by Mike Masnick
Mon, Oct 31st 2016 1:10pm
by Mike Masnick
Fri, Oct 21st 2016 8:27am
from the copyright-as-censorship dept
So what does Geofeedia do? Well, for starters, it abuses the DMCA to try to take down information. The Daily Dot's Dell Cameron had actually written about how the Denver police spent $30k on Geofeedia back in September, a few weeks before the ACLU report dropped (nice scoop and great timing). Cameron then followed up with a detailed story following the ACLU report as well, noting that there were still plenty of other Geofeedia competitors on the market. At the end of that post, Cameron included a brochure that Geofeedia had apparently sent to a police department last year. But you can't see it now, because (yup) Geofeedia issued a DMCA takedown to Scribd, the company that was hosting it. tweeted about this as well, (correctly!) wondering why Scribd would fold over such a bogus copyright takedown.
And it's pointless too, because it just calls more attention to how ridiculous Geofeedia is. Of all the things it should be focusing on right now, trying to take down a sales brochure in an article should be pretty low on its priority list. And if the idea was to get Daily Dot and Cameron to stop reporting on the company, well, that's failed too. Cameron has a new article out about how Geofeedia's stalking system was marketed to public schools as well.
by Tim Cushing
Mon, Oct 3rd 2016 11:43am
from the jumping-ahead-of-the-threat dept
A few more wrinkles have appeared in the EFF's attempted legal destruction of the DMCA's anti-circumvention clause. Back in July, the EFF -- along with researchers Bunny Huang and Matthew Green -- sued the government, challenging the constitutionality of Section 1201 of the DMCA. As it stands now, researchers are restricted by the limitations built into the anti-circumvention clause. The Library of Congress can grant exceptions, but these are only temporary, lasting three years and generally vanishing at the end of that term.
Projects and research efforts continue to be thwarted by this provision, opening up those who circumvent DRM and other protective measures to the possibility of prosecution. And their options when facing charges are severely limited. There is no "fair use" exception to Section 1201 of the DMCA -- something the EFF would like to see changed.
The threat of prosecution may be mostly existential, but it's still far from nonexistent. This is why the EFF has requested a preliminary injunction that would prevent the DOJ from trying to put its client in jail.
The Electronic Frontier Foundation (EFF) asked a court Thursday for an order that would prevent the government from prosecuting its client, security researcher Matthew Green, for publishing a book about making computer systems more secure.
But publishing the book, tentatively entitled Practical Cryptographic Engineering, could land Green in jail under an onerous and unconstitutional provision of copyright law. To identify security vulnerabilities in a device he has purchased, Green must work directly with copyrighted computer code, bypassing control measures meant to prevent the code from being accessed.
The injunction request [PDF] points out that -- in addition to the anti-circumvention clause being a form a prior restraint -- Green will be performing the sort of actions the DOJ has prosecuted people for in the past.
A rigorous and effective audit of a computer system’s security requires that Dr. Green analyze the software controlling the system. Often, secure computer systems prevent access to their software code through technological protection measures (“TPMs”) such as encryption, username/password combinations, or physical memory restrictions preventing a user from accessing certain stored information. An adversary seeking to extract information about the software code or about the system’s user, or to install their own malicious software, would seek to bypass these measures in order to maximize their ability to locate and exploit vulnerabilities.
To identify security flaws, Dr. Green must do the same; indeed, finding and reporting on the vulnerability of these access controls is a critical part of auditing the security of the system. If he does not bypass access controls in a computer system, Dr. Green’s research is significantly limited. While he may be able to discover some vulnerabilities, he cannot determine with confidence whether devices are secure against an adversary willing to circumvent access controls.
The DOJ has already responded (sort of) to some of the claims raised in the EFF's injunction request. Its motion to dismiss [PDF] -- filed the same day as the EFF's injunction request -- claims the EFF and Matthew Green have no standing to challenge Section 1201 of the DMCA. Not only that, but they cannot provide any evidence prosecution is likely if Green continues with his research work.
