So we already knew numerous reporters, the GAO, and the New York State AG's office are already looking into who was behind the millions of bogus comments that plagued the FCC's net neutrality repeal. And we've already noted how the Ajit Pai FCC has been trying its very best to hinder those inquiries, whether we're talking about the way that it has been blocking and stalling on journalist FOIA requests, or actively ignoring numerous, previous inquiries from law enforcement.

The FCC's efforts to obfuscate the culprit by refusing to share data on this subject may have just become more... complicated. Over the weekend, Daily Beast reporter Kevin Collier noted that two additional AG's offices (Massachusetts and Washington, DC) -- and the FBI -- have also started digging into those fake comments as well:

"The Justice Department is investigating whether crimes were committed when potentially millions of people’s identities were posted to the FCC’s website without their permission, falsely attributing to them opinions about net neutrality rules, BuzzFeed News has learned. Two organizations told BuzzFeed News, each on condition that they not be named, that the FBI delivered subpoenas to them related to the comments."

New York's AG began its investigation last year, but stated in a public letter a year ago that the FCC had actively blocked all efforts by the AG to obtain server, API, and other data that could help identify who was behind the fraudulent comments, some of them mysteriously made by dead people. The AG's office stated Pai's office ignored nine inquiries over a period of five months for more details:

"We made our request for logs and other records at least 9 times over 5 months: in June, July, August, September, October (three times), and November.

We reached out for assistance to multiple top FCC officials, including you, three successive acting FCC General Counsels, and the FCC’s Inspector General. We offered to keep the requested records confidential, as we had done when my office and the FCC shared information and documents as part of past investigative work.

Yet we have received no substantive response to our investigative requests. None."

According to the NY AG's office, about 9.5 million of the more than 22 million comments filed with the FCC during the repeal's open comment period were filed using peoples' names without their consent (including my own and those of two Senators). Last October, the New York AG announced they had expanded their probe, issuing subpoenas to both numerous ISP-linked lobbying and policy organizations (like the industry's dubious Broadband for America policy vessel) as well as a few pro net neutrality consumer groups.

Last week, numerous outlets falsely reported that "Russia" was behind these comments. There's no actual evidence of that (500,000 Russian email addresses were used, but that doesn't mean Russia itself was involved). As we've seen during the similar bogus comments plaguing other US government proceedings in recent years, the usual culprit is almost always the companies that stand to benefit from the regulatory efforts in question, since there's several DC policy shops that apparently sell these kinds of services (read: bogus support for terrible policies) as a value added service.

And while it's pretty clear that the Ajit Pai FCC doesn't want anybody knowing which firm tried to stuff the ballot box and who was funding the initiative, the involvement of the DOJ and several additional AG offices means hiding the truth just got immeasurably more difficult. And depending what investigators find, that could seriously complicate next February's opening arguments in the net neutrality lawsuit against the FCC, which, if the FCC and its ISP allies lose, could end with the restoration of the FCC's 2015 rules, bringing us fill circle.

If it turns out the broadband industry or some proxy organization paid a DC lobbying firm to stuff the ballot box (which has always seemed the most likely explanation given historical precedent), such a self-inflicted wound would be utterly legendary.

Last week, as the last round of "trilogue" negotiations were getting underway in the EU on the EU Copyright Directive, we noted a strange thing. While tech companies and public interest groups have been speaking out loudly against Article 13, a strange "ally" also started complaining about it: a bunch of TV, movie and sports organizations started complaining that Article 13 was a bad idea. But... for very different reasons. Their concerns were that regulators had actually finally begun to understand the ridiculousness of Article 13 and had been trying to add in some "safe harbors" into the law. Specifically, the safe harbors would make it clear that if platforms followed certain specific steps to try to stop infringing works from their platform, they would avoid liability. But, according to these organizations, safe harbors of any kind are a non-starter.

Those same groups are back with a new letter that's even more unhinged and more explicit about this. The real issue is that they recently got a ruling out of a German court that basically said platforms are already liable for any infringement, and they're now afraid that Article 13 will "soften" that ruling by enabling safe harbors.

