While sexy Google Fiber deployments get the lion's share of media attention these days, it's the notably less sexy service in states like West Virginia that continue to perfectly exemplify just how broken U.S. broadband really is. Local Charleston Gazette reporter Eric Eyre has quietly done an amazing job the last few years chronicling West Virginia's immense broadband dysfunction, from the State's use of broadband stimulus subsidies on unused, overpowered routers and overpaid, redundant consultants, to state leaders' attempts to bury reports highlighting how a cozy relationship with companies like Frontier, Verizon and Cisco has led to what can only be explained as systemic, statewide fraud on the taxpayer dime.

It's of course the one-two punch of regulatory capture and the resulting lack of competition that are to thank for West Virginia's problems, which certainly aren't unique across the country. In state after state, the largest, incumbent ISPs throw cash at the state legislative process, allowing them to literally write state telecom law aimed at protecting their uncompetitive geographical fiefdoms from real competition. Because the nation's suffering through a particularly nasty bout of partisan nitwit disease, when someone tries to do something about it, they're ironically assailed as anti-business, anti-American, or anti-states' rights.

I tend to focus on West Virginia as a shining example of this dysfunction because things have gotten so bad there, local players have stopped even the slightest pretense that the entire legislative process isn't under the thumb of the country's biggest and wealthiest telecom companies. Case in point is this latest report by Eyre citing complaints by West Virginia Delegate Randy Smith, who says things have reached the point where nobody, from any party, can get a bill through the West Virginia legislative process if it doesn't first get approval from Frontier Communications. From a recent post to his Facebook page:

"As you know, Frontier Communications is the only game in town for many rural communities in West Virginia when it comes to Internet service. After introducing the legislation, I spoke with someone in leadership and was told it'd go nowhere because it would hurt Frontier. In other words, Frontier has its hands in our state Capitol...No wonder they're called Frontier. Those are the kinds of speeds you'd expect on the American frontier in the 17th century."

What reckless, dangerous bills was Smith trying to pass? One would have restricted ISPs from advertising their service as "broadband" unless it offered speeds of 10 Mbps (the FCC's new definition is already 25 Mbps, or 10 Mbps for rural subsidized service). Another would have allowed consumers to take complaints about poor broadband service directly to State Attorney General Patrick Morrisey -- if the state Public Service Commission refused to hear their complaints. But because both would have marginally threatened Frontier's monopoly in the State, they weren't even seriously considered. Frontier's facing a lawsuit in the state for long repair delays and for advertising broadband speeds users can't actually get.

Again, West Virginia's certainly not unique; the ISP stranglehold over the state legislative process just tends to be more sophisticated and better obfuscated in larger States. Regardless of the state, attempts at reform are usually assailed by those professing to adore free markets, when more often than not what they really adore is being able to abuse government to help protect mono/duopoly revenues. That's why, although it was massively overshadowed by the net neutrality vote the same day, yesterday's FCC vote to begin gutting protectionist, ISP-written state laws is an incredibly important first step toward returning some degree of power back to local communities while taking the fight directly to the bloated and corrupt broadband industry status quo.

For many years, it's been something of an open question if creating a major security or privacy vulnerability was illegal. For the most part, courts have ruled that without actual proven harm, it's difficult to show real standing for the sake of a civil lawsuit. In practical terms, this has meant that if you just introduce a massive security risk, without it directly being abused (in a way that people know about), a company's liability is fairly limited. Obviously, that could change quickly if there was an actual abuse. Not surprisingly, class action law firms still love to file these kinds of lawsuits after a major privacy/security breach just in case. So it was totally expected to see a class action firm jump in and sue Lenovo over the Superfish malware that we've been discussing for the past few days.

The folks over at CDT, however, have a very good discussion over whether or not enabling such HTTPS hijacking really is illegal. The article compares the Superfish story to the other recent story about in-flight Wi-Fi provider GoGo doing something similar, and explores whether or not these man-in-the-middle attacks run afoul of Section 5 of the FTC Act, which is the broad rules under which the FTC "protects consumers." The rules basically say companies cannot do things that are "deceptive" or "unfair," but the definitions of both of those words matters quite a bit.

