Here's how you can become a terrorist without actually participating in anything terror-related. Just hang out in the UK with locked devices until law enforcement develops an interest in you.

A director of a Muslim advocacy group has been convicted of failing to hand over passwords for an iPhone and a laptop, which he said contained sensitive information from a torture victim.

Muhammad Rabbani, 36, from London, was found guilty but walked free after being handed a 12-month conditional discharge at Westminster magistrates' court on Monday. He was ordered to pay £600 in costs.

The police may have failed to sweat passwords out of Rabbani during last November's three-hour detention, but they were instrumental in getting him charged under the UK's terrorism laws. Rabbani will be serving the UK equivalent of a suspended sentence. No jail unless "further violations" occur. This means all police have to do is stop him somewhere else and demand his passwords. Any refusal to do so will be a violation of his conditional discharge.

Unlike the US, there's no question of potential rights violations to be resolved. The UK's anti-terror laws enable this sort of law enforcement behavior. Rabbani said he had sensitive information on his devices he didn't feel comfortable sharing with police, especially when they had little reason to suspect him of being up to anything terroristic.

Rabbani is apparently investigating a torture case linked to the US, involving a citizen in one of the Brown Countries (a.k.a., a Gulf state). His trips back and forth have been greeted with much consternation and demands for device passwords. But it wasn't until last November UK law enforcement finally decided to move ahead with charges.

The court handing down the sentence was almost apologetic.

In sentencing, senior district judge Emma Arbuthnot said she believed Rabbani was protecting sensitive information but was bound by the law to find him guilty.

This is why bad bills should never be made law. They force people -- like judges -- to sentence someone for the crime of being uncooperative. Testimony during the case didn't clear anything up. The officer who performed the attempted search and actual arrest wouldn't say whether he was acting on specific information about Rabbani, or simply hassling someone UK police had hassled several times before without feeling the need to turn it into a terrorism case.

Passwords/pins are a foregone conclusion in the UK if the court can be convinced law enforcement demands were somehow related to national security. That's how the 2000 terrorism law was designed. And with Rabbani, we're being shown how it works.

Back in March of this year, Techdirt wrote about ResearchGate, a site that allows its members to upload and share academic papers. Although the site says it is the responsibility of the uploaders to make sure that they have the necessary rights to post and share material, it's clear that millions of articles on ResearchGate are unauthorized copies according to the restrictive agreements that publishers typically impose on their authors. As we wrote back then, it was interesting that academic publishers were fine with that, but not with Sci-Hub posting and sharing more or less the same number of unauthorized papers.

Somewhat belatedly, the International Association of Scientific Technical and Medical Publishers (STM) has now announced that it is not fine with authors sharing copies of their own papers on ResearchGate without asking permission. In a letter to the site from its lawyers (pdf), the STM is proposing what it calls "a sustainable way to grow and to continue the important role you play in the research ecosystem". Here's what it wants ResearchGate ("RG") to do:

RG's users could continue "claiming”, i.e. agreeing to make public or uploading documents in the way they may have become accustomed to with RG's site. An automated system, utilizing existing technologies and ready to be implemented by STM members, would indicate if the version of the article could be shared publicly or privately. If publicly, then the content could be posted widely. If privately, then the article would remain available only to the co-authors or other private research groups consistent with the STM Voluntary Principles. In addition, a message could be sent to the author showing how to obtain rights to post the article more widely. This system could be implemented within 30-60 days and could then handle this "processing" well within 24 hours.

In other words, an upload filter, of exactly the kind proposed by the European Commission in its new Copyright Directive. There appears to be a concerted push by the copyright industry to bring in upload filters where it can, either through legislation, as in the EU, or through "voluntary" agreements, as with ResearchGate. Although the lawyer's letter is couched in the politest terms, it leaves no doubt that if ResearchGate refuses to implement STM's helpful suggestion, things might become less pleasant. It concludes:

On behalf of STM, I urge you therefore to consider this proposal. If you fail to accede to this proposal by 22 September 2017, then STM will be leaving the path open for its individual members to follow up with you separately, whether individually or in groups sharing a similar interest and approach, as they may see fit.