In a letter of 1 December we alerted the three EU institutions that the texts under discussion would undermine current case law of the Court of Justice of the European Union (CJEU) which already makes it clear that online content sharing service providers (OCSSPs) communicate to the public and are not eligible for the liability privilege of Article 14 E-Commerce Directive (ECD). The proposal would further muddy the waters of jurisprudence in this area in light of the pending German Federal Court of Justice (Bundesgerichtshof) referral to the CJEU in a case involving YouTube/Google and certain rightholders, addressing this very issue. The initial goal of Article 13 was to codify the existing case-law in a way that would enable right holders to better control the exploitation of their content vis a vis certain OCSSPs which currently wrongfully claim they benefit from the liability privilege of Article 14 ECD. Unfortunately, the Value Gap provision has mutated in such a way that it now creates a new liability privilege for big platforms and therefore even further strengthens the role of OCSSPs to the direct detriment of rightholders.

First of all, it is complete and utter bullshit to claim that Article 13 was "to codify existing case law." Article 13 was designed to create an entirely brand new liability regime that deliberately sought to avoid Article 14 of the E-Commerce Directive (ECD). The ECD functions somewhat akin to the DMCA's safe harbors in the US, in that they include intermediary liability protections for sites that comply with takedown notices in a reasonable manner. The entire point of Article 13 in the EU Copyright Directive was to take copyright out of the E-Commerce Directive and to remove those safe harbors. To claim otherwise is laughable.

It is, of course, hilarious that these companies are now pretending that just because they got a good ruling in their favor on this point, that they're suddenly freaking out that any safe harbor might exist for internet platforms, but here they're explicit about how against a safe harbor they are:

Last week, we proposed a balanced and sound compromise solution consisting in guidance on the issue of OCSSP liability with reference to the existing jurisprudence of the CJEU. This solution would ensure rightholder collaboration in furtherance of the deployment of appropriate and proportionate measures as well as addressing the potential liability of uploaders where the platform has concluded a license, without the creation of any new safe harbours for big platforms. We continue to believe that this reasonable approach would have broad support, including in the rightholders community and could at the same time conciliate different views of Member States and different political groups in the European Parliament, without the need to give powerful active platforms the gift of a new liability privilege which goes beyond the stated intent of the proposed copyright reform. We also indicated that if, on the contrary, any new safe harbour/”mitigation of liability” would be part of a final trilogue agreement, we want to be excluded from the entire value gap provision.

It's also hilarious that they refer to this as "the value gap provision." The "value gap" is a made up concept by some legacy copyright companies to complain that their business models aren't as all powerful as they used to be, and therefore the government must step in to force other companies to give them money.

Also note the messaging here: they don't talk about what would be best for the public. Just for "the rightsholder community."

Anyway, if they want to be "excluded" from Article 13 entirely, I think that's fine. The best solution here is the obvious one: the EU can drop Article 13 entirely.

DMCA takedown abuse is nothing new. But it normally involves bogus takedown requests claiming copyright violations. TorrentFreak has uncovered a new form of abuse that involves the DMCA, but unlike normal copyright claims, doesn't allow the target to contest the claims.

One of the most recent scams we’ve seen targets various popular game piracy sites, including gamestorrents.tv, fitgirl-repacks.site, freegogpcgames.com, crotorrents.com, nosteam.ro, pcgames-download.com and skidrowreloaded.com.

The notices in question are seemingly sent by prominent names in the gaming industry, such as Steam and Ubisoft. However, the sudden flurry of takedown requests appears to be initiated by scammers instead.

These scammers appear to be going after competitors. The entities behind this wave of bogus takedown notices are gaming Google's search engine via DMCA notices. Much like shady characters trying to vanish unflattering news and blog posts from Google's search results, these shady characters are trying to move their malicious sites higher in the rankings by targeting similar sites offering a similar selection of cracked software.

But rather than go with a straight copyright claim which could be contested and result in a reinstatement, the scammers are using another part of the DMCA -- one that provides no adversarial process.

[T]he notices are not regular DMCA takedowns. Instead, they are notifications that the URLs circumvent technological protection measures such as DRM, which is separately covered in the DMCA.

