Last chance to get Vote2016() T-shirts, hoodies & stickers! »

Did you come out of last night's debate feeling thrilled about your choices for president? No? What a surprise. Though there are fans on both sides declaring victory, most of the thinking/awake public saw what we expected: an intolerable buffoon babbling on one side, and the resultant lack of scrutiny for the hard-to-like career politician making worrying statements on the other. Perhaps nowhere was this clearer than on an issue of importance here at Techdirt: would you prefer Trump's directionless ramblings about "the cyber", or Clinton's coherent but terrifying overtures of war with Russia? Take your pick, America. And when you do, we've got a shirt for you.

There's less than a week left to order your Vote2016() gear. The campaign ends on Oct. 3rd so you can get it just in time for election day — and then it's gone for good!

And don't forget to check out our new Math Is Not A Crime shirt, and other designs available for the last time this year in our super-early holiday gear sale.

There's just something about adding the word "cyber" to "crime" that brings out the worst in legislators. A host a badly-written laws have been crafted to address everything from cyberbullying to hacking. These tend to be abused first by those in positions of power.

Nigeria's government recently enacted a cybercrime law which is, of course, being wielded by thin-skinned government officials to silence critics. The cyberstalking provision is the preferred attack vector, placing those targeted by unhappy government leaders at risk of being hit with a $22,000 fine and three years in prison.

Last month, the law was cited in the August 20 arrest of Musa Babale Azare who was detained in the capital, Abuja, by police from Bauchi state. He was accused of allegedly criticising the state governor, Muhammad Abdullah Abubakar, on social media, according to news reports. Azare, who uses Facebook and Twitter as platforms to criticize the actions and policies of Abubakar and his administration, said he was denied access to his lawyer, and that police did not have authority to arrest him outside Bauchi state jurisdiction.

Azare wasn't the only one hauled away by police for daring to publicly criticize officials -- although his trip (280 miles) was arguably the longest. (Azare was taken from Abuja back to Bauchi to be questioned.) Politicians could barely wait for the ink on the signatures to dry before deploying it against citizens who had raised their ire.

CPJ found that at least three other bloggers were prosecuted under the cybercrime act in the space of four months last year after they reported or commented on critical reports.

One "suspect" was refused release until he could come up with a 3 million naira ($9500) bail. Another writer -- a member of a national blogger's guild -- was denied bail three times and held for two weeks before charges were dropped. The third was denied bail and jailed for six months, with four of those spent in maximum security. All three of the cases CJP uncovered occurred within five months of the cybercrime law's passage, which seems to suggest it was crafted with the intent of curbing critical speech, rather than criminal activity.

The irony of this is that the freedom of expression and freedom of the press are both enshrined in the Nigerian Constitution. Laws can't be made that directly abridge those freedoms, but government officials seem to have crafted themselves a handy loophole that handily allows them to bypass citizens' constitutional protections.

Smile, constituents: this man may become president.

Look at the mess that we're in. Look at the mess that we're in. As far as the cyber, I agree to parts of what secretary Clinton said, we should be better than anybody else, and perhaps we're not. I don't know if we know it was Russia who broke into the DNC.

She's saying Russia, Russia, Russia. Maybe it was. It could also be China, it could be someone sitting on their bed that weighs 400 pounds...

Look, anyone who refers to cybersecurity or cyberwarfare as "the cyber" is probably better off not discussing this. But Donald Trump, in last night's debate, felt compelled to further prove why he's in no position to be offering guidance on technological issues. And anyone who feels compelled to portray hackers as 400-lb bedroom dwellers probably shouldn't be opening their mouth in public at all.

With this mindset, discussions about what "the Google" and "the Facebook" are doing about trimming back ISIS's social media presence can't be far behind. Trump did note that ISIS is "beating us at our game" when it comes to utilizing social media. Fair enough.

But Trump's cybersecurity "plan" isn't actually a plan. What there is of it has to be compiled from a string of random, semi-related sentences. Apparently, the next cyberwar will pit tweens against 400-lb Russians...

I have a son. He's 10 years old. He has computers. He is so good with these computers, it's unbelievable. The security aspect of cyber is very, very tough. And maybe it's hardly do-able. But I will say, we are not doing the job we should be doing, but that's true throughout our whole governmental society. We have so many things that we have to do better, Lester and certainly cyber is one of them.

