Five Years Ago

This week in 2013, as the fallout for Prenda Law continued, we shifted our focus to the cybersecurity bill CISPA. While the White House was threatening to veto it if the privacy issues were not addressed, the House was rejecting all the amendments that might actually do so and its sponsors were ignoring the fact that it would render online privacy agreements meaningless. Sponsor Mike Rogers (whose wife, surprise surprise, stood to benefit hugely from the bill) made his infamous comment about the only opposition being 14-year-olds in their basement, prompting rapid and widespread backlash. We knew from history how the bill would be abused, and the only amendment that was being truly considered was pretty toothless. Then, of course, the bill was passed by the House, with 288 supporters.

Ten Years Ago

This week in 2008, the threat to privacy was the DHS's domestic spy satellites — but more was happening on the copyright front, such as J. K. Rowling trying to use emotional appeals to block a Harry Potter guidebook and push silly legal theories like the idea that spoilers are copyright infringement. And Warner Bros. was threatening the filmmaker behind the movie Troll, which he was seeking to remake, because it happened to have a character named Harry Potter ten years before Rowling's books were written. Hollywood was starting to turn its attention to 3D movies as a way to revive cinemas, the recording industry was seeking more money because it deigned to let people transfer media between devices, and we took a look at how everyone overvalues content and undervalues services.

Fifteen Years Ago

This week in 2003, it was the ten-year anniversary of the release of Mosaic, the first "major" web browser. The entertainment industry was succeeding in its crusade against piracy within various organizations, with CIO Magazine telling corporations to worry about the legal issues of employee downloading, and a bunch of Naval Academy students being disciplined for sharing music. Copyright fears were holding back books about hacking and internet security research and — in an early precursor to the sort of sharing that would be formalized by CISPA a decade later — the government was asking corporations to hand over details on their infrastructure and just trust the agencies to keep it safe.

This morning I saw a lot of excitement and happiness from folks who greatly dislike President Trump over the fact that the Democratic National Committee had filed a giant lawsuit against Russia, the GRU, Guccifier 2, Wikileaks, Julian Assange, the Trump campaign, Donald Trump Jr., Jared Kushner, Paul Manafort, Roger Stone and a few other names you might recognize if you've followed the whole Trump / Russia soap opera over the past year and a half. My first reaction was that this was unlikely to be the kind of thing we'd cover on Techdirt, because it seemed like a typical political thing. But, then I looked at the actual complaint and it's basically a laundry list of the laws that we regularly talk about (especially about how they're abused in litigation). Seriously, look at the complaint. There's a CFAA claim, an SCA claim, a DMCA claim, a "Trade Secrets Act" claim... and everyone's favorite: a RICO claim.

Most of the time when we see these laws used, they're indications of pretty weak lawsuits, and going through this one, that definitely seems to be the case here. Indeed, some of the claims made by the DNC here are so outrageous that they would effectively make some fairly basic reporting illegal. One would have hoped that the DNC wouldn't seek to set a precedent that reporting on leaked documents is against the law -- especially given how reliant the DNC now is on leaks being reported on in their effort to bring down the existing president. I'm not going to go through the whole lawsuit, but let's touch on a few of the more nutty claims here.

The crux of the complaint is that these groups / individuals worked together in a conspiracy to leak DNC emails and documents. And, there's little doubt at this point that the Russians were behind the hack and leak of the documents, and that Wikileaks published them. Similarly there's little doubt that the Trump campaign was happy about these things, and that a few Trump-connected people had some contacts with some Russians. Does that add up to a conspiracy? My gut reaction is to always rely on Ken "Popehat" White's IT'S NOT RICO, DAMMIT line, but I'll leave that analysis to folks who are more familiar with RICO.

But let's look at parts we are familiar with, starting with the DMCA claim, since that's the one that caught my eye first. A DMCA claim? What the hell does copyright have to do with any of this? Well...

Plaintiff's computer networks and files contained information subject to protection under the copyright laws of the United States, including campaign strategy documents and opposition research that were illegally accessed without authorization by Russia and the GRU.

