As you may have heard, the law enforcement and intelligence communities have been pushing strongly for backdoors in encryption. They talk about ridiculous things like "golden keys," pretending that it's somehow possible to create something that only the good guys can use. Many in the security community have been pointing out that this is flat-out impossible. The second you introduce a backdoor, there is no way to say that only "the good guys" can use it.

As if to prove that, an old "golden key" from the 90s came back to bite a whole bunch of the internet this week... including the NSA. Some researchers discovered a problem which is being called FREAK for "Factoring RSA Export Keys." The background story is fairly involved and complex, but here's a short version (that leaves out a lot of details): back during the first "cryptowars" when Netscape was creating SSL (mainly to protect the early e-commerce market), the US still considered exporting strong crypto to be a crime. To deal with this, RSA offered "export grade encryption" that was deliberately weak (very, very weak) that could be used abroad. As security researcher Matthew Green explains, in order to deal with the fact that SSL-enabled websites had to deal with both strong crypto and weak "export grade" crypto, -- the "golden key" -- there was a system that would try to determine which type of encryption to use on each connection. If you were in the US, it should go to strong encryption. Outside the US? Downgrade to "export grade."

In theory, this became obsolete at the end of the first cryptowars when the US government backed down for the most part, and stronger crypto spread around the world. But, as Green notes, the system that did that old "negotiation" as to which crypto to use, known as "EXPORT ciphersuites" stuck around. Like zombies. We'll skip over a bunch of details to get to the point: the newly discovered hack involves abusing this fact to force many, many clients to accept "export grade" encryption, even if they didn't ask for it. And it appears that more than a third of websites out there (many coming from Akamai's content delivery network -- which many large organizations use) are vulnerable.

And that includes the NSA's own website. Seriously. Now, hacking the NSA's website isn't the same as hacking the NSA itself, but it still seems notable just for the irony of it all (obligatory xkcd): But the lesson of the story: backdoors, golden keys, magic surveillance leprechauns, whatever you want to call it create vulnerabilities that will be exploited and not just by the good guys. As Green summarizes:

There’s a much more important moral to this story.

The export-grade RSA ciphers are the remains of a 1980s-vintage effort to weaken cryptography so that intelligence agencies would be able to monitor. This was done badly. So badly, that while the policies were ultimately scrapped, they’re still hurting us today.

This might be academic if it was just a history lesson — but for the past several months, U.S. and European politicians have been publicly mooting the notion of a new set of cryptographic backdoors in systems we use today. This would involve deliberately weakening technology so that governments can intercept and read our conversations. While officials are carefully avoiding the term “back door” — or any suggestion of weakening our encryption systems — this is wishful thinking. Our systems are already so complex that even normal issues stress them to the breaking point. There's no room for new backdoors.

To be blunt about it, the moral of this story is pretty simple:

Encryption backdoors will always turn around and bite you in the ass. They are never worth it.

Let's repeat that last line, because it still seems that the powers that be don't get it:

Encryption backdoors will always turn around and bite you in the ass. They are never worth it.

Whether it's creating vulnerabilities that come back to undermine security on the internet decades later, or merely giving cover to foreign nations to undermine strong encryption, backdoors are a terrible idea which should be relegated to the dustbin of history.

(Former?) dentist Stacy Makhnevich utilized a shady firm's (Medical Justice) legal documents to force a patient to sign over his copyright to any future reviews of her service. When he posted negative comments about her services, she followed this up by billing him $100/day for the Yelp review he supposedly no longer controlled.

This censorious behavior resulted in two things: a class action lawsuit being brought against the dentist by Public Knowledge and a severe Streisanding that saw Makhnevich's personal and professional reputation torn to shreds by internet denizens, most notably at the same site she attempted to silence.

Shortly thereafter, Makhnevich simply… disappeared. She filed a motion to dismiss the class action suit, but received only sharp criticism from the judge for her "ridiculous" arguments. That was pretty much the last anyone saw of the disgraced dentist, something that makes plaintiff Robert Allen Lee's win somewhat bittersweet.

