Five Years Ago

This week in 2013, we learned more about the UK's GCHQ and its use of a packet injection attack to hack an internet exchange, garnering a combined response of "no comment but by the way that would be totally legal" from the agency. John McCain said in an interview that Keith Alexander should be fired (for the wrong reasons) then nonsensically denied the comments. And while the author of the PATRIOT act was telling the EU Parliament that the NSA is out of control, some people were looking at the agency's customer list and noticing that its denials of economic espionage were suspect at best.

Meanwhile, this was also the week that the the TPP's IP chapter leaked for the first time, and it was as bad as expected (and even worse than ACTA). Law professors called on Obama to open up the TPP process while Congress was showing signs of being a bit more reluctant to grant fast track authority, and perhaps the most nefarious part of the chapter was its attempt to make copyright reform impossible.

Ten Years Ago

This week in 2008, broadband providers were rolling out usage caps and patronizingly advertising the number of emails that could be sent under the limits, while the industry's apologists pushed the narrative that there was a growing bandwidth crunch (there wasn't). The EU was giving bogus excuses for keeping ACTA secret while another bad copyright deal, the Broadcasting Treaty, was apparently coming back from the dead again. China officially recognized the concept of internet addiction and it was quickly used as a defense in a murder trial. And the FBI's expensive crusade to catch the leakers of the Guns N' Roses album Chinese Democracy ended ignominiously with a blogger pleading guilty to a misdemeanor.

Fifteen Years Ago

This week in 2003, as we marked the 20th anniversary of the computer virus, and internet advertising started recovering from an early collapse, it was beginning to look like a lot of '90s promises about the internet were beginning to arrive, just a little late. Not every offering was impressive, of course, such as Sprint's introduction of TV on mobile phones... at two framers per second. People were blaming Microsoft for the failure of one new product category that wouldn't take off until Apple stepped in several years later: tablet computers. But there was also a new, curious and exciting trend on the rise, referred to sometimes as "social software" and sometimes "social networking". As you know, it never really took off.

Just recently we wrote about why blockchain-based DRM was a terrible idea, and it could be summed up by the simple fact that a blockchain solves none of the "problems" of DRM today, and leverages none of the actual benefits of a blockchain. And... now I feel like writing basically the same exact post around blockchain voting. Like blockchain DRM, blockchain voting is one of those ideas that gets tossed around a lot. For decades, lots of people who actually understand computer security have explained why online voting is a horrifically bad idea in that it involves effectively unsolvable problems. It's not that it's a "hard" problem, it means that online voting is effectively impossible without massive changes to almost everything we do in ways that we can't really comprehend right now. There are some serious researchers who are thinking about this, but to date, there is nothing even remotely close to to being acceptable, and there may never be.

And yet, the "simplest" way that some people understand the risks of online voting is basically "it would be bad if someone could change your vote and no one would know." That's an easy to understand point to make, but the problems with online voting go way, way beyond that. Do a simple Google search on why online voting is a terrible idea and you'll get dozens of on-point results, but if you want a nice, simple explanation of just the first pass of potential risks with online voting, check out this video from a couple years ago by Princeton professor Andrew Appel, who has been studying voting security for many, many years:

It's 21 minutes, and if you're unsure of why internet voting is dangerous or think there's a simple solution, I'd urge you to watch it. But for those who don't, I'll just toss up one single slide from the presentation, which is not even remotely comprehensive in the list of potential problems with online voting:

That doesn't even get at a number of other potential issues (some of which are discussed in the video). And yet -- as with blockchain-for-DRM -- there's always someone who thinks that the only real problem is the double spend problem. Enter Alex Tapscott and the NY Times. Alex Tapscott is the son of Don Tapscott, who has written a number of fairly influential books related to technology and innovation, including "Growing up Digital" and "Wikinomics." In 2016, he teamed up with his son, Alex, and wrote a book called "The Blockchain Revolution," which is a fun read (they sent me a copy), if a bit overly excited in its analysis of potential implementations of the blockchain. As I've said in the past, I'm a believer that blockchain/tokens can completely revolutionize a few areas of the internet, but people have yet to really figure out which areas can take advantage of what is unique about the blockchain (beyond highly volatile currencies).

My favorite review of the book on its Amazon page includes this lovely sentence: "After the opening chapter, it turns into a rambling acid trip of delusional fantasies about exactly how blockchain will inevitably fix all the things wrong with society and the world."

Anyway, along comes Alex Tapscott and on election day, the NY Times gave him precious space to spew utter nonsense about how it's time for online voting... via the blockchain.