What this latest move shows is that publishers aren't prepared to allow academics to share even their own papers without permission. It underlines that, along with fat profits, what the industry is most concerned about in this struggle is control. Academic publishers will graciously allow ResearchGate to exist, but only if they are recognized unequivocally as the gatekeeper.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

So, you've probably heard stories in the past about the fear some trademark lawyers have about "genericide" -- where their product's name becomes so attached to the product that it's considered generic and the trademark no longer applies? Think kleenex and xerox for example. We've found, over the years, that people get a bit too worked up about this, leading trademark lawyers to make some really dumb demands along the way to try to "prevent" what is generally impossible to actually prevent. We also often see people claim (falsely) that this means companies are required to stop any and all uses of their mark, even when not infringing (or, even worse, seeing people falsely claiming that the same thing applies to copyright). Either way, the company Velcro has taken... well... quite a unique approach to the fact that everyone calls their most famous product "velcro" -- even when made by competitors. They made an absolutely hilarious "We are the World"-style video begging you not to call it Velcro and telling you, in no uncertain terms, that they it's "fucking hook & loop." Really.

When I first saw it, I thought it was a John Oliver or SNL-style parody video, but nope. It's real. It's on Velcro's official YouTube feed, and they even have a behind the scenes "making of" video to explain how the video was made and how it came about (including the fact that two actual Velcro lawyers are in the video).

Of course, they insist they're doing this to get people talking about the importance of calling it "hook and loop" though I think at best, it will just get people talking about how incredibly dumb trademark law has become, where this kind of thing is seen as necessary. The only people who will now start calling it "hook and loop" are likely to be people doing it ironically. In which case, they may go with the longer "this is fucking hook and loop," as the song suggests. But, as the song itself suggests, it's totally ridiculous that the company has to do this to try to get you to stop saying the brand name that the company spent "60 plus years" building. The song also jokingly references other genericized brands, such as Clorox, Band-Aid and Rollerblades.

Thankfully, they don't seem to get the finer points of the law really wrong in the song -- noting that the patent on velcro expired 40 years ago, and if everyone calls everything similar velcro, the company might "lose our circle R." Of course, they leave out the fact that if they lose the trademark... it's actually probably not that big a deal. People will still call all similar products velcro, but Velcro-brand velcro will almost certainly still be able to charge a premium, since people will recognize the brand name.

And that's really what highlights how dumb all of this is. Even if you lose the trademark to genericide, that doesn't mean the company packs up and moves on. It just shows how much the brand itself has resonated, and companies have lots of ways to continue to capitalize on that brand, even without the registered trademark. So, while I can always get behind hilarious videos concerning oddities in trademark, copyright or patent law, this video seems like a much better lesson in the stupidity of trademark law (and how much lawyers overreact to the fear of genericide) than any legitimate argument against calling someone else's velcro-like fastner "velcro."

A few weeks ago, we noted that Judge Rodney Gilstrap, a judge in East Texas who is infamous for handling approximately 25% of all patent cases in the entire country, appeared to be ignoring the Supreme Court in an effort to keep all those patent cases in his own docket. You see, earlier this year, in an important case, the Supreme Court said that the proper venue for a patent lawsuit to be brought should be where the defendant "resides" rather than just wherever they "do business." Previously, patent trolls had said that the lawsuits could be brought wherever a company did business -- which, with internet firms, meant anywhere -- allowing them to file in their favorite court in East Texas. The Supreme Court said "that's not what the law says."

But Gilstrap tried, somewhat creatively, to twist himself around those rules, by arguing that all sorts of other factors could be used to determine "residence" -- basically including (again) if you had any connection to that jurisdiction at all -- and thus continue to allow East Texas to be an acceptable venue. We listed out those factors in the earlier post, but don't need to do so again, because the Court of Appeals for the Federal Circuit has already weighed in and said "nope, that's not how it works."

The ruling is pretty straightforward. Basically, it says "when we say a defendant has to reside in that venue, we mean it."

As discussed in greater detail below, our analysis of the case law and statute reveal three general requirements relevant to the inquiry: (1) there must be a physical place in the district; (2) it must be a regular and established place of business; and (3) it must be the place of the defendant. If any statutory requirement is not satisfied, venue is improper...

The court then points out that words have meaning, and making up a "test" that is untethered to the meaning of the words in the statute is simply not acceptable.

