Some people are naturally skinny and able to eat almost anything they want without gaining weight. Obviously, there are also plenty of folks who need to watch their diets very carefully and exercise regularly to prevent unhealthy weight gain. The causes for obesity are not well understood, and while many observers like to say it's obvious that people need to expend more calories than they consume, the challenge of doing so isn't as simple as it sounds for many. There aren't any miracle diets or drugs, but as we study obesity and understand it more, there could be more palatable treatments someday.

• Mitochondrial genetics could explain metabolic changes with age and with different environmental conditions. Large scale studies of mitochondrial changes in city populations are just beginning, and researchers will try to make sense of how cell genetics influence health. [url]
• A rare chromosomal abnormality can cause Prader-­Willi syndrome -- a condition that can be fatal and cruel because its victims can literally eat to death. People with this condition have no sensation of satiety, so they can eat until their stomachs rupture. [url]
• There's evidence to support the idea that intestinal microbes correlate with obesity. A fecal transplant from an overweight daughter to a mother suffering from an intestinal infection resulted in the infection going away -- but also a weight gain problem for the mother that previously didn't exist. [url]

If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.

Show of hands: who remembers the North Face vs. South Butt saga? Ah, yes, the trademark battle built perfectly for those of us with a sophomoric sense of humor, fully entertained us three years ago, when an upstart clothier attempted to be funny and the humorless lawyers at North Face cried consumer confusion. While the claim of confusion was as laughable as the rest of the story, the court proceedings saw South Butt agree to change its brand name. Which it did...to Butt Face, because why the hell not? South Butt/Butt Face, after all, was pimping its own publicity by streisanding its way through court proceedings, all thanks to North Face refusing to put down the litigation stick.

Perhaps snowboarder Casey Sherr was taking notes at the time for his eventual release in 2013 of his Ass Armor clothing company, which of course has Under Armour's shorts in a twist.

The Ft. Lauderdale company faces a trademark infringement lawsuit from Under Armour — and plans to fight. The $3 billion Baltimore athletic apparel maker also accused the snowboard shorts maker of unfair competition and cybersquatting for using the name Ass Armor and a tagline that could be confused with Under Armour's. The defendant copies Under Armour by using similar lettering and putting the Ass Armor name along the shorts' waistband, the lawsuit says.

"Making matters worse, similar to Under Armour's well-known and widely promoted Protect This House tagline mark, defendants use, advertise and promote their Ass Armor mark, name and products… in connection with the Protect Your Assets tagline," says the lawsuit, filed last month in U.S. District Court in Maryland.

Could the well-known Under Armour brand and imagery be somehow confused with Ass Armor and its logo?

Frankly, it stretches credulity to believe that such confusion is likely. More likely this is simply the latest in a long line of battles Under Armour's legal team has staged for itself, having previously gone after Skechers, Salt Armour Inc., and others. Much like the South Butt case, it's woefully likely that all the courts will see is the obvious play on some of the more generic aspects of Under Armour's marks rather than actually weighing any real concerns over customer confusion.

What's clear is that trademark wasn't designed to keep this kind of stuff tied up in court battles like this. Unlike South Butt, Ass Armor appears to be willing to fight the battle.

"We strongly believe the lawsuit filed by Under Armour has no merit," said Scherr, president of the company that makes only the padded shorts, in an email Thursday. "Ass Armor has spent months fighting with Under Armour in front of the Trademark Trial and Appeal Board and then, without notice, Under Armour filed this matter in federal court. We believe this is a classic David and Goliath battle. As David, we intend to fight."

Protecting its assets is part of the Ass Armor way, after all.

As Mike pointed out recently, thanks to Snowden (and possibly other sources), we now know the NSA, with some help from GCHQ, has subverted just about every kind of digital electronic device where it is useful to do so -- the latest being hard drives and mobile phones. That's profoundly shocking when you consider what most non-paranoid observers thought the situation was as recently as a couple of years ago. However, given that's how things stand, there are a couple of interesting ramifications.

First, that the recent attempts by politicians to demonize strong encryption look like an attempt to cover up the fact that most digital systems are already vulnerable using one or more of the techniques that have been revealed over the last year or two. That is, the NSA and GCHQ can probably access most digital content stored or transmitted in any way -- either because the encryption itself or the end-points have been compromised. Even standalone strong encryption systems like PGP -- thought still to be immune to direct attacks -- can be circumvented by breaking into the systems on which they are used.