“Google has been notified that the following URLs distribute copyright circumvention devices in violation of 17 U.S.C. § 1201,” Google informed the site owner.

“Please find attached the notice we received. There is no formal counter notification process available under US law for circumvention, so we have not reinstated these URLs. If you dispute that you are distributing circumvention devices, please reply with a further explanation.”

That's the way the law works. Takedown notices claiming DRM circumvention (most pirated software involves some sort of circumvention) cannot be contested. Google is allowing replies in these cases, but what it's doing isn't mandated by law. Google, however, is obliged to comply with requests unless it feels the complaint isn't legitimate. How strongly it feels sometimes depends on the manpower available... or the attention the issue is receiving elsewhere on the web.

The notices collected by TorrentFreak hardly seem legit, even with only a cursory review. They're littered with typos and make unrealistic/absurd claims, like supposedly filing on behalf of Steam even though Steam doesn't actually own or produce the game titles listed in the takedown notice.

As TorrentFreak notes, thousands of URLs have already been taken down, pushing malware-loaded sites higher in search listings. Internet users seeking free games now may find they've picked up bitcoin-mining hitchhikers after visiting these scammers' sites.

The good news is Google is paying more attention to these takedown requests and has reinstated some URLs targeted by these malware purveyors. But the fact that this sort of search engine gaming is still effective is further proof the DMCA enables abuse by treating the accuser as inherently credible while limiting the options of those falsely accused.

The Ultimate Cisco Certification Super Bundle will help you prepare to gain certifications necessary to work with Cisco Networking Systems. The 9 courses cover interconnecting Cisco networking devices, LAN switching technologies, IPv4 and IPv6 routing technologies, WAN technologies, infrastructure services and maintenance, network security, and much more. Each course is designed to help you prepare to take various Cisco certification exams. This bundle is on sale for $49.

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

Have you heard that all of the opposition to the EU Copyright Directive and its hugely problematic Articles 11 and 13 is really being driven by Google lobbying? Most of you probably realized this was nonsense, but it now turns out that not only was the lobbying almost entirely dominated by the legacy copyright players, but a key plank of their lobbying campaign was to falsely allege that all opposition was just Google.

If you've been paying attention at all to the crazy fights over the EU Copyright Directive, you may have heard some claims being passed around that it's somehow "Google" lobbying heavily against the bill. Indeed, all over Twitter, that's the talking point from tons of EU Copyright Directive supporters. After the EU Parliament put the brakes on the bill back in July, I even saw a former RIAA exec (who has since blocked me on Twitter, so I can't show it to you) tweet that this was a clear perversion of the "will of the people" by Google's corporate lobbying. Of course, it's hilarious for that to come from an ex-RIAA exec, who was heavily involved over the past 3 decades in pushing through all sorts of protectionist, anti-public, anti-musician legislation and trade agreements.

But... it's a talking point. And it's one that lots of people have jumped on. Digital Music News, who is always quick to restate the recording industry's talking points, claimed that Google spent more than $36 million lobbying over Article 13. Billboard Magazine published a similar claim. Various music industry groups, in what appeared to be closely coordinated messaging, all started blaming Google and "the tech giants" for any opposition to the EU Copyright Directive -- which, mind you, would change the fundamental ways in which the internet works. Yet, in their minds, all of the opposition came from the internet giants.

Here's Geoff Taylor from BPI:

The US tech lobby has been using its enormous reach and resources to try to whip up an alarmist campaign...

And here's Richard Ashcroft from PRS for Music:

the Internet giants... have whipped up a social media storm of misinformation about the proposed changes in order to preserve their current advantage.

And how about UK Music's Michael Dugher who really wants to blame Google for everything:

Some absolute rubbish has been written about the EU’s proposed changes on copyright rules.

Amongst the ludicrous suggestions from the likes of Google is the claim that the shake-up will mean the end of memes, remixes and other user-generated content. Some have said that it will mean ‘censorship’ and even wildly predicted it will result in the ‘death of the internet’.