The statutory language we need to interpret is “where the defendant . . . has a regular and established place of business.” 28 U.S.C. § 1400(b). The noun in this phrase is “place,” and “regular” and “established” are adjectives modifying the noun “place.” The following words, “of business,” indicate the nature and purpose of the “place,” and the preceding words, “the defendant,” indicate that it must be that of the defendant. Thus, § 1400(b) requires that “a defendant has” a “place of business” that is “regular” and “established.” All of these requirements must be present. The district court’s four-factor test is not sufficiently tethered to this statutory language and thus it fails to inform each of the necessary requirements of the statute.

And thus, Gilstrap's argument that a "virtual" presence in the district is enough... is not, in fact, enough:

As noted above, when determining venue, the first requirement is that there “must be a physical place in the district.” The district court erred as a matter of law in holding that “a fixed physical location in the district is not a prerequisite to proper venue.” ... This interpretation impermissibly expands the statute. The statute requires a “place,” i.e., “[a] building or a part of a building set apart for any purpose” or “quarters of any kind” from which business is conducted. William Dwight Whitney, The Century Dictionary, 732 (Benjamin E. Smith, ed. 1911); see also Place, Black’s Law Dictionary (1st ed. 1891) (defining place as a “locality, limited by boundaries”). The statute thus cannot be read to refer merely to a virtual space or to electronic communications from one person to another. But such “places” would seemingly be authorized under the district court’s test.

The court dings the other prongs of Gilstrap's test as well, showing that each is insufficient and then sends it back to the lower court to determine which other court the case should be transferred to, but making it clear that "East Texas" is not one of the options.

There was a shocking moment in this week’s Senate Commerce Committee hearing on the Stop Enabling Sex Traffickers Act (SESTA). Prof. Eric Goldman had just pointed out that members of Congress should consider how the bill might affect hundreds of small Internet startups, not just giant companies like Google and Facebook. Will every startup have the resources to police its users’ activity with the level of scrutiny that the new law would demand of them? “There is a large number of smaller players who don’t have the same kind of infrastructure. And for them, they have to make the choice: can I afford to do the work that you’re hoping they will do?”

Goldman was right: the greatest innovations in Internet services don’t come from Google and Facebook; they come from small, fast-moving startups. SESTA would necessitate a huge investment in staff to filter users’ activity as a company’s user base grows, something that most startups in their early stages simply can’t afford. That would severely hamper anyone’s ability to launch a competitor to the big Internet players—giving users a lot less choice.

Sen. Richard Blumenthal’s stunning response: “I believe that those outliers—and they are outliers—will be successfully prosecuted, civilly and criminally under this law.”

Given the extreme penalties for under-filtering, platforms would err in the opposite direction, removing legitimate voices from the Internet.

Blumenthal is one of 30 cosponsors—and one of the loudest champions—of SESTA, a bill that would threaten online speech by forcing web platforms to police their members’ messages more stringently than ever before. Normally, SESTA’s proponents vastly understate the impact that the bill would have on online communities. But in that unusual moment of candor, Sen. Blumenthal seemed to lay bare his opinions about Internet startups—he thinks of them as unimportant outliers and would prefer that the new law put them out of business.

Let’s make something clear: Google will survive SESTA. Much of the SESTA fight’s media coverage has portrayed it as a battle between Google and Congress, which sadly misses the point. Large Internet companies may have the legal budgets to survive the massive increase in litigation and liability that SESTA would bring. They probably also have the budgets to implement a mix of automated filters and staff censors to comply with the law. Small startups are a different story.

Indeed, lawmakers should ask themselves whether SESTA would unintentionally reinforce large incumbent companies’ advantages. Without the strong protections that allowed today’s large Internet players to rise to prominence, startups would have a strong disincentive to grow. As soon as your user base grows beyond what your staff can directly police, your company becomes a huge liability.

But ultimately, the biggest casualty of SESTA won’t be Google or startups; it will be the people pushed offline.

Many of SESTA’s supporters suggest that it would be easy for web platforms of all sizes to implement automated filtering technologies they can trust to separate legitimate voices from criminal ones. But it’s impossible to do that with anywhere near 100% accuracy. Given the extreme penalties for under-filtering, platforms would err in the opposite direction, removing legitimate voices from the Internet. As EFF Executive Director Cindy Cohn put it, “Again and again, when platforms clamp down on their users’ speech, marginalized voices are the first to disappear.”

The sad irony of SESTA is that while its supporters claim that it will fight sex trafficking, trafficking victims are likely to be among the first people it would silence. And that silence could be deadly. According to Freedom Network USA, the largest network of anti-trafficking advocate organizations in the country (PDF), “Internet sites provide a digital footprint that law enforcement can use to investigate trafficking into the sex trade, and to locate trafficking victims.” Congress should think long and hard before passing a bill that would incentivize web platforms to silence those victims.

