decision to halt the use of TigerText came “pending further review of whether the use is consistent with the city’s record retention policy and administrative regulations for the use of mobile devices.”

The PD claims it used TigerText as a stopgap solution when it moved away from Blackberry phones. Supposedly the search for an encrypted messaging system led the LBPD to this program, despite there being plenty of other options on the market in 2014. I guess the built-in autodelete feature was a pleasant bonus. TigerText was originally developed for the medical industry to allow care providers to send sensitive patient information to each other. The self-destruct feature helped hospitals comply with HIPAA regulations -- both by encrypting communications and ensuring records no longer needed were removed from issued phones.

To its credit, the swift abandonment of TigerText means future violations will be minimal. The PD has also promised to release more info about the department's utilization of the messaging app, including which officers and commanders used the app. But the damage that has been done probably can't be undone. If no messages were archived, the last four years of TigerText communications no longer exist. Nothing can be proven one way or another and taxpayers who paid $10,000 a year to help the PD destroy public records will just have to take the department's word that nothing illegal or unconstitutional occurred while TigerText was in use. That's a giant leap of faith most people won't make. If the Long Beach PD didn't have a trust issue before, it definitely has one now.

Sometimes the best move is to let something go. Kids will be kids, as the saying go. Thing is, kids may also be litigants, especially if you think your school administration position grants you the power to violate students' rights.

The mother of the 17-year-old girl filed the federal lawsuit this past February against the Hackettstown School District; teacher Kathleen Matlack; assistant principal Kevin O'Leary; and Jennifer Spukes, a Harassment, Intimidation, and Bullying specialist at the high school.

The suit contends the girl was discriminated against and her constitutional rights violated as the district accused the girl of bullying and then issued a one day in-school suspension while she attended the school in the 2016-2017 school year.

That's the tidied-up summary of the lawsuit, as composed by Lehigh Valley Live, which covered the case but couldn't be bothered to post the judge's ruling. So, here's the missing paperwork [PDF] and we'll get into the story behind this via the details contained in the federal judge's order.

This is only the build-up.

On March 8, 2017, K.C. was summoned to the office of Defendant Kevin O’Leary, Assistant Principal at Hackettstown High School. Apparently, K.C. and other students were overheard having a conversation about guns and violence, which O’Leary wished to address. O’Leary asked K.C. whether the conversation concerned the Black Lives Movement; when she told him that she was speaking about confrontations between police and African Americans, O’Leary responded, “all lives matter.” According to K.C., she understood this to mean that she was not to discuss the Black Lives Movement while in school. Apparently, during this conversation O’Leary also remarked that some individuals are lucky to have light-colored skin and pass as Caucasian, which K.C. took as an insult, being that she is bi-racial. However, K.C. was not disciplined for this incident.

This seems like pretty weird behavior from a school official, but not exactly the subject matter of a federal lawsuit. An administrator took a chance to connect with students discussing a serious issue that affects all of them and chose to grind his personal ax instead. A bad decision but not exactly a violation of K.C.'s rights.

THAT

During K.C.’s English class, students were reading the play, “Blood Brothers,” which has a scene where a corrupt police officer treats two suspects differently based on their economic status. As students were picking roles to play, K.C. volunteered to play the police officer, referring to the officer as “the pig.”

ESCALATED

Her English Teacher, Defendant Matlack, reprimanded her for her choice of word and K.C. apologized. This being said, J.G. received a phone call a half hour later from Principal Matthew Scanlon, who explained to her that K.C. was the subject of a Harassment, Intimidation, and Bullying (hereinafter, “HIB”) investigation…The basis of this investigation was K.C.’s use of the word “pig,” which may have offended a student in the class whose father is a police officer…

QUICKLY

Later that day, the school conducted an HIB investigation, which was attended by K.C., Defendant Jennifer Spuckes, an HIB Investigation specialist, and Defendant O’Leary. K.C. apparently recorded this meeting. In any event, during the meeting, K.C. expressed to Defendants Spuckes and O’Leary that use of the word “pig” did not reflect her view of law enforcement and claimed that the classmate who may have been offended by the statement was not present when she uttered the word. According to the Complaint, “Mr. O’Leary and Ms. Spuckes analogized the use of the term ‘pig’ to the use of the term ‘nigger’ and, later, the term ‘fag.” Apparently, both of them asked her how she would feel if someone called her by either name. Despite objecting to these slurs, Defendants O’Leary and Spuckes continued to utter them in front of her. The two also criticized K.C. for continuing to discuss the Black Lives Movement, which they compared to someone overhearing a sexually degrading conversation between two teachers.

