Because an Ohio police department couldn't handle being (momentarily) mocked, it's now being sued by the man officers arrested after he created a spoof of the department's Facebook page.

Earlier this year, Anthony Novak parodied the Parma (OH) Police Department's Facebook page, posting obviously fake announcements from the faux department like the following:

The Parma Civil Service Commission will conduct a written exam for basic Police Officer for the City of Parma to establish an eligibility list. The exam will be held on March 12, 2016. Applications are available February 14, 2016, through March 2, 2016. Parma is an equal opportunity employer but is strongly encouraging minorities to not apply.

The test will consist of a 15 question multiple choice definition test followed by a hearing test. Should you pass you will be accepted as an officer of the Parma Police Department.

Other postings not quite as charming, but definitely as fake, included announcements of the PD's new roving abortion van, a "Pedophile Reform event," plans to arrest anyone caught outside between noon and 9 pm, and a ban on feeding the homeless to better serve the city's plan to eradicate the problem through starvation.

Novak did copy the department's logo and the Facebook page did look similar… right up until readers read the posts, or noticed the fake department's motto: "We No Crime."

Rather than leave this in Facebook's hands (or just leave it alone altogether), the Parma police decided to greet the situation head on. It came up with a charge to use to go after Novak: use of a computer to "disrupt, interrupt or impair" police services. Then it went after him, mustering far more force than would seem to be necessary to handle a bogus Facebook page. Jacob Sullum of Reason recaps the stupidity.

Parma police...launched an investigation that involved at least seven officers, a subpoena and three search warrants, and a raid on Novak's apartment, during which the cops surprised his roommate on the toilet and seized two hard drives, a laptop, two tablets, two cellphones, and two video game systems. After his arrest on March 25, Novak spent four days in jail before he got out on bail, and then he had to report weekly to a probation officer if he wanted to keep his freedom.

The charge was obviously bogus. Statements made in defense of the PD's actions mainly focused on the derogatory nature of the posts. But very little was said about how a Facebook page that was up for less than two days and gathered only 300 followers made it more difficult for the police to continue servicing the community. It would seem the diversion of seven officers to a stupid investigation with obvious Constitutional implications would be far more disruptive to public service.

While the Parma police obviously found a judge willing to overlook their extremely questionable assertions when signing warrants, it had no similar luck when attempting to prosecute Novak.

Someone in the Cuyahoga County Prosecutor's Office evidently had second thoughts about the case, because Novak was offered a plea deal under which the felony charge would have been reduced to an unspecified misdemeanor. Novak turned the offer down, by that point eager to have his day in court. By the time his trial rolled around, prosecutors had settled on the theory that Novak's Facebook gag had disrupted police services by generating phone calls to the police department—a grand total of 10 in 12 hours. The jury did not buy it, and everyone who was involved in the case should have known better than to let it get that far.

The end result is a lawsuit [PDF], which will definitely impair the community's trust in the police department. Novak alleges First, Fourth and Fourteenth Amendment violations -- all stemming from the warrants issued to the PD which, if determined to be bogus, support his Fourth and Fourteenth claims. As for the First Amendment, Novak's parody page was protected speech and the Parma police had no business using their powers to shut it down, much less arrest the page's creator.

As for the PD's supporting affidavits, they appear incredibly weak according to what's documented in the lawsuit. There was more made about the content of the page being "derogatory" than about the supposed criminal activity Novak (obviously didn't) engage in: disruption of government services.

That being said, it will be tough to prevent immunity from being awarded to most, if not all, of the participants in this censorious travesty. Unless the Parma police have specific guidance or training that encourages them to trample all over citizens' First Amendment rights, it's unlikely the allegations will survive a motion to dismiss. Then again, the PD didn't just tread lightly on Novak's free speech -- it steamrolled him with a trumped-up felony charge, seizure of all of his devices, and jailed him for four days. The city may find it more expedient to settle this quickly than take the chance of Novak prevailing completely.

The Parma PD should have limited itself to informing particularly stupid/gullible citizens that the parody page wasn't the real thing. Then it should have left it alone. Instead, it leveraged its power to avenge its hurt feelings, resulting in a tantrum that could prove to be very expensive.