The problem isn't so much that Trump plainly has no idea what he's talking about or even the coherency to bluff his way through it. No one expects presidential candidates to be experts on every possible issue that might come up. But this has been the government's primary focus in recent years, and multiple high-profile hackings have only intensified that.

The problem is that Trump clearly has no interest in discussing these issues with those who can offer coherent, possibly-useful cybersecurity strategies. The more he speaks, the more he exposes his ignorance. Ignorance isn't unfixable. But Trump has done nothing over the past several months to close these (often significant) gaps in his knowledge. That's the scariest aspect of his presidential run -- the unwillingness to handle the boring but essential work of creating a platform composed of something more than half-formed thoughts and severely misguided jingoism that blames the rest of the world for somehow making America a worse country.

The mitigating factors are these:

Hillary Clinton's response may have been more coherent but hers suggests we should probably engage in more actual war than cyberwar to handle ISIS -- something's that gone oh so well for the past couple of decades. And she was ready to declare cyberwar on Russia after the DNC hacking, an idea that's not only stupid (seeing as the entity behind the hacking is still unknown) but an indication she'd be willing to wield government power to avenge embarassment.

Trump's power in office is likely to be far less than he obviously envisions it. Trump may be a rather extreme form of populist but those popular votes will be about as useful as Facebook likes when it comes to attempts to push his agenda past far more level-headed advisors and legislators.

Either way, voters are faced with choosing between the devil they sort of know and the devil other devils have been distancing themselves from for several weeks. In both cases, we're going to end up with a president who doesn't have the technical knowledge to deal with today's realities.

Stop fumbling around your office for open outlets, and grab the $36 Avantree PowerHouse 4 Port Fast USB Charging Station. Avantree provides 4 USB charging sockets and a whopping 4.5A/22.5W output for a super fast charge for all of your devices. It comes with a handy velcro system to manage and hide cables, 2 micro USB charging cables, and is compatible with all iOS and Android devices. It is available in black or white.

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

Last week, an absolutely mammoth distributed denial of service (DDoS) attack brought down the website of security researcher Brian Krebs. His website, hosted by Akamai pro bono, was pulled offline after it was inundated with 620Gbps of malicious traffic, nearly double the size of the biggest attack Akamai (which tracks such things via their quarterly state of the internet report) has ever recorded. Krebs was ultimately able to get his website back online after Google stepped in to provide DDoS mitigation through its Project Shield service.

According to Krebs, the attack came, he believes, after he began digging more deeply into various gangs that deliver DDoS attacks on-demand. And according to Krebs, this time they had the help of the hystercially piss poor security of the internet of things (IoT) industry:

"There are some indications that this attack was launched with the help of a botnet that has enslaved a large number of hacked so-called “Internet of Things,” (IoT) devices — routers, IP cameras and digital video recorders (DVRs) that are exposed to the Internet and protected with weak or hard-coded passwords."

So not only are "smart" refrigerators, TVs, tea kettles and power outlets leaking your unencrypted data to any nitwit with a modicum of technical knowledge, they're being utilized to amplify existing attacks on security researchers who are actually trying to make things better. The attack comes directly on the heels of Bruce Schneier warning us the check is about to come due -- after IoT companies and evangelists that prioritized hype and sales over security fundamentals helped introduce millions of new network attack vectors into the wild over the last five years or so.

In a recent blog post, Schneier also noted that these larger DDoS attacks come as multiple groups and individuals (likely nation state sponsored hackers) have begun probing for vulnerabilities on an unprecedented scale:

"Recently, some of the major companies that provide the basic infrastructure that makes the Internet work have seen an increase in DDoS attacks against them. Moreover, they have seen a certain profile of attacks. These attacks are significantly larger than the ones they're used to seeing. They last longer. They're more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure."

And they're finding, as many have warned, millions of poorly secured Internet of Things "smart" devices with stupid default passwords -- or in many instances no security at all. In most instances the buyers of these products are utterly clueless of their participation in these botnets, and very frequently these devices don't give the end user transparent end control over what's being sent over the network anyway.