The key weakness of early online voting systems was the inability to solve what cryptographers called the “double spend problem.” When we send a file on the internet, we’re actually sending a copy of that file; the original remains in our possession. This is acceptable for sharing information but unacceptable for recording votes in elections. The possibility that individuals could cast their ballots multiple times for a candidate made these systems useless — just as vulnerable as paper ballot systems. Points of failure included susceptibility to hackers, coding bugs, and human error. With enough resources, any rogue could “stuff” a digital ballot box with illegitimate votes.

Except... that's not the key weakness in early online voting systems. It is one problem, but kinda far down the list. Look at that still from Appel's video above. Double spending isn't even there, really. Yet, Tapscott's piece acts as if it's the biggest problem, and easily solved with blockchain.

Since the NY Times published that article, plenty of folks with actual computer security expertise have stepped up to debunk it. Ben Adida, the Executive Director of a new organization called Voting Works, attempting to build secure, open source voting machines, actually debunked it a year ago (that's how good he is):

In a typical election setting with secret ballots, we need:

1. enforced secrecy: a way for each voter to cast a ballot secretly and no way to prove how they voted (lest they be unduly influenced)
2. individual verifiability: a way for each voter to gain confidence that their own vote was correctly recorded and counted.
3. global verifiability: a way for everyone to gain confidence that all votes were correctly counted and that only eligible voters cast a ballot.

Let’s say we have a Blockchain-style distributed database. How far does that get us to meeting these needs?

A distributed database of all cast votes, where everyone sees the same state of the world, would certainly be useful for (3) global verifiability and to some degree for (2) personal verifiability. That said, it won’t get us all the way there on those, and it won’t get us anywhere on (1) enforced secrecy.

Specifically, to combine personal verifiability with enforced secrecy, we need some mechanism that gives each voter enough confidence that their vote made it all the way to the tally, but not so much that they can sell their vote to a buyer/coercer. A public ledger of plain votes is a terrible idea, since that makes vote selling trivial. A public ledger of vote tracking numbers of sorts is better for privacy, though it doesn’t really provide actual verifiability that the contents of the ballot weren’t tampered with. Clearly, we need something more, and that something simply isn’t provided by a distributed ledger.

In a typical election setting with secret ballots, we need:

1. enforced secrecy: a way for each voter to cast a ballot secretly and no way to prove how they voted (lest they be unduly influenced)
2. individual verifiability: a way for each voter to gain confidence that their own vote was correctly recorded and counted.
3. global verifiability: a way for everyone to gain confidence that all votes were correctly counted and that only eligible voters cast a ballot.

Let’s say we have a Blockchain-style distributed database. How far does that get us to meeting these needs?

A distributed database of all cast votes, where everyone sees the same state of the world, would certainly be useful for (3) global verifiability and to some degree for (2) personal verifiability. That said, it won’t get us all the way there on those, and it won’t get us anywhere on (1) enforced secrecy.

Specifically, to combine personal verifiability with enforced secrecy, we need some mechanism that gives each voter enough confidence that their vote made it all the way to the tally, but not so much that they can sell their vote to a buyer/coercer. A public ledger of plain votes is a terrible idea, since that makes vote selling trivial. A public ledger of vote tracking numbers of sorts is better for privacy, though it doesn’t really provide actual verifiability that the contents of the ballot weren’t tampered with. Clearly, we need something more, and that something simply isn’t provided by a distributed ledger.

That's only part of Adida's thorough takedown of the concept.

Tim Lee at Ars Technica highlighted another batch of problems:

Tapscott focuses on the idea that blockchain technology would allow people to vote anonymously while still being able to verify that their vote was included in the final total. Even assuming this is mathematically possible—and I think it probably is—this idea ignores the many, many ways that foreign governments could compromise an online vote without breaking the core cryptographic algorithms.

For example, foreign governments could hack into the computer systems that governments use to generate and distribute cryptographic credentials to voters. They could bribe election officials to supply them with copies of voters' credentials. They could hack into the PCs or smartphones voters use to cast their votes. They could send voters phishing emails to trick them into revealing their voting credentials—or simply trick them into thinking they've cast a vote when they haven't.

[...]

But let's think about how this would play out in practice. Suppose it's mid-November 2020 and Donald Trump has narrowly won reelection. A few thousand voters in key swing states come forward to say that they intended to vote for Trump's opponent but their vote was recorded for Trump instead. Thousands of others say they tried to vote for Trump—or against him—but their votes weren't counted.

Was that due to hackers meddling with the vote, technical snafus, or user error? Were some of them just misremembering how they had cast their ballots? There would be no way to know for sure.

An important property for an election is finality: you want a well-understood process that makes people confident in the result. The paper-based process used in most states today isn't perfect, but it's pretty good on this score. Each vote is recorded on a paper ballot that's available for anyone to look at. Everyone understands how paper ballots work. People can observe the vote-counting process to verify that no ballots were altered. So not only does the process usually lead to an accurate count of peoples' votes, it also builds public confidence in the integrity of the result.