This is desperate and dishonest. Whilst some of the myths are repeated by people who remain blissfully untroubled by the technical but crucially important details of the proposed EU changes, in the worst cases this propaganda is being cynically pedalled by big tech like Google’s YouTube with a huge vested and multi-million-pound interest in this battle.

MEP Axel Voss, who was the EU Parliament Member who lead the charge on the Copyright Directive, and who has long been seen as being in the pocket of the copyright interests, even put out a press release recently blaming the tech giants and their lobbying:

After the vote, rapporteur Axel Voss (EPP, DE) said, “I am very glad that despite the very strong lobbying campaign by the internet giants, there is now a majority in the full house backing the need to protect the principle of fair pay for European creatives.”

There's been a lot more like that. On Twitter, whenever I talk about Article 13, the same crew that has been falsely attacking my views for years immediately start attacking me, claiming that it's all Google lobbying against Article 13.

So... about that. The wonderful site Corporate Europe Observatory, has a very thorough and very in-depth write-up about just who is lobbying on the EU Copyright Directive. And, quite incredibly, it's almost entirely dominated by all of those legacy copyright industries:

Since November 2014 there were 765 declared encounters between lobbyists and the Commission with “copyright” as a subject 1 Over 93% of these were with corporate interests, but the list of main actors might be quite surprising: the lobbyists with the highest access were in fact not big tech, but the collecting societies, creative industries (including big film and music studios) and press publishers.

The most frequently listed names are: IFPI - Representing recording industry worldwide (37 meetings) whose members include Sony Music and Warner Music, followed by the Federation of European Publishers (27) which represents national associations of book publishers, and GESAC - the European lobby for collecting societies (25), whose members include big EU collecting societies such as PRS for Music, the US giant recording label Universal Music Group International (22), and the Society of Audiovisual Authors (22), which represents national collecting societies.

Of the top 20 lobbyists by meetings, only two represented tech interests – Google, ranking number seven, and one of the trade associations it belongs to, DIGITALEUROPE, ranking 18th – while one sole NGO, the independent consumer organisation BEUC, ranked 12th.

The real story is even worse than that. Because I have abundant free time, I went through the file that Corporate Europe Observatory linked to detailing these lobbying meetings, and I went through all 205 entities and added up how many lobbying meetings were held by legacy entertainment interests, tech interests or public interests. Here's the breakdown:

While Corporate Europe Observatory lists 765 meetings, their spreadsheet actually shows 784. Also, there were a few organizations/lobbyists/lawyers where it was not exactly clear who they were lobbying for or on what side of the debate. To be as fair as possible, I simply included all of the ones I was unsure of into the "lobbying for tech" list. So, uh, for all the talk that Google was the one lobbying here, over 80% of the lobbying efforts came from the legacy copyright industries. That's pretty stunning. Of course, it's also disappointing to see that only 6% of the lobbying came from civil society groups. As CEO notes:

The voices of civil society organisations, small platforms, libraries, academics, citizens and even the UN Special Rapporteur on Freedom of Opinion and Expression were the collateral damage of the dispute between competing big business lobbies. Lobbyists and groups with a vested interest dominated the debate, while citizens’ opinions and interests were crowded out of the discussion.

Very depressing. For what it's worth, I included the "small platform" lobbying efforts in the "tech" list above (again, to be as careful as possible), but many of them view this issue even more strongly than Google, and are more focused on the public interest arguments.

Anyway, that chart is just for lobbying the EU Commission. CEO looks at some other available data for lobbying the EU Parliament as well (tragically, not that much info is public), but based on what is public it comes to the same conclusion:

Overall, the limited information which is available about lobby meetings shows the intense level of lobbying taking place on the Copyright Directive, but it also interestingly exposes that the biggest lobbies were not in fact big tech companies and their associates, as many headlines claimed, but the publishers, creative industries and collecting societies.

Incredibly, the narrative that all the lobbying is coming from Google has caused EU regulators to flat out discount complaints from people warning about problems with the proposal, while treating petitions supporting the Directive very differently. For example, the CEO report notes that organizations supporting both sides of the Copyright Directive set up "email your MEP campaigns," but the reaction to them was... let's just say, uneven.

