Five Years Ago

This week in 2013, we watched plenty of copyright hysteria as a trade group insisted that accommodating the deaf and blind would mean "casting aside" copyright, a Swedish prosecutor tried to label the Pirate Bay's domain registrar as an "accomplice", and all the major Hollywood students sent bogus DMCA notices over a documentary about said Bay. Meanwhile, we were watching the TPP negotiations over the contentious intellectual property chapter, a key legal fight over DMCA abuse (while the RIAA continued whining that safe harbors are broken), and the effort in Congress to fix the anti-circumvention provisions.

Ten Years Ago

Five years earlier in 2008, we were already talking about how far behind the mainstream media was when it came to the DMCA and DRM. We took a look at how the RIAA and MPAA helped make The Pirate Bay even more popular, while the MPAA was getting people to settle lawsuits over simply linking to content, and Hollywood was working hard on making sure set-top boxes suck.

This was also the week that we got our very first leaked glimpse at something that would become a huge topic in years to come: ACTA, which at the time we called The Pirate Bay Criminalization Treaty.

Fifteen Years Ago

This week in 2003, worlds collided in an odd way as Roxio, the company that acquired the Napster name, made a deal to buy Pressplay, the music studios' crappy download service. Meanwhile, a Spanish site was claiming to offer legal music downloads, which as you can imagine the industry didn't quite see the same way. In the mean time, the music industry got into its head that a website listing out legal services was the key to ending piracy, while Disney was preparing to offer its own video-on-demand service, and Jack Valenti was busy rewriting history as usual. And, to bring us back around to the very first link in this history post, it was this week in 2003 that we first started hearing about the blind and deaf fighting back against the DMCA — something we optimistically thought might actually be effective, but that was giving the industry too much credit, apparently.

Happy GDPR day! At least if you can manage to be happy about a cumbersome, punitive, unprecedentedly extraterritorial legal regime that hijacks the resources of businesses everywhere without actually delivering privacy protection commensurate with the enormous toll attempts to comply with it extract. It's a regulatory response due significant criticism, including for how it poorly advances the important policy goals purportedly prompting it.

In terms of policy goals, there's no quarrel that user privacy is important. And it's not controversial to say that many providers of digital products and services to date may have been… let's just say, insufficiently attentive to how those products and services handled user privacy. Data-handling is an important design consideration that should always be given serious attention. To the extent the GDPR encourages this sort of "privacy by design," it is something to praise.

But that noble mission is overwhelmed by the rest of the regulatory structure not nearly so adeptly focused on achieving this end, which ultimately impugns the overall effort. Just because a regulatory response may be motivated by a worthwhile policy value, or even incorporate a few constructive requirements, it is not automatically a good regulatory response. Unless the goal is to ruin, rather than regulate, knotty policy problems need nuanced solutions, and when the costs of complying with a regulatory response drown out the intended benefit it can't be considered a good, or even effective, policy response. Here, even if all the GDPR requirements were constructive ones – and while some are, some are quite troubling – as a regulatory regime it's still exceptionally problematic, in particular given the enormous costs of compliance. Instead of encouraging entities to produce more privacy-protective products and services, it's instead diverted their resources, forcing them to spend significant sums of money seeking advice or make their own guesses on how to act based on assumptions that may not be correct. These guesses themselves can be costly if it results in resources being spent needlessly, or for enormous sums to be put in jeopardy if the guesses turn out to be wrong.

The rational panic we see in the flurry of emails we've all been getting, with subject lines of varying degrees of grief, and often with plaintive appeals to re-join previously vibrant subscriber communities now being split apart by regulatory pressure, reveals fundamental defects in the regulation's implementation. As does the blocking of EU users by terrified entities afraid that doing so is the only way to cope with the GDPR's troubling scope.

The GDPR's list of infirmities is long, ranging from its complexity and corresponding ambiguity, to some notably expensive requirements, to the lack of harmonization among crucial aspects of member states' local implementations, to the failure of many of these member states to produce these local regulations at any point usefully in advance of today, and to the GDPR's untested global reach. And they fairly raise the concern that the GDPR is poorly tailored to its overall policy purpose. A sound regulatory structure, especially one trying to advance something as important as user privacy, should not be this hard to comport with, and the consequences for not doing so should not be so dire for the Internet remaining the vibrant tool for community and communication that many people – in Europe and elsewhere – wish it to remain being.

