Capitalist Lion Tamer’s Techdirt Profile

capitalisliontamer

About Capitalist Lion TamerTechdirt Insider

List of blogs started with enthusiasm, which now mostly lie dormant:

[reserved for future use]
http://5k500k.wordpress.com

[recently retired]
http://capitalistliontamer.wordpress.com

[various side projects]
http://cliftonltanager.wordpress.com/
http://bl0wbybl0w.wordpress.com/
http://thepenismadeoutofspam.wordpress.com/



Posted on Techdirt - 23 May 2017 @ 11:57am

Someone Under Federal Indictment Impersonates A Journalist To File Bogus DMCA Notice

from the system-still-works! dept

Everyone's favorite abusable statute is back at it. Anyone can file a DMCA takedown request. Not everyone gets theirs granted. But it's a zero-cost, mostly-zero risk effort that takes about five minutes from start to finish. It's no wonder it's been abused by a handful of ex-cons and, very memorably, by a revenge porn purveyor who suddenly developed concerns about personal privacy.

In this case, it's someone named in an Albuquerque Journal article about a federal fraud indictment. The most obvious pick would be the couple named early on in the article by Nicole Perez: Michael Jacobs and/or Ruth Handler-Jacobs. But there are others listed as well, co-conspirators Rienzie Edwards (of Sri Lanka), F.K. Ho (a broker located in Singapore), and a couple of other Americans, Laurence Lester and Rachel Gendrau.

It could be any one of these people (though the fractured English in the takedown request would seem to point overseas), but there's no way to know for sure because the DMCA notice is clearly falsely filed in the name of the journalist who wrote the article. This appropriation of someone else's name and profession leads to one of the most unlikely claims ever made in a DMCA notice: that journalists refer to publishing articles as "posting a content."

Here's the whole BS claim:

I am Nicole Perez. I posted a content about Michael Jacobs's fraud cases on abqjournal.com. I personally investigated that my original content is copied and posted on different websites. I contacted the webmaster team of the websites to remove it, but did not get any positive response. I request you to remove it from online searches.

It's extremely likely none of what's said here is true, starting with the name used. I find it incredibly hard to believe someone impersonating a journalist "contacted webmasters" to have these articles removed. (The lack of positive response is the only believable part, but that relies on the original contact taking place.) It's even harder to believe when one of the websites is the Albuquerque Journal's Facebook page.

https://www.facebook.com/TheAlbuquerqueJournal/posts/10154300263908237

It's impossible to believe when one of the targeted URLs is the DOJ's indictment press release.

https://www.justice.gov/usao-sdny/pr/manhattan-us-attorney-announces-charges-against-six-individuals-international-high

Others targeted include Ripoff Report, Courthouse News Service, and Sri Lankan news site The Sunday Times. The inclusion of this site shifts the needle of blame towards Reinzie Edwards. This story includes a photo of Edwards as well as details of his run-ins with local authorities over apparent financial fraud.

Again, nothing can be said conclusively about the origin of this DMCA notice, other than it obviously wasn't Nicole Perez, who would likely prefer her "content" to be spread as far as possible across the internet. The people written about, not so much. When you're already facing federal fraud charges, what's a little perjury?

3 Comments | Leave a Comment..

Posted on Techdirt - 23 May 2017 @ 9:31am

ICE Using Stingrays To Track Down Immigrants Because Of Course It Is

from the high-value-targets-just-means-everyone dept

As information about police use of cell tower spoofers began leaking out, those who had kept the public (including defendants, judges, and even some prosecutors) out of the loop began defending their use of domesticated military technology. They said pay no attention to the possible civil liberties violations. Just think of all the good they're doing. They promised Stingrays would only be used on the worst of the worst, and only when time was of the essence: terrorists, murderers, kidnappers, etc.

But then even more Stingray documents made their way into the public domain. These showed the devices were deployed in bog-standard drug investigations or, worse, used just because agencies had them. This perhaps reached its nadir when a police department fired up its Stingray to hunt down someone who had stolen less than $60 worth of fast food. To make matters worse, the Stingray failed to track down the alleged thief.

Of course, anyone paying attention knew Stingrays would be used for nothing of importance, despite public officials' statements otherwise. The first person to start digging into Stingray use was Daniel Rigmaiden, who was doing time for fraud. Not exactly the sort of crime one would associate with exigent circumstances and possible danger to the public.

And, of course, because it's now the government's foremost priority to toss undocumented immigrants out of the country, Stingrays are being used to accomplish this goal. And, just like the defensive statements made on behalf of IMSI catchers, the federal government has claimed it's only interested in removing the most dangerous of undocumented individuals first. These statements are also false.

Federal officials in Detroit used a secretive tool known as a "Stingray" — which tricks cell phones into revealing their location — to find an undocumented man for deportation.

The cell-site simulator has been used in the past by federal and local law enforcement to find murder suspects, kidnap victims, drug dealers and terrorists — but sometime in March, FBI and ICE officials used it to find a 23-year-old native of El Salvador to deport him.

The alleged criminal act being used as leverage -- both for the Stingray deployment and the use of ICE's "eject" button -- is a long ways from the Parade of Horribles used to justify the acquisition and use of cell tower spoofers.

According to the warrant, Carcamo-Carranza was deported in 2012 and 2015 to El Salvador, but returned to the US.

In Feb. 28, 2016, he was arrested in Shelby Township, Michigan, on suspicion of hit-and-run, but was released by local police before he was detained by ICE agent.

Also of note: ICE used a warrant to pry loose this phone number, serving one to Facebook which gave it access to Carranza's private messages. Just throwing that in there to add a bit more skepticism for the "Going Dark" theory. A phone that might be locked isn't the end of the line for investigators, no matter how loudly law enforcement officials sigh during press conferences while gesturing ineffectively at a pile of seized devices.

As we always knew would happen, Stingray technology would soon shift from its more limited, "higher cause" deployment into just another tool for rote policework.

15 Comments | Leave a Comment..

Posted on Techdirt - 23 May 2017 @ 3:26am

FBI Insider Threat Program Documents Show How Little It Takes To Be Branded A Threat To The Agency

from the see-something-say-something-but-for-cubicles dept

Jason Leopold has obtained the FBI's training slides for its "insider threat" program. This would be the same program the FBI refused to discuss in detail with the Senate, walking out of the briefing when asked how the program would avoid sweeping up legitimate whistleblowers.

The federal government acts as though it's receptive to whistleblowing, but then undermines that sentiment with pretty much everything else it does. These insider threat programs have only become more severe after the Snowden leaks, asking federal government employees to treat normal, everyday behavior as inherently suspicious.

The Defense Department's insider threat program declared such innocuous things as visiting foreign countries and being in debt as warning signs. Worse, anything less than full support for US government policies was considered threatening behavior.

The FBI's presentation [PDF] isn't much better. FBI employees are encouraged to say something if they see something… and there are a lot of observable "somethings" on the list.

According to the training material, potential insider threats include federal employees who brag about what they know, work odd hours, travel overseas without a good reason, or ask their co-workers about classified information without a "need to know." Workers who consume alcohol, use drugs or have “psychological conditions” may also be insider threats, as are those facing disciplinary action or job termination.

[...]

Another slide says leaks occur because leakers are “disgruntled” and are motivated by “ego,” “financial gain,” and “divided loyalty.”

Some of these factors can be indicative of someone considering engaging in espionage. Unfortunately, a lot of these may also apply to whistleblowers. The FBI presentation spends a great deal of time comparing its lists of insider threat traits to those the government has successfully prosecuted but spends zero time discussing whistleblowers and their traits/motivations.

Considering the FBI's leaky status, especially in recent months, the document feels inconsistent at best. It feels like a good way for FBI employees to get rid of coworkers they don't like and a great way to foster an atmosphere of corrosive suspicion in FBI offices.

FBI employees will distrust each other, FBI officials will distrust nosy politicians… and, in a surprising revelation by Leopold, politicians will have even less reason to trust the FBI. As was noted earlier in this post, the FBI chose to walk out of a briefing rather than answer Sen. Chuck Grassley's question about whistleblower protections under the FBI's "insider threat" program. Thanks to the efforts of a media company (BuzzFeed) and a private citizen (Leopold), Grassley now has a copy of documents the Senator asked for months ago.

Grassley asked the FBI to send him its insider threat training material. He received a couple of videos and a brochure. But a spokesperson for Grassley told BuzzFeed News that the senator did not receive the training slides until BuzzFeed News sent a copy.

The documents released here don't answer Grassley's questions either. But recent history shows us the FBI is not a whistleblower-friendly agency. It seems to have no problem with very selective leaking, but isn't nearly as kind to those who use the official channels to report wrongdoing. An insider threat program like this doesn't help. Giving agents and employees sketchy reasons to distrust each other will only serve to deter whistleblowers before they even have a chance to experience the agency's unofficial retaliation program.

Read More | 22 Comments | Leave a Comment..

