Five Years Ago

This week in 2013, as new leaks made it clear that NSA surveillance went even further than everyone thought, we got disturbing comments from NSA boss Keith Alexander about the need to "collect it all" (which also happens to be the name of our CIA card game which you can still preorder...) and from a former top agency lawyer who blamed the 9/11 attacks on civil libertarians. But the backlash grew too, with the EFF filing a massive lawsuit along with several other groups, and one congressional rep trying to strip the NSA's funding while another aimed to repeal the Patriot Act and the FISA Amendments Act.

Ten Years Ago

This week in 2008, a closer look at the Viacom/YouTube lawsuit revealed Viacom's focus on finding out what Google employees uploaded as a sneaky way to hopefully eliminate some DMCA protections. Apple launched its much expected lawsuit against Mac clone maker Psystar, and a UK law firm went big on the pre-settlement shakedown game with over 100 lawsuits against file sharers. A court ruling about bots in World of Warcraft set a dangerous copyright precedent, and we saw some amusing DRM irony when Ubisoft broke its own game then fixed it by issuing a third-party DRM cracking tool as an official patch. And, sadly, despite an earlier rejection, the EU brought up copyright extension again and voted to bump the term of performance rights up from 50 to 95 years.

Fifteen Years Ago

This week in 2003, while the MPAA was fighting a bill just to spite the EFF, the RIAA was going nuts with its subpoenas to identify file sharers at a rate of about 75 per day. Two Catholic Universities quickly caved and turned students over to the RIAA, and while some studies suggested that file sharing was diminishing, there were also a lot of people passionately defending it.

Back in May, we wrote about Suburban Express, the comically awful bussing company that works the University of Illinois-Champaign to Chicago circuit and is owned by Dennis Toeppen, being sued by Illinois Attorney General Lisa Madigan. Why it was sued by the state will require you going through the backlinks above, but can more succinctly be expressed in the following math equation:

(legal threats against a redditor for negative reviews) x 2 +(doxxing complaining customers) + (lawsuits filed against customers for complaining) - (rescinding those lawsuits) + (refiling those same lawsuits again) + (Toeppen being arrested for harassing his critics) + (filing more lawsuits) x (sending out a racist email advertisement promising that you won't see Chinese people on its busses) = well, hello there, federal court

Okay, fine, so the equation wasn't all that succinct. Still, the answer to why Madigan sued is essentially because Surburban Express likely violated all kinds of laws in doing the above. Madigan's suit alleged a dizzying array of violations of civil rights and consumer protection laws, as well as Illinois law on civil rights. Toeppen stands accused of harassment of customers for leaving the company negative reviews, arbitrary refusal of service based on not liking customers for a variety of reasons including racial reasons, and having internal and external communications, such as the advertisement that ridicules Asians and Jews, because every bigot entree basically just comes with a Jewish piece of parsley. In all, Madigan included 182 pages of exhibits backing up her accusations.

So, how's it going?

Well, pretty fucking bad for Toeppen and Suburban Express, it turns out. Ken White lays out a summary of what's occurred with the suit thus far.

It's not looking promising for Toeppen or Suburban Express in court. They agreed to a Temporary Restraining Order barring them from publishing the personal identifying information of customers, required them to take down the personal identifying information they already published, revise their lawsuits to redact gratuitously filed personal identifying information, and stop retaliating against customers for online reviews. Toeppen and Suburban Express agreed to have that order extended a few times, and now the AG wants to make it into a more long-term injunction. Meanwhile the attorney for Suburban Express and Toeppen wants to quit, citing strategic disputes and non-payment. Toeppen is falling back on the game-winning strategy of semi-coherent attacks on the media.

That last bit takes the form of a bizarre attack on The News Gazette. After reporting on the case, the News Gazette received a brief and vague bit of pushback directly from Toeppen as to its reporting about Toeppen's lawyer looking to exit the case. As per usual with Toeppen, the interaction was long on bombast and short on anything worthwhile.

