Capitalist Lion Tamer’s Techdirt Profile


About Capitalist Lion TamerTechdirt Insider

List of blogs started with enthusiasm, which now mostly lie dormant:

[reserved for future use]

[recently retired]

[various side projects]

Posted on Techdirt - 9 December 2016 @ 7:39pm

Court Tells Nursing Home Company That Law Firm's Ads Targeting It Are Not A Form Of Trademark Infringement

from the sorry,-but-not-liking-something-doesn't-make-it-infringement dept

Eugene Volokh of the Volokh Conspiracy points to a recent Georgia Supreme Court decision [PDF] that lets trademark holders know that just because some use of their trademark is less than complimentary doesn't mean the use "tarnishes" the brand.

McHugh Fuller Law Group, using nursing home surveys published by the federal government, often seeks to gather litigants for class action suits against possibly-abusive nursing homes/employees. In this case, it decided PruittHealth-Moultrie's survey responses warranted further litigation. It published an ad seeking "suffering loved ones" who might be interested in suing the nursing home -- one that prominently used the nursing home's logo and name.

Big HugeMcLarge

Naturally, PruittHealth felt this use of its trademark to be disparaging, as it hinted that the company was mistreating its residents. It sued for damages, claiming the law firm's use of its name and logo "diluted" the brand. But its argument had nothing to do with the normal sort of "dilution" often claimed in court. PruittHealth didn't feel potential customers would be misled, but rather that its use in this form took the PruittHealth name down a notch or two.

At issue in this case is tarnishment, which OCGA § 10-1-451 (b) describes as “subsequent use by another of the same or any similar trademark, trade name, label, or form of advertisement” adopted and used by a person, association, or union “if there exists a likelihood of injury to business reputation … of the prior user, notwithstanding the absence of competition between the parties or of confusion as to the source of goods or services.” This theory of liability “has had some success when defendant has used plaintiff’s mark as a mark for clearly unwholesome or degrading goods or services.”

PruittHealth testified that it began receiving calls from concerned customers about the patients in its care as a result of the ad. McHugh Fuller testified that it had received 200 queries, resulting in 11 filed lawsuits -- not necessarily a rebuttal of PruittHealth's "likelihood of injury" claims.

The Supreme Court, reversing the state appeals court decision, points out that things that may result in damage to trademark holders are not always "tarnishing" under Georgia state law.

However, not every unwelcome use of one’s trademark in the advertising of another provides a basis for a tarnishment claim. See 6 Callman § 22:19. Tarnishment can occur “only if the defendant uses the designation as its own trademark for its own goods or services.”


Here, McHugh Fuller was advertising its legal services to individuals who suspect that their loved ones have been harmed by negligent or abusive nursing home services at a specific PruittHealth nursing home. The ad used PruittHealth’s marks in a descriptive manner to identify the specific PruittHealth facility; indeed, McHugh Fuller was counting on the public to identify PruittHealth-Moultrie by the PruittHealth marks used in the ad. The ad did not attempt to link PruittHealth’s marks directly to McHugh Fuller’s own goods or services. McHugh Fuller was advertising what it sells – legal services, which are neither unwholesome nor degrading – under its own trade name, service mark, and logo, each of which appears in the challenged ad. No one reading the ad reproduced above would think that McHugh Fuller was doing anything other than identifying a health care facility that the law firm was willing to sue over its treatment of patients. In short, the ad very clearly was an ad for a law firm and nothing more.

PruittHealth may not have liked what the advertising insinuated (and, indeed, fielded concerned phone calls because of the advertising) but that alone is not enough to bring claims of trademark tarnishment. Advertising is full of unfavorable insinuations and unflattering comparisons, and this law firm's litigant fishing expedition is no different than ads claiming Corporation X's service is less than spectacular while using Corporation X's trademark in the ad copy.

Contrary to PruittHealth’s assertion in the trial court, trademark law does not impose a blanket prohibition on referencing a trademarked name in advertising. “Indeed, it is often virtually impossible to refer to a particular product for purposes of comparison, criticism, point of reference, or any other purpose without using the mark.”

PruittHealth's idea of how trademark law should be enforced goes far beyond expanding Georgia's trademark tarnishment law. It rubs right up against speech protected by the federal government.

Moreover, interpreting OCGA § 10-1- 451 (b) expansively to prohibit the use of PruittHealth’s marks to identify its facilities and services in any way, as the company urges, would raise profound First Amendment issues. [...] “Much useful social and commercial discourse would be all but impossible if speakers were under threat of an infringement lawsuit every time they made reference to a person, company or product by using its trademark.” New Kids on the Block, 971 F2d at 307.

This isn't one of the more egregious examples of using IP protections to shut people up that we've seen. But the end result of PruittHealth's lawsuit -- had the appeals court's decision been allowed to stand -- would have been indistinguishable from the more hamfisted bullying efforts detailed at Techdirt over the years.

Read More | 4 Comments | Leave a Comment..

Posted on Techdirt - 9 December 2016 @ 2:46pm

US Government Gives $11,000 Back To College Student Three Years After The DEA Took It From Him

from the ABORT,-FAIL dept

Another high-profile asset forfeiture battle has resulted in the government relinquishing its claim on seized cash and returning it to its owner.

In February 2014, DEA agents took $11,000 from Charles Clarke at the Cincinnati/Northern Kentucky International Airport. The DEA claimed Clarke's luggage "smelled" like marijuana. It may have been right (Clarke was a recreational marijuana smoker), but it didn't even bother to get a second opinion from a drug dog. Nor did it find any drugs or paraphernalia when it searched Clarke and his baggage.

It did, however, declare the $11,000 in college funds Clarke had saved over five years to be drug money. So, it took the cash from him and sent him on his way.

Normally, the burden of proof falls on the person whose property has been taken. That's how civil asset forfeiture works. The government files a claim against the seized property, cutting the original owner of the property out of the loop as much as possible. Fortunately, the judge presiding over the forfeiture dispute shifted the burden back on law enforcement after finding Clarke to be a credible complainant.

"Frankly, the fella sounds like he's telling the truth," U.S. District Court Judge William O. Bertelsman said in a hearing over how much information the U.S. government should be required to turn over to Clarke's lawyers. "He's not changed his story once in all the depositions and testimony that he's given even under the threat of perjury."

Bertelsman also ordered the government to show proof that the seized money was the result of criminal activity. This was obviously going to be a problem for the government, considering all it had to work with was some luggage that carried a hint of marijuana odor. That, and Clarke's cash, which it was in no hurry to give up, especially since it had to split the take thirteen ways.

While no further details have been released, it's probably safe to assume the government never came up with the proof Bertelsman was looking for. The Institute for Justice -- which represented Clarke in this case -- is reporting that the government is returning the seized cash to the college student.

“The United States government has agreed to give Charles Clarke back every penny of the $11,000 it seized from him at the Cincinnati/Northern Kentucky International Airport in February 2014, plus interest. Charles is very pleased that he will get his life savings back and that the whole ordeal is now behind him.”

All it would take to combat many questionable seizures would be a shift in the burden of proof. The process makes it almost impossible for those whose property has been seized to mount a successful attempt to reclaim it. The filing of cases as "Gov't v. Property" allows the seizing agency to run unopposed (as it were), since the seized property can't speak for itself and the property owner is tied up in bureaucratic paperwork with strict time limits that is wholly reliant on the seizing agency properly notifying seizure victims of the whereabouts of their cash, etc.

If the government can't come up with criminal charges, it very likely cannot come up with proof the money is tied to illegal activity. But too few courts are willing to shift the burden of proof, leaving the government to indulge in its perverted incentives.

17 Comments | Leave a Comment..

Posted on Techdirt - 8 December 2016 @ 8:27am

Court Tells Family Services Worker 'I Don't Approve Of Your Lifestyle' Isn't A Valid Warrant Exception

from the seize,-search,-judge... dept

A very interesting (read: wtf) case from Texas [PDF] -- one that resulted in criminal charges of official oppression against a Dept. of Family and Protective Services employee -- posits that there may be yet another warrant exemption: the "I don't approve of your lifestyle and/or choices" exception.

This "exception" has often been used by actual parents when searching rooms/electronic devices of their children, but private searches usually don't violate the Fourth Amendment. Searches using the same moral prerogative, when performed by agents of the state, do.

The case involves a warrantless search of a 15-year-old's cellphone by Natalie Reynolds, a Department supervisor. The Sheriff's Department located the runaway teen (referred to only as "A.K." throughout the decision) and turned her over to Reynolds. Reynolds confiscated A.K.'s personal belongings, including her cellphone, which she then decided to search for a number of stated reasons -- none of which was allowable under state case law, much less the Supreme Court's Riley decision.

The Riley decision is only referenced in a footnote, as the illegal searches were performed in 2012, roughly two years before the Supreme Court arrived at its conclusion. But that didn't prevent the court from finding state precedent that upheld Reynold's conviction.

Reynolds' coworkers provided plenty of testimony against her, rebutting her assertion that her search and seizure of the teen's cellphone was somehow related to finding A.K. somewhere to live.