Posted on Techdirt - 22 May 2017 @ 3:17pm

Law Enforcement 'Training And Expertise' On Parade!

from the all-the-ineptitude-that's-fit-to-print dept

This is just a periodic reminder that these are the sort of people whose "experience" and "expertise" are routinely granted massive amounts of deference by judges (and stenographers pretending to be journalists). Warrant affidavits providing more detail about the requesting officer's law enforcement career than the target of the search are often rubberstamped into actionable pieces of paper. (But not always!) And yet, these experienced experts look far more mortal when their actions are given something more than a cursory examination.

Exhibit A: the Odessa PD's crack team of trained experts who participated in a daring no-knock raid of an empty motel room.

The search warrant was executed on Jan. 29 at the America's Best Value Inn, 3023 E. Highway 80.

Police officials say the officers involved in executing the warrant "used an unauthorized cooperating individual," and the cooperating individual did not have the required file.

The Professional Standards Unit Investigation also found that the officers involved failed to correctly identify and confirm the location of the criminal activity.

During the search, officers entered room #225 which was vacant, according to previous reports.

Officers then reportedly made a "split-second" decision and breached the next room (#226) at the hotel where suspects were located.

When reviewing the warrant, officers realized that on the warrant room #225 had been listed, police say.

The suspects in the room were held "pending the production of a second search warrant," police say in a release.

Post-facto warrants are seldom as legally-sound as warrants obtained before a search. Sometimes affidavit errors are excused but this case involved a confidential informant of uncertain trustworthiness and a lack of proper documentation. The officers are being lightly disciplined for their Keystone SWAT effort, but the department has cleared itself of any wrongdoing after investigating itself.

In the investigation, police determined that the breach of room #226 was "not illegal because the conduct of the officers prior to their entry into room #226 was lawful, there was no violation or threatened violation of the Fourth Amendment, and therefore the exigent circumstance rule applied and allowed for the entry and securing of room #226," the release reads.

I imagine any evidence will be challenged in court, despite the PD's claim no Fourth Amendment violations took place during the department's botched raid. We'll see how much claims of officer training and experience will hold up under judicial examination. (Sadly, they'll probably hold up much better than they should. While typos are an inevitability, the use of a CI with no pedigree or paperwork puts the warrant on severely shaky legal footing.)

Exhibit B: the cop who justified the frisk of someone with statements that immediately undermined the asserted justifications. Here's the court explaining to the officer why the frisk wasn't reasonable:

Officer Kim’s testimony about seeing the handle of a gun protruding from Smith’s pocket is not credible. At the evidentiary hearing, Officer Kim testified that she could see the black handle of a gun protruding from Smith’s pocket. However, in her arrest report, written shortly after the incident, Officer Kim wrote “[t]he handgun was concealed inside his pocket in such a manner as not to be discernible by ordinary observation.” (ECF No. 18-1 at 3) This statement directly contradicts her testimony. It is unlikely that Officer Kim, approaching a poorly lit landing in the wee hours of the morning, would have been able to discern a black gun handle allegedly sticking out of Smith’s pocket.

[...]

Indeed, Officer Kim acknowledged in her police report she only became aware of the handgun after she began the pat down.

The question that must be asked (but can't be answered) is: how many times has this sort of thing happened? Only a very small percentage of frisks receive courtroom challenges. And stop-and-frisk programs have been heavily criticized for their routine abuse of civil liberties. There's no expertise on display here: only the inability to work backwards from an illegal search, even when given a chance to "correct the record" post-search by aligning the paperwork with a less-unconstitutional narrative.

And, finally, Exhibit C: Police chief vows to make the same horrendous mistake if that's what it takes to somehow make a dent in sex trafficking.

"Everybody's like, 'Don't move, don't move or we'll shoot you,'" Noel Navarete told local 4 News. His brother Isaias, 18, said he was in the bathroom when police kicked down the door.

According to family matriarch Maria Navarete, police told her to "shut up, you have no rights" when she asked what was happening. She claims police never showed her or anyone in the household a warrant.

Police apologized, explaining that a mysterious heroin-addicted woman in a local hospital said she and several underage girls had been held against their will and forced into prostitution; the woman (visually) identified the Navarete's place as where it went down. That night, police began observing the house, soon witnessing two girls get dropped off by an SUV and go inside. Apparently, that was enough to warrant a furtive, middle-of-the-night raid on the place.

The kicker here is the apology came packaged with the police chief's assertion he would handle things EXACTLY THE SAME WAY in the future. Somehow, this department will stamp out the scourge of sex trafficking using proven law enforcement tools like "mysterious heroin addicts" and several minutes of results-oriented investigation.

These are just a few of the experienced experts serving the public -- men and women whose testimony is often considered unimpeachable and nigh unto God in terms of trustworthiness. Men and women whose errors ruin lives and whose shortcuts use the Constitution as a doormat.

28 Comments | Leave a Comment..

Posted on Techdirt - 22 May 2017 @ 1:16pm

Yet Another Bad Idea: Dropping Facial Recognition Software Into Police Body Cameras

from the Citizen-Rolodex dept

The FBI (and other US government agencies) are already moving forward with facial recognition technology, which will allow law enforcement to scan people like license plates, if everything goes to plan. So far, consultation with the meddling public has been kept to a minimum, as have any government efforts to address civil liberties concerns.

Just because the public's been kept out of the loop (except for, you know, their faces and other personal information), doesn't mean members of the public aren't working hard to ensure police officers can start running faces like plates, even when there's no legitimate law enforcement reason for doing so.

Digital Barriers, a somewhat ironically-named tech company, is pushing its latest law enforcement offering -- one that supposedly provides real-time face scanning.

The software can pick out and identify hundreds of individual faces at a time, instantly checking them against registered databases or registering unique individuals in seconds.

Demonstrating the software at the Forensics Europe Expo 2017, vice president of Digital Barriers Manuel Magalhaes said the company was introducing the technology to UK forces.

He said: “For the first time they (law enforcement) can use any surveillance asset including a body worn camera or a smartphone and for the first time they can do real time facial recognition without having the need to control the subject or the environment.

“In real time you can spot check persons of interests on their own or in a crowd."

But why would you? Just because it can be done doesn't mean it should be done. This will basically allow officers to run records checks on everyone who passes in front of their body-worn cameras. There is nothing in the law that allows officers to run checks on everyone they pass. They can't even stop and/or frisk every member of the public just because they're out in public. Expectations of privacy are lowered on public streets, but that doesn't make it reasonable to subject every passerby to a records check. And that's without even factoring in the false positive problem. Our own FBI seems to feel a 15% bogus return rate is perfectly acceptable.

Like so much surveillance equipment sold to law enforcement agencies, Digital Barrier's offering was developed and tested in one of our many war zones. The head of the company is inordinately proud of the product's pedigree, which leads to a statement that could be taken as bigoted if it weren't merely nonsensical.

Mr Magalhaes continued: “If we can overcome facial recognition issues in the Middle East, we can solve any facial recognition problem here in the United Kingdom.

Hopefully, this just refers to the sort of issues normally found in areas of conflict (hit-and-miss communications infrastructure, harsher-than-usual working conditions, etc.), rather than hinting Middle Eastern facial features are all kind of same-y.

Taking the surveillance out of the Middle East isn't going to solve at least one logistical problem keeping this from becoming a day-to-day reality for already heavily-surveilled UK citizens. As is pointed out by officers in the discussion thread, Digital Barrier's real-time face scanning is going to need far more bandwidth than is readily available to law enforcement. One commenter notes they can't even get a strong enough signal to log in into their email out in the field, much less perform the on-the-fly facial recognition Digital Barrier is promising.

The other pressing issues -- according to the law enforcement members discussing the post -- is one far more aligned with the general public's. A couple of members point out no one PNC's entire crowds (referring to the UK's law enforcement database: the Police National Computer) and that doing so might not even be legal.

Unfortunately, the rank-and-file rarely get to make these decisions. These choices will be made by people who think the public needs to give til it hurts when safety and security are on the line. Dropping this capability into body cameras will make them more of an intrusion on the lives of citizens and far less likely to result in police accountability. Faces being linked automatically to databases full of personal info creates complications in obtaining camera footage. It won't result in improved policing, even though there are plenty of supporters who mistakenly believe "easier" is synonymous with "better."

41 Comments | Leave a Comment..

Posted on Techdirt - 22 May 2017 @ 3:25am

NSA Was Concerned About Power Of Windows Exploit Long Before It Was Leaked

from the and-still-nothing-until-the-last-minute dept

The NSA's exploit toolkit has been weaponized to target critical systems all over the world. So much for the debate over the theoretical downside of undisclosed vulnerabilities. (It also inadvertently provided the perfect argument against encryption backdoors.) The real world has provided all the case study that's needed.

It appears the NSA finally engaged in the Vulnerabilities Equity Process -- not when it discovered the vulnerability, but rather when it became apparent the agency wouldn't be able to prevent it from being released to the public. What's happened recently has been devastating and Microsoft -- whose software was targeted -- has expressed its displeasure at the agency's inaction.

