It should be quite clear by now that DRM is a fantastic way for video game makers to keep people from playing their games. Not pirates, though. No, those folks can play games with DRM just fine, because DRM doesn't actually keep piracy from being a thing. No, I'm talking about legitimate buyers of games, who in example after example after example suddenly find that the games they bought are unplayable thanks to DRM tools that work about as well as the American political system. And yet DRM still exists for some reason, as game makers look for some kind of holy grail piece of software that will turn every past pirate into a future dollar sign.

This search for the perfect DRM continues, as we have just the latest story of DRM gone wrong. This story of the Street Fighter V DRM, though, is a special kind of stupid because it was put in place via a software update release, meaning that a game that worked perfectly one day was bricked the next.

The doodad was announced on Thursday shortly before the update rolled out. Capcom called it “an updated anti-crack solution (note: not DRM) that prevents certain users from hacking the executable.”

They continued, “The solution also prevents memory address hack that are commonly used for cheating and illicitly obtaining in-game currency and other entitlements that haven’t been purchased yet.”

This DRM that Capcom insisted wasn't DRM apparently set off anti-virus software for a ton of legitimate customers, triggered warnings from Windows security software, caused PC crashes for others, and even killed one person's new puppy. Okay, that last one didn't actually happen, but the rest did, and it's the exact sort of thing that DRM shouldn't do: screw those who actually bought the game. On top of that, it seems the update gave the game a rather deep level of access into any PC it was installed on, leading some to warn others off from buying it entirely.

As a result of the backlash, Capcom rolled back the DRM via another update pretty quickly, but one has to wonder just how many potential customers were lost in the meantime and how that number compares with the number of potential pirates that were turned into paying customers during that same time period. It would take more imagination than I have to dream up a version of reality in which the latter outnumbered the former, making this attempt at DRM a complete bust.

But, then again, they're all busts, really. So why are we wasting our time with DRM still?

While we still wait to see if Kim Dotcom can be taken against his will from another country into the US for "copyright infringement" claims, apparently the DOJ has also decided that it can work the other way. The Justice Department's Board of Immigration Appeals has said that people can be deported for copyright infringement. Apparently the law (the Immigration and Nationality Act) says that non-citizens can be deported if they commit crimes "involving moral turpitude" but had never weighed in on whether or not copyright infringement counted. But now they have:

On Friday, leaning heavily on precedent that previously declared criminal trademark infringement a CMT, the board said criminal copyright violations “must also be a crime involving moral turpitude.”

“Like the use of a spurious trademark ... respondent’s copyright infringement also involves significant societal harm,” BIA member Hugh Mullane wrote in Friday’s ruling. “Congress has made clear that copyright infringement enforcement is an important priority and that the risks and costs associated with intellectual property crime are significant.”

To be fair, this was a case of criminal copyright infringement, and not civil copyright infringement -- and the board noted that because criminal copyright infringement requires the showing of "willfulness," it suffices for the "moral turpitude" question. The person in question, Raul Zaragoza-Vaquero, had been arrested for selling 800 copied CDs to an RIAA investigator. He received 33 months in prison and had to pay $36,000... and was then told he had to leave the country.

The fact that it's only for criminal copyright infringement is certainly better than it being for any copyright infringement, but we've seen some bizarre attempts to turn what clearly should be civil copyright infringement cases into criminal ones (the Kim Dotcom case being but one example).

Data breaches that expose passwords are pretty much a fact of life at this point -- and the effects are multiplied by the fact that many, many people reuse passwords no matter how much they know they shouldn't. As such, there's a big push to move to password managers, two-factor authentication, and even biometrics -- because the simple fact is that the password sucks. This week, we're discussing what if anything will succeed in replacing it.

Follow the Techdirt Podcast on Soundcloud, subscribe via iTunes, or grab the RSS feed. You can also keep up with all the latest episodes right here on Techdirt.

