GOP Very Excited To Be Handed An FCC Voting Majority By Joe Biden

from the own-goal dept

Consumer groups have grown all-too-politely annoyed at the Biden administration's failure to pick a third Democratic Commissioner and permanent FCC boss nearly eight months into his term. After the rushed Trump appointment of unqualified Trump ally Nathan Simington to the agency (as part of that dumb and now deceased plan to have the FCC regulate social media), the agency now sits gridlocked at 2-2 commissioners under interim FCC head Jessica Rosenworcel.

While the FCC can still putter along tackling its usual work on spectrum and device management, the gridlock means it can't do much of anything controversial, like reversing Trump-era attacks on basic telecom consumer protections, media consolidation rules, or the FCC's authority to hold telecom giants accountable for much of, well, anything. If you're a telecom giant like AT&T or Comcast, that's the gift that just keeps on giving.

More interesting perhaps is the fact that interim FCC boss Jessica Rosenworcel, whose term expires at the end of the year, hasn't had her term renewed either. That means there's an increasingly real chance the GOP enjoys a 2-1 voting majority at Biden's FCC in the new year:

"Biden’s delay is historic: No previous president has waited this long to name a chair of the five-member body. The closest parallels are Jimmy Carter and Richard Nixon, who waited until mid-September to name their agency chiefs. But Biden has blown past that deadline, alarming Capitol Hill Democrats who have few legislative days remaining this year for confirming any nominees the president might offer."

By the time a permanent FCC boss is appointed and confirmed, it's likely a full year and a half of policy making time will have been wasted. That's a punch in the face to those who were looking for a Biden FCC to do popular things like restore net neutrality, meaningfully stand up to telecom mono/duopolies, or restore bipartisan media consolidation rules stripped away under Trump. It's also a weird contrast to the Biden administration's treatment of the FTC, which has been aggressively stocked with popular choices among folks looking for meaningful reform.

Politico, with some uncharacteristic nuance and accuracy, correctly does point out there's some hesitation about appointing current interim FCC boss Rosenworcel permanent boss because she's historically been an unreliable vote on major consumer advocacy issues. Like that time she killed an FCC attempt to bring competition to cable boxes because the cable industry (falsely) claimed it would kill copyright:

"Rosenworcel has alienated some Democrats in the past. During the Obama years, she proved a fickle deciding vote on the FCC’s Democratic majority, and progressives blamed her for spiking an attempted overhaul of the cable set-top box marketplace. Democratic Sens. Ed Markey of Massachusetts and Ron Wyden of Oregon even briefly blocked her renomination in late 2016 over their ire."

Regardless, telecom giants and the GOP allies who love them are pleased as punch about the delay. Agency Republicans are quick to downplay the fact that the agency currently can't do anything even remotely controversial (read: all the stuff they don't like) without a functional voting majority:

"Republicans, meanwhile, see the status quo as an unexpected gift. They hope they can keep delaying partisan fights that would probably override their views, touting what they see as a productive bipartisan agenda under Rosenworcel’s 2-2 split."

I've spent months picking the brains of DC folks for a reasonable explanation of the delay, and there really aren't any. Some argue that it's just a matter of staffing and resources (which again, hasn't been a problem elsewhere like the FTC, nor is that historically ever much a problem for the GOP, which rushed to get Simington appointed in under 30 days). Some argue it's because the top picks might be unable to pass a vote in Congress because they're too consumer-centric (a case that you should probably be making to the public, not shying away from in fear).

My sense is the real culprit is two-fold. One, when the telecom industry saw antitrust buster Lina Khan appointed to the FTC and then quickly promoted to agency boss, they began pouring money and resources into trying to ensure the same thing didn't happen at the FCC. I'd also argue that the myopic focus on "big tech" continues to suck most of the policy oxygen out of the room (something also actively encouraged by telecom lobbyists), consistently shifting attention away from media and telecom policy issues that are every bit as important.

Filed Under: fcc, jessica rosenworcel, joe biden

Plagiarism By Techdirt: Our Plagiarized NFT Collection Can Now Actually Be Bid On

from the sorry-about-that dept

Place your bids on the Plagiarism NFT Collection by Techdirt »

A few weeks ago, we wrote about our latest experiment with NFTs (which is part of the research we're doing into NFTs for a deep dive paper I'm working on). There's a very long explanation to explain the NFTs in question and why we're plagiarizing Prof. Brian Frye (but making them much, much cooler). But, after we posted that, we discovered one little problem. The platform that we were using, OpenSea (the most popular and user friendly NFT marketplace)... didn't work. At least not for us. We've spent 3 weeks asking OpenSea to fix things and last night they finally figured out the problem, so that you can now (finally) actually bid in the open auction for our plagiarized set of NFTs about plagiarism.