After this article was published, Toeppen emailed The News-Gazette to criticize its reporting.

"Don't try to report on things you do not understand and are unwilling to research," he wrote. "Your reporting on this matter has been idiotic in the extreme."

A News-Gazette email asking for clarification bounced back with an error saying the sender's email address had been rejected.

"You're wrong, but I won't explain how, and I'll block your email address right after I send this!" is about as useless an interaction as I can think of. None of that changes the News Gazette's reporting about Toeppen's attorney seeking to no longer represent Suburban Express over both strategic issues and a lack of payment from Toeppen, not to mention that Suburban Express' insurance company is asking the court to declare that it doesn't have to pay for the lawsuit, essentially because the policy doesn't cover Toeppen being an asshole.

The Hartford has denied coverage, Long said, and Manufacturers Alliance Insurance Company denied coverage and filed a lawsuit against Toeppen and Allerton Charter Coach, which operates as a contractor for Suburban Express.

It's seeking a decision from the court on whether it correctly denied coverage, arguing that policies Allerton and Toeppen have exclude coverage when the damages result from intentional misconduct, as Madigan's lawsuit alleges.

Now, look, I know it might seem like I'm actively rooting against Toeppen and Suburban Express and for Madigan to at the very least make an example of them, but it only looks that way because it's absolutely true and I have no interest in pretending otherwise. The level of harassment and vitriol Toeppen has displayed, all because people don't want him to run his business as though this was Montgomery circa 1955.

Oh my. What fun it must have been for this officer to find out his lies were contradicted by his partner's body camera footage. Thanks to these lies, Officer Joshua Bates of the San Jose Police Department is now former officer Josh Bates, target of a federal civil rights lawsuit. But his troubles began during the traffic stop, culminating in this (first) judicial vindication of Cosme Grijalva.

Saying he was “troubled” by the testimony, Superior Court Judge Eric Geffon threw out the drug case in October against former suspect Cosme Grijalva, after the prosecution dismissed the charges. The City Council on Tuesday agreed to settle a civil-rights lawsuit filed by attorney Jaime Leaños on Gijalva’s behalf for $59,900.

No charges and a cash settlement. That's the way things break when officers lie. And lie Bates did. Several times

First, he trapped himself in a lie during cross examination. While seeking to obtain consent to search Grijalva's car, Bates used his phone to contact a translator to help bridge the language gap. Pushed for details on this mysterious translator -- one that had changed sexes during the course of his testimony -- Bates finally settled on calling the translator "she." Then he admitted it wasn't a department translator, but rather someone named Lilia... who just happened to be Bates' wife.

Body-camera video recorded by Bates’ partner, Ian Hawkley, who is also named in the suit, shows Bates telling his wife over the phone: “So what you’re going to do is you’re going to tell this person that I know there is methamphetamine in the car — crystal, and you are going to tell him that I’m going to get a dog who’s going to come over and is going to sniff and tear their car apart.”

Hawkley's video came as a surprise to Bates. Not a complete surprise, though. At one point in the recording, Hawkley let Bates know he was "in the red" (recording) and had been "for awhile." By that point, too much damage had been done. Bates had already called his wife to translate his threat for Grijalva and was engaged in a warrantless search of Grijalva's van without his consent. Bates did not activate his camera, violating PD policy. He also admitted to trying to get Hawkley to deactivate his body cam.

Bates apparently had an ongoing aversion to complying with the Constitution and PD policies.

There is evidence suggesting this might not have been a one-time instance for Bates. According to court documents filed by Singh, the week before Bates’ encounter with Grijalva, he and another officer stopped and arrested a bicyclist on suspicion of alleged marijuana possession. Body-worn camera footage reportedly showed that Bates omitted mentioning a pat-down search in his police report on the incident.

Other video from that case also shows Bates having a conversation with another officer about how to come up with probable cause to make an enforcement stop when there is nothing readily apparent.