Plaintiffs’ claims should be dismissed in their entirety. As an initial matter, Plaintiffs lack standing to raise their First Amendment claims on a pre-enforcement basis because the assertions in their Complaint fail to establish a credible threat of prosecution, under the DMCA’s criminal enforcement provision, for engaging in constitutionally-protected activity. None of the Plaintiffs claims to have been threatened with criminal prosecution. Plaintiffs’ conclusory assertion that others have been prosecuted under the DMCA in the past, for unidentified reasons, is insufficient to establish that Plaintiffs face a credible threat, as is their assertion that third parties might bring suit against them under a separate civil private right of action. Moreover, Plaintiffs fail plausibly to assert that the acts of circumvention and trafficking that they wish to undertake qualify as speech or expressive conduct that is entitled to First Amendment protection but prohibited by the DMCA.
The DOJ's arguments roughly align with the assertions made in its motion to dismiss in a lawsuit brought by security researchers and the ACLU against the much-hated CFAA. Once again, the DOJ recognizes that Green's book may be covered by the First Amendment, but actions taken during its compilation may not be.
In both cases, though, the statutes lend themselves to punishing security researchers for performing security research. While the DOJ may have no intention of prosecuting Green for his work, the anti-circumvention clause allows it to hold onto that option for as long as it wants to. The only way to guarantee this won't happen is to obtain an injunction, but chances are the court won't be as interested in staving off the theoretical as it will be in examining the First Amendment claims.
by Mike Masnick
Wed, Sep 28th 2016 9:34am
from the copyright-and-politics dept
-------And it worked:
== Description of original work: Photography of a bowl of Skittles from my flickr library which was copied WITHOUT my permssion
== Links to original work: https://www.flickr.com/photos/david_kittos/[REDACTED]/
== Reported Tweet URL: https://twitter.com/DonaldJTrumpJr/status/[REDACTED][REDACTED]
== Description of infringement: The image of a bowl of skittles is mine and has always been set as "ALL RIGHTS RESERVED" in my flickr library It was copied and is being used WITHOUT my permission. I have never been contacted by Donald Trump Jr or any representative about the image, before of after it was used in the Tweet.
by Mike Masnick
Wed, Sep 28th 2016 8:31am
from the let's-try-this-again dept
There are many, many, many problems with the lawsuit which we'll be discussing, but let's start with the big one. The RIAA and the labels seem to believe that SOPA became law back in 2012, rather than being soundly rejected. That's because, as the EFF notes in a blog post, the real target of the lawsuit does not appear to be Youtube-mp3.org, but a bunch of third party service providers. Specifically, the lawsuit asks for two highly questionable remedies targeting non-parties to the lawsuit:
enjoining Defendants and all third parties with notice of the Order, including any Web hosts, domain-name registrars, domain name registries, and proxy or reverse proxy services, and their administrators, from facilitating access to any or all domain names, URLs and websites (including, without limitation, www.youtube-mp3.org) through which Defendants infringe Plaintiffs’ copyrights;and
enjoining all third parties with notice of the Order from maintaining, operating, or providing advertising, financial, technical, or other support to YTMP3 and any other domain names, URLs, or websites through which Defendants infringe Plaintiffs’ copyrights, including without limitation www.youtubemp3.org; and enjoining all third-party distributors of applications, toolbars or similar software with notice of the Order from distributing any applications, toolbars, or similar software applications that interoperate with any domain names, URLs, or websites through which Defendants infringe Plaintiffs’ copyrights, including without limitation www.youtube-mp3.org.Again, this was the kind of remedy SOPA was designed to enable. But SOPA did not become law. As the EFF points out:
Also, according to the lawsuit, which was filed in California, the site is owned by a guy in Germany, Philip Matesanz. An RIAA press release notes that the IFPI has also indicated it's going to file a similar case in the UK. Considering that there's a decently high chance that the guy in Germany won't bother responding to a lawsuit halfway around the world, the RIAA and its labels may simply be hoping for a default judgment, which they can then use to force all those third parties into blocking a website, despite a lack of a full trial over the issues with the case.
As we’ve explained before in other cases, this request is a gross overreach. Federal court rules have a narrow provision that lets successful plaintiffs request a court order against a defendant and people in “active concert and participation” with them, meaning a close associate or co-conspirator. That provision doesn’t allow for orders that bind every vendor providing services to a defendant, especially those with no direct business relationship. So the litany of intermediaries listed in the labels’ complaint are not within the court’s power to bind.
