Techdirt Lite.
(Click here for full version)

What Should We Add Next To The Techdirt Gear Store? (Techdirt)

by Leigh Beadon

from the feedback dept on Saturday, February 25th, 2017 @ 12:00PM

Techdirt Gear on Teespring

Get I Invented Email, Copymouse and more in the Techdirt Gear store »

Right now, there are four different designs in available in the Techdirt Gear store on Teespring: our new Copymouse gear, our limited-time I Invented Email gear, and two different styles of Techdirt logo gear. But, under Teespring's new ongoing-order system, over time we're going to start bringing back some of our designs from last year as permanent fixtures in the store — in some cases with tweaked or updated designs.

So, which Techdirt tees would our readers like to see first? There's our popular Takedown gear, the controversial Copying Is Not Theft, and some less-popular but beloved-by-some options like Home Cooking Is Killing Restaurants and Math Is Not A Crime. Of course, there's also the first t-shirt we offered and still the most popular: Nerd Harder.

We have some brand new designs in the works too and will be rolling those out in the near future, but first we want to get one or two of these classics back into rotation. In addition to letting us know which ones you're most interested in, feel free to include your thoughts on whether the design needs an update or you'd like to see different products/colors available!

Thanks for your feedback, and thanks for supporting Techdirt.

Two logo tee styles (plus hoodies, mugs & more) in the Techdirt Gear store »

Techdirt Gear on Teespring

13 Comments

Just To Be Safe, We're Resetting All Techdirt Passwords In Response To Cloudbleed (Techdirt)

by Mike Masnick

from the abundance-of-caution dept on Friday, February 24th, 2017 @ 5:56PM

As you may have heard, late yesterday it was revealed that there was a pretty major bug that was potentially leaking all sorts of sensitive data for some companies that use Cloudflare. The bug is being dubbed "Cloudbleed" as it's actually quite similar to what happened a few years ago with OpenSSL in what was known as Heartbleed. Cloudflare was alerted to the bug by some Google security researchers and quickly patched the problem -- but it had gone on for months, with some sensitive data being indexed by search engines (that's all been cleaned up too).

At Techdirt, we use some Cloudflare services. It is unclear (and, in fact, unlikely) that any Techdirt data leaked via Cloudbleed. Also, we don't retain sensitive data from our users. However, in an abundance of caution, we have decided to reset everyone's passwords. If you have an account on Techdirt (which is not a requirement), you will be logged out, and will be required to go through the password reset process to get back into your account. Yes, this is a bit of a pain for our users, but despite the low likelihood of people here being impacted, we felt it was the right thing to do. Various security researchers have suggested that people change their passwords at other sites as well, and we recommend using a password generator/wallet (some of which will automatically change passwords at many sites upon request) to do so.

28 Comments

California Law Enforcement Union Sues To Block Police Accountability (Legal Issues)

by Tim Cushing

from the we'll-take-the-power...-hold-the-responsibility dept on Friday, February 24th, 2017 @ 2:49PM

Because there's just not enough opacity shrouding police misconduct and not enough slanting of the criminal justice system against defendants, California police unions have decided to get involved in a judicial dispute over lists of law enforcement officers whose half of "our word against yours" isn't quite as bulletproof as is normally assumed.

A Los Angeles sheriff is trying to do the right thing, but he's running into opposition from his own supposed "representatives."

The Los Angeles County Sheriff’s Department has collected the names of about 300 deputies who have a history of past misconduct — such as domestic violence, theft, bribery and brutality — that could damage their credibility if they testify in court.

Sheriff Jim McDonnell wants to send the names to prosecutors, who can decide whether to add them to an internal database that tracks problem officers in case the information needs to be disclosed to defendants in criminal trials.

I don't imagine prosecutors are exactly thrilled to be the recipient of information that damages the credibility of their favorite witnesses, but it's probably better than having your witness destroyed in open court by a defense attorney. But prosecutors may never see this information, thanks to the police union's belief that officers shouldn't be held accountable for anything.

The union that represents rank-and-file deputies strongly opposes providing the names to prosecutors and has taken the department to court. The Assn. for Los Angeles Deputy Sheriffs argues that the disclosure would violate state laws protecting officer personnel files and draw unfair scrutiny on deputies whose mistakes might have happened long ago.

The union is wrong. Officers' misconduct records are a crucial part of their trustworthiness. Burying these just makes the union look like a willing enabler of bad behavior. There would be no "unfair scrutiny" of deputies. Judges and juries are perfectly capable of determining whether past misconduct is relevant to the case at hand. The union's lawsuit seeks to place the determination of officers' credibility solely in the union's hands. And in its hands, all officers are credible until proven otherwise -- something that will be almost impossible to do with exactly zero information on hand.