Bates also fudged the paperwork in this case. He tried to align his testimony with his bogus police reports but got tripped up by his own faulty memory and his partner's recording of the incident. And that has netted him two lawsuits and an early exit from his law enforcement career. Bates resigned shortly after this disastrous courtroom performance. With any luck, he'll be employed by another law enforcement agency before too long. You know how it is with bad hombres like this. They get sprung on technicalities and are back on the streets (in uniform) within days or weeks of an unceremonious sacking/resignation-tendering.

The only thing in this story that makes it an anomaly is the resignation. Other than that, it's par for the course. Cops lie. And the reason they do it so frequently is that they almost always get away with it. Cameras are changing that… slowly. But they're only slightly better than nothing at all at this point. The sad thing is, we'll just have to take what we can get because law enforcement agencies clearly aren't interested in upsetting the apple cart and letting all these "bad apples" roll into the nearest gutter. Change comes from within and law enforcement has proven itself highly resistant to change.

Carl Malamud published the law on his PublicResource.org website. And for that he got sued. The problem was, in posting the Code of Federal Regulations he also included the various enforceable standards included as part of those Regulations. This displeased the organizations which had developed those standards (SDOs) and who claimed a copyright in them. So they sued Public Resource for infringement, and in a terrible decision last year Public Resource lost. Public Resource then appealed, and this week Malamud's organization won a reversal of the district court decision.

The decision by the D.C. Circuit in American Society for Testing and Materials v. PublicResource.org stands as a win for those who would choose to republish the law, even when their doing so may involve republishing standards created by non-governmental SDOs that were then incorporated by reference into controlling law. Although one can never presume to read the tea leaves at oral argument, it did seem as though the court was extremely uncomfortable with the idea that someone could be punished for having published the law. But the particular way the court addressed the copyright and trademark claims brought against Public Resource for it having done so is still worth further discussion. Disclosure: I helped file an amicus brief on behalf of members of Congress supporting Public Resource's defense, and amicus briefs on behalf of law professors at the district court.

On the copyright front, it is important to first note how the court did NOT resolve the question of whether republishing standards incorporated into law constituted copyright infringement. A threshold question in any copyright infringement case is whether there's any copyright that could have been infringed at all, because no copyright = no infringement, and with no infringement the case goes away. One way there might not be a copyright is if employees of the federal government had worked on developing the standards, like the ones at issue in this case, since under § 105 of the copyright statute, works by federal government employees are ineligible for copyright protection. But in its decision the D.C. Circuit dismissed this argument, finding that Public Resource had effectively waived it at the district court below.

As an initial matter, PRO argues that there is a triable question as to whether the standards at issue here were ever validly copyrighted given the Act’s prohibition on copyrighting “work[s] of the United States Government,” 17 U.S.C. § 105, and the fact that government employees may have participated in drafting certain standards. PRO, however, failed to adequately present this claim to the district court and has thus forfeited it. [p. 14]

Another way there might not be copyright in the standards Public Resource published is that, by being published as a factual representation of what the law is, that factual nature would preclude there being a copyright in what was republished, since, per § 102(b) of the copyright statute, purely factual works are also not eligible for copyright protection. This consideration was kicked around by the judges during oral argument because it's a complicated issue with some interesting implications. First, there's the question of whether the standards themselves are too factual to be copyrighted, but for the sake of this case the court generally assumed they could be. But even if they are copyrightable, the next question is what happens when the standards have now become a factual representation of the law governing people's behavior? Does that incorporation cause them to lose their copyright? And what would it mean for SDOs and the development of future standards by third parties if that were the case?

The court, however, chose to avoid these questions. It gave several reasons for this avoidance, including that a ruling on the copyrightability of incorporated standards could have a significant economic effect on those SDOs, [p. 16], and also that it's generally considered better practice for courts to decide cases on grounds other than constitutional ones [p. 15]. (As Public Resource and amici pointed out, not being able to post the law for people governed by it to read raises significant First Amendment and due process concerns, which would mean that the question of if the law could be copyrighted may be a constitutional one.) [p. 14-15].