Email your MEP campaigns are a common tool used by civil society organisations who mobilise their communities and supporters to exercise their democratic rights to engage with their elected representatives. Identity verification standards vary according to the tool used, but in this case, it seems that the campaign did not require email verification. That means that technically speaking, people could lie and change their identity in those emails.

De Cock explained that when they started the campaign they did not expect that so many people would participate, and so they themselves were surprised by the strength and impact of the campaign. But even then, can it really be labelled a denial of service attack? Such attacks are generally quite hostile, and aim to shut a website down completely. This is a remarkably different objective from that of an Email Your MEP campaign, which aims to ensure that MEPs are aware that there is popular support for certain causes and issues.

Astoundingly, ALDE MEP Jean Marie Cavada even said in an interview:

“After having analyzed the platform from which all emails come, I realized that it does not require a valid email address from the “users” to send emails. Thus, as sometimes we receive dozens of emails per minute, we can conceive that it is actually robots that send all these emails, which luckily makes this movement lose credibility.”

Many MEPs simply wrote back to the senders to confirm their identity. De Cock, for instance, was then forwarded several of these exchanges between MEPs and their constituents. It seems Mr Cavada did not write back to the people who had contacted him.

It is worth noting that PRS for Music also created a tool to email MEPs in advance of the vote, with the call to action: “PRS Member – Take 90 seconds to influence the vote”. This tool did not even include a return address, and yet there were no claims that these emails were sent by bots. It is interesting that C4C seem to have been criticised simply because of the volume of emails, which arguably simply indicates the level of concern from constituents on the issue. However, both the C4C and PRS can be criticised for the loose use of internet tools to email MEPs.

In other words, because so many more people used the tools to say that they were against Articles 11 and 13, at least some MEPs derided them as fake, while saying nothing about the many fewer people emailing in favor of those articles. Hmm.

Oh, and what about that claim of $36 million spent lobbying by Google all against Article 13. Turns out that that number is also bullshit (and Billboard should really issue a retraction).

That same week, immediately before the JURI committee vote, the UK Music Industry body published a press release stating that “figures show Google’s €31m EU lobbying bid” on copyright. UK Music simply took the entire lobby budget declared by Google in 2017, €6 million, and added to that the budgets of all the organisations and think tanks it is a member of, declaring that the “The combined value of Google’s indirect lobbying of the EU amounts to €25.5m”.

This is a highly problematic and flawed interpretation of the Transparency Register. Google’s entire self-declared lobby budget does make it one of the EU’s highest spending lobby groups. However, only a portion of the declared €6 million would likely be spent on copyright, especially as Google is also fighting several other significant lobby battles in the EU (for example on the anti-trust law cases being brought against Android, digital tax, terrorist content, fake news etc). According to available meeting data, it looks like most of Google's lobby meetings were in fact on issues from the Copyright Directive, so it appears that this is not their priority at the moment.

The €31 million figure also assumes that all the associations and think tanks of which Google is a member focused their entire declared EU lobby spending on copyright in 2017. That would include, for example, BusinessEurope, the EU employers’ lobby, which are not necessarily active on the Copyright Directive, and if they are would only spend a marginal part of their budget on this issue. In most cases these groups (such as Friends of Europe, Konrad Adenauer-Stiftung, Bruegel etc) did little or nothing at all on the Copyright Directive, so these amounts should clearly not be included in the calculations.

Incredibly, CEO reports that much of the lobbying effort... was focused on blaming Google for too much lobbying. No, really.

In the copyright discussion, claims that GAFA, and particularly Google, were behind all opposition to Article 11 and 13 were again a strong message from publishers, and harder to counter. For instance, in the lobby newspaper produced by the news agencies, both the text from AFP’s editor Katz, and the ‘editorial’, mention what they call deceptive lobbying. Katz wrote that the “reform has been fiercely opposed by Facebook and Google, who have campaigned on a complete fabrication: a supposed threat to people’s free access to the internet”. He even declared that “I am convinced that the members of parliament who have been misled by deceptive lobbying now understand that non-paying access to the internet is not at risk.”