Perhaps the dark hints that encryption could be banned or backdoored are simply part of a cynical ploy to present such an appalling vision of what could happen, that we gladly accept anything less extreme without complaint. In fact, the authorities have no intention of attempting anything so stupid -- it would put all online business at risk -- because they don't need to: they already have methods to access everything anyway.

That being the case, there is another important question. If the NSA and other parties do have ways of turning practically every digital electronic device into a system for spying on its users, that essentially means there is no criminal organization in the world -- ranging from the so-called "terrorist" ones that are used to justify so much bad policy currently, to the "traditional" ones that represent the bulk of the real threat to society -- that is not vulnerable to being infiltrated and subverted by government agencies.

And yet we don't see this happen. Drug cartels thrive; people trafficking is surging; the smuggling of ivory and endangered animals is profitable as never before. Similarly, despite the constant and sophisticated monitoring of events across the Middle East, the rise of Islamic State evidently took the US and its allies completely by surprise. How is it that global criminality has not been brought to its knees, or that such massive geopolitical developments were not picked up well in advance -- and nipped in the bud?

One obvious explanation for this pattern is that just as the attackers of London, Boston, Paris and Copenhagen were all known to the authorities, so early tell-tale signs of the rise of Islamic State were detected, but remained drowned out by the sheer volume of similar and confounding information that was being gathered. Similarly, it is presumably easy to create huge stores of information on drug bosses or people smugglers -- but hard to find enough personnel to analyze and act on that data mountain.

Now that we have a better idea of the extraordinary reach of the global surveillance being carried out at all times, the failure of that activity to make us safer by countering criminal activity, at whatever scale, becomes all the more striking. It's time the intelligence agencies accepted that the "collect it all" approach is not just failing, but actually exactly wrong: what we need is not more surveillance, but much less of it and much better targeted.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

There are way too many stories of Paypal unfairly and ridiculously cutting off services that rely on it as a payment mechanism, but here's yet another one. Mega, the cloud storage provider that is perhaps well-known for being Kim Dotcom's "comeback" act after the US government shut down Megaupload, has had its Paypal account cut off. The company claims that Paypal was pressured by Visa and Mastercard to cut it off:

Visa and MasterCard then pressured PayPal to cease providing payment services to MEGA.

MEGA provided extensive statistics and other evidence showing that MEGA's business is legitimate and legally compliant. After discussions that appeared to satisfy PayPal’s queries, MEGA authorised PayPal to share that material with Visa and MasterCard. Eventually PayPal made a non-negotiable decision to immediately terminate services to MEGA. PayPal has apologised for this situation and confirmed that MEGA management are upstanding and acting in good faith. PayPal acknowledged that the business is legitimate, but advised that a key concern was that MEGA has a unique model with its end-to-end encryption which leads to “unknowability of what is on the platform”.

MEGA has demonstrated that it is as compliant with its legal obligations as USA cloud storage services operated by Google, Microsoft, Apple, Dropbox, Box, Spideroak etc, but PayPal has advised that MEGA's "unique encryption model" presents an insurmountable difficulty.

That last line is particularly bizarre, given that if anyone recognizes the value of encryption it should be a freaking payments company. And, of course, Paypal can't know what's stored on any of those other platforms, so why is it being pressured to cut off Mega?

Mega's theory -- which is mostly reasonable -- is that because Mega was mistakenly listed in a report released by the "Digital Citizens Alliance" that insisted Mega was a rogue cyberlocker storing infringing content, that payment companies were told to cut it off. If true, this is problematic on multiple levels. The methodology of the report was absolutely ridiculous. Because most Mega files are stored privately (like any Dropbox or Box or Google Drive account), the researchers at NetNames have no idea what's actually being stored there or if it's being done perfectly legitimately. Instead, they found a few links to infringing works, and then extrapolated. That's just bad research practices.