Here's the exploration of whether this kind of man-in-the-middle attack is "deceptive":

At a technical level, these SSL-breaking technologies trick your browser by forging SSL certificates, implying that their service operates encrypted websites like YouTube.com and BankofAmerica.com. In fact, instead of passing encrypted traffic on to the appropriate destination, these technologies enact the previously described “man-in-the-middle attack,” gaining access to potentially sensitive information that should rightly be kept between you and, for example, your bank or health care provider. Though these practices do not directly deceive the end user, they do effectively deceive the user’s software that acts as a “user agent.”  It’s not settled that this is prohibited by deceptive practices authority; in the past, the FTC has been reluctant to pursue deceptive practices cases merely on the grounds of tricking a browser: the FTC declined to pursue companies that issued bogus machine-readable P3P policies to get around Internet Explorer privacy restrictions or against companies that evaded Apple Safari’s default cookie settings in order to place third party cookies.^[3] On the other hand, six state Attorneys General did bring a deceptive practices claim under their own version of Section 5 against companies that tricked Safari browsers into accepting third-party cookies.

Alternatively, the FTC could argue that failure to disclose that encrypted transmissions were being intercepted constituted a material omission — that is, failure to explain the practice would be a deceptive means to prevent a consumer from meaningfully evaluating the product. The FTC has brought a number of cases arguing that failure to disclose highly invasive or controversial practices either in a privacy policy or in clear, upfront language could constitute a deceptive practice.  For instance, the FTC has found that failure to disclose access to your phone’s contact information or precise geolocation could constitute a material omission.

From what I can tell, neither Gogo nor Lenovo went out of their way to tell users about these practices. If anything, Gogo’s privacy policy would lead users to think that their SSL-protected communications were safe from eavesdropping.

For Lenovo, a post to one of its user forums says that users had to agree to the Superfish privacy policy and terms of service. I don’t know what these documents said exactly, though the Superfish documents available on their website say nothing about these practices.  Even if Lenovo had disclosed in fine print what it does, regulators could make the case that SSL interception was so controversial that permission needed to be obtained outside of a boilerplate legal agreement. A service could certainly try to make a value proposition to consumers that some feature was worth the cost of breaking web encryption – but that’s not what happened here.

What about the question of "unfair"? Apparently, the FTC prefers to use "unfair" in the cases it brings, rather than deceptive, so that is the more likely option.

In order to be “unfair” under Section 5, a business practice has to meet three criteria – it must:

1. Cause significant consumer harm,
2. Not be reasonably avoidable by consumers, and
3. Not be offset by countervailing benefits to consumers.

If breaking encryption exposes consumers to significant security vulnerabilities, regulators will likely have a very strong case for an unfairness violation.

On causing significant harm, this seems fairly straightforward in Lenovo’s case: its partner Superfish configured its software to intercept all SSL requests — using the same decryption key across all devices. This key was easily reverse engineered soon after the story broke, meaning that any malicious attacker could use this key to intercept any encrypted communication. That’s a huge security vulnerability, and at least as concerning as several other vulnerabilities that the FTC has previously alleged to have harmed consumers. Gogo’s SSL interception also raised security concerns — it arguably inures users to security warnings and exposes them to attackers posing as Gogo’s network — but the risk is probably not as great as in the Lenovo case. The FTC has brought actions against device manufacturers in the past for weakening security; in its case against phone manufacturer HTC, the FTC alleged that badly designed software that let app developers piggyback on HTC’s access to certain phone functionality without user permission was an unfair business practice.

On the second part of the unfairness test, it’s hard to argue how these practices are avoidable by ordinary consumers. They may have clicked though legalistic agreements, but as far as we can tell, none of these documents made any disclosure about these sorts of tactics — or the vulnerabilities to which they exposed consumers. Certainly, neither Gogo nor Lenovo presented information outside of a legal document where consumers were likely to notice. As a result, consumers weren’t provided with actionable information that they could have used to avoid these problems.

Finally, it’s hard to see that the security vulnerabilities introduced by SSL-interception were outweighed by any benefits to the practice. Gogo used this tactic to block bandwidth-heavy video applications on planes with limited internet access — a worthy goal, but one better accomplished through less destructive means. Lenovo allowed its partner to break encryption in order to view private communications for targeted advertising.  It is doubtful that many consumers would find this trade-off beneficial, even if it lowered prices significantly; in any event, Lenovo claims that they didn’t make much money from its deal with Superfish, and the pre-installed adware was simply designed to improve the user experience. Since exposure of these practices, both companies have backtracked and ended use of the encryption-breaking technologies.