So, let's be clear: there are lots of corporate interests at play here, and tragically, the voice of the public is getting drowned out. But if anyone claims that any of this process has been driven by the big tech firms, they are flat out lying. Don't let them get away with it.

So for years we've been pointing out that Verizon's attempt to pivot from grumpy old telco to sexy new Millennial ad brand hasn't been going so well. Oddly, mashing together two failing 90s brands in AOL and Yahoo, and renaming the coagulated entity "Oath," didn't really impress many people. The massive Yahoo hack, a controversy surrounding Verizon snoopvertising, and the face plant by the company's well-hyped Go90 streaming service didn't really help.

This week, Verizon was forced to acknowledge that Oath was now effectively worthless, at least in full context of what Verizon paid for it, and the company's past claims that the company would be taking on Facebook and Google in the online advertising wars for a generation to come:

"Verizon announced Tuesday that it would take a $4.6 billion writedown on its the media unit, which includes Yahoo and AOL. Oath's brand value is now worth just $200 million, according to Verizon. That's a stunning decrease in value since it formed in 2017. Verizon said Oath's brand was worth $4.8 billion when it last accounted for the company's goodwill valuation. With virtually no goodwill brand value, Oath's overall value (assets and goodwill) is now worth half of what it was a few years ago.

While some folks reacted with "shock" on Twitter, none of this should really have been a surprise to anybody who has watched Verizon do business over the last decade or two.

Pretty much every time Verizon wanders outside of its core competencies (operating admittedly excellent networks, lobbying to hamstring competition, being misleading about net neutrality), Verizon falls flat on its face. Whether it's the company's failed Go90 platform, failed video joint venture with RedBox, failed news website Sugarstring (which you may recall tried to ban reporters from talking about surveillance or net neutrality), its app store, its "me too" VCAST apps, or any of a dozen other countless efforts to expand into less familiar territory, Verizon failed. Usually semi-spectacularly.

This happens because having spent the better part of a generation engaged in turf protection and lobbying, telcos really can't innovate. We've known this for more than a decade, yet somehow, each time Verizon announces some new pivot, we forget. Telecom executives tend to think they can overcome this character flaw via megamerger, which usually just saddles the company with oodles of additional debt, but doesn't really address any of the sector's core shortcomings, built on the back of being largely government-pampered natural monopolies for the better part of a generation.

A big part of Verizon's attempted pivot to Millennial video ads was courtesy of former CEO Lowell McAdam, who left the company last summer. His predecessor, Ivan Seidenberg, believed that Verizon should remain focused on what it does best (sometimes): building better, faster networks. Seidenberg was a big reason for the company's $24 billion push into pure fiber with "FiOS." McAdam came in, froze most of those deployments, then tried to turn a legacy telco into Google. It didn't work, and anybody who is surprised by that hasn't watched Verizon do business.

All of that said, a company SEC filing effectively blamed McAdam and his team for the failure. As of this writing, that appears to have been enough to satisfy the company's investors, who are clearly eager to ride the hype waves emanating from Verizon's next big unfulfilled promise.

UK spies are changing their minds. Rapidly. Sure, bulk data collection is cool. But you know what's really cool? Mass interference with electronic devices.

At the time the Investigatory Powers Bill was passing through Parliament – it was signed into law in 2016 – EI [Electronic Interference] hadn't been used, but it was already seen an alternative to bulk interception.

However, it was expected to be authorised through targeted or targeted thematic warrants; as then-independent reviewer of terrorism David Anderson wrote at the time, "bulk EI is likely to be only sparingly used".

[...]

During the passage of the Investigatory Powers legislation, he said, the government anticipated bulk EI warrants would be "the exception", and "be limited to overseas 'discovery' based EI operations".

But with encryption increasingly commonplace, the spies want the exception to edge towards becoming the rule.

"Used sparingly" is now "used by default." Why? The good old baddie, encryption. A letter [PDF] written by security minister Ben Wallace says encryption is making bulk data collections less useful.

Following a review of current operational and technical realities, GCHQ have revisited the previous position and determined that it will be necessary to conduct a higher proportion of ongoing overseas focused operational activity using the bulk EI regime than was originally envisaged.