Furthermore, the Digital Citizens Alliance is hardly an unbiased third party. It's an MPAA front group that was the key force in the MPAA's (now revealed) secret plan to have states attorneys general attack Google. Think the MPAA has reasons to try to go after any potential revenue source for Kim Dotcom? Remember, taking down Megaupload and winning in court against Dotcom was a key focus of the company since 2010 or so, and Dotcom recently noted that he's out of money and pleading with the court to release some of the funds seized by the government to continue to fight his case. The lawyers who represented him all along quit late last year when he ran out of money. It seems like the MPAA might have ulterior motives in naming Mega to that list, don't you think?

And, this all goes back to this dangerous effort by the White House a few years ago to set up these "voluntary agreements" in which payment companies would agree to cut off service to sites that the entertainment industry declared "bad." There's no due process. There's no adjudication. There's just one industry getting to declare websites it doesn't like as "bad" and all payment companies refusing to serve it. This seems like a pretty big problem.

Yesterday evening I saw a tweet zip by in which some very smart people I know and respect appeared to be arguing about the color of a dress. It seemed like a weird thing, so I went and looked and saw what appeared to be a white and gold dress. No big deal. But, other people insisted that it was blue and black. Vehemently. At first I thought it was a joke. Or an optical illusion. Or maybe it depended on your monitor. But I called over a colleague here in the office, and she swore that it was blue and black. And I was 100% sure that it was white and gold. If you somehow live under a rock, here's the image: We now know the "truth" (sort of) -- which is that the dress itself really is blue and black, but thanks to the lighting and some odd visual tricks it appears white and gold to a large part of the population. For what it's worth, many people report that after a period of time it switches, and that's true for me too. Late last night I took one last look (after everyone else in my family swore that it was blue and black) and I saw it blue and black. Amusingly, at almost exactly the same time, my wife suddenly saw it as white and gold. My mother-in-law suggested we both need to seek mental help. There are fights like this going on all over the internet, with lots of people trying to decipher why this image seems to work this way. So why are we writing about it here? Because it's Fair Use Week, and what a great fair use story.

This image isn't just being showed everywhere, it's being modified, flipped, adjusted, poked and prodded as people discuss it in all sorts of ways (comment and criticism). And it's all fair use. Take, for example, our own Leigh Beadon, who put forth on Twitter a theory about why different people see it in different ways:

I think the dress is all about sensitivity to blue. pic.twitter.com/rnWD473AQ8

— Leigh Beadon (@marcuscarab) February 27, 2015

In our internal chat, he was also submitting additional images as he played with the image. Take, for example, this one, where he played with the brightness levels:

Ok, thanks to @marcuscarab for min & maxing the brightness. I still see both as white and gold, but... pic.twitter.com/pRIiTJn5yK

— Mike Masnick (@mmasnick) February 27, 2015

And tons of others have weighed in as well. Even software maker Adobe got into the discussion:

For those seeing #WhiteandGold in #TheDress (http://t.co/pNG9tXu5pU), @HopeTaylorPhoto ends the debate. pic.twitter.com/W7TwQJy13m

— Adobe (@Adobe) February 27, 2015

" And someone else posted a helpful video modifying it:

MT @hopetaylorphoto: #TheDress problem has been solved s/o to @Adobe and @Lightroom: pic.twitter.com/y4nzLeI2PN

— Adobe (@Adobe) February 27, 2015

Vice has an amazing story in which they present the image to a color vision expert who is so stumped he admits he may give up trying to cure blindness to devote the rest of his life to understanding the dress. The folks over at Vox both insist that the color changing can't be explained and that it can be (journalism!). The folks at Deadspin say you're all wrong and the dress is actually blue and brown. Almost all of these are using not just versions of the image, but modified ones as well, to try to demonstrate what they're talking about.

And there's been no talk about copyright. Because we don't need to be discussing copyright, because this is all fair use. Last night, some were pointing out that this was such an "internet" story that it's great that it came out on the same day the FCC voted for net neutrality, but I say it's an even better way to close out fair use week, with a great demonstration of why fair use matters.

Earlier this week, we wrote about a really dumb move by Google to effectively kick out all of the bloggers who use its blogger platform to post "adult" content -- either text or images. Google gave such bloggers just 30 days to find a new home before it would make all their blogs private. It insisted that, going forward, the content police at Google would determine what photographs were "artistic" and allowed, and which were "dirty" and not allowed. As we noted, this move seemed particularly tone deaf and problematic, and could lead to other problems for Google. And a lot of other people agreed.