Avoiding the constitutional question is all the more pressing here given that the record reveals so little about the nature of any given incorporation or what a constitutional ruling would mean for any particular standard. After all, it is one thing to declare that “the law” cannot be copyrighted but wholly another to determine whether any one of these incorporated standards—from the legally binding prerequisite to a labeling requirement, see 42 U.S.C. § 17021(b)(1), to the purely discretionary reference procedure, see 40 C.F.R. § 86.113-04(a)(1)—actually constitutes “the law.” [p. 15-16]

Instead the court chose to find for Public Resource on fair use grounds. [p.17] Or at least put Public Resource in a position to ultimately prevail on those grounds. Although the court lifted the injunctions the district court had placed on it – injunctions that had forced Public Resource to remove from its site actual, operative, mandatory law binding on the public – the case still needs to go back to the district court because the appeals court didn't think it had a sufficiently developed record before it to itself fully perform its own fair use analysis. It did, however, give the district court a head start, with enough instruction of how to perform that analysis to make it likely to yield a favorable result for Public Resource on remand.

In this section, we review each of the fair use factors, and, as we shall explain, though there is reason to believe “as a matter of law” that PRO’s reproduction of certain standards “qualif[ies] as a fair use of the copyrighted work,” id. (internal quotations and citations omitted), we ultimately think the better course is to remand the case for the district court to further develop the factual record and weigh the factors as applied to PRO’s use of each standard in the first instance. As we have emphasized, the standards here and the modes of their incorporation vary too widely to conclusively tell goose apart from gander, and the record is just too thin to tell what went into the sauce. On remand, the district court will need to develop a fuller record regarding the nature of each of the standards at issue, the way in which they are incorporated, and the manner and extent to which they were copied by PRO in order to resolve this “mixed question of law and fact.” Id. This is not to say that the district court must analyze each standard individually. Instead, it might consider directing the parties, who poorly served the court by treating the standards interchangeably, to file briefs addressing whether the standards are susceptible to groupings that are relevant to the fair use analysis. [p. 19]

Overall, this is a good result for Public Resource. And far be it for me to rain on Carl Malamud and his legal team's well-deserved parade, it's still important to point out why, although this D.C. Circuit decision is a good one, it could have been better.

For one thing, the parties have already litigated a lengthy trial. And their prize for finally winning the pie eating contest now is more pie. That litigating fair use is so arduous, even for as well-counseled a defendant as Public Resource, is a significant problem. As Lawrence Lessig has observed, "Fair use is only the right to hire a lawyer." Fair use is of little value for worthy defendants who might ultimately win infringement cases on those grounds if they can get obliterated by the litigation defending themselves along the way. Which is one reason why the D.C. Circuit's refusal to evaluate the core copyrightability grounds is a troubling one, because while Public Resource may ultimately prevail, what about anyone else who similarly decides to publish the law that also incorporates standards?

Furthermore, while the court's interest in ensuring that Public Resource could survive a subsequent fair use inquiry is great for Public Resource, and there is nothing in the decision to suggest that it is only Public Resource that should get to, it won't be helpful if the way the court framed each of the fair use factors in order to ensure it could reach Public Resource can't be of use to other defendants not exactly like Public Resource but with their own plausible fair use defenses. Certain language in particular does give some pause, such as the hostility towards some of Public Resource's transformative uses.

On this point, the district court properly rejected some of PRO’s arguments as to its transformative use—for instance, that PRO was converting the works into a format more accessible for the visually impaired or that it was producing a centralized database of all incorporated standards. [p. 21 (citing American Geophysical Union v. Texaco Inc., 60 F.3d 913, 923–24 (2d Cir. 1994)]

On the other hand, much of its reasoning is necessarily flexible enough to reach other defendants so that they, too, can have the four factors balanced in their favor. For the same reasons the court found the idea distasteful that Public Resource should be prevented from sharing the law, it would be similarly distasteful if others were similarly prevented. In addition, should another defendant have difficulty showing its use is fair, the court also left open the possibility that the underlying copyrightability of the standards incorporated into law could still be challenged.

