What I don't get is why the appeals court didn't drop the hammer on the source of this by referring the prosecutor involved to the bar association for suborning perjury. Even if the bar association doesn't do anything, just having the referral on your record and having to inform every judge you go before of it would be enough of a career-ending move to make prosecutors think twice about this kind of stunt.
The police ought to start acknowledging reality (eg. swatting) and take it into account. If you really have an active shooter, for instance, in this day and age of cel phones everywhere you're going to have multiple reports of it coming in. If you get only a single call about it, it's almost certain you do not in fact have an active shooter. If the cops don't have the sense to figure this out and handle the two cases differently, they need their toys taken away until they go through training again and pass a test on comprehension of basic principles.
The trick is to be simple at step 2: "I need to cancel my service.". Then don't let them get to step 4. If they try, just keep repeating "I need to cancel my service.". After a couple of repeats, get their name if you haven't already and proceed to "Look, I am cancelling my service, effective as of such-and-such date. If you aren't willing to assist me in this, consider this notification of cancellation. I'll follow up with a registered letter to your office confirming the cancellation. Any service after that date will be unauthorized and I will not be responsible for any charges you might incur because of failure to cancel my service." and hang up. Note the date and time and who you spoke to, and send that letter return receipt requested so you have a record of when you sent it and when they got it.
If possible, record your entire call with the CS rep including the automated message when you call them. I figure you don't need to mention it, they already stated that the call may be recorded so they can't be unaware that the call may be recorded.
I was thinking a shared calendar and a link to it on the internal Web site along with all the other important links to important Web apps and info new hires need. That way you'd literally have to lose everyone at once to even stand a chance of losing track of the calendar.
A calendar program with reminders and a nice bright cheery red for critical renewal dates on it. I hear Microsoft, Apple and Google all make nice ones that aren't tied to a particular user or their machine. They can even be integrated with your e-mail program so everything's in one place. Reminders from the registrar are nice, but I make sure I keep track of when all my domains are due for renewal myself.
Before I'd trust a fork, I'd want an idea of why the original developers considered it insecure in the first place. I'd think if they just didn't have the resources or interest to maintain it, they'd say they were ceasing to maintain it rather than make an ambiguous statement about security. And there's more than one security risk. If it were something like they were ordered to hand over copies of the private key used to sign binaries, rendering TrueCrypt vulnerable to government-created "official" versions, that can be dealt with in several ways. If it's a case of TrueCrypt being unable to protect the data against interception within Windows on it's way to the application, there's nothing anyone can do about that and it has to be mitigated against in other ways. And if finally there really is some obscure and fatal flaw in the basic design or coding of TrueCrypt that makes it inherently vulnerable, we'd need to know what it is so we know any new maintainers have in fact fixed it before we could trust the new fork.
I'd note one interesting indirect attack: use methods that'll cause the most secure projects to declare themselves at risk without letting them say why, letting paranoia push users into switching to software maintained by less scrupulous companies who'll stay quiet about their software being compromised until forced by outside discovery of the compromise.
There are, believe it or not, standard best practices already out there. Storing hashes of your passwords instead of the cleartext passwords, for instance. Certainly there's a lot of fuzziness about just where the line between being exploited and being negligent lies, but there's also a lot of area where there's no ambiguity at all. It's much like other areas: there may be some ambiguity about whether glancing down to read the incoming call message on the screen of your cel phone is negligent or not, but that doesn't somehow translate to it maybe possibly not being negligent to have both hands off the wheel and your head down digging through a bag on the passenger seat completely oblivious to what's going on as you barrel down the freeway at 95mph.
I'm really annoyed at the patently false argument that if anything's ambiguous then everything's ambiguous. On maps the idea of a disputed border's simple enough, and the fact that some part of the border's disputed doesn't stop other areas from clearly belonging to one country or another.
This ought to come under the heading of "negligence". You don't need specific rules to enforce the general rule that a business is liable for damage due to it's negligence. Not that a business should be liable merely for being hacked, no, but in cases like Tower Records and Wyndham it's not just that they were hacked but that their security measures were so inadequate they were the equivalent of using yellow "do not cross" tape instead of an actual railing to keep people from falling off the balcony of a high-rise building. The business going "But you didn't tell us yellow tape was inadequate!" or "But you didn't issue a rule saying you could ding us for just using yellow tape!" should be responded to with a Gibbs smack.
In trouble, possibly. Not subject to criminal charges under what I suggested, though. They aren't soliciting material the posters don't have permission from the subjects to post, nor are they demanding payment to take the posts down. The people who posted the material may be subject to criminal charges, but not the site itself.
That'd take a slight variation in language. Make it clear that it's not the posting without permission, but the posting without permission of material that the subjects had a legally recognized expectation would not be made public. So, a photograph taken in a public place where photographs were being taken? The subject has no expectation that photographs wouldn't be made public. Photographs taken in your bedroom when they weren't being taken for public distribution, or where they were taken without your knowledge? That's when the site needs to be careful.