Kenny Stillwagoner, formerly with the Department, testified that he believed Reynolds, Ross, or both of them, took possession of A.K.’s cell phone without her consent. He also testified that Reynolds remained in possession of the cell phone because she believed it contained contact information for drug dealers. In addition, Edie Diane Fletcher, also formerly with the Department, testified that, when she contacted Reynolds about the situation regarding A.K.’s cell phone, Reynolds explained to her that she could not return the phone to A.K. because she believed A.K.’s cell phone contained contact information relating to drug dealers and that “they” needed to “finish their investigation.”

A.K. testified that she became very upset when Ross and Reynolds refused to return her cell phone and that both Ross and Reynolds looked through her cell phone. Further, A.K. testified that Ross and Reynolds retrieved information from her cell phone relating to Steve Lamb and Michael Watts, and there was no evidence presented that either of these men was considered as a potential placement option for A.K. In fact, A.K. had little, if any, information as to why she was questioned about her relationship to either man.

Reynolds tried to argue that her warrantless search of the cellphone was also somehow related to "exigent circumstances" -- that there was an "emergency regarding A.K.'s physical and emotional wellbeing." The state itself disagreed with Reynold's assertion.

The State maintains that Reynolds, as a representative of the Department, cannot claim that she acted in loco parentis or as A.K.’s de facto parent because she was “not acting as a ‘parent’ when she was searching [A.K.’s] phone. Instead, she was clearly acting as an investigator attempting to build a case for either herself or law enforcement.” The State points to Reynolds’ affidavit, arguing that it “reads like a veteran police detective interrogating a criminal suspect.”

Rather than show her purported concern for A.K.'s wellbeing, Reynolds spent most of her time with A.K. questioning her about drug use, drug paraphernalia, and drug sales. Also, contrary to her stated concerns about A.K. having no place to go, the state points out that a placement facility had already been found at the point Reynolds decided to take A.K.'s phone and search it for "drug evidence."

The court notes that there are a wealth of warrant exceptions available to state agents when performing searches. Reynold's opinion of A.K.'s lifestyle, however, isn't one that's been recognized by any court -- or anyone possessing a modicum of common sense, actually.

Based on precedent and this record, we conclude that A.K. had a reasonable expectation of privacy in her cell phone. Reynolds seems to claim, however, that, because A.K. had been known to use drugs and was allegedly having inappropriate relationships with adult men, that somehow changed A.K.’s expectation of privacy in her phone.

That's not how the Fourth Amendment works. And Reynolds' narrative about the phone's search somehow being related to caring for A.K.'s wellbeing doesn't hold up when compared to the facts.

Based on A.K.’s alleged behavior and lack of any known placement options at the time, Reynolds contends that she had an urgent responsibility to find A.K. a place to reside until the Department took custody of her and that she believed A.K.’s phone contained useful information that could assist her in that endeavor.


Had Reynolds wanted the cell phone for the purpose she claims, she would have had no reason to continue in possession of the phone once a placement facility for A.K. had been located. A.K.’s cell phone was not seized pursuant to an arrest, and there is no evidence of any warrant, court order, or consent to seize or search A.K.’s cell phone. Reynolds’ claim of exigent circumstances is not compelled by the evidence. For these reasons, we find that Reynolds’ actions were not authorized.

The conviction for official oppression is upheld. Oddly, as is pointed out at, this sort of behavior by law enforcement officers usually only results in suppression of evidence, rather than official oppression charges. Lots of wrongful arrests and warrantless searches would seem to fit the language of the statute once the officer's immunity has been stripped.

A public servant acting under color of his office or employment commits an offense if he:

(1) intentionally subjects another to mistreatment or to arrest, detention, search, seizure, dispossession, assessment, or lien that he knows is unlawful…

And yet, this charge is almost never brought, much less successfully prosecuted -- yet another way law enforcement operates at a lower level of culpability than the rest of the government. And far, far lower than what is expected of the citizens they serve.

Read More | 29 Comments | Leave a Comment..

Posted on Techdirt - 7 December 2016 @ 2:47pm

Cops Who Repeatedly Treated Refusal As Consent Watch Their Seized Evidence Vanish

from the 'just-say-no'-campaign-fails-again dept

Some people just don't work well without direct supervision. When not responding to calls, officers are often left to their own discretion. Some do well with this freedom. Others… well, others do this sort of thing. [PDF]

Officers Biandudi and Wyle were patrolling a Pinellas County neighborhood in a marked police car. They saw twelve-year-old F.C. and his friend, Pedro, playing in the grassy common area of their mobile home park. Officer Biandudi testified that the boys looked like they were just playing around and having fun. He saw nothing alarming. Nevertheless, he pulled over and stopped the patrol car. He and Officer Wyle exited the car. They were uniformed and armed. They approached the boys and asked if they could search them. The boys consented. The officers found small amounts of marijuana on each boy. The State charged each with possession of cannabis.

No probable cause, much less reasonable suspicion. Just a couple of cops with nothing better to do and a couple of easy targets -- ones they knew from previous, apparently questionable interactions -- out in the open.

A motion to suppress the evidence was rejected by the lower court. The court expressed dismay at the officers' actions but still felt there was no precedent to support suppression.

There is no case law in here that says that if a person feels like they have no choice, then they're coerced. . . . .

[T]he reason why he felt that he needed to do it was because the officers had on a uniform and he felt that if he would have said no that it was going to happen anyway. But there's no case law that you've given me that said if a person says yes and they're saying yes because an officer has on a uniform that they have been coerced into doing that.

Both boys testified they felt compelled to consent to the search. More importantly, they felt that refusing consent -- which was well within their rights -- was futile. According to their previous experiences with these same officers, refusal had never resulted in them being left alone. Searches were performed anyway.

The Florida appeals court disagrees with the lower court's assessment, fortunately. Citing case law the teen's defense lawyer apparently couldn't locate, the appeals court notes that the state must reach a higher bar when claiming to have obtained consent from juveniles for searches. The state didn't meet it here. The lower court's inability to locate supporting case law caused it to arrive at the wrong conclusion: that the juveniles should have known they could have refused consent -- placing the burden on the juveniles for not trying harder to deter the officers from obtaining consent.

The appeals court points out that this conclusion misses a very key aspect of this interaction -- and others -- between the teens and these two police officers. The juveniles knew they could refuse consent. They also knew it would make no difference.

Here, in addition to F.C.'s young age, he and Pedro both testified that these same officers searched him in a previous encounter, ignoring F.C.'s refusal to be searched. The trial court considered these circumstances and concluded that F.C. and Pedro were not "green" because they had been stopped and searched before. The implication is that where juveniles have experience with law enforcement, they will know their rights. However, the opposite applies here—their experience taught them that saying no would not deter the police.

It doesn't matter if you know your rights when the police are just going to ignore them. That's what these two boys had concluded from their multiple interactions with these two officers. Refusing consent was no different than giving it. The appeals court gets it right: suppressing evidence is a deterrent to police misconduct, and these two officers are severely in need of judicial discouragement.

Read More | 33 Comments | Leave a Comment..

Posted on Techdirt - 7 December 2016 @ 1:03pm

Law Passed To Protect Customers From Non-Disparagement Clauses And Other Ridiculous Restrictions

from the back-to-bogus-libel-lawsuits-then,-I-guess dept

Sitting on the president's desk is a bill [PDF] that will finally prevent companies from tying customers up with restrictive contracts at the point of purchase -- including forbidding the insertion of non-disparagement clauses. The bill is called the Consumer Review Fairness Act, but it might as well be called the KlearGear Act, after the infamous tech toy also-ran that gained international notoriety after it ran a customer's credit rating into the ground attempting to collect a $3,500 fee for violating a non-disparagement clause it inserted into its Terms of Use after the customer had already posted her negative review.

There are any number of existing applications for the bill once signed into law. Companies are still including non-disparagement clauses in contracts, despite there being ample evidence all it really does is generate massive amounts of disparagement from parties not bound by the contractual language. It's basically a pre-emptive federal anti-SLAPP law narrowly focused on protecting consumers from litigious companies who feel the "service" part of "customer service" involves a process server. (That being said, there's nothing stopping companies from filing bogus libel lawsuits over negative reviews -- one of many reasons there needs to be a federal anti-SLAPP statute.)

But that's not the only thing the law will prevent. The language will also keep companies from placing a bunch of restrictions on customers as a thank you gift for choosing to do business with them. Paul Alan Levy of Public Citizen points to another all-too-frequent abuse of customers this law will address.

Readers of this blog may recall an article that I posted in late September, taking issue with a proposed contract that the local professional soccer team has transmitted to season ticket holders who are in the process of renewing their season tickets for the coming season. My concern that the contract includes language in which fans waive the right to post “in any media any description, account, picture, video, audio or other form of reproduction of any D.C. United game or any surrounding activities.” Regrettably, despite many fans having objected to the proposed contract, to the extent of telling team sales people that they won’t be renewing if signing this contract is required, and even though the team tried to deflect the adverse coverage by saying that its lawyers would be looking at possible changes to the contract language. However, late last week the team sent out the same contract for signature, and told me privately that the lawyers had decided not to make any changes because the language is “industry standard.”