Internet startups would take the much greater hit from SESTA than large Internet firms would, but ultimately, those most impacted would be users themselves. As online platforms ratcheted up their patrolling of their users’ speech, some voices would begin to disappear from the Internet. Tragically, some of those voices belong to the people most in need of the safety of online communities.

Republished from EFF's Deeplinks blog

This might seem like a harsh title, but let's go back a bit into history. In 2010, at the direct urging of the RIAA, the US government, in the form of ICE, suddenly decided that it could seize domains right out from under websites with zero due process. Specifically, the RIAA gave ICE a list of websites that it insisted were engaging in piracy. It later turned out that this list was completely bogus -- and the seized domains included some music blogs and a search engine -- and when ICE asked the RIAA to provide the evidence (incredibly, many months after seizing the domains...), it turns out that they had none. Even with all of this, ICE kept one blog's domain for over a year, while denying that site's lawyer even the chance to talk to the judge overseeing the case -- and (even more incredibly) kept two other sites for five whole years.

The RIAA, who was directly quoted in the affidavit used to seize these domains (including falsely claiming that a non-RIAA song, that was personally given to the site by the independent artist in question, was an RIAA song and infringing) later tried to downplay its role in all of this, while still insisting that seizing entire domains based on flimsy claims and zero evidence was a perfectly reasonable strategy.

Fast forward to the present. Over in Spain there's a big political fight over Catalonia independence, with an upcoming referendum that the Spanish government has declared illegal. Things got very messy with Spanish law enforcement raiding government buildings, offices and homes. There are all sorts of human rights issues being raised here, let alone questions of democracy. However, those aren't directly the kinds of things we cover here. What did catch our attention, however, is that one of the raids was on the operators of the .cat domain, puntCAT, in order to seize the websites promoting the upcoming referendum and to arrest the company's head of IT for sedition (yes, sedition).

As EFF's Jeremy Malcolm explains, this should raise all sorts of alarms and concerns:

We have deep concerns about the use of the domain name system to censor content in general, even when such seizures are authorized by a court, as happened here. And there are two particular factors that compound those concerns in this case. First, the content in question here is essentially political speech, which the European Court of Human Rights has ruled as deserving of a higher level of protection than some other forms of speech. Even though the speech concerns a referendum that has been ruled illegal, the speech does not in itself pose any imminent threat to life or limb.

The second factor that especially concerns us here is that the seizure took place with only 10 days remaining until the scheduled referendum, making it unlikely that the legality of the domains' seizures could be judicially reviewed before the referendum is scheduled to take place. The fact that such mechanisms of legal review would not be timely accessible to the Catalan independence movement, and that the censorship of speech would therefore be de facto unreviewable, should have been another reason for the Spanish authorities to exercise restraint in this case.

Whether it's allegations of sedition or any other form of unlawful or controversial speech, domain name intermediaries should not be held responsible for the content of websites that utilize their domains. If such content is unlawful, a court order directed to the publisher or host of that content is the appropriate way for authorities to deal with that illegality, rather than the blanket removal of entire domains from the Internet. The seizure of .cat domains is a worrying signal that the Spanish government places its own interests in quelling the Catalonian independence movement above the human rights of its citizens to access a free and open Internet, and we join ordinary Catalonians in condemning it.

I agree entirely with Malcolm's assessment, but should note that the US government (even if it wanted to, which it probably does not...) has no moral high ground here, seeing as it's been seizing domains for the better part of a decade, with some of those earliest seizures coming on behalf of the RIAA (over trumped up charges). As Malcolm says, this doesn't mean that all illegal content must remain online, but seizing domains is a brute force intimidation and censorship tool for governments. The RIAA should be ashamed that it helped "pioneer" this sort of government censorship.

Adapted from spacesuit technology, the PHOOZY is a thermal capsule that protects your phone from the damaging effects of the sun and crazy temperature extremes. The chromium shell reflects more than 90% of solar radiation, provides an extra layer of drop protection from your phone, and will ensure it floats safely if dropped in water. It's a great way to protect your phone on your adventures from the desert to the slopes and everywhere in between.