Where do you even start? The bullshit "bullying" accusation? Well, the lawsuit states the student supposedly offended by this wasn't even in the room when the "pig" comment was made. K.C. apologized for referring to a fictional cop character as a "pig," even though there was no reason for her to do so.

From there, it's just an embarrassment of richly embarrassing -- if not downright insulting -- conversational tactics by a bunch of disciplinarians who apparently felt compelled to straighten out a gay, multiracial student by [checks notes] using the words "nigger" and "fag" in an entirely abhorrent analogy that presumes "cop" is a race or sexual orientation.

Also: Black Lives Matter is to "sexually-degrading conversation between two teachers" as Colin Kaepernick is to:

A: gumball machine
B: complete works of Proust
C: narcolepsy
D: deciduous

This atrocious trainwreck of judgment calls was followed by a one-day suspension. This, in turn, was followed by the lawsuit.

The defendants all moved to dismiss the lawsuit, arguing K.C. didn't have standing and/or failed to state a claim. The federal court disagrees, finding both offered defenses to be off base. K.C. has standing...

[C]ontrary to Defendants’ assertion, none of Plaintiff’s claims “arise under the school laws” of New Jersey. While the allegations relate to the school’s investigation into K.C.’s alleged bullying, the claims asserted arise under a federal statute, state law, United States Constitution, and the Constitution of the State of New Jersey.

… and has stated a plausible claim.

When reviewing the Complaint, the Court is satisfied, at this stage, that Plaintiffs “pig” comment may constitute protected speech that was allegedly wrongfully infringed. While Defendants contend that her punishment was based on complaints of bullying and the school’s overall concern for preventing disruptive behavior, there is nothing alleged in the Complaint to support same. Second, with regards to the Plaintiffs conversation surrounding the Black Lives Matter movement, it can hardly be argued that discussions involving political or social justice matters do not fall within the protections afforded under the First Amendment…

There were plenty of opportunities to handle this non-issue in a way that would have eliminated the possibility of a civil rights lawsuit. Anything from "doing nothing" to "doing anything but what was done" would have sufficed. But it sounds like these administrators have something against minorities and people who don't automatically assume cops are saints. And that might cost them in the long run.

Way back when the GDPR was still under consideration, we were among those who warned that, in the name of "protecting privacy," Europe was about to create a tool for massive censorship by encapsulating a massive "right to be forgotten." As we noted at the time, a big part of the problem was that the GDPR was written by privacy and data protection experts, with little to no consideration given to free speech experts, who could have told the drafters how "right to be forgotten" rules would likely be abused. The basic idea behind them seems sound -- allowing people to delete data from services they no longer use -- but the ability to turn that into a tool to take down public information is a real problem.

And, now that the GDPR is official, we're already seeing it in practice. Aaron Greenspan, from Plainsite -- a site that hosts court dockets -- recently noted that he had received a RTBF demand from a guy named Michael Francois Bujaldon, who was seeking to disappear a docket involving a case in which Bujualdon was sued for real estate and securities fraud. The complaint against Bujaldon is fairly damning, and while Bujaldon tried to get the case dismissed, the court was not at all impressed. The current docket suggests that the parties are attempting to work out a settlement, but having yourself be a defendant accused of real estate and securities fraud can't be good for the old reputation.

Never fear, however, for the GDPR has a Right to be Forgotten in it, and Bujaldon is apparently using it to delete his own name from the dockets for which he is a defendant:

If you cannot read that request, it says:

Hi,
under Article 21.1 of the General Regulations on Data Protection (RGPD) transcribing European Regulation 2106-679 and updating the provisions of Law 78-17 of 6 January 1978, known as "Informatique et Libert" amended in 2004 (Law 2004-575 on Trust in the Digital Economy - LCEN), which Article 6 | 2 provides that "any information relating to an identified natural person or which can be identified, directly or indirectly, by reference to an identification number or one or more elements specific to that person shall constitute personal data",
I thank you for deleting my personal data, which is my first and last name Michael Franois BUJALDON on this page:

https://www.plainsite.org/dockets/30qmdbpgl/north-dakota-district-court/chabert-et-al-v-bujaldon-et-al/

Please see attached my ID card.