There are tons of reasons to back them -- some good, some less good -- but at the very least, it will help support Techdirt, it will show that culture works by building on those who came before, not by locking up content, and it will let you experiment with NFTs if you haven't already. Also, it'll let you show how maybe people shouldn't freak out over plagiarism all the time -- and when else do you have a chance to do that?

The entire collection can be seen here, and they do look amazing, if I do say so myself.

Filed Under: brian frye, nfts, plagiarism, techdirt

Daily Deal: The Complete 2022 Microsoft Office Master Class Bundle

from the good-deals-on-cool-stuff dept

The Complete 2022 Microsoft Office Master Class Bundle has 14 courses to help you learn all you need to know about MS Office products to help boost your productivity. Courses cover SharePoint, Word, Excel, Access, Outlook, Teams, and more. The bundle is on sale for $75.

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

Filed Under: daily deal

Clearview Celebrates 10 Billion Scraped Images Collected, Claims It Can Now Recognize Blurred, Masked Faces

from the getting-bigger-and-getting-worse dept

Clearview's not going to let several months of bad press derail its plans to generate even more negative press. The facial recognition tech company that relies on billions of scraped images from the web to create its product is currently being sued in multiple states, has had its claims about investigative effectiveness repeatedly debunked and, most recently, served (then rescinded) a subpoena to transparency advocacy group Open the Government demanding information on all its Clearview-related FOIA requests as well as its communications with journalists.

I don't know what Clearview is doing now. Maybe it thinks it can still win hearts and minds by not only continuing to exist but also by getting progressively worse in terms of integrity and corporate responsibility. Whatever it is that Clearview's doing to salvage its reputation looks to be, at best, counterproductive. I mean, the only way Clearview could get worse is by getting bigger, which is exactly what it's done, according to this report by Will Knight for Wired.

The company’s cofounder and CEO, Hoan Ton-That, tells WIRED that Clearview has now collected more than 10 billion images from across the web—more than three times as many as has been previously reported.

Ton-That says the larger pool of photos means users, most often law enforcement, are more likely to find a match when searching for someone. He also claims the larger data set makes the company’s tool more accurate.

That's one way of looking at it. Another way of looking at it -- and by "it," I mean Clearview's unaudited, untested facial recognition AI -- is that adding more hay increases the odds of someone grabbing some hay and thinking it's actually a needle.

Yet another way of looking at this is that Clearview's mass scraping of every bit of publicly accessible web data it can may be legal, but it certainly isn't morally acceptable. While people do largely understand that their public posts to sites can be accessed by nearly anyone, they certainly don't expect someone to collect their photos and data in bulk, package it up, and sell it to government agencies. And, in some states, this sort of activity may actually be illegal, hence the lawsuits being brought by government officials.

On top of the 10 billion images Clearview swears it will only sell to responsible adult government employees, the company is now claiming it can do some real CSI-type stuff with its tech.

Ton-That says it is developing new ways for police to find a person, including “deblur” and “mask removal” tools. The first takes a blurred image and sharpens it using machine learning to envision what a clearer picture would look like; the second tries to envision the covered part of a person’s face using machine learning models that fill in missing details of an image using a best guess based on statistical patterns found in other images.

If you feel selling government agencies a more efficient way to generate false positives and false negatives is the way to future profitability, this would be the route to take. Without a doubt, tech advances will eventually make this more accurate, but rolling out unproven machine learning on top of unproven AI is only going to compound errors. Then there's the bias problem, which has been a problem for all facial recognition software. That includes those that have been independently tested and examined by the National Institute of Standards and Technology (NIST). Notably, Clearview has yet to subject its AI to outside testing.

Finally, there's this statement from Clearview CEO Ton-That:

The company says it is not currently pitching the technology outside of the US or to private industry. “We're focusing on the United States, because we want to get it right here,” Ton-That says. “We never want this to be abused in any way.”

Whether or not this statement about its current potential customer list is true remains to be seen. Clearview has already pitched its product to private companies and foreign governments. And it appears to have exited one foreign market solely because its product was declared illegal following a government investigation.

And claiming that the company does not want its product "abused in any way" directly contradicts the stuff it says to entities it wants to sell its product to. Emails from the company's marketing staff encouraged potential law enforcement customers (as well as the occasional billionaire) to "experiment" with the software by running searches on friends, family members, and others who never consented to be part of multiple Clearview test drives.

Is Clearview the worst AI product out there? In terms of accuracy, who knows? It hasn't been independently reviewed. In terms of everything else, there's really nothing out there that competes with it. The company's nonchalant conversion of the open web into a surveillance tool sets it apart from the competition. Its latest "advances" aren't going to do anything to rehabilitate its reputation.