Blockchain voting would be much, much worse. Hardly anyone understands how a blockchain works, and even experts don't have a good way to observe the online voting process for irregularities the way an election observer does in a traditional paper election. A voter might be able to use her private key to verify how her vote was recorded after the fact. But if her vote wasn't counted the way she expected (or wasn't counted at all) she'd have no good way to prove that she tried to vote a different way.

Just a few months back, we also wrote about the terrible idea that West Virginia was experimenting with, via a company called Voatz (which is mentioned in Tapscott's article) that was building a "blockchain-based" system to allow military personnel overseas to vote via their mobile phones. And of course, as we noted at the time, it had all the same problems of all these systems. What it adds in "convenience" (if anything) is completely outdone by the security nightmare it creates.

Again, I still think blockchains have some potential to do some pretty useful things, but the idea that they can solve any old basically impossible under current realities technology problem by sprinkling magic "crypto" and "distributed" pixie dust on the problem is not a good look. Which should lead people to asking why the NY Times is publishing it without any fact checking at all?

We've obviously talked about the great deal of harm that a protectionist view of copyright can cause, both in terms of its ability to deny the public useful innovations and its use by the powerful to bully the weak. But one of the harms in protectionism and the ever-expanding culture of ownership that pervades modern life that is less talked about, possibly because it's somewhat obvious, is its sheer ability to bog down individuals in an absurdly lengthy legal process that seems to move at a pace purposefully calibrated to be as frustrating as possible.

A great example of this is the copyright case Conan O'Brien is embroiled in still, all over accusations that he and his writing staff "stole" a handful of jokes from a freelance comedian, who has claimed copyright over them. We first wrote about this case in the first half of 2017, where a judge had greenlit all of this for a jury trial, but the lawsuit itself was actually filed back in 2015. And, incredibly, it's still going on. The clock is still running at three years, with the most recent news being that the court has refused to allow O'Brien's team two affirmative defenses based on the actions of the plaintiff.

The court on Thursday dismissed two of O'Brien's affirmative defenses, one arguing that Kaseberg had committed fraud on the copyright office and the other that he isn't entitled to relief because he withheld relevant documents during discovery and has "unclean hands."

"Even if omission of the Court’s ultimate conclusion that the jokes were entitled only to thin copyright protection were misleading, however, the Court would have to conclude that there was no intent to defraud here," writes Sammartino. "It is undisputed that Plaintiff’s counsel attached a copy of the Court’s full Order to the letter to the Office. Had Plaintiff been attempting to pull a fast one on the Office by misrepresenting the Court’s Order, he would not have provided the Office with a means of verifying that deception."

I would quibble with the court's logic in that, actually. After all, the Copyright Office is not known for its stringent background checking work generally speaking. More generally, how often do we encounter folks making assertions with citations that don't fully support those assertions, as a way to try to bolster their claim under the assumption that nobody is actually going to dissect the citation? That happens all the time.

That said, the ruling isn't blatantly silly. Unlike, say, the fact that O'Brien is still dealing with a lawsuit nearly four years running due to a claim of copyright over a couple of jokes. Anyone that would want to claim that that isn't absurd needs medical care, in my view.

By the time some qualified immunity cases hit the appellate level, there's an air of "why are we even discussing this" about them. But if there's even a 1% chance the next level of review might overturn a lower court ruling, the cases will addressed, no matter how obvious their conclusions.

This is one of those cases. In this one, it's a police officer needing to hear one more time that the shit they pulled just isn't legal. It started with a parking ticket and ended with the ticketee being shot by a police officer. In between, there was a misunderstanding and an altercation. And, after this review, the odds are even lower that the officer is going to be able to talk a judge or jury into excusing his actions. Here's the backstory:

Craig Strand, a truck driver, needed to take a mandatory drug screening. Since he was unable to fit his truck in the testing facility's parking lot, he obtained permission to park it at a nearby Planned Parenthood office. Officer Curtis Minchuk, who was providing security for Planned Parenthood while in uniform and with the blessing of his department, saw Strand's truck and left two parking tickets on its windshield.

Strand returned to his truck and saw the tickets. He returned to the Planned Parenthood office to inquire about them and was directed to meet Officer Minchuk in the parking lot. Strand explained he had received permission to park there. This is where things went downhill for Strand, his rights, and his as-of-yet unwounded body.

From the decision [PDF]:

Minchuk had no interest in discussing the tickets beyond, as the district court observed, allegedly soliciting a bribe from Strand.