Access to copyrighted material contained on Plaintiff's computer networks and email was controlled by technological measures, including measures restricting remote access, firewalls, and measures restricting acess to users with valid credentials and passwords.

In violation of 17 U.S.C. § 1201(a), Russia, the GRU, and GRU Operative #1 circumvented these technological protection measures by stealing credentials from authorized users, condcting a "password dump" to unlawfully obtain passwords to the system controlling access to the DNC's domain, and installing malware on Plaintiff's computer systems.

Holy shit. This is the DNC trying to use DMCA 1201 as a mini-CFAA. They're not supposed to do that. 1201 is the anti-circumvention part of the DMCA and is supposed to be about stopping people from hacking around DRM to free copyright-covered material. Of course, 1201 has been used in all sorts of other ways -- like trying to stop the sale of printer cartridges and garage door openers -- but this seems like a real stretch. Russia hacking into the DNC had literally nothing to do with copyright or DRM. Squeezing a copyright claim in here is just silly and could set an awful precedent about using 1201 as an alternate CFAA (we'll get to the CFAA claims in a moment). If this holds, nearly any computer break-in to copy content would also lead to DMCA claims. That's just silly.

Onto the CFAA part. As we've noted over the years, the Computer Fraud and Abuse Act is quite frequently abused. Written in response to the movie War Games to target "hacking," the law has been used for basically any "this person did something we dislike on a computer" type issues. It's been dubbed "the law that sticks" because in absence of any other claims that one always sticks because of how broad it is.

At least this case does involve actual hacking. I mean, someone hacked into the DNC's network, so it actually feels (amazingly) that this may be one case where the CFAA claims are legit. Those claims are just targeting the Russians, who were the only ones who actually hacked the DNC. So, I'm actually fine with those claims. Other than the fact that they're useless. It's not like the Russian Federation or the GRU is going to show up in court to defend this. And they're certainly not going to agree to discovery. I doubt they'll acknowledge the lawsuit at all, frankly. So... reasonable claims, impossible target.

Then there's the Stored Communications Act (SCA), which is a part of ECPA, the Electronic Communications Privacy Act, which we've written about a ton and it does have lots of its own problems. These claims are also just against Russia, the GRU and Guccifer 2.0, and like the DMCA claims appear to be highly repetitive with the CFAA claims. Instead of just unauthorized access, it's now unauthorized access... to communications.

It's then when we get into the trade secrets part where things get... much more problematic. These claims are brought against not just the Russians, but also Wikileaks and Julian Assange. Even if you absolutely hate and / or distrust Assange, these claims are incredibly problematic against Wikileaks.

Defendants Russia, the GRU, GRU Operative #1, WikiLeaks, and Assange disclosed Plaintiff's trade secrets without consent, on multiple dates, discussed herein, knowing or having reason to know that trade secrets were acquired by improper means.

If that violates the law, then the law is unconstitutional. The press regularly publishes trade secrets that may have been acquired by improper means by others and handed to the press (as is the case with this content being handed to Wikileaks). Saying that merely disclosing the information is a violation of the law raises serious First Amendment issues for the press.

I mean, what's to stop President Trump from using the very same argument against the press for revealing, say, his tax returns? Or reports about business deals gone bad, or the details of secretive contracts? These could all be considered "trade secrets" and if the press can't publish them that would be a huge, huge problem.

In a later claim (under DC's specific trade secrets laws), the claims are extended to all defendants, which again raises serious First Amendment issues. Donald Trump Jr. may be a jerk, but it's not a violation of trade secrets if someone handed him secret DNC docs and he tweeted them or emailed them around.

There are also claims under Virginia's version of the CFAA. The claims against the Russians may make sense, but the complaint also makes claims against everyone else by claiming they "knowingly aided, abetted, encouraged, induced, instigated, contributed to and assisted Russia." Those seem like fairly extreme claims for many of the defendants, and again feel like the DNC very, very broadly interpreting a law to go way beyond what it should cover.

As noted above, there are some potentially legit claims in here around Russia hacking into the DNC's network (though, again, it's a useless defendant). But some of these other claims seem like incredible stretches, twisting laws like the DMCA for ridiculous purposes. And the trade secret claims against the non-Russians is highly suspect and almost certainly not a reasonable interpretation of the law under the First Amendment.