Regards,
Michael Francois BUJALDON

PD: this website has removed this content yet: https://www.pacermonitor.com/public/case/17818391/Chabert_et_al_v_Bujaldon_et_al

So, first, you can feel free to highlight the fact that BUJALDON misspelled his own name in the part where he asks that his name be deleted (he left the c out of Francois). But it does appear to be the case that Pacer Monitor deleted the entire docket for Bujaldon, not just his name. If you go to that link you get:

Which... is pretty damn messed up. This is a public court docket regarding a case accusing Bujaldon of serious fraud. That's not just public information, but it's the kind of information that people clearly want to be public. Yet, Bujaldon has been able to get it shot down the memory hole thanks to the GDPR, and Pacer Monitor has complied and disappeared the entire docket.

While Greenspan clearly didn't want to similarly comply, he later notes that his hosting company forced him to remove Bujaldon's name, and replace it with his initials or else it would suspend his server:

So, now the docket on PlainSite looks like this:

Plainsite's Aaron Greenspan told me that his hosting company, Hetzner, is based in Germany, so perhaps they feel more exposed to GDPR requests, no matter how nonsensical. He also shared with me his email exchange with Hetzner. The company doesn't even seem to want to consider the possibility that the takedown request was illegitimate. Not only does it demand he take Bujaldon's name down within 24 hours, it demands a statement "about how this could have happened and what you intend to do about it."

What?

Someone totally abuses the GDPR's Right to be Forgotten to try to delete evidence of an ongoing lawsuit against himself, and the hosting company's first reaction is to assume that the site is at fault and demand an explanation? And an explanation of how "what" happened? Plainsite is just hosting a federal court docket. It didn't do anything wrong, so why is Hetzner acting as if the site must have done something wrong?

Looking around the web, other sources still have Bujaldon's full name in their dockets -- such as at Justia, Law360 and CourtListener, but one wonders if Bujaldon will seek to target them as well.

This is, quite obviously, an abuse of the GDPR to delete public information (information where it's fairly important that it be public) to hide reputation harming information. Some defenders of the GDPR may argue that since this is an abuse of the GDPR, we shouldn't really blame the GDPR for this result, but rather blame Bujaldon for abusing it, or the various internet companies for caving to his bogus demands. However, this is exactly what free speech experts were warning would happen when the "data protection" experts in the EU insisted that these rules would be fine. They refused to listen, and now we're at the point where important information is actually being censored.

Even worse, we're increasingly hearing talk of exporting the GDPR to the United States, and creating a similar set of rules here, as if they won't be aggressively abused to hide important information like this, as well.

Will we ever see a complete postmortem of the damage done by leaked NSA software exploits? All signs point to "no."

[M]ore than a year since Microsoft released patches that slammed the backdoor shut, almost a million computers and networks are still unpatched and vulnerable to attack.

Although WannaCry infections have slowed, hackers are still using the publicly accessible NSA exploits to infect computers to mine cryptocurrency.

This report, from Zack Whittaker at TechCrunch, says there's really no endpoint in sight for the unintended consequences of exploit hoarding. But at this point, it's really no longer the NSA or Microsoft to blame for the continued rampage. Stats from Shodan show more than 300,000 unpatched machines in the United States alone.

EternalBlue-based malware still runs rampant, but the focus has shifted from ransom to cryptocurrency. An unnamed company recently watched the NSA's exploit turn its computers into CPU ATMs.

Nobody knows that better than one major Fortune 500 multinational, which was hit by a massive WannaMine cryptocurrency mining infection just days ago.

“Our customer is a very large corporation with multiple offices around the world,” said Amit Serper, who heads the security research team at Boston-based Cybereason.

“Once their first machine was hit the malware propagated to more than 1,000 machines in a day,” he said, without naming the company.

Fun stuff. And all made possible by the US government. Sure, indirectly, but it's not like no one in the private sector ever expressed concerns about the agency's vulnerability hoarding and the possibility of exactly this sort of thing happening. The exploit the NSA thought was too good to give up was taken from it and handed over to the malware-crafting masses to inflict misery around the world. Enemies were made -- and not all of them were software and hardware developers.

There will never be a full accounting of the damage done. Yes, the NSA never thought its secret stash would go public, but that doesn't excuse its informal policy of never disclosing massive vulnerabilities until it's able to wring every last piece of intel from their deployment. And there's a chance this will happen again in the future if the agency isn't more proactive on the disclosure front. It was foolhardy to believe its tools would remain secret indefinitely. It's especially insane to believe this now.

The 2018 Cyber Security Bootcamp Bundle combines popular industry certification prep that will help you learn new skills and prepare for top exams. You'll delve into essential topics like CEH v9, CISSP, and CompTIA's Network+, Security+, and A+. Over 115 hours of content is included to help you foster skills in ethical hacking, information systems security, network security, enterprise hardware, and more. It's on sale for $59.