Back in 2014, we wrote about a campaign by Yelp which it called "Focus on the User," in which it made a very compelling argument that Google was treating Yelp (and TripAdvisor) content unfairly. Without going into all of the details, Yelp's main complaint was that while Google uses its famed relevance algorithm to determine which content to point you to in its main search results, when it came to the top "One Box" on Google's site, it only used Google's own content. Four years ago, the Focus on the User site presented compelling evidence that users of Google actually had a better overall experience if the answers for things like local content (such as retailer/restaurant reviews) in the One Box were ranked according to Google's algorithm, rather than just using Google's own "Local" content (or whatever they call it these days).

As we noted at the time, this argument was pretty compelling, but we worried about Yelp using the site to ask the EU to then force Google to change how its site functioned. As we wrote at the time:

... the results are compelling. Using Google's own algorithm to rank all possible reviews seems like a pretty smart way of doing things, and likely to give better results than just using Google's (much more limited) database of reviews. But here's the thing: while I completely agree that this is how Google should offer up reviews in response to "opinion" type questions, I still am troubled by the idea that this should be dictated by government bureaucrats. Frankly, I'm kind of surprised this isn't the way Google operates, and it's a bit disappointing that the company doesn't just jump on this as a solution voluntarily, rather than dragging it out and having the bureaucrats force it upon them.

So while the site is fascinating, and the case is compelling, it still has this problem of getting into a very touchy territory where we're expecting government's to design the results of search engines. It seems like Yelp, TripAdvisor and others can make the case to Google and the public directly that this is a better way to do things, rather than having the government try to order Google to use it.

It took four years, but it looks like Yelp is at least taking some of my advice. The company has relaunched the "Focus on the User" site, but positioned it more towards convincing Google employees to change how the site handles One Box content, rather than just asking the government for it. This is a good step, and I'm still flabbergasted that Google hasn't just done this already. Not only would it give users better overall results, but it would undercut many of the antitrust arguments being flung at Google these days (mainly in the EU). It's a simple solution, and Google should seriously consider it.

That said, while Yelp has shifted the focus of that particular site, it certainly has not not given up on asking the government to punish Google. Just as it was relaunching the site, it was also filing a new antitrust complaint in the EU and again, I'm still concerned about this approach. It's one thing to argue that Google should handle aspects of how its website works in a better way. It's another to have the government force the company to do it that way. The latter approach creates all sorts of potential consequences -- intended or unintended -- that could have far reaching reverberations on the internet, perhaps even the kind that would boomerang around and hurt Yelp as well.

Yelp makes a strong argument for why Google's approach to the One Box is bad and not the best overall results for its users. I'm glad that it's repurposed its site to appeal to Google employees, and am disappointed that Google hasn't made this entire issue go away by actually revamping how the One Box works. But calling on the government to step in and determine how Google should design its site is still a worrisome approach.

I'll admit that I traditionally haven't been as paranoid as many people in regards to the surveillance powers of digital assistants like Amazon's Alexa or Google Home. Yes, putting an always-on microphone in your home likely provides a wonderful new target for intelligence agencies and intruders to spy on you. That said, it's not like a universe of internet of broken things or smart TVs aren't doing the same thing, before you even get to the problem with lax to nonexistent privacy standards governing the smartphone currently listening quietly in your pocket and tracking your every location.

That said, nobody should ever labor under the false impression that good opsec involves leaving always on, internet-connected microphones sitting everywhere around your house.

One Portland family learned this the hard way when their Amazon Alexa unit recorded a part of a private conversation and randomly sent it to somebody in her contact list. According to local Seattle affiliate Kiro 7, the family was contacted by a coworker who stated that he was receiving audio files of private conversations that had occurred in the family's house:

"We unplugged all of them and he proceeded to tell us that he had received audio files of recordings from inside our house," she said. "At first, my husband was, like, 'no you didn't!' And the (recipient of the message) said 'You sat there talking about hardwood floors.' And we said, 'oh gosh, you really did hear us.'"

Danielle listened to the conversation when it was sent back to her, and she couldn't believe someone 176 miles away heard it too.

"I felt invaded," she said. "A total privacy invasion. Immediately I said, 'I'm never plugging that device in again, because I can't trust it.'"