Donald Trump's long time lawyer, Michael Cohen has been in a bit of hot water of late. As you no doubt heard, the FBI raided Cohen's office and home seeking a bunch of information, some of which related to the $130,000 he paid to adult performer Stormy Daniels. Already there have been a few court appearances in which Cohen (and Donald Trump) have sought to suppress some of what's been seized, but that doesn't seem to be going too well. At the same time, Cohen is still fighting Daniels in court, which also doesn't seem to be going too well.

Given all of that, it's not too surprising that Cohen has decided to dismiss his ridiculous lawsuit against Buzzfeed for publishing the Christopher Steele dossier. As we pointed out, that lawsuit was going nowhere, because it sought to hold Buzzfeed liable for content created by someone else (oh, and that leaves out that much of what Cohen claimed was defamatory may actually have been true.

And while many are suggesting Cohen dropped that lawsuit because the other lawsuits are a much bigger priority, there may be another important reason as well. As we noted last month, through a somewhat complex set of circumstances, the lawsuit against Buzzfeed may have resulted in Cohen having to reveal the details he's been avoiding concerning Stormy Daniels. That's because Buzzfeed was claiming that Cohen's interactions with Daniels were relevant to its case, and it was likely to seek that information as part of the case moving forward.

In other words, dropping the Buzzfeed lawsuit (that he was going to lose anyway), Cohen wasn't just ditching a distraction in the face of more important legal issues, he may be hoping to cut off at least one avenue for all the stuff he's been trying to keep secret from becoming public. That doesn't mean it won't become public eventually. After all the DOJ has a bunch of it. But it does suggest that Cohen had more than one reason to drop the Buzzfeed lawsuit.

If you spend any time at all in Techdirt's comments, you should be familiar with That Anonymous Coward. He's a prolific and regular commenter (with strong opinions). He also spends a lot of time on Twitter. Well, at least until a week or so ago when Twitter suspended his account. It's no secret that Twitter has been getting a lot of pressure from people to be more proactive in shutting down and cutting off certain accounts. There are even a bunch of people who claim that Twitter should suspend the President's account -- though we think that would be a really bad idea.

As we've pointed out in the past, people who demand that sites shut down and suspend accounts often don't realize how difficult it is to do this at scale and not fuck up over and over again. Indeed, we have plenty of stories about sites having trouble figuring out what content is really problematic. Indeed, frequently these stories show that the targets of trolls and abusers are the ones who end up suspended.

You can read TAC's open letter to Jack Dorsey, which also includes an account of what happened. In short, over a year ago, TAC responded to something Ken "Popehat" White had tweeted, and referred to himself -- a gay man -- as "a faggot." Obviously, many people consider this word offensive. But it's quite obvious from how it was used here that this was a situation of someone using the word to refer to himself and to reclaim the slur.

Twitter then demanded that he delete the tweet and "verify" his phone number. TAC refused both requests. First, it was silly to delete the tweet because it's clearly not "hateful content" given the context. Second, as someone who's whole point is being "Anonymous" giving up his phone number doesn't make much sense. And, as he notes in his open letter, people have tried to sue him in the past. There's a reason he stays pseudononymous:

Why do I have to supply a cell phone number to get back on the platform? I've been a user for 5 years and have never used a cell phone to access your service. I am a nym, but I am an established nym. I own the identity & amazingly there are several hundred people following my nym. I interact with the famous & infamous, they tweet back to me sometimes. I survived a few lawsuits trying to get my real name from platforms, because I called Copyright Trolls extortionists... they were offended & tried to silence me with fear of lawsuits. I'm still a nym, they've been indicted by the feds. There are other Copyright Trolls who dislike me, so staying a nym is in my best interest.

TAC also points out the general inconsistencies in Twitter's enforcement, noting that other slurs are not policed, and even the slur that caused his account to be shut down (over a year after he used it) did not lead to other accounts facing the same issues.

Incredibly, TAC points out that he appealed the suspension... and Twitter trust and safety rejected the appeal. It was only on the second appeal -- and seven days later -- that Twitter recognized its mistake and restored his account.