Let's pause there for effect. Officer Minchuk didn't want to be right. He wanted to be paid. Any explanation Strand offered would have been ignored. Strand realized this and made preparations to leave, but not before gathering a little exculpatory evidence.

After Strand declined to pay, Minchuk drove to the back of the Planned Parenthood facility. Strand started his rig, but before driving away used his cell phone to take pictures of the parking lot, thinking he might need them to show the absence of no‐parking signs to contest the tickets.

In response to this non-threatening (at least to Minchuk's life, but perhaps not his livelihood), the officer decided to thug out.

Observing from a distance, Officer Minchuk returned to the truck and ordered Strand to leave immediately. Strand said he would leave as soon as he finished taking pictures. Minchuk responded by saying he was calling a tow truck and telling Strand he had two minutes to leave.

The situation then escalated. Stepping toward Strand, Officer Minchuk admonished, “I told you to get the f*** outta here,” and slapped Strand’s cell phone to the ground. Minchuk then demanded Strand’s identification; Strand refused and countered by demanding Minchuk’s badge number. Minchuk replied, “I said, give me your I.D.” and grabbed Strand by his shirt and neck, resulting in Strand’s shirt tearing off his body. Minchuk attempted to push and tackle Strand to the ground, with Strand resisting by holding on to Minchuk’s arm.

According to Officer Minchuk, Strand got the upper hand. The officer was punched three times before being grabbed by the throat. Minchuk claimed he feared for his life and that, if he passed out, Strand would take his gun and shoot him.

But that's not what happened. Strand decided to disengage and de-escalate.

The fist fight ceased when Strand stood up, backed four to six feet away from Officer Minchuk, put his hands up, and said, “I surrender. Do whatever you think you need to do. I surrender, I’m done.”

Of all the possible ways Officer Minchuk could have reacted to Strand's capitulation, he chose the worst:

While still on the ground, Minchuk responded by removing his gun from its holster and firing a shot at Strand, striking him in the abdomen.

The lower court denied Minchuk qualified immunity. It pointed to unresolved facts that prevented it from dismissing the case at this point. Minchuk stuck to his "feared for my safety" guns to explain his use of his actual gun, but the record shows only 21 seconds passed between Minchuk calling for backup and the 911 call reporting the shooting, which was placed by a Planned Parenthood employee. This strongly suggests Minchuk performed no reassessment of the situation after Strand stood up, walked away, put his hands up, and (twice) said he surrendered.

The appeals court won't be extending qualified immunity to Officer Minchuk either. It makes several good points, the first of which deals with Strand's apparent surrender. If officers are justified in shooting surrendering suspects, this leaves arrestees zero options to avoid being shot. That's an obviously ridiculous outcome.

Officer Minchuk resorted to the use of deadly force at a time when Strand had stopped fighting, separated from Minchuk, stood up, stepped four to six feet away from Minchuk, and, with his hands in the air, said, “I surrender. Do whatever you think you need to do. I surrender, I’m done.” The record shows that Strand was unarmed at all points in time. Furthermore, upon standing, raising his hands, and voicing his surrender, Strand never stepped toward Minchuk, made a threatening statement, or otherwise did anything to suggest he may resume fighting or reach for a weapon.

But that's not everything Minchuk did wrong. Minchuk is the one who provoked the situation to the point it turned into an altercation. He doesn't get to pretend someone leaving a parking lot after receiving parking tickets is an inherently dangerous situation requiring the use of deadly force.

Recall, too, the broader circumstances that led to the shooting. The police were not in hot pursuit of an individual known to be armed and dangerous. Nor had the police responded to a report of violent crime or otherwise arrived at a location only to find an individual engaged in violent or menacing conduct or acting so unpredictably as to convey a threat to anyone present.   

To the contrary, the entire fracas leading to Officer Minchuk’s use of deadly force began with his issuance of parking tickets. After Strand declined to make an on‐the‐spot cash payment and instead sought to take pictures to show the absence of no‐parking signs, Officer Minchuk allowed the situation to escalate and boil over by slapping Strand’s cell phone to the ground and then tearing Strand’s shirt from his body.

As the court points out, this isn't even a difficult call. Any reasonable jury would find Minchuk's shooting of Strand to be a Fourth Amendment violation. Shooting someone is seizing someone, depriving them of their liberty and, quite often, their life.

The Fourth Amendment does not sanction an officer—without a word of warning—shooting an unarmed offender who is not fleeing, actively resisting, or posing an immediate threat to the officer or the public.