Maybe the agency will be a bit more forthcoming in the future. Ellen Nakashima and Craig Timberg of the Washington Post report former NSA employees and officials had concerns about the undisclosed exploit long before the Shadow Brokers gave it to the world.

When the National Security Agency began using a new hacking tool called EternalBlue, those entrusted with deploying it marveled at both its uncommon power and the widespread havoc it could wreak if it ever got loose.

Some officials even discussed whether the flaw was so dangerous they should reveal it to Microsoft, the company whose software the government was exploiting, according to former NSA employees who spoke on the condition of anonymity given the sensitivity of the issue.

Officials called it "fishing with dynamite." The exploit gave the NSA access to so much on compromised computers, the agency obviously couldn't bear the thought of voluntarily giving up such a useful hacking tool. But when it was first deployed, some inside the agency felt the vulnerability might be too powerful to be left undisclosed.

But there were plenty of others who viewed disclosure as "disarmament." Somehow, despite three straight years of leaked documents, the NSA still felt it had everything under control. The Shadow Brokers NSA exploit auction made it clear the NSA was no better at securing its software stash than it was at keeping thousands of internal documents from wandering out the door.

The only upshot is the NSA has now witnessed what kind of damage its exploits can do in the wrong hands. Since the agency cannot possibly ensure this sort of thing won't happen again, the question now is how much of other people's security is the agency willing to sacrifice in the name of national security?

The NSA appears to believe it handled this as well as it could given the circumstances, but the outcome could have so much worse. The chain of events leading to the NSA's eventual disclosure helped minimize the collateral damage. It has very little to do with the steps the NSA took (or, more accurately, didn't take).

What if the Shadow Brokers had dumped the exploits in 2014, before the [US] government had begun to upgrade software on its computers? What if they had released them and Microsoft had no ready patch?

There's your intelligence community nightmare fuel. Had the vulnerability managed to take down US government hardware and software, the NSA would be facing even more criticism and scrutiny that it already is.

The NSA appears to only disclose vulnerabilities when forced to. It may possibly hand over those it finds to be of limited use. Former NSA head Keith Alexander says the agency turns over "90%" of the vulnerabilities it discovers, but that percentage seems inflated. The NSA spent years as "No Such Agency." It's only been the last four years that it's been forced to engage in more transparency and accountability, so it's tough to believe it's spent years proactively informing affected companies about the flaws in their products.

In any event, the NSA's second-guesswork will have do for now. Some legislators are hoping to shore up the vulnerabilities reporting process, but it's likely by the time it heads for the Oval Office desk, it will be riddled with with enough national security exceptions to make it useless. With the Shadow Brokers hinting they still have more dangerous exploits to release (including one affecting Windows 10), the decision to disclose these vulnerabilities will once again be informed by the NSA's inability to keep its hacking tools secure, rather than any internal examination of its hoarder mentality.

27 Comments | Leave a Comment..

Posted on Techdirt - 19 May 2017 @ 7:39pm

Senate Given The Go-Ahead To Use Encrypted Messaging App Signal

from the feinstein,-burr-will-continue-to-use-AOL-chatrooms dept

Certain senators have repeatedly pushed for encryption bans or encryption backdoors, sacrificing personal security for national security in a move that will definitively result in less of both. Former FBI Director James Comey's incessant beating of his "Going Dark" drum didn't help. Several legislators always managed to get sucked in by his narrative of thousands of unsearched phones presumably being tied to thousands of unsolved crimes and free-roaming criminals.

It will be interesting if the anti-encryption narratives advanced by Sens. Feinstein and Burr (in particular -- although others equally sympathetic) continue now that senators can officially begin using an encrypted messaging system for their own communications.

Without any fanfare, the Senate Sergeant at Arms recently told Senate staffers that Signal, widely considered by security researchers and experts to be the most secure encrypted messaging app, has been approved for use.

The news was revealed in a letter Tuesday by Sen. Ron Wyden (D-OR), a staunch privacy and encryption advocate, who recognized the effort to allow the encrypted messaging app as one of many "important defensive cybersecurity" measures introduced in the chamber.

ZDNet has learned the policy change went into effect in March.

If this isn't the end of CryptoWar 2.0, then it's at least a significant ceasefire. Senators are going to find it very hard to argue against encrypted communications when they're allowed to use encrypted messaging apps. It's not that legislators are above hypocrisy. It's just that they usually allow a certain amount of time to pass before they commence openly-hypocritical activity.

This doesn't mean the rest of the government is allowed to use encrypted chat apps for official communications. Federal agencies fall under a different set of rules -- ones that provide for more comprehensive retention of communications under FOIA law. Congressional communications, however, generally can't be FOIA'ed. It usually takes a backdoor search at federal agencies to cut these loose. So, members of Congress using an encrypted chat app with self-destructing messages may seem like the perfect way to avoid transparency, but it's the law itself that provides most of the opacity.

If encryption's good for the Senate, it's good for the public. There's no other way to spin this. Even Trump's pro-law enforcement enthusiasm is unlikely to be enough to sell Congress on encryption backdoors. With this power in the palm of their hands, they're more apt to see the benefits of leaving encryption un-fucked with.

121 Comments | Leave a Comment..

Posted on Techdirt - 19 May 2017 @ 1:25pm

Russian Military Apparently Using Cell Tower Spoofers To Send Propaganda Directly To Ukrainian Soldiers' Phones

from the phrase-'phone's-blowing-up'-just-got-a-bit-darker dept

We've often discussed the darker side of the repurposed war tech that's made its way into the hands of local law enforcement. Much like backdoored encryption (something some in law enforcement would like to see), rebranded war surveillance gear like Stingrays may sound great when touted by good guys, but we should never forget bad guys have access to the same equipment.

The seldom-discussed capabilities of Stingray devices are on full display in other countries. So far, we haven't seen US law enforcement use Stingrays to intercept communications or purposefully disrupt them. (A lack of public evidence doesn't mean it hasn't happened, however.) The power is there, though. Stingrays act as faux cell towers and force all phones in the area to route their communications through them. This has the potential to be more than merely disruptive to cell service. The devices carry the capability to act as roving wiretaps. They also have the power to act as very frightening purveyors of government propaganda.

Television journalist Julia Kirienko was sheltering with Ukrainian soldiers and medics two miles (three kilometers) from the front when their cellphones began buzzing over the noise of the shelling. Everyone got the same text message at the same time.

“Ukrainian soldiers,” it warned, “they’ll find your bodies when the snow melts.”

Text messages like the one Kirienko received have been sent periodically to Ukrainian forces fighting pro-Russian separatists in the eastern part of the country. The threats and disinformation represent a new form of information warfare, the 21st-century equivalent of dropping leaflets on the battlefield.

The messages -- sent to cell phones presumably by Russian government operatives -- contain a mixture of propaganda and threats, warning recipients they're not much use to their children dead, or attempting to portray Ukrainian forces as being in disarray and on the run.

Multiple investigations have pinpointed the source of these communications: Russian LEER-3 electronic warfare systems feature drone-mounted cell site simulators launched from communications trucks for more effective cell communication interception/disruption. Russia is waging a mobile war of words with enemy combatants.

A 2015 article in Russia’s Military Review magazine said the LEER-3 has a cell site simulator built into a drone that is capable of acting over a 6-kilometer-wide area and hijacking up to 2,000 cellphone connections at once. That makes it a “pretty plausible” source for the rogue texts in Ukraine, said Hardman, the former signals analyst.

What isn't mentioned in the AP story is this: if the Russian military is dropping propaganda text bombs on opposing forces, it's definitely intercepting their communications as well. The devices do both and the nearby communications truck provides a mobile base for harvesting, snooping, and analysis. That this version is still on the battlefield rather than in the hands of Russian police (although it's surely there as well) doesn't offer much comfort to citizens not currently in war zones but still likely considered to be "enemies" by other governments.

The devices are also scary cheap -- at least in terms of cost/benefit ratio. A half-million dollars gives governments the power to disrupt communications in multiple ways. It can spew propaganda directly into captive phones, pick up communications from these phones on the fly, track cell phone users, and, if nothing else, simply make it impossible for anyone to communicate with anyone else in the immediate area.

28 Comments | Leave a Comment..

Posted on Techdirt - 19 May 2017 @ 6:22am

Judge Dumps Two Lawsuits Attempting To Hold Facebook Responsible For Acts Of Terrorism

from the not-how-this-works dept

Two lawsuits filed by victims of terrorist attacks against Facebook have been dismissed. Both suits alleged Facebook was complicit in acts of terrorism simply because it (subjectively) didn't do enough to discourage use of the platform by alleged terrorists.

One lawsuit (Cohen v. Facebook) plead on behalf of "20,000 similarly-situated" residents of Israel who continue to face the threat of violence at the hands of terrorist organization Hamas. The other (Force v. Facebook) also featured multiple plaintiffs but was limited to families of victims of Hamas attacks. Neither case presented legitimate complaints and both advanced novel arguments in an attempt to avoid a dismissal under Section 230.