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

Well, here's yet another crazy story of copyright interfering with art (ht to Jean for sending this over). Buckle in, because there's a lot to explain, starting with some truly astounding art, followed by more truly astounding art, with an extra helping of even more astounding art... and then an apparent claim of copyright infringement. What follows is truly amazing work by artist CJ Hendry. Most of this is taken from a long Instagram story in which she documented this entire process, so forgive the image heavy explanation here, but it helps to explain what happened -- so I'll include some explanatory screenshots.

She started with a bunch of Andy Warhol's famous Polaroids, cutting them out of the book of such photographs, and then sketched amazingly accurate renditions of them.

That, alone was incredibly impressive, but then she took it much further. She took her own drawings and crumpled up the papers:

... and then drew new images of her crumpled up drawings of the original polaroids:

Then, she made t-shirts featuring her drawings of the crumpled up drawings that she made replicating Andy Warhol's Polaroids:

If you're not in awe already, you should be. But Hendry kept going. Since this was all an homage to Andy Warhol, she took the homage even further and made up her own Campbell's style soup labels, put them on cans and put the t-shirts into the cans.

She was intending to sell each of the t-shirts in the cans, which would have been amazing... but then, copyright (maybe?) apparently got in the way.

It's not entirely clear who stepped in -- Hendry insists it was not the Warhol Foundation -- but suddenly that the sale has been cancelled:

If you can't read that, it says:

Thanks to everyone for the lovely messages about the tees sorry for letting you all down.

Believe it or not it had nothing to do with the Warhol Foundation, another organization completely.

Just for lolls I will probably bring out a tee as a massive spoof of the whole thing because why the heck not.

Stay tuned...

So, instead of selling them, she packed up each of these amazing cans, placed them in bright red boxes, labeled "Copyright Infringement -- Trash Only":

...and then has been placing them randomly around New York City for people to find, posting pictures (and addresses) on Instagram. I'm actually going to New York City in two days and am pissed off I'm going too late to find one of these amazing boxes and t-shirts.

Again, it's not entirely clear who is behind this. The book publisher Taschen published the book of Andy Warhol's Polaroids, so perhaps they have a copyright interest here? The only other one I can think of would be Campbell's Soup, though that would be crazy. Of course, a decade ago, we wrote about the letter that Campbell's Soup sent to Warhol back in 1964, joking that if Warhol had tried to do the same thing today, he undoubtedly would have received a cease and desist from a humorless corporate trademark lawyer. Instead, Campbell's celebrated Warhol's creativity:

It is too bad that the modern equivalent has been shut down via at least some sort of intellectual property threat.

We've made it pretty clear by now that U.S. broadband policy generally stinks because the nation's biggest broadband providers (and the politicians who adore their campaign contributions) want to keep the U.S. broadband market as it is: uncompetitive, expensive, and broken. There are myriad ways they accomplish this, from quite literally writing and lobbying for the passage of protectionist state laws, to convincing regulators like Ajit Pai to turn a blind eye to pretty much all of the worst habits of entrenched telecom mono/duopolies.

But at the heart of the problem sits the flawed form 477 broadband mapping data the FCC collects from broadband providers. With a vested interest in portraying a healthy market, ISPs have long submitted data that over-states broadband speed and availability. And, like a loyal servant to the industry it's supposed to hold accountable, the FCC (under both parties) rarely does much to actually verify that this data is accurate. This bad data then goes on to inform bad FCC policy.

Case in point: the GAO released a study last week noting that the FCC routinely overstates broadband availability in tribal areas, which in turn results in policy that doesn't do a good job fixing the problem. As the report (pdf) notes, the flimsy, unverified data the FCC collects is only compounded by odd FCC methodology decisions, like declaring an entire area "served" with broadband if just one home in a census tract has service:

The Federal Communications Commission (FCC) collects data on broadband availability from providers, but these data do not accurately or completely capture broadband access on tribal lands. Specifically, FCC collects data on broadband availability; these data capture where providers may have broadband infrastructure. However, FCC considers broadband to be “available” for an entire census block if the provider could serve at least one location in the census block. This leads to overstatements of service for specific locations like tribal lands. FCC, tribal stakeholders, and providers have noted that this approach leads to overstatements of broadband availability. Because FCC uses these data to measure broadband access, it also overstates broadband access—the ability to obtain service—on tribal lands.

