The dumpster fire that passes for security and privacy standards in the internet of things space is by now pretty well understood. It's also pretty clear that in this sector, "smart TV" vendors have been among the laziest sectors around in terms of making sure private consumer data is adequately encrypted, and that consumers understand that their viewing habits and even some in-room conversations are being hoovered up and monetized, usually sloppily.
Recent studies have found that upwards of 90% of smart TVs can be compromised remotely, and leaked documents have made it clear that intelligence agencies have been having a field day with the lack of security in such sets, easily exploiting paper-mache grade protections in order to use TV microphones to monitor targets without anybody being the wiser.
Meanwhile, set vendors and viewing tracking firms continue to do a pretty dismal job clearly explaining to the end user what data is being collected and monetized. The New York Times, for example, recently did a profile piece on a company named SambaTV, whose viewer-tracking software is now collects viewing data from 13.5 million smart TVs in the United States. Owners of these sets will find Samba's Interactive TV software already installed, and are told that the software simply lets you receive handy recommendations and experience TV "in a whole new way":
"Interact with your favorite shows. Get recommendations based on the content you love. Connect your devices for exclusive content and special offers. By cleverly recognizing onscreen content, Samba Interactive TV lets you engage with your TV in a whole new way."
But at no point during set up does the company really make it obvious just how much data is being collected or how it's used:
"Once enabled, Samba TV can track nearly everything that appears on the TV on a second-by-second basis, essentially reading pixels to identify network shows and ads, as well as programs on HBO and even video games played on the TV. Samba TV has even offered advertisers the ability to base their targeting on whether people watch conservative or liberal media outlets and which party’s presidential debate they watched."
That's certainly something that would never be abused, right? Especially since we keep seeing story after story after story about how anonymized data isn't really "anonymous", such data isn't particularly well protected, and consumers don't actually have the faintest understanding of what's being collected and monetized in the first place. Consumer advocates say that transparency about what data is collected remains utterly lacking, as most users of this software have zero understanding it can potentially even track their political leanings:
“It’s still not intuitive that the box maker or the software embedded by the box maker is going to be doing this,” said Justin Brookman, director of consumer privacy and technology policy at the advocacy group Consumers Union and a former policy director at the Federal Trade Commission. “I’d like to see companies do a better job of making that clear and explaining the value proposition to consumers."
The FTC last year fined TV vendor Vizio $2.2 million for hoovering up the viewing data on 11 million consumer TVs without consumers’ knowledge or consent. But FTC enforcement is inconsistent, and is often slow to address how companies now use numerous devices in concert (your smart phone, your home assistant, and your TV) to deepen in-home surveillance capabilities further. The rabbit hole gets deeper still when you consider that your ISP is also cashing in on your IOT device usage without much transparency or oversight thanks to the recent attacks on privacy rules and FCC authority over ISPs.
Quite often, such data hoovering systems are actively misrepresented as being of ambiguous benefit to the end user. And because users can technically dig through Samba's 4,000 word privacy policy and 6,500 word terms of use to discover what's actually happening (something companies know users won't do and may not even understand if they did), they're technically adhering to the law. Eventually we'll get around to working together on modernizations of the law, but pretty clearly not before years and dozens of additional privacy and security scandals drive the point home.
We've been covering the mess that is electronic voting machines for nearly two decades on Techdirt, and the one thing that still flummoxes me is how are they so bad at this after all these years? And I don't mean "bad at security" -- though, that's part of it -- but I really mean "bad at understanding how insecure their machines really are." For a while everyone focused on Diebold, but Election Systems and Software (ES&S) has long been a bigger player in the space, and had just as many issues. It just got less attention. There was even a brief period of time where ES&S bought what remained of Diebold's flailing e-voting business before having to sell off the assets to deal with an antitrust lawsuit by the DOJ.
What's incredible, though, is that every credible computer security person has said that it is literally impossible to build a secure fully electronic voting system -- and if you must have one at all, it must have a printed paper audit trail and not be accessible from the internet. Now, as Kim Zetter at Motherboard has reported, ES&S -- under questioning from Senator Ron Wyden -- has now admitted that it installed remote access software on its voting machines, something the company had vehemently denied to the same reporter just a few months ago. That was then:
In a statement, ES&S said, ‘‘None of the employees who reviewed this response, including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software.’’
This is now:
In a letter sent to Sen. Ron Wyden in April and obtained recently by Motherboard, Election Systems and Software acknowledged that it had "provided pcAnywhere remote connection software … to a small number of customers between 2000 and 2006," which was installed on the election-management system ES&S sold them.
This should be a massive scandal considering the potential impact on our democracy, but considering all the other scandals going on right now with the potential to impact our democracy, expect this one to not get nearly enough attention. Wyden's own comment on this is noteworthy:
Wyden told Motherboard that installing remote-access software and modems on election equipment “is the worst decision for security short of leaving ballot boxes on a Moscow street corner.”
As for the pcAnywhere software ES&S had installed on those voting machines, well...
In 2006, the same period when ES&S says it was still installing pcAnywhere on election systems, hackers stole the source code for the pcAnyhere software, though the public didn’t learn of this until years later in 2012 when a hacker posted some of the source code online, forcing Symantec, the distributor of pcAnywhere, to admit that it had been stolen years earlier. Source code is invaluable to hackers because it allows them to examine the code to find security flaws they can exploit. When Symantec admitted to the theft in 2012, it took the unprecedented step of warning users to disable or uninstall the software until it could make sure that any security flaws in the software had been patched.
Around this same time, security researchers discovered a critical vulnerability in pcAnywhere that would allow an attacker to seize control of a system that had the software installed on it, without needing to authenticate themselves to the system with a password.