Filed Under: facial recognition, surveillance
Companies: clearview

Journalists In St. Louis Discover State Agency Is Revealing Teacher Social Security Numbers; Governors Vows To Prosecute Journalists As Hackers

from the wtf-missouri? dept

Last Friday, Missouri's Chief Information Security Officer Stephen Meyer stepped down after 21 years working for the state to go into the private sector. His timing is noteworthy because it seems like Missouri really could use someone in their government who understands basic cybersecurity right now.

We've seen plenty of stupid stories over the years about people who alert authorities to security vulnerabilities then being threatened for hacking, but this story may be the most ridiculous one we've seen. Journalists for the St. Louis Post-Dispatch discovered a pretty embarrassing leak of private information for teachers and school administrators. The state's Department of Elementary and Secondary Education (DESE) website included a flaw that allowed the journalists to find social security numbers of the teachers and administrators:

Though no private information was clearly visible nor searchable on any of the web pages, the newspaper found that teachers’ Social Security numbers were contained in the HTML source code of the pages involved.

The newspaper asked Shaji Khan, a cybersecurity professor at the University of Missouri-St. Louis, to confirm the findings. He called the vulnerability “a serious flaw.”

“We have known about this type of flaw for at least 10-12 years, if not more,” Khan wrote in an email. “The fact that this type of vulnerability is still present in the DESE web application is mind boggling!”

In the HTML source code means that it sent that information to the computers/browsers of those who knew what pages to go to. It also appears that the journalists used proper disclosure procedures, alerting the state and waiting until it had been patched before publishing their article:

The Post-Dispatch discovered the vulnerability in a web application that allowed the public to search teacher certifications and credentials. The department removed the affected pages from its website Tuesday after being notified of the problem by the Post-Dispatch.

Based on state pay records and other data, more than 100,000 Social Security numbers were vulnerable.

The newspaper delayed publishing this report to give the department time to take steps to protect teachers’ private information, and to allow the state to ensure no other agencies’ web applications contained similar vulnerabilities.

Also, it appears that the problems here go back a long ways, and the state should have been well aware that this problem existed:

The state auditor’s office has previously sounded warning bells about education-related data collection practices, with audits of DESE in 2015 and of school districts in 2016.

The 2015 audit found that DESE was unnecessarily storing students’ Social Security numbers and other personally identifiable information in its Missouri Student Information System. The audit urged the department to stop that practice and to create a comprehensive policy for responding to data breaches, among other recommendations. The department complied, but clearly at least one other system contained an undetected vulnerability.

This is where a competent and responsible government would thank the journalists for finding the vulnerability and disclosing it in an ethical manner designed to protect the info of the people the state failed to properly protect.

But that's not what happened.

Instead, first the Education Commissioner tried to make viewing the HTML source code nefarious:

In the letter to teachers, Education Commissioner Margie Vandeven said “an individual took the records of at least three educators, unencrypted the source code from the webpage, and viewed the social security number (SSN) of those specific educators.”

It was never "encrypted," Commissioner, if the journalists could simply look at the source code and get the info.

Then DESE took it up a notch and referred to the journalists as "hackers."

But in the press release, DESE called the person who discovered the vulnerability a “hacker” and said that individual “took the records of at least three educators” — instead of acknowledging that more than 100,000 numbers had been at risk, and that they had been available to anyone through DESE’s own search engine.

And then, it got even worse. Missouri Governor Mike Parson called a press conference in which he again called the journalists hackers and said he had notified prosecutors and the Highway Patrol's Digital Forensic Unit to investigate. Highway Patrol? He also claimed (again) that they had "decoded the HTML source code." That's... not difficult. It's called "view source" and it's built into every damn browser, Governor. It's not hacking. It's not unauthorized.

It gets worse. Governor Parson claims that this "hack" could cost $50 million. I only wish I was joking.

This incident alone may cost Missouri taxpayers up to $50 million and divert workers and resources from other state agencies. This matter is serious.

The state is committing to bring to justice anyone who hacked our system and anyone who aided or encouraged them — In accordance with what Missouri law allows AND requires.

A hacker is someone who gains unauthorized access to information or content. This individual did not have permission to do what they did. They had no authorization to convert and decode the code. This was clearly a hack.

We must address any wrongdoing committed by bad actors.

If it costs $50 million to properly secure the data on your website that previous audits had already alerted you as a problem, then that's on the incompetent government who failed to properly secure the data in the first place. Not on journalists ethically alerting you to fix the vulnerability. And, there's no "unauthorized access." Your system put that info into people's browsers. There's no "decoding" to view the source. That's not how any of this works.

As people started loudly mocking Governor Parson, he decided to double down, insisting that it was more than a simple "right click" and repeating that journalists had to "convert and decode the data."