It's generally agreed that the state of security for the Internet of Things runs from "abysmal" to "compromised during unboxing." The government -- despite no one asking it to -- is offering to help out… somehow. DHS Assistant Secretary for Cyber Policy Robert Silvers spoke at the Internet of Things forum, offering up a pile of words that indicates Silvers is pretty cool with the "cyber" part of his title... but not all that strong on the "policy" part.

The industry, according to Silvers, is demanding that IoT security is tackled "from a DHS perspective," meaning a focus on public safety. And then he damned other government departments' efforts with faint praise.

"This is complex stuff, but it's not going to be regulatory or over prescriptive, it's not even going to be highly technical," he argued. "What we're going to be doing is drawing on the best approaches, pulling them together and elevating them to get the public's attention."

Shorter DHS: we're going to take what the private sector and other government agencies have accomplished, print it out on a few pages of DHS letterhead, and call it good. All Silvers is promising is the DHS's insertion into a crowded marketplace of vague ideas, many of them coming from other government agencies.

Even better, Silvers claimed the DHS's intrusion into this overcrowded space won't be "regulatory." This statement arrived shortly before Silvers suggested regulation was on its way.

“We have a small and closing window of time to take decisive and effective action,” Silvers said, “the challenge of addressing IoT security is outweighed only by the greater challenge of patching, or building on the security of already deployed systems. While some of this may sound like common sense, it’s an undeniable fact that some companies are not being held accountable,” Silvers said.

"Companies not being held accountable" sounds like the sort of thing the government would feel compelled to fix with regulation. As Kieran McCarthy of The Register points out, the DHS seems mostly concerned with ensuring it's cut in on the cybersecurity action.

The DHS's current plan seems to be little more than shoving their foot in the door: Silvers could not give a timetable for the principles, or even a consultation plan. He didn't highlight specific areas of concern, or point to the direction the DHS is expected to take.

Perpetually-increasing budgets are on the line here. Every agency wants a piece of the "cyber" pie, whether on the offensive or defensive side. The DHS is no different, even though its track record on cybersecurity is mostly terrible. (Its track record on "homeland" security isn't that fantastic either…) Its Election Cybersecurity task force is composed of state politicians, rather than security experts. And the Government Accountability Office has previously noted the DHS has no plans in place to protect government buildings from cyberattacks on access and control points -- despite having had nearly 15 years to do so.

In front of a group of professionals actually putting together best practices for the Internet of Things, the DHS has announced its willingness to coattail-ride its way into the cybersecurity future -- one promising to be full of government intrusion and steady paychecks. And, like others in the government who feel the government should do nothing more than make demands of the private sector, Silvers encouraged the forum attendees to "nerd harder." Or, at least, faster.

Silvers issued a call of action to attendees, urging them to “accelerate everything” they’re working on and tackle issues that pop up in cybersecurity in real time.

Thanks, bossman. There's nothing security professionals like more than being told how to do their jobs by government agencies without coherent future plans or the ability to secure anything more than a pension.

It's well-known that the big studios and the MPAA like to indoctrinate movie theater employees into believing that there's a horrible menace of people trying to pirate movies in the theaters, and that in some cases, they even hand out money to employees who "catch" pirates in the act. In general, all this really does is make it less enjoyable to go to the movies -- and sometimes leads to elderly patrons being ejected from theaters because some kid is totally sure she's pirating the film she's watching.

And the latest example is even more extreme, where private security forces apparently decided to assault a couple of Toronto women they falsely accused of pirating a showing of The Magnificent 7. One of the women, Jean Telfer, says she actually decided to leave the film early because she found it too violent. Apparently the idea that a pirate probably wouldn't be leaving in the middle of a film didn't occur to the geniuses Sony Pictures had specifically hired to "guard" the showing. So they tackled Telfer. Really.

Halfway through the film, Telfer decided to leave because she found the movie to be too violent.

“When I left the theatre I heard someone yelling behind me, ‘Sir! Sir!’ I didn’t think much of it,” said Telfer.

“Out of nowhere I felt someone grab me from behind. My reaction [was] to get this person off of me. Unfortunately it did escalate and he did somehow get on top of me.”