According to the default judgement [PDF] by a U.S. District Court in NYC last week, the judge concurs, saying that the prohibition against negative criticism, along with the use of copyright claims to prevent these reviews from being seen “constitute breaches of fiduciary duty and violations of dental ethics and are subject to the equitable defenses of unclean hands, and, as to such assignment and assertion, constitute copyright misuse.”

The very short decision points out that Makhnevich was wrong about pretty much everything before awarding presumably uncollectable damages to Lee.

The Court declares as follows:

A. Notwithstanding the claim of defendants Stacy Makhnevich, Aster Dental, Chrysler Building Dental Association, North East PC, South East Dental Suite, Lincoln Square Dental Arts, Lincoln Square Dental Arts of Manhattan, and Chrysler Dental (collectively, "defendants") to ownership of the copyright in writings by plaintiff Robert Allen Lee about them, Robert Allen Lee's posting of public comments about defendants' services ("Lee 's Commentary") is a non-infringing fair use pursuant to Section 107 of the Copyright Act;

B. Obtaining the promise by plaintiff Robert Allen Lee in the Mutual Agreement to Maintain Privacy (the "Agreement') not to publish criticism of defendants, the Agreement's purported assignment of copyrights, and the assertion of copyright claims by defendants for the express purpose of preventing the dissemination of Lee's Commentary, constitute breaches of fiduciary duty and violations of dental ethics and are subject to the equitable defenses of unclean hands, and, as to such assignment and assertion, constitute copyright misuse;

C. Robert Allen Lee's assignment and promise in the Agreement not to publish criticisms of defendants are null and void for lack of consideration;

D. Robert Allen Lee's assignment and promise in the Agreement not to publish criticisms of defendants are null and void for unconscionability;

E. The Agreement is a deceptive act or practice in violation of Section 349(a) of the New York General Business Law; and

F. Lee' s Commentary is not actionable defamation under New York common law.

Plaintiff Lee is awarded $4,766 in damages against defendants, jointly and severally, for their breach of contract, together with his costs of suit.

The other upshot of the lawsuit is that Medical Justice has ceased offering the legally-dubious forms deployed by Makhnevich, albeit in a rather begruding fashion.

"While we believe these agreements are honest, ethical, and legal, we are going to use this situation as an opportunity to retire these written agreements used since 2007," MJ CEO Jeffrey Segal told Ars on Wednesday. He claims that MJ will recommend to doctors that they stop using the agreements, and that patients will not be asked to sign any such agreements in the future.

The worst thing you can do about bad reviews is pretty much everything Makhnevich did: misuse copyright law, fire off cease-and-desist orders and bogus DMCA takedown requests, and bill unhappy customers to the tune of $110,000. Disappearing was probably a wise choice, but it does tend to result in default judgments. Lee may find it hard to collect what he's owed from the missing dentist, but the court's short but thorough dismantling of her every move should serve as a warning to future business owners who think it's wise to deploy the nuclear option when criticized.

A few Florida legislators are looking to do some serious damage to both free speech and the internet.

This week, the Florida state legislature is considering a bill that would make it illegal to run any website or service anonymously, if the site fits a vague category of “disseminat[ing]” “commercial” recordings or videos—even the site owner’s own work. Outlawing anonymous speech raises a serious First Amendment problem, and laws like this one have been abused by police and the entertainment industry.

The bill (Senate and House versions) seems to be catering directly to the entertainment industry and could give local law enforcement City of London Police-esque powers to act as de facto copyright cops. And its potential stripping of anonymity not only requires disclosure to law enforcement, but everyone else on the web.

A person who owns or operates a website or online service dealing in substantial part in the electronic dissemination of commercial recordings or audiovisual works, directly or indirectly, to consumers in this state shall clearly and conspicuously disclose his or her true and correct name, physical address, and telephone number or e-mail address on his or her website or online service in a location readily accessible to a consumer using or visiting the website or online service.