The lawfulness depends on the "double lock" process. The government alone can't give GCHQ permission to engage in bulk EI. There's a judge involved now, making this more of a warrant process than a subpoena process, to make a somewhat clumsy analogy. According to this report, bulk EI is still waiting in the wings. If true, it's a good thing because the double-lock process didn't actually go into effect until the end of November.

What bulk EI is remains somewhat of a mystery. But some of what's described in a 2016 report [PDF] containing several hypotheticals sounds like a lot of large-scale intrusion, ranging from Stingray-esque device location to tactics that have been left up to the imagination thus far.

This sounds a bit like the FBI's child porn hunting Network Investigative Technique: serving up malware to collect information on devices and their users.

Intelligence from sources including bulk interception identified a location in Syria used by extremists. However the widespread use of anonymisation and encryption prevented GCHQ from identifying specific individuals and their communications through bulk interception. GCHQ then used EI under an ISA authorisation (under the Bill this would be done using a targeted thematic EI warrant) to identify the users of devices in this location.

This may be a theoretical Stingray deployment:

A group of terrorists are at a training camp in a remote location overseas. The security and intelligence agencies have successfully deployed targeted EI against the devices the group are using and know that they are planning an attack on Western tourists in a major town in the same country, but not when the attack is planned for. One day, all of the existing devices suddenly stop being used. This is probably an indication that the group has acquired new devices and gone to the town to prepare for the attack. It is not known what devices the terrorists are now using. The security and intelligence agencies would use bulk EI techniques to acquire data from devices located in the town in order to try to identify the new devices that are being used by the group.

Whatever bulk electronic interference ends up being when it's actually deployed, GCHQ is sure of one thing: the less it knows about its targets, the more justified it is using it in bulk.

As the cell members can only be identified following considerable target discovery effort, a bulk EI warrant is suitable.

Whatever civil liberties concerns this program raises will probably be dismissed quickly. GCHQ's hypotheticals involve terrorism suspects overseas and child porn site operators -- the least sympathetic targets available. Foreigners are fair game for bulk anything and no one wants to side with child exploiters, even if they technically share the same civil liberties/rights.

The exception is the rule. This is how it works for those who promise the most worrying aspects of surveillance programs will be saved for the edge cases. Sooner or later, the edge cases are just cases, and no one is interested in walking anything back.

We've been discussing Iowa State University's bold attempt to twist itself into a knot over its trademark policy for some time now. This all started when the school attempted to bow at the alter of certain Iowa state government reps to disallow a pro-marijuana alumni student group from using school iconography. For its efforts, the alumni student group beat the school in court on First Amendment grounds, eventually resulting in a $600k judgement against the school. Rather than learning its lesson, the school reacted to all of this by rewriting its trademark policy for student groups, pulling back permission of all kinds for groups to use the school's name and symbols. This, predictably, led to a full on revolt by students, with all kinds of groups refusing to associate themselves with the school at all. The student government, meanwhile, pointed out that the policy was written with zero input from students or student representatives.

In other words, ISU managed to piss off its own students by trying for iron grip control for... reasons?

With the revolt in full swing, you might have thought that perhaps this would be the thing that caused ISU to wake up and reverse course. Noooooooope. Instead, the school's administration simply penned what reads like a canned letter to its students about the trademark policy, explaining its reasoning for doing whatever the fuck it wants and brushing student concerns aside.

“Thank you for your interest and concern regarding the recently modified Guidelines for University Trademark Use by Student and Campus Organizations (Guidelines),” the opening of the letter sent by the university trademark office reads. “We value your input as representatives of the student body.”

The letter explains the purpose, process and means through which the policy was implemented, going through the Trademark Advisory Committee (TAC) of which one current member of Student Government was present.

The letter did promise to expand the TAC to include more student representation, but that pledge is little more than tripe given that the policy has already been written and put into practice as of the first semester of school. On top of that, a big part of the frustration on the part of students has been the school's nonstop claim that the policy change had nothing to do with the court battle it recently lost, whereas the letter admits that it was.