But there's a much bigger question: will the FTC actually bother? The fact that Lenovo reacted pretty quickly to this mess probably suggests that the FTC may not bother. Yes, Lenovo's initial reaction wasn't great, but it did change its tune within less than 48 hours, and has been pretty vocal and active in apologizing and fixing things since then. That may be enough reason for the FTC to think it's not necessary to go after the company. Of course, it may feel differently about Superfish itself -- since that company still denies there's any problem and basically refuses to admit its role in this whole mess. It's still standing by its bogus statement that it did nothing wrong and claiming that Lenovo will clear things up -- even as Lenovo has clearly said otherwise.

The NSA continues to "save" the United States from terrorism by making it weaker. Not only has the agency actively undermined encryption standards, but its willingness to insert backdoors and spyware in any piece of hardware or software it can get its hands on has severely damaged the world's trust of American technology.

Cloud computing providers have already felt the aftershocks of the Snowden leaks. An Open Technology Institute report published a year after the first revelation noted that many had already seen a drop-off in sales and predicted that the backlash against the NSA's surveillance tactics could cost companies anywhere from $22-180 billion over the next three years.

Hardware makers are getting hit hard as well. One of the largest buyers of American tech products has dropped some very big brands from its approved supplier list.

China has dropped some of the world's leading technology brands from its approved state purchase lists, while approving thousands more locally made products, in what some say is a response to revelations of widespread Western cybersurveillance.

Chief casualty is U.S. network equipment maker Cisco Systems Inc, which in 2012 counted 60 products on the Central Government Procurement Center's (CGPC) list, but by late 2014 had none, a Reuters analysis of official data shows.

Smartphone and PC maker Apple Inc has also been dropped over the period, along with Intel Corp's security software firm McAfee and network and server software firm Citrix Systems.

It's certainly no surprise that Cisco would be one of the first dropped by foreign purchasers wary of NSA meddling. A leaked document detailing the agency's hardware interdiction program contained a photo of operatives carefully unwrapping a box full of hardware destined for NSA spyware implants. While the faces of the agents may have been blurred, the logo on the box was not. As the story spread across the internet, one conclusion was drawn: Cisco products are not "safe."

The fact that foreign hardware may arrive loaded with spyware and backdoors isn't the only thing prompting the Chinese government to drop nearly half of its overseas security-related tech suppliers. There's also the ongoing tension between the US and China, which has devolved into each country accusing the other of inserting backdoors into exported tech. It appears both sets of accusations are correct, but for years it was largely assumed that China was mostly alone in these efforts.

China also has a domestic market it would like to expand, which will now get a leg up from the government. As it eyes an increased exports, it is likely aware that many foreign governments and other potential purchasers consider its exports no more "secure" than NSA-infected tech shipping from the US. Purchasers will find themselves taking the "lesser of two evils" approach when seeking to obtain tech products -- something that won't always work out in favor of American companies.

Cisco has openly stated that "geopolitical concerns" -- like the NSA's interception of its products destined for foreign markets -- have led to a downturn in sales. Other affected companies like Intel have yet to issue official statements detailing any NSA-related impact on their sales, but it's clear the last 18 months of leaks have done little to raise their future expectations. OTI's wide-open estimate on potential losses will probably never achieve sharper focus. It's unlikely former customers are going to clearly state that unrenewed contracts or supplier list culls are due to the NSA's actions, but surveys have indicated this concern does factor heavily into purchasing decisions.

The leaks aren't going to stop, and what is already in the public domain will continue to take its toll. Just as certainly, the NSA isn't going to stop looking for ways to circumvent encryption or compromise hardware. At this point, there's no way any company can claim with certainty that they have avoided becoming part of any government's intelligence apparatus -- and that's going to hurt them for years to come.

The FBI is still actively thwarting its oversight. Last fall, DOJ Inspector General Michael Horowitz informed the House Judiciary Committee that the FBI was routinely denying his office documents it needed to perform investigations. The withheld documents included everything from electronic surveillance information to organizational charts. Not only did the FBI refuse to hand over requested documents, but it also stonewalled OIG investigations for so long that "officials under review [had] retired or left the agencies before the report [was] complete."