This doesn't mean Minchuk won't ultimately be granted immunity, but it seems very unlikely the remaining disputed fact -- the amount of time that passed between Strand walking away from the fight and putting his hands up, and Minchuk's shooting of the surrendering Strand -- would push a jury (or a judge) to find in favor of the officer. But the appeals court can't make the final determination until this factual dispute is resolved. The case is remanded to the lower court, but the appellate decision includes this passage, which throws a bunch of cold water on Minchuk's QI hopes.

Factual disputes do not resolve on the force of say so, however. What Officer Minchuk sees as undisputed—whether Strand continued to pose a threat at the moment Minchuk deployed deadly force—is actually unresolved and indeed vigorously contested by Strand. For Minchuk to prevail at this stage, the record must show that he fired while Strand still posed a threat. Instead, the record shows that Strand had backed away, voiced his surrender, and up to five, ten, or fifteen seconds may have elapsed while Strand stood with his hands in the air.

Officer Minchuk screwed up. And he should get the chance to pay for it. According to the facts of the case, he turned two parking tickets into a shooting by being as much of an asshole as possible every step of the way. And he topped it all off by shooting someone who had their hands in the air and had twice stated they surrendered. That's garbage police work that doesn't deserve the immunity he's seeking.

Fifty years after the passage of the Freedom of Information Act, the letter of the law lives on but its spirit has been crushed. While it's definitely preferable to having no opportunity to demand government agencies hand over requested documents, it's not the significant improvement it was promised to be.

As was noted here four years ago, the government has pretty much adopted a presumption of opacity that necessitates the filing of lawsuits. This contradicts the law's intentions, as well as proclamations made by President Obama, who declared his administration the "most transparent." This assertion fell flat when government agencies engaged in FOIA business as usual and Obama did nothing to hold them accountable.

If you really want the government to turn over documents, you have two choices: lawyer up or add your pending FOIA requests to your will. That is the sad reality of the situation, as C.J. Ciaramella of Reason points out.

If you don't have the money to lawyer up, you'll have to content yourself with waiting months, and often years, for documents. The average time to receive a processed FOIA request from the State Department in fiscal year 2017 was 652 days, for example. The average time to receive a response to an administrative appeal was 503 days.

And that's just the stats for one agency. The FOIA Project has compiled the stats for this year's FOIA requests and found there are more requests being filed than ever before, leading to the inevitable outcome of more FOIA lawsuits being filed than ever before.

The annual rate of filed lawsuits has more than doubled under President Trump. So far this year, 860 lawsuits have been filed, compared to 402 filed in 2016. This presidency has triggered renewed interest in the FOIA process, resulting in waves of requests hitting agencies like the DOJ and DHS, as well as agencies (EPA, HHS) whose top officials have been caught behaving badly.

Rather than greet the demand with increased supply, government agencies have stayed the course they've held for the last 50 years. While there have been some welcome introductions like online filing portals and release-to-all policies for documents with significant public interest, the rate of incoming requests continues to exceed the capacity to fulfill them. But no money will be thrown to FOIA response teams. This is a part of the government that the government tends to feel can remain underserved forever.

If you want to know how bad it is, the FOIA Project has a set of data tools that allow you to sort the data to see who's screwing requesters most often, based on the number of times they've been taken to court. (Unsurprisingly, the FBI has been sued most often, including this recent filing from Buzzfeed's Jason Leopold over documents related to the agency's investigation of sexual assault complaints against Supreme Court Justice Brett Kavanaugh.)

If there's any bright side to this, it's that the apparent need to lawyer up when seeking documents is no longer (mostly) a corporate playground. Having unlimited access to in-house lawyers has turned the FOIA process into a research tool for corporations seeking an edge on competitors or simply fishing for info other companies might want to keep secret, but the government is more than happy to dispense to whoever asks.

In FY 2018, nonprofits comprised 56 percent of all FOIA lawsuits brought against the government. Nonprofits became increasingly active under the Obama Administration, but emerged as the majority of all FOIA lawsuit plaintiffs after President Trump took office. In FY 2016, nonprofit filers comprised just 36 percent of plaintiffs, whereas they comprised 50 percent or more in FY 2017 and FY 2018 (see previous report, “FOIA Suits Filed by Nonprofit/Advocacy Groups Have Doubled Under Trump”). Suits filed by reporters and news organizations also have been increasing.

The Freedom of Information Act is limping towards its sixth decade of existence, better than nothing, but nothing near what it was imagined it would become. Reform efforts continue to fail, largely due to government agency interference and pressure. Five decades of this has turned the FOIA process into a battle of wills that almost always takes place in a federal courtroom. Despite this, more FOIA requests are being filed than ever -- perhaps a testament to the indomitable American spirit… or an almost-masochistic unwillingness to take "no" for an answer.