The union's move is a preemptive Brady violation. Brady material is exculpatory evidence and information prosecutors are statutorily required to turn over to the defense. That would include misconduct records, which might point to a testifying officer's lack of credibility, or show a pattern of relevant misconduct. These files would not be made public, which undercuts the union's "privacy violation" claims. True, some of the files' contents would be made public during court proceedings, but it's not as though the sheriff is asking the DA's office to post the contents of the list on its website.

The union wants law enforcement officers to have more rights than the people they serve. The body of a person killed by an officer hasn't even begun to cool before department press liaisons are pushing the dead person's criminal background check results into the hands of every reporter covering the incident. No one expresses any privacy concerns when a 20-year-old arrest is used to alter the public's perception of a police shooting victim. But when it comes to cops themselves -- public servants with immense power, layers of immunity, and publicly-funded opacity that separates them from the consequences of their actions -- privacy is of utmost concern.

26 Comments

Tiffany & Co., Defenders Of Intellectual Property, Sued For Copyright Infringement (Copyright)

by Timothy Geigner

from the live-by-the-ip,-die-by-the-ip dept on Friday, February 24th, 2017 @ 1:26PM

For some time now, famed jewelry retailer Tiffany & Co. has been a staunch defender of intellectual property and an adversary to a free and open internet. You will recall that this is the company that wanted eBay to be held liable for third-party auctions of counterfeit Tiffany products. The company also lent its support to censoring the internet via the seizing of domains it didn't like, as well as its support for COICA (which was the predecessor of the bill that eventually became SOPA). COICA, among other things, was a bill that would have allowed the DOJ to seize so-called "pirate" websites that infringed on others' intellectual property.

And because this always seems to happen, it's noteworthy that despite wanting to completely shut down websites due to infringement, Tiffany is now being sued for copyright infringement for using a photograph without permission or attribution.

Tiffany & Co. is in a bit of hot water over a photograph it is using in connection with one of its jewelry lines. Last Friday, New York-based photojournalist Peter Gould filed suit against the famous jewelry company in the U.S. District Court for the Southern District of New York, a federal court in Manhattan, citing copyright infringement.

According to Gould’s complaint, the Tiffany & Co. website “features the photograph to sell [the company’s] Elsa Peretti Jewelry.” The complaint further states that at all times Gould “has been the sole owner of all right, title and interest in and to the photograph, including the copyright thereto.”

Perhaps more significantly, Gould also alleges that Tiffany & Co. didn't merely use his photograph of Peretti without his permission, but also actively stripped out the copyright information on the photograph to relieve him of any attribution for it as well. That, of course, is a federal no-no spelled Section 1202 of the Copyright Act. Given its vehement defense of intellectual property in the past, the complaint says Tiffany & Co. knew or should have known that such removal of copyright attribution would be seen as an attempt to slide its infringement of Gould's photograph under the legal radar.

Given that the photograph is being used on its website, I'm sure the folks at the company would understand if tiffany.com were seized by the government over such allegations, should they prove to be true. Right?



Read More
13 Comments

Judge Rejects Warrant Seeking To Force Everyone At A Searched Location To Unlock Seized Electronic Devices (Legal Issues)

by Tim Cushing

from the new-brute-force-method-revealed dept on Friday, February 24th, 2017 @ 11:57AM

Late last year, Thomas Fox-Brewster of Forbes uncovered a strange search warrant among a pile of unsealed documents. The warrant -- approved by a magistrate judge -- allowed law enforcement officers to demand that everyone present at the searched location provide their fingerprints to unlock devices seized from the same location.

In support of its request, the government cited cases dating back to 1910, as though they had any relevance to the current situation. The most recent case cited was 30 years old -- still far from easily applicable to today's smartphones, which are basically pocket-sized personal data centers.

The judge granted it, stating that demands for fingerprints, passwords, or anything (like encryption keys) that might give law enforcement access to the devices' content did not implicate the Fourth or Fifth Amendments. While the magistrate was correct that no court has found the application of fingerprints to unlock devices to be a violation of the Fifth Amendment, the other access options (passwords, encryption keys) might pose Fifth Amendment problems down the road.

Riana Pfefferkorn has uncovered a similar warrant request, but this one has been rejected by the magistrate judge. Pretty much across the board, the order is the antithesis of the one revealed last year. The judge finds [PDF] that the broad request to force everyone present at the residence to apply their fingerprints to seized devices to unlock them implicates multiple Constitutional amendments.

