Capitalist Lion Tamer’s Techdirt Profile

capitalisliontamer

About Capitalist Lion TamerTechdirt Insider

List of blogs started with enthusiasm, which now mostly lie dormant:

[reserved for future use]
http://5k500k.wordpress.com

[recently retired]
http://capitalistliontamer.wordpress.com

[various side projects]
http://cliftonltanager.wordpress.com/
http://bl0wbybl0w.wordpress.com/
http://thepenismadeoutofspam.wordpress.com/



Posted on Techdirt - 4 May 2016 @ 3:40pm

Defense Department Screws Over FOIA Requester Repeatedly, Blames Him For 'Breaking' The FOIA Process

from the the-other-FOIA-terrorist dept

The FOIA system is broken. The administration pays lip service to transparency while aggressively deploying exemptions. Agencies routinely complain about FOIA response budgets and staffing levels, yet no one seems motivated to fix this perennial issue. FOIA reform efforts moving forward with bipartisan support are repeatedly killed after receiving pushback from the White House.

Then there's this: a single requester is being blamed for a backlog of FOIA requests at an agency that's never underfunded -- the Department of Defense.

According to its "Chief Freedom of Information Act Officer Report," Nick Turse is the US citizen who has managed to bring the slowly-moving DoD FOIA machinery to a complete halt.

The report, for instance, laments that “despite their best efforts to provide helpful details, great customer service and efficient responses,” some DOD components were “still overwhelmed by one or two requesters who try to monopolize the system by filing a large number of requests or submitting disparate requests in groups which require a great deal of administrative time to adjudicate.” The study went on to call out:

"[o]ne particular requester [who] singlehandedly filed three requests with SOUTHCOM [U.S. Southern Command], 53 requests with AFRICOM, 35 requests with SOCOM [Special Operations Command] and 217 requests with OSD/JS [Office of the Secretary of Defense/ Joint Staff] for a total of 308 cases this fiscal year alone. For AFRICOM, this represents 43 percent of their entire incoming requests for the year and 12 percent for SOCOM. This requester holds over 13 percent of the currently open and pending requests with OSD/JS and over the past two years has filed 415 initial requests and 54 appeals with this one component."
If this seems like a lot of requests from one person, it isn't. This is the way the system works. Agencies routinely delay responses (Turse has been waiting more than four years for responses to some of his FOIA requests) when not redacting them to uselessness, forcing requesters to make multiple requests for the same information or related documents, in hopes of actually receiving some information in response to their information requests.

The percentages may seem high, but AFRICOM isn't exactly a popular FOIA target. This focus relates to Turse's ongoing investigative reporting on abusive behavior by US soldiers stationed at bases in Africa. What he has managed to uncover so far isn't pretty, and his reporting on it has won him no friends in the Pentagon.
I made, for instance, a couple hundred attempts to contact the command for information, comment, and clarification while working on an article about criminal acts and untoward behavior by U.S. troops in Africa — sexual assaults, the shooting of an officer by an enlisted man, drug use, sex with prostitutes, a bar crawl that ended in six deaths. Dozens of phone calls to public affairs personnel went unanswered, countless email requests were ignored.

At one point, I called [DoD Chief of Media Engagement Benjamin] Benson, the AFRICOM media chief, 32 times on a single business day from a phone line that identified me by name. He never picked up. I then placed a call from another number so that my identity would be concealed. He answered on the second ring. Once I identified myself, he claimed the connection was bad and the line went dead.

[...]

Today, when I write to the current AFRICOM public affairs chief, Lt. Cmdr. Anthony Falvo, I receive similar treatment. I often get a return receipt back that tells me my email to him “was deleted without being read.” This happened to me, for example, on Thursday, September 10, 2015; Friday, October 2, 2015; Tuesday, October 6, 2015; Thursday, November 5, 2015; Friday, November 27, 2015; Wednesday, February 10, 2016 … you get the picture.
That the DoD finds itself swamped by Turse's requests is its own fault. Had it simply returned the requested documents in a timely fashion, it would not have this Turse-centric backlog to complain about. Now, it's using an official report to portray the FOIA process as unnecessarily burdensome on the government and prone to abuse by tenacious citizens. This portrayal is not only false, but it obscures the fact that the DoD still controls every interaction with FOIA requesters. It has held Turse at arms length for several years and now it won't even answer his emails and phone calls regarding requests it has yet to answer. But in its report, it complains that it's Turse that has broken the system, rather than this being the FOIA system's natural state: that it only works as well as responding agencies want it to.