To its credit, Amazon quickly came clean and confirmed that this happened without the kind of idiotic denials and subsequent tap dancing you might normally see from a company in 2018. In a statement, the company indicated that the leak was an "extremely rare occurrence" where Alexa repeatedly seemed to misunderstand random words as commands:

"Echo woke up due to a word in background conversation sounding like "Alexa." Then, the subsequent conversation was heard as a "send message" request. At which point, Alexa said out loud "To whom?" At which point, the background conversation was interpreted as a name in the customers contact list. Alexa then asked out loud, "[contact name], right?" Alexa then interpreted background conversation as "right." As unlikely as this string of events is, we are evaluating options to make this case even less likely."

This really does seem to be a rare occurrence where the unit simply misinterpreted what was said, and the owners either ignored (or couldn't hear) the unit repeatedly asking for confirmation. That said, nothing about this story is going to ease those justly paranoid about the potential here for abuse, especially in a country where meaningful punishment for massive privacy violations are often nonexistent (looking at you, Equifax), and existing privacy protections are either being eliminated or have all the teeth of modestly-damp cardboard.

Earlier this week our Kickstarter campaign for our adaptation of the recently declassified CIA training game, called CIA: Collect It All ended, closing out with over 500% of our target goal. Even so, we know that many people missed out on the campaign who now want to order the game as well (trust me, we've gotten your emails!). So, as we continue to get the game ready, we're now opening up a pre-order system using Celery for others to purchase the game, to be included in our list of backers when we ship out the game later this year. You can now pre-order the game right here for the next month or so until we start manufacturing the cards.

Today is GDPR day, and lots of people are waking up to a world in which EU regulations are having a widespread (and not always positive) impact on how the internet works. As we've detailed over the past couple of years, while there are many good ideas in the GDPR, there are also many ridiculously bad ones, combined with poorly thought out drafting, and we're already seeing some of the fallout from that. But, believe it or not, there's an even larger threat from the EU looming, and it's received precious little attention: the EU's new copyright reform proposal is set to be voted on next month and it will truly be disastrous to the internet. As it currently stands, it will require widespread censorship in the form of mandatory filtering and also link taxes that have already been shown to be harmful to news.

European Parliament member Julia Reda is sounding the alarm and asking people to speak out. As she notes, many of the folks now freaking out about the GDPR wish they got involved over two years ago when it was being debated. And if you're concerned about how problematic this new copyright reform will be for the internet, now is the time to speak out (yes, even if you're not in the EU):

On the topic of copyright, you NOW have the chance to have an influence – a chance that will be long lost in two years, when we’ll all be “suddenly” faced with the challenge of having to implement upload filters and the “link tax” – or running into new limits on what we can do using the web services we rely on.

In stark contrast to the GDPR, experts near-unanimously agree that the copyright reform law, as it stands now, is really bad. Where in the case of the GDPR the EU institutions pushed through many changes against the concerted lobbying efforts of big business interests, in the copyright reform they are about to give them exactly what they want.

Parliament and Council have had over a year and a half to fix the glaring flaws of the Commission proposal – but despite their growing complexity, the latest drafts of both institutions fail to meet basic standards of workability and proportionality

Reda's post goes on to detail the many, many problems of the current copyright proposal -- in which merely linking to a news site may require paying money (link tax) and where concerns about how that might negatively impact the entire internet are being woefully ignored. Perhaps even worse is the mandatory filtering idea. The big record labels and movie studios have, of course, been pushing for this kind of thing for years to get back at Google (mainly) and Facebook (a little bit). But, here's the thing: both Google and Facebook already have those filters (and spent tens of millions of dollars on them). This kind of law fucks over everyone else.

And, it's actually even worse than a mandatory filtering rule -- because the EU realized that such a rule would violate other EU laws. So, instead, it decided to hack away at intermediary liability protections to make mandatory filtering necessary:

Make platforms directly liable for all copyright infringements by their users, and then offer that they can avoid that unreasonable liability if they can show they’ve done everything in their power to prevent copyrighted content from appearing online – namely, by deploying upload filters (Article 13, paragraph 4). Which remain totally optional, of course! Wink, wink, nudge, nudge.

Tragically, the only remaining point of disagreement in Council is whether this proposal is bad enough, or should be made worse.

We've already spent years explaining how this will lead to widespread censorship online, but it will also be a disaster for basically all of the non-Google/Facebook platforms out there. Mid-size companies like Github have already talked about how this could effectively destroy its ability to operate, and lots of other sites would be impacted as well. Any kind of forum site would be at serious risk. Reddit, Pinterest, Twitch, Imgur, Wordpress, Medium, Vimeo. This would create massive liability for all of those sites, making it nearly impossible for many of them to function in the EU.