In a follow-up blog post by Krebs, he makes it clear that in addition to being immensely dangerous (potentially fatal if the right systems are targeted), these larger scale DDoS attacks propped up by the IoT should also be seen as a growing assault on free speech. After all, few independent journalists would be able to afford the kind of DDoS mitigation technologies necessary to truly stop these new, larger attacks:

"In an interview with The Boston Globe, Akamai executives said the attack — if sustained — likely would have cost the company millions of dollars. In the hours and days following my site going offline, I spoke with multiple DDoS mitigation firms. One offered to host KrebsOnSecurity for two weeks at no charge, but after that they said the same kind of protection I had under Akamai would cost between $150,000 and $200,000 per year.

For a country that likes to talk a lot about cybersecurity (mostly to justify awful government policy like backdoors that make us less secure than ever), the United States isn't doing all that much to mitigate the looming threat. Much like Schneier, Krebs calls for a more coordinated effort by industry and government to wake up and begin greater institutional-grade collaborative efforts to shore up our collective security before things spiral out of control:

"I don’t know what it will take to wake the larger Internet community out of its slumber to address this growing threat to free speech and ecommerce. My guess is it will take an attack that endangers human lives, shuts down critical national infrastructure systems, or disrupts national elections."

And it probably goes without saying that this threat looms as we ponder electing two of the least technically sophisticated Presidential candidates in recent memory. These are two researchers who aren't prone to hyperbole, so it seems like we might just want to take their advice before the Internet of Things devolves from a running gag into a potentially fatal shitshow.

A couple of weeks ago, Techdirt ran through the catalog of horrors that make up the EU's new Copyright Directive proposals, pointing out that they would be a general disaster in their current form. Of course, the misery would not be evenly spread: some would suffer more, some less. Indeed, an earlier open letter to the European Commission from a bunch of tech companies (including Techdirt), published on the Don't Wreck the Net site, pointed out one group who wouldn't have too much of a problem with the changes:

The largest companies have the resources and staff to deal with increased regulations and burdens. Startups do not.

That is, the big online companies can weather more or less anything: it's the smaller ones -- particularly startups -- that will have difficulties. That warning was issued before the details were known, and now Joe McNamee from the European digital rights group EDRi has penned a very similar analysis based on the newly-published plans:

There is a lot of noise in the press and among lobbyists about an alleged hostility of the EU towards big American internet companies. Reality is more nuanced and more surprising -- the policies appear to be hell-bent on giving Google new monopolies, to the detriment of European citizens and European internet companies.

The most astonishing of these policies is the proposal in the new Copyright Directive for mass, preventive filtering of information as it is being uploaded to the internet in Europe -- a policy so restrictive and absurd that even China or Russia would baulk at the notion. An anti-Google measure? Hardly. Google actively lobbied the Vice-President of the European Commission about the alleged virtues of its content identification system ("contentID"), even if they hadn’t expected the Great Firewall of Europe to be the result.

Even if the Copyright Directive manages to pass through the EU legislative system without any changes -- which seems unlikely -- Google would be in a strong position, because it already has the content ID technology in place that will allow it to comply. Although McNamee suggests that as a result Google would be "uniquely placed to license such software to European internet providers," it's more likely that it would keep it for its own exclusive use. However, the US company Audible Magic would doubtless be more than happy to license its widely-used content identification system as an alternative. And irrespective of whether it's based on technology from Google or from Audible Magic, it's hard to see how this outcome helps the European tech industry. Moreover, McNamee is certainly right about the likely outcome of bringing in an insane "ancillary copyright" in the EU, which would require Internet companies to pay a fee to use news snippets:

In Germany, where this policy has already been adopted, Google has the economic muscle to simply refuse to pay and suddenly it is not Google, but the publishers, who have a problem. Publishers put their content online in order for people to view it and to make money from advertising that is on their sites. They need Google News more than Google News needs them. So, the outcome is that everybody pays except Google. The Spanish government came up with a cunning plan, they passed a similar law to the one in Germany, but required Google News to pay. Result: Google News Spain shut down, to the detriment of smaller Spanish news outlets in particular and, again, everyone except Google loses.