The alternative routes to judgment worked out no better for the plaintiffs, as Eric Goldman reports. The Cohen class action presented a legal theory that couldn't even be addressed by the court due to a lack of jurisdiction. From the decision [PDF]:

the Cohen Plaintiffs do not seek redress for past actions but instead seek prospective, injunctiye relief based on their allegation that Facebook’s actions increase their risk of harm from future terrorist attacks. This claimed harm relies on multiple conjectural leaps, most significantly its central assumption that the Cohen Plaintiffs will be among the victims of an as-yet unknown terrorist attack by independent actors not before the court. The Cohen Complaint contains no factual allegation that could form a basis to conclude that those individuals in particular are at any “substantial” or “certainly impending” risk of future harm. At most, the Complaint shows a general risk of harm to residents of Israel and impliedly asks the court to extract a risk of harm to the Cohen Plaintiffs based on this risk. Without further allegations, however, the court sees no basis to conclude that the Cohen Plaintiffs “specifically will be the target of any future, let alone imminent, terrorist attack.”

Nor can the Cohen Plaintiffs rescue their claims by arguing that they suffer a present harm resulting from their fear of such attacks, as “allegations of a subjective [fear] are not an adequate substitute for a claim of specific present objective harm or threat of a specific future harm.” While the court does not question the sincerity of the Cohen Plaintiffs’ anxieties, their subjective fears cannot confer standing absent a sufficient showing of the risk of future harm.

The Force plaintiffs did not entirely avoid a Section 230 argument, but posited the immunity does not apply to content posted outside of the United States. The court grants that this legal theory is mostly unexplored at this point, but that the plaintiffs cannot avail themselves of an extraterritorial-reliant legal theory while bringing legal action in a US court against a US-based company.

In light of its focus on limiting civil liability, the court concludes that the relevant location is that where the grant of immunity is applied, i.e. the situs of the litigation. Section 230(c)(1) suggests a number of "territorial relationships and events," which are generally divisible into those associated with the underlying claim (e.g., the location of the information content provider, the intemet service provider, or the act of publishing or speaking) and the location associated with the imposition of liability, i.e. where the intemet service provider is to be "treated" as the publisher or speaker. Given the statutory focus on limiting liability, however, the location of the relevant "territorial events" or "relationships" cannot be the place in which the claims arise but instead must be where redress is sought and immunity is needed.

With this in mind, the court concludes that the Force Action does not require an impermissible extraterritorial application of Section 230(c)(1). As the situs of the litigation is New York, the relevant "territorial events or relationships" occur domestically. Accordingly, the court rejects the Force Plaintiffs argument that Facebook should be denied immunity under Section 230(c)(1).

As Goldman points out, this looks like a routine and logical application of Section 230 immunity, but if arguments like these are entertained in other courts, it could pose some serious, irreparable problems for social media platforms.

The plaintiffs essentially sought to treat Facebook as the financial guarantor of all terrorist-caused harms to all victims, regardless of what role Facebook played in causing those harms. Such an unbounded financial exposure could dwarf Facebook’s market capitalization, meaning that the theories behind these lawsuits pose an existential threat to Facebook, other social media sites, and possibly the entire Internet. Thus, the judge’s well-reasoned and clear rejection of the plaintiff’s claim is a big win for Facebook and the Internet.

This decision will be appealed by both parties. There's been no decision yet on a similar suit filed in the Ninth Circuit, but the chances of these legal theories succeeding is very slim. But it's not impossible to end up with a bad ruling or, at the very least, precedent that weakens Section 230 without removing it completely. We've seen it happen before. But so far courts haven't felt the urge to hold social media platforms directly responsible for terrorists' acts of violence and it's unlikely these two complainants are going to change that.

Read More | 16 Comments | Leave a Comment..

Posted on Techdirt - 18 May 2017 @ 3:13pm

NY Senate Passes Bill That Would Add Cops And Firemen To List Of Protected Classes Under State's Hate Crime Law

from the those-poor-underprivileged-authority-figures dept

Because good ideas are rare but bad ideas eternal, the New York State Senate has just given its blessing to a stupid bill aimed at protecting people armed with guns, power, the weight of the law, and numerous immunity options. The "justification" for New York's addition of cops and first responders to the state's hate crime law is this:

There has been an increase in mortality rates of law enforcement officers, firefighters, corrections officers and emergency medical services personnel, within the past decade. In a report by the National Law Enforcement Officers Memorial Fund in 2014, statistics showed that approximately "126 federal, state, local, tribal and territorial officers died in the line of duty" which exhibited an increase in comparison to 2012 and 2013. The increase in the death toll has been in part, due to offenses intentionally aimed to harm first responders.

This is followed by a bunch of anecdotes about officers and first responders being on the receiving end of supposedly "targeted" violence. It adds nothing to the "justification" but a few presentation-worthy stories to sway emotions of fellow legislators. It doesn't make the preceding statement any more correct. It's actually misleading and wrong in equal parts.

First off, an increase in "mortality rates" is not the same thing as an increase in violence directed at law enforcement officers. The stats legislators are attempting to point to include all deaths in the line of duty, whether they were at the hands of civilians or not. So, this stat is already sort of misleading, albeit only because of the way this bill's sponsors have phrased it.

Second, the stats the justification quotes are wrong. There were 136 deaths in 2014, according to the National Law Enforcement Officers Memorial Fund. That's more than what's stated here. Worrying? Not even close. It's 20 more than 2013, but one less than 2012's total. In other words, the stats show no sort of increase that might justify giving police officers more protection. If these legislators weren't trying to cherry pick, they might have included 2011's total of 178, which is fifty more deaths than the supposedly-shocking number quoted in the bill's justification.

Just so everyone's aware who's pushing to make an abusable law even more easily-abused, here's the bipartisan group of sponsors.

Fred Akshar [R] - Longtime law enforcement officer, having served as undersheriff for Broome County before turning to politics.

Patrick M. Gallivan [R] - former Erie County Sheriff (1998-2005), preceded by 15 years with the New York State Police, and followed by a stint on the state parole board. One of several state legislators found to have faked leadership positions in the Senate to get a little unearned extra pay added onto their paychecks.

Tony Avella [D] - Last seen at Techdirt killing off his horrendous "Right to Be Forgotten" bill… but not in an honorable way. Rather than remove it from consideration, he simply revoked his sponsorship, leaving the orphaned bill to wander the Senate halls unattended.

Martin J. Golden [R] - A retired NYPD officer who has been instrumental in adding even more New Yorkers to the state's sex offender registry, as well as expanding the state's DNA databank to include people convicted of nothing more than a misdemeanor.

John J. Bonacic [R] - Former assistant district attorney and one of those guys who thinks something must be done about "anti-law enforcement rhetoric." Apparently, this bill is part of the solution -- a bill that could conceivably be twisted to turn "resisting arrest" into a felony-level hate crime. (Because what is "resisting arrest" if not "targeting" of law enforcement for abuse/violence/etc.?)

Here's the pertinent wording of the bill, which adds cops, firefighters, and EMTs to a long list of groups who have historically been victims of discrimination.

section 1, states that a person has committed a hate crime, when he or she commits a specified offense and either intentionally selects the person against whom the offense is committed or intended to be committed to, or in part because of a belief or perception regarding race, color, national origin, ancestry, gender, religion, religious practice, age, disability, sexual orientation of a person, or because of actual or perceived employment as a law enforcement officer, firefighter, or emergency medical services personnel.

Guess who doesn't fit into that list: the shorter list of occupations that have long been revered, respected, and given considerable amount of leeway to perform their duties. Unlike those who have been singled out for abuse because of their age, disability, ancestry, race, color, national origin, or sexual orientation, the new protected class is entirely composed of voluntary "traits."

Adding to the ridiculousness is the bill's name -- a self-righteous, heart-tugging melange of authority-worshipping words: Community Heroes Protection Act.

Very few bills of this sort have become law. Many have attempted to give more protection to well-protected powerful classes, but very few have garnered enough support to make it past the introduction stage. This one has moved forward, which is a problem because bills like this that have passed have immediately been abused by law enforcement.

52 Comments | Leave a Comment..

Posted on Techdirt - 18 May 2017 @ 9:34am

Trump Allegedly Wants FBI To Look Into Locking Up Journalists Who Publish Leaks

from the because-of-course-that-would-be-his-solution dept

It's been another busy week for our president. Following on the heels of his revelation that he fired FBI Director James Comey over the ongoing Russian ties investigation (and following on the heels of Trump's tweeted threat about secret recordings of conversations with Comey), the FBI's acting director said the investigation is still ongoing, a special counsel was picked to oversee the investigation, and people close to Comey hinted the FBI might have some recordings of its own that undercut the president's narrative.