And... just like that, Google appears to have reversed course. Over in its product forums, someone from the Blogger Team announced that they had realized they already had policies they could enforce and didn't need to implement these new rules:

This week, we announced a change to Blogger’s porn policy. We’ve had a ton of feedback, in particular about the introduction of a retroactive change (some people have had accounts for 10+ years), but also about the negative impact on individuals who post sexually explicit content to express their identities. So rather than implement this change, we’ve decided to step up enforcement around our existing policy prohibiting commercial porn.

Blog owners should continue to mark any blogs containing sexually explicit content as “adult” so that they can be placed behind an “adult content” warning page.

Bloggers whose content is consistent with this and other policies do not need to make any changes to their blogs.

Thank you for your continued feedback.

So, kudos to Google for at least hearing the feedback and rolling back the change -- though it's still unfortunate that it even had to come to that in the first place. It seems likely that many of those bloggers may go looking for alternate hosting anyway.

A few weeks ago, after it was more or less confirmed that the FCC was going forward with full Title II reclassification of broadband, we noted that the stocks of the big broadband companies actually went up suggesting that Wall Street actually knows that reclassification won't really impact broadband companies, despite what they've been saying publicly. Perhaps this is partly because those same companies have been telling Wall Street that the rule change won't have an impact.

However, for the Wall Street Journal -- which has become weirdly, obsessively, anti-net neutrality -- this is an abomination. The newspaper has spent months trying to whip everyone into a frenzy about how evil net neutrality is, using some of the most blatantly wrong arguments around. Just a few days ago, the WSJ turned to its former publisher, now columnist, L. Gordon Crovitz to spread as much misinformation as possible. This is the same L. Gordon Crovitz who a few years ago wrote such a ridiculously wrong article on the history of the internet that basically everyone shoved each other aside to detail how he mangled the history. He, bizarrely, insisted that the government had no role in the creation of the internet. Crovitz also has a history of being wrong (and woefully uninformed) about surveillance and encryption. It's difficult to understand why the WSJ allows him to continue writing pieces that are so frequently factually challenged.

In this latest piece, Crovitz suggests that Ted Cruz didn't go far enough in comparing Obamacare to net neutrality, arguing that net neutrality is even "worse."

The permissionless Internet, which allows anyone to introduce a website, app or device without government review, ends this week.

Um, no, actually, the reverse. The rules say that no website or app needs to get permission. The government isn't going to be reviewing anything, other than anti-consumer practices by the large ISPs.

Bureaucrats can review the fairness of Google's search results, Facebook's news feeds and news sites' links to one another and to advertisers. BlackBerry is already lobbying the FCC to force Apple and Netflix to offer apps for BlackBerry’s unpopular phones. Bureaucrats will oversee peering, content-delivery networks and other parts of the interconnected network that enables everything from Netflix and YouTube to security drones and online surgery.

None of this is true. The BlackBerry thing isn't real. It's a stupid political stunt cooked up by the telcos to try to make the new rules look bad. But the rules do not, in any way, apply to Google's search results or Facebook's news feed or any other content online. It covers internet access services, and all it does is put in place some straightforward rules against discrimination.

Still, all this fear mongering isn't working. Following yesterday's decision by the FCC, the folks over at Quartz noticed that the big broadband stocks have actually had a pretty damn good month: Which brings us back around to the Wall Street Journal. The paper of record for Wall Street, which normally likes to suggest that markets are "right" about everything, is absolutely positive that the markets are wrong about this. And it's furious. It has an article demanding that broadband investors need to "wake up" to what's happening with net neutrality:

Investors actually seemed to breathe a sigh of relief when FCC Chairman Tom Wheeler unveiled his proposal on Feb. 4, sending cable stocks higher. Investors were cheering the chairman’s assurance that the commission wouldn’t invoke the Title II power to regulate prices.

But investors, beware: Broadband’s new status opens the door to the possibility of a future that is far less lucrative and more uncertain for the companies that provide it.

Bullshit. Frankly, things can always change in the future, in either direction, so claiming that things might change is meaningless FUD. At the end of the article, the WSJ pretends that maybe the reason why stocks are up is because investors expect that the broadband players will win an eventual court battle, but that seems like wishful thinking on multiple levels. Let's go with Occam's Razor on this one. The market is up because everyone knows that Title II won't make a huge difference at all for the prospects of broadband companies. Multiple Wall St. analysts have been saying this for months, as have the big broadband companies to the analysts themselves.