Now, some may be quick to blame Twitter for this mess, but it again seems worth pointing out what an impossible situation this is. Platforms like Twitter are under tremendous pressure to moderate out "bad" content. But people have very little understanding of two important things: (1) the scale at which these platforms operate, and (2) how difficult it is to determine what's "bad" -- especially without full context. The only way to handle reports and complaints at scale is to either automate the process, hire a ton of people, or both. And no matter which choice you make, serious mistakes are going to be made. AI is notoriously bad at understanding context. People are under pressure to go through a lot of content very quickly to make quick judgments -- which also doesn't bode well for understanding context.

So, once again, we should be pretty careful what we ask for when we demand that sites be quicker about shutting down and suspending accounts. You might be surprised who actually has their accounts shut down. That's not to say sites should never suspend accounts, but the rush to pressure companies into doing so represents a fundamental misunderstanding of how such demands will be handled. TAC's week-long forced sabbatical is just a small example of those unintended consequences.

One of the main reasons FOSTA/SESTA is now law is because of Facebook's vocal support for the bill. Sheryl Sandberg repeatedly spoke out in favor of the bill, misrepresenting what the bill actually did. In our own post-mortem on what happened with FOSTA/SESTA we noted that a big part of the problem was that many people inside Facebook (incredibly) did not appear to understand how CDA 230 works, and thus misunderstood how FOSTA/SESTA would create all sorts of problems. Last month, we noted that there was some evidence to suggest that Facebook itself was violating the law it supported.

However, a new article from Buzzfeed presents even more evidence of just how much liability Facebook may have put on itself in supporting the law. The article is fairly incredible, talking about how Facebook has allowed a group on its site that helps landlords seek out gay sex in exchange for housing -- and the report is chilling in how far it goes. In some cases, it certainly appears to reach the level of sex trafficking, where those desperate for housing basically become sex slaves to their landlords.

Today, in the first instalment of this series, we uncover some of the damage done to these young men – the sexual violence – by landlords, and reveal how they are being enabled by two major internet companies, one of which is Facebook. The world’s largest social media platform, BuzzFeed News can reveal, is hosting explicit posts from landlords promising housing in return for gay sex.

In multiple interviews with the men exchanging sex for rent and groups trying to deal with the crisis, BuzzFeed News also uncovered a spectrum of experiences that goes far beyond what has so far been documented, with social media, hook-up apps, and chemsex parties facilitating everything.

At best, impoverished young men are seeking refuge in places where they are at risk of sexual exploitation. At worst, teenagers are being kept in domestic prisons where all personal boundaries are breached, where their lives are in danger.

I've seen multiple people point out -- accurately -- that the article's focus on Facebook here is a little silly. The real focus should be on the "landlords" who are seeking out and taking advantage of desperate young men in need of a place to live. But, given that the focus is on Facebook, it certainly appears that Facebook has the knowledge required to be a violation of FOSTA/SESTA:

Despite the explicit nature of the postings on the group’s site, the administrator told BuzzFeed News that Facebook has not intervened. “We have never had an incident from Facebook,” he said. “If they [members] want to post something that will not fly with Facebook I write them, and tell them what needs to be changed.”

This has not stopped explicit notices being posted.

When approached by BuzzFeed News to respond to issues relating to this group, Facebook initially replied promising that a representative would comment. That response, however, did not materialise, despite several attempts by BuzzFeed News, over several days, to invite Facebook to do so. A week after first contacting the social media company, the group remains on its site.

It still seems wrong to blame Facebook for what the horrific landlords are doing here, but, hey, FOSTA/SESTA is now the law, and it's the law thanks in large part to Facebook's strong support for it. So, given all of this, will Facebook now face legal action, either from the victims of this group or from law enforcement?

After taking a hiatus from issuing bogus DMCA takedowns against this site, self-proclaimed poet "Shaun Shane" is back at it. The harassment of anyone who dares to publish a certain poem of Shane's -- the one about tongues made of glass -- is a (possibly) Texas-based cottage industry. The harassment continues to this day, but not much of it is directed at Google. Most of Shane's "work" is done over at Twitter, where tweets are greeted with takedown requests.