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

One of the most shocking pieces of information to emerge from the Snowden documents was that the NSA had paid RSA $10 million to push a weakened form of crypto in its products. The big advantage for the NSA was that it made it much easier to decrypt messages sent using that flawed technology. A few months after this news, the National Institute of Standards and Technology announced that it would remove the "Dual Elliptic Curve" (Dual EC) algorithm from its recommendations. But of course, that's not the end of the story. Betraying trust is always a bad idea, but in the security field it's an incredibly stupid idea, since trust is a key aspect of the way things work in that shadowy world. So it should come as no surprise that following the Dual EC revelations, the world's security experts no longer trust the NSA:

An international group of cryptography experts has forced the U.S. National Security Agency to back down over two data encryption techniques it wanted set as global industry standards, reflecting deep mistrust among close U.S. allies.

In interviews and emails seen by Reuters, academic and industry experts from countries including Germany, Japan and Israel worried that the U.S. electronic spy agency was pushing the new techniques not because they were good encryption tools, but because it knew how to break them.

The NSA has now agreed to drop all but the most powerful versions of the techniques -- those least likely to be vulnerable to hacks -- to address the concerns.

The Reuters report has interesting comments from security experts explaining why they opposed the new standards. Concerns included the lack of peer-reviewed publication by the creators, the absence of industry adoption or a clear need for the new approaches. There's also the intriguing fact that the UK was happy for the NSA algorithms to be adopted. Given the extremely close working relationship GCHQ has with the NSA, you can't help wondering whether the UK's support was because it too knew how to break the proposed encryption techniques, and therefore was keen for them to be rolled out widely. Certainly, the reason its representative gave for backing the two NSA data encryption methods, known as Simon and Speck, was feeble in the extreme:

Chris Mitchell, a member of the British delegation, said he supported Simon and Speck, noting that "no one has succeeded in breaking the algorithms.”

Moreover, it was only half-true: the Reuters story says that academics have already had "partial success" in finding weaknesses, which surely calls for a cautious approach and more research, rather than simply accepting the proposal and hoping for the best. And even the British representative had to admit that his NSA mates had totally blown it:

He acknowledged, though, that after the Dual EC revelations, "trust, particularly for U.S. government participants in standardization, is now non-existent."

As the NSA -- and also the W3C, thanks to its blessing of DRM in HTML -- will now find, regaining that lost trust will be a long and difficult process. Maybe others can learn from their (bad) examples.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Moral panics take many forms, from Dungeons & Dragons being a lure to satanism in the eyes of parents to the wonderful theory that playing chess would turn children into violent psychopaths. What these moral panics tend to share in common is the extraction of seemingly nefarious details on a subject which, out of context, are interpreted in a demonizing manner and then exported for public consumption. Thus the public gets often well-meaning but highly misleading information on the terribleness of some innocuous thing.

This practice continues to this day, often times helped along by a media environment desperate for clicks and eyeballs. A recent example of this would be British media's Channel 4 News finding that Amazon's algorithm had a habit of recommending a combination of products together that appeared designed for terrorist-style explosives.

Channel 4 News has discovered that Amazon's algorithm guides users to the necessary chemical combinations for producing explosives and incendiary devices. Ingredients which are innocent on their own are suggested for purchase together as "Frequently bought together" products, as it does with all other goods.

Ingredients for black powder and thermite are grouped together under a “Frequently bought together” section on listings for specific chemicals. Steel ball bearings often used as shrapnel in explosive devices, ignition systems and remote detonators are also readily available; some promoted by the website on the same page as these chemicals as products that “Customers who bought this item also bought”.

Anyone reading this report would reach the obvious conclusion: either Amazon has enough customers trying to make terror-bombs that the algorithm is reacting to that, or Amazon is purposefully pushing and radicalizing innocent product purchasers into bomb-making terror demons. Channel 4 noted that beyond the chemicals needed to produce "black powder" and thermite, Amazon commonly listed ball-bearings, ignition systems, and switch-detonators alongside them as items frequently purchased with those products. Even the saltiest among us would forgive the public reading all of this for losing their minds over the report.

Except, of course, all of this comes along with a perfectly innocuous explanation, as detailed by Pinboard's Maciej Cegłowski.