9 Comments | Leave a Comment..

Posted on Techdirt - 4 May 2016 @ 2:01pm

Lawsuit: CBP Took $240,000 From Man And Refused To Respond To His Forfeiture Challenge Until It Had Already Processed It

from the because-barely-any-due-process-is-far-too-much-due-process dept

Looks like someone might be getting their money back after CBP agents -- operating a great distance from the US borders -- seized $240,000 from a man traveling through Indiana. While driving along I-70 outside of Indianapolis last November, Najeh Muhana was pulled over for not signalling a lane change. That's when things got weird and a bit unconstitutional.

According to his filing for return of his money, Muhana's vehicle was searched "without consent, warrant or probable cause." The Hancock County Sheriff's Department officers even brought a drug dog to the scene, but failed to uncover any contraband. The $240,000 Muhana was carrying caught their eye, though.

Muhana (correctly) intuited the officers wanted to take his money. So he told them he had just been talking to the person the money was owed to. This story, which was untrue, seemed to upset the officers, who spent the next hour discussing something presumably related to how they could take the cash from Muhana -- because that is exactly what they eventually did.

This decision was made when CBP agent Scott Thompson -- operating roughly 250 miles from the nearest border -- arrived on the scene. Thompson took the money and gave Muhana a "receipt for property." Muhana, whose native language is Arabic, took this to mean the money would be returned when the CBP finished its investigation into whatever it was it thought was going on here.

Shortly after that, the Sheriff's Department took Muhana into custody based on a traffic stop that had occurred four months earlier in another state. Details on that arrest suggest Muhana may have been involved in selling unlicensed cigarettes.

Najeh Muhana, 39, St. Louis, was preliminarily charged with possession of untaxed cigarettes, according to a Henry County Jail List.

Muhana’s charges stem from an incident that initially began on I-70 in July when members of the Pro Active Criminal Enforcement Team pulled over his rental van for unsafe lane movement. Blankets covered the cargo area and police confiscated 2,400 cartons of Newport cigarettes, valued at more than $147,000, and 650 cans of infant formula, valued at $10,500.

The cigarettes had a Missouri tax stamp, said Major Jay Davis of the Henry County Sheriff’s Department, noting that in Indiana, it is illegal to possess such items without an Indiana tax stamp.
During this stop -- which occurred in November -- officers uncovered nothing more than cash. They may have believed the two were related, but they never bothered connecting the dots for the benefit of Muhana, much less used it as a basis for the cash seizure.

In fact, all the involved agencies did was pass the buck -- along with Muhana's bucks -- whenever he sought information on how to work towards the return of his money. The filing details multiple attempts to obtain any confirmation on the forfeiture, or who he should speak to in order to get the process underway. Further, there's no record that Muhana was ever notified of the CBP's intent to pursue forfeiture -- nothing beyond the mysterious "receipt for property" the CBP agent gave him.

Muhana began making inquiries a few weeks after the money was taken, beginning in December 2015. In January, CBP agent Scott Thompson told him the case had been turned over to the CBP's Ohio office. The following Kafka-esque chain of events is directly from the filing.
On or before January 19, 2016, Mr. Muhana's counsel contacted Eartha Graham, Paralegal Specialist, U.S. Customs and Border Protection in Middleburg, Ohio regarding the status of the Currency.

On January 19, 2016, Ms. Graham responded via email to counsel, stating, "I will need something in writing preferably on company letterhead stating you are representing Mr. Muhana asap."

[...]

On January 20, 2016, counsel followed up with a facsimile to Ms. Graham, in writing,

In response to your email to me yesterday, this will confirm that I represent Najeh Mulhana relating to the seizure of three (3) bags of currency by the US. Customs Service on or about November 6, 2015, in Indiana. The seizing officer was Special Agent Thompson. Mr. Muhana is requesting return of the money.

On January 26, 2016, counsel again contacted Ms. Graham related to the Currency, asking, "Will the agency be sending me some notification regarding its intentions relating to the seized money?" She responded, "Yes, we will be sending something out soon."

On February 1, 2016, Ms. Graham followed up again with an email to counsel stating, "I just received word from our counsel to request a written statement sign (sic) by Mr. Muhana, stating you will be representing him for currency case." The same day, Mr. Muhana's counsel sent Ms. Graham an email with a copy of the law firm's engagement letter