Bizarrely, despite all of that, the guy who tackled her never told her why and then just let her go. But when her friend, Elaine Wong, also went to leave, the experience was a bit different.

Wong, unaware of what had happened to her friend, left the theatre shortly after to find Telfer.

Wong said a guard approached her and little explanation was given except that the security guards had been watching them all night and that something on the guards’ heat sensor guns had gone off. She added that they attempted to search her bag.

Wong noted that they left right before the action really started, and if they were trying to pirate a movie, you'd think they'd "wait until a lot of people start dying." Eventually both Telfer and Wong were told to remain with security until the police arrived -- though after a while when no police arrived, they were apparently let go. The two did decide to file a police report of their own, arguing that they had been illegally assaulted by security at the theater.

In some tweets, Wong notes that they demanded to search her bag, and also demanded to know why they were leaving early -- as if that were some sort of "sign" of piracy in action (though she refers to the guy as being from Disney, the news reports say he was hired by Sony). Once again, I fail to see how treating regular customers as criminals helps Hollywood convince more people to pay to see movies. It likely has the reverse effect.

Actress Junie Hoang may have lost her legal battle against IMDb for revealing her age, but the California Assembly is ensuring she'll win the war. Hoang sued IMDb for $1 million, claiming the publication of facts without her permission had resulted in her being a victim of Hollywood ageism. IMDb won the lawsuit, but Governor Jerry Brown has just signed a bill into law that will prevent sites like IMDb from publishing actors' ages.

California Gov. Jerry Brown on Saturday signed legislation that requires certain entertainment sites, such as IMDb, to remove – or not post in the first place – an actor’s age or birthday upon request.

The law, which becomes effective January 1, applies to database sites that allow paid subscribers to post resumes, headshots or other information for prospective employers. Only a paying subscriber can make a removal or non-publication request. Although the legislation may be most critical for actors, it applies to all entertainment job categories.

Quotes from actors' guild representatives and "industry leaders" present this as a positive change. Supposedly the removal of this information will result in fewer actors and actresses from being passed over for roles because they're "too old." Ageism may be an industry-wide problem but the correct solution would be to change Hollywood culture, not tap dance across the First Amendment.

“We are disappointed that AB 1687 was signed into law today,” said Internet Association spokesman Noah Theran. “We remain concerned with the bill and the precedent it will set of suppressing factual information on the internet.”

Michael Beckerman, the association’s president and CEO, also wrote in August for THR, about his opposition to the law.

“Requiring the removal of factually accurate age information across websites suppresses free speech,” Beckerman wrote. “This is not a question of preventing salacious rumors; rather it is about the right to present basic facts that live in the public domain. Displaying such information isn’t a form of discrimination, and internet companies should not be punished for how people use public data.”

That's the problem with this law: it shoots the messenger rather than addresses the underlying problem. The government as a whole has passed many laws aimed at reducing discrimination, but in this case, the California assembly decided the onus should be on data aggregators that have absolutely nothing to do with the process of casting films.

It's unlikely this law will survive a Constitutional challenge, seeing as it prohibits the publication of facts. While any website can voluntarily choose to withhold this information, adding the government into the equation makes it a form of censorship.

The crafters of this law are claiming this speech suppression will benefit the little guy (and girl) the most:

[California Assemblyman Ian] Calderon said the law was more for actors and actresses not as well known as big stars.

“While age information for Hollywood’s biggest stars is readily available from other online sources, this bill is aimed at protecting lesser known actors and actresses competing for smaller roles,” Calderon said in the release. “These actors should not be excluded from auditioning simply based on their age.”

Calderon is correct. Actors should not be excluded simply because of their age. But that's a problem studios need to solve. And if they can't and legislators like himself still feel compelled to step in, the law should target discriminatory hiring practices, not IMDb and other sites like it.

Protect up to 5 of your devices from prying eyes with a $29 lifetime subscription to VPN Unlimited. You'll have access to servers in 39 countries with unlimited bandwidth and an unlimited high-speed connection. Check out their answers to TorrentFreak's 2016 VPN survey and see if they're the right fit for you.