The issues presented in this warrant application are at the cross section of protections provided by the Fourth and Fifth Amendments. Essentially, the government seeks an order from this Court that would allow agents executing this warrant to force "persons at the Subject Premises" to apply their thumbprints and fingerprints to any Apple electronic device recovered at the premises. (See Attach. B, tT 12.) The request is neither limited to a particular person nor a particular device. And, as noted below, the request is made without any specific facts as to who is involved in the criminal conduct linked to the subject premises, or specific facts as to what particular Apple-branded encrypted device is being employed (if any).

The judge notes the government is able to detain and search persons located at the premises being searched, but that does not extend to forcing every single person in a residence at the time of a search to comply with attempts to unlock seized devices. Because the warrant affidavit contained no particularity about the devices or who in the household the government suspected of engaging in criminal activity, the court can't find anything that justifies the broad, inclusive language contained in the request.

This Court agrees that the context in which fingerprints are taken, and not the fingerprints themselves, can raise concerns under the Fourth Amendment. In the instant case, the government is seeking the authority to seize any individual at the subject premises and force the application of their fingerprints as directed by government agents. Based on the facts presented in the application, the Court does not believe such Fourth Amendment intrusions are justified based on the facts articulated.

The court has other problems with the affidavit -- beyond the government's unwarranted extension of Fourth/Fifth Amendment jurisprudence to cover any devices/fingerprints encountered at a searched location. Early in the order, it notes the government is deploying boilerplate nearly as outdated as its case citiations.

Despite the apparent seriousness of the offenses involved, the Court notes that some of the "boilerplate" background information included in the warrant is a bit dated, such as its explanation that "[t]he internet allows any computer to connect to another computer [so] [e]lectronic contact can be made to millions of computers around the world;" its explanation that a "Blackberry" is a common "Personal Digital Assistant" and its suggestion that the use of "cloud technology" is the exceptional way of transferring files and that transferring images to a computer by directly connecting a cable to a camera or other recording device is the expected means of data transfer.

The judge notes outdated boilerplate isn't enough to undo probable cause assertions, but it certainly doesn't help -- especially not when the government is requesting this sort of broad permission.

The inclusion of this somewhat dated view of technology certainly does not distract from the application's goal of establishing probable cause. However, the dated "boilerplate language" is problematic for what is not included. There is absolutely no discussion of wireless internet service and the possibilities and capabilities that wireless service presents in this context. For example, an unsophisticated intemet user, or a careless one, may fail to properly encrypt his wireless service or may share the password injudiciously. Such practices leave open the possibility that it is not an inhabitant of the subject premises that has used the internet to gather and distribute child pornography, but rather it is a person who has access to the internet service at the subject premises.

Obviously, this possibility holds true in all investigations that track the investigation outlined in the instant application. The limitations of this investigation are not fatal to establishing probable cause, but, in the Court's view, these limitations do impact the ability of the government to seek the extraordinary authority related to compelling individuals to provide their fingerprints to unlock an Apple electronic device.

Then there's the other assertions. The government's application does nothing to narrow down which resident it's seeking or what device(s) might contain evidence of criminal activity. What it does appear to be certain about -- for reasons not included in the application -- is that the devices it seeks are Apple products. A footnote in the order questions this assertion.

Why Apple devices are likely to be found at the premises is not explained. The Court is aware that Apple has a large market share in online hardware, but Microsoft's Windows operating systems continue to dominate the overall market share of operating systems used.

What makes these broad, unsupported assertions even worse, especially when combined with the outdated boilerplate, is that this is apparently the direction the government is heading with its search warrants.

In closing, upon presentation of the warrant application to this Court, the government identified for this Court that the warrant application was seeking the forced fingerprinting discussed herein. The government further noted "[t]his is the language that we are making standard in all of our search warrants." This declaration of standardization is perhaps the crux of the problem. As the Court hopes it is plain from the above, the issues presented here require a fact-intensive inquiry both for purposes of the Fourth Amendment and the Fifth Amendment.

More particularity, better probable cause, and fewer assumptions about the Fourth and Fifth Amendment's application in a post-Riley world are what's needed from the government, according to this order. Even though this application was rejected, it's safe to say this same approach has worked elsewhere. We've seen one approved warrant already and there are likely several more safely hidden from the public eye in the government's multitudinous sealed cases.

What's troubling about the government's assertions in this application is its apparent belief it's found an encryption workaround: one that blows past Fourth and Fifth Amendment concerns using little more than boilerplate that still considers cables to be an essential part of "cloud computing," and magistrate judges willing to buy its outdated legal arguments.



Read More
14 Comments

Older Stories >>