Do-it-yourself doxxing! What could possibly go wrong? Handing over your personal information to complete strangers always works out so well. The bill seems only concerned with giving rights holders easier access to potential infringers (still problematic), completely ignoring the unintended consequences of forcing certain site owners to hand out their personal information proactively, rather than only by law enforcement subpoena or court order.

On top of that, there's the vagueness of the language. "Directly or indirectly" can mean a lot of things -- like links to alleged infringement elsewhere on the web. And it would potentially force any number of site owners worldwide to give up their anonymity. The bill isn't limited to sites/site owners residing in Florida. All it says is "electronic dissemination… to consumers in this state." If a website can be accessed from Florida, it conceivably falls under the jurisdiction of this proposed law.

This would give the Grady "Showboat" Judds of Florida law enforcement all the reason they need to send ad hoc anti-piracy task forces all over the US to shut down infringing sites. Even if the damage was solely confined to Florida, it would still be a bad idea.

Similar “true name and address” laws in other states have been used to justify police raids on music studios. In 2007, a Georgia police SWAT team (with RIAA employees in tow) raided the studio of DJ Drama and DJ Cannon, makers of influential “mixtapes” that record labels used to promote their artists. The police arrested the DJs and confiscated their CDs and equipment. Their justification wasn’t copyright law (which is a federal law) but a more limited version of the same law Florida is considering, one that applies only to physical goods. If Florida expands on Georgia’s law by including websites, we could see similar police raids against music blogs or other avenues of online speech. And the works on the site might even be in the public domain, as long as some “owner, assignee, authorized agent, or licensee”—perhaps a broadcaster—complains.

If there is a bright side to this proposed law, it's that it doesn't gut Section 230 protections and contains the smallest of nods towards Fair Use. But that's it. Otherwise, it's a mess -- a bill designed to expedite the pursuit of infringers at the expense of free speech and online anonymity.

There has been quite a kerfuffle around the apparent fact that Hillary Clinton solely used her personal email account for government business. This piqued my curiosity, especially since I've been playing with a service called Conspire lately.

Conspire is a startup that analyzes your email and then seeks to provide you with an email chain with which to introduce you to the desired person. So, say I wanted to email my current business crush, Marcus Lemonis, Conspire's system found a path with which I could ask for an introduction. In my case, my friend Espree could email her friend Nathan for an introduction to Marcus. Neat. I can definitely see how Conspire could become a useful tool, albeit one that raises some very interesting privacy questions.

So, I looked for Hillary Clinton's now famous hdr22@clintonemail.com email address in Conspire. No luck. Conspire is still growing, so I suppose it makes sense that none of its members have yet to email Hillary. But then I tried just the clintonemail.com domain in the search, and got one hit. Huma Abedin, Hillary's long-time aide, had an email address with the clintonemail.com domain in Conspire's records. Unfortunately, I have no connection path to Ms. Abedin, so I can't ask the system to facilitate an introduction, but it is fascinating. What other Clinton staffers were using email addresses at the clintonemail.com domain? Seems like at least one was. To be fair, Abedin not only was Clinton's deputy chief of staff in the State Department, but she also continued to work for Clinton after Clinton left office. It is possible that she only got the email address after leaving the government, but it certainly raises some serious questions about whether or not other State Department staffers were provided private clintonemail addresses to avoid transparency requirements. In fact, Politico is reporting specifically that Abedin and other staffers used non-government email addresses while in the State Department, which suggests the clintonemail address may have come earlier:

Clinton’s personal aide, Huma Abedin, and her communications adviser, Philippe Reines, regularly used unofficial email accounts for work-related email, former colleagues said.

This also makes me wonder what other new communications mediums our government officials are using. Could world leaders be SnapChatting each other? Or perhaps sending international YO's? Or trolling each other on YikYak? And, if they are, are they complying with records retention laws?