Nearly six months later, the situation remains unchanged. Horowitz is again informing the House Judiciary Committee that the FBI is still less than interested in assisting his office. The same stonewalling tactics and withholding of information continues, preventing the IG from fully examining the DEA's use of administrative subpoenas.

The unfulfilled information request that causes the OIG to make this report was sent to the FBI on November 20,2014. Since that time, the FBI has made a partial production in this matter, and there have been multiple discussions between the OIG and the FBI about this request, resulting in the OIG setting a final deadline for production of all material of February 13,2015.

Both words in the phrase "final deadline" were quickly rendered meaningless by the FBI.

On February 12, 2015, the FBI informed the OIG that it would not be able to produce the remaining records by the deadline.

The FBI's fluid definition of "final deadline" apparently includes a shrugged "We don't really know when -- or if -- these documents will be produced."

The FBI gave an estimate of 1-2 weeks to complete the production but did not commit to do so by a date certain.

The FBI claims it still needs to review the requested document list to ensure nothing that's being asked for falls into its multitudinous exceptions -- like information related to grand juries, Title III electronic surveillance and, oddly, the Fair Credit Reporting Act.

Horowitz's letter points out two things, the latter of which may prompt more immediate action than the first.

In the first place, the exceptions raised by the FBI do not apply to OIG investigations. Secondly, the (apparently continual) stonewalling of OIG investigations is, at best, a misuse of taxpayer funds.

Section 218 of the Appropriations Act does not permit the use of funds appropriated to the Department of Justice to deny the OIG access to records in the custody of the Department unless in accordance with an express limitation of Section 6(a) of the IG Act. The IG Act, Section 6(a), does not expressly or otherwise limit the OIG's access to the categories of information the FBI maintains it must review before providing records to the OIG. For this reason, we are reporting this matter to the Appropriations Committees in conformity with Section 218.

We'll see if the the FBI suddenly becomes a bit more helpful now that Horowitz has made a move for its wallet. But once again, this sort of activity completely undermines the arguments of those defending these agencies by pointing to the "rigorous oversight" supposedly keeping domestic surveillance in check and abuses of power to a minimum.

Even to those of us who are not experts in foreign policy, it is obvious that the security situation is deteriorating across a huge swathe of the Near East and Africa, as attacks in Afghanistan, Iraq, Syria, Yemen, Egypt, Libya, Nigeria, Cameroon and elsewhere multiply. Western analysts seem to be struggling to come up with a cogent explanation for this increasing success. That makes this short but illuminating post by John Robb particularly valuable. He describes what is happening across this vast area as the "open jihad." Here are its key characteristics:

Open jihad evolves (gets better) through massively parallel co-development. All of the groups in the open jihad, no matter how small (even down to individuals), can contribute. They do this by:

1. tinkering with tactics, strategies, and technologies that can be used to advance the open jihad.

2. testing the efficacy of these innovations by using them against the enemy. In other words, throwing them against the wall to see what sticks.

3. copying the innovations that work.

These are also some of the key features of open source -- hence the name "open jihad." Their appearance in the context of international violence is a reminder that they are not limited to the digital world, with things like open source, open access, open data and all the other "opens," but are a set of very general principles for producing extremely rapid innovation in any domain. That might provide a clue to governments struggling to deal with this growing threat to stability that they ought to try something similar, rather than resorting to traditional responses that are doomed to fail when dealing with a new kind of enemy.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

More cities and states are getting behind the idea that outfitting their law enforcement officers with body cameras will result in better policing and more accountability. Unfortunately, many of them then follow this moment of clarity by gutting the "accountability" part of the programs.

Los Angeles law enforcement agencies will only turn over camera footage if it's part of a criminal or civil suit. Florida legislators are pushing for additional exceptions in the state's open records laws specifically for body camera footage and specifically at the request of the state's police union.

Minnesota seems to be taking the same route. The state wants its law enforcement officers to wear cameras but some legislators don't feel the public should have access to the footage. A bill supported by the state's law enforcement aims to keep as many recordings out of the public's hands as possible.

The bill states:

[A]udio and video data captured by a portable video recording system that is not part of an active or inactive criminal investigation must be destroyed within 90 days of the date the data were captured, unless the data subject, or any peace officer identifiable by the data, submits a written request to the law enforcement agency to retain the data for possible use in a future proceeding related to the circumstances under which the data were originally collected. Any law enforcement agency that receives a request to retain data shall retain it for a reasonable time, based upon the likelihood of its future use and the agency's policies for retention. Peace officers who are identifiable by portable video recording system data shall have unrestricted access to the data while it is retained and must be permitted to make copies.