Last chance to get Vote2016() T-shirts, hoodies & stickers! »

Did you come out of last night's debate feeling thrilled about your choices for president? No? What a surprise. Though there are fans on both sides declaring victory, most of the thinking/awake public saw what we expected: an intolerable buffoon babbling on one side, and the resultant lack of scrutiny for the hard-to-like career politician making worrying statements on the other. Perhaps nowhere was this clearer than on an issue of importance here at Techdirt: would you prefer Trump's directionless ramblings about "the cyber", or Clinton's coherent but terrifying overtures of war with Russia? Take your pick, America. And when you do, we've got a shirt for you.

There's less than a week left to order your Vote2016() gear. The campaign ends on Oct. 3rd so you can get it just in time for election day — and then it's gone for good!

And don't forget to check out our new Math Is Not A Crime shirt, and other designs available for the last time this year in our super-early holiday gear sale.

There's just something about adding the word "cyber" to "crime" that brings out the worst in legislators. A host a badly-written laws have been crafted to address everything from cyberbullying to hacking. These tend to be abused first by those in positions of power.

Nigeria's government recently enacted a cybercrime law which is, of course, being wielded by thin-skinned government officials to silence critics. The cyberstalking provision is the preferred attack vector, placing those targeted by unhappy government leaders at risk of being hit with a $22,000 fine and three years in prison.

Last month, the law was cited in the August 20 arrest of Musa Babale Azare who was detained in the capital, Abuja, by police from Bauchi state. He was accused of allegedly criticising the state governor, Muhammad Abdullah Abubakar, on social media, according to news reports. Azare, who uses Facebook and Twitter as platforms to criticize the actions and policies of Abubakar and his administration, said he was denied access to his lawyer, and that police did not have authority to arrest him outside Bauchi state jurisdiction.

Azare wasn't the only one hauled away by police for daring to publicly criticize officials -- although his trip (280 miles) was arguably the longest. (Azare was taken from Abuja back to Bauchi to be questioned.) Politicians could barely wait for the ink on the signatures to dry before deploying it against citizens who had raised their ire.

CPJ found that at least three other bloggers were prosecuted under the cybercrime act in the space of four months last year after they reported or commented on critical reports.

One "suspect" was refused release until he could come up with a 3 million naira ($9500) bail. Another writer -- a member of a national blogger's guild -- was denied bail three times and held for two weeks before charges were dropped. The third was denied bail and jailed for six months, with four of those spent in maximum security. All three of the cases CJP uncovered occurred within five months of the cybercrime law's passage, which seems to suggest it was crafted with the intent of curbing critical speech, rather than criminal activity.

The irony of this is that the freedom of expression and freedom of the press are both enshrined in the Nigerian Constitution. Laws can't be made that directly abridge those freedoms, but government officials seem to have crafted themselves a handy loophole that handily allows them to bypass citizens' constitutional protections.

Smile, constituents: this man may become president.

Look at the mess that we're in. Look at the mess that we're in. As far as the cyber, I agree to parts of what secretary Clinton said, we should be better than anybody else, and perhaps we're not. I don't know if we know it was Russia who broke into the DNC.

She's saying Russia, Russia, Russia. Maybe it was. It could also be China, it could be someone sitting on their bed that weighs 400 pounds...

Look, anyone who refers to cybersecurity or cyberwarfare as "the cyber" is probably better off not discussing this. But Donald Trump, in last night's debate, felt compelled to further prove why he's in no position to be offering guidance on technological issues. And anyone who feels compelled to portray hackers as 400-lb bedroom dwellers probably shouldn't be opening their mouth in public at all.

With this mindset, discussions about what "the Google" and "the Facebook" are doing about trimming back ISIS's social media presence can't be far behind. Trump did note that ISIS is "beating us at our game" when it comes to utilizing social media. Fair enough.

But Trump's cybersecurity "plan" isn't actually a plan. What there is of it has to be compiled from a string of random, semi-related sentences. Apparently, the next cyberwar will pit tweens against 400-lb Russians...