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

How many living, breathing human beings really read Techdirt? The truth — the most basic, rarely-spoken truth — is that we have no earthly idea. With very few exceptions, no media property big or small, new or old, online or off, can truly tell you how big its audience is. They may have never thought about it that way — after all, we all get as close as we can to what we think is a reasonably accurate estimation, though we have no way of confirming that — but all these numbers are actually good for (maybe) is relative comparisons. What does it really mean when someone says "a million people" saw something? Or ten or a hundred million? I don't know, and neither do you. (Netflix might, but we'll get to that later.)

Where should we start? How about this: internet traffic is half-fake and everyone's known it for years, but there's no incentive to actually acknowledge it. The situation is technically improving: 2015 was hailed (quietly, among people who aren't in charge of selling advertising) as a banner year because humans took back the majority with a stunning 51.5% share of online traffic, so hurray for that I guess. All the analytics suites, the ad networks and the tracking pixels can try as they might to filter the rest out, and there's plenty of advice on the endless Sisyphean task of helping them do so, but considering at least half of all that bot traffic comes from bots that fall into the "malicious" or at least "unauthorized" category, and thus have every incentive to subvert the mostly-voluntary systems that are our first line of defence against bots... Well, good luck. We already know that Alexa rankings are garbage, but what does this say about even the internal numbers that sites use to sell ad space? Could they even be off by a factor of 10? I don't know, and neither do you. Hell, we don't even know how accurate the 51.5% figure is — it could be way off... in either direction.

Okay, so what about TV ratings? Well, there's a reason they've been made fun of on the shows themselves for as long as our culture has been able to handle "meta" jokes without getting a headache. Nielsen ratings in their classic form are built on monitoring such a tiny sample of households that the whole country's viewing profile can probably be swayed because someone forgot to turn off the TV before going on vacation. They sucked before DVRs and digital distribution began transforming the single household television into a quaint anachronism, and now it's just chaos. Nielsen was slow to catch up with DVRs, and now the TV industry juggles scattered measurements including three or seven days of viewing beyond live air, and constantly complains that the ratings are off — specifically, that they're too low. And they might be right, in the sense that they are too low by comparison to the garbage ratings from the pre-digital age that everyone eventually embraced as a standard for relative rankings. How big are these audiences really, in terms of real living breathing human beings? I don't know, and neither do you.

YouTube view counts? Subject to all the same fake internet traffic problems, plus the fact that there's an opaque system for supposedly ignoring too-short incomplete views according to the genre and nature of the video, but good luck finding out how accurate that is. Channel operators know their length-of-view statistics, but you don't see them bandying them about much. Plus, how often have you heard public view counts casually referred to as the number of "people" who watched something, even though (especially when it comes to short-and-cute viral animal hits and their ilk) the bulk of them probably come from obsessive re-watching? Yeah.

So what about Facebook stats? Everything from impressions to simultaneous live video viewers is padded out by the most transient of idly-scrolling-through-the-newsfeed interactions. Twitter followings and tweet stats? Dig into the bowels of any list of followers, or any trending link, and see how much of it is mindless bots. Print readerships? Don't even get me started. Did you know it's common practice for newspapers to calculate their readership by applying a multiplier to their actual circulation, to account for an imaginary surplus of "readers per copy"? Yes, that soggy "local" paper that's been sitting out in the rain on your porch for two days, and that only exists to give them an excuse to deliver flyers to your door, is not only being counted — it's probably being counted five times. So are all the free/cheap copies that big national papers give to hotels. Oh, and when these companies distribute multiple publications in different channels — with newspapers, magazines and paywalled websites all being given away with each other as free cross-subscriptions, in order to pad out all three subscriber numbers — they add them all up and then try to determine the actual number of individual people they are reaching. How? By applying an opaque "deduplication" formula. I once pressed a newspaper's stats person about what this formula could possibly entail, but details were not forthcoming — because I suspect they just knock off 20% and call it a day, despite the fact that the magazine is distributed inside the newspaper whose audience they are supposedly "deduplicating" it from, and half the website subscriptions were free add-ons with print delivery. That's awfully generous when the truth is they don't know, and neither do I, and neither do you.