Nothing says "thanks for supporting our team" like "shut up and stop talking about us." DC United wants to retain strict control of its social media presence, apparently feeling that any "social" aspect should be solely restricted to the official channels. With the new law in place, the ridiculous "industry standard" will no longer be legal. Presumably, this also means it will no longer be the "industry standard."

Levy points out that the law has received the most attention for its banning of non-disparagement clauses, but it's also written to address this sort of contractual overreach.

[I]t forbids a form contract that “prohibits or restricts the ability of an individual who is a party to the form contract to engage in a covered communication,” Section 2(b)(1)(A), and defines “covered communication” to include any “ written, oral, or pictorial review, performance assessment of, or other similar analysis of . . . the goods, services, or conduct of a person by an individual who is party to a form contract.” Section 2(a)(2). The DC United contract that forbids fans from posting written descriptions or pictures of a game (that is, a review or performance assessment of the team’s conduct) is squarely within the law’s prohibition.

While companies should take care to protect their intellectual property and reputations, this can all be accomplished without forcing customers to accept ridiculous restraints in exchange for a product or service. Companies may point to such concerns when writing these clauses, but underneath it all, it's usually just an attempt to control public perception -- either by discouraging negative reviews or shutting down social media postings that don't align with the official company narrative.

Read More | 14 Comments | Leave a Comment..

Posted on Techdirt - 7 December 2016 @ 8:36am

Law Firm That Sued 20-Year-Old Crash Victim Over Negative Review Now Owes $26,831 In Legal Fees

from the stop-SLAPPing-yourself dept

After being insulted online by a 20-year-old student with back injuries resulting from a collision with a drunk driver, the Khuu law firm of Houston, Texas, claimed it "had no choice" but to burn its already-questionable reputation to the ground file a $100,000+ defamation lawsuit.

Like many other entities, the Khuu law firm felt the best response to a negative review was to get litigious. Unlike many other entities, the Khuu Law firm presumably employed actual lawyers with actual knowledge of actual laws. Presumably. If so, it overrode this knowledge to engage in litigation featuring the internet's favorite tort: "Yelp review I didn't like."

According to Lan Cai -- the student who had the misfortune of initiating contact with Khuu -- a representative from the office showed up at her house unannounced and questioned her while she was still in her underwear. Shortly after making a bad first impression, the company made a bad second impression by ghosting its new client. Lawyers at the firm only seemed interested in engaging with Cai when they had a lawsuit to serve.

Backlash ensued and the Popehat Signal was (unofficially) lit. Houston attorney Michael Fleming picked up Lan Cai's case pro bono and has now obtained an anti-SLAPP judgment in favor of his client. Joe Mullin of Ars Technica reports:

Fleming filed a motion arguing that, first and foremost, Cai's social media complaints were true. Second, she couldn't do much to damage the reputation of a firm that already had multiple poor reviews. He argued the lawsuit was a clear SLAPP (strategic Lawsuit Against Public Participation). Like many states, Texas has a law allowing for SLAPP suits to be thrown out at early stages of litigation.

Ultimately, the judge agreed with Fleming, ordering [PDF] the Khuu firm to pay $26,831.55 in attorneys' fees.

The news of the firm's loss has resulted in a second wave of one-star reviews at Yelp -- one of those side effects litigious entities fail to consider before lunging forward with "might makes right" legal bullying. At this point, the Khuu law office is best known for:

(a) mistreating a potential client with a broken back, and

(b) losing a lawsuit.

Neither of these is going to help it attract new customers. If it had just left it alone, its reputation -- while never stellar -- wouldn't have been destroyed completely.

Read More | 17 Comments | Leave a Comment..

Posted on Techdirt - 7 December 2016 @ 3:36am

Convicted FBI Sting Target Challenges Investigation, Domestic Surveillance; Ends Up With Nothing

from the entrapment-will-continue-until-national-security-improves dept

The Ninth Circuit Court of Appeals has upheld [PDF] a terrorism conviction, despite its own concerns about the government's behavior during the investigation. (h/t Brad Heath)

Mohamed Osman Mohamud appealed his conviction for attempting to detonate a bomb during a Christmas tree lighting ceremony in Portland, Oregon, raising several arguments -- one of those being entrapment. But the court had this to say about the FBI's sting operation.

The panel held that the district court properly rejected Mohamud’s defense of entrapment as a matter of law. The panel could not say that no reasonable jury could have concluded that Mohamud was predisposed to commit the charged offense. Rejecting Mohamud’s alternative argument that the case should be dismissed because the government overreached in its “sting,” the panel wrote that while the government’s conduct was quite aggressive at times, it fell short of a due process violation.

As we've noted here before, courts have given the government plenty of leeway in its investigations. Entrapment is a popular defense but even the DEA's predilection for setting up desperate rubes to rob fake stash houses (and asking for sentences based on imaginary quantities of nonexistent drugs) has seldom been troubled by defendants' challenges. The courts have also ordained much, much more questionable tactics, like the FBI's creation of a child porn catalog it mailed to sting targets -- even going so far as to "fulfill" the recipients' orders. This predated the FBI's current courtroom difficulties resulting from its stint as the administrators of a seized child porn website, which it kept operational for two weeks while it deployed its hacking tool.

Mohamud's experience with the FBI began in an unlikely way: with a phone call to the agency from his parents.

His father begged him to stay in the United States, but Mohamud told him it was too late—he had his passport, visa, and ticket ready to go. When his parents confirmed that his passport was missing, they feared that Mohamud might return to Somalia, his place of birth. And when they could not reach Mohamud, they called the FBI and asked an agent to stop their son from leaving the country. Eventually, Mohamud’s mother got in touch with her son, scolded him, and brought him home. Mohamud did not actually have a visa or plane ticket, and he returned his passport to his parents.

A few days later, Mohamud’s father called the FBI agent back and told him that Mohamud had agreed to finish college and would not leave the country until he graduated. He also explained that his son had wanted to go to Yemen to study Arabic and Islam. Mohamud’s father forwarded the FBI an email from his son about a school in Yemen, which allowed the FBI to identify Mohamud as the user of the truthbespoken email account.

Using that email account, the FBI began looking into Mohamud. One of the investigative tools it utilized was communications collected by the NSA's Section 702 program. The use of these communications was also challenged by Mohamud.

The FBI's initial impression of Mohamud, after being contacted by his parents, was that he was no threat -- just a mixed-up college kid going through some ideological growing pains. But rather than leave him alone and let his parents keep an eye on him, the FBI decided to make him a sting target. Its first attempt went nowhere. Communications between Mohamud and "Bill Smith" tapered off as Mohamud apparently tried to shift his focus back to his studies.

The FBI kept going. It sent two more informants after Mohamud to determine how serious he was about participating in a terrorist attack. Mohamud seemed enthusiastic about the idea, but the details and funding all came from the undercover agents. This makes it seem unlikely Mohamud would have done anything on his own. Worse, the FBI took a tip from Mohamud's parents and rather than steer him away from terroristic leanings, it decided to turn him into a sting target.

Still, there was no entrapment, according to both courts who have reviewed the case. Mohamud showed his own inclination to commit terroristic acts -- both in terms of previous writings and statements made to undercover agents. Combined with the courts' deference to the means and methods of investigative agencies, Mohamud's entrapment defense fails.

The Section 702 evidence similarly has no effect on Mohamud's conviction. This evidence was introduced belatedly by the government, but the Appeals Court finds its late arrival wasn't prejudicial to Mohamud's defense. It's interesting that it showed up late, considering the government always had access to it. There appears to have been plenty of behind-the-scenes discussion within the government as to whether or not it actually wanted to use this "702-derived" evidence in court.

The introduced 702 evidence poses no Fourth Amendment concerns according to the Ninth Circuit.

Although § 702 potentially raises complex statutory and constitutional issues, this case does not. As explained below, the initial collection of Mohamud’s email communications did not involve so-called “upstreaming” or targeting of Mohamud under § 702, more controversial methods of collecting information. It also did not involve the retention and querying of incidentally collected communications. All this case involved was the targeting of a foreign national under § 702, through which Mohamud’s email communications were incidentally collected.

What Fourth Amendment concerns exist, the court seems barely troubled by them. It trusts the government has procedures in place to minimize incidentally-collected communications and, in any case, would scale back the Fourth Amendment's protections to make room for more national security.

However, the mere fact that more communications are being collected incidentally does not make it unconstitutional to apply the same approach to § 702 collection, though it does increase the importance of minimization procedures once the communications are collected.


The panel held that Foreign Intelligence Surveillance Court-approved targeting and minimization procedures, which were followed in practice, sufficiently protected Mohamud’s privacy interest, in light of the government’s compelling interest in national security.

The court sums everything up this way -- implying that it's still not altogether comfortable with the government's decision to steer an impressionable person down the path towards terrorism, rather than pull him back, especially when the originating tip was a call from concerned parents.