It seems reasonable... until you realize what it's allowing law enforcement agencies to do. Anything retained by these agencies will only be accessible to civilians in the recording, and then only by request. Alleged misconduct that is cleared by law enforcement oversight will move affected recordings into the "destroy" pile, which means agencies can start deleting potentially damning footage almost immediately, provided there are no current requests for the recordings.

The bill also exempts recordings from state public records laws by deeming nearly all recordings "nonpublic" by default.

Except for data classified as active criminal investigative data pursuant to subdivision 7, portable video recording system data is private data on individuals or nonpublic data at all times. Notwithstanding subdivision 7, portable video recording system data that are part of an inactive investigation remain classified as provided in this subdivision.

Subdivision 7 pertains to "criminal investigative data" -- which is also "nonpublic" and "private."

On the other hand, peace officers will have unrestricted access to any footage they appear in. This open-ended access is the sort of thing that can lead to tampering and deletion. Any officer should, at best, have controlled access to recordings involving them if the recording system is going to maintain any sort of integrity. Anything else is completely irresponsible.

If the bill goes forward, the body cameras willed be largely robbed of their deterrent effect. By removing the general public from the information flow, the cameras will no longer be tools of police accountability, but rather just another surveillance option for peace officers. The cameras basically become "one way" collections, wholly controlled by the officers who generate the recordings.

Those representing the law enforcement side are defending this bill by presuming to speak for the public they don't want to be accountable to...

Dennis Flaherty, executive director of the Minnesota Police and Peace Officers Association, said public access to body camera footage "really serves no public purpose."

… because it might make things a little tougher for peace officers:

Flaherty and other law enforcement representatives expressed concern about what wide public access would mean -- both for exposing citizens' private lives and, in their minds, spurring more complaints against officers.

"Complaints against officers" is exactly what's spurring so many states and cities to outfit their cops with cameras. Flaherty conveniently forgets that body camera footage can also exonerate wrongly-accused officers in his haste to portray body cams as somehow intrusive to public officers.

Video works both ways… theoretically. Public access is essential if the camera programs are going to have any chance at reducing complaints and misconduct. Drastically limiting the number of people who can access recordings makes it highly unlikely the goals will be met. The bill creates a cover system for abuse and allows for full narrative control by law enforcement agencies. And this is coming from a state where law enforcement already expects the public to perform its surveillance for it and turn over video recordings captured in private businesses whenever a cop asks for it.

That's not accountability. That's nothing more than a bunch of government agencies attempting to dodge their responsibilities to the public they're supposed to be serving.

The problem of storing digital data usually involves transferring data from an older format to a newer one -- with the hopes that the newer one won't be replaced as quickly as the older format it just replaced. Maybe some archivists out there like to go through this periodic technology shift and verify that the data we've stored is still readable, but wouldn't it be nice if there was a "store it and forget it" format?

• A single gram of DNA can store up to 455 exabytes of data, and roughly four grams of DNA could store all of the world's collected information. It's not cheap to store arbitrary data on DNA yet, but the costs are coming down. [url]
• Stored data on DNA encased in glass at freezing temperatures could survive for a couple million years. The DNA of a woolly mammoth in Siberia was preserved for 40,000 in a tundra, so it's not unthinkable that we might want to keep a few backups of our data on ice. [url]
• Making large DNA crystals with precisely-controlled structures is something that can be done with a "DNA-brick self-assembly" method. Being able to do this could help fabricate all kinds of nanoscale designs and create a manufacturing process for complex, artificial DNA structures. [url]

If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.

Sure, Verizon may be endlessly misleading when it comes to everything from the spectrum crunch to network investment. And when it comes to anti-competitive telecom behavior it wrote the book. Hell, Verizon's even in many ways directly responsible for this week's net neutrality ruling by suing to overturn the original flimsy net neutrality rules -- rules every other ISP had absolutely no problem with. But while you can say a lot of things about Verizon, you can't say the company doesn't have a sense of humor.