Here in the States, Netflix has been an incredibly vocal supporter of net neutrality, arguing that all traffic should consistently be treated equally by incumbent ISP gatekeepers. The company has also frequently lambasted usage caps, arguing that they're not a very effective business model, and are basically used by incumbent ISPs to protect traditional TV revenues from internet video. One Netflix exec at one point called caps "almost a human rights violation." A few years ago, Netflix CEO Reed Hastings similarly lambasted Comcast on Facebook for exempting its content from usage caps on some devices:

"Comcast no longer following net neutrality principles. Comcast should apply caps equally, or not at all. I spent the weekend enjoying four good internet video apps on my Xbox: Netflix, HBO GO, Xfinity, and Hulu. When I watch video on my Xbox from three of these four apps, it counts against my Comcast internet cap. When I watch through Comcast’s Xfinity app, however, it does not count against my Comcast internet cap...The same device, the same IP address, the same wifi, the same internet connection, but totally different cap treatment. In what way is this neutral?"

Oddly, Netflix's position on this issue seems to differ depending on the hemisphere. In Australia, Netflix is taking a notably different stance. The company has struck a new deal with Australian broadband ISP iiNET that exempts all Netflix content from the company's usage caps when the service goes live on March 24:

"Following confirmation from Netflix that it will launch locally on 24 March, iiNet’s broadband, Naked DSL, NBN and iiNet TV with Fetch customers will have access to as much Netflix content as they like, without it counting against their monthly quota....Paul Perryman, Netflix’s Director of Business Development, said the iiNet partnership will play an important role in the launch of the Netflix service Down Under. "Working with iiNet to offer quota-free Netflix content gives more people the opportunity to familiarise themselves with who we are and what our service offers," said Paul."

While iiNet's position on copyright trolls is consumer friendly, their usage caps are certainly less so. iiNet service features usage caps starting at 100 GB, and users that exceed their allotment often face overage fees of around fifty cents for each additional gigabyte. According to Netflix, HD service consumes around 7 GB per hour. Content streamed in the 4K format consumes significantly more. Reed Hastings' concerns about cap-exemption being a notably unfair policy are seemingly absent from press coverage from the launch.

Australian broadband ISPs managed to get consumers used to usage limits much earlier in broadband's lifecycle there. As a result, metered usage is generally all they've known, so you'll tend to see slightly less public opposition when compared to markets where consumers got used to unlimited, flat-rate data. It's also worth noting that other streaming services (like ABC's iView or Foxtel's Presto) are already cap-exempt, so Netflix feels it too must be cap-exempt if it wants to enter the market on equal footing. Still, it's odd to see Netflix -- a hugely vocal net neutrality supporter -- suddenly go mute on a subject that's so near and dear to its heart. You'd like to think Netflix may become more outspoken on the subject once its service -- and the concept of net neutrality -- gains a foothold down under.

The administration still wants to punish whistleblowers and leakers, but only if it can do it with logic borrowed from Animal Farm. When it comes to prosecution, some leakers are more equal than others.

John Kiriakou -- who exposed a single CIA operative's name while exposing its waterboarding tactics -- spent more time in jail than former CIA director Leon Panetta, who has spent (at last count) a grand total of 0 days locked up for leaking tons of classified info to Zero Dark Thirty's screenwriter, Mark Boal.

Of course, some leaks just aren't leaks, at least not according to the government. Kiriakou's were wrong. Panetta's were right. And Kiriakou spent three years in prison for a lesser "crime."

Thomas Drake faced a potential 35-year sentence for his exposure of wasteful NSA spending. The government's case against him self-imploded, however, resulting in a guilty plea to a misdemeanor and no jail time.

General Petraeus, who leaked classified information to his mistress, is in line to receive the lightest of wrist slaps for his indiscretion: two years probation and a $40,000 fine. The lightness of the sentence suggested by government prosecutors belies the extent of Petraeus' wrongdoing.