Many young people think and say alarming things that they later disavow, and we will never know if Mohamud—a young man with promise—would have carried out a mass attack absent the FBI’s involvement. But some “promising” young people—Charles Whitman, Timothy McVeigh, and James Holmes, to name a few from a tragically long list—take the next step, leading to horrific consequences. While technology makes it easier to capture the thoughts of these individuals, it also makes it easier for them to commit terrible crimes. Here, the evidence supported the jury’s verdict, and the government’s surveillance, investigation, and prosecution of Mohamud were consistent with constitutional and statutory requirements.

Marcy Wheeler -- covering Mohamud's sentencing two years ago -- sums it up this way, pointing out that the FBI and other government agencies seem more willing to blow taxpayer cash on mostly-pointless prosecution rather than do anything that might actually counter violent extremism.

So 5 years after Mohamud’s father called the FBI, asking them to help divert his son from his interest in Islamic extremism, the government put Mohamud away for the better part of the rest of his life. Even assuming Mohamud only serves two-thirds of his sentence and pretending inflation doesn’t exist, taxpayers will pay $678,600 to incarcerate Mohamud, on top of the money spent on his 4-year prosecution and the at-least 18 months of informants and undercover officers pursuing the then-teenager.


If the US can’t imagine a better response when a father calls for help but to spend 18 months catching his son a sting, we can roll out CVE [countering violent extremism] programs every other month and we’re not going to earn trust among the communities we need to.

Engaging with communities seems to rarely be an option -- whether it's the FBI or local police department with a long track record of discriminatory policing. Turning the most impressionable members of these communities into informants or sting targets seems to be the only thing the FBI's actually willing to do, which doesn't seem to be having much of an effect on worldwide terrorism.

Read More | 22 Comments | Leave a Comment..

Posted on Techdirt - 6 December 2016 @ 2:54pm

Ross Ulbricht's Lawyers Uncover Evidence Showing His Silk Road Account Was Accessed While He Was Imprisoned


The government's Silk Road prosecution is the gift that keeps on giving. On its way to a life without parole sentence for the man behind the dark web drug marketplace, nearly everything that possibly could have happened actually happened.

As more evidence flowed in, more dirt on both sides of the prosecution was uncovered. The government appeared to engage in parallel construction to cover up evidence likely obtained by the NSA. (But the only reason for the coverup would be to protect the NSA's "means and methods," not to provide some sort of Fourth Amendment sanitizing. The Silk Road server was located in Iceland, somewhere the NSA could have performed an interception without troubling its domestic restrictions.)

It also emerged that government investigators had engaged in plenty of illegal activities of their own, including stealing Bitcoin, freezing accounts, and setting up a sting operation designed to rope Ross Ulbricht into hiring someone to kill a thieving employee… apparently set up by the same DEA agent engaged in the theft.

Also uncovered during the trial was the fact that the government had paid Carnegie Mellon researchers to develop a method to de-anonymize Tor users.

Now, there's this, reported by Jason Koebler of Motherboard:

Attorneys for Ross Ulbricht, the man convicted of running the Silk Road online drug marketplace under the pseudonym “Dread Pirate Roberts” say they’ve discovered evidence that someone logged into the Dread Pirate Roberts account on the Silk Road forums six weeks after Ulbricht was arrested. Ulbricht was in federal custody at the time.


Ulbricht was arrested on October 2, 2013. The Silk Road marketplace was taken down that same day, but the forums stayed up until November 22. His attorneys say that someone logged into the DPR account on the forum November 18.

These new details were uncovered by forensic analysts who studied backups of the Silk Road forums that were entered as evidence by the government during Ulbricht’s first trial. Ulbricht’s attorneys Dratel and Lindsay Lewis say that government tampering calls into question the evidence used to convict Ulbricht.

This could mean a few things. One possibility is that law enforcement agents continued to operate and access DPR's account after the investigation had concluded. Or it may point to one of Ulbricht's original defenses: that someone else actually ran Silk Road. It may be that Silk Road was run by multiple people, but the government was only able to track down Ulbricht.

Ulbricht's attorney seems to believe it's the last possibility on that list:

It’s unknown whether other Silk Road administrators had the username and password for the DPR account, whether there actually were other “real” DPRs, or whether government officials were somehow able to get the DPR login credentials.

“They had access only to Ross’s laptop,” Lewis told me. “I don’t think they had access to the login credentials.”

It could very well be that the government believes there were multiple DPRs, but felt that one DPR was more than enough for the purposes of prosecution. If so, its handling of this case echoes that of journalist Matthew Keys, who the government hung out to dry over 40 minutes of website defacement performed by someone else. Zero effort has been made to punish those who actually participated in the small-scale hacking of the LA Times website. The government seemed more than satisfied to let Keys carry all of this weight on his own.

This new information doesn't make the government's case look any more solid. Plenty of government deception and misconduct was uncovered during the trial and yet it was still able to obtain a life without parole sentence for Ulbricht and a $184 million fine. Now it looks like the government may have rung up the wrong Silk Road mastermind… or more likely, only one of them. The best case scenario for the government is that it was one of its own logging in and looking around, although it will still have to explain how it got ahold of Ulbricht's login info.

18 Comments | Leave a Comment..

Posted on Techdirt - 6 December 2016 @ 3:24am

How 'Just Metadata' Helped Ruin A Career Diplomat's Life

from the silent-killer dept

Those defending bulk domestic surveillance have dismissively referred to the take as "just metadata." To many people, this likely seems acceptable. It's nothing but call records... or so it often seems. But "just metadata" is actually surveillance state slang for almost anything that can be obtained without a warrant or subpoena -- which includes anything the government considers to be a "third party record," like financial transactions and historical cell site location data.

"Just metadata" is actually a dangerous thing when left in the hands of intelligence agencies. It's what turned State Department advisor Robin Raphel's diplomatic work with Pakistani officials into a severely misguided -- and severely intrusive -- espionage investigation. A series of blundering investigations into people who had done nothing wrong resulted in the DOJ changing its investigative guidelines, but not before Raphel's house was raided (twice) by the FBI and her reputation severely damaged.

In the end, the government had nothing left of its espionage investigation but a single allegation that Raphel kept classified documents at her home. (Not that she shared them with anyone, unlike General Petraeus, who suffered a mild wrist slap and was temporarily considered for a Trump cabinet position.) In the beginning, though, it was all "just metadata."

In February 2013, according to law-enforcement officials, the FBI received information that made its agents think Raphel might be a Pakistani mole.

The tip came in the form of intercepted communications that suggested Raphel had shared sensitive inside information without authorization. Two officials said this included information collected on wiretaps of Pakistani officials in the U.S.


Investigators began what they call “circling the target,” which means examining the parts of Raphel’s life they could explore without subpoenas or warrants.


One of the first things they looked at was her “metadata”—the electronic traces of who she called or emailed, and also when and for how long. Her metadata showed she was in frequent contact with a host of Pakistan officials that didn’t seem to match what the FBI believed was her rank and role.

The reason Raphel worked outside of her "rank and role" was because staying within the system meant dealing only with Pakistani officials who would be unable or unwilling to part with useful information. Raphel had plenty of experience in dealing with Pakistan's often-volatile relationship with the US -- something that had been strained even further by President George W. Bush's anti-nuke sanctions and President Obama's increasing reliance on drone strikes, including one that mistakenly killed 24 Pakistani troops, rather than the target the US was seeking.

Raphel may have operated outside of her "rank and role," but she was still aligned with the US's goals, rather than pursuing her own agenda. Apparently, nearly four decades of service to the US government meant nothing. Spurred on by the Snowden leaks, the FBI had a renewed interest in hunting down potential "threats." This is what moved the investigation from mere metadata to something far more intrusive.

After months of circling the target, FBI supervisors decided it was time to delve deeper. To monitor Raphel’s private conversations with Lodhi and other contacts on Skype, the FBI obtained a warrant from the Foreign Intelligence Surveillance Court—a decision approved at the highest levels of the FBI and the Justice Department.

The FBI used these communications to build a case against Raphel. It still had nothing that showed criminal intent or actually anything resembling wrongdoing. But it did -- with its limited experience in dealing with diplomatic targets -- feel something wasn't quite right. It had lots of "smoke" but no "smoking gun," according to a former FBI official. It dumped a bunch of "smoke" into an affidavit and secured a "sneak and peek" warrant for Raphel's home. After an extensive search, it managed to locate a 20-year-old file related to Raphel's "Diplomatic Security" investigation. Something of little consequence to anyone -- especially this far removed from its originating date -- was used to justify the FBI's more intrusive search later, one that resulted in Raphel's electronic devices and computers being seized.

The search also led to perhaps the most incongruous question Raphel had ever been asked.

Two FBI agents approached her, their faces stony. “Do you know any foreigners?” they asked.

Raphel’s jaw dropped. She had served as a diplomat in six capitals on four continents. She had been an ambassador, and the State Department’s assistant secretary for South Asian affairs. Knowing foreigners had been her job.

“Of course,” she responded, “Tons…Hundreds.”