So... that's disturbing.
Anyway, elections are a very tricky problem to do securely. It is a nearly impossible task. But there are lots of things that you clearly should not do, and for some reason, the e-voting manufacturers seem to want to do all of them, and don't seem particularly apologetic about any of it. And, while in the past the idea of hacking an election may have seemed far fetched and conspiracy-minded, these days... not so much. This is a key issue concerning our democracy, and the most incredible thing is how flippant many people are about all of this. Computer security professor Matt Blaze, who knows more about any of this than anyone reading this points out that "in the more than quarter century I've been doing computer security, I've never encountered a problem space nearly as difficult or complex as civil elections."
And yet, we're letting people who don't understand even the slightest bit of the problems and challenges run the show. What a mess.
SKEYE Nano 2 is the world's smallest camera drone, and boasts an unrivaled flying experience, streaming a real-time first person view of the tightest spaces directly to your smartphone. With adjustable gyro sensitivity and 6-axis flight control system, this tiny drone is easy to control for even the most novice pilots. Heck, if you're just controller-averse, you can even use your phone as a remote control thanks to on-board WiFi. It's on sale for $29. The skies are waiting!
Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.
So, yesterday the House Judiciary Committee did what the House Judiciary Committee seems to do best: hold a stupid, nonsensical, nearly fact-free "hearing" that serves as nothing more than an opportunity for elected members of Congress to demonstrate their ignorance of an important topic, while attempting to play to their base. This time, the topic was on the content filtering practices of Facebook, Twitter and Google. Back in May there was actually a whole one day conference in Washington DC on this topic. The Judiciary Committee would have been a lot better served attending that than holding this hearing. I'd recommend not wasting three hours of your life watching this thing, but if you must:
The shortest summary would be that some Republican members of Congress think that these websites censor too much conservative speech, and some Democratic members of Congress think that they don't censor enough other speech (including hoaxes and conspiracy theories)... and almost no one wants to admit that this is not even remotely an issue that Congress should be concerned about. There's a narrative that has been picked up by many that insist that social media platforms are unfairly censoring "conservatives." There is basically zero evidence to support this. Indeed, a thorough analysis of the data back in March by Nieman Labs and Newswhip found that conservative-leaning sites get much, much, much more engagement on Facebook than liberal-leaning sites.
But, never let facts get in the way of a narrative. Since that seems to be the way many hyperpartisan sites (at either end of the spectrum) deal with these things, Congress is helping out. The only bit of sanity, perhaps bizarrely, came from Rep. Ted Lieu, who reminded everyone of the importance of free markets, free speech and the fact that private platforms get to decide how they manage their own services. Considering that Republicans often like to claim the mantle of being the "small, limited government" party who wants the government's hands out of business regulation, the fact that most of the hearing involved Republicans screaming for regulating internet platforms and a Democrat reminding everyone about the importance of a free market, capitalism and free speech, it really was quite a hearing. Lieu's remarks were some of the rare moments of sanity during the hearing -- including defending Facebook leaving Alex Jones' conspiracy theories on its site. Let's start with that high point before we dive into the awfulness. His comments come at about 2 hours and 10 minutes into the video:
... we're having this ridiculous hearing on the content of speech of private sector companies. It's stupid because there's this thing called the First Amendment. We can't regulate content! The only thing worse than an Alex Jones video is the government trying to tell Google... to prevent people from watching the Alex Jones video. We can't even do it if we tried. We can't even do any legislation out of this committee. And we're having this ridiculous second installment hearing after the first hearing about Diamond and Silk not getting enough likes on Facebook.
He then went on to ask questions "so the American public understands what a dumb hearing this is." And those questions -- again -- seemed like the kinds more expected from supposedly "free market" conservatives. Specifically he asked the companies if they were private companies aiming to maximize profits for shareholders. And he wasn't doing that to show that companies were evil, he was doing that to show that that's how the free market works. He followed up with this:
I noticed all of you talked about your own internal rules. Because that's what this should be about. You all get to come up with your own rules. But not because government tells you what to do. Or because government says you have to rule this way or that way. And the whole notion that somehow we should be interfering with these platforms from a legislative, governmental point of view is an anathema to the First Amendment. And really it's about the marketplace of ideas.
Kudos to Rep. Lieu. This is the kind of speech that you'd normally expect to hear from a "small government" conservative who talks about respecting the Constitution. But, in this case, it's a Democrat. And it's shameful that others (on both sides of the aisle) weren't making the same point. Instead, there was a ton of pure nonsense spewed from the Republicans at the hearing. It's hard to fathom that the following statements were made by people we've actually elected to our legislative body. There were so many dumb statements made that it's difficult to pick out just a few.
Let's start with Rep. Steve King, who has made quite a name for himself saying and repeating bigoted nonsense. Starting at about an hour and five minutes in the video, King seemed particularly concerned about traffic to Gateway Pundit, a site famous for trafficking in utter nonsense.
It's a matter of Congressional record that Gateway Pundit, Mr. Jim Hoft, has introduced information into the record that in the span of time between 2016 and 2018, he saw his Facebook traffic cut by 54%. Could you render an explanation to that?
Um... what? How the hell is it of any concern to Congress whatsoever the traffic a single site gets? And, as we were just discussing recently, traffic to lots of news sites from Facebook has dropped massively as Facebook has de-prioritized news. In that post, we pointed out that Slate was self-reporting a drop in Facebook traffic over that same period of time of 87%. Based on that, why isn't King asking about Slate's traffic dropping? Perhaps because Gateway Pundit publishes the kind of nonsense King supports and Slate points out that King is a bigot?
And... isn't that, again, kind of the point of the First Amendment? To protect news sites from having Congress play favorites?