The Wall Street Journal should take a page from its own playbook: maybe the markets do know best.

While sexy Google Fiber deployments get the lion's share of media attention these days, it's the notably less sexy service in states like West Virginia that continue to perfectly exemplify just how broken U.S. broadband really is. Local Charleston Gazette reporter Eric Eyre has quietly done an amazing job the last few years chronicling West Virginia's immense broadband dysfunction, from the State's use of broadband stimulus subsidies on unused, overpowered routers and overpaid, redundant consultants, to state leaders' attempts to bury reports highlighting how a cozy relationship with companies like Frontier, Verizon and Cisco has led to what can only be explained as systemic, statewide fraud on the taxpayer dime.

It's of course the one-two punch of regulatory capture and the resulting lack of competition that are to thank for West Virginia's problems, which certainly aren't unique across the country. In state after state, the largest, incumbent ISPs throw cash at the state legislative process, allowing them to literally write state telecom law aimed at protecting their uncompetitive geographical fiefdoms from real competition. Because the nation's suffering through a particularly nasty bout of partisan nitwit disease, when someone tries to do something about it, they're ironically assailed as anti-business, anti-American, or anti-states' rights.

I tend to focus on West Virginia as a shining example of this dysfunction because things have gotten so bad there, local players have stopped even the slightest pretense that the entire legislative process isn't under the thumb of the country's biggest and wealthiest telecom companies. Case in point is this latest report by Eyre citing complaints by West Virginia Delegate Randy Smith, who says things have reached the point where nobody, from any party, can get a bill through the West Virginia legislative process if it doesn't first get approval from Frontier Communications. From a recent post to his Facebook page:

"As you know, Frontier Communications is the only game in town for many rural communities in West Virginia when it comes to Internet service. After introducing the legislation, I spoke with someone in leadership and was told it'd go nowhere because it would hurt Frontier. In other words, Frontier has its hands in our state Capitol...No wonder they're called Frontier. Those are the kinds of speeds you'd expect on the American frontier in the 17th century."

What reckless, dangerous bills was Smith trying to pass? One would have restricted ISPs from advertising their service as "broadband" unless it offered speeds of 10 Mbps (the FCC's new definition is already 25 Mbps, or 10 Mbps for rural subsidized service). Another would have allowed consumers to take complaints about poor broadband service directly to State Attorney General Patrick Morrisey -- if the state Public Service Commission refused to hear their complaints. But because both would have marginally threatened Frontier's monopoly in the State, they weren't even seriously considered. Frontier's facing a lawsuit in the state for long repair delays and for advertising broadband speeds users can't actually get.

Again, West Virginia's certainly not unique; the ISP stranglehold over the state legislative process just tends to be more sophisticated and better obfuscated in larger States. Regardless of the state, attempts at reform are usually assailed by those professing to adore free markets, when more often than not what they really adore is being able to abuse government to help protect mono/duopoly revenues. That's why, although it was massively overshadowed by the net neutrality vote the same day, yesterday's FCC vote to begin gutting protectionist, ISP-written state laws is an incredibly important first step toward returning some degree of power back to local communities while taking the fight directly to the bloated and corrupt broadband industry status quo.

For many years, it's been something of an open question if creating a major security or privacy vulnerability was illegal. For the most part, courts have ruled that without actual proven harm, it's difficult to show real standing for the sake of a civil lawsuit. In practical terms, this has meant that if you just introduce a massive security risk, without it directly being abused (in a way that people know about), a company's liability is fairly limited. Obviously, that could change quickly if there was an actual abuse. Not surprisingly, class action law firms still love to file these kinds of lawsuits after a major privacy/security breach just in case. So it was totally expected to see a class action firm jump in and sue Lenovo over the Superfish malware that we've been discussing for the past few days.

The folks over at CDT, however, have a very good discussion over whether or not enabling such HTTPS hijacking really is illegal. The article compares the Superfish story to the other recent story about in-flight Wi-Fi provider GoGo doing something similar, and explores whether or not these man-in-the-middle attacks run afoul of Section 5 of the FTC Act, which is the broad rules under which the FTC "protects consumers." The rules basically say companies cannot do things that are "deceptive" or "unfair," but the definitions of both of those words matters quite a bit.