What the complaint asks for is also far broader than the law allows. By asking all of those intermediaries to block all “websites through which Defendants infringe Plaintiffs’ copyrights,” without specifying the URLs, the labels are seeking to conscript all of these companies as investigators who must chase down the defendants and block every website they use, under any name. Neither copyright nor trademark law allows courts to put this burden on Internet intermediaries, and for good reason: it’s prohibitively expensive for many, it inevitably leads to blocking of lawful speech, and it gives a big advantage to established players.
Finally, and perhaps worst of all, the record labels want to ban “any applications” that might “interoperate” with with youtube-mp3.org and any other websites owned by the defendants. That would seem to require every Web browser, mobile app, and Internet-connected device to block an ever-changing list of websites. Left unchecked, these kinds of orders could become a mechanism whereby the content industry gets veto power over online innovation.
And, oh boy, does this lawsuit have serious issues. On a conceptual level, how is what this site is doing really all that different from a VCR in recording a TV show? In this case, it's just recording an audio file from a video file. And such recordings for personal time shifting uses are considered fair use and not infringing. It's also quite a useful tool for other fair use activities too — we've used a similar site to grab audio quotes from videos for discussion in our podcast. The "stream ripping" site is just a tool for making such fair use recordings, meaning it has substantial non-infringing uses. So why do the RIAA and these labels insist that it's infringing?
The lawsuit notes that this service likely violates YouTube's terms of service, but YouTube/Google are not the plaintiff. They're not the ones arguing over the terms of service being violated (in fact, you could argue that Google is a target of the lawsuit via the third party injunction attempts discussed above).
Part of the lawsuit alleges that YTMP3 violates the DMCA by "circumventing" YouTube's "technological measures" designed to block access to the actual video file, but it's not clear how this kind of thing is really a technological protection measure under the DMCA. All it does is obscure the full URL, but still make it accessible. Is it really circumvention to figure out how to get to a publicly accessible URL? That seems like a big leap by the RIAA:
Plaintiffs are informed and believe, and on that basis allege as follows: YouTube has adopted and implemented technological measures to control access to content maintained on its site and to prevent or inhibit downloading, copying, or illicit distribution of that content. YouTube maintains two separate URLs for any given video file: one URL, which is visible to the user, is for the webpage where the video playback occurs, and one URL, which is not visible to the user, is for the video file itself. The second URL is generated using a complex (and periodically changing) algorithm – known as a “rolling cipher” – that is intended to inhibit direct access to the underlying YouTube video files, thereby preventing or inhibiting the downloading, copying, or distribution of the video files.That second URL is not "protected" in any real way. It's a publicly accessible URL -- it's just that YouTube doesn't make it easy to find. So does that really count as circumvention? That seems like a big question here as well.
Either way, as noted above, these important questions may not get answered if YTMP3 simply decides to ignore the lawsuit -- and the RIAA may very well be counting on that. It really does seem like the labels deliberately picked a site that is likely not interested in defending this lawsuit, no matter how questionable, allowing it to really go after a ton of 3rd party sites and services, as if SOPA were the law.
by Leigh Beadon
Tue, Sep 20th 2016 4:24pm
from the surprise-surprise dept
Usually, when we see stupid and dangerous DMCA errors like Warner Bros. taking down its own website and Paramount taking down legitimate Linux torrents, it's the studios we call out first for their wanton abuse of the system. But of course that's only part of the story — there is a system of broken incentives both inside and outside the studios that has created an entire "anti-piracy" ecosystem. It started with the third parties that many studios and other rightsholders hire: self-styled copyright enforcement experts who charge a fee to piss an endless stream of DMCA notices into the wind of piracy. Some studios, like NBCUniversal (who we'll be talking about in a moment) choose instead to build this function into their internal structure with anti-piracy divisions staffed by the same kind of folks. Thanks to the willingness of copyright holders to pay out for this pointless service, it's grown into a whole industry — and it's an industry for which the never-ending, whac-a-mole nature of the takedown game is a plus, since it means the job will never be done. While there's plenty of blame to go around among media companies and lawmakers, it's these takedown "experts" who are the most directly responsible for the epidemic of botched and fraudulent takedown notices.