The 'common chemical compound' in Channel 4's report is potassium nitrate, an ingredient used in curing meat. If you go to Amazon's page to order a half-kilo bag of the stuff, you'll see the suggested items include sulfur and charcoal, the other two ingredients of gunpowder. (Unlike Channel 4, I am comfortable revealing the secrets of this 1000-year-old technology.) The implication is clear...But as a few more minutes of clicking would have shown, the only thing Channel 4 has discovered is a hobbyist community of people who mill their own black powder at home, safely and legally, for use in fireworks, model rockets, antique firearms, or to blow up the occasional stump.

Yes, making black powder is perfectly legal in the UK, and for good reason. Hobbyists use it all the time. It's so popular, in fact, because it's a difficult substance to set off by accident. As for the ball bearings, those go in a ball mill or drum, which is used to mix the powders together and get the particles to a like size, important for their use in black powder. They aren't shrapnel at all.

The ball bearings Amazon is recommending are clearly intended for use in the ball mill. The algorithm is picking up on the fact that people who buy the ingredients for black powder also need to grind it. It's no more shocking than being offered a pepper mill when you buy peppercorns.

As for the thermite and the "widely available chemical" the Channel 4 piece goes on about, it essentially describes the chemicals needed to make thermite and magnesium-ribbon. As Cegłowski notes, this combination produces what is called a thermite reaction. If that term sounds familiar to you, it's probably because you likely performed the thermite reaction in chemistry class.

The thermite reaction is performed in every high school chemistry classroom, as a fun reward for students who have had to suffer through a baffling unit on redox reactions. You mix the rust and powdered aluminum in a crucible, light them with the magnesium ribbon, and watch a jet of flame shoot out, leaving behind a small amount of molten iron. The mixed metal powders are hard to ignite (that's why you need the magnesium ribbon), but once you get them going, they burn vigorously.

The main consumer use for thermite, as far as I can tell, is lab demonstrations and recreational chemistry. Importantly, thermite is not an explosive—it will not detonate. So Channel 4 has discovered that fireworks enthusiasts and chemistry teachers shop on Amazon.

So, the moral panic ginned up by Channel 4 essentially amounts to hobbyists and chemistry teachers getting a little convenient help from Amazon's algorithm as they go about their day. Not exactly the "holy shit, everyone is making bombs!" story that the "news" piece wanted to tell, but it has the advantage of actually being true. Perhaps most amazingly is how bereft of common sense the claims by Channel 4 were. After all, were its assertions true, why in the world aren't there bombs going off in record numbers using these chemical combinations?

If nothing else, however, this story does serve as a nice "anatomy of a moral panic", as the Idle Words post so helpfully titles this whole episode.

The Trump Administration is so frustrated by constant leaks, it's willing to try anything to stop them. Apparently, this may one day involve questionable tech with an extremely-spotty track record. Attorney General Jeff Sessions has an idea -- a bad one -- to address the ongoing White House leakstravaganza.

Sessions' idea is to do a one-time, one-issue, polygraph test of everyone on the NSC staff. Interrogators would sit down with every single NSC staffer (there's more than 100 of them), and ask them, individually, what they know about the leaks of transcripts of the president's phone calls with foreign leaders. Sessions suspects those leaks came from within the NSC, and thinks that a polygraph test — at the very least — would scare them out of leaking again.

Sessions' spitball may never come to fruition but it does indicate the White House is still no closer to uncovering the source(s) of these leaks. This also indicates the AG is willing to alienate NSC staffers with mandatory tests predicated on nothing more than Sessions' belief the leaks came from within the NSC.

On top of that, there's the dubious deterrent effect of deploying machinery whose results should be taken with a shaker of salt. The machines can be beat. Research and "How To" literature bear this out, although the federal government does what it can to prevent the spread of the latter. False positives are a problem as well. Ringing up staffers for leaking just because a machine said yes isn't going to stop the leaks or put investigators any closer to catching the real culprit(s).

But this is the way things go when the federal government is in charge. It relies heavily on polygraph tests when vetting applicants for agencies like the Customs and Border Protection. And it continues to deploy these tests even when applicants have admitted to activities or relationships that would disqualify them from federal employment.

Chances are Sessions' polygraph idea will likely remain just an idea. It could be the multiple discussions Sessions is engaging in are all part of his leak deterrence plan -- to have the threat of mandatory lie detector tests hovering in midair for the rest of tenure. Even so, it's a desperation move that shows the White House can't contain the leaks, much less hope to stop them. Suggestions like the one made by Sessions are just going to turn more staffers against the administration, which means more leaks, rather than less, over the course of this administration's lifetime.