As you might expect, Verizon took to the company's blog to protest the FCC's new TItle II based net neutrality rules. Amusingly however, it posted the entire thing in Morse code -- piggybacking on the oft-repeated ISP mantra that applying older Title II regulations to broadband is a dangerous and historically backwards proposition (because all old laws are automatically bad laws, get it?).

If you look for a translation, you're further directed to a press release (pdf) that appears to be written on an old typewriter. In that, Verizon trots out ye olde bogeyman that the FCC is using "antiquated regulations" for a modern era:

"Today’s decision by the FCC to encumber broadband Internet services with badly antiquated regulations is a radical step that presages a time of uncertainty for consumers, innovators and investors."

Of course if we were to stop using laws just because they smell like mothballs, we'd be in for quite an adventure. After all, the Constitution is pretty old, right? As is the Communications Act of 1934 and the revamped Telecommunications Act of 1996, which govern spectrum allocation and without which Verizon couldn't function as a company. Stupid old laws. So unnecessary! It's an overly-simplistic argument, made more so by the fact that Verizon's FiOS network -- and the voice component of their wireless network -- are governed by Title II in some instances to glean Verizon some lovely tax breaks.

Verizon stumbles forth unabated, insisting that it has your best interests at heart:

"What has been and will remain constant before, during and after the existence of any regulations is Verizon’s commitment to an open Internet that provides consumers with competitive broadband choices and Internet access when, where, and how they want."

Yes, so committed is Verizon to an open Internet, it has violated the principles of Internet and device neutrality more aggressively than perhaps any other company, whether that's trying to block GPS radio functionality unless you use their navigation software, or charging completely illogical fees to use basic functionality embedded in phones (like tethering, or Bluetooth). Verizon's also fairly insistent on ignoring the fact it was their lawsuit that pushed the FCC toward Title II in the first place, so if there's "regulatory uncertainty" at play, the lion's share of the blame belongs on Verizon's shoulders.

Still, you've got to hand it to Verizon for at least showing a sense of humor about the whole thing. That's more than Comcast or AT&T were capable of.

Despite the feds' best efforts to keep IMSI catchers (Stingray devices, colloquially and almost certainly to the dismay of manufacturer Harris Corporation, as they head to becoming the kleenex of surveillance tech) a secret, there's still enough information leaking out around the edges of the FBI's non-disclosure agreements to provoke public discussion.

The discussion appears to have reached the top of the food chain. Sen. Bill Nelson -- following the lead of Senators Leahy and Grassley -- has sent a letter to FCC chairman Tom Wheeler asking the following:

[image credit: Julian Sanchez]

Dear Chairman Wheeler:

On Feb. 23, The Washington Post published a front-page article “Secrecy around Police Surveillance Equipment Proves a Case’s Undoing.” That article indicated that the Tallahassee Police Department and other law enforcement agencies around the country have been using a device called the StingRay to collect cell phone call information.

That article and previous others concerning the device reveal the StingRay was certified for use by the Federal Communications Commission (FCC), contingent upon the conditions that StingRay’s manufacturer sell these devices solely to federal, state, and local public safety and law enforcement; and that state and local law enforcement agencies must coordinate in advance with the Federal Bureau of Investigation (FBI) before acquiring or using this equipment. According to the article, these devices now have been purchased by 48 law enforcement agencies in 20 states and the District of Columbia and used in hundreds of cases.

Yep, the devices are pretty much everywhere and no one wants to talk about them. When the US Marshals Service isn't stepping in to physically remove Stingray-related documents, local law enforcement agencies are disguising their use of these devices behind vague warrants and subpoenas.

What Sen. Nelson wants to know is what the FCC knows about Stingrays.

What information the FCC may have had about the rationale behind the restrictions placed on the certification of the StingRay, and whether similar restrictions have been put in place for other devices;

Whether the FCC inquired about what oversight may be in place to make sure that use of the devices complied with the manufacturer’s representations to the FCC at the time of certification; and

A status report on the activities of the “task force” you previously formed to look at questions surrounding the use of the StingRay and similar devices.

What we DO know so far about the interplay of Harris, the FBI and the FCC is that the first two parties have been less than forthright with the third. Harris managed to push its devices past the FCC by implying they would only be used in emergencies -- even though it was already clear at the point it made that statement that law enforcement agencies were frequently deploying them in non-emergency situations.