So who does know how big of an audience they really have? Well, maybe Netflix, Amazon and other digital subscription services. Their paywalls insulate them from the bulk of random bot traffic, and their proprietary ecosystems give them the ability to closely monitor all activity. Netflix, of course, is famously secretive about viewer numbers and insists on the inaccuracy of those who claim to have worked them out. The most common assumption is that they do this to avoid giving content creators too much leverage, and because the data can be seen as a valuable commodity — but I propose another reason: Netflix's likely-more-accurate statistics, if made public, would have zero context in the topsy-turvy world of nonsense TV ratings. They would probably look exceptionally low, giving the legacy bosses who would like nothing more than to downplay the importance of digital distribution (and there are as many of those as there are record execs who can't spell mp3) a chance to project whatever narrative they wanted onto the numbers.

So why does any of this matter? Because advertising is a multibillion dollar industry, and whenever an industry is worth that much, you have to ask: is that because there are billions of dollars of worthwhile transactions happening, or because every bloodsucker in a ten-industry radius wanted in on the action? So, so much of the advertising industry is pure waste. How much exactly is as impossible to determine as the audience sizes themselves. This is hardly a new idea (in fact it's a century-old quote) but it's probably more true now than ever, despite the fact that in theory technology could have delivered us from uncertainty.

Finally, what can be done about this? There's no simple answer, and maybe no answer at all. Here at Techdirt, we've been working to come up with good advertising solutions by focusing almost entirely on what we know our community likes and might be interested in (as in, our real community of people who talk in our comments and we can say, with confidence, exist) and paying less attention to raw numbers — both a luxury and a necessity for a smaller publication, depending on how you look at it. That's not always easy though, as we face an advertising industry ruled by metrics, where there are often ten spreadsheet-wielding interns between us and someone who might actually care about our creativity. In our experiments with more traditional algorithmic display advertising to monetize the raw traffic numbers we do have, we keep running up against what appears to be a universal truth: the bulk of the global internet ad ecosystem runs on trash. Gigantic prestigious online media brands can sell display campaigns straight to the same people who buy Superbowl ads — everyone else receives a hundred pitches a week from new ad networks that claim to deliver great, relevant content but in fact litter your site with ads for fad diets and ambulance-chasers (at best). And this lowest-common-denominator filler appears to be the only reliably successful form of internet advertising! At least, it never goes away when the good stuff does, and the proud quality networks eventually embrace their roles as crap-peddlers. "Good" internet advertising is a rickety ship navigating an endless roiling ocean of spam, clickbait and outright fraud — but it couldn't float at all without it.

I realize I've painted a grim picture, but these are (more or less) the facts. I'm surely wrong in some of my guesses, but like everything discussed here, nobody knows how wrong or in which direction. We'll never even really know how many people read this — we'll just have a vague estimate that can be compared to other posts on Techdirt. But for now that's the reality, so maybe more people should stop worrying about the supposed size of their audience, and focus on making the content they want to make.

Every so often, we hear a story about actions taken by someone who is just so upset about someone else doing something that it seems to border on obsessive. For example, when we hear about copyright holders who spend all their time sending DMCA takedowns -- while whining about how they're unable to produce new content and aren't making any money from sending all those takedowns. The obvious response is: maybe stop sending all those takedowns and focus on something that's actually productive, like creating new works and building a fan base willing to support you.

Recently, the Planet Money podcast had an episode with a similar story but in a different realm -- but it was just as stupid and wasteful. It was about this entrepreneurial couple who had created a cat toy product, which was becoming fairly successful through selling it on Amazon. And yet, they were completely freaked out by arbitrageurs. These weren't pirates or counterfeiters. Rather, they discovered that people were posting their cat toy to eBay (for a lot more money), and if someone bought, they'd just order it from Amazon, and have it ship directly to the buyer. I've heard of people having this happen to them -- where they'd order from one place and receive a shipment from Amazon instead (sometimes with the actual invoice price included...).

This is all perfectly legal. There's no law against reselling products. It's just arbitrage. But the couple, Fred and Natasha Ruckel, freaked out about this and spent a ton of time every day sending cease-and-desist letters to these eBay sellers.

First thing in the morning, check for arbitrageurs. Last thing at night, check for arbitrageurs, send out any cease and desists before or after. It was taking up an inordinate amount of time, and it was super stressful.