A Canadian politician is getting upset -- litigiously upset -- that people are characterizing him by the company he keeps. Parliament member Kerry Diotte's legal rep (Arthur Hamilton of Cassel Brock Lawyers) has sent takedown demands to a handful of Twitter users for calling him a racist.

Bashir Mohamed was one such user. His tweet called Diotte a racist for "openly associating" with "white supremacists like Faith Goldy." Goldy was, until recently, a correspondent for the Breitbart-esque Rebel Media. Rebel Media is run by another pal of Diotte's, Ezra Levant, who has shown support for white nationalist groups like the one that headed up the Charlottesville "Unite the Right" rally that ended with a car being driven into the crowd by someone with white nationalist views.

If anyone wants to questions Goldy's white nationalist association -- and by extension, Diotte's tacit approval of her ideals -- here's Goldy in her own words and actions.

In the opening moments of her video, Goldy denied the suggestion that just because she sympathizes with some of what the Charlottesville organizers have said, she is a white supremacist, a racist, or a neo-Nazi. At the same time, however, Goldy conceded she "does not bathe in the guilt of white tears" and that she is an opponent of "state multiculturalism" and "cultural Marxism," all terms that fall easily into the lexicon of white nationalism. And she made an appearance in a podcast broadcast by the Daily Stormer, a notorious and unabashed neo-Nazi, anti-Semitic and white supremacist website.

Why would a politician want to associate themselves with an extremist? Maybe it's because Diotte doesn't necessarily find these views extreme.

[C]onservative politicians — Mr. Diotte included — have been perfectly content to embrace extremely dubious allies like Ezra Levant’s alt-right outfit The Rebel, climate denialists like the Friends of Science, and anti-LGBTQ activists like Parents for Choice in Education. Even Brian Jean’s new campaign manager, Hamish Marshall, is a co-founder of The Rebel.

Why all this background? Because it sets the stage for Mohamed's tweet… and the ridiculousness of Diotte's takedown demand. This is what Diotte's lawyer baselessly asserts in his legal threat [PDF], referring to Mohamed's "Diotte is a racist" statement:

You know such statements to be inflammatory and untrue. You are also fully aware of the danger of releasing such libelous and slanderous statements on a medium such as Twitter, given the ability of your statements to be replicated and rebroadcast by others.

The statement may be "inflammatory," but there's no indication Mohamed believes it to be untrue. And that's the key here: this isn't a blatant false statement made with knowledge that it isn't true. It's a statement of opinion based on Diotte's actions and the people he chooses to associate with. If you hang out with and support people others believe are racists, they're going to believe you're a racist too. That's how association works. And it's a really dumb thing to predicate a lawsuit on, especially when you might be asked to demonstrate how hanging out with white nationalists indicates a lack of bigotry on your part.

No one likes to be called a racist. Not even most racists. The Huffington Post reports Diotte is sending out legal threats to other Twitter users who've recently called him a racist, using the same boilerplate.

At least three other people, also in their early 20s, received a similar letter from Diotte's lawyer. Haiqa Cheema, 22, has left up her tweet about Diotte from Oct. 24. She and two others declined to comment when reached by HuffPost.

Canada's defamation laws are friendlier to plaintiffs than ours, but this is still a long shot. The response letter [PDF] from Mohamed makes it clear this isn't defamation, but rather protected speech.

Mr. Diotte is a Member of Parliament, a public figure, who in the past has posed with Ms. Faith Goldy ("Goldy"), a renowned White nationalist and racist, in photos that he himself has posted on social media. Mr. Diotte has praised the work of Ms. Goldy publicly. Mr. Diotte also has a history of liking tweets made by well known racist twitter accounts. Mr. Diotte has failed to denounce these White nationalists and racists even after people have called on him to do so. Mr. Diotte has failed to distance himself from the dangerous ideologies these individuals hold and espouse.

[...]

Considering the circumstances, Mr. Mohamed's tweets represent fair comment, and touches on matters in the public interest: a Member of Parliament expressing support for a well known White nationalist and racist, has for the past number of years been at the source of inflammatory statements regarding the place and status of minorities in Canada.

The only thing Kerry Diotte is guaranteed to obtain from these legal threats is more people seeing assertions he's a racist, and digging into his professional and personal relationships for evidence supporting this claim. Diotte isn't looking for a courtroom victory. He's just looking to shut up as many critics as possible, as quickly as possible. And it hasn't been a complete failure. Some tweets have come down and some Twitter users are refusing to discuss this publicly. But others are fighting back, and that's only going to make Diotte look vindictive as well as bigoted.