This was followed by more FBI activity that bore the unmistakable imprint of recently-installed director James Comey. The FBI routed its inquiries with the State Department to someone who wouldn't talk to anyone else about its actions. It forbade the State Department from informing Raphel's coworkers why she wouldn't be returning to work while simultaneously leaking news of the investigation to the New York Times.

The FBI finally began talking to other State Department officials and employees, most of whom felt they had to explain how diplomacy actually worked. They didn't like what they saw in the FBI's "mole-hunting" effort.

At times, Raphel’s colleagues pushed back—warning the FBI that their investigation risked “criminalizing diplomacy,” according to a former official who was briefed on the interviews.

The interviews undercut the FBI's narrative, but it did nothing to slow the agency's roll towards an indictment. The DOJ, however, seemed less sure of the merits of a prosecution. But it also did little to head the FBI off. Meanwhile, Raphel not only lost her career but also her life savings.

Raphel heard nothing for months from the FBI. She had already spent about $100,000 on legal fees, which she paid by tapping into her savings, but the bills were piling up. Jones set up a legal-defense fund and 103 of Raphel’s friends and colleagues, mostly from the State Department, donated nearly $122,000.

The 20-year-old document on which the prosecution hinged could very well have been declassified while the government pursued a conviction, leaving it with nothing but thousands of taxpayer dollars spent and the embarrassment of being unable to determine the difference between diplomatic activity in volatile outposts from actual espionage.

The charges were finally dropped in March of this year. To date, Raphel's security clearance is still revoked and her career as a diplomat is effectively over. This is what "just metadata" -- along with a newfound enthusiasm for hunting down "insider threats" -- can do to a person who spent nearly 40 years serving their country.

74 Comments | Leave a Comment..

Posted on Techdirt - 5 December 2016 @ 2:42pm

Governor Vetoes Bill That Would Have Allowed Agencies To Withhold Names Of Officers Who Deploy Deadly Force

from the legislators-forced-to-lower-middle-fingers-previously-extended-to-public dept

Last month, Pennsylvania legislators wrapped up a little gift for the state's law enforcement agencies: a bill that would have allowed agencies to withhold the names of officers involved in deployments of deadly force for at least 30 days. This was just the mandatory withholding window. The bill never stipulated a release date past that point, meaning "never" was also an acceptable time frame.

The normal concerns for "officer safety" were given as the reason for the new opacity. Rather than see disclosure as an essential part of maintaining healthy relationships with the communities they served, law enforcement agencies saw disclosure as just another way to hurt already very well-protected officers.

The DOJ itself -- often a defender of entrenched police culture -- recommended a 72-hour window for release of this information. State legislators, pushed by local police unions, felt constituents would be better served by being kept in the dark. Given the back-and-forth nature of public sentiment, it was unclear how Governor Tom Wolf would react to the passed proposal.

Fortunately, Governor Wolf has seen the bill for what it is: something that further distances police officers from the people they serve. In a letter [PDF] announcing his veto of the bill, Wolf points out the law would have done far more harm than good. (via PINAC)

Government works best when trust and openness exist between citizens and their government. I cannot agree to sign this bill, because it will enshrine into law a policy to withhold important information from the public.

The legislation as drafted would prevent the disclosure of a police officer's name in a situation where an officer takes the life of an unarmed person. These situations in particular -- when law enforcement uses deadly force -- demand utmost transparency, otherwise a harmful mistrust will grow between police officers and the communities they protect and serve. Transparency and accountability are required of all public employees, but this bill ignores the reality that a police officer is a public employee.

Wolf also points out that law enforcement agencies aren't being served by this bill either. The bill would make it illegal to release officers' names before thirty days have elapsed, even if individual agencies feel an earlier release would defuse tensions and/or protect uninvolved officers from being subjected to unfocused criticism or abuse.

The proponents of the bill have little concern for community relationships nor the well being of uninvolved officers. All they want to do is add more opacity to law enforcement and erect a stronger shield over some of the government's most problematic employees. Fortunately, the state's governor saw the damage the bill would create and refused to become part of the problem.

Read More | 17 Comments | Leave a Comment..

Posted on Techdirt - 5 December 2016 @ 11:45am

Internet Archive Calls Out FBI For Using Outdated NSL Boilerplate; Scores Removal Of Gag Order

from the shame:-the-universal-motivator dept

One of the reforms included in the USA Freedom Act is the actual ability to challenge National Security Letter gag orders. Prior to the passage of this bill, recipients were limited to challenging gag orders once per year -- challenges that rarely succeeded. The process is no longer restricted to annual challenges, but many recipients won't be aware of this fact because the FBI hasn't been interested in telling them.

The Internet Archive -- with the assistance of the EFF -- has managed to lift a gag order on an NSL it received. This NSL [PDF], like the thousands of NSLs the FBI issues each year, came with outdated information regarding recipients' options for challenging gag orders.

The NSL we received includes incorrect and outdated information regarding the options available to a recipient of an NSL to challenge its gag. Specifically, the NSL states that such a challenge can only be issued once a year. But in 2015, Congress did away with that annual limitation and made it easier to challenge gag orders. The FBI has confirmed that the error was part of a standard NSL template and other providers received NSLs with the same significant error. We don’t know how many, but it is possibly in the thousands (according to the FBI, they sent out around 13,000 NSLs last year). How many recipients might have delayed or even been deterred from issuing challenges due to this error?

Having been caught using outdated boilerplate, the FBI will now be sending out thousands of correction letters [PDF]. It's not as though the FBI wasn't aware of the changes in the laws governing NSLs. It likely found it more conducive to its secrecy aims to allow the old boilerplate to remain until recipients caught on.

Not only will the FBI be updating its NSL boilerplate, but it has apparently been shamed into transparency… at least in this particular case. The gag order on this NSL has been dropped and the Internet Archive is allowed to publish the redacted request.

The request asks for all personal information related to the targeted accounts from "inception to present." But there's another problem with the request which goes beyond outdated boilerplate. As the EFF's letter to the FBI [PDF] points out, the Internet Archive isn't the sort of entity the FBI can actually serve an NSL to.

18 U.S.C. 2709 is inapplicable to the Archive in this matter because the Archive is a library. Under 2709(g), the FBI cannot issue an NSL demanding records -- or imposing a nondisclosure requirement -- to libraries unless they are providers of wire or electronic communications services. The NSL does not specify which of the Archive's services it seeks records from and thus does not identify any context in which the Archive is a provider of a wire or electronic communication service.

The letter also points out that the FBI's gag order is unconstitutional prior restraint, something that runs contrary to the First Amendment. Of course, it's one thing for an NSL recipient to make this allegation. It's quite another to have it confirmed by a federal court. The EFF's constitutional challenge of NSL gag orders is currently awaiting review by the Ninth Circuit Court of Appeals. Whatever conclusion the court arrives at, there's little doubt that it will ultimately make its way to the US Supreme Court. Whether or not the Supreme Court decides to address it is likely still at least a year or two away.

But the voluntary lifting of a gag order by the FBI is a positive development -- one that suggests the more these orders are challenged, the more often the government will discover its demands for indefinite secrecy are rarely supported by the facts of the case.

Read More | 15 Comments | Leave a Comment..

Posted on Techdirt - 5 December 2016 @ 8:29am

Court Case Management Software Upgrade Results In Bogus Felony Convictions, Wrongful Arrests

from the patch-notes-to-be-entered-as-evidence-in-inevitable-civil-lawsuit dept

Software updates are seldom painless. The history of the Windows operating system is littered with stories of computers/programs bricked by auto-update patches and OS iterations. They're not much fun on the IT end either, especially when businesses depend on functioning computers/programs for pretty much everything. An enterprise-level OS upgrade can take days or weeks -- and that's not counting the aftershocks which continue for months after as every interdependent application finds new and exciting ways to clash with the upgraded system software.

Days, weeks, months chewed up by an upgrade. It's horrible, but hey, at least you're still relatively free to step outside periodically and/or exit the building when you've had enough for one day. It could be much much worse.

Take the example of Andrew.

It was Saturday and he was woken up with a start by his mother. There were four officers at the front door and he was about to be arrested.

"I’d only had four hours sleep and I’m only wearing gym shorts,” he recalled.

“I’m thinking, what happened? I was completely confused.”

Unbeknown to his parents, 24-year-old Andrew - not his real name - had recently finished a six-month drug programme after he was caught in possession of marijuana and ecstasy.

Which is why he was so confused. It was his first offence and he had done the course as asked. A judge had then told him the case had been dismissed.

“I did what I was supposed to."

But the court’s new computer system had other ideas and Andrew was put into a police car and driven off to jail.

The computer system is Odyssey, California's new case management software. So far, attempts to integrate it with the existing system have resulted in multiple rejections of the donor. If this had only resulted in a less smoothly-flowing bureaucracy, that would be one thing. Instead, it's ruining people's lives.