I have a son. He's 10 years old. He has computers. He is so good with these computers, it's unbelievable. The security aspect of cyber is very, very tough. And maybe it's hardly do-able. But I will say, we are not doing the job we should be doing, but that's true throughout our whole governmental society. We have so many things that we have to do better, Lester and certainly cyber is one of them.

The problem isn't so much that Trump plainly has no idea what he's talking about or even the coherency to bluff his way through it. No one expects presidential candidates to be experts on every possible issue that might come up. But this has been the government's primary focus in recent years, and multiple high-profile hackings have only intensified that.

The problem is that Trump clearly has no interest in discussing these issues with those who can offer coherent, possibly-useful cybersecurity strategies. The more he speaks, the more he exposes his ignorance. Ignorance isn't unfixable. But Trump has done nothing over the past several months to close these (often significant) gaps in his knowledge. That's the scariest aspect of his presidential run -- the unwillingness to handle the boring but essential work of creating a platform composed of something more than half-formed thoughts and severely misguided jingoism that blames the rest of the world for somehow making America a worse country.

The mitigating factors are these:

Hillary Clinton's response may have been more coherent but hers suggests we should probably engage in more actual war than cyberwar to handle ISIS -- something's that gone oh so well for the past couple of decades. And she was ready to declare cyberwar on Russia after the DNC hacking, an idea that's not only stupid (seeing as the entity behind the hacking is still unknown) but an indication she'd be willing to wield government power to avenge embarassment.

Trump's power in office is likely to be far less than he obviously envisions it. Trump may be a rather extreme form of populist but those popular votes will be about as useful as Facebook likes when it comes to attempts to push his agenda past far more level-headed advisors and legislators.

Either way, voters are faced with choosing between the devil they sort of know and the devil other devils have been distancing themselves from for several weeks. In both cases, we're going to end up with a president who doesn't have the technical knowledge to deal with today's realities.

Stop fumbling around your office for open outlets, and grab the $36 Avantree PowerHouse 4 Port Fast USB Charging Station. Avantree provides 4 USB charging sockets and a whopping 4.5A/22.5W output for a super fast charge for all of your devices. It comes with a handy velcro system to manage and hide cables, 2 micro USB charging cables, and is compatible with all iOS and Android devices. It is available in black or white.

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

Last week, an absolutely mammoth distributed denial of service (DDoS) attack brought down the website of security researcher Brian Krebs. His website, hosted by Akamai pro bono, was pulled offline after it was inundated with 620Gbps of malicious traffic, nearly double the size of the biggest attack Akamai (which tracks such things via their quarterly state of the internet report) has ever recorded. Krebs was ultimately able to get his website back online after Google stepped in to provide DDoS mitigation through its Project Shield service.

According to Krebs, the attack came, he believes, after he began digging more deeply into various gangs that deliver DDoS attacks on-demand. And according to Krebs, this time they had the help of the hystercially piss poor security of the internet of things (IoT) industry:

"There are some indications that this attack was launched with the help of a botnet that has enslaved a large number of hacked so-called “Internet of Things,” (IoT) devices — routers, IP cameras and digital video recorders (DVRs) that are exposed to the Internet and protected with weak or hard-coded passwords."

So not only are "smart" refrigerators, TVs, tea kettles and power outlets leaking your unencrypted data to any nitwit with a modicum of technical knowledge, they're being utilized to amplify existing attacks on security researchers who are actually trying to make things better. The attack comes directly on the heels of Bruce Schneier warning us the check is about to come due -- after IoT companies and evangelists that prioritized hype and sales over security fundamentals helped introduce millions of new network attack vectors into the wild over the last five years or so.

In a recent blog post, Schneier also noted that these larger DDoS attacks come as multiple groups and individuals (likely nation state sponsored hackers) have begun probing for vulnerabilities on an unprecedented scale:

"Recently, some of the major companies that provide the basic infrastructure that makes the Internet work have seen an increase in DDoS attacks against them. Moreover, they have seen a certain profile of attacks. These attacks are significantly larger than the ones they're used to seeing. They last longer. They're more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure."