Here's the exploration of whether this kind of man-in-the-middle attack is "deceptive":

At a technical level, these SSL-breaking technologies trick your browser by forging SSL certificates, implying that their service operates encrypted websites like YouTube.com and BankofAmerica.com. In fact, instead of passing encrypted traffic on to the appropriate destination, these technologies enact the previously described “man-in-the-middle attack,” gaining access to potentially sensitive information that should rightly be kept between you and, for example, your bank or health care provider. Though these practices do not directly deceive the end user, they do effectively deceive the user’s software that acts as a “user agent.”  It’s not settled that this is prohibited by deceptive practices authority; in the past, the FTC has been reluctant to pursue deceptive practices cases merely on the grounds of tricking a browser: the FTC declined to pursue companies that issued bogus machine-readable P3P policies to get around Internet Explorer privacy restrictions or against companies that evaded Apple Safari’s default cookie settings in order to place third party cookies.^[3] On the other hand, six state Attorneys General did bring a deceptive practices claim under their own version of Section 5 against companies that tricked Safari browsers into accepting third-party cookies.

Alternatively, the FTC could argue that failure to disclose that encrypted transmissions were being intercepted constituted a material omission — that is, failure to explain the practice would be a deceptive means to prevent a consumer from meaningfully evaluating the product. The FTC has brought a number of cases arguing that failure to disclose highly invasive or controversial practices either in a privacy policy or in clear, upfront language could constitute a deceptive practice.  For instance, the FTC has found that failure to disclose access to your phone’s contact information or precise geolocation could constitute a material omission.

From what I can tell, neither Gogo nor Lenovo went out of their way to tell users about these practices. If anything, Gogo’s privacy policy would lead users to think that their SSL-protected communications were safe from eavesdropping.

For Lenovo, a post to one of its user forums says that users had to agree to the Superfish privacy policy and terms of service. I don’t know what these documents said exactly, though the Superfish documents available on their website say nothing about these practices.  Even if Lenovo had disclosed in fine print what it does, regulators could make the case that SSL interception was so controversial that permission needed to be obtained outside of a boilerplate legal agreement. A service could certainly try to make a value proposition to consumers that some feature was worth the cost of breaking web encryption – but that’s not what happened here.

What about the question of "unfair"? Apparently, the FTC prefers to use "unfair" in the cases it brings, rather than deceptive, so that is the more likely option.

In order to be “unfair” under Section 5, a business practice has to meet three criteria – it must:

1. Cause significant consumer harm,
2. Not be reasonably avoidable by consumers, and
3. Not be offset by countervailing benefits to consumers.

If breaking encryption exposes consumers to significant security vulnerabilities, regulators will likely have a very strong case for an unfairness violation.

On causing significant harm, this seems fairly straightforward in Lenovo’s case: its partner Superfish configured its software to intercept all SSL requests — using the same decryption key across all devices. This key was easily reverse engineered soon after the story broke, meaning that any malicious attacker could use this key to intercept any encrypted communication. That’s a huge security vulnerability, and at least as concerning as several other vulnerabilities that the FTC has previously alleged to have harmed consumers. Gogo’s SSL interception also raised security concerns — it arguably inures users to security warnings and exposes them to attackers posing as Gogo’s network — but the risk is probably not as great as in the Lenovo case. The FTC has brought actions against device manufacturers in the past for weakening security; in its case against phone manufacturer HTC, the FTC alleged that badly designed software that let app developers piggyback on HTC’s access to certain phone functionality without user permission was an unfair business practice.

On the second part of the unfairness test, it’s hard to argue how these practices are avoidable by ordinary consumers. They may have clicked though legalistic agreements, but as far as we can tell, none of these documents made any disclosure about these sorts of tactics — or the vulnerabilities to which they exposed consumers. Certainly, neither Gogo nor Lenovo presented information outside of a legal document where consumers were likely to notice. As a result, consumers weren’t provided with actionable information that they could have used to avoid these problems.