Incredibly, King then concludes his time by first claiming he's all for free speech and free enterprise, but wonders about turning social media sites into regulated utilities.
I'm all for freedom of speech and free enterprise and for competition and finding a way that we can have competition itself that does its own regulation, so government doesn't have to, but if this gets further out of hand, it appears to me that Section 230 needs to be reviewed, and one of the discussions that I'm hearing is 'what about converting the large behemoth organizations that we're talking about here into public utilities.'
Are we living in an upside down world? A Democrat is praising the free market, profits and free speech, and a Republican is advocating for limiting free speech and in favor of turning some of the most successful US companies into public utilities? What is even going on here?
Around an hour and 18 minutes, we get our old friend Rep. Louis Gohmert, who has a fairly long and extensive history of making the dumbest statements possible concerning technology issues. And he lived down to his usual reputation in this hearing as well. It starts off by him trying to play down the issue of Russian interference in elections, by claiming (?!?) that the Russians helped Truman get elected, and then claiming that Russians had helped basically every Democratic President get elected in the past 70 years. And then spent a long time trying to complain that the platforms wouldn't tell him if Chinese or North Korean intelligence services had also used their platforms. Remember, these companies were asked to come and testify specifically about Russian use of their platforms to interfere with the election and Gohmert stepped in with this insane "what about other countries, huh?" argument:
Gohmert: I need to ask each of you. You've been asked specifically about Russian use of your platforms. But did you ever find any indication of use of your platform, utilized by the Chinese, North Korea, or any other foreign country intelligence or agency of that country. First, Ms. Bickert?
Bickert/Facebook: I would note, Congressman, that we're not in North Korea or China. In terms of whether we've seen attacks on our services, we do have -- we are, of course, a big target -- we do have a robust security team that works...
Gohmert: Well, but that's not my question. It's just a very direct question. Have you found... You don't have to be in North Korea to be North Korean Intelligence and use... We have foreign government intelligence agencies IN THIS COUNTRY. So have... It seems to me you were each a little bit vague about "oh yes, we found hundreds" or whatever. I'm asking specifically, were any of those other countries besides Russia that were using your platform inappropriately? It should be a yes or no.
Actually, no, it shouldn't be a yes or no. That's a dumb and misleading question for a whole long list of reasons. Of course, lots of other intelligence agencies are using Facebook, because of course they are. But, the entire point of this line of questioning seems to be Gohmert trying to play down Russian use of the platform, which is... odd. Especially after he started out by praising the fact that maybe the Russians might help "our side" get elected going forward.
Bickert: I don't have the details. I know we work to detect and repel attacks...
Gohmert: I know that. But were any of them foreign entities other than Russia?
Bickert: I can certainly follow up with you on that.
Gohmert: SO YOU DON'T KNOW?!? You sure seemed anxious to answer the Democrats questions about RUSSIA's influence. And you don't really know of all the groups that inappropriately used your platform? You don't know which were Russians and which were other foreign entities?
No, that's not what she's saying at all. She's pretty clearly saying that this hearing was specifically about Russian influence and that's what she was prepared to testify on. She didn't say that Facebook can't tell Russians from other entities, just that the other entities aren't the ones accused of messing with the election and thus there isn't that much relevant right now. But that's quite a deflection attempt by Gohmert.
Let's move on to Rep. Tom Marino at about an hour and a half into the video. Marino seems to have a fairly bizarre understanding of the law as it concerns defamation. He focuses on the guy from Twitter, Nick Pickles, and starts out by reading a definition of "libel." Then he asks
Have any of you considered libel? Or do you think you are immune from it?
This is an incredibly stupid question. Twitter is clearly not immune from libel. Marino's line of questioning is an attempt to attack CDA 230, which provides immunity to Twitter from liability for defamatory statements made by its users. This is an important distinction that Marino conveniently ignores as he continues to bug Pickles.
Pickles: We have clear rules that governs what happens on Twitter. Some of those behaviors are deplorable and we want to remove them immediately... So, terrorist content is one example, where we now detect 95% of the terrorist accounts we remove...
Marino: Okay, I understand that sir. But how about... we in Congress, we put up with it all the time. I know we're public officials, same with people in the movies... but do you specifically look for and address... republication can be used in a defamation case. Do you look at libel and defamation content?
I don't even know what that means. Do you look at libel content? What? How does Twitter know if something is libelous? Especially against public officials? How is Twitter supposed to make that judgment when that's what courts are there to figure out? And, for what it's worth, Twitter has been known to abide by court rulings on defamatory speech in deciding to take down that content, but Marino seems to be asking if they make an independent judgment outside of the courts of what's libelous. Which is both crazy and impossible. Pickles makes a valiant effort in response, noting how Twitter focuses on its rules -- which is all that it's required to do -- but Marino clearly seems to want to attack CDA 230 and magically make Twitter liable for libelous content on its platform. After Pickles again explains that it focuses on its rules, rather than making judicial rulings that it cannot make, Marino puts on a dumb smirk and makes another dumb statement:
With all due respect, I've heard you focus on your rules about 32 times. DO. YOU. LOOK. FOR. LIBEL. OR. DEFAMATION. IN. YOUR. COMPANY'S. OPINION?
You can't "look for libel or defamation" like that. That's not how it works. Marino is a lawyer. He should know this. The Facebook and YouTube representatives neatly sidestep Marino's silly line of questioning by pointing out that when informed of legal rulings determining "illegal" speech, they take it down. Marino doesn't even seem to notice this very specific distinction and asks "where do you draw the line?"