The Ultimate Raspberry Pi eBook Bundle will help you unlock the true potential of your Raspberry Pi. You'll learn how to make motion detectors, how to create 3D worlds by using the Raspberry Pi's powerful GPU, how to quickly assemble and operate a Pi 3 supercomputer in the shortest possible time, and much more. The bundle is on sale for $19.99

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

A couple of years ago, we first discussed how Nintendo, long-time maximalists on intellectual property concerns, decided to open up a new front against ROM sites. What at first looked like it might be something of a surgical strike mission-creeped this past summer into a full war on ROM sites generally, with Nintendo using a buckshot lawsuit approach. Many sites simply voluntarily shut down, sweeping away decades of video game history to be once again locked up by Nintendo, while others stared down the company's legal guns. All this, of course, as Nintendo was showing how silly this all is given the insane performance of its Nintendo retro consoles.

Well, it looks like the output of this effort is going to be Nintendo playing games with at least one of these suits, getting a settlement that nobody thinks it's actually going to pursue in full just to have a multi-million dollar number to threaten other sites with. The husband and wife operators of LoveROMS.com have agreed to a $12 million settlement they can't pay, and likely won't have to, to have Nintendo call off its dogs.

Today we can report that both sides have indeed reached a deal. They agreed to a consent judgment and a permanent injunction that will resolve all outstanding disputes. Paperwork obtained by TorrentFreak shows that Mathias and his wife admit that their involvement with the websites constituted direct and indirect copyright and trademark infringement, which caused Nintendo irreparable injury.

However, on paper, the married couple won’t be getting off cheaply. On the contrary, they actually agreed to a judgment that exceeds $12 million.

“Plaintiff is hereby awarded judgment against all Defendants, jointly and severally, in the amount of $12,230,000,” the proposed language reads.

To be clear, nobody is saying the settlement is invalid or anything like that. In this case, the couple has admitted to infringing Nintendo's copyright rights, has agreed to hand over any emulators and ROMs it has, and has agreed to the amount in question. On paper at least. But that agreement likely comes with the understanding that after this is all inked with signatures and the blessing of the court, a separate deal will be worked out for the payment of an entirely different amount.

We can only speculate but it’s possible that Nintendo negotiated such a high number, on paper, to act as a deterrent for other site operators. In practice, the defendants could end up paying much less.

It wouldn’t be the first time that a judgment in court is more than what the parties agreed to privately. This happened before in the MPAA’s lawsuit against Hotfile, where a $80 million judgment in court translated to $4 million behind the scenes settlement.

In other words, Nintendo pushed for a settlement amount it wouldn't have gotten at trial not as an act of justice, but to use as a bludgeon against other ROM sites. It will be used either as a way to force voluntary shutdown of those sites, or as a template for settlement demands in the future. Either way, it makes a game out of the legal system, rather than trying to get to a just result.

And it has to be pointed out again that this is all happening as Nintendo competes with these sites perfectly well with its very cool retro consoles. Because control is what matters.

You'd be hard pressed to find a bigger enemy of consumer safeguards than the fine folks at AT&T. The company has a history of all manner of anti-competitive behavior, from making its bills harder to understand to help scammers rip off its customers, to routinely ripping off programs designed to help everyone from the hearing imparied to the poor. AT&T also of course played a starring role in killing both the FCC's 2010 and 2015 net neutrality rules, and pretty much all meaningful state and federal efforts to protect broadband and wireless user privacy.

Yet like clockwork, company executives like to pretend that despite this, they really love net neutrality, privacy, and healthy regulatory oversight. Case in point: AT&T CEO Randall Stephenson attended a conference this week where he once again proclaimed that AT&T really wants Congress to pass meaningful new net neutrality and privacy laws — something the press, as it loves to do, was quick to repeat entirely unskeptically without any necessary context:

"AT&T CEO Randall Stephenson joked Monday that Washington may not agree “on the freezing temperature of water,” but he called on a divided Congress to come together pass net neutrality and privacy legislation. The executive called for legislative clarity around the issue of broadband Internet access, saying certain basic principles should be codified into law."

Notice for a moment that the linked outlet in question doesn't bother to clarify to readers that we had meaningful net neutrality and broadband privacy rules at the FCC (passed after years of painstaking debate), and AT&T lobbyists worked tirelessly to kill both of them. AT&T also routinely battles any efforts to mandate more competition or broadband availability, to the point where they prevent efforts to even improve broadband availability maps. These are not problems AT&T wants fixed; rather important context when judging the merits of Stephenson's statements.

To be clear, AT&T doesn't want meaningful privacy or net neutrality legislation. It wants loophole filled placeholder laws on these subjects in name only; laws that pretend to address the problems on both of these fronts, but serve one key purpose: pre-empt tougher state or federal laws that might actually accomplish something. AT&T wants laws its lawyers write that don't actually fix the problems we all largely agree need fixing, especially the lack of broadband competition that helped create privacy and net neutrality violations in the first place.