And most celebrity-gossip sites would still be in the clear. They might be asking for embarrassing/unflattering material, but they wouldn't be asking specifically for material the subjects expected wouldn't be public. Much of it would be shots taken in public areas where there's no specific ban on photography or snapping videos with cel phones. And the site wouldn't be demanding payment as a condition of taking anything down. They might argue that the celebrities had no expectation of privacy when the photos were taken and so no right to demand the photos not be published, but the gossip sites aren't typically trying to extort payment to not show the photos.
It might be better to criminalize, not the hosting of such material, but the solicitation of such material. Revenge-porn websites tend to make it clear they want you to post images and videos without the permission of the people in them. So, criminalize solicitation of posting of material without the permission of the people shown in it, and the demanding of payment to take such material down when the request to take it down comes from a person shown. That'd leave the honest web sites free and clear, while scotching the business model of the revenge-porn sites.
Thing is, in legal terms words don't mean just what you want them to mean. That's what the court noted here: the license used the term "non-commercial", and in German law that term is defined to mean "personal". If you want to use the term "non-commercial" in your license in Germany and want it to mean something other than what German law says it means, you need to provide a specific definition for it in your license and say that whenever you use this term it refers to your definition.
Re: Re: they can remove whatever they want for whatever reason they want
I don't think in principle it would. The key point seems to be whether items are reviewed before they're posted (eg. a newspaper's letters-to-the-editor page, items are generally not posted until an affirmative decision is made by the provider to post them) or after (eg. blog comments, items are generally posted without intervention by the provider and any review is done afterwards). The hard part would be keeping front-and-center the fact that Section 230 says such-and-such about the subject and any cases brought up that contradict that were based on special circumstances that don't apply in this case (arguing that the black letter of the law trumps contradictory case law might sound good, but it's a better argument during appeal than before a district judge and you want to win before having to appeal).
In practice a comprehensive review policy, where the overwhelming majority of items are reviewed as a matter of course, might weaken an argument that Section 230 protects the provider from liability. Not because the review itself should weaken the protections, but because it gives your opponent an opening to argue that comprehensive review amounts to the provider making an affirmative decision about every item.
True, there's a cost. OTOH there's a cost to not doing it: the cost of fighting to get your content put back up, and the cost of not having your content available while you're fighting the takedown. If the offending parties never suffer any penalty for doing it, they'll just keep doing it and bleed you dry in the process. Slow or fast, pick your poison but you will have to pick a poison.
If you're a nice person who turns into a flaming jerkwad when you think nobody can know who you are, you're not in fact a nice person. You're just a flaming jerkwad who's good at covering it up because you'd be ashamed for people to know you're a flaming jerkwad. This is why so many "apologies" for incredibly stupid unintentionally-public statements are phrased the way they are: the people who made them aren't actually ashamed to have made the statement, they're just ashamed that their having said it became public knowledge.
NB: everybody has at least a bit of this flaw in them. The key is to just man up and accept this fact. It'll get you a bit more respect, and give you the chance to direct your attitude at targets that've done something to deserve it.
I think in those cases that more creators need to demand a copy of the DMCA notice and pursue legal action against whoever issued it based on a false claim to be authorized to act for the copyright holder. 17 USC 512(c)(3)(A)(vi) requires a statement under penalty of perjury that the person filing the notice is authorized to act for the copyright holder, so hold them and the courts to the law. Yeah it's expensive, but that's the only way it's going to get stopped.
That's the problem: the cameras don't hold the driver accountable. They hold the registered owner accountable, without any evidence the registered owner was the driver. Compare this to when a cop writes you a ticket after pulling you over: they take the information from the driver's license of the person behind the wheel, and issue the ticket to the actual driver.
Seems to me that if your uncle's right, the DC cops could make a killing just by dropping a few cops off at an intersection and having them wait for drivers to do what your uncle describes, then flip the lights to a 4-way red and amble up to the cars and start issuing tickets. Put the announcement on the morning news: "We'll have enforcement teams at 8 intersections during rush hour. Good luck guessing which 8.". The tickets will be air-tight.
Users don't buy Internet service for the ISP. They buy it for everything else out there. The ISP's service is just the pipe as far as most people are concerned. If the ISPs degrade service too far, people will start looking for another ISP to get their pipe from.
The major choices for broadband here in San Diego are Cox, Time Warner and AT&T. TW and AT&T ought to worry that, when looking at houses I could possibly buy, one of my criteria is "located in an area serviced by Cox" because I just don't want to deal with the ongoing headaches I'm sure to have with the other two.
Part of it's a string of high-profile problems in California where private schools took in payments and then closed their doors, leaving students out the money and not getting any of the classes they paid for. One of the highest-profile was Silver State Helicopters in El Cajon (San Diego area) that closed it's doors abruptly after students had paid $70K each in tuition. Around the same time a private business college here did the same, the tuition wasn't as high but it hit a lot more people. A large part of the regulation was simply to make sure that private schools didn't keep doing this, that if they weren't able to provide the courses students had paid for they had a mechanism in place to insure students got their money back or at the very least could get their classes at another institution without having to pay again.
If you think the BPPE isn't necessary, I find it interesting that the problematic closures happened in the 2007-2009 timeframe. That's the time between when the previous regulatory body, the BPPVE, ceased to exist because the previous laws governing private postsecondary schools expired, and when the new law formed the BPPE to take over the regulatory role. I have a hard time crediting that as mere coincidence.