What he handed over to his mistress far surpasses anything the above whistleblowers "leaked."

While he was commander of coalition forces in Afghanistan, Petraeus “maintained bound, five-by-eight inch notebooks that contained his daily schedule and classified and unclassified notes he took during official meetings, conferences and briefings,” the U.S. Attorney’s Office for the Western District of North Carolina writes in a statement of fact regarding the case...

All eight books “collectively contained classified information regarding the identifies of covert officers, war strategy, intelligence capabilities and mechanisms, diplomatic discussions, quotes and deliberative discussions from high-level National Security Council meetings… and discussions with the president of the United States.”

The books also contained “national defense information, including top secret/SCI and code word information,” according to the court papers. In other words: These weren’t just ordinary secrets. This was highly, highly classified material.

On top of that, he lied to the government about these books, first in the form of a sworn statement...

Petreaus retained those Black Books after he signed his debriefing agreement upon leaving DOD, in which he attested “I give my assurance that there is no classified material in my possession, custody, or control at this time.” He kept those Black Books in an unlocked desk drawer.

And again to investigating FBI agents.

In an interview on October 26, 2012, he told the FBI:

(a) he had never provided any classified information to his biographer, and (b) he had never facilitated the provision of classified information to his biographer.

Simply lying to the FBI has consequences far greater than those Petraeus will face. But that's because he's General Petraeus and you're not -- as 22-year-old Kirstie Barratt recently discovered.

United States Attorney Bill Nettles stated today that Kirstie Elaine Philome Barratt, age 22, of Fort Mill, South Carolina was sentenced to 24 months’ imprisonment today after earlier pleading guilty to making a false statement to a federal agent, in violation of Title 18, United States Code, Section 1001. United States District Judge Joseph F. Anderson, Jr. imposed the term of imprisonment, which will be followed by a 3 year term of supervised release. In October, Barratt plead straight up to the charge without a plea agreement. Barratt also may face deportation as a result of her guilty plea. During the sentencing hearing, Judge Anderson granted the government’s motion for an upward departure from the federal guidelines sentencing range of 0 to 6 months, noting that this was a “rare” case and that Barratt “knowingly placed a law enforcement officer’s life in jeopardy” by her false statement.

Petraeus was a trusted member of the military and the CIA. And he turned over eight books worth of classified info to his biographer/mistress just because she asked. But because he's part of the administration's arbitrarily-selected "in crowd," and because he didn't embarrass the government as much as he embarrassed himself, he's facing a sentence of nearly nothing. His suggested punishment will have zero effect on his current position at a top equity firm and his life will suffer none of the disruptions Kiriakou and Drake experienced. He'll be $40,000 poorer -- and with "deterrents" like these being deployed -- none the wiser.

What's most disgusting about Petraeus' cakewalk of a proposed sentence is that he himself took a hypocritical hardline stance on leaking after Kiriakou's sentencing.

When John Kiriakou pled guilty on October 23, 2012 to crimes having to do with sharing a single covert officer’s identity just days before Petraeus would lie to the FBI about sharing, among other things, numerous covert officers’ identities with his mistress, Petraeus sent out a memo to the CIA stating,

"Oaths do matter, and there are indeed consequences for those who believe they are above the laws that protect our fellow officers and enable American intelligence agencies to operate with the requisite degree of secrecy."

Yeah. "Oaths matter." Except when you're the one uttering them, right? Apparently, a "requisite degree of secrecy" means stashing eight books full of classified info in an unlocked desk drawer and handing them out to your clandestine SO in hopes of keeping your knob biography as polished as possible.

This administration is severely hypocritical, but seemingly no more so than in its treatment of whistleblowers. There are those who will be persecuted and punished and those whose similar indiscretions will be waved away by government prosecutors. The problem is: you may not know which of these faces of the administration you'll be facing when you decide to start blowing the whistle. Chances are -- given this administration's track record -- it will be the vindictive, angry administration that continually hopes to "send a message" with each new whistleblower/leaker prosecuted.