To be sure, it may later turn out that PRO and others use incorporated standards in a manner not encompassed by the fair use doctrine, thereby again raising the question of whether the authors of such works can maintain their copyright at all. [p. 16]

The concurrence by Judge Katsas provides additional reassurance. First, he reiterated that the Section 102(b) and Constitutional questions raised by someone claiming copyright over parts of published law remain unresolved and may yet be resolved in a way that dispels these claims. [Katsas concurrence p. 3]. He also provided some additional framing for the fair use analysis, noting that "it puts a heavy thumb on the scale in favor of an unrestrained ability to say what the law is." [Katsas concurrence p. 2]

Thus, when an incorporated standard sets forth binding legal obligations, and when the defendant does no more and no less than disseminate an exact copy of it, three of the four relevant factors—purpose and character of the use, nature of the copyrighted work, and amount and substantiality of the copying—are said to weigh “heavily” or “strongly” in favor of fair use. […] The Court acknowledges the thinness of the record in this case, and it appropriately flags potentially complicating questions about how particular standards may be incorporated into law, and whether such standards, as so incorporated, actually constitute “the law.” But, where a particular standard is incorporated as a binding legal obligation, and where the defendant has done nothing more than disseminate it, the Court leaves little doubt that the dissemination amounts to fair use. [Katas concurrence p. 2]

In other words, despite the above concerns, the decision will still make it harder for future plaintiffs to try to lock people out of sharing the law on copyright grounds, as it is not something that, at least in the D.C. Circuit, will be looked upon with a friendly eye.

Meanwhile, there is also some additional good news from this case on the trademark front. Public Resource had included the trademarks of the SDOs behind the incorporated standards, and the SDOs (and district court) believed this use of the marks to be infringing. The D.C. Circuit disagreed, however, and found it possible that Public Resource's use of the trademarks could qualify as nominative fair use, which "occurs when the defendant uses the plaintiff’s trademark to identify the plaintiff’s own goods and ‘makes it clear to consumers that the plaintiff, not the defendant, is the source of the trademarked product or service.’” [p. 33-34] This issue, too, was remanded back to the trial court, although with the admonition that if the trial court should again find Public Resource's use to be infringing, it should potentially refrain from issuing another injunction barring all use of the trademark and instead consider whether merely modifying the use would be an adequate remedy. [p.36-37].

Over the years we've obviously written tons of stories about the rich and powerful hiring shameless lawyers who try to browbeat and intimidate news organizations (both large and small) out of publishing embarrassing stories. That's one of the many reasons why we support strong anti-SLAPP laws across the country, as an essential protection for a free press. Media companies and journalists tend to be some of the biggest supporters of free speech and anti-SLAPP laws as well for this exact reason. But what happens when rich and successful journalists are suddenly the subject of unflattering stories as well? Apparently, they throw out their principled support of free speech and hire a sketchy law firm that celebrates its history of "killing stories."

Lachlan Cartwright, over at the Daily Beast, has a story about the law firm Clare Locke, who not only specializes in killing stories, but appears to brag about why we should chip away at the First Amendment. After opening with a story about how a 60 Minutes producer hired the firm, Cartwright mentions some of the other high profile journalists who have hired the firm:

Clare Locke also did work for former Today show host Matt Lauer and current New York Times reporter Glenn Thrush, three sources say. Both men were accused in news publications of sexually harassing women. The law firm was also recently hired by David Pecker, the CEO and chairman of American Media Inc., parent company of the National Enquirer, to try and shut down a negative story from a newspaper, according to two sources.

The article notes not just a history of litigation against various news orgs (Rolling Stone, The New York Times, Katie Couric, CNN, and Gawker among them), but also how one of the firm's named partners, Elizabeth Locke, has some bizarre views on free speech:

Locke has publicly backed President Trump’s call to “open up” libel laws and attacked shield laws that protect journalists from disclosing their sources in court. “How are you supposed to prove as a defamation plaintiff that the journalist knew what they were writing was false if you don’t have access to the identities of their sources? It’s really problematic,” she said in a speech last year to the Federalist Society, a conservative legal group.