Presumably, this had led to an immeasurable increase in books sales for Shane. I mean, an unauthorized tweet = 1 lost sale, if I'm not mistaken. Whatever the case is, Shane is back to abusing the DMCA process for something that neither looks like fun nor for profit. Shane has issued several bogus takedown requests over the past couple of months.

Some are normal takedown requests targeting any place that has reproduced his poem. These are fine, but only by comparison. In other requests, targeting TorrentFreak, Boing Boing, Popehat, and Techdirt, some very interesting theories are being advanced. (But not respected. No one is being delisted for the imaginary crimes against IP that Shane has pitched to Google.)

This notice argues contributory infringement, claiming the posting of the poem in full somehow "encourages criminal infringement." That's as sane as the notices get. From there, all bets are off.

This one, targeting a Techdirt URL, attempts to fashion a defamation claim out of thin air (and all without once using the word "defamation").

The reported Url violates Title 28 U.S. Code § 4101 by making the false statement that I do not know the Director John Waters . I have know and been with friends with him since 1984. I was formal film student of his from 1985-86. I acted in the film "Reckless Eyeballs" directed by him. To prove these facts I will provide you with the phone number and email John Waters so you may verify these facts from him directly.

"Reckless Eyeballs" is mentioned on John Waters' Wikipedia page. But there are no links supporting it and it has "this film featured the poet Shaun Shane as the lead" appended to it for no apparent reason. Oh, wait. There's a very apparent reason. The IP address that added the edit traces back to Pearland, Texas, one of "Shaun Shane's" stomping grounds. So, make of that what you will. (And chances are you will make "Shaun Shane did not appear in a John Waters short" of it.)

Another notice, sent April 15, attempts to fashion a conspiracy theory out of Google juice.

I am the Author Shaun Shane, someone is using Bots to artificially raise the reported Url's ranking in Google search results beyond what Google's search algorithm has naturally assigned it and are engaging in "black Seo".

Apparently Shane realized there's no such thing as "black Seo" as the DMCA notices sent the following day attempt to amend that error.

I am the Author Shaun Shane. Someone is using Bots for the reported Url to artificially raise it's rank in Google search results and beyond what Googles search algorithm would naturally assign it and is engaging in Black Hat Seo.

This is better but still stupid. At least we have "Black Hat Seo" instead of "black Seo" to work with, but there's nothing artificial about these search engine rankings. The sites targeted by these notices are all high-ranking sites: Boing Boing, Popehat, Techdirt and… um… I guess, Twitter. (A Popehat tweet is also targeted.)

Welcome back, Shaun. The world is a little duller without you around. We await your newest conspiracy theory about SEO black magic and defamation that dare not speak its name. Meanwhile, we've been given another "anomaly" to file away with the hundreds of others in the annals of DMCA abuse.

The $19 MCSA SQL Server Certification Training Bundle will help prepare you to take the Microsoft Certification Exam 70-764 and the Microsoft Certification Exam 70-765. You'll learn how to configure data access, permissions and auditing, perform encryption on server data, deploy a Microsoft Azure SQL database, and more over 53 hours of training content.

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

Just a few weeks ago we wrote about how a group of sex workers, in response to the passing of FOSTA/SESTA, had set up their own social network, called Switter, which was a Mastodon instance. As we noted in our post, doing so was unlikely to solve any of the problems of FOSTA/SESTA, because it's perhaps even more likely that Switter itself would become a target of FOSTA/SESTA (remember, with FOSTA, the targeting goes beyond "sex trafficking" to all prostitution).

And, indeed, it appears I was not the only one to think so. The organization that created Switter, Assembly Four, put up a note saying that Cloudflare had shut down Switter claiming the site was in violation of its terms of service.

Cloudflare has been made aware that your site is in violation of our published Terms of Service. Pursuant to our published policy, Cloudflare will terminate service to your website.

Cloudflare will terminate your service for switter{.}at by disabling our authoritative DNS.