Those on the inside of the military/industrial/surveillance supercomplex -- who leak under the name of "anonymous official" to aid filmmakers, deploy talking points or steer narratives -- will never see this side of the two-faced administration. Their leaks are more equal than others.

Arguments over whether internet connection metadata should be retained for law enforcement purposes are raging around the world, but nowhere more heatedly than in Australia, where a new law bringing in data retention is currently being rammed through parliament. This has provoked widespread criticism of the move as unnecessary, intrusive and ill thought-out. Defenses have been thinner on the ground, which makes this column in the Australian newspaper The Age particularly interesting. The author, David Wroe, seems to think that the problem is a failure to explain what's really going on here:

Plans to force telcos to keep people's phone and internet metadata for at least two years haven't been explained as thoroughly as they probably should, with the consequence that many Australians remain confused and vulnerable to excessive claims that their privacy is being trampled upon.

Well, it's certainly true that the Australian Attorney General George Brandis, who is responsible for bringing in the data retention law, was very confused when he was asked to explain metadata in a TV interview. But rather than dispelling that confusion by pointing to explanations of what metadata can do, Wroe simply makes the following claim:

A data retention regime of two years, with proper precautions around how that data it is accessed by authorities, is reasonable, proportionate and necessary.

No support is provided for that statement. That's not really surprising, because all the evidence we have is that data retention simply doesn't help. In Germany, for example, police records show that blanket data retention had no effect on crime statistics:

The national crime statistics recently published by Germany's Federal Crime Agency reveal that after the policy of blanket telecommunications data retention was discontinued in Germany due to a Constitutional Court ruling on 3 March, 2010, registered crime continued to decline (2007: 6,284,661; 2008: 6,114,128; 2009: 6,054,330; 2010: 5,933,278) and the crime clearance rate was the highest ever recorded (56,0%). Indiscriminate and blanket telecommunications data retention had no statistically relevant effect on crime or crime clearance trends.

In Denmark, police found that retaining huge quantities of internet connection data actually made things harder for them:

"Session logging has caused serious practical problems," the ministry's staffers write in the report. "The implementation of session logging proved to be unusable to the police; this became clear the first time they tried to use [the data] as part of a criminal investigation."

Leaving aside this inconvenient fact that there is no evidence that data retention helps, here's one of the author's arguments in its favor:

It is absurd to allow a situation in which police might need to establish whether one criminal suspect phoned or emailed another suspect last year only to find the telco has already wiped those records.

Not really: we don't expect DNA or fingerprints from the scene of a crime to be preserved years later. We hope they may be available soon afterwards, and in the same way there's no reason why the police might not ask ISPs to provide information about recent online activity of a suspect. But it is not reasonable to expect everything to be kept for years, just because it's possible -- not least because this allows the authorities to engage in fishing expeditions and thus apply the Cardinal Richelieu approach. There's also no reason why the police should not be required to obtain a warrant before doing so, despite what Wroe says:

Some have called for warrants to be required for accessing metadata. This would be too unwieldy.

Warrants have worked well enough in the past, so why discard them now in the digital field? Because they might put a brake on the routine use of stored metadata by the authorities? That's a feature, not a bug: it would help to ensure that its use were truly proportionate, unlike the system proposed by the Australian government. Here's another attempt to defend data retention:

Arguments that retention is pointless because ill-doers can use encryption programs to hide their identities, or because the regime won't capture overseas data – meaning Gmail, Hotmail and other US-based services are exempt – are silly. Nothing in a free society is foolproof; something is better than nothing.

But when that "something" is such a marginal improvement on nothing, and comes at such great cost -- both financially, in terms of the burden on ISPs and taxpayers, and socially, through the damage to the privacy and freedom of the public -- then it is hardly rational to proceed purely because it is "better than nothing," especially in the absence of any more compelling reasons.