Ruckel does make a few valid points: the eBay arbitrageurs provide a less satisfying experience -- their sales pages don't look great and Ruckel wishes to have a better experience for the customers to boost brand loyalty. On top of that, the even more valid concern is that when people order via eBay for $60 and receive a box from Amazon showing the price was $40... they get pissed off. And often they return the product, and that leads to restocking fees that Ruckel has to pay -- plus just general hassle. That part is a valid concern, but from all indications this was still making them money.

And if it was really taking up so much time to send out these cease and desist letters -- and it was "super stressful" why not just drop it altogether? Why bother? Just focus on selling your products. Or, hell, just put your own product up on eBay. To be fair, while this is not mentioned in the podcast, in an article in Entrepreneur Magazine about this same story, it does note that he tried, briefly, to put the product up on eBay too, but whines that people still copied him:

This summer, Ruckel tried a new approach: He put his own product on eBay and titled it “All other eBay sellers are fake.” A few weeks later, he stumbled upon an eBay listing with a familiar title. “All other eBay sellers are fake,” it said. It wasn’t his, of course.

Someone had copied that, too.

But, uh, so what? Assuming that he posted them to eBay with the same price as his Amazon sales, then there shouldn't be a problem. All the arbitrageurs should be driven out of business, since his would be priced lower than the arbitrageurs. So who cares if they claim to be the legit provider, when people would likely flock to the cheapest one anyway? Nothing in this story makes sense.

Especially this last part. Ruckel apparently got so frustrated with the "stress" of dealing with arbitrageurs, that he yanked his stuff off of Amazon entirely... and saw his sales drop drastically.

We pulled out of the whole Prime shipping thing in May. And at that point, we were over 60,000 a month in sales. And in a blink, 60,000 went down to 25,000.

Planet Money asks them if it was worth it -- and they said that it was. Because "integrity."

F RUCKEL: Integrity is important to us.

N RUCKEL: And the stress factor...

F RUCKEL: And the stress...

N RUCKEL: ...Was completely removed.

F RUCKEL: So we removed all the stress.

Yeah, and you also removed more than half your business. Again, this reminds me of the person who claimed they were "wasting" half of their royalties sending DMCA takedown notices that weren't effective. Why do that? Why kill your sales just because someone else figured out a way to resell your product better than you have?

There's some weird psychology going on here. It reminds me of the classic economics class game, whereby two students (Student A and Student B) are selected by the professor, and Student A is given $10 and told to share some of it with Student B -- but if Student B rejects Student A's offer, then no one gets any money. Under such conditions, even if Student A offers Student B just $1 (keeping $9), Student B should take it. Both of them are better off than getting nothing. And yet, time and time again, Student B rejects offers that are seen as "too small." Basically, they feel insulted, cheated or ripped off -- even though that's ridiculous. It's a weird attempt to insert a "fairness standard" where it doesn't make any sense, and where "punishing" Student A is more "valuable" to Student B than the small payout.

It feels like something similar must be happening here. People like the Ruckels would prefer to punish others, making their own product harder to find and more difficult to buy, than to allow anyone else to possibly benefit from it. I get that it happens, but it still confuses me to no end why anyone could possibly think it's a good result.

So, the CFAA strikes again, and this time right in the heart of a Silicon Valley political fight. If you live in or around the Silicon Valley tech industry, you probably know who Ro Khanna is. He's often been described as the "candidate for Congress that Silicon Valley prefers." It feels like he's been running for Congress against incumbent Rep. Mike Honda forever, but it's really just in the past two elections. Here's a big Bloomberg profile of him from 2013 when he first challenged Honda, losing narrowly to him in the 2014 election, despite having support from many Silicon Valley tech industry stars. This year, he's running again, and in the primary, Khanna narrowly beat Honda, suggesting good things in the general election in November (the top two candidates in the open primary move on to the general election, regardless of party).

Khanna is known for his pro-internet views, while Honda has a reputation for not really understanding or caring very much about the internet.