And they're finding, as many have warned, millions of poorly secured Internet of Things "smart" devices with stupid default passwords -- or in many instances no security at all. In most instances the buyers of these products are utterly clueless of their participation in these botnets, and very frequently these devices don't give the end user transparent end control over what's being sent over the network anyway.

In a follow-up blog post by Krebs, he makes it clear that in addition to being immensely dangerous (potentially fatal if the right systems are targeted), these larger scale DDoS attacks propped up by the IoT should also be seen as a growing assault on free speech. After all, few independent journalists would be able to afford the kind of DDoS mitigation technologies necessary to truly stop these new, larger attacks:

"In an interview with The Boston Globe, Akamai executives said the attack — if sustained — likely would have cost the company millions of dollars. In the hours and days following my site going offline, I spoke with multiple DDoS mitigation firms. One offered to host KrebsOnSecurity for two weeks at no charge, but after that they said the same kind of protection I had under Akamai would cost between $150,000 and $200,000 per year.

For a country that likes to talk a lot about cybersecurity (mostly to justify awful government policy like backdoors that make us less secure than ever), the United States isn't doing all that much to mitigate the looming threat. Much like Schneier, Krebs calls for a more coordinated effort by industry and government to wake up and begin greater institutional-grade collaborative efforts to shore up our collective security before things spiral out of control:

"I don’t know what it will take to wake the larger Internet community out of its slumber to address this growing threat to free speech and ecommerce. My guess is it will take an attack that endangers human lives, shuts down critical national infrastructure systems, or disrupts national elections."

And it probably goes without saying that this threat looms as we ponder electing two of the least technically sophisticated Presidential candidates in recent memory. These are two researchers who aren't prone to hyperbole, so it seems like we might just want to take their advice before the Internet of Things devolves from a running gag into a potentially fatal shitshow.

A couple of weeks ago, Techdirt ran through the catalog of horrors that make up the EU's new Copyright Directive proposals, pointing out that they would be a general disaster in their current form. Of course, the misery would not be evenly spread: some would suffer more, some less. Indeed, an earlier open letter to the European Commission from a bunch of tech companies (including Techdirt), published on the Don't Wreck the Net site, pointed out one group who wouldn't have too much of a problem with the changes:

The largest companies have the resources and staff to deal with increased regulations and burdens. Startups do not.

That is, the big online companies can weather more or less anything: it's the smaller ones -- particularly startups -- that will have difficulties. That warning was issued before the details were known, and now Joe McNamee from the European digital rights group EDRi has penned a very similar analysis based on the newly-published plans:

There is a lot of noise in the press and among lobbyists about an alleged hostility of the EU towards big American internet companies. Reality is more nuanced and more surprising -- the policies appear to be hell-bent on giving Google new monopolies, to the detriment of European citizens and European internet companies.

The most astonishing of these policies is the proposal in the new Copyright Directive for mass, preventive filtering of information as it is being uploaded to the internet in Europe -- a policy so restrictive and absurd that even China or Russia would baulk at the notion. An anti-Google measure? Hardly. Google actively lobbied the Vice-President of the European Commission about the alleged virtues of its content identification system ("contentID"), even if they hadn’t expected the Great Firewall of Europe to be the result.