The company behind it -- Tyler Technologies -- calls the transition "challenging." That's one way to put it -- a way that only those not adversely affected by the transition can put it. To those on the receiving end of a raft of new case management errors, the transition can more accurately be described as "nightmarish." In addition to the case described above, the upgrade has resulted in wrongful arrests, incorrectly extended sentences, and misdemeanor offenses being reclassified as felonies.

Nothing on this list of problems could be considered a harmless error. The last one on the list could result in job hunters, prospective tenants, parents in custody battles, etc. being kicked to the curb when their moving violations show up in background check systems as serious felonies.

On the plus [?] side, Odyssey's malfunctioning software has also managed to produce a few criminal justice "winners."

Alameda County is not the only area to have struggled with Odyssey. Similar problems have been reported in Tennessee and also in Indiana - where prosecutors have had a perhaps more troubling issue of inmates being mistakenly released early.

The software will continue to be upgraded and lives will be bricked. Those the software has determined need more time served or felonies added to their record are pretty much on their own. Alameda County public defender Brendon Woods is fielding as many cases as he can, but he seems to be one of the only ones interested in assisting victims of a "challenging" system upgrade. The county itself isn't offering anything to these victims and the software company certainly doesn't want to open itself up to liability by admitting any culpability in this debacle.

The criminal justice system barely works. The last thing it needs is software that makes this even worse.

25 Comments | Leave a Comment..

Posted on Techdirt - 5 December 2016 @ 6:27am

UK Police Circumventing Cellphone Encryption By 'Mugging' Suspects While Their Phones Are Unlocked

from the snatch-and-grab dept

UK police are experimenting with a new brute force technique to defeat cellphone encryption:

Undercover surveillance officers trailed Yew and waited for him to unlock his phone to make a call - thereby disabling the encryption.

One officer then rushed in to seize the phone from Yew's hand - just as would happen in a criminal mugging. As his colleagues restrained the suspect, the officer continually "swiped" through the phone's screens to prevent it from locking before they had downloaded its data.

So, it's come to this: lawful mugging. Still, it's not a terrible solution to the problem. Sometimes the best methods are lo-tech, as anyone swinging a $5 Password Acquisition Tool can tell you.

This method will work in the UK. It may not in the US. UK law enforcement would likely find compelling a suspect to unlock a device a long and possibly fruitless endeavor, but there's no Riley decision standing in the way of seizing/searching phones on the hoof (as it were).

Courts here in the US have interpreted the Supreme Court's Riley decision in diverse ways, but a motion to suppress evidence might succeed if US law enforcement began engaging in this novel form of encryption circumvention. In one case, a judge found that simply opening a flip phone constituted a search under Riley. Keeping a phone "alive" until evidence can be retrieved from it might run afoul of the Fourth Amendment, even if the seizure itself is completely lawful.

It's still a better idea than making encryption backdoors mandatory or requiring device manufacturers to make a second set of keys for the government. The solution isn't elegant but it works. And it will only work in certain circumstances, so there's not much potential for abuse. It might encourage rougher arrests than usual, if only to separate the cellphone from the suspect, but the small number of arrests where this process would work shouldn't result in a sharp uptick in excessive force deployment.

This is a technique US law enforcement should definitely look into. While I'm sure most agencies would prefer a precedential court decision compelling decryption or a legislative mandate, this alternative would allow police officers to end up with fewer inaccessible phones.

There are other benefits as well -- some that could positively affect community relations. The arrest of a suspect in conjunction with the seizure of potential evidence could make related searches far less destructive. With the suspect out of the way, searches of homes/places of business wouldn't necessitate a barrage of flashbang grenades and the tearing of new entryholes by predawn raiding parties in SWAT gear. Sure, this less violent approach to serving search warrants won't appeal to officers who find the real military too restrictive but still harbor a desire to carry a gun and pretend they're participants in a war. But that's actually a good thing.

In addition, arrests of suspects out in the open should lower the chance of violent resistance. People tend to expect the arrival of police officers at their residence -- not so much when they're going about their daily, noncriminal business.

If efforts to keep seized phones alive until a search warrant arrives (or: novel idea -- get one first!) adhere to the Riley decision, the "going dark" problem isn't quite as all-encompassing as it's frequently been portrayed. (Even without this method, the "threat" of phone encryption has been greatly overstated.) It's tough to believe "mugging" might be the lesser of law enforcement's desired anti-encryption evils, but that's the reality of the situation.

47 Comments | Leave a Comment..

Posted on Techdirt - 5 December 2016 @ 3:26am

Encryption Survey Indicates Law Enforcement Feels It's Behind The Tech Curve; Is Willing To Create Backdoors To Catch Up

from the trading-brute-force-for-extra-keys dept

To get a general feel for European law enforcement encryption sentiment (so to speak), the European Union sent questionnaires to member countries, asking for details on what forms of encryption are encountered most frequently and what these agencies feel would be the best approach to tackling encrypted data going forward.

Surprisingly, the EU received several responses and most have been published in full. (The list of PDFs/HTML versions can be found near the bottom of this page.) They were issued in response to a public records request by Rejo Zenger of Dutch digital rights group, Bits of Freedom.

Security researcher Lukasz Olejnik went through the posted documents to find the highlights/lowlights of the submissions. Several countries responded to the EU's questionnaire, but only twelve of those made their answers public. (And, in the case of the UK and the Czech Republic, some answers were redacted.)

Most responding agencies in most countries are running into the same encryption issues.

Countries point to difficulty of tackling encrypted data, in particular: encrypted data at rest (using solutions such as TrueCrypt),encrypted data in transit (e.g. SSH, HTTPS, Tor), use of instant messengers such as Skype, WhatsApp, etc., and encrypted mobile devices

Countries disclose they lack resources such as technology, money or personnel, to effectively fight cybercrime

But not every country treats encryption "problems" the same way. A few didn't consider HTTPS to be an encryption form worth noting, perhaps because it doesn't cover the sort of data or communications they frequently target.

Others, like agencies in Italy (in an ALL CAPS reply), aren't so much worried about encrypted data in transit as much as they are worried about very specific data at rest, located in very specific consumer devices.


Hmm. I wonder which "major devices company" that would be? It seems this same "devices company" also thwarts law enforcement's wiretap efforts...



...aaaand forensics efforts.


There seems to be no consensus on mandated encryption backdoors, but there are more than a few countries leaning that way. Estonia believes the problem is of a "technical nature," rather than one that should be solved through mandated backdoors. Belgium's submission flat-out states the country isn't interested in seeking mandated backdoors.

A regulation to prohibit or to weaken encryption for telecommunication and digital services has to be ruled out, in order to protect privacy and business secrets.

On the other end of the spectrum, Poland openly calls for deliberately weakened/compromised encryption.

One of the most crucial aspect will be adopting new legislation that allows for acquisition of data stored in EU countries “in the cloud” without need to apply for MLAT. There is also need to encourage software/hardware manufactures to put some kind “backdoors” for LEA or to use only relatively weak cryptographic algorithms.

The call for backdoors is echoed by Latvia and Italy.

In between, there are several countries that allude vaguely to working in conjunction with tech companies to find some sort of balance between user security and law enforcement's desires. (Then there's Italy, which mostly seems interested in seeing Apple devices wiped from the face of the earth.)

There are almost as many approaches as there are responding countries. We can only speculate on the contents and assertions made by countries that have refused to release their answers for "national security" reasons, but one would expect those with the most to "hide" would be more likely to expect citizens to give up their security for the good of the nation.

18 Comments | Leave a Comment..

Posted on Techdirt - 2 December 2016 @ 7:39pm

ACLU Suggests Jury Instructions Might Be A Fix For 'Missing' Police Body Camera Recordings

from the opting-out-of-creating-evidence-means-no-credit-for-not-trying dept

We've written plenty of posts about police body cameras -- how useful they can be and how useless they often are. What should result in additional law enforcement accountability has been turned into a mostly-optional documentation system. The new tech and its accompanying guidelines have done very little to increase accountability.

Body cameras are pretty much mainstream at this point, but when excessive force and/or misconduct are alleged, footage captured by police is often nonexistent. Officers disable recording equipment, delete footage, or simply claim the camera "malfunctioned." Some repeatedly "forget" to activate their cameras ahead of controversial arrests and interactions.

But what can be done about it? So far, law enforcement agencies have done little but promise to create more policies and guidelines -- ones that can continue to be ignored by officers who'd rather not create a permanent record of their actions. There's been some discipline, but what little of it there is hasn't been very severe. And stories of repeated tampering with recording devices in some agencies suggests what is in place isn't much of a deterrent.

The ACLU of Massachusetts has a suggestion: if missing/incomplete recordings are central to a prosecution or a civil rights lawsuit, a better deterrent might be to allow juries to impose evidentiary consequences for failures to record. From the ACLU's "No Tape, No Testimony" report [PDF]:

This instruction would tell the jury that, if it finds that the police unreasonably failed to create or preserve a video of a police-civilian encounter, it can devalue an officer’s testimony and infer that the video would have helped the civilian. If the jury finds that the case involves bad faith, such as the outright sabotage of body cameras, then it should be instructed to disregard officer testimony altogether.