The bad data, and the FCC's unwillingness to do anything about it for the last twenty years, then has a cascading effect down the line, the GAO found:

Additionally, FCC does not collect information on several factors—such as affordability, quality, and denials of service—that FCC and tribal stakeholders stated can affect the extent to which Americans living on tribal lands can access broadband services. FCC provides broadband funding for unserved areas based on its broadband data. Overstatements of access limit FCC’s and tribal stakeholders’ abilities to target broadband funding to such areas. For example, some tribal officials stated that inaccurate data have affected their ability to plan their own broadband networks and obtain funding to address broadband gaps on their lands.

Of course this is certainly a problem for tribal areas, especially given the Pai FCC's decision to try and limit the broadband improvement subsidies that help expand broadband coverage to these areas (which is odd for a guy that prattles on endlessly about how fixing the digital divide is his top priority).

But this same problem is playing out everywhere in the country, as cable providers secure a growing monopoly over broadband thanks to telcos that refuse to upgrade aging DSL lines at any real scale.

Our $350 million broadband map does a fairly terrible job mapping broadband, but it does do a wonderful job perfectly illustrating the width and breadth of this problem. The map is supposed to "educate and inform" Americans as to broadband availability. But as we've pointed out repeatedly, the plan hallucinates both speeds and ISP availability, and fails to include any data at all on pricing (at ISP request). You can try it out yourself here, perhaps noting that most of the ISPs it claims are available at your address likely don't exist.

The end result is government regulators who look at one of the most broken markets in America through rose-colored glasses, resulting in our national broadband dysfunction never getting much better. And of course when somebody at the FCC does get the crazy idea of improving mapping and availability, ISP lobbyists quickly get to work killing those efforts. And, as you might suspect, the problem has only gotten worse under FCC boss Ajit Pai, who has taken steps to weaken the very definition of "competition" itself at incumbent ISP behest.

As such, keep in mind, when you see data highlighting how terrible U.S. broadband is, you can be fairly certain it's significantly worse than that. And the reason should be pretty obvious: if somebody were to accurately illustrate the monopoly Comcast, Charter, Verizon, and AT&T enjoy (and the impact this has on everything from pricing to net neutrality), somebody might just get the crazy idea to embrace policies that actually do something about it.

Ron Wyden is writing letters again. This time he wants to know why the federal government isn't protecting the personal devices and email accounts used by federal officials. Attacks by state-sponsored hackers are never going to go away, and Wyden feels this lack of protection will make personal devices easy targets. From Wyden's letter [PDF] to Senate majority leaders:

Press reports from January of this year indicate that Fancy Bear--the notorious Russian hacking group--targeted senior congressional staff in 2015 and 2016. My office has since discovered that Fancy Bear targeted personal email accounts, not official government accounts. And the Fancy Bear attacks may be the tip of a much larger iceberg. My office has also discovered that at least one major technology company has informed a number of Senators and Senate staff members that their personal email accounts were targeted by foreign government hackers.

Given the significance of this threat, I was alarmed to learn that SAA cybersecurity personnel apparently refused to help Senators and Senate staff after these attacks The SAA informed each Senator and staff member who asked for help that it may not offer cybersecurity assistance for personal accounts. The SAA confirmed to my office that it believes it may only use appropriated funds to protect official government devices and accounts.

This seems a little odd, but there's a good reason the SAA doesn't extend coverage to personal devices. As Pwn All The Things pointed out on Twitter, personal devices can be used for personal things, and we don't want our elected officials using tax dollars for personal reasons.

This is a good example of a rule constructed for laudable reasons -- the strong firewall to stop legislators using govt money for campaigning and personal things is there for a reason -- ending up with bad consequences on edge-cases like defending high-value accounts from hackers

To protect against hacking attempts, Wyden is introducing legislation that would eliminate the SAA silos. The bill would allow the SAA to "provide cybersecurity assistance" for personal devices on an opt-in basis. We'll have to see how this plays out when implemented. It may make it more difficult to discern if any federal funds were misused by Senators or their staff.

On the other hand, it will help secure devices some government employees mistakenly believe aren't prime targets for state-sponsored hacking. It takes a certain amount of obtuseness to reach this conclusion, considering how heavily some government officials rely on their personal devices for communications with other government officials. The old FOIA dodge is still a popular one, and the difficulty of separating official work from personal work -- especially during election years -- likely means personal devices are used far more frequently than their government-issued ones.

While it's good the government as a whole is continually working towards more robust security, the fact is the private sector offers plenty of options for government officials to better secure their personal devices. Personal responsibility is still underutilized at the federal level, which makes them no better (or worse) than much of the general public.