Locke continued, saying she wanted to “talk a little bit about why the pendulum has swung too far in the direction of freedom of the press.”

There are so many things to say in response to this, but let's just start with the big one: free speech is not a pendulum. It doesn't swing back and forth. Free speech either exists or it doesn't.

Second, any journalist hiring a firm with a partner who would say such a thing is a disgrace to the practice of journalism. Obviously, some would (perhaps reasonably) argue that the names listed above are already disgraces to the practice of journalism, and perhaps that's true. But the whole idea of supporting a firm that openly advocates for limiting free speech and freedom of the press, while practicing intimidation tactics against a free press is horrific and shameful.

Third, Locke is being disingenuous in arguing that you need to know someone's sources to prove defamation. That's not even remotely how it works in most cases. Whether Locke knows it or not (and you can speculate on your own whether she does), demanding that journalists hand over sources is a popular and powerful intimidation technique. It serves to accomplish a number of things antithetical to a free press and reporting: it makes it that much more difficult for journalists to get sources to come forward for whistleblowing or other information. It makes it much, much more costly for journalists (even if they have not defamed anyone) to defend against defamation claims. In other words, even in the very, very, very rare instances where it might make legitimate defamation claims easier to make, it would also serve as a huge help in both threatening and filing SLAPP suits designed solely to kill legitimate, but embarrassing stories.

There's a lot more in the Daily Beast article, and the firm itself insists that it is not "making threats" or "chilling speech." You can, of course, make your own judgment on that. Also, it's no surprise that there are law firms that are building up reputations as specializing in going after media organizations, but the fact that journalists themselves are hiring such a firm is an absolute disgrace.

So, just last week we had a post by Kevin Bankston from the Open Technology Institute arguing for some basic steps towards much greater data portability on social media. The idea was that the internet platforms had to make it much easier to not just download your data (which most of them already do), but to make it useful elsewhere. Bankston's specific proposal included setting clear technical standards and solving the graph portability project. In talking about standards, Bankston referenced Google's data transfer project, but that project has taken a big step forward today announcing a plan to let users transfer data automatically between platforms.

The "headline" that most folks are focusing on is that Google, Facebook, Microsoft and Twitter are all involved in the project (along with a few smaller companies), meaning that it should lead to a situation where you could easily transfer data between them. As it stands right now, the various services let you download your data, but getting it into another platform is still a hassle, making the whole "download your data" thing not all that useful beyond "oh, look at everything this company has about me." Making a system where you can easily transfer all that data to another platform without having to manage the transition yourself or being left with a bunch of useless data is a big step forward -- and a huge step towards giving users much more significant control over their data.

But the really important thing that this may lead to is not so much about transferring your data between one of the giant platforms, but hopefully in opening up new businesses which would allow you to retain much greater control over your data, while limiting how much the platforms themselves keep. This is something we've talked about in the past concerning the true power of data portability. Rather than having it tied up in silos connected to the services you use, wouldn't it be much better if I could keep a "data bank" of my data in a place that is secure -- and where if and when I want to I can allow various services to access that data in order to provide the services I want?

In other words, for many years I've complained about how we've lost the promise of cloud computing in just building up giant silos of data connected to the various online services. If we can separate out the data layer from the service layer, then we can get tremendous benefits, including (1) more end-user control over their own data (2) more competitive services and (3) less power to dominate everything by the biggest platforms. Indeed, we could even start to move towards a world of protocols instead of platforms.

Of course, this is only one step in that direction, but it's a big one. And, yes, it's notable that the big platforms are all working on this together, since it has the potential to undermine their own powerful position. But it's absolutely the right thing for them to do, and hopefully we'll start to see much more interesting services pop up out of this. If it only ends up allowing people to shift between Google and Facebook that will be a failure. If it enables new services and more end user control over data -- forcing various services to compete and provide better value in exchange for accessing our data -- that would be a huge step forward in how the internet functions.