That tech and policy reporters don't understand this (or understand it but for whatever reason don't share this fact with readers) is consistently frustrating.

Stephenson's schtick is always exhausting. But he outdid himself with some additional commentary at the conference, most notably this bit:

"I get fatigued every time the President changes, the head of the FCC changes, and regulations swing from left to right,” Stephenson said in remarks tonight at the Wall Street Journal’s WSJ Tech D. Live conference in Laguna Beach."

Again, Stephenson's lobbyists are directly responsible for this hard shift "right" away from giving a damn about consumer protection. AT&T backed Trump and Ajit Pai to the point where it thought it was a good idea to pay a shady dudebro "fixer" $600,000 to covertly gain access to the President. And since the "swing" shifted in AT&T's favor it has received absolutely everything it asked for, from a full out assault on federal and state consumer protections, to an FCC that's often literally indistinguishable from AT&T's lobbying apparatus.

Again, the pretense being pushed by Stephenson here is that we can't rely on the partisan whims of the FCC and we should encode tough consumer protection into law via Congress. And in an ideal world, that's a sound argument. But this isn't an ideal world, and AT&T's arguments aren't made in good faith. It's a world in which AT&T throws money at politicians to ensure any real protections will never get passed. You can't pass meaningful privacy or net neutrality laws via Congress because companies like AT&T spend billions of dollars and countless man hours to prevent that from happening.

You can, however, throw campaign contributions at lawmakers eager to table "compromise legislation" that's usually nowhere near an actual compromise. Countless politicians (most notably Marsha Blackburn) love to table AT&T-crafted legislation and pretend it's a sincere attempt to solve complex technical problems, ignoring that said bills almost always have fewer teeth than a dottering grandpa and more holes than a ratty, knitted afghan.

AT&T's ideal net neutrality law would ban things ISPs never intended to do anyway (like the outright blocking of websites), while ignoring all the areas ISPs engage in creative anti-competitive behavior (like usage caps and zero rating or interconnection shenanigans). The same applies to privacy. AT&T wants a law that mandates ISPs do things they already do (like "clearly informing" users how they're being spied on via mouse print), but doesn't ban any of the bad things AT&T has been busted doing (like modifying packets to covertly track users, or charging users more money if they want to protect their own private data).

Meanwhile, at the same conference, Stephenson whined incessantly about how numerous state efforts to pass their own privacy and net neutrality laws were a "total disaster," hoping nobody is bright enough to realize that wouldn't be happening if Stephenson's lobbyists hadn't dismantled pretty modest federal guidelines.

There's nothing about Stephenson's arguments that are grounded in good faith, yet you'd have a hard time understanding that if you're a reader of news reports that are often more blind stenography than actual insight fueled by historical context.

One of the key talking points for supporters of Article 13 in the EU Copyright Directive is to absolutely deny that it requires mandatory upload filters. Of course, as soon as you ask them how an internet platform could possibly abide by the rules of Article 13 without implementing mandatory upload filters, they suddenly change the conversation. Usually to something about how YouTube is ripping off all musicians. This is... weird. First of all, YouTube already has its giant upload filter in the form of ContentID. Second, if they can't tell you how it doesn't require upload filters, then... it requires upload filters.

As the trilogue negotiations continue between the EU Council, the EU Commission and the EU Parliament, the Council has apparently decided to drop the pretense and is now explicitly demanding mandatory upload filters. The newly proposed language says that any site is liable for all infringement committed by their users unless they block any infringing works they've been informed about from ever appearing on their sites again. It's a "notice and stay down" requirement -- which has all sorts of problems. First of all, this assumes that every use of the same work is equally infringing. It does not take into account that one use may be infringing, while another may be fair use or fair dealing. Second, it requires incredibly expensive technology. ContentID already cost Google over $100 million... and it's not very good. Tons of stuff still gets through. So now, basically, any successful smaller platform would have to spend ridiculous sums of money to implement a useless filter that won't work... and when things slip through, they're still liable for massive damages.

And, notice what's missing? What happens if these filters take down content they should not? This happens all the time. But here, of course, there is no punishment for false notifications or for mistakes. While the Council tries to get around this by saying the rules "shall not affect legitimate uses, such as uses under exceptions and limitations," that's entirely meaningless. How the hell do you train a filter to understand parody? Or fair use? Or any other limitation or exception? Google has spent $100 million on its system and it has no clue how to determine fair use.

The link above to Julia Reda's site has more info on the current state of the negotiations, but suffice it to say that this still appears to be an utter disaster for the internet, as you have people who have no understanding at all how the internet works, passing sweeping regulations that will have massive consequences for speech online.