President Trump asked the F.B.I. director, James B. Comey, to shut down the federal investigation into Mr. Trump’s former national security adviser, Michael T. Flynn, in an Oval Office meeting in February, according to a memo Mr. Comey wrote shortly after the meeting.

“I hope you can let this go,” the president told Mr. Comey, according to the memo.

It's a record, of sorts, if not an actual recording. And it's done the way the FBI prefers to memorialize things (including testimony and "custodial interviews") -- on paper, rather than with other, less-biased recording devices. And, again, this is hearsay on top of hearsay: unnamed people claiming they read a piece of paper purporting to be a record of a conversation between Comey and the president. Grains of salt and all that, and despite what many are claiming all over the internet, really not a strong indicator of actual instruction, which could be an impeachable offense.

Mr. Comey shared the existence of the memo with senior F.B.I. officials and close associates. The New York Times has not viewed a copy of the memo, which is unclassified, but one of Mr. Comey’s associates read parts of it to a Times reporter.

Buried way, way down in the New York Times story is some more hearsay. This time it's Trump allegedly suggesting something should be done about that pesky press he's always complaining about. But, like the scenario above, it still sounds very much like something President Trump would say in a personal meeting he thought wouldn't be turned into an office memo.

Alone in the Oval Office, Mr. Trump began the discussion by condemning leaks to the news media, saying that Mr. Comey should consider putting reporters in prison for publishing classified information, according to one of Mr. Comey’s associates.

James Comey was no fan of the press, but he did at least defend journalists (sort of) at a recent hearing. He doesn't like seeing leaks published, but pointed out to legislators more interested in shooting the messenger that the person leaking the documents is the criminal, not the press, at least in the eyes of the DOJ.

But the DOJ is no longer the DOJ, so to speak. It's now being run by someone who wants to turn back the clock to the mid-1980s and start the drug war all over again. It's apparently engaged in twisting the law into a Wikileaks-prosecuting pretzel, despite Comey's assurances about messengers not being shot. And the administration has made it clear it's in the business of hunting down leakers, perhaps with the goal of unseating President Obama at the top of the "most whistleblowers prosecuted" list.

At this point, it's all just secondhand (Oval) office chatter. But considering the animosity Trump has shown towards the press and free speech in general, it's worth noting. And it always seems like every Trump denial or assertion has been followed by a leaked document to the contrary, so I'd be surprised if Comey's memo isn't made public within the next few days -- either by being leaked to journalists or presented at the hearings Comey has been asked to attend. This administration's contempt and hatred for the press has been undisguised. Donald Trump may be unable to change the Constitution, but that doesn't mean he and his handpicked agency heads won't spend the next few years making journalists' lives miserable.

38 Comments | Leave a Comment..

Posted on Techdirt - 17 May 2017 @ 3:23pm

Appeals Court Pretty Sure DOJ Use-Of-Force Guidelines Don't Violate Police Officers' 2nd And 4th Amendment Rights

from the leaping-at-the-chance-to-look-stupid-at-two-court-levels dept

A few years ago, some Seattle police officers came up with a novel plan to battle DOJ-imposed limits on their use-of-force. Since their union wisely decided to steer clear of this ridiculous legal battle, the officers chose to crowdfund their way into the federal court system.

Armed with a little over $3,000 and some particularly dubious arguments, the protesting cops filed a lawsuit claiming their Second and Fourth Amendment rights were being violated by the DOJ's use-of-force restrictions. It did not go well.

The officers' arguments were unsupported by the Constitution or case law, Chief U.S. District Judge Marsha Pechman said in an opinion issued Monday.

[...]

Plaintiffs can point to no case establishing that the Second Amendment codified a free-standing right to self-defense, as opposed to case law interpreting the textual Second Amendment rights to “keep and bear arms” in light of their purposes…

[...]

Nor did she agree with the officers' insistence that the policy violated a "right of self-defense as embedded in the Fourth Amendment," which protects against unreasonable search and seizures. Pechman said the argument grossly misconstrued Fourth Amendment law.

The lawsuit was dismissed with prejudice by the court. One would think $3,000 only buys a single trip through the federal court system, but apparently appellate-level lawyering is cheaper. The officers immediately appealed the dismissal, and are now finding the Appeals Court isn't any more impressed with the officers' claimed rights violations.

The Ninth Circuit seemed skeptical of Seattle police officers’ claims that a new use-of-force policy mandated by the Department of Justice violates their Second Amendment rights.

U.S. Circuit Judge N. Randy Smith told the officers’ attorney he didn’t “have much of an argument” at a three-judge panel appellate hearing on Monday.

The officers continue to claim de-escalation policies violate their Second Amendment rights by somehow robbing them of the ability to defend themselves. Not quite "Obama's coming for my guns," but close. How armed officers are being stripped of the right to bear arms -- including using them in defense (but perhaps less frequently) -- is something their lawyer hasn't been able to explain to any court's satisfaction.

The Fourth Amendment argument is even worse. Even in the plaintiffs' own words, it's spectacularly bad: a "metaphorical seizure" of their "right" to use whatever force they feel is necessary.

As the opposing counsel points out in a stunning display of logic, the place to protest new police policies isn't this courthouse. It's the one that approved the DOJ consent decree.

If the officers had real concerns about the use-of-force policy, they should have brought them before the federal judge overseeing the police reforms rather than asking an appellate panel to “create a new fundamental constitutional right,” [city attorney Gregory] Narver said.

The 126 Seattle law enforcement officers involved in this lawsuit have achieved the nigh impossible: making a police union look like the saner party in the wake of a DOJ investigation.

16 Comments | Leave a Comment..

Posted on Techdirt - 17 May 2017 @ 1:20pm

Magical Cop Detects Drugs Better Than Blood Tests; Continues To Lock Innocent People Up

from the let's-just-shut-down-the-crime-lab-and-save-taxpayers-some-$$$ dept

In court filings, testimony, and warrant affidavits, law enforcement officers refer constantly to their "training and expertise." Given enough time on the job and enough laser-printed certificates, any law enforcement officer can be an "expert" in anything… even detecting nonexistent drug impairment.

Atlanta's 11 Alive News has been digging into Officer T.T. Carroll's impressive run of Driving Under the Influence arrests and finding some that aren't all that impressive. [h/t PitchforksAtTheGate] T.T. Carroll is a certified "Drug Recognition Expert," having attended 160 hours of classes put on by the International Association of Chiefs of Police. Carroll is referred to by his coworkers as the "go-to guy" for impairment arrests and was given an award by the Mothers Against Drunk Driving for racking up 90 DUI arrests in one year.

Whatever the IACP is teaching in its classes must be powerful stuff. Officer Carroll's observational powers allow him to detect people impaired by drugs they've never had in their system.

Officer Carroll: "I'm going to ask you a question, okay? When was the last time you smoked marijuana?"

Katelyn Ebner: "Oh, I don't do that. I can give you a drug test right now."

Officer Carroll: "You don't smoke marijuana?"

Katelyn Ebner: "I do not, no."

Officer Carroll: "Okay. Well, you're showing me indicators that you have been smoking marijuana, okay?"

Katelyn Ebner: "I'm going to jail for marijuana?"

Officer Carroll: "No, ma'am -- not possession, unless I find any in your car. I believe you're impaired by the marijuana you've smoked."

Katelyn Ebner: "Okay, so when I do a drug test, I'll be free to go, correct?"

Officer Carroll: "You're going to jail, ma'am. Okay? I don't have a magical drug test that I can give you right now."

Ah, but Officer Carroll does have a "magical drug test." It's one he performs during stops that provides him with the probable cause for arrest, even when roadside impairment tests disagree with his PC assessment. And if his amazing drug recognition skills fail him, it's the arrestees that pay the price. In the case of Ebner, whose blood test came back clean, it cost her her job. Ebner worked for a bar but her license to serve alcohol was revoked because of the impairment arrest. Four months after her bogus arrest, she was cleared of all charges. All well and good, but being cleared of charges doesn't undo the damage done during the four months when charges were still pending.

The 11 Alive report examines two more arrests involving Officer Carroll's superhuman ability to detect drugs blood tests can't even find. In all three cases, lab tests for substances came up clean. Rather than offer to take a look at the super-productive officer's body of work, the police department has doubled down on its assertion that Officer Carroll detects drugs better than a blood test.

Complaints filed by arrestees have gone nowhere. The Cobb County PD's internal investigators responded with one highly-dubious claim…

Cobb County Investigators exonerated the officer and doubted Ebner's innocence, insisting, 'the marijuana could have already metabolized out of the blood.'

And one highly-infuriating one:

"When you brought up that you had a clean blood test when complaining to Internal Affairs, their answer was what?" Keefe asked.

"They said, 'Yeah, we see this happen all the time. Um, the test results come back wrong all the time,'" she said.

These would be the same drug tests prosecution experts would claim to be infallible if needed to secure a conviction. This lab apparently only hands out false negatives.