Again, even if it took a few steps, that's still not hacking. It's still a case where the state agency made that info available. That's not on the journalists who responsibly disclosed it. It's on the state for failing to protect the data properly (and for collecting and storing too much data in the first place).

Indeed, in doing this ridiculous show of calling them hackers and threatening prosecution, all the state of Missouri has done is make damn sure that the next responsible/ethical journalists and/or security researchers will not alert the state to their stupidly bad security. Why take the risk?

Filed Under: blame the messenger, dese, disclosure, ethical disclosure, hacking, mike parson, private information, schools, social security numbers, st. louis, teachers, vulnerabilities
Companies: st. louis post-dispatch

Billy Mitchell Survives Anti-SLAPP Motion From Twin Galaxies A Second Time

from the slapp-and-tickle dept

The Billy Mitchell and Twin Galaxies saga rolls on, it seems. Mitchell has made it onto our pages several times in the past, most recently over a lawsuit filed against gaming record keepers Twin Galaxies over its decision to un-award his high score record for Donkey Kong on allegations he achieved it on an emulator instead of an official cabinet. The suit is for defamation and Twin Galaxies initially tried to get the case tossed on anti-SLAPP grounds, but the court denied that request under the notion that Mitchell only has to show "minimal merit" in the overall case to defeat the anti-SLAPP motion.

And now, on appeal, California's Second Appellate court has affirmed that ruling, again on "minimal merit" grounds. You can read the entire ruling embedded below, though I warn you that there are many pages dedicated to the back and forth between Mitchell and Twin Galaxies over a video game record, so you may come away with sore eyebrows from rolling your eyes so hard at all of this. There is also a metric ton of context as to how the court is supposed to apply the anti-SLAPP statute. Go nerd out if you like, but the whole ruling boils down to this:

The parties agree, as do we, that Mitchell’s claims for defamation and false light arise from protected activity and meet the first prong of the anti-SLAPP analysis. We therefore focus on the second prong: whether Mitchell has shown a probability of prevailing on his claims. Twin Galaxies contends Mitchell has not provided sufficient evidence to show the challenged statement was false or it made the statement with actual malice. We are compelled by the standard of review, however, to conclude Mitchell has demonstrated the requisite “minimal merit” to his claims to defeat Twin Galaxies’ anti-SLAPP motion.

It's incredibly important in a case like this to keep that standard in mind. And, though some folks, including some at Techdirt, don't necessarily agree with me, I think I agree with the court's ruling on this. Given the minimal merit standard, it seems the court is simply reluctant to not let this proceed to trial.

And, as I stated in the last post, to discovery. And it's going to be in discovery where all of this gets far more interesting. Because at trial, there will be no minimal merit standard for the claim of defamation. Instead, Mitchell is going to have to prove two things: that the accusation of cheating is false and that Twin Galaxies made that claim not out of error, but out of "actual malice".

And that is going to be an extremely tall hurdle over which Mitchell needs to jump.

Court Says Google Translate Isn't Reliable Enough To Determine Consent For A Search

from the almost-habla-espanol dept

The quickest way to a warrantless search is obtaining consent. But consent obtained by officers isn't always consent, no matter how it's portrayed in police reports and court testimony. Courts have sometimes pointed this out, stripping away ill-gotten search gains when consent turned out to be [extremely air quotation marks] "consent."

Such is the case in this court decision, brought to our attention by FourthAmendment.com. Language barriers are a thing, and it falls on officers of the law to ensure that those they're speaking with understand clearly what they're saying, especially when it comes to actions directly involving their rights.

It all starts with a stop. A pretextual one at that, as you can see by the narrative recounted by the court.

On February 11, 2020, Corporal Mark Conrad of the Pennsylvania State Police initiated a traffic stop of a vehicle driven by Ramirez-Mendoza on Interstate 80 ("I-80") in Union County, Pennsylvania. Conrad chose to conduct a stop because Ramirez-Mendoza was driving above the speed limit and he suspected that her vehicle's window tints were illegal. While standing by Mendoza-Lopez's car, Conrad observed that there were two cell phones in the car's center console area and a single key in the ignition. Conrad also detected a strong odor of air freshener emanating from the vehicle.

"Suspected tint was illegal." Check. "Multiple cell phones." Check. "Air freshener." Check. All the things needed to cause a state trooper to be somewhat reasonably suspicious. The language barrier only heightened the suspicion, apparently. Corporal Conrad tried to get details on Mendoza's travel plans, but was unable to because, while he asked questions in English, he was only able to get Spanish in return.

The trooper decided tech could get the job done. He retrieved his phone and turned on Google's translation app. Using this, he asked questions and received answers, all filtered through Google's translation service. This process introduced the possibility of erroneous translations, something the trooper was incapable of recognizing.