The Complete Raspberry Pi Hacker Bundle will teach you all you need to know about Raspberry Pi 3 for only $19. You'll learn how to easily prepare an SD card and flash it for any OS and how to work with GPIO pins and learn how to programmatically control them with Python. You'll be building a gaming system to play old Nintendo, Sega, and Playstation games, a personal digital assistant using the Google Assistant API, your own GPS tracking system, and much more.

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

Wireless carriers are coming under increasing fire for failing to protect their users from the practice of SIM hijacking. The practice involves posing as a wireless customer, then fooling a wireless carrier to port the victim's cell phone number right out from underneath them, letting the attacker then pose as the customer to potentially devastating effect. Back in February, a man sued T-Mobile for failing to protect his account after a hacker pretending to be him, ported out his phone number, then managed to use his identity to steal thousands of dollars worth of cryptocoins.

It didn't take long for numerous customers to complain they were the victim of the same scam, and for T-Mobile to send out a warning to users encouring them to add a few layers of additional security to their account.

But the problem appears to be even worse than originally believed. A new report takes a closer look at the problem, exploring how identity thieves use SIM hijacking to do everything from cleaning out bank accounts, to stealing valuable Instagram usernames and selling them for Bitcoin. The process isn't particularly complicated, and more often than not involves the social engineering of a cellular carrier's support employees. The entire process tap dances around protections like two-factor authentication, and highlights the peril of relying too heavily on a single cell phone number for identity verification in apps and other services.

Carriers, for their part, don't much like to publicly talk about the problem. In part because it's occasionally their employees that are helping to facilitate the scams for a little extra cash:

"Thug and Ace explained that many hackers now recruit customer support or store employees who work at T-Mobile and other carriers and bribe them $80 or $100 to perform a SIM swap on their target. Thug claimed they got access to the T-Mobile tool by bribing an insider, but Motherboard could not verify this claim. T-Mobile declined to answer questions on whether the company had any evidence of insiders being involved in SIM swap scams."

Quite often, those cellular carrier employees are more than happy to provide hackers with direct access to cellular carrier support systems:

"(One hacker) said they do SIM swaps by using an internal T-Mobile tool to look up subscribers’ data. During our chat, the hacker showed me a screenshot of them browsing the tool. I gave (the hacker) my phone number as a test, and the hacker sent back a screenshot that contained my home address, IMSI number (a standardized unique number that identifies subscribers), and other theoretically secret account information. Thug even saw the special instructions that I gave T-Mobile to protect my account.

As is their usual MO, wireless carriers don't much want to have a serious conversation about the problem, and often insist that it's only impacting a few, rare accounts (in stark contrast to the laundry list of increasing complaints seen over the last few years):

"Motherboard reached out to AT&T, Verizon, Sprint, and T-Mobile—the big four US cell phone providers—requesting data on the prevalence of SIM swapping. None of them agreed to provide such information. An AT&T spokesperson said this kind of fraud “affects a small number of our customers and this is rare for us,” but did not respond when asked to clarify what “small number” means.

There's some steps users can take, including changing passwords frequently. T-Mobile users can also, for example, call 611 from your cellphone (or 1-800-937-8997), then tell a support staffer that you want to create a “port validation” passcode. Still, like the SS7 exploit that has been in the wild for years, it's pretty clear that wireless carriers might want to spend a little less time on mindless mergers and consolidation, killing net neutrality, and jacking up prices, and a little more time protecting their customers from security threats.

While the United States walks away from the concept of net neutrality, India just passed some of the toughest net neutrality rules in the world. You'll recall that net neutrality became a hot topic over in India when Facebook tried to roll out a walled-garden service known as "Free Basics." Free Basics provided users free, "zero rated" (usage cap exempt) access to a limited selection of curated content and services chosen by Facebook, something Facebook claimed would immeasurably benefit the nation's poor farmers.