The consequences of Officer Carroll's "drug whispering" will never be felt by Officer Carroll. His department is already shielding him from the press and if these complaints become civil rights lawsuits, it's highly likely Carroll's "expertise" will result in a granting of qualified immunity. A little knowledge can be a dangerous thing, but no more so than in the hands of someone with a great deal of power and very little accountability.

44 Comments | Leave a Comment..

Posted on Techdirt - 17 May 2017 @ 10:42am

DA's Office Facing Multiple Lawsuits Related To Its Use Of Fake Subpoenas To Intimidate Witnesses

from the apparently-ethical-violations-are-just-part-of-the-office's-'traditions& dept

The Louisiana district attorney whose office issued bogus subpoenas to trick witnesses into "volunteering" their testimony is now facing multiple lawsuits. DA Leon Cannizzaro's office was sued on May 12th by the Roderick and Solange MacArthur Justice Foundation for its refusal to turn over copies of every fake subpoena it has issued.

Three days later, it was sued again, this time by the ACLU.

The ACLU lawsuit, filed Monday in Orleans Parish Civil Court, differs from a related lawsuit brought last week against Cannizzaro's office by the Roderick and Solange MacArthur Justice Foundation regarding the so-called Article 66 subpoenas.

The MacArthur suit seeks copies of every subpoena issued by the DA's office since 2013 -- those properly authorized by a judge, as well as the fraudulent "DA's subpoenas" intended to appear as if they carried legal weight.

The ACLU suit seeks the names and Louisiana Bar Association numbers of any attorney in Cannizzaro's office responsible for using one of the fake documents. An attorney who knowingly used a fraudulent document to compel witness testimony could be subject to penalties ranging from ethical misconduct sanctions by the Louisiana Attorney Disciplinary Board to the unlikely extreme of criminal charges brought by the state Attorney General's office related to forgery.

So far, Cannizzaro's office has no comment on the lawsuits (other than to say it hasn't been served with either suit yet). The only comment Cannizzaro's office has made is that the practice predates his tenure, as if that somehow excuses the ethical and (possibly) legal boundaries his office crossed. As a deflection, it's horrible. It's like claiming you still approve general warrants because your British predecessors did.

I'm sure DA Cannizzaro has several reasons for not immediately handing over these documents, all of them related to mitigating the damage done by these revelations. There may be a day of judicial reckoning ahead for Cannizzaro and his underlings, and the longer he can keep these documents out of the public's hands, the longer it will be until he can be confronted with the evidence.

Cannizzaro's office now has multiple opportunities to see what it feels like to be a defendant, and most likely will be the recipient of genuine subpoenas demanding compliance under the pain of actual jailing. Process servers will now have to navigate groups of protesters calling for Cannizzaro's removal just to hand him copies of these lawsuits. And all of this could have been avoided by Cannizzaro, if he had just decided against carrying on the unethical "tradition" of intimidating possible witnesses with fake subpoenas and bogus legal threats.

10 Comments | Leave a Comment..

Posted on Techdirt - 17 May 2017 @ 3:16am

Inspector General's Report Shows Section 702 Isn't The Only Thing Being Abused By The NSA

from the does-the-NSA-even-understand-the-concept-of-'internal-controls?' dept

There's more than Section 702 up for renewal at the end of this year. Most of the attention has been focused on Section 702 because it's used most frequently for internet communications and data collections. Not only does the NSA make use of this collection, but other agencies (FBI, CIA) are allowed unminimized access to NSA 702 data stores. With this many agencies reliant on NSA communications interception, the sales pitches have been focusing on this particular authority.

But there are other surveillance authorities under Title VII: Sections 704 and 705, which allow the NSA to target US persons located outside of the country. The numbers put up by these sections aren't as impressive as Section 702's (~3,000 selectors for 151 million records), but 704/705 isn't supposed to result in incidental collection. It's a US spy agency actively spying on US citizens.

According to Marcy Wheeler, these collections only target about 80 people. But protections for US citizens aren't supposed to evaporate just because they've travelled out of the country. Agencies seeking to use these authorities must obtain a FISA court order to collect communications and data. Section 704 covers new requests for collections and Section 705 allows for "streamlined" requests/renewals for orders covering US persons already targeted by the agency.

The NSA may be compliant in terms of obtaining court orders, but the 2016 Inspector General's report [PDF] released last week shows the agency has done almost nothing to prevent abuse of its collections.

At the time of our review, the Agency could not reliably identify queries performed using selectors associated with FAA 704 and 705(b) targets because the SIGINT databases did not uniformly send records in the correct format to [REDACTED] (NSA's SIGINT auditing and logging system).

[...]

We identified [REDACTED] queries that were not compliant with the FAA 704 and 705(b) targeting and minimization procedures. [LONG REDACTION] We identified another [REDACTED] queries that were performed outside the targeting authorization periods in E.O. 12333 data, which is prohibited by the E.O. 12333 minimization procedures. We also identified [REDACTED] queries performed using USP slectors in FAA 702 upstream data, which is prohibited by the FAA 702 minimization procedures.

According to the NSA, the problem is its own software. These collections are obtained beforehand. The FISA orders only limit what analysts can search for in the collected data. Everything apparently funnels into one big pile, and it's up to analysts to search according to the controlling statute (702, 704, 705, or Executive Order 12333). The problem is the NSA's system immediately gives access to "all authorities to which analysts are entitled access." Someone who's supposed to be performing a more limited search under 704 may not take steps to remove 702 collections from the queried data or add the limiters needed to ensure proper minimization of US persons' communications.

That's already a terrible way to handle the querying of NSA collections. The default is everything, and affirmative, unprompted steps must be taken by analysts to ensure their queries are lawful. Making it worse is the issue the IG first mentioned: the NSA has no system for tracking possibly-prohibited searches.

Then there's this wrinkle in the statutory authorities the NSA seems unable to comply with: the NSA cannot engage in domestic surveillance so its targeting of US persons overseas must end when the US person arrives back on US soil. Possible violations of this nature were, again, not being tracked by the NSA.

FAA 704 and 705(b) targeting and minimization procedures prohibit targeting USPs while they are in the United States. Although the Agency is not required to document [REDACTED], maintaining these records is important for securing compliance with the targeting and minimization procedures.

The upshot of this report is that the NSA has probably engaged in wholly domestic surveillance thanks to lax recordkeeping and its all-access internet communications haystack. Having to get permission from the FISA court to search collected records is an important step, but it's completely meaningless when analysts are given full access to data stores under multiple authorities and expected to "opt out" of potentially unlawful searches.

As Marcy Wheeler points out in her post about 704/705 violations, the NSA is a "dumpster fire of noncompliance." She points to a just-released opinion by FISC judge Rosemary Collyer, in which the judge notes the NSA's new 704/705 search tool (put in place in 2012) resulted in far more violations than approved searches.

NSA examined all queries using identifiers for “U.S. persons targeted pursuant to Sections 704 and 705(b) of FISA using the tool [redacted] in [redacted] . . . from November 1, 2015 to May 1, 2016.” Id. at 2-3 (footnote omitted). Based on that examination, “NSA estimates that approximately eighty-five percent of those queries, representing [redacted] queries conducted by approximately [redacted] targeted offices, were not compliant with the applicable minimization procedures.” Id. at 3. Many of these non-compliant queries involved use of the same identifiers over different date ranges. Id. Even so, a non-compliance rate of 85% raises substantial questions about the propriety of using of [redacted] to query FISA data. While the government reports that it is unable to provide a reliable estimate of the number of non-compliant queries since 2012, id., there is no apparent reason to believe the November 2015-April 2016 period coincided with an unusually high error rate.

In other words, the tool was broken from the moment it was introduced and very likely resulted in four out of every five searches being noncompliant over that four-year period. This is the sort of thing that will be glossed over during the run up to renewal, with the NSA touting its multiple layers of oversight and rigorous self-reporting as reasons it should be given extended permission to engage in future noncompliance.

Read More | 8 Comments | Leave a Comment..

Posted on Techdirt - 16 May 2017 @ 3:02pm

Paul Levy Hoping To Wake Up Maryland Courts To The Numerous Fraudulent Libel Lawsuits Filed There

from the so-far,-very-little-interest-in-performing-actual-judge-work dept

Something's rotten in Maryland. Not conspiracy-level rotten, but rotten nonetheless. As we've discussed recently, Paul Alan Levy (along with Eugene Volokh) have done a ton of legwork to flush out the perpetrator of several bogus libel lawsuits filed in Baltimore courts, designed for the purpose of "reputation management" (i.e., convincing Google to stop linking to posts someone doesn't like). The man behind many of these appears to be Richart Ruddie, who runs a reputation management company called Profile Defenders.

As we discussed earlier this week, one of the judges in Baltimore handling one of those cases has refused to fix things and overturn his rubber-stamped order. But there are other, similar cases in front of other judges there as well, and they seem equally unwilling to make proactive efforts to deter this sort of abuse. Because of this, Levy has worked with Myvesta (a company indirectly affected by a bogus libel lawsuit, thanks to bogus delisting orders targeting one of its websites) to file an amicus brief detailing Ruddie's fraudulent reputation management efforts.