The rest of the EDRi post points out other fundamental flaws in the proposed EU Copyright Directive. But the key point is that far from stimulating the European digital economy, the EU's deeply-flawed plans are likely to boost the power and the profits of the largest US Internet companies. That may be good news for them and their shareholders, but it isn't really the European Commission's job.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Back in 2011, Verizon and AT&T eliminated unlimited wireless data plans, instead pushing users toward share data allotments and overage fees as high as $15 per gigabyte. And while the companies did "grandfather" many of these unlimited users at the time, both companies have made at art form out of harassing or otherwise annoying these customers until they convert to costlier shared plans. And despite the fact that such overage-fee-based plans confuse the living hell out of most customers (who have no idea what a gigabyte is), both companies continue to insist that customers don't actually want unlimited data.

Speaking at an investor conference last week, Verizon CFO Fram Shammo once again declared that Verizon knows what consumers want, and it isn't unlimited data:

"At the end of the day, people don't need unlimited plans," Verizon Chief Financial Officer Fran Shammo said at an investor conference Thursday."

And despite the fact that plenty of companies (like T-Mobile) have seen explosive growth of late selling unlimited data plans, Shammo proclaimed making money off of unlimited just isn't possible:

"T-Mobile and Sprint have introduced cheaper unlimited data plans -- in exchange for slowing the connection for lower-resolution video -- and AT&T has been trumpeting its own unlimited data bundle with DirecTV video service. The push to unlimited data marks a reversal of the last few years of rhetoric about the costs of delivering service. For Verizon, that remains the biggest argument against unlimited. "You cannot make money on an unlimited video world," he said

Of course what Shammo means is that Verizon won't see the same generous profit margins it's currently seeing if it were to actually give consumers what they want. Verizon saw $8.0 billion in profit on $21.7 billion in second-quarter revenues in large part thanks to shared data plans (though Verizon Wireless' earnings were perfectly healthy under unlimited data plans as well). Since most users don't know what a gigabyte even is, they tend to sign up for bigger plans than they actually need for fear of hitting the overage wall.

Those fears pay huge dividends for the mobile carrier, whose wireless plans are constructed like a giant funnel that constantly pushes users to more and more expensive levels of service once in the door.

Verizon for years has justified some of the highest rates in the industry as reflective of the overall quality of its wireless network. But as competitors like T-Mobile begin to catch up, Verizon's running out of marketing ideas to justify its service's higher price point. Enter last week, when Verizon responded to new unlimited data promotions from Sprint and T-Mobile with new ads proclaiming that the company doesn't sell unlimited data, it sells "limitless data." When asked how you can call a gigabyte-capped shared data plan limitless, Verizon PR trots out its very finest dancing shoes:

"Limitless refers to how you can use your data and unlimited refers to the amount of data,” said Kelly Crummey, director of corporate communications at Verizon...Our competitors claim they offer ‘unlimited plans’ but if you really look at them, they are full of limits on how you use your data with thinks (sic) like SD (not HD) and automatically slowing down your speeds. The way our plans are structured, you can use your data however you want – there are no limits.

Well, no limits except the very clear limits. Apparently, Verizon thinks that you compete by telling customers what they want while abusing the hell out of the dictionary. It should be interesting to see how that tactic plays out as T-Mobile continues to erode Verizon's wireless market share.

Judges have pointed out to copyright trolls on multiple occasions that an IP address is not a person. Trolls still labor under this convenient misconception because they have little else in the way of "proof" of someone's alleged infringement.

Unfortunately, law enforcement agencies also seem to feel an IP address is a person -- or at least a good indicator of where this person might be found. This assumption leads to blunders like ICE raiding a Tor exit node because it thought an IP address was some sort of unique identifier. After having IP addresses explained to it by the EFF, ICE returned the seized hard drives and promised to make the same mistake in the future.

In another case, the Seattle PD raided a Tor exit node in search of a person downloading child porn. It didn't find the target it was looking for, but went ahead and demanded passwords so it could search files and logs at the unfortunate citizen's home before realizing it had the wrong person.

The EFF is kind of sick of having to explain the difference between an IP address and a person to government entities. It has put together a white paper [PDF] that should be required reading anywhere government employees feel compelled to act on "evidence" as useless as IP addresses.

Law enforcement’s over-reliance on the technology is a product of police and courts not understanding the limitations of both IP addresses and the tools used to link the IP address with a person or a physical location. And the police too often compound that problem by relying on metaphors in warrant applications that liken IP addresses to physical addresses or license plates, signaling far more confidence in the information than it merits.

[...]

These ill-informed raids jeopardize public safety and violate individuals’ privacy rights. They also waste police time and resources chasing people who are innocent of the crimes being investigated.