At an hour and forty minutes, we have everyone's favorite, Rep. Lamar Smith, author of SOPA back in the day. He spews more utter nonsense claiming conservatives have been more negatively impacted by the moves of these social media companies, and then (bizarrely) argues that Google employees forcing the company not to help surveillance activity is somehow an attack on conservatives. Excuse me? Conservatives don't support the 4th Amendment any more? Say what? But the real craziness is this line:
Google has also deleted or blocked references to Jesus, Chick-Fil-A and the Catholic religion.
I'm going to call time out here and note [citation needed] on that one, Smith. Google pretty clearly shows me results on all three of those things. I've been trying to figure out what the hell he's referring to, and I'm guessing that Smith -- in his usual Smithian nonsensical way -- is confusing Google for Facebook, and Facebook's bad filter that initially blocked a page about "Chick-fil-Appreciation Day," and some Catholic church pages. The "Jesus" blocking is also Facebook and was in reference to an ad for a Catholic university.
All of these examples were not, as Smith implies, evidence of "liberal bias" on behalf of Facebook, but rather evidence of why it's so problematic that governments are putting so much pressure on Facebook to magically filter out all of the bad stuff. That's not possible without making mistakes. And what happens is that you set up guidelines and those guidelines are then handed to people who don't have nearly enough time to understand the context, and sometimes they make mistakes. It's not bias. It's the nature of trying to moderate millions of pieces of content every damn day, because if they don't, these same idiots in Congress would be screaming at them about how they're letting the bad content live on. I mean, it's doubly ridiculous for Smith to use the Jesus example as even the guy who bought the ad, the university's web communications director, specifically said that he didn't believe it had anything to do with bias, but was just a bad decision by an algorithm or a low level staffer.
Finally (and there are more, but damn, this post is getting way too long) we get to Rep. Matt Gaetz. At around an hour and 55 minutes into the hearing, he suddenly decides to weigh in that the First Amendment and CDA 230 are somehow in conflict, in another bizarre exchange between Gaetz and Twitter's Pickles.
Gaetz: Is it your testimony or is it your viewpoint today that Twitter is an interactive computer service pursuant to Section 230 sub c(1).
Pickles: I'm not a lawyer, so I won't want to speak to that. But as I understand, under Section 230, we are protected by that, yes.
Gaetz: So Section 230 covers you, and that section says "no provider of an interactive computer service shall be treated as the publisher or speaker of any information provided by another"... is it your contention that Twitter enjoys a First Amendment right under speech, while at the same time enjoying Section 230 rights?
Pickles: Well, I think we've discussed the way the First Amendment interacts with our companies. As private companies we enforce our rules, and our rules prohibit a range of activities.
Gaetz: I'm not asking about your rules. I'm asking about whether or not you believe you have First Amendment rights. You either do or you do not.
Pickles: I'd like to follow up on that, as someone who is not a lawyer... I think it's very important...
Gaetz: Well, you're the senior public policy official for Twitter before us and you will not answer the question whether or not you believe your company enjoys rights under the First Amendment?
Pickles: Well, I believe we do, but I would like to confirm with colleagues...
Gaetz: So what I want to understand is, if you say "I enjoy rights under the First Amendment" and "I'm covered by Section 230" and Section 230 itself says "no provider shall be considered the speaker" do you see the tension that creates?
There is no tension there. The only tension is between the molecules in Gaetz's brain that seemed to think this line of nonsensical argument makes any sense at all. There is no conflict. First, yes, it's obvious that Twitter is clearly protected by both the First Amendment and CDA 230. That's been established by dozens of court rulings with not a single ruling ever holding otherwise. Second, the "tension" that Gaetz sees is purely a figment of his own misreading of the law. The "no provider shall be considered a speaker" part, read in actual context (as Gaetz did earlier) does not say that platforms are not speakers. It says that they are not considered a speaker of other people's speech. In fact, this helps protect free speech by enabling internet platforms the ability to host any speech without facing liability for that speech.
That helps protect the First Amendment by ensuring that any liability is on the speaker and not on the tool they use to distribute that speech. But Twitter has its own First Amendment rights to determine what speech it decides to keep on its site -- and which speech it decides not to allow. Gaetz then, ridiculous, tries to claim that Pickle's response to that nonsensical response is somehow in conflict with what Twitter's lawyers have said in the silly Jared Taylor lawsuit. Gaetz asks Pickles if Twitter could kick someone off the platform "for being a woman or being gay." Pickles points out that that is not against Twitter's rules... and Gaetz points out that in the Taylor case, when asked the same question, Twitter's lawyers stated (1) that Twitter has the right to do so but (2) never would.
Again, both Pickles and Twitter's lawyers are correct. They do have that right (assuming it's not a violation of discrimination laws) but of course they wouldn't do that. Pickles wasn't denying that. He was pointing out that the hypothetical is silly because that's not something Twitter would do. Twitter's lawyers in the case were, correctly, pointing out that it would have the right to do such a nonsensical thing if it chose to do so, while also making it clear it would never do that. Again, that's not in conflict, but Gaetz acts as if he's "caught" Twitter in some big admission.
Gaetz falsely then claims that Pickles is misrepresenting Twitter's position:
Right but it is not in service of transparency if Twitter sends executives to Congress to say one thing -- that you would not have the right to engage in that conduct -- and then your lawyers in litigation say precisely the opposite.
Except that's not what happened at all. Pickles and the lawyers agreed. At no point did Pickles say that Twitter did not have "the right" to kick people off its platform for any reason. He just noted that it was not a part of their policy to do so, nor would it ever be. That's entirely consistent with what Twitter's lawyers said in the Taylor case. This is Gaetz making a complete ass out of himself in completely misrepresenting the law, the constitution and what Twitter said both in the hearing and in the courthouse.