We had several reasons for filing an amicus brief in support of the plaintiffs’ motion to vacate. First, it seemed to us that the motion to vacate understated the extent of the fraud that had been perpetrated on the court — it did not frankly admit that Bryan Levin was an invented name created for the purpose of justifying the consent order, and it did not admit that the consent order sought the plaintiffs’ objective — suppression of critical articles — by the device of suing over allegedly defamatory comments. The motion did not admit that in additional to victimizing the court by the fraud, the person who arranged for the case to be filed was actually victimizing a speaker whose rights are protected by the First Amendment, and the motion did not call the consent order by its proper name — a prior restraint of protected speech.

But the problem goes much deeper than the case Myvesta's involved in. Ruddie had a lot of extremely sketchy irons in the court's fire. Levy wants to ensure this case isn't seen as a one-and-done.

A second reason for submitting the amicus brief was to ensure that the judge not hear this motion to vacate judgment in isolation – we know of a raft of other cases like Smith v. Levin that were filed in the Maryland courts and, in particular, in the Circuit Court for Baltimore City. Some of these other cases also sought relief suppressing other articles on the Get Out of Debt Guy blog, in the apparent interest of other debt relief companies that the blog had criticized. Our brief identifies several other such cases, and Professor Volokh’s research has identified several more.

The filing [PDF] reveals many more details about Ruddie's scamtastic lawsuits, as well as lawyer Bennett Wills' apparent participation in the fraudulent filings. (Wills, who works for Ruddie client Rescue One, has claimed he never knowingly engaged in fraudulent behavior.)

[I]t has come to Myvesta’s attention that Bennett Wills has filed two additional “fake lawsuits” in Maryland circuit courts that are comparable to this case. Visionstar, Inc. v. Perez, No. 24C15005743 (Cir. Ct. Balt. City); Cohen v. Wilkerson, No. 06C15070022 (Cir. Ct. Carroll Cy). (Copies of these two complaints are attached). The papers use very similar language, and an investigation conducted by a private detective retained by UCLA law professor Eugene Volokh to assist in his investigation of the phenomenon of fake litigation established that, as in this case, neither of the two individuals who were named as defendants and whose signatures appear on the consent orders live at the addresses shown for them. See attached Declaration of Giles Miller. Moreover, both cases show obvious signs of being fake: the signatures of defendants “Mark Wilkerson” and “Daniel Perez” appear to have been written by the same hand; and the very carefully handwritten signature of “Mark Wilkerson” spells his name as “Wilerkson.”

And in the Visionstar case, the allegation in paragraph 13 about the IP address from which the supposedly defamatory reviews were posted to the Ripoff Report website is a highly implausible. Generally speaking, a subpoena can be issued in connection with a case seeking to identify the poster of an anonymous comment, but that is something that happens after the complaint is filed, not something that can be listed in the complaint. Undersigned counsel has contacted inside counsel for Xcentric Ventures, the company that operates Ripoff Report, and ascertained that his client has never received any subpoena to identify the anonymous author of the reports cited in the Visionstar complaint; that attorney also represented that he checked the IP addresses for the reports cited in the complaint, and that none of them was associated with the address 12.4.33.71 as the complaint alleges.

Levy points out Ruddie's preferred legal venue is likely due to the fact that his business (what's left of it) is located in that area. It would be very unlikely for so many defendants to be located in the Baltimore area, given the worldwide nature of the internet, but somehow these plaintiffs keep finding anonymous commenters right in Ruddie's backyard. (And with record speed, too. In Ruddie's faux lawsuits, commenters are usually unmasked within a few days of a lawsuit's filing, all without subpoenas or court orders demanding the identifying info behind IP addresses and pseudonyms.)

Ruddie's probably not filing any more bogus lawsuits -- at least not while he's under investigation by the US Attorney's office. But there are likely more fraudulently-obtained court orders out there still needing to be vacated. And, as long as the court appears inattentive, there's an open invitation for similarly-minded reputation managers to see if they can sneak a few bogus injunction requests past Baltimore judges.

Read More | 8 Comments | Leave a Comment..

Posted on Techdirt - 16 May 2017 @ 10:46am

French Theater Owners Freak Out; Get Netflix Booted From Cannes Film Festival

from the competing-isn't-really-the-French-way dept

Even as Netflix continues to draw top talent to produce original series and movies (while failing to destroy the motion picture industry), it is still being locked out of being considered a "real" filmmaker.

The tentative embrace of streaming services' offerings comes with caveats: films must be released to theaters as well to be considered for major awards. This makes things considerably tougher for Netflix since it's faced heavy resistance from theater owners and others who see a lack of release windows as a threat to their existence.

The latest rejection of Netflix's advances is happening at France's Cannes Film Festival. Netflix has two films up for consideration for this year's awards, but according to festival organizers, it will be its last unless something changes. Here's the festival's official flip-flop, via David Canfield at Slate:

A rumor has recently spread about a possible exclusion of the Official Selection of Noah Baumbach and Bong Joon-Ho whose films have been largely financed by Netflix. The Festival de Cannes does reiterate that, as announced on April 13th, these two films will be presented in Official Selection and in Competition.

The Festival de Cannes is aware of the anxiety aroused by the absence of the release in theaters of those films in France. The Festival de Cannes asked Netflix in vain to accept that these two films could reach the audience of French movie theaters and not only its subscribers. Hence the Festival regrets that no agreement has been reached.

The issue here appears to be French theater owners, although the statement doesn't say that in as many words. Instead, the festival delivers a whole lot of words on a platter of subtext.

The Festival is pleased to welcome a new operator which has decided to invest in cinema but wants to reiterate its support to the traditional mode of exhibition of cinema in France and in the world. Consequently, and after consulting its Members of the Board, the Festival de Cannes has decided to adapt its rules to this unseen situation until now: Any film that wishes to compete in Competition at Cannes will have to commit itself to being distributed in French movie theaters. This new measure will apply from the 2018 edition of the Festival International du Film de Cannes onwards.

To translate this, one needs to look at the events leading up to the festival's sudden reversal. The festival doesn't want to lose local support, so it has allowed itself to be bullied into a hasty invitation retraction. This report from CBC News is the explicit version of the statement's implicit wording.

The [Netflix] selections prompted immediate criticism from French exhibitors. In France, the theatrical experience is passionately defended. Films are prohibited from streaming or appearing on subscription video on demand for three years after playing in theatres.

On Tuesday, France's National Federation of Films Distributors said the Netflix films at Cannes were "endangering a whole ecosystem."

Must be a pretty fragile ecosystem if a streaming service being considered for an award threatens its stability. And -- considering the three-year no-streaming window French citizens are punished with -- it's easy to see why Netflix hasn't reached an agreement with the locals. It's also easy to see Netflix will never be able to reach an agreement with French exhibitors. One side has a whole lot of room for compromise, but if it hasn't done so already during the rise of streaming services, it's unlikely to start making concessions now.

So, there will be no Palme d'Ors in the Netflix trophy case. And this nation's creative industries will continue to prop themselves up on insular, isolationist laws, rather than face the rest of the world head-on.

40 Comments | Leave a Comment..

Posted on Techdirt - 16 May 2017 @ 9:32am

Latest FISA Court Order Details Why NSA Didn't Get Any 702 Requests Approved Last Year

from the hint:-a-datacenter's-worth-of-noncompliance dept

The latest document dump by the Office of the Director of National Intelligence (ODNI) -- which contains several documents pried loose by an ACLU FOIA lawsuit -- explains why the NSA ran through the entirety of 2016 without an approved Section 702 request from the FISA court. The short answer is a whole lot of noncompliance. So's the long answer:

After submitting its 2016 Certifications in September 2016, the Department of Justice and ODNI learned, in October 2016, about additional information related to previously reported compliance incidents and reported that additional information to the FISC. The NSA also self-reported the information to oversight bodies, as required by law. These compliance incidents related to the NSA’s inadvertent use of U.S. person identifiers to query NSA’s “upstream” Internet collection acquired pursuant to Section 702.

Pursuant to statutory requirements, the FISC was required to complete its review of the 2016 Certifications within 30 days of submission. See 50 U.S.C. § 1881a(i)(1)(B). Thus, the FISC had until October 26, 2016, to issue an order concerning the 2016 Certifications. However, after the October 2016 report to the FISC regarding improper queries, the FISC twice extended its time to consider the 2016 Certifications – first until January 31, 2017, and then until April 28, 2017 – in order to receive additional information about the compliance incidents and the Government’s plan to address them. See April 2017 Opinion at 3-4. The previous year’s certifications remained in effect during these extension periods.

Of note here is the fact that the court allowed 2015's certifications to remain in place despite even more reports of noncompliance by the NSA. Section 702 has been steadily abused, inadvertently or deliberately, since its inception in 2008 as part of the FISA Amendments Act.