Assembly Four asked Cloudflare to clarify just what term it had violated and the company has now come out and noted that it reluctantly pulled the plug on Switter out of a fear that it would create criminal liability for Cloudflare under FOSTA/SESTA. Cloudflare was among the companies who lobbied against the bill, and they note that they disagree with the way the bill was drafted -- but given the nature of the law, the company feels compelled to take this action:

“[Terminating service to Switter] is related to our attempts to understand FOSTA, which is a very bad law and a very dangerous precedent,” he told me in a phone conversation. “We have been traditionally very open about what we do and our roles as an internet infrastructure company, and the steps we take to both comply with the law and our legal obligations—but also provide security and protection, let the internet flourish and support our goals of building a better internet.”

Remember, this was a site for sex workers to communicate with each other. It was purely a platform for speech. And it's being shut down because of fears from the vague and poorly drafted FOSTA/SESTA bill. In other words, yet more confirmation that just as free speech experts predicted, FOSTA/SESTA would lead to outright suppression of speech.

I've seen some complaints on Twitter that Cloudflare should have stood up for Switter and not done this. I don't think that's reasonable. The penalties under FOSTA/SESTA are not just fines. It's a criminal statute. It's one thing to take a stand when you're facing monetary damages or something of that nature. It's something altogether different when you're asking a company to stand up to criminal charges based on a law that is incredibly vague and broad, and for which there is no caselaw. Yes, it would be nice to have some companies push back and potentially help to invalidate the law as unconstitutional, but you can't demand that of every company.

I am curious, though, how supporters of FOSTA/SESTA react to this. Do they not care that sex workers want to be able to communicate? Do they not care that social networks are being shut down over this? Do they not care about speech being suppressed?

Texas attorney Mark Bennett -- instrumental in getting an unconstitutional "peeping tom" law tossed in 2014 -- has scored another win for the First Amendment by getting an unconstitutional revenge porn law tossed. It's not that anyone (except revenge porn purveyors) wants to see revenge porn go unchecked. It's that there's plenty of laws on the books already to address the problem and those written to target revenge porn tend to do collateral damage to the Constitution.

Mark Bennett began this fight back in 2015, right after the law went into effect. As Scott Greenfield reports, Bennett has secured a win in the 12th District Court of Appeals, reversing the lower court's finding the law was First Amendment-compliant.

As has been argued from the day Mary Anne Franks began her efforts to create a criminal revenge porn statute, it clearly implicated the First Amendment’s prohibition against laws infringing on free expression, to which she merely screamed her denials and did her best to deflect by creating a fantasy interpretation of the First Amendment. The court made swift work of it.

In the instant case, Section 21.16(b) proscribes the disclosure of certain visual material, including any film, photograph, or videotape in various formats. Because the photographs and visual recordings are inherently expressive and the First Amendment applies to the distribution of such expressive media in the same way it applies to their creation, we conclude that the right to freedom of speech is implicated in this case.

As the court notes, the restriction on revenge porn is content-based. Content-based restrictions require greater scrutiny to adhere to the Constitution and Texas' law cannot hold up to this level of scrutiny. From the decision [PDF]:

In the instant case, the State conceded at oral argument that Section 21.16(b) properly is subject to strict scrutiny analysis. We agree. Here, Section 21.16(b)(1) does not penalize all intentional disclosure of visual material depicting another person. See TEX. PENAL CODE ANN. § 21.16(b)(1). Rather, Section 21.16(b)(1) penalizes only a subset of disclosed images, those which depict another person with the person’s intimate parts exposed or engaged in sexual conduct. See id. § 21.16(a)(1), (3), (b)(1). Therefore, we conclude that Section 21.16(b)(1) discriminates on the basis of content.

The state tried to claim revenge porn is always obscene material. As the court points out, the state cannot make this determination on its own. It needs the court's help and, further than that, courts need a jury's help to determine whether or not disputed content is actually obscene.

Then it points out the obvious flaw in this argument -- one the state should have caught before arguing a new, unconstitutional law was needed to regulate obscenity.

Here, Section 21.16 does not include language that would permit a trier of fact to determine that the visual material disclosed is obscene. Moreover, if, as the State argues, any visual material disclosed under Section 21.16(b) is obscene, the statute is wholly redundant in light of Texas’s obscenity statutes.