Reda notes that a new draft could make this situation even worse in noting that even having filters won't be enough to avoid liability:

Mr Voss’ latest draft expands the scope of the censorship machines proposal to all web platforms (a) whose purpose is to “give access to copyrighted content uploaded by users” and which (b) “optimise” that content. What counts as optimising? Among a long list of actions, we find that “displaying” the uploads already makes platforms legally liable for any copyright infringement they may include (Recital 37a).

And in his version, web services can’t even avoid liability by implementing upload filters. To protect themselves from being sued, they would need to get licenses from all rightsholders that exist on the planet before allowing user uploads to go online, just in case the upload may contain (parts of) any of their works.

He also claims that checking every new user upload for whether it includes one of hundreds or thousands of specific copyrighted works somehow does not constitute “general monitoring” (Recital 39), which would be forbidden – now that’s some wishful lawmaking.

As Reda also points out, most of the EU member states appear to be supportive of these horrible ideas (or even pushing to make it worse). What now stands between this horrible law making a mess of the internet is just the EU Parliament which is currently scheduled to vote on this in late June (probably the 20th or 21st). If you are in the EU now is absolutely the time to speak up. If you're outside the EU, it also would help to speak up and let the EU Parliament know that this is a horrible idea that will have significant problems for the wider internet, free speech and innovation.

Even the best writers make errors, WhiteSmoke checks your work for grammar, spelling, punctuation, and style errors - so you never send off a flawed work email again. Whether you're writing on mobile or desktop, this easy-to-use software is compatible with all browsers, includes a translator for over 50 languages, and lets you perfect your writing virtually anywhere you do it. A 1 year subscription is on sale for $19.99 or pay once for unlimited access for $61.

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

Back during the 2016 election, when Wikileaks published John Podesta's leaked emails, Democrats freaked out and blamed Wikileaks, and even tried to lie about the validity of those emails. Many supporters of the Democratic party, to this day, believe that Wikileaks and/or Julian Assange should face legal consequences for publishing those hacked emails. Of course, Republicans cheered on that effort. Sean Hannity, who back in 2010 was screaming about how Assange was "waging his war against the U.S." by publishing the leaked documents from Chelsea Manning and demanding that Obama "arrest" Assange, is now seen as one of Assange's most vocal supporters even having him on his show.

But, of course, when the shoe is on the other foot, things change. Just recently, various news organizations started reporting on shenanigans by top Trump fundraiser, Elliott Broidy, based on a leak of Broidy's emails. Broidy's not taking this very well, issuing a subpoena to the Associated Press to try to uncover the news organization's source for his emails.

No one is saying that it's okay to hack into someone'e email. But in both cases we're talking about those who are upset about an email leak going after the organization publishing the details of the leak and blaming the messenger. Just because documents are leaked or hacked or obtained through questionable means, it does not mean that news organizations can't publish them. Nor does it mean that they have to hand over the details of their sources. But it is worth noting that I don't see anyone who was screaming about Wikileaks now supporting Broidy's demands to the AP. Nor do I see those who were defending Wikileaks now defending the Associated Press against Broidy.

It's almost as if most of the people on either side of this political horse race are determining which news orgs to support based on whose side the revelations help. That's... bad. We should support a free press and condemn attacks on news organizations when they're revealing newsworthy leaked information, no matter whether the news helps or hurts "your" side. Treating politics as a "red team" v. "blue team" sport leads to bad outcomes for everyone's rights.

As we've noted a few times now, however bad the recent Facebook and Cambridge Analytica scandal was, the nation's broadband providers have routinely been engaged in much worse behavior for decades. Yes, the Cambridge and Facebook scandal was bad (especially Facebook threatening to sue news outlets that exposed it), but the behavior they were engaging in is the norm, not the exception. And watching people quit Facebook while still using a stock cellphone (which lets carriers track your every online whim and offline movement) was arguably comedic.

As the recent Securus and LocationSmart scandal highlights, wireless carriers pretty routinely sell your location data to a laundry list of companies, governments, and organizations with only fleeting oversight. And while some lawmakers are pressuring the FCC to more closely investigate the scandal (which resulted in the exposure of wireless location data of some 200 million users in the U.S. and Canada), few expect the same FCC that just killed net neutrality to actually do anything about it.