And it's easy to see why: they need to pad the numbers. If we accept that the whole exercise is pointless (it is) and there's no actual end goal (there isn't) then what makes one anti-piracy outfit better than another? Why, sheer volume of pointlessness, of course! The executive who hired the firm that takes down two-million links can brag about his competence compared to the executive who only got one-million for the same price, and the executive who designed the internal division that hit three-million for even less is a damn hero — even though they're all just futilely pecking away at "infinity". And so, since there's no real penalty for abusing the DMCA, these groups have zero incentive to fret about only sending fair and accurate takedowns. But that's not all — they also have every incentive to actively pad their numbers with takedowns they know are bullshit, and as TorrentFreak discovered last month and recently demonstrated again in pretty undeniable terms, that's exactly what they're doing:
... this may look like a proper notice. However, upon closer inspection it’s clear that the URL structure of the links is different from the format Torrentz2 uses. The notice in question lists this URL:
On Torrentz2, however, the search “2012 dvdrip battleship mp4” generates the following URL, which is clearly different.
The link NBC Universal reports has never existed and simply returns a blank page. TorrentFreak reached out to the operator of the site who confirmed that they have never used this URL format.
This ‘mistake’ can be explained though. The URL structure NBCUniversal uses comes from the original Torrentz site, meaning that NBC simply did a search and replaced the old domain with a new one, without checking if the URLs exist.
In other words, they fabricated these links.
And this isn't some isolated incident. TorrentFreak found plenty of new notices targeting URLs where the whole site had been taken down last year, and the URL didn't even exist when it was up. It's clear what's happening: they're just subbing out various known torrent domains into big lists of URLs that maybe, once, sorta, in a similar format on a different site, actually pointed to infringing material — and then billing their masters per URL targeted, regardless of whether it turned out to actually exist or not. Counting up all the fraudulent notices is next to impossible, but TF estimates there were tens if not hundreds of thousands of such URLs included in notices in the past few months alone.
Now, these takedowns of fake URLs might not seem as worrying or embarrassing as the notices that target legal material or a copyright holder's own website, but they are further evidence of just how stupid the whole system is, and how badly it needs to be fixed. In a world where takedown notices are automatically generated by the millions without concern for whether or not the URLs are even valid, can we ever expect them to stop targeting legitimate speech and legal distribution? No. The DMCA needs teeth when it comes to punishing abusers, but giving it those teeth means dismantling this entire automated, slapdash anti-piracy industry — and don't expect them to go without a fight.
by Karl Bode
Tue, Sep 20th 2016 9:39am
from the innovation! dept
Hoping to bring this parade of awfulness to its customers at scale, HP this week unearthed the atomic bomb of printer cartridge shenanigans. HP Printer owners collectively discovered on September 13 that their printers would no longer even accept budget cartridges. Why? A firmware update pushed by the company effectively prevented HP printers from even detecting alternative cartridges, resulting in HP printer owners getting messages about a "cartridge problem," or errors stating "one or more cartridges are missing or damaged," or that the user was using an "older generation cartridge."
As Cory Doctorow over at Boing Boing notes, this behavior is simply par for the course, with Lexmark engaging in similar behavior back in 2003. By embedding an "I am empty" bit in their cartridges, they were similarly able to ensure that users couldn't use third-party cartridges or they'd be told the cartridge lacked ink. Lexmark leaned heavily on Section 1201 of the DMCA to support its behavior, a tactic HP is likely to mirror but evolve:
"Lexmark invoked Section 1201 of the DMCA, which makes it a criminal and civil offense to bypass an "effective means of access control" for a copyrighted work. The DC Circuit court asked Lexmark which copyrighted work was being protected by its access control, and it argued that the checking routine itself was copyrighted, as well as the "Empty" bit. The court found that the DMCA could only be invoked where there was a copyrighted work apart from the access control, and that a single bit didn't qualify as a copyrightable work. Lexmark lost."In this case, HP's DRM time bomb firmware update was apparently deployed back in March, but HP didn't activate the "improvement" until this month. And as is usually the case in this space, HP isn't saying much outside of a misleading quote proclaiming the company was simply protecting its "innovations" and intellectual property:
"HP said such updates were rolled out "periodically" but did not comment on the timing of the last instalment.But rejoice! HP claims that users can still refill cartridges, as long as those cartridges contain an HP-approved security chip:
"The purpose of this update is to protect HP's innovations and intellectual property," it said in a statement."