And now... Honda has sued Khanna under one of the most hated laws on the internet, the CFAA (Computer Fraud & Abuse Act). As we've discussed for many years, the CFAA was supposed to be an "anti-hacking law" that was created by politicians who were (literally, no joke) scared by the fictional movie War Games into writing an anti-hacking law in the 1980s. The law has many, many, many problems, but the biggest one, which comes up again and again in cases, is that it has a vague standard of "unauthorized access" or "exceeding authorized access."

Not surprisingly, that's the issue in this case as well. In short, Brian Parvizshahi was (until Thursday night) Khanna's campaign manager. Way back in 2012, Parvizshahi had briefly (as in, for just a few weeks) worked at Arum Group, an organization that helped Mike Honda with fundraising. After he left Arum Group, apparently no one at the company thought to turn off his access to the Dropbox where they stored all their info about donors. Now, to most people, you'd think that the issue here would be Arum Group's bad policies. But, under the CFAA some can argue that continuing to access that file is a form of "unauthorized access."

And that's the central claim here in the lawsuit. Honda claims that Parvizshahi continued to access that Dropbox folder that he was given access to four years ago and which Arum Group never shut down -- and thus he, and the whole Khanna campaign -- violated the CFAA. You can see the full filing here.

Now, we can say that Parvizshahi continually accessing this info -- especially after starting to work for Khanna -- was really, really dumb. Especially since his actions were clearly viewable in Dropbox -- including cases where he supposedly "edited" the files. From the lawsuit, here's just one of many, many images: It is worth noting, though, that some of the screenshots merely show Parvizshahi "adding" the document to his desktop, which might have happened automatically if he was syncing his Dropbox account to his computer, which is the way many people set things up.

One other sketchy thing here is that someone sent a copy of Honda's donor list to San Jose Inside magazine in late 2015 -- and apparently the file they got matched a file in the Dropbox folder that Parvizshahi had accessed.

So while it may have been dumb for him to do so, the real fault here would seem to lie with Arum Group for (1) giving Parvizshahi access on what appears to be his personal Dropbox account, rather than adding a professional account that it controlled and (2) failing to revoke his access after Parvizshahi left, and not even noticing it for years. That seems to be the really negligent move here.

But, with the way courts have been interpreting the CFAA, it does seem entirely possible (if ridiculous) that a California court could interpret this to be a CFAA violation for Parvizshahi at the very least. If that also applies to Khanna, that would seem doubly ridiculous. Either way, as far as I can tell, while Khanna has taken a position on a number of issues related to tech policy, I don't see anything about the CFAA. Perhaps this particular episode will change that.

More information is surfacing on the source of the NSA's hacking tools discovered and published by the Shadow Brokers. Just as Ed Snowden pointed out shortly after the tools first appeared online, the problem with sticking a stash of hacking tools on equipment you don't own is that others can access the tools, too… especially if an operative doesn't follow through on the more mundane aspects of good opsec.

Here's where it gets interesting: the NSA is not made of magic. Our rivals do the same thing to us -- and occasionally succeed. Knowing this, NSA's hackers (TAO) are told not to leave their hack tools ("binaries") on the server after an op. But people get lazy.

Reuters has exclusive (but anonymous) interviews with personnel involved in the investigation which indicates other, more exculpatory theories are likely wrong.

Various explanations have been floated by officials in Washington as to how the tools were stolen. Some feared it was the work of a leaker similar to former agency contractor Edward Snowden, while others suspected the Russians might have hacked into NSA headquarters in Fort Meade, Maryland.

But officials heading the FBI-led investigation now discount both of those scenarios, the people said in separate interviews.

NSA officials have told investigators that an employee or contractor made the mistake about three years ago during an operation that used the tools, the people said.

And what a mistake it was. Tools purchased or developed by the NSA's Tailored Access Operations (TAO) are now -- at least partially -- in the public domain. The other aspect of this unprecedented "mistake" being confirmed is the fact that the NSA couldn't care less about collateral damage.

That person acknowledged the error shortly afterward, they said. But the NSA did not inform the companies of the danger when it first discovered the exposure of the tools, the sources said.

Three years of unpatched holes, one of them a zero day that affects a great deal of Cisco's networking equipment. Not only was TAO's operation security compromised, but so were any number of affected products offered by US tech companies.