As this indicates, the author's arguments in favor of data retention are weak; but what is most striking is his attack on those who defend their right to privacy, and dare to challenge the badly-planned rush to impose mass surveillance on Australians:

At the heart of the anti-retention argument is an attitude that everything to do with the internet should be free: free of charge, allowing unlimited downloading of pirated content, and free of responsibility, meaning that nothing we do on the web should be discoverable later on.

In other words, anyone against massive, disproportionate surveillance is probably just some kind of dirty copyright thief.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

With the abuses of asset forfeiture being loudly publicized, there has (finally) been some legislative pushback against these abusive programs. Wyoming's legislators -- hoping to institute asset forfeiture reform -- ran into pushback themselves from the state's governor, who vetoed the popular bill (which passed out of the Senate with an 80-9 vote) when it hit his desk.

Governor Matt Mead explained his reasons for doing so in a letter to the Senate president Phil Nicholas. According to Mead, he didn't agree that Wyoming has an asset forfeiture problem and saw no reason to curtail a program that is (supposedly) so effective in fighting the Drug War.

Now, while Wyoming hasn't made splashy headlines with bogus busts, it's more likely due to the limited population than better laws or better law enforcement. Mead's letter explaining his veto contains three examples he feels prove Wyoming is better-behaved than most when it comes to separating citizens from their possessions. But none of those are particularly persuasive.

One deals with $17,000 being returned after "procedural safeguards" were ignored. The other two simply assume the seizure of funds was completely justified, even though no corresponding conviction is noted in his explanation.

In one case, a car owner denied knowing whose $327,000 was found in his vehicle. Fully justified, of course, because as Mead explains, the seized funds were spent "to enforce drug laws." In the other case, $415,000 was found in a vehicle being carried on a semi trailer full of vehicles. This, too, was taken and the seizure fully justified because the money was obviously evil in and of itself. Here's Mead's actual sentence explaining what happened to these funds.

"The money was taken out of circulation so it could not be used for other illegal activity."

Stupid money. It's like it's a troubled teen in need of a grounding. "Don't let it out! It will probably just do illegal things!"

Not cited: the "illegal activity" prompting the seizure of the funds in either case.

The reform bill didn't ask for much -- just a conviction to go with every seizure -- but that was still too much for Mead, who still carries inside him the beating heart of a long-term prosecutor. To him, these means are perfectly acceptable because drugs are a problem. Case closed.

That's likely one of the factors playing into the deployment of his otherwise seldom-used veto power. This is the other: a meeting with the Wyoming Association of Sheriffs and Police Chiefs -- which occurred three days before the veto.

I enjoyed meeting w/ the WY Assoc.of Sheriffs & Chiefs of Police.Thanks for serving & protecting the citizens of WY. pic.twitter.com/TRzgXcMyru

— Governor Matt Mead (@GovMattMead) February 14, 2015

Beyond all that, Mead simply believes asset forfeiture is a law enforcement tool that simply cannot be questioned.

I believe civil asset forfeiture is important and it is right.

Too "right" to be even slightly curtailed by the addition of a small but logical stipulation: a conviction of the assets' owner before the assets can be claimed. Mead prefers the way it's been done for years: assets are presumed guilty, the burden of proof rests on those whose assets have been seized and anything not clearly associated with any criminal activity can still be repurposed to fight the Everlasting War on Drugs.

Wyoming may not have a history of forfeiture abuse, but it makes no sense not to head off a problem before it becomes one. Everything about its current program lends itself to abuse.