By acting on this bogus assumption, law enforcement agencies are wasting time and money. Plus, they're putting themselves in situations where innocent people could be killed over technical errors, seeing as warrant service these days usually involves militarized squads that value shock and awe tactics over minimizing collateral damage.

The white paper points out what should be obvious to anyone who considers themselves capable of solving "computer crimes:" an IP address is not only not a person, it's not even a physical location.

First, the technology was never designed to uniquely identify an exact physical location, only an electronic destination on the Internet.

[...]

At a local level, similar IP addresses may be assigned based on geography, albeit only indirectly. ISPs make decisions to allocate blocks of IP addresses to particular locations for a variety of reasons, with the goal of creating a network that efficiently delivers Internet traffic. The result may be that locations near each other feature similar IP addresses, but that is more often the product of where the provider has physical links and routers to a network than geography. For example, if an ISP has a fiber-optic link between two distant cities, the IP addresses assigned to those cities may be similar because it creates a more efficient network. A third city near one of those towns geographically may not share the same connection and it would thus likely have completely different IP addresses assigned to it.

In addition, IP addresses only identify the block of devices assigned to it, not the people utilizing them. Even in cases where there's only one resident at a physical address linked to an IP address, there's still a chance law enforcement may be going after the wrong person. As the paper explains, the pool of IPV4 addresses has been used up. In areas where users haven't been pushed to IPV6 addresses, IP addresses may be shared by more than one user (at more than one physical address) or reassigned to other users by service providers based on need and usage. As the paper states, IP addresses, unlike physical addresses, are not static.

The paper also points out that the use of bad analogies by law enforcement and courts has only made the misconceptions worse. Law enforcement agencies sometimes claim that IP addresses are every bit as unique as license plates. The metaphor fails because IP addresses can be shared or redistributed at private companies' discretion unlike license plates, which are government-issued and must remain tied to a registrant.

In short, the best analogy for an IP address is an anonymous informant's tip -- something that's basically hearsay until otherwise confirmed.

In a line of Supreme Court cases dealing with reliability and corroboration problems that arise whenever third parties provide tips to law enforcement, the court has made clear that police must do more to confirm the tips provided by anonymous informants before seeking a warrant or other process…

The question is: will law enforcement care enough about potential collateral damage to educate themselves on the problems of treating IP addresses as people… or will they decide that a combination of forgiveness (good faith exception, etc.) and easily-obtained immunity is preferable to gathering corroborating evidence and acting more cautiously?

As a lifelong Cubs fan with a resume that includes going to my first game at Wrigley when I was four months old and living in Wrigleyville for several years, I can at the very least claim some expertise on the culture around the team and the stadium. For those that have not been lucky enough to visit baseball's Mecca, the walk about up to the park consists of bar-laden streets on either Addison or Clark, with the sidewalks spilling over with fans, bar-patrons, and street vendors. Those street vendors offer innumerable wares, including t-shirts, memorabillia, and food. It's part of the experience.

An experience suddenly under fire by the team and Major League Baseball, which have jointly filed a federal lawsuit against some forty street vendors for trademark and counterfeit violations.

The Cubs and Major League Baseball filed a lawsuit in federal court Thursday against a vendors hawking allegedly counterfeit and trademark-infringing merchandise.

"Defendants are a group of vendors who are deliberately free riding on the success of the Cubs and trading — without a license or permission — on the substantial goodwill associated with the Cubs' trademarks and trade dress," the team and the league claimed in the lawsuit, alleging the vendors "flooded Wrigleyville and the Internet with all manner of unlicensed products."

They're not wrong, of course. These vendors are everywhere. As I said, it's part of the experience. And it got to be that way because it's gone on forever. That the team is suddenly taking this action on the eve of a playoff run is within its rights, certainly, but doesn't otherwise make a great deal of sense. Were this the problem the filing appears to claim it is, it should have been a problem during last year's playoff run, or in 2007 and 2008 when the team also made postseason appearances.

While much is made in the Tribune post about how the internet has exacerbated this problem, the vendors targeted here sell solely on the street around the ballpark. Something they have surely done for years now. The team must surely have considered the question of whether forty street vendors posed a true threat to its trademark rights and the insane merchandise revenue it collects from its own sales, and whether or not that threat was of greater importance than an ambiance and culture that has always been central to the team's commercial success.