Seriously, people, we need to elect better Representatives to Congress. This is embarrassing.
We've noted repeatedly that while Silicon Valley giants like Facebook and Google are portrayed as net neutrality supporters, that hasn't been true for many years now. Google stopped giving a damn about the idea back in 2010 or so when it started eyeing the broadband (Google Fiber) and wireless (Android, Project Fi) markets. Similarly, Facebook has never really been much of a genuine supporter, and has actively undermined the concept of net neutrality overseas in developing nations. Once they became powerful and wealthy enough, they stopped seriously worrying about the threat posed by broadband monopolies.
But as Netflix has grown more powerful, its advocacy for net neutrality has waned proportionally. The company has repeatedly made it clear that now that it's large and successful, it no longer really has to worry about being bullied by ISPs like Comcast, since it can now afford to pay the abitrary troll tolls they're keen on erecting around the internet:
"It’s not narrowly important to us because we’re big enough to get the deals we want,” Hastings said. It was a candid admission: no matter what the FCC decides to do with Title II, Netflix isn’t worried about its ability to survive. Hastings says that Netflix is “weighing in against” changing the current rules, but that “it’s not our primary battle at this point” and “we don’t have a special vulnerability to it."
That's arguably myopic, and it's unlikely the next Netflix is quite so confident. Because Netflix is wealthy and powerful enough to fend off anti-competitive efforts by AT&T, Verizon and Comcast, doesn't mean the death of the rules won't be problematic for thousands of small businesses, startups and entrepreneurs who'll be operating on a decidedly-tilted playing field.
Netflix doubled down on its myopia this week during the company's conference call with analysts and the media, when CEO Reed Hastings tried to insist that the death of net neutrality rules here in the States was no big deal. Why? Apparently, "consumer expectations" will somehow magically keep telecom giants on their best behavior:
"Around the world net neutrality has won as a consumer expectation," Hastings said Monday during a video discussion of Netflix's second-quarter financial performance. "Broadly around the world consumers have the expectation and ISPs are delivering it," he added, referring to Internet service providers.
"The net neutrality advocates have won the day in terms of those expectations," he said.
That's not how any of this works.
Consumers can have all the "expectations" they want in terms of a healthy, open internet. But expectations mean nothing in the face of limited broadband competition and napping or compromised regulators, since there will soon be no penalty for behaving anti-competitively. ISPs right now are on their best behavior because they're worried about adding fuel to the looming lawsuits against the FCC. But should ISPs win in court, we'll quickly get a crash course on how little "expectations" will matter in the face of unchecked monopoly power.
Human Rights Watch has identified two forms of this technique that the Drug Enforcement Administration (DEA) has used or, evidence suggests, has contemplated using. One involved the undercover sale of BlackBerry devices whose individual encryption keys the DEA possessed, enabling the agency to decode messages sent and received by suspects. The second, as described in a previously unreported internal email belonging to the surveillance software company Hacking Team, may have entailed installing monitoring software on a significant number of phones before attempting to put them into suspects’ hands.
The DEA broke ranks (at least publicly) with Italy's exploit/malware vendor Hacking Team after it was (ironically) hacked and its internal communications fed to Wikileaks. That the DEA would purchase exploits and hacking tools wasn't surprising. Neither was the fact that these tools had never been discussed in a courtroom setting. (See above re: parallel construction.) What was more disappointing than surprising was that a US government entity would choose to do business with a company caught selling hacking tools to UN-blacklisted countries.
The big news here is the compromised phones. The DEA held encryption keys for phones sold to drug dealers in order to intercept communications like texts and email. The affidavit [PDF] obtained by Human Rights Watch raises cart/horse questions about the legality of the interceptions. While wiretap warrants were obtained (and quite easily -- these were routed through Southern California's particularly DEA-friendly courtrooms), the narrative in the sworn statements doesn't state clearly whether these warrants were obtained before the interceptions began. In fact, one statement made in the affidavit seems to indicate the interceptions from the compromised phones were used to buttress claims in warrant requests. From the affidavit:
[O]n April 10, 2011, [suspect John] Krokos in Mexico contacted SA Burkdoll and asked for another EBD [encrypted Blackberry device]. The next day, on April 11, 2011, SA Burkdoll, in an undercover capacity, provided [suspect Ismael] Tomatani with a new EBD for $1,000 in the parking lot of a Home Depot store in West Hills, California. Two days later, Tomatani began communicating with [suspect Eduardo] Olivares over the EBD. A variety of relatively plain drug communications were intercepted over Tomatani's EBD as he communicated with Olivares on the new EBD.
[...]
I am aware that, on May 16, 2011, signed an order for the wiretap interception of both the EBD and cellular telephone being used by Olivares.
The wiretap order to intercept communications came nearly a month after the interception began. And that warrant targeted only the communications originating from Olivares' devices. Nothing in the affidavit narrative says anything about obtaining wiretap warrants for the EBDs supplied to Tomatani and Krokos.
There's also nothing in the paperwork suggesting the plan to sell suspects compromised devices was ever run past a judge. Considering the sole purpose of these devices was to facilitate the interception of communications, you'd think judicial approval would have been sought to ensure the collected evidence would survive a suppression motion. (There's also discussion of the DEA repeatedly using "slap on" GPS tracking devices to track suspects' movement without seeking warrants first. Of course, some of this happened before the Supreme Court (sort of) ruled law enforcement should seek warrants before placing tracking devices on vehicles, but the practice appears to have continued past the 2012 ruling.)
Another, longer affidavit [PDF] from SA Burkdoll (the agent that sold the drug dealers the compromised phones) suggests the agency had been seeking wiretap warrants for a number of devices and landlines since 2010, which would be prior to the sale described in the other affidavit.