Having dispensed with the state's attempts to salvage a redundant law, the court gives it this send off -- a light kick to ass of legislators and the state's legal counsel: DO BETTER.

At the very least, Section 21.16(b)(2) could be narrowed by requiring that the disclosing person have knowledge of the circumstances giving rise to the depicted person’s privacy expectation. But because Section 21.16(b) does not use the least restrictive means of achieving what we have assumed to be the compelling government interest of preventing the intolerable invasion of a substantial privacy interest, it is an invalid content-based restriction in violation of the First Amendment.

Once again, it's not that revenge porn should be ignored. It's that it's almost impossible to craft a law targeting revenge porn without doing damage to the First Amendment. As multiple prosecutions have shown, revenge porn purveyors tend to break plenty of existing laws. Prosecutors and regulators have had little problem shutting down sites using laws not specifically created to target revenge porn. The problem is most legislators like to appear to be doing something about societal issues, but often have little interest in ensuring their proposed statutes are Constitutionally-sound before pushing them across governors' desks. As the court points out here, a little care taken during the crafting process would have gone a long way towards keeping this law alive.

Just as places like Russia are getting more aggressive with companies like Google and Amazon in seeking to stop online communications they can't monitor, Google made a move that really fucked over a ton of people who rely on anti-censorship tools. For years, various anti-censorship tools from Tor to GreatFire to Signal have made use of "domain fronting." That's a process by which services could get around censorship by effectively appearing to send traffic via large companies' sites, such as Google's. The link above describes the process as follows:

Domain fronting works at the application layer, using HTTPS, to communicate with a forbidden host while appearing to communicate with some other host, permitted by the censor. The key idea is the use of different domain names at different layers of communication. One domain appears on the “outside” of an HTTPS request—in the DNS request and TLS Server Name Indication—while another domain appears on the “inside”—in the HTTP Host header, invisible to the censor under HTTPS encryption. A censor, unable to distinguish fronted and nonfronted traffic to a domain, must choose between allowing circumvention traffic and blocking the domain entirely, which results in expensive collateral damage. Domain fronting is easy to deploy and use and does not require special cooperation by network intermediaries. We identify a number of hard-to-block web services, such as content delivery networks, that support domain-fronted connections and are useful for censorship circumvention. Domain fronting, in various forms, is now a circumvention workhorse.

In short, because most countries are reluctant to block all of Google, the ability to use Google for domain fronting was incredibly useful in getting around censorship. And now it's gone. Google claims that it never officially supported it, that this was a result of a planned update, and it has no intention of bringing it back:

“Domain fronting has never been a supported feature at Google,” a company representative said, “but until recently it worked because of a quirk of our software stack. We’re constantly evolving our network, and as part of a planned software update, domain fronting no longer works. We don’t have any plans to offer it as a feature.”

As Ars Technica notes, companies like Google may be concerned that it could lead to larger blocks that could harm customers. But, as Access Now points out, there are larger issues at stake, concerning individuals who are put at risk through such censorship:

“As a repository and organizer of the world’s information, Google sees the power of access to knowledge. Likewise, the company understands the many ingenious ways that people evade censors by piggybacking on its networks and services. There’s no ignorance excuse here: Google knows this block will levy immediate, adverse effects on human rights defenders, journalists, and others struggling to reach the open internet,” said Peter Micek, General Counsel at Access Now. “To issue this decision with a shrug of the shoulders, disclaiming responsibility, damages the company’s reputation and further fragments trust online broadly, for the foreseeable future.”

“Google has long claimed to support internet freedom around the world, and in many ways the company has been true to its beliefs. Allowing domain fronting has meant that potentially millions of people have been able to experience a freer internet and enjoy their human rights. We urge Google to remember its commitment to human rights and internet freedom and allow domain fronting to continue,” added Nathan White, Senior Legislative Manager at Access Now.

Google doesn't need to support domain fronting, and there are reasonable business reasons for not doing so. But... there are also strong human rights reasons why the company should reconsider. In the past, Google has taken principled stands on human rights. This is another time that it should seriously consider doing so.