Because the court was extremely hesitant to approve new searches under this authority, the agency apparently undertook a comprehensive overhaul of the program. The end result was the shutdown of the "about" collection -- an upstream dragnet for email communications that tended to grab a bunch of US persons' communications -- ones the NSA supposedly couldn't figure out how to separate from its non-domestic data.

The latest FISC opinion [PDF] -- roughly a month old at this point -- finally gives the NSA a 702 court order it can include in its next transparency report. The opinion doesn't spend much time chastising the agency for its long-running compliance issues but at least provides more examples of how little the NSA has done to prevent internal abuse of its collections. This abuse also includes the FBI, which has access to the NSA's raw, unminimized 702 data.

Since 2011, minimization procedures have prohibited use of U.S.-person identifiers to query the results of upstream Internet collection under Section 702. The October 26, 2016 Notice informed the Court that NSA had been conducting such queries in violation of that prohibition, with much greater frequency than had previously been disclosed to the Court… The government reported that the NSA IG and OCO were conducting other reviews covering different time periods, with preliminary results suggesting that the problem was widespread during all periods under review.

At the October 26, 2016 hearing, the Court ascribed the government's failure to disclose those IG and COO reviews at the October 4, 2016 hearing to an institutional "lack of candor" on part and emphasized that "this is a very serious Fourth Amendment issue."

Some of the compliance issues could be traced back to the NSA's querying system, which seemed built to ensure as many compliance issues as possible.

The January 3, 2017 Notice stated that "human error was the primary factor" in these incidents, but also suggested that system design issues contributed. For example, some systems that are used to query multiple datasets simultaneously required to "opt-out" of querying Section 702 upstream Internet data rather than requiring an affirmative "opt-in," which, in the Court's view, would have been more conducive to compliance.

The report also details further issues with the NSA and its data-sharing, including a heavily-redacted retelling of compliance issues at the FBI concerning dissemination of unminimized US persons' info (including to government contractors). While steps have now been put in place to prevent a recurrence, the court notes the government has routinely dragged its feet providing notice of misuse of surveillance databases.

Too often, however, the government fails to meet its obligation to provide prompt notification to the FISC when non-compliance is discovered. For example, it is unpersuasive to attribute -- even "in part" -- an eleven-month delay in submitting a preliminary notice to efforts to develop remedial steps… when the purpose of a preliminary notice is to advise the Court while investigation or remediation is still ongoing… The Court intends to monitor closely the timeliness of the government's reporting of non-compliance regarding Section 702 implementation.

And so it goes for 99 pages. Multiple compliance violations, multiple promises to do better next time by the government, and a handful of mild admonitions by the FISA judge. The most useful thing to come of this is the voluntary step the NSA took to end its "about" collection program, thus narrowing the number of incidentally-collected US persons' communications. While the court approves of this move, its approval means very little should the NSA decide to revive the program. Considering its lengthy run of compliance issues, it seems unlikely the agency will be in any hurry to defend a rollback of its rollback in a court that's heard about nothing but misuse and abuse of domestic communications for most of the last decade.

Read More | 10 Comments | Leave a Comment..

Posted on Techdirt - 15 May 2017 @ 3:05pm

Thailand Demands More Proxy Censorship From Facebook

from the negotiating-with-censors-rarely-goes-well dept

More foreign censorship is coming to American social media companies. Back in January, Facebook hinted it would be at least partially receptive to the government of Thailand's desire to be free from criticism. Fortunately, the Thailand government has been slightly more rational than, say, Austria's by not demanding offending content be removed everywhere. So far, it seems amenable to Facebook just preventing Thailand's citizens from seeing anything deemed insulting to their rulers (dead or alive).

The problem right now (at least in the minds of Thailand government officials) is that Facebook isn't making with the targeted censorship quickly enough.

The social media giant has been given until next Tuesday to remove more than 130 items from pages viewable in Thailand.

Facebook says it does consider requests from governments to block material, and will comply if it breaks local laws.

The "or else" part of the government's threat seems to be nonexistent at this point, although it probably involves cutting off citizens' access to Facebook entirely. The Thai government insists Facebook has been mostly cooperative, but is dragging its feet on the 100+ posts it has declared illegal under the country's "don't badmouth your authoritarian leaders" law.

It's disappointing to see Facebook agree, even partially, to act as a proxy censor for Thailand's government. While it's generally a good idea for social media companies to be somewhat responsive to local rules and regulations, there's very little to be gained by being an errand boy for a regime where insulting kings results in secret trials and 15-year jail sentences.

It must be noted that Facebook isn't the only US tech company working with the Thailand government to ensure its top officials remain unoffended. Google has also participated in proxy censorship. Last year, it reported it had complied with 85% of requests made under Thailand's lese majeste laws, although it did not explain whether this was location-based blocking or complete removal of the literally-offending posts.

Any form of tolerance for this only encourages further abuse. The country's cybersecurity laws are already being abused by the government, which has declared that merely communicating with foreign critics online violates the Computer Crime Act. Censors' requests for inches quickly stretch into miles. If either of these companies tries to reel in some of the censorious slack they've given Thailand's government, it will most likely be greeted with a complete blockade or ban of their services and sites. If that's going to be the inevitable result, why bother humoring these requests at all?

71 Comments | Leave a Comment..

Posted on Techdirt - 15 May 2017 @ 1:16pm

Judge Refuses To Fix His Rubber-Stamping Of A Fraudulently-Requested Court Order

from the it's-just-a-little-prior-restraint dept

Over the past year or so, we've seen reputation management efforts slide into even shadier territory. Apparently frustrated by Google's unwillingness to humor bogus DMCA notices, rep management con artists began fraudulently obtaining court orders to get content delisted. The process involved fake defendants, fake plaintiffs, and, occasionally, fake lawyers. In one particular case, it involved forged judges signatures.

Paul Alan Levy of Public Citizen, along with Eugene Volokh (of The Conspiracy), have performed some masterful detective work to uncover at least one of the people behind this new wave of fraudulent delistings. Richart Ruddie, who has already been hit with a $70,000 settlement in one of his bogus libel lawsuits, appears to be reluctant to live up to the terms of the deal he struck with Levy. According to that, Ruddie -- who is under investigation by the US Attorney's office -- was to start withdrawing his bogus lawsuits.

As Levy points out in a recent blog post, Ruddie still has open cases in the Baltimore court system. A libel lawsuit featuring irked dentist Mitul Patel and supposed defamer Matthew Chan has yet to be dumped by Ruddie. Unfortunately, the presiding judge -- despite being provided with considerable evidence of fraudulent behavior -- doesn't appear to be interested in correcting his rubber-stamping of Patel's bogus injunction request.

In Patel v. Chan, the very first case in which Ruddie's involvement in phony consent litigation was discovered, Matthew Chan moved pro se to lift the consent order entered to try to suppress his reviews. That motion was filed on September 1, 2016, and as of the time last month when I began work on our amicus brief, Judge Philip Senan Jackson, who had been hoodwinked into signing the phony consent order, had not yet ruled on the motion — a patently invalid prior restraint was left sitting on the books for nearly eight months after the judge who issued it was informed that there was no basis for his order.

Hey, it's only a Constitutional violation. I guess it can wait. But it gets worse than simply ignoring the problem. Levy and Chan produced plenty of evidence of fraudulent behavior by Ruddie in this bogus lawsuit -- including the use of a bogus defendant, a bogus affidavit signed by the bogus defendant, and a nonexistent physical address (which I guess makes sense, what with the defendant being nonexistent). The other side has produced nothing because it has nothing.

Rather than undo his unconstitutional oversight, the judge has denied Chan's motion to vacate the judgment, apparently over some filing technicality that appears to be also nonexistent. (Here's a link to the rule cited by the judge in his denial of the motion.)

Late last week, that situation took a turn for the worse: a one-page order from Judge Jackson denied the motion to vacate on the ground that the affidavit supporting Chan’s motion was not attested in the manner required by the Maryland rules. This ruling is inexplicable – the affidavit was sworn before a notary (see the last page here). I contacted several Maryland lawyers who practice in state court and asked them about this attestation; each told me told me that, as far as they could tell, this was a proper verification of the affidavit. And even if the judge found some defect in the order, there were plenty of exhibits attached to the motion, not to speak of a separate filing by an attorney for Mitul Patel, agreeing that the complaint filed in his name had been submitted to the court without his authorization, and bore a forged signature. Several Maryland lawyers to whom I provided the affidavit shared my reaction – what could Judge Jackson possibly be thinking?

Lots of things come to mind, none of which make Judge Jackson appear qualified to hold this position of power. Maybe the judge doesn't like hearing he made mistakes. Maybe he's hoping this will all blow over and he can continue to make the same mistakes in the future. One thing is clear: Jackson's refusal to address fraud on his own court will ensure his court will be the venue of choice for like-minded fraudsters.

19 Comments | Leave a Comment..

More posts from Capitalist Lion Tamer >>