In reality, many pointed out that Facebook's breathless concern for the poor really just masked the company's attempt to corner the ad markets in developing nations. Content providers didn't like Facebook being the one to dictate which services would or wouldn't be included for obvious reasons. Others (like Mozilla) noted that if Facebook was truly interested in connecting developing nations with broadband, it could, you know, actually do that. Others still weren't keen on another white, Western billionaire proclaiming that only he had the magical solution to the nation's problems.

Facebook's response to these concerns wasn't what you'd call impressive, with Zuckerberg insisting those opposed to his plans were simply hurting the poor. That behavior in turn only galvanized activist support for tougher net neutrality rules in the country, the foundations for which were laid last year. There too Facebook engaged in some shady behavior, at one point trying to trick Indian citizens into supporting its plans and opposing meaningful net neutrality protections.

That didn't work, and last week the Indian government put the finishing touches on what, by most measures, are considered some of the toughest net neutrality rules in the world:

Not only do the rules prohibit most of the standard bad behaviors you wouldn't want ISPs to engage in (throttling or blocking competitors, for example), it takes a hard stance against the practice of zero rating, or letting an ISP exempt its own (or say a deep-pocketed partner like Disney or ESPN) content from usage caps, while penalizing competitors. As we've seen in the states, ISPs in India were fine with the bans on blocking and throttling (since most ISPs know such a move would be PR suicide), but expressed disdain at portions of the rules that banned more nuanced, creative areas where anti-competitive behavior occurs today.

You'll also notice some now-common arguments from India's wireless carriers, including claiming that rules banning anti-competitive behavior will "hamper innovation," or insisting that net neutrality somehow prevents wireless carriers from deploying faster, better 5G networks:

“Where the net neutrality recommendations are concerned, we have already expressed our support on issues pertaining to non-discriminatory use of the Internet, including no blocking, no throttling and adoption of same service-same rules. That said, we reiterate our earlier position that a light touch regulatory approach should be adopted so that innovation is not hampered by the Net Neutrality rules,” Rajan S Mathews, director general, COAI, said in a statement.

In particular, COAI believes that industry practices with regard to traffic prioritisation should be reviewed to help “foster 5G-enabled applications”.

“Now that the commission has approved the recommendations, which are before the Cabinet for approval, we hope that the Cabinet will consider the concerns raised by the industry so that the Net Neutrality rules that are adopted in India benefit the consumers, incentivise innovation and adoption of new technologies, and enable the seamless spread of state of the art networks and service,” he added."

Again, if you're an ISP that doesn't engage in anti-competitive behavior, you have nothing to worry about. And the only "creative" or "innovative" behaviors banned by rules (assuming they're crafted properly) are efforts to further abuse a lack of competition in the space. Without them, ISPs have and will do everything in their power to abuse their gatekeeper positions to glean additional revenue. It's a lesson the United States appears intent on learning the hard way.

Once again, we find lawmakers who seemingly championed "strong privacy" rules like the GDPR suddenly freaking out when they realize such laws might apply to government bodies as well. Once again, we have Jason Smith at Indivigital to thank for highlighting the latest mess. This time it involves Irish lawmakers trying to figure out how different government agencies can share data between those agencies in order to provide better services. But, here's the problem: doing so without "consent" would seem to violate the basic concepts of the GDPR, so the Minister of State for Public Procurement, Open Government and eGovernment, Patrick O'Donovan, decided to try to take the easy way out and say that the government should be able to "infer" consent, if someone made use of the government service in the past:

“That principle is accepted. It is a once only principle where if a person is availing of a service, it could be inferred that there is consent already contained in that by virtue of the fact that they have presented themselves to look for that particular support or service from the State.”

Now, personally, I agree that this seems like a perfectly reasonable standard for inferring consent under most reasonable conditions. But the problem is that the GDPR generally does not view things that way. This is yet another example of where people who view privacy through a singular lens of "don't do anything at all with my data," often fail to realize how extreme that position is, and how it limits perfectly normal functions.

But, in this case, it comes across as just another example of where governments are saying, "do as I say, not as I do..."