The Cubs clearly think the threat is real, but it's tough to see how that makes sense. Other avenues besides a federal lawsuit could have been pursued in order to protect the team's trademark rights, but the Cubs didn't go that route. Instead, street vendors will be brought into court, even as the team makes its run. The friendly confines feel a little less friendly all of a sudden.

Hopefully some good news will follow the bad news handed out by the California Appeals Court earlier this year. In a ruling that did some serious damage to Section 230 protections and the First Amendment, the court decided to enforce an injunction against Yelp for a defamatory review -- despite Yelp not being an actual party to the lawsuit.

Dawn Hassell sued a former client over a defamatory review she allegedly posted on Yelp. The defendant, Ava Bird, never bothered to show up in court. Hassell secured a default judgment against Bird. All well and good, except for the fact that Hassell and the court brought Yelp into the equation, without ever giving the site a chance to respond to the proposed injunction.

This drive-by injunction opens the door for abuse by aggrieved parties. It allows plaintiffs to sue parties they're pretty sure won't show up in court, obtain default judgments, and use those judgments to force third parties to remove negative reviews, articles, etc. This eliminates any form of due process for third-party websites -- services that should be covered by Section 230 whether or not they voluntarily remove reviews. Yelp was never given a chance to respond to Hassell's allegations nor was it allowed to challenge the injunction she obtained.

Why the Appeals Court failed to see the potential for abuse or the due process issues raised is unclear. The good news is that the state's Supreme Court has agreed to review the decision. Eugene Volokh and a host of other free speech advocates and lawyers have filed a brief ahead of the Supreme Court's hearing, pointing out the host of negative consequences created by the lower court's misguided decision.

[T]he decision below offers plaintiffs a roadmap for violating these speakers’ rights. Say a business dislikes some comment in a newspaper’s online discussion section. The business can then sue the commenter, who might not have the money or expertise to fight the lawsuit. It can get a consent judgment (perhaps by threatening the commenter with the prospect of massive liability) or a default judgment. And it can then get a court to order the newspaper to delete the comment, even though the newspaper had no opportunity to challenge the claim, and may not have even heard about the claim until after the judgment was entered. This is directly analogous to what plaintiff Hassell did in this very case.

It's not as though shady reputation management outfits or thin-skinned entities need any encouragement to abuse the legal process to make criticism disappear. We've already seen abuse of both the DMCA process and the court system to push Google towards delisting reviews no court has actually found to be defamatory. The Appeals Court decision does nothing more than legitimize another shady tactic: suing someone who likely won't appear in court, but enforcing the judgment against a deeper-pocketed party who definitely would have made an appearance... if only they'd actually been named in the lawsuit.

The brief goes on to point out that orders like this -- predicated on arguments one party never had a chance to respond to -- are unconstitutional and cannot be enforced.

Yelp, Amazon, and other such sites cannot be ordered to remove an allegedly libelous post, without an opportunity to themselves dispute this restriction on their own speech rights. The Court of Appeal erred in treating Yelp as essentially lacking First Amendment rights here. See Pet. for Review 22 (copy of Court of Appeal opinion) (“Yelp’s factual position in this case is unlike that of the . . . appellants [in Marcus v. Search Warrants, 367 U.S. 717 (1961)], who personally engaged in protected speech activities by selling books, magazines and newspapers.”). A site such as Yelp or Amazon is, if anything, even more engaged in protected speech than a bookstore, and more like a magazine creator than just a magazine seller: It creates a coherent speech product—a Web page that aggregates readers’ comments—and distributes it to readers. That 47 U.S.C. § 230 immunizes Yelp from tort liability as a publisher for the material that it reproduces does not strip Yelp of its First Amendment rights as a creator and distributor of the speech aggregating the material.

It's almost unimaginable that this decision will be allowed to stand. It upends the legal process and creates a hostile environment for third-party content hosts in California. But it's impossible to claim this definitely will be overturned, what with the state's courts displaying an unfortunate amount of schizophrenia when handling Section 230-related cases. At stake here is the First Amendment, more than Section 230 protections, but both are definitely under attack. The Appeals Court has given plaintiffs a way to route around Section 230 and stifle speech hosted by services they'll never have to face off with in court.