However, investigators are still looking into the possibility that the tools were left behind deliberately by a disgruntled TAO operative. This theory looks far better on the NSA than another theory also being examined: that multiple operatives screwed up in small ways, compounding each other's mistakes and (eventually) leading to a public showing of valuable surveillance tools.

As for the official, on-the-record comment… no comment. The FBI and Director of National Intelligence declined to provide Reuters with a statement.

The NSA has long refused to acknowledge the inherent dangers of hoarding exploits and deploying them with little to no oversight. It's unclear whether this incident will change this behavior or make it a more-forthcoming partner in the Liability Equities Process. What is has proven is that the NSA makes mistakes like any other agency -- whether the tools were left behind accidentally or deliberately. It's just that when the NSA screws up, it exposes its willingness to harm American tech companies to further its own intelligence needs.

This week, Hillary Clinton more or less told Silicon Valley to, once again, "nerd harder!" to find ways to stop terrorists from radicalizing people online. Norahc won first place for insightful with some fair play turnabout:

Perhaps if in her role as Secretary of State, she had "diplomat harder" we might have found a way to prevent the radicalization of people. Then again, that would entail people like her (including the other candidate) having to do real work instead of demanding other people work harder.

Our second place comment also comes in response to that post, and this one racked up so many votes that it also took first place on the funny side (it's been a while since we had a double winner!) Machin Sin took a closer look at the notion of blocking radicalizing speech:

Under this logic all speech coming from either Hillary or Trump should instantly be blocked. For that matter they should both just be locked up.

I can't think of anything that could cause more radicalization than the steady stream of stupidity that flows from those two. Some of the bombers are probably just happy knowing that by blowing themselves up they wont have to listen to any more news clips about those two bozos.

For editor's choice on the insightful side, we start out with a comment from Dave Cortright responding to the parade of false statements used by the intelligence community to smear Edward Snowden:

Ad Hominem, AD HOMINEM, AD FUCKING HOMINEM!

Look, it's great that Snowden turned out to be a nearly impeccable character that his opponents have to resort to lies and serious distortions to discredit him. But even if the guy were a drug addict with a penchant for young boys, THAT DOES NOT IN ANY WAY CHANGE THE *FACTS* OF THE MATTER AT HAND.

This whole report is just a pathetic attempt at redirection, focusing on the messenger rather than the message. And more to the point (which Greenwald astutely pointed out in his piece), Snowden was not the one who made this information public. If anyone should be scrutinized by the government it is the JOURNALISTS and their institutions who analyzed the information he provided and independently determined it to be newsworthy.

Fuck the oxymorons on the House Intelligence Committee. I hope the next leak FUBARs each and every one of their personal and professional lives commensurate with the bullshit our government has put all of the previous intelligence whistleblowers combined.

Next, we've got a small but important anonymous observation about HP disabling third-party ink cartridges with a firmware update:

There is a serious and long-term unintended consequence that MS, HP, et al are not considering here: they are teaching users that *installing security updates is bad.*

Over on the funny side, we've already had our first place winner above, so we head straight to second place where That One Guy noticed a fun detail in our story about the downfall of game studio Digital Homicide:

You just can't make this stuff up

"Games like Wyatt Derp, Temper Tantrum, and The Slaughtering Grounds (the first game Sterling reviewed)"

There is just something so very fitting for a company like that to make a game and call it 'Temper Tantrum', given their typical responses to criticism. What next, a game called 'Vexatious Bully'? Or how about 'Victim Complex'?

For editor's choice, we start out on the bizarre story of Macedonia's copyright licensing collective actually banning Macedonian music from the air in protest of having to face competition. One comment stood out as especially appropriate:

Do they also claim ownership of the word Pyrrhic

(I don't know if this was the intention of the commenter, but I found it amusing since Macedonia is in fact only about a hundred miles from the historical region of Epirus, home of King Pyrrhus himself. So... maybe!)

Finally, for the sake of symmetry, we've got another response to HP's ink cartridge debacle. Roger Strong cut short those with plans of doing their own re-inking:

HOME RIBBON RE-INKING IS KILLING THE PRINTER INDUSTRY!

(I'm not sure how well that one would work on a t-shirt, but you never know...)

That's all for this week, folks!