Finally, it’s hard to see that the security vulnerabilities introduced by SSL-interception were outweighed by any benefits to the practice. Gogo used this tactic to block bandwidth-heavy video applications on planes with limited internet access — a worthy goal, but one better accomplished through less destructive means. Lenovo allowed its partner to break encryption in order to view private communications for targeted advertising.  It is doubtful that many consumers would find this trade-off beneficial, even if it lowered prices significantly; in any event, Lenovo claims that they didn’t make much money from its deal with Superfish, and the pre-installed adware was simply designed to improve the user experience. Since exposure of these practices, both companies have backtracked and ended use of the encryption-breaking technologies.

But there's a much bigger question: will the FTC actually bother? The fact that Lenovo reacted pretty quickly to this mess probably suggests that the FTC may not bother. Yes, Lenovo's initial reaction wasn't great, but it did change its tune within less than 48 hours, and has been pretty vocal and active in apologizing and fixing things since then. That may be enough reason for the FTC to think it's not necessary to go after the company. Of course, it may feel differently about Superfish itself -- since that company still denies there's any problem and basically refuses to admit its role in this whole mess. It's still standing by its bogus statement that it did nothing wrong and claiming that Lenovo will clear things up -- even as Lenovo has clearly said otherwise.

The NSA continues to "save" the United States from terrorism by making it weaker. Not only has the agency actively undermined encryption standards, but its willingness to insert backdoors and spyware in any piece of hardware or software it can get its hands on has severely damaged the world's trust of American technology.

Cloud computing providers have already felt the aftershocks of the Snowden leaks. An Open Technology Institute report published a year after the first revelation noted that many had already seen a drop-off in sales and predicted that the backlash against the NSA's surveillance tactics could cost companies anywhere from $22-180 billion over the next three years.

Hardware makers are getting hit hard as well. One of the largest buyers of American tech products has dropped some very big brands from its approved supplier list.

China has dropped some of the world's leading technology brands from its approved state purchase lists, while approving thousands more locally made products, in what some say is a response to revelations of widespread Western cybersurveillance.

Chief casualty is U.S. network equipment maker Cisco Systems Inc, which in 2012 counted 60 products on the Central Government Procurement Center's (CGPC) list, but by late 2014 had none, a Reuters analysis of official data shows.

Smartphone and PC maker Apple Inc has also been dropped over the period, along with Intel Corp's security software firm McAfee and network and server software firm Citrix Systems.

It's certainly no surprise that Cisco would be one of the first dropped by foreign purchasers wary of NSA meddling. A leaked document detailing the agency's hardware interdiction program contained a photo of operatives carefully unwrapping a box full of hardware destined for NSA spyware implants. While the faces of the agents may have been blurred, the logo on the box was not. As the story spread across the internet, one conclusion was drawn: Cisco products are not "safe."

The fact that foreign hardware may arrive loaded with spyware and backdoors isn't the only thing prompting the Chinese government to drop nearly half of its overseas security-related tech suppliers. There's also the ongoing tension between the US and China, which has devolved into each country accusing the other of inserting backdoors into exported tech. It appears both sets of accusations are correct, but for years it was largely assumed that China was mostly alone in these efforts.

China also has a domestic market it would like to expand, which will now get a leg up from the government. As it eyes an increased exports, it is likely aware that many foreign governments and other potential purchasers consider its exports no more "secure" than NSA-infected tech shipping from the US. Purchasers will find themselves taking the "lesser of two evils" approach when seeking to obtain tech products -- something that won't always work out in favor of American companies.

Cisco has openly stated that "geopolitical concerns" -- like the NSA's interception of its products destined for foreign markets -- have led to a downturn in sales. Other affected companies like Intel have yet to issue official statements detailing any NSA-related impact on their sales, but it's clear the last 18 months of leaks have done little to raise their future expectations. OTI's wide-open estimate on potential losses will probably never achieve sharper focus. It's unlikely former customers are going to clearly state that unrenewed contracts or supplier list culls are due to the NSA's actions, but surveys have indicated this concern does factor heavily into purchasing decisions.

The leaks aren't going to stop, and what is already in the public domain will continue to take its toll. Just as certainly, the NSA isn't going to stop looking for ways to circumvent encryption or compromise hardware. At this point, there's no way any company can claim with certainty that they have avoided becoming part of any government's intelligence apparatus -- and that's going to hurt them for years to come.