Whereas University Counsel Michael Norton had said the court case between the Iowa State chapter of the National Organization for the Reform of Marijuana Laws’ (NORML) and the university had nothing to do with the implementation of the policy at a Student Government meeting in August, the letter said the policy was “certainly influenced” by court cases across the country, including the NORML lawsuit.

“It seems to have made student organizations more angry, it is getting worse not better,” Woodruff said. “The university still hasn’t apologized for their miscommunication, they still haven’t claimed any responsibility … This response is more of the same, telling students they are just associated with the university. We aren’t associated with the university, we are the university.”

Frankly, you would think the school would want to boast of a robust student organization landscape. That's one of the draws in campus life that brings students in. Prospective students as of this moment, however, have to be scratching their heads wondering why the school is in some stupid, needless intellectual property war with its own students.

And, honestly, why at every turn in this saga of stupid, Iowa State has managed to do exactly the wrong thing.

A year ago, Techdirt wrote about the interesting economics of bike-sharing services in China. As the post noted, competition is fierce, and the profit margins slim. The real money may be coming from gathering information about where people riding these bikes go, and what they may be doing, and selling it to companies and government departments. As we warned, this was something that customers in the West might like to bear in mind as these Chinese bike-sharing startups expand abroad. And now, the privacy expert Alexander Hanff has come across exactly this problem with the Berlin service of the world's largest bike-sharing operator, Mobike:

data [from the associated Mobike smartphone app] is sent back to Mobike's servers in China, it is shared with multiple third parties (the privacy policy limits this sharing in no way whatsoever) and they are using what is effectively a social credit system to decrease your "score" if you prop the bike against a lamp post to go and buy a loaf of bread.

Detailed location data of this kind is far from innocuous. It can be mined to provide a disconcertingly complete picture of your habits and life:

through the collection and analysis of this data the Chinese Government now likely have access to your name, address (yes it will track your address based on the location data it collects), where you work, what devices you use, who your friends are (yes it will track the places you regularly stop and if they are residential it is likely they will be friends and family). They also buy data from other sources to find out more information by combining this data with the data they collect directly. They know what your routines are such as when you are likely to be out of the house either at work, shopping or engaging in social activities; and for how long.

As Hanff points out, most of this is likely to be illegal under the EU's GDPR. But Mobike's services are available around the world, including in the US. Although Mobike's practices can be challenged in the EU, elsewhere there may be little that can be done.

And if you think the surveillance made possible by bike sharing is bad, wait till you see what can be done with larger vehicles. As many people have noted, today's complex devices no longer have computers built in: they are, essentially, computers with specialized capabilities. For example, electric cars are computers with an engine and wheels. That means they are constantly producing large quantities of highly-detailed data about every aspect of the vehicle's activity. As such, the data from electric cars is a powerful tool for surveillance even deeper than that offered by bike sharing. According to a recent article from Associated Press, it is an opportunity that the authorities have been quick to seize in China:

More than 200 manufacturers, including Tesla, Volkswagen, BMW, Daimler, Ford, General Motors, Nissan, Mitsubishi and U.S.-listed electric vehicle start-up NIO, transmit position information and dozens of other data points to [Chinese] government-backed monitoring centers, The Associated Press has found. Generally, it happens without car owners' knowledge.

What both these stories reveal is how the addition of digital capabilities to everyday objects -- either indirectly through smartphone apps, as with Mobike, or directly in the case of computerized electric vehicles -- brings with it the risk of pervasive monitoring by companies and the authorities. It's part of a much larger problem of how to enjoy the benefits of amazing technology without paying an unacceptably high price in terms of sacrificing privacy.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

We've got another panel discussion from the Lincoln Network's Reboot conference this week, all about the law on everyone's minds lately: Section 230 of the CDA. The debate includes law professor Eric Goldman, the EFF's Corynne McSherry, and Dr. Jerry A. Johnson from National Religious Broadcasters, offering up a wide spectrum of opinions on Section 230 and political bias.

Follow the Techdirt Podcast on Soundcloud, subscribe via iTunes or Google Play, or grab the RSS feed. You can also keep up with all the latest episodes right here on Techdirt.