When the previous FCC tried to pass some pretty modest privacy protections last year requiring that ISPs be more transparent about all of this, ISPs quickly took advantage of a cash-compromised Congress to scuttle those protections before they could even take effect:

This collective apathy to routine telecom sector privacy abuses has been going on for decades. You might recall that multiple ISPs were accused years ago of collecting and selling consumer clickstream data. When they were pressed for details, many simply either denied doing it or refused to respond. As more sophisticated network gear like deep-packet inspection emerged, ISPs began tracking and selling your online browsing habits down to the millisecond, some even charging users extra if they wanted to protect their own privacy.

But things got immeasurably more profitable once wireless carriers began tracking user location data, which they now sell to everyone from urban planners to government agencies. Companies like Verizon Wireless were subsequently caught covertly modifying wireless user data packets to track users around the internet without telling them. It took security researchers two years to even discover this was happening and another six months of public shame before Verizon even provided an opt out option (a more powerful version of the tech is now being used by Verizon's Oath advertising brand).

And yet even in the wake of the LocationSmart fracas, which literally exposed the private data of nearly everybody in America, we're still somehow only seeing a fraction of the media, regulatory or public outrage we saw during the Facebook and Cambridge kerfuffle:

"You might think that the major wireless carriers would be facing intense pressure to account for their lax handling of customers’ data. You might think the story would be all over newspapers’ front pages and cable news. You might think their CEOs would be hounded by the media, as Facebook’s Mark Zuckerberg was after the Cambridge Analytica story broke. You might think they’d be dragooned into testifying before Congress.

You might think that, if you expected a reaction commensurate to the one that accompanied the Cambridge Analytica revelations. And it’s conceivable that it will still happen. But so far, there has been none of that."

It remains odd that the press and public still don't realize how deep this particular rabbit hole goes. And whereas the Cambridge scandal made headlines for months, the location data scandal has barely registered a fraction of the collective outrage in media coverage or in DC. Meanwhile, wireless carriers are effectively refusing to even acknowledge they work with companies like LocationSmart, and there's little to no indication accountability is heading their direction anytime soon.

For many years (looong before this current administration), we've documented the problems with ICE, a government agency that has long been totally out of control, abusing its power and authority not just in dealing with immigration, but in literally seizing blogs, because Hollywood told them to do so. The organization has done nothing to improve its reputation over the years, and lately almost seems to relish in the free reign it has to act like complete thugs in uniform.

The latest story -- as with seizing blogs -- appears to have some serious First Amendment concerns, though there's no indication that ICE cares at all about that. In this story, ICE detained a journalist and is trying to have him deported because of that reporter's coverage of ICE activities. Freedom of the Press has the details, but the short version is that Manuel Duran, who fled El Salvador a decade ago over death threats there, has been living in the US and reporting for a few different Spanish language news organizations.

In April, he was reporting on immigration protests in Memphis when he was arrested. That, by itself, is problematic enough. All too often we've seen reporters being arrested for covering protests, despite multiple courts stating quite clearly that such arrests violate the First Amendment. Indeed, Duran's own case was dropped and the judge dismissed the case. However, ICE not only refused to let Duran out of jail, it transferred him to another ICE detention center, and are trying to deport him back to El Salvador.

Duran has been living in the United States for over a decade, since he fled from El Salvador after his life was threatened. His life is here, and this is his community. He has worked for Memphis publication Las Noticias for years, where he has done important reporting exposing ties between local police and ICE and covered immigration detention.

Duran’s attorneys say it is precisely this critical reporting that led law enforcement to target him. "The actions pursued by government officials in this case threaten core First Amendment freedoms that are essential to our democracy: the right to criticize and expose the actions of government officials, and the right of members of the press to write and publish about them," a legal filing by Duran’s attorneys states.

Duran wrote a statement from behind bars, which was read by his girlfriend at a press event in Memphis on April 16. “This episode in my life has not been easy, but I have taken it as an opportunity to learn first hand the drama and reality that our families are living when they are arrested by immigration and then deported,” it reads. “This is a cruel system that criminalizes people who pose no danger to this country.”

Once again, it appears that continuing to detain him is a clear attack on the First Amendment. Some will almost certainly argue that if he's undocumented, there's no excuse and he should be deported. But the fact that he was clearly targeted for his 1st Amendment protected activities should be a massive concern to everyone -- even those who agree with plans to deport undocumented people in America.