Because Conrad does not speak or understand Spanish, he did not and could not confirm whether Google Translate accurately interpreted and articulated what he was saying.

A mistranslation wasn't just a probability. It was an actuality, something that was captured by the trooper's body camera. There was a mistranslation at a very crucial juncture of this traffic stop.

Later in the stop, Conrad asked Ramirez-Mendoza if she had anything illegal in the car. She responded no. Conrad then said: "would like to search the car to make sure, okay?" Google Translate converted this into Spanish, and from the video recording, it appears that the word "registrar" was used in place of the phrase "to search." The FBI linguist translated the app's Spanish translation into the statement: "I like to search the car to make sure that it is all right." Again, however, the Government did not offer any testimony to verify the accuracy of this translation.

Ramirez-Mendoza then responded "uh-huh" and nodded her head. Conrad subsequently directed her to the shoulder of the highway and proceeded to search the vehicle. In the car, he found a large package of fentanyl. Ramirez-Mendoza testified that she believed that Conrad had meant "I like check the cars, revise the cars" and that she did not understand this to mean that he intended to search her vehicle. She acknowledged that she had responded that it was "fine" because he had not indicated to her that he was asking to look inside the car or through her belongings. In any event, at no point did Ramirez-Mendoza protest the search or ask for clarification.

The court says this effort -- as well-intentioned as it might have been -- is not enough. Google Translate is simply not reliable enough to be used in a situation where rights are on the line. While some courts have said the service performs well enough, the translation errors observed in the recording suggest it didn't in this case.

The Court is not convinced that Google Translate accurately translated Conrad's request for consent into Spanish. The Government bears the burden of proof, but failed to introduce any evidence showing that the word "registrar" actually means "to search." Unlike in cases such as Salas-Antuna or United States v. Leiva which found the word "buscar" sufficient to communicate to a suspect that an officer would like to search her property, the Court has no legal or factual basis for interpreting the term "registrar" in a similar manner. Precision is important, particularly in this context, and the Court believes that more was needed to establish the accuracy of Google Translate.

Moreover, even if the Court credited the transcript's translation, it would not be enough to bear the Government's burden. While the transcript tends to prove that Ramirez-Mendoza knew that Conrad intended to search her car, the translation would still undercut the Government's case as the transcript shows that Google Translate revised Conrad's question into a statement. As a statement that one "like[s] to search" is significantly more coercive than a request, this alone would not be enough to establish voluntary consent. The transcript thus presents strong evidence of coercion which would suggest that Ramirez-Mendoza felt unable to refuse given Conrad's declaration.

The court isn't going to give the trooper a pass by giving Google Translate a pass. It declines the state's invitation to give the app a five-star rating.

The Court declines to infer that Google Translate accurately translated and communicated Conrad's request to search Ramirez-Mendoza's vehicle solely because it may work well generally. A review of the record shows that Google Translate is a useful tool with an alarming capacity for miscommunication and error. That the app can facilitate basic communication does not make it an adequate method for soliciting consent. It need only fail once to obviate a suspect's consent.

The court points out Trooper Conrad had a whole bunch of better options, but used none of them. He could have located someone to translate. He could have used pre-printed consent forms that include a Spanish version. He could have run his drug dog around the car and looked for an alert, which would have made consent a non-issue. And he could not explain why he failed to use any of these options, but continued to utilize Google's app, even after it became apparent it was generating un-useful junk.

Courts may not expect officers to be legal experts, but this substantial footnote suggests they should at least be aware that there's one truly acceptable way to obtain consent from someone who doesn't speak the same language as the officer.

The Court finds Conrad's failure to use a consent form odd. When communication issues are present and a translator is not available, the gold standard appears to be an accurately translated foreign-language consent form which the defendant reads and signs. See Cedano-Medina, 366 F.3d at 687; United States v. Gaviria, 775 F.Supp. 495, 500 (D.R.I. 1991); e.g., United States v. Palomino, 100 F.3d 446, 450-51 (6th Cir. 1996); United States v. Zapata-Tamallo, 833 F.2d 25, 27 (2d Cir. 1987); United States v. Marin, 761 F.2d 426, 433-34 (7th Cir. 1985); United States v. Guevara-Miranda, 640 Fed. Appx. 319, 321 (5th Cir. 2016); United States v. Gonzalez-Ramirez, 317 Fed. Appx. 790, 796 (10th Cir. 2009); United States v. Camilo, 287 F.Supp.2d 446, 454 (S.D.N.Y. 2003); United States v. Soto-Teran, 44 F.Supp.2d 185, 194 (E.D.N.Y. 1996); United States v. Hernandez, 872 F.Supp. 1288, 1296 (D. Del. 1994); United States v. Tavarez, 834 F.Supp. 55, 56 (D.P.R. 1993); United States v. Garcia-Restrepo, 648 F.Supp. 1188, 1194 (S.D. Fla. 1986); see also United States v. Hernandez, 224 F.Supp.2d 1156, 1160-61 (W.D. Tenn. 2002) (finding no consent where the consent form "contained numerous linguistic mistakes which distorted its content to the point of rendering it nonsensical"); United States v. Suarez, 694 F.Supp. 926, 939 n.10 (S.D. Ga. 1988) (holding it inappropriate to use an English consent form as evidence of consent where the defendant spoke Spanish and the form was not translated). Conrad has provided no valid explanation for his failure to use such a form and, had he simply employed a consent form, there would be no dispute regarding Ramirez-Mendoza's consent, or lack thereof.