Wyoming has horrible civil forfeiture laws, with an F law grade. The state’s final grade is pulled up to a C only by limited use of equitable sharing (an evasion grade of A) to date. The government can seize and subsequently forfeit property with just probable cause that it is subject to forfeiture. This is the lowest standard, far easier for the government than proving criminal guilt beyond a reasonable doubt. A property owner who wishes to claim an innocent owner defense bears the burden of proof, effectively making owners guilty until proven innocent. All of the proceeds from civil forfeiture are distributed to the state Attorney General’s asset fund. In turn, those funds are used as matching funds for federal drug enforcement grants. Finally, although officials are required to collect information on the use of forfeiture, they did not respond to requests.

Gov. Mead's view of this program is rosy to the point of blindness. But that's the sort of thing we expect from career prosecutors who question very little if anything about the law enforcement under their purview and who wholeheartedly support strong drug enforcement tactics. Mead may not see any abuse occurring, but I get the feeling he's not looking too hard. Considering how low the bar is set in terms of burden of proof, you'd have to do some serious digging to find seizures not justified by this barely-there requirement. And, considering the funds flow into Mead's former office, I would imagine he's in no hurry to find anything that might threaten the state's revenue stream, or its attendant matching funds grants from the US government.

Researchers can program computers to play all kinds of games and even beat the best humans at them. So far, we're not worried about AI that can beat us at chess or Jeopardy, but maybe we'll be more worried when a computer can program another computer to play chess at a grandmaster level. Luckily, there's at least one billionaire willing to chip in a few million bucks to try to keep Terminators from destroying humanity.

• Google DeepMind has created software that can play old Atari games without humans teaching it how to play -- and the AI plays 22 out of 49 games better than expert human players. Those Atari games are more difficult than you might think, but it's not hard to imagine that humans will be no match for AI playing Pac-man in the near future. [url]
• A Civilization V match pitted 42 computer-controlled players against each other. It wasn't an endless match (sorry, no Wargames conclusion), and a winner of this "Battle Royale" emerged after 179 turns. [url]
• Flappy Bird is a pretty hard game for humans to play, but a robot can play it without getting tired or frustrated. It's not exactly a breakthrough in robotics, but this bot demonstrates a big difference in how computers play video games. [url]

If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.

Well, this is disappointing. Back in September, we were happy to see both Apple and Google announced that their mobile platforms would be encrypted by default (for local storage, not for data transmissions), which has kicked off something of a new round of Crypto Wars, as law enforcement types have shoved each other aside to spread as much possible FUD about the "dangers" of mobile encryption (ignoring that they also recommend mobile encryption to keep your data safe).

However, as Ars Technica reported earlier this week, it appears that while Google is encrypting by default on its own Nexus phones that have the latest Android (Lollipop), it slightly eased back the requirements for its OEM partners such as Motorola and Samsung who make their own devices. Default encryption is now "very strongly RECOMMENDED" rather than required. And even with that "very strong RECOMMENDATION," it appears that neither Samsung or Motorola are enabling default encryption on its latest devices.

While some will likely jump to the conclusion that law enforcement pressure is at work here, a much more likely explanation is just the performance drag created by encryption. Last fall, Anandtech did some benchmarking of the Nexus 6 both with encryption on and off, and as the site itself says, the results are "not pretty." Given the competitive market, there's a decent chance that the big phone manufacturers didn't want to get bad benchmark ratings when phones are compared, and those made the decision to go against the "very strong recommendation."

Hopefully this gets sorted out quickly, as phonemakers can optimize new phones for encryption. And, honestly, as the Anandtech report itself notes, these benchmarks are basically meaningless for real world performance:

The real question we have to ask is whether or not any of these storage benchmarks really matter on a mobile device. After all, the number of intensive storage I/O operations being done on smartphones and tablets is still relatively low, and some of the situations where NAND slowdowns are really going to have an effect can be offset by holding things in memory.

But, it appears, while mobile phone makers don't want to take the chance of bad benchmarks hurting their reputation, they're less concerned about leaving consumers' data exposed.

It's disappointing that this is where things are today, after so much focus on default encryption just a few months ago, but hopefully it's just a temporary situation and we'll get to default encryption very, very soon.