The FBI has performed its own obfuscation, implying in a letter to law enforcement agencies that the FCC required the signing off a non-disclosure agreement with the FBI. The FCC has since denied this, and obtained documents indicate it's the FBI that wants to control the flow of information regarding Stingrays, not the other way around.

I imagine the FCC would be compliant with this request, considering its past relationship with the FBI and Harris. But it can expect to run into significant resistance from the DOJ, which still believes that the long-exposed technology should still be afforded NSA-level secrecy -- especially when answers to Sen. Nelson's questions will likely expose its less-than-honest dealings with the FCC.

Sen. Nelson deserves some extra praise for being willing to put himself in an awkward situation. As the ACLU's Chris Soghoian notes, the senator has picked a very public fight with his second biggest campaign contributor.


Somebody needs to provide some answers and, while it's really the FBI that should be talking at this point, the FCC's take on this -- and its dealings with the FBI -- should be enlightening. The FBI's insistence on secrecy is not only screwing defendants during the discovery process, but it's also harming local law enforcement itself, which has shown an alarming willingness to drop cases/charges rather than reveal the use of Stingray devices.

At some point, this whole fad of trademarking phrases that leap into the public consciousness through public events is going to have to stop. Between trying to lock the language of the recently slain, the foreign policy story du jour, and all the rest, eventually the public and the courts are going to have to realize that this can't go on unchecked. For some reason, professional and college sports organizations seem especially prone to this kind of nonsense, from the attempt to exert control over a colloquial term to a team simply treating its own fanbase like so much trademarkable chattle.

That last example, concerning the Seattle Seahawks' apparent attempt to trademark roughly all the things, is particularly apropros in the latest trademark news, which features the team's running back, Marshawn Lynch. See, Lynch likes to paint himself as an anti-establishment guy. Far from the spotlight-seeking nature enjoyed by some of this league-mates, Lynch shies from the press, refusing to do the mandatory press engagements collectively bargained between the players union and the league. When he deigns to grace the press with his presence at all, he typically keeps things to one-word or one-phrase non-sequitors in answering reporters' questions, such as when he most recently responded to all questions with, "I'm just here so I won't get fined." It was petty, childish and a departure from the rules agreed upon between the league and the union. Oh, and now it's the subject of a trademark application by Lynch as well.

Lynch last week filed for the trademark to the phrase "I'm just here so I won't get fined" with the U.S. Patent and Trademark Office. Lynch famously uttered the phrase as the answer to more than 20 questions on Super Bowl XLIX media day before walking off the podium.

"We heard from our fans, and so many of them were saying that they wanted that phrase on the clothing," Chris Bevans, who runs Lynch's "Beast Mode" apparel line, told ESPN.com. "This is just listening to the marketplace."

That last bit is nonsense, of course, because no fan of Marshawn Lynch's anywhere ever pined for the running back to get a trademark for a phrase he happened to utter. Why such a generic sentence deserves any manner of protection is simply beyond me. A brand is a brand, but simply going out and putting a mark on ever half-garbled jab at his employer that Lynch's fans happen to enjoy isn't what trademark is for. At some point, with the acknowledgement that the USPTO has been so lax in allowing the culture of permission and gates to spring forth, some kind of litmus test is going to have to be introduced to keep otherwise common language from being locked out of commerce this way.

And it's not like this is the first time Lynch has gone around applying for trademarks on whatever happens to come out of his mouth that grabs any measure of attention.

Last year, he trademarked "About that action BOSS," which he said to Deion Sanders of the NFL Network in the only interview he conducted during Super Bowl XLVIII media day. Lynch is expected to be the owner of that trademark by this summer, but in the meantime, he has already started selling clothes with the phrase on it. Lynch owns four "Beast Mode" trademarks and has filed for four more. He has also filed for the phrase "Power Pellets."

Devin Lacerte of Octagon, who works with a trademark attorney on all of Lynch's trademarks, told ESPN.com last month that hundreds of cease-and-desist letters have been sent to people who try to sell products with the "Beast Mode" name.

Delightful, especially considering the origins of "Beast Mode" don't exactly start with Marshawn Lynch (it almost certainly was used in conjunction with video game Altered Beast as well as the cartoon Beast Wars). So here we have a guy who paints himself as anti-establishment, but who is quite happy to run to the USPTO and turn himself into language authoritarian any time something he says grabs attention.

Maybe it's time for the USPTO to go all beast mode on phrases getting trademarks like this, please?