Pre-printed consent forms have been vetted and edited. Google Translate, as powerful as it is, generates what it thinks is the best translation of what it's hearing, and its best is years away from being at the level of someone truly bilingual. Thus, it's fallible enough it shouldn't be used to ask people who speak other languages to waive their rights.

Unfortunately, that only invalidates the consent. The court says there was enough reasonable suspicion present to support the search, even without consent. While tech tools can make some things easier, there's a lot more involved in actually making things better. Google fell down here. As did a trooper who should have known better than to rely on a service that was generating nonsense to talk someone into letting their rights be violated.

Filed Under: 4th amendment, consent, google translate, search, traffic stop

University Of Hong Kong Wants To Remove A Sculpture Commemorating Tiananmen; To Preserve It, People Have Crowdsourced A Digital 3D Replica

from the pillar-of-shame dept

As Techdirt has chronicled, the political situation in Hong Kong becomes worse by the day, as the big panda in Beijing embraces a region whose particular freedoms were supposed to be guaranteed for another 25 years at least. One manifestation of the increasing authoritarianism in Hong Kong is growing censorship. The latest battle is over a sculpture commemorating pro-democracy protesters killed during China's 1989 crackdown in Tiananmen Square, and on display in the University of Hong Kong. South China Morning Post reports:

The eight-metre-high Pillar of Shame by Jens Galschiøt was first erected at the University of Hong Kong (HKU) in Pok Fu Lam in 1997, and according to the sculptor was on permanent loan to the group that organised the annual candlelight vigil commemorating the pro-democracy activists killed by the military in Beijing on June 4, 1989.

But after the Hong Kong Alliance in Support of Patriotic Democratic Movements of China decided to disband in August amid a national security investigation, HKU management informed the group it had until Wednesday 5pm [on 13 October] to remove the 2 tonne artwork or else it would be deemed abandoned. The university said the move was based on its assessment of legal risks in light of the alliance’s dissolution.

The formal letter ordering the sculpture to be removed warned that:

If you fail to remove the Sculpture before 5:00 pm on 13 October 2021, the Sculpture will be deemed abandoned and the University will not consider any future request from you in respect of the Sculpture, and the University will deal with the Sculpture in such time and in such manner as it thinks fit without further notice.

That seems a clear threat to remove or even destroy the Pillar of Shame directly. The sculptor, who says the work still belongs to him, points out that moving it is hardly easy, and has threatened legal action if it is damaged:

"It will take a long time to move the sculpture," he warned. "It is an extremely valuable piece of art, which after 24 years probably is a bit frail. Therefore there is a great possibility that the work of art will suffer irreparable damage if handled by any others than experts in handling art.

"If, contrary to expectations, damage to the sculpture should occur, the university risks incurring a claim of compensation for that damage."

Galschiøt has also asked Danish politicians to help him get the sculpture out of Hong Kong, and has formally requested the University of Hong Kong to review its decision. These latest developments seem to have caused HKU to pause its plans: according to the South China Morning Post, it has said that it will take no action for the moment, and that it needed more time to consider its next move. However, some have decided to act now to ensure that the Pillar of Shame continues to exist in some form, whatever happens. Sophie Mak, whose Twitter bio describes her as "monitoring human rights abuses in Hong Kong and elsewhere": tweeted:

Dear Hong Kong friends, help us preserve the Pillar of Shame by sending over any pictures you've taken of it to PillarOfShamePics@protonmail.com! We need pictures taken from as many different angles as possible to make our digital 3D replica model.

That was on October 12. The next day, a tweet from Nathan Ruser wrote of the digital 3D replica: "Thanks to some really helpful submissions this is starting to look a heck of a lot better!" The replica is already good enough to ensure that the Chinese government would be annoyed if copies started appearing outside their embassies around the world. It offers a useful example of how others can respond when the authorities want to make inconvenient objects disappear from public view.

Follow me @glynmoody on Twitter, Diaspora, or Mastodon.