Even if the wiretap warrants preceeded the interceptions, the delivery of compromised phones to criminal suspects is still a questionable tactic. For one, nothing suggests this plan had been run by anyone outside of the DEA to vet the tactic for legality or constitutionality.
Second, this isn't the sort of thing you want investigative agencies to do regularly. There are all sort of side effects and the omnipresent mission creep problem to be considered.
The US government’s policies for secretly distributing devices it has compromised by obtaining encryption keys or installing surveillance tools largely remain unknown. Documents the Federal Bureau of Investigation (FBI) disclosed in 2011 mention seeking a warrant explicitly for a “two-step” process of installing a spying mechanism on a US computer and then carrying out surveillance, but it is unclear whether the DEA has adopted similar standard procedures for the measures it has used or considered.
Under international human rights law, all surveillance methods that interfere with privacy should be authorized by clear, publicly available laws; be subject to approval by a court or other independent body for specific purposes such as protecting public safety or national security; and be proportionate to those aims. Undermining the security of devices to conduct surveillance could have long-term repercussions for privacy, including for people other than the original intended surveillance targets, making it all the more important for the Justice Department to disclose its policies regarding these tactics.
This isn't to say the government should never engage in these tactics. Sometimes it's necessary. But subterfuge involving compromised devices and muddy wiretap warrant timelines isn't the way to do it.The agency has shown it's more than willing to launder its tainted evidence -- both to hide its true origin from defendants and to hide its methods from the rest of the world. The agency's past actions indicate respect for people's rights (along with their personal property/lives) is pretty low on its list of priorities. So, if further revelations show a lack of candor -- either in court or to its oversight -- it won't surprise anyone.
Roughly a year ago, Shipyard Brewing Co. launched its bid for title holder of the single dumbest trademark lawsuit in the beer industry. The lawsuit against Logboat Brewing came as a result of two concerns. First, both breweries have the word "ship" on some packaging and include images of ships on that packaging as well. Lost on Shipyard appeared to be Logboat's use on its Shiphead brand was that of a woman with hair that somehow was a ship, whereas Shipyard merely had ships in water. That made the trade dress and trademarks fairly distinct. That may be the reason Shipyard coupled that concern with a second, namely that both breweries used the word "head" in their respective brands, with Shipyard having trademarks on brews such as "pumpkinhead" and "applehead." The theory, I guess, was that these two factors that on their own were not valid trademark complaints combined to form one that was.
This is where the narrator would jump in and say: "That theory was wrong." The judge presiding over the dispute didn't buy into Shipyard's claims and completely rejected Shipyard's claims in a very thorough ruling. Let's start with the trade dress issue. Do you think these cans look similar?
The answer is "of course not" and that's exactly what the ruling says:
In fact, the cans look very different from each other. Shipyard’s can is beige with a red
bar at the top and bottom. Logboat’s can is white, with a black band towards the top and towards
the bottom. SHIPYARD appears in an arc of blue letters of fairly uniform size, in a clean,
straight font, outlined in white with a dark shadow. SHIPHEAD appears in wavy black letters
outlined in white, with the first and last letters significantly larger than the rest, and the last three
letters in the words “SHIP” and “HEAD” sloping downward in keeping with the triangular space
between the sails of the pictured hairdo. The “S” in Shiphead has the tail of a marine animal. Prominent on the Shipyard can is an image of a ship in water. Prominent on Logboat’s can is an
image of a woman carrying three cans of beer in one hand, with fish to one side, and with her
dark hair styled in the form of a ship. No reasonable person viewing either can could confuse
one for the other.
Okay, okay, but Shiphead said it's not just about the trade dress of the design, but also the names! The names are so similar, no? No.
Shipyard argues that its SHIPYARD mark and Logboat’s SHIPHEAD GINGER
WHEAT mark “look and sound alike” because they share “six out of eight letters.” But no
reasonable juror could conclude that the terms “yard” and “head” independently are similar in
look or sound, outside of the negligible fact that they both end with the letter “d.” The only real
similarity between SHIPYARD and SHIPHEAD GINGER WHEAT is the term “ship,” and
Shipyard has admitted that “ship” is a generic term, not subject to trademark protection....
Shipyard refers to a place where ships were built and repaired, a physical space. The
term has been used in the English language since at least 1647. See Merriam-Webster
dictionary, https://www.merriam-webster.com/dictionary/shipyard (last accessed April 26,
2018). The term “Shiphead,” on the other hand, is not part of the English language. See
Merriam-Webster dictionary, https://www.merriam-webster.com/dictionarysShiphead. The term
was invented by an artist, a friend of the Logboat founders, to describe a fanciful vision of a
woman with hair coiffed in the shape of a ship.
You know you're in trouble when the judge is mocking your claims by breaking out the non-existent Merriam-Webster's definition of a word you claim infringes on your trademark.
Judge Nanette K. Laughrey went on to note that the beers are primarily sold in completely different markets and there's little evidence of competition (or even that Logboat had ever heard of Shipyard beer). The ruling is filled with various quips that suggests Judge Laughrey is perplexed as to how anyone could have though this was a worthwhile lawsuit to file. It dismantles Shipyard's argument piece by piece. For example, Shipyard claimed that there was a likelihood of confusion because of the "public recognition and renown" of its brand, and the Judge basically snorts "what renown?" and points out that the company failed to present any such evidence:
Shipyard submits
deposition testimony indicating that it has expended more than $1 million in advertising “in
years past.” ... However, Shipyard claims to have been using
the SHIPYARD mark since 1992.... Yet, Shipyard does not direct the Court to any evidence indicating when, during the
26 years it purports to have been doing business, it spent dollars on advertising....