This all tracks back to multiple lies told by officers that have been uncovered by cameras carried by citizens. In the Walter Scott shooting, the officer's narrative of a struggle over a Taser was rebutted by a cell phone recording that showed the officer shoot Scott in the back while he ran away from him and then dropping something that looked like the officer's Taser next to Scott's dead body. The ACLU's report lists several other shootings -- like Laquan McDonald's -- in which recordings directly contradicted official police reports.

While this instruction may encourage some officers to record more questionable arrests and stops, it may also encourage more law enforcement agencies to unofficially instruct officers to hold off on writing reports until after they've reviewed recordings. If there's no way of salvaging the incident, recordings will probably continue to disappear, but at least the officer's testimony will disappear right along with it, should the jury decided the missing/incomplete recording was a "bad faith" effort.

Officers have long relied on "our word against yours" to win testimonial battles. But if an officer cannot produce a recording of an encounter, lesser weight should be given to an "eyewitness" whose testimony could have easily been verified but who chose not to document the incident.

Read More | 37 Comments | Leave a Comment..

Posted on Techdirt - 2 December 2016 @ 11:49am

More National Security Letters Made Public After Government Drops Its Attempt To Keep Its Gag Orders In Place

from the most-transparent-administration-still-all-about-forced-transparency dept

Thanks to the EFF's efforts, another set of National Security Letters have been published and their recipient freed to discuss them. CREDO Mobile received two NSLs in 2013 -- both accompanied with the usual indefinite gag order. The NSLs [PDF 1] [PDF 2] requested a wealth of data on three of CREDO's customers -- including all call records, financial information (credit cards used, etc.), and personal information (name, address, etc.) -- dating back to April 2008.

CREDO challenged the constitutionality of the indefinite gag orders as well as the constitutionality of the NSLs themselves.

“A founding principle of CREDO is to fight for progressive causes we believe in, and we believe that NSLs are unconstitutional. These letters, and the gag orders that came with them, infringed our free speech rights, blocking us from talking to our members about them or discussing our experience while lawmakers debated NSL reform,” said Ray Morris, CREDO CEO. “We were proud to fight these NSLs all these years, and now we are proud to publish the letters and take full part in the ensuing debate.”

CREDO's challenge to the gag order was upheld [PDF] by a federal judge in March, who struck it down when the FBI failed to show a need for the continued secrecy. This decision was held pending the FBI's appeal, but the government apparently decided this wasn't a battle it wanted to fight and dropped its appeal of the court's order.

The government's decision to drop the appeal highlights one of the (many) problems with NSLs. These are self-issued administrative orders subject to very little, if any, oversight. The FBI can issue as many of these as it wants without ever having to get a judge involved. Every one of these arrives with an indefinite gag order attached, forcing recipients to lawyer up if they want to challenge the government's demands for secrecy.

The government clearly felt it couldn't demonstrate why this gag order should still be in place. But the government doesn't have to justify its demands for secrecy at the point the NSL is issued. It only needs to do this if challenged in court. While some judges have expressed an interest in periodic reviews of NSLs to determine the need for ongoing secrecy, these conclusions are the exception rather than the rule.

That judges are the ones making this determination is another part of the problem. In response to the USA Freedom Act, the DOJ instituted a policy requiring a "periodic" review of issued NSLs. Unfortunately, that's all it does. There's no definition attached to "periodic," which means the review could happen every few years… or never.

The constitutionality of the orders themselves should still be actively challenged. While much of what is sought with these falls under the very generous definition of "third party records," the lack of any oversight or judicial review makes these the go-to tool for the FBI -- which has been known to issue NSLs when its warrant requests are turned down by federal courts. Throw an indefinite gag order on it, and the FBI can pretty much ensure complete compliance from recipients, whose only option is to fight an often-futile legal battle against the government.

Read More | 9 Comments | Leave a Comment..

Posted on Techdirt - 2 December 2016 @ 3:27am

Appeals Court Dumps Infringement Lawsuit Against EA After Plaintiff Fails To Produce Evidence

from the well,-I-have-lots-of-hearsay-and-conjecture... dept

The Ninth Circuit Court of Appeals has affirmed [PDF] the dismissal of a copyright infringement suit brought against Electronic Arts by Robin Antonick, a programmer who worked on the Apple II version of the game Madden back in the mid-80s.

Antonick was locked out of royalties for other versions of the game by the software company, but alleged Electronic Arts did nothing more than copy his code when porting it to other platforms -- creating a "derivative work" that he was supposedly entitled to collect royalties on. Antonick might have had a case. But while allegations are nice…

In 2011, Antonick brought this diversity action against EA, seeking contract damages in the form of unpaid royalties for Sega Madden and Super Nintendo Madden. [...] Antonick produced evidence that Park Place was rushed and inadequately staffed, and argued that it copied his code to meet the demanding deadline for the first Sega Madden. Antonick’s expert, Michael Barr, opined that Sega Madden was substantially similar to certain elements of Apple II Madden. In particular, Barr opined that the games had similar formations, plays, play numberings, and player ratings; a similar, disproportionately wide field; a similar eight-point directional system; and similar variable names, including variables that misspelled “scrimmage.”

…evidence is better.

But neither the source code for Apple II Madden—the “Work”— nor the source code of any allegedly infringing works were introduced into evidence. Nor were images of the games at issue introduced.

Not that evidence (or a lack thereof) apparently mattered to the jury. It found that EA had created a derivative work with its Sega version of Madden, but the court found (post-verdict) that Antonick had not produced any evidence clearly pointing to copyright infringement. Without that evidence, Antonick is out of luck when it comes to his contract/royalty claims.

Antonick tried to route around this obstacle by claiming EA had both the opportunity and the motive to copy his work. On top of that, he tried to pursue this as a "look and feel" case while still relying on the supposedly-copied code as the basis for his claims. The Ninth Circuit found these arguments -- and Antonick's witness -- unpersuasive.

[T]he lay testimony was about how the games appeared, not how they were coded—and Antonick does not assert a copyright interest in Apple II Madden’s audiovisual appearance, only in its coding.

Antonick argues that copying was shown by testimony of Michael Kawahara, an Apple II Madden assistant producer. When asked whether he recognized any of the plays in Sega Madden from Apple II Madden, Kawahara answered affirmatively, stating that “[it] was – well, since the interface was – well, it was the same as we used in the Apple II. It was very easy to look at all of the plays in the Genesis version and they looked identical . . . to the original Apple II version.” This comment, however, does not establish that the source code for the two games were substantially similar. Kawahara had no programming responsibilities for Apple II Madden; did not understand the Apple II Madden code; did not see the Sega Madden code; and admitted that he had no knowledge about differences in the games’ codes.

A statement entered into evidence by the plaintiff -- introduced to back up Antonick's claim about EA's motive/opportunity to copy the source code -- only made the case weaker.

Antonick also cites a statement by Richard Hilleman, an EA representative, that it was “possible” he had told an interviewer that “the Sega game took the system’s approach from Mr. Antonick’s game and just simply put a different aesthetic on top of it.”

This is an area that often trips up those deeply reliant on IP protections but surprisingly uninformed about what those protections actually cover. The Appeals Court straightens out this popular misconception.

But, an “approach” is an idea that cannot be copyrighted—only its expression in code is protectable—and Sega Madden could have used Apple II Madden’s “approach” to football video games without violating the copyright laws.

That's the minor failure of the suit -- mistaking ideas for expression. The ultimate failure is Antonick's inability to back up his assertions with actual evidence. Infringement claims with no evidence presented pushed Antonick into resorting to "look and feel" claims, which are notoriously difficult to turn into courtroom victories.

Read More | 8 Comments | Leave a Comment..

Posted on Techdirt - 1 December 2016 @ 2:40pm

Thanks To Months Of Doing Nothing, Senate Allows DOJ's Rule 41 Changes To Become Law

from the do-nothing-lawmakers-manage-to-accomplish-something dept

The amendments to Rule 41 are now law, thanks to Sen. John Cornyn, who prevented bills opposing the immediate adoption of the changes from being debated.

Sens. Ron Wyden (D-Ore.), Steve Daines (R-Mont.) and Chris Coons (D-Del) took to the floor and unsuccessfully asked for unanimous consent to either pass or formally vote on three bills to delay or prevent updates to the process used by law enforcement to get a warrant to hack suspects' computers.

“We simply can’t give unlimited power for unlimited hacking,” Daines argued.


But the bid to prevent the imminent changes to Rule 41 ended quickly. After Wyden spoke, Majority Whip John Cornyn (R-Texas) immediately objected to all three bills, without waiting to hear from Coons and Daines.

But Cornyn alone can't be blamed for this outcome. A vast majority of senators did nothing to prevent the proposed changes from becoming law -- even though the decision has been in their hands since the Supreme Court's approval in April.

The FBI and others will be able to take advantage of the removal of jurisdictional limits to search computers anywhere in the world using a single warrant issued by a magistrate judge. It will also be granted the same power for use in the disruption of botnets -- in essence, searches/seizures of devices owned by US citizens suspected of no wrongdoing.