Filed Under: 3d replica, china, free speech, hong kong, jens galschiot, pillar of shame, tiananmen square
Companies: university of hong kong

House Democrats Decide To Hand Facebook The Internet By Unconstitutionally Taking Section 230 Away From Algorithms

from the this-is-not-a-good-idea dept

We've been pointing out for a while now that mucking with Section 230 as an attempt to "deal" with how much you hate Facebook is a massive mistake. It's also exactly what Facebook wants, because as it stands right now, Facebook is actually losing users to its core product, and the company has realized that burdening competitors with regulations -- regulations that Facebook can easily handle with its massive bank account -- is a great way to stop competition and lock in Facebook's dominant position.

And yet, for reasons that still make no sense, regulators (and much of the media) seem to believe that Section 230 is the only regulation to tweak to get at Facebook. This is both wrong and shortsighted, but alas, we now have a bunch of House Democrats getting behind a new bill that claims to be narrowly targeted to just remove Section 230 from algorithmically promoted content. The full bill, the "Justice Against Malicious Algorithms Act of 2021 is poorly targeted, poorly drafted, and shows a near total lack of understanding of how basically anything on the internet works. I believe that it's well meaning, but it was clearly drafted without talking to anyone who understands either the legal realities or the technical realities. It's an embarrassing release from four House members of the Energy & Commerce Committee who should know better (and at least 3 of the 4 have done good work in the past on important tech-related bills): Frank Pallone, Mike Doyle, Jan Schakowsky, and Anna Eshoo.

The key part of the bill is that it removes Section 230 for "personalized recommendations." It would insert the following "exception" into 230.

(f) PERSONALIZED RECOMMENDATION OF INFORMATION PROVIDED BY ANOTHER INFORMATION CONTENT PROVIDER.—

‘‘(1) IN GENERAL.—Subsection (c)(1) does not apply to a provider of an interactive computer service with respect to information provided through such service by another information content provider if—

‘(A) such provider of such service—
‘‘(i) knew or should have known such provider of such service was making a personalized recommendation of such information; or
‘‘(ii) recklessly made a personalized recommendation of such information; and
‘‘(B) such recommendation materially contributed to a physical or severe emotional injury to any person.

So, let's start with the basics. I know there's been a push lately among some -- including the whistleblower Frances Haugen -- to argue that the real problem with Facebook is "the algorithm" and how it recommends "bad stuff." The evidence to support this claim is actually incredibly thin, but we'll leave that aside for now. But at its heart, "the algorithm" is simply a set of recommendations, and recommendations are opinions and opinions are... protected expression under the 1st Amendment.

Exempting Section 230 from algorithms cannot change this underlying fact about the 1st Amendment. All it means is that rather than getting a quick dismissal of the lawsuit, you'll have a long, drawn out, expensive lawsuit on your hands, before ultimately finding out that of course algorithmic recommendations are protected by the 1st Amendment. For much more on the problem of regulating "amplification," I highly, highly recommend reading Daphne Keller's essay on the challenges of regulating amplification (or listen to the podcast I did with Daphne about this topic). It's unfortunately clear that none of the drafters of this bill read Daphne's piece (or if they did, they simply ignored it, which is worse). Supporters of this bill will argue that in simply removing 230 from amplification/algorithms, this is a "content neutral" approach. Yet as Daphne's paper detailed, that does not get you away from the serious Constitutional problems.

Another way to think about this: this is effectively telling social media companies that they can be sued for their editorial choices of which things to promote. If you applied the same thinking to the NY Times or CNN or Fox News or the Wall Street Journal, you might quickly recognize the 1st Amendment problems here. I could easily argue that the NY Times' constant articles misrepresenting Section 230 subject me to "severe emotional injury." But of course, any such lawsuit would get tossed out as ridiculous. Does flipping through a magazine and seeing advertisements of products I can't afford subject me to severe emotional injury? How is that different than looking at Instagram and feeling bad that my life doesn't seem as cool as some lame influencer?

Furthermore, this focus on "recommendations" is... kinda weird. It ignores all the reasons why recommendations are often quite good. I know that some people have a kneejerk reaction against such recommendations but nearly every recommendation engine I use makes my life much better. Nearly every story I write on Techdirt I find via Twitter recommending tweets to me or Google News recommending stories to me -- both based on things I've clicked on in the past. And both are (at times surprisingly) good at surfacing stories I would be unlikely to find otherwise, and doing so quickly and efficiently.

Yet, under this plan, all such services would be at significant risk of incredibly expensive litigation over and over and over again. The sensible thing for most companies to do in such a situation is to make sure that only bland, uncontroversial stuff shows up in your feed. This would be a disaster for marginalized communities. Black Lives Matter? That can't be allowed as it might make people upset. Stories about bigotry, or about civil rights violations? Too "controversial" and might contribute to emotional injury.