Nor does Shipyard explain what the nature of the advertising was, or where it was directed.
There is no evidence in the record indicating that Shipyard directed any advertising efforts at
Missouri consumers.
Not enough? If the beer is so renown in Missouri (where Logboat sells its beer), surely there must be lots of sales there? Except... no.
Yet, although Shipyard
initiated this action in May 2017, Shipyard has supplied evidence of sales from only 2016 and
2017.... (“Shipyard has sold thousands of cases of beer in Missouri.”)
(... which state that Shipyard sold 1,247 cases of beer in Missouri in 2016,
and fewer than 1,000 cases of beer in Missouri in 2017); ...
(“ZEROREZ's market share has increased from 3% in 2006 to roughly 20% at the time the
Complaint was filed.”). Thus, even assuming that Shipyard made all of the referenced 2017
sales before it brought this action, the record at best shows that Shipyard has sold fewer than
2,250 cases of beer in Missouri. Shipyard has not provided any evidence suggesting that this is a
sizable number. Furthermore, Shipyard has supplied no evidence of sales from outside of
Missouri.
Yes, that's the judge mocking the size of Shipyard's Missouri sales.
Shipyard's attempt to claim that the smoking gun was the fact that Logboat briefly called the yard in front of its taproom "The Shipyard" also gets a pretty decent benchslapping:
The fact that, by July 2015 (when Shipyard apprised Logboat of its infringement
suspicions), Logboat was referring to the grassy area in front of its taproom as “The Shipyard,”
and the fact that the founders thought the name “fit with the theme of [their] brewery” does not
amount to evidence of intent to confuse customers looking to purchase SHIPYARD beer. The
fact that, for a limited time, a grassy area in front of the taproom was described as a “yard” is
unremarkable, and the fact that a brewery named “Logboat” called an adjacent patch of grass the
“Shipyard” is not evidence—direct or indirect—of intent to confuse customers of Shipyard beer
into purchasing Logboat beer instead. Indeed, Logboat had ceased describing the yard as the
“Shipyard” by January 2016, and thereafter called it “The Park” instead—which evidences a
desire to avoid confusion. As discussed above, “shipyard” is a word in the English language,
and the use of the term in reference to a space adjacent to a taproom, rather than in relation to
any product purportedly competing with Shipyard, does not constitute even indirect evidence of
intent to confuse.
The Judge also points out that that Shipyard's claim isn't just silly, it's a massive overreach in an attempt to prevent Logboat from even experimenting with different flavored beers:
Finally, Shipyard’s contention that Logboat’s limited sales of Raspberry Shiphead Ginger
Wheat beer and Jasmine Shiphead Ginger Wheat beer are “in direct competition and overlap
with Shipyard’s HEAD flavored beers, thereby knowingly expanding its use and intentionally
amplifying the likelihood of confusion,” is unconvincing. Logboat did not co-opt Shipyard’s
“—HEAD” branding style. It did not call the beers “Rasberryhead” or “Jasminehead.” Instead,
Logboat added a descriptive element to its own properly registered mark to reflect what Shipyard
itself describes as “a unique flavor profile . . . .” . Accepting Shipyard’s argument
would require precluding Logboat either from adding any new flavors to its ginger wheat beer, or
from accurately describing any new flavors it adds to its ginger wheat beer. In other words,
Shipyard’s proposed prohibition against adding any terms descriptive of flavor or aroma to the
Shiphead Ginger Wheat beer would prevent Logboat from experimenting and innovating with
the beer itself—an unreasonable and untenable result for an action to protect a trademark.
Somewhat strangely, the folks at Shipyard both haven't taken to the judge's lesson on trademark law and still seem to want to exert some control over Logboat's product packaging.
“We still feel it’s an infringement and the judge didn’t,” said Fred Forsley, the founder and president of Shipyard Brewing. He said he plans to call the owners of Longboat Brewing to see if the two companies can work out an arrangement to avoid any confusion in the future.
That sounds like activity that would have been appropriate a year and a half ago, before the lawsuit was ever filed. After all, there has been a longstanding tradition of congeniality within the craft brewing business. But after it attempted to bully them with a stupid trademark lawsuit, why in the world would Logboat bother returning Shipyard's calls?
from the time-to-start-kicking-against-the-pricks dept
Cops lie. This is a fact. As a business owner, it is in your best interest to oust known liars from your premises, if only for liability reasons. Sure, this will result in backlash from cop supporters, but so will the alternative.
Cops have placed themselves on a plateau of humanity far above their fellow citizens. Any perceived slight becomes a reason to drape themselves in an appropriated American flag and decry the masses for failing to show them the respect they feel they have no duty to earn.
There have been several reports of low-wage fast food employees saying and/or doing mean things to cops in their restaurants. Sometimes, these things have actually happened. What officers fail to understand is that most employees of restaurants have zero respect for a majority of their customers. Add a blue uniform and an air of sanctimoniousness, and cops can easily fly up the ranks of the disrespected.
But cops don't help their own case by lying about things that happened. And even if they're not outright lies, they're severe miscontruals of the actual events. In April of 2016, an officer claimed he was drugged by a Subway employee who supposedly spiked his soda as he went through the drive-thru. Drug tests of the drink and the cop cleared Subway and its employee of any wrongdoing. It also netted the accused teen -- who was arrested and charged -- a $50,000 payout from the city of Layton, Utah.
Roughly a year after that, a Raleigh (NC) police union's Facebook post -- accusing a local restaurant of serenading officers with N.W.A.'s "Fuck tha Police" -- went viral. A review of the restaurant's CCTV footage showed this never happened. An employee apparently mouthed the words at an officer from 25 feet away. That employee quit when the investigation began. The backlash only halted when the police department itself stepped up to say the union's post was full of shit.