"These printers will continue to work with refilled or remanufactured cartridges with an original HP security chip. Other cartridges may not function."Well, at least until HP figures out a way to DRM the printer fluid itself, which surely can't be too far along on the horizon.
by Mike Masnick
Tue, Sep 20th 2016 8:29am
from the that's-an-exclamation-point dept
In the first six months of 2016, WordPress received 4,258 DMCA takedown notices, 9 percent of which were rejected as abusive, according to the company's Transparency Report. And though those numbers are nowhere near the volume of, say, Google, the costs of those abuses are high, Sieminski says. "There's really a big chilling effect on speech, especially controversial speech, because there's a very handy tool to use to remove that type of reporting from the internet," he says. "And as a company, we have to invest in the human resources … to sift through the mountain of notices we get."There are some more interesting quotes in there as well. Having himself featured in Corporate Counsel Magazine seems like reason enough for a Facebook post, so Paul posted a link to the story on Facebook as well, with a little blurb noting how it was "fun" to be quoted, and how such automated takedowns "happen hundreds of times a day, but make the news only occasionally."
Can you guess what happened next? Of course you can...
Facebook's automated takedown algorithms decided that Paul's brief post and link about how bad automated takedowns are... got taken down, because irony lives.
Meta. Posted an article about erroneous, bot driven, internet takedowns. Post was just wrongly removed by Facebook. https://t.co/XSmX2weHf3— Paul Sieminski (@pesieminski) September 18, 2016
* Full disclosure: Automattic recently sponsored & hosted our event on copyright reform, and Paul was our main contact there for that event.
by Tim Cushing
Mon, Sep 19th 2016 9:34am
from the st(r)eaming-pile-of-horseshit dept
If you're going to argue against YouTube, Spotify, etc. and the supposed wholesale screwing of artists, it helps if:
A. You're not a former member of an entity with decades of experience in screwing artists, and
B. You have some grasp of basic economic concepts.
Paul Young, a former director of licensing for Universal Music Group, has an op-ed posted at The Hill decrying the unfairness of streaming services and the wrongness of the DMCA. But any point he's trying to make is buried under ignorance and the demand that some artists be treated more equally than others.
The music community’s grievances are the following: (1) The DMCA allows internet service providers to build ad-based businesses built upon infringing content that the artists cannot effectively police through “notice and take down” procedures; (2) If and when service providers pay the artists, it’s on the providers’ hopelessly complex terms, resulting in payments that offer fractions of pennies per view; (3) Service providers offer “free” teaser music to the public when copyright owners should have the absolute right to control distribution of their music.
(1) The DMCA sucks, but it sucks the way studios and labels wanted it to. Now they don't like it and they want to change it to suck in a different way. They're also arguing for "notice and STAY down," which works out great for labels/studios… unless they're inadvertently targeting their OWN site with unvetted DMCA notices.
(2) "Hopelessly complex terms" are included in almost every royalty agreement. Service providers don't have a monopoly on this behavior.
(3) If copyright owners want "absolute control," they're free to pull their music, movies, etc. from services they don't like. Not many have, because not many are willing to give up this revenue stream they constantly claim isn't paying enough. As for the artists themselves, they have no "absolute control" -- not if they're signed to a label. Young may be writing about screwed artists, but he's really only interested in protecting the "rights" of gatekeepers.
He confirms this by claiming major labels deserve to be treated better than other copyright owners.
Free music streaming is fair only for original, home-based music. However, what the public streams mostly comprises of premium, professional content. This content is expensive to create, risky to market and requires many behind-the- scene professionals.
It's OK for service providers to screw the little guy. But don't mess with the majors. They have oh-so-many mouths to feed -- mouths that are more deserving of revenue than creators that don't cut them in on the deal. Young wants a better deal for artists, but with a caste system attached.
Every minute, 400 hours of footage is uploaded to YouTube, much of it synched to copyrighted music. [Note: citation needed.] This gives YouTube a distinct advantage over Spotify, Tidal, Apple Music and other services that do not offer user-generated streaming of works they do not control.
Much of this YouTube footage is monetized with paid ads. YouTube retains a minimum of 45 percent of this revenue, at prices it sets (but does not reveal), irrespective of the content’s creation costs.