Even if the Copyright Directive manages to pass through the EU legislative system without any changes -- which seems unlikely -- Google would be in a strong position, because it already has the content ID technology in place that will allow it to comply. Although McNamee suggests that as a result Google would be "uniquely placed to license such software to European internet providers," it's more likely that it would keep it for its own exclusive use. However, the US company Audible Magic would doubtless be more than happy to license its widely-used content identification system as an alternative. And irrespective of whether it's based on technology from Google or from Audible Magic, it's hard to see how this outcome helps the European tech industry. Moreover, McNamee is certainly right about the likely outcome of bringing in an insane "ancillary copyright" in the EU, which would require Internet companies to pay a fee to use news snippets:

In Germany, where this policy has already been adopted, Google has the economic muscle to simply refuse to pay and suddenly it is not Google, but the publishers, who have a problem. Publishers put their content online in order for people to view it and to make money from advertising that is on their sites. They need Google News more than Google News needs them. So, the outcome is that everybody pays except Google. The Spanish government came up with a cunning plan, they passed a similar law to the one in Germany, but required Google News to pay. Result: Google News Spain shut down, to the detriment of smaller Spanish news outlets in particular and, again, everyone except Google loses.

The rest of the EDRi post points out other fundamental flaws in the proposed EU Copyright Directive. But the key point is that far from stimulating the European digital economy, the EU's deeply-flawed plans are likely to boost the power and the profits of the largest US Internet companies. That may be good news for them and their shareholders, but it isn't really the European Commission's job.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Back in 2011, Verizon and AT&T eliminated unlimited wireless data plans, instead pushing users toward share data allotments and overage fees as high as $15 per gigabyte. And while the companies did "grandfather" many of these unlimited users at the time, both companies have made at art form out of harassing or otherwise annoying these customers until they convert to costlier shared plans. And despite the fact that such overage-fee-based plans confuse the living hell out of most customers (who have no idea what a gigabyte is), both companies continue to insist that customers don't actually want unlimited data.

Speaking at an investor conference last week, Verizon CFO Fram Shammo once again declared that Verizon knows what consumers want, and it isn't unlimited data:

"At the end of the day, people don't need unlimited plans," Verizon Chief Financial Officer Fran Shammo said at an investor conference Thursday."

And despite the fact that plenty of companies (like T-Mobile) have seen explosive growth of late selling unlimited data plans, Shammo proclaimed making money off of unlimited just isn't possible:

"T-Mobile and Sprint have introduced cheaper unlimited data plans -- in exchange for slowing the connection for lower-resolution video -- and AT&T has been trumpeting its own unlimited data bundle with DirecTV video service. The push to unlimited data marks a reversal of the last few years of rhetoric about the costs of delivering service. For Verizon, that remains the biggest argument against unlimited. "You cannot make money on an unlimited video world," he said

Of course what Shammo means is that Verizon won't see the same generous profit margins it's currently seeing if it were to actually give consumers what they want. Verizon saw $8.0 billion in profit on $21.7 billion in second-quarter revenues in large part thanks to shared data plans (though Verizon Wireless' earnings were perfectly healthy under unlimited data plans as well). Since most users don't know what a gigabyte even is, they tend to sign up for bigger plans than they actually need for fear of hitting the overage wall.

Those fears pay huge dividends for the mobile carrier, whose wireless plans are constructed like a giant funnel that constantly pushes users to more and more expensive levels of service once in the door.

Verizon for years has justified some of the highest rates in the industry as reflective of the overall quality of its wireless network. But as competitors like T-Mobile begin to catch up, Verizon's running out of marketing ideas to justify its service's higher price point. Enter last week, when Verizon responded to new unlimited data promotions from Sprint and T-Mobile with new ads proclaiming that the company doesn't sell unlimited data, it sells "limitless data." When asked how you can call a gigabyte-capped shared data plan limitless, Verizon PR trots out its very finest dancing shoes:

"Limitless refers to how you can use your data and unlimited refers to the amount of data,” said Kelly Crummey, director of corporate communications at Verizon...Our competitors claim they offer ‘unlimited plans’ but if you really look at them, they are full of limits on how you use your data with thinks (sic) like SD (not HD) and automatically slowing down your speeds. The way our plans are structured, you can use your data however you want – there are no limits.

Well, no limits except the very clear limits. Apparently, Verizon thinks that you compete by telling customers what they want while abusing the hell out of the dictionary. It should be interesting to see how that tactic plays out as T-Mobile continues to erode Verizon's wireless market share.