The backers of this bill also argue that the bill is narrowly tailored and won't destroy the underlying Section 230, but that too is incorrect. As Cathy Gellis just pointed out, removing the procedural benefits of Section 230 takes away all the benefits. Section 230 helps get you out of these cases much more quickly. But under this bill, now everyone will add in a claim under this clause that the "recommendation" cause "emotional injury" and now you have to litigate whether or not you're even covered by Section 230. That means no more procedural benefit of 230.

The bill has a "carve out" for "smaller" companies, but again gets all that wrong. It seems clear that they either did not read, or did not understand, this excellent paper by Eric Goldman and Jess Miers about the important nuances of regulating internet services by size. In this case, the "carve out" is for sites that have 5 million or fewer "unique monthly visitors or users for not fewer than 3 of the preceding 12 months." Leaving aside the rather important point that there really is no agreed upon notion of what a "unique monthly visitor" actually is (seriously, every stats package will give you different results, and now every site will have incentive to use a stats package that lies and gives you lower results to get beneath the number), that number is horrifically low.

Earlier this year, I suggested a test suite of websites that any internet regulation bill should be run against, highlighting that bills like these impact way more than Facebook and Google. And lots and lots of the sites I mention get way beyond 5 million monthly views.

So under this bill, a company like Yelp would face real risk in recommending restaurants to you. If you got food poisoning, that would be an injury you could now sue Yelp over. Did Netflix recommend a movie to you that made you sad? Emotional injury!

As Berin Szoka notes in a Twitter thread about the bill, this bill from Democrats, actually gives Republican critics of 230 exactly what they wanted: a tool to launch a million "SLAM" suits -- Strategic Lawsuits Against Moderation. And, as such, he notes that this bill would massively help those who use the internet to spread baseless conspiracy theories, because THEY WOULD NOW GET TO SUE WEBSITES for their moderation choices. This is just one example of how badly the drafters of the bill misunderstand Section 230 and how it functionally works. It's especially embarrassing that Rep. Eshoo would be a co-sponsor of a bill like this, since this bill would be a lawsuit free-for-all for companies in her district.

10/ In short, Republicans have long aimed to amend #Section230 to enable Strategic Lawsuits Against Moderation (SLAMs)

This new Democratic bill would do the same

Who would benefit? Those who use the Internet to spread hate speech and lies about elections, COVID, etc

— Berin Szóka 🌐 (@BerinSzoka) October 14, 2021

Another example of the wacky drafting in the bill is the "scienter" bit. Scienter is basically whether or not the defendant had knowledge that what they were doing was wrongful. So in a bill like this, you'd expect that the scienter would require the platforms to know that the information they were recommending was harmful. That's the only standard that would even make sense (though would still be constitutionally problematic). However, that's not how it is in the bill. Instead, the scienter is... that the platform knows they recommend stuff. That's it. In the quote above the line that matters is:

such provider of a service knew or should have known such provider of a service was making a personalized recommendation of such information

In other words, the scienter here... is that you knew you were recommending stuff personally. Not that it was bad. Not that it was dangerous. Just that you were recommending stuff.

Another drafting oddity is the definition of a "personalized recommendation." It just says it's a personalized recommendation if it uses a personalized algorithm. And the definition of "personalized algorithm" is this bit of nonsense:

The term 'personalized algorithm' means an algorithm that relies on information specific to an individual.

"Information specific to an individual" could include things like... location. I've seen some people suggest that Yelp's recommendations wouldn't be covered by this law because they're "generalized" recommendations, not "personal ones" but if Yelp is recommending stuff to me based on my location (kinda necessary) then that's now information specific to me, and thus no more 230 for the recommendation.

It also seems like this would be hell for spam filters. I train my spam filter, so the algorithm it uses is specific to me and thus personalized. But I'm pretty sure that under this bill a spammer whose emails are put into a spam filter can now sue, claiming injury. That'll be fun.

Meanwhile, if this passes, Facebook will be laughing. The services that have successfully taken a bite out of Facebook's userbase over the last few years have tended to be ones that have a better algorithm for recommending things: like TikTok. The one Achilles heel that Facebook has -- it's recommendations aren't as good as new upstarts -- gets protected by this bill.

Almost nothing here makes any sense at all. It misunderstands the problems. It misdiagnoses the solution. It totally misunderstands Section 230. It creates massive downside consequences for competitors to Facebook and to users. It enables those who are upset about moderation choices to sue companies (helping conspiracy theorists and misinformation peddlers). I can't see a single positive thing that this bill does. Why the hell is any politician supporting this garbage?

Filed Under: algorithms, anna eshoo, frank pallone, intermediary liability, jan schakowsky, mike doyle, news feeds, personalized recommendations, recommendations, section 230
Companies: facebook, yelp