Major label music should "pay" more -- whether it's a premium in subscription fees or a larger cut of advertising revenue payouts. Why? Because it costs more to make. But production costs have little to do with pricing -- and that includes advertising revenue.
If we lived in Young's world, tickets to "Paranormal Activity" (production budget: $450,000) would be $5 and tickets to "Avatar" (production budget $425,000,000) would be $4,700. [Productions costs taken from here.] Buying My Bloody Valentine's "Loveless" would bankrupt music fans just as certainly as it nearly financially destroyed the label that released it, while Owl City's basement-produced hit album could presumably be had for a handful of pocket change.
Young -- and the label he worked for -- appear to believe the internet owes them a living. But just them. Not the rest of these shabby artists the labels are unwilling to gatekeep for.
Once Young has finished deliberately misunderstanding how markets work, he moves on to the point of his op-ed, which begins with him recycling the stupid "built on the backs of artists" trope that presumes no service provider could ever become successful without engaging in copyright infringement. Then he goes right off the rails.
I would argue for stronger, industry-wide measures: a complete repeal of the safe harbor provisions of the DMCA and a prohibition on any unauthorized uploading of the property of others.
The first part is insane. Young actually wants service providers to be fully responsible for the actions of their users. Like the ongoing attacks on Section 230 of the CDA, this is a very lazy, very dangerous attempt to paint targets on the backs of those who have money, rather than perform the more difficult work of targeting the users who actually commit copyright infringement, make defamatory statements, etc.
This line of thinking says labels and studios need do nothing more than bitch loudly and expect everyone else to solve their problems -- whether it's websites, legislators, or internet service providers. This is how they "protect" their artists. By complaining stupidly and demanding the internet be torn apart and rebuilt to their specifications, damn the collateral damage.
The second part is just moronic. Every site prohibits unauthorized uploadings. Active efforts are made to police uploaded content and any site that wants to stay alive for long sets up a DMCA agent to respond to takedown notices. But it's never enough. Young apparently feels current prohibitions just aren't prohibitive enough, as though there were a magical tech solution somewhere that might prevent any unauthorized uploading from taking place ever again, if only service providers weren't so busy raking in billions on the backs of major label artists.
The whole op-ed is an embarrassment. But, unfortunately, it's par for the course in major label/studio arguments. It's worse than the blind leading the naked. It's the ignorant leading the angry. It's short-sighted rent-seeking by people who somehow think they can force more revenue out of service providers by destroying the protections that have allowed them to prosper.
Wed, Sep 14th 2016 4:15pm
from the doing-it-right dept
While Nintendo has been making waves for some time with its overly aggressive DMCA takedowns of any fan-work that includes its intellectual property, the company has really ramped things up lately. Recent actions include the takedown of a Mario fan game, a remake of a 25-year-old Metroid title, and engaging in all kinds of craziness over its Pokemon Go title. It was enough that one of Nintendo's biggest rivals couldn't help but take a subtle potshot at it, while simultaneously treating Sega fans like human beings.
Daniel Coyle, on Twitter as SuperSonic68, headed up a team of Sonic the Hedgehog fans in the development of a fan-made 3D Sonic game. Their work has been received rather well as of late, including on gaming blogs and YouTube channels. When one YouTube channel, GameGrumps, did a "let's play" of the fan game, it appears that Sega noticed and reached out in the comments section with a poke at Nintendo's aggressive nature and some encouragement.
This is the kind of thing we talk about a great deal around here: being human and awesome to your fans, while also understanding that not every use of your intellectual property is a threat. In fact, it can be a boon instead. This case is doubly so, with the fan-created work propelling more attention to the Sonic franchise as a whole by getting the brand into the gaming news bloodstream, while embracing fan creations builds up all kinds of goodwill towards Sega in general. This is how you do it.
Where Nintendo is in the news for treating its fans poorly, Sega makes news for treating them well, which will encourage other Sega fans to create more fan-works, which will keep Sega's properties moving around the wider internet as a result.
Sega’s latest dunk on their litigious competition shows a massive difference in how fan content is approached and I think they’ve got it right. Games Green Hill Paradise Act 2 like generate interest in properties and encourage passionate engagement with their franchise. They’ve even brought fans in to work on projects. Christian Whitehead, a long time fan, is now a programmer on Sonic Mania.
This is how you build loyalty, instead of anger, amongst a fan-base.