Raleigh Police Department Chief Cassandra Deck-Brown [...] released a statement Wednesday concurring with the owner, David Harris, and his attorney Mark O’Mara.
[...]
On Wednesday, Deck-Brown said two officers saw one employee make eye contact with them and mouth the words “F--- the Police.”
“There was no singing. There were no other employees involved,” Deck-Brown said. “Because of the subtle nature of this act, it was not witnessed by anyone else in the store.”
After looking at video, Harris and O’Mara and others could find no evidence that employees were singing at the police or even speaking with them during the nearly half-hour they were in the restaurant.
The restaurant suffered severe reputational damage. Meanwhile, the police union refused to apologize for the lies it had posted to Facebook. The restaurant may have been cleared by the Chief of Police, but the union representing the lying cops who had fabricated a story about a cop-hating restaurant downplayed its own involvement in this debacle, stating only that not "all" of the info in its original post had been "accurate."
A police officer's complaint that a fast food burger he ordered came sprinkled with dirt created a flame-broiled Facebook sensation Wednesday before an investigation found that a seasoning mix was the likely culprit.
Fort Myers police Officer Tim McCormick posted on Facebook about a meal he was recently served at the Burger King on Cleveland Avenue at Winkler Avenue. He said that the burger looked like it had dirt on it but didn't notice it until he was down to the last bite. He then tossed the sandwich.
18,000 Facebook shares later, Officer McCormick has deleted his post. But he has yet to offer his apology for being unable to identify substances present on almost all Burger King burgers.
Given the damage officers can do when they act before all the facts are in, why would any restaurant want their business? When officers are fabricating stories and misidentifying rare substances like, um... black pepper, why would any business owner want to serve such supremely risky customers?
Sure, not every cop is going to lodge a bullshit complaint because he didn't like how a restaurant employee eyeballed him during service, but why roll the dice? Officers and their unions can do an incredible amount of damage to small businesses in a short period of time. When the facts do come out, they simply delete posts and walk away from wreckage they've left behind without so much as an apology. And if they do find themselves on the receiving end of a lawsuit for their actions, it's the taxpayers left footing the bill -- a group of unwilling lenders that includes the same small business owners victimized by the officers' lies and exaggerations.
Play it safe, restaurant owners. Invite officers to start making their own meals at home where the only parties likely to receive collateral damage for food and service-based complaints will be officers' spouses and children. It just makes financial sense.
One of the most dangerous aspects of SOPA and other copyright proposals is the idea of moving enforcement and liability further down the stack of technology that powers the internet, even all the way to the DNS system. Although SOPA's DNS-blocking proposals were heavily criticized and the bill ultimately defeated, the idea of deep-level copyright enforcement has lived on and been implemented without changes to the law. This week our returning guest, law professor Annemarie Bridy, discusses how private agreements have quietly recreated some of the worst parts of SOPA.
While the best chance of reversing the FCC's attack on net neutrality still likely rests with the courts, an uphill effort to restore the FCC's 2015 rules via Congress appears to have taken a small step forward this week.
The Congressional Review Act lets Congress reverse a regulatory action with a simply majority vote in the Senate and the House (which is how the GOP successfully killed FCC consumer broadband privacy protections last year). And while the Senate voted 52 to 47 back in May to reverse the FCC's attack on net neutrality, companion efforts to set up a similar vote in the House have, as expected, had a hard time gaining traction thanks to ISP lobbying influence.
"The fight to keep the internet open belongs in Congress, not at the Federal Communications Commission,” said Representative Coffman. “The American people deserve to know that their elected officials, not unelected bureaucrats, are fighting for their interest. That fight begins with my bill, which will create an ‘internet constitution’ with the foundational elements of net neutrality."
“While my bill moves through the Congress, I am taking an ‘all of the above’ approach by simultaneously signing the discharge petition on the CRA, and introducing my bill” added Coffman.
A discharge petition needs 218 votes to even see floor time, and another 218 votes to pass the measure. So far however, the petition only currently has 172 likely votes -- 173 with Coffman's cooperation. It remains a steep uphill climb, and even if it passes it will need to avoid a veto by President Trump, who has yet to signal he has the faintest idea what the fight is even about.
As we've long noted, ISPs have spent the better part of fifteen years successfully (but idiotically) framing net neutrality as a partisan issue to sow debate and stall progress. Except the idea of keeping the internet a level playing field free from monopoly meddling has broad, bipartisan public support for what should be obvious reasons. The rules were a stop gap measure until somebody decided to actually do something about the lack of competition in the sector, something both parties have a long-standing habit of trying to ignore for fear of stifling AT&T, Verizon, and Comcast campaign contributions.
Coffman's bill (pdf), meanwhile, comes amidst efforts by ISPs to pass legislation they wrote in a bid to prevent tougher state or federal rules from being passed (or the 2015 FCC rules being restored in case of a court loss). Having read the bill it's weaker than the FCC's 2015 rules, carving out numerous loopholes for things like interconnection shenanigans, usage caps and zero rating, and "reasonable network management" (a term ISPs love to abuse). It also isn't likely to survive Marsha Blackburn's committee in the House, since she has her own even weaker, ISP-favored legislation she's been pushing.
It's Coffman's decision to join the CRA repeal that's more interesting, though that effort too has a long way to go before it sees any serious traction. Politicians facing re-election may want to join to avoid being vilified by activists ahead of the midterms, but most House Republicans likely deem net neutrality as too confusing and fringe of an issue for their opposition to really pose much of an existential threat.
RSS