Cornyn, who prevented any debate over the "updates" to Rule 41, seems closely aligned with the DOJ's views -- that these changes will have "little effect" on civil liberties because the FBI, etc. "will still have to get a warrant."

Sure, warrants are still involved, but the scope of what can be accessed with a single warrant has been expanded greatly. And the DOJ has yet to explain how it's going to prevent law enforcement agencies from shopping around for the most compliant magistrates, now that they're not required to perform searches in the issuing court's jurisdiction. The DOJ also hasn't adequately explained what sort of notification process it will use when performing its botnet cleanups.

What it has done, however, is issue a statement saying the ends justify the means.

In an effort to address concerns, U.S. Assistant Attorney General Leslie Caldwell wrote a blog post this week arguing that the benefits given to authorities from the rule changes outweighed any potential for "unintended harm."

The DOJ wanted fewer restrictions, more power, and the opportunity to treat any appearance of anonymization software as an excuse to deploy these newly-granted powers. The Senate -- for the most part -- gave it everything it wanted by doing nothing at all to stop it.

29 Comments | Leave a Comment..

Posted on Techdirt - 1 December 2016 @ 11:52am

Gap Between Wiretaps Reported By US Courts And Recipient Service Providers Continues To Grow

from the time-for-some-depressing-Venn-diagrams dept

Albert Gidari of Just Security/Center for Internet and Society has been looking into the US Courts' wiretap reports for 2014 and 2015. The problem with these reports is that nothing adds up. As he wrote for Just Security last year, there's a huge discrepancy between the numbers reported by the US Courts Administrative Office and those reported by the service providers complying with the orders.

These numbers should be much closer than they are. If a wiretap is issued by a court, then the recipient service provider should report being served with one wiretap order. But that's not what has happened. The US Courts AO reported 3,554 federal and state wiretap orders in 2014. Service providers, however, reported receiving 10,712 wiretap orders for that same year.

As Gidari pointed out in 2015 (examining the 2014 wiretap report), there's not much that explains this discrepancy.

The Wiretap Report says “1,532 extensions were requested and authorized in 2014, a decrease of 28 percent.” So even if half of the carrier reported orders were extended once and then treated as separate orders in the carriers’ transparency reports (the Wiretap Report would treat an extended order a single order), the numbers are still off by more than two­fold.

The same goes for orders that expired after the end of the reporting period. As Gidari notes, anything not counted by the courts the previous year would show up on next year's report and be negated by the lack of a new order on service providers' reports.

The 2015 Wiretap Report is no better. And the gap appears to be increasing.

The AO now reports that 4,148 wiretaps were authorized in 2015, a 17% increase over 2014. Twentysix of those authorized wiretaps apparently were never installed, and therefore probably do not appear in provider transparency reports. The four major carriers (AT&T, Sprint, Verizon and T-Mobile) reported a total of 11,633 wiretaps in 2015. Thus, provider numbers reflected an increase in surveillance as well, but only by about 8%. So the three-fold delta from 2014 remains while the actual number of wiretaps reported by providers only increased half as much as the percentage increase reported by the AO. That is hard to explain.

As transparency reports from carriers and service providers become even more detailed, the gap in reporting becomes even harder to explain. It could be that carriers count each wiretap installed as another instance, even if it's a dozen accounts targeted with a single order. It could be that, but it's highly unlikely. Facebook -- one of the more recent additions to wiretap reporting -- states it this way in its transparency report.

Facebook reported that it received 296 wiretap orders that affected 399 user accounts in 2015.

While companies are moving towards greater transparency, the US court system seems to be stuck in the same place. There's really only one way to explain this gap containing thousands of "missing" wiretap orders: underreporting by the those handing in numbers to the Administrative Office. Considering the huge potential for misuse and abuse, this apparent underreporting isn't acceptable. The Administrative Office is investigating, but so far has yet to report any results from its digging.

Once again, it seems a reporting process ordered by Congress but left to another agency to enforce (with zero consequences for noncompliance) is resulting in discrepancies between the "official" numbers and those reported by the private sector. It looks and feels just like the FBI's collection of officer-involved shootings: incomplete, inaccurate, and wholly dependent on government entities self-reporting data they'd rather not make public.

10 Comments | Leave a Comment..

Posted on Techdirt - 1 December 2016 @ 8:35am

Border Patrol Stops Journalist From Heading To Dakota Pipeline Protests, Searches All Of His Electronic Devices

from the border-town-of-Chilling-Effects,-USA dept

If you're having trouble quelling dissent at ground zero, maybe the next move is to limit the coverage. We've already seen local authorities issue arrest warrants for journalists covering the Dakota Access Pipeline protests. Now, we're seeing something more proactive, courtesy of Customs and Border Protection.

Award-winning Canadian photojournalist Ed Ou has had plenty of scary border experiences while reporting from the Middle East for the past decade. But his most disturbing encounter was with U.S. Customs and Border Protection last month, he said.

On Oct. 1, customs agents detained Ou for more than six hours and briefly confiscated his mobile phones and other reporting materials before denying him entry to the United States, according to Ou. He was on his way to cover the protest against the Dakota Access Pipeline on behalf of the Canadian Broadcast Corporation.

Welcome to the Constitution-Free Zone, Canadians! Whatever protections you might have on your side of the border matter just as little as the protections we have on our side. You have to travel ~100 miles inland before your rights are respected. For Ed Ou, this meant a lengthy detention and an attempted strip search of his electronics -- all before being told he wasn't going any further than the Canadian border. From the letter the ACLU sent to the CBP demanding a few answers [PDF]:

After Mr. Ou applied for admission to the United States at the Vancouver airport, he was redirected to secondary inspection, where he clearly identified himself as a journalist. CBP officers nonetheless detained him for more than six hours and subjected him to four separate rounds of intrusive interrogation. The officers questioned him at length about his work as a journalist and his prior professional travel in the Middle East. They also questioned him extensively about dissidents and “extremists” whom he had encountered or interviewed as a journalist. Mr. Ou answered the agents’ questions fully and forthrightly and explained many times that he was a journalist whose credentials and background could be verified easily. The officers declined to inspect his press credentials.

CBP officers also conducted an unduly intrusive search of Mr. Ou’s belongings. In the course of this search, they made photocopies of his personal papers, including of pages from his handwritten personal diary. They also confiscated, examined, and searched—or at least attempted to search—his mobile phones. The CBP officers asked Mr. Ou to unlock the three mobile phones he carries to enable him to communicate in different locations worldwide. When Mr. Ou declined with an apology, citing his ethical obligation as a journalist to protect his newsgathering materials, including his confidential sources, the officers removed the phones from Mr. Ou’s presence. When the officers returned the phones to him several hours later, it was evident that their SIM cards had been temporarily removed because tamper tape covering the cards had been destroyed or altered.

The CBP's statement in response to journalists' questions is nothing more than the expected assertion that these actions were all within its rights. As it points out, anyone arriving in the US is subject to additional searches, which can encompass the contents of their electronic devices. The CBP generally has to have an articulable reason (but not anything rising to the level of "suspicion") to do this, but a large majority of these intrusive searches go unchallenged and chanting "national security" -- as the CBP does here -- tends to make most complaints evaporate.

“Keeping America safe and enforcing our nation's laws in an increasingly digital world depends on our ability to lawfully examine all materials entering the U.S.,” the statement said.

The CBP, however, seems less sure of its reasons for detaining the photojournalist. One agent said Ou was a "person of interest" wanted by an unnamed law enforcement agency, while another said his "person of interest" status had nothing to do with his detainment. That same officer also told Ou that his refusal to unlock his phones wasn't going to help convince the CBP that he should be let into the country.

It did, however, scare up some paperwork citing a nonexistent legal authority for its refusal to admit him into the US.

The officers did provide Mr. Ou with a Form I-275 Withdrawal of Application for Admission stating that he had been found inadmissible pursuant to Section 212(a)(7)(A)(I)(I) of the Immigration and Nationality Act (“INA”). However, that is not a valid citation to the INA; indeed, the cited subsection does not exist. Section 212(a)(7)(A), moreover, pertains to those who seek admission as “immigrants”—persons intending to reside permanently in the United States. Mr. Ou plainly was not seeking admission as an “immigrant,” and neither the Form I-275 nor the questions the CBP officers asked Mr. Ou suggested any basis for concluding otherwise.

The ACLU's letter goes on to point out that the CBP now has copies of data it perhaps acquired illegally and should make an immediate effort to destroy/purge anything it collected during its chilling little fishing expedition. It also asks that the CBP cough up the real reason it decided to detain Ou and search his devices, considering those performing the search couldn't be bothered to come up with a coherent legal theory or an applicable statute to justify the intrusion.

This Constitutionless free-for-all at the borders is already a concern for US citizens, especially as the term "border" includes anything 100 miles inland. It's even more of a concern for journalists -- whether US citizens or not -- who can be prevented from covering controversial events for apparently wholly imaginary reasons.

Read More | 74 Comments | Leave a Comment..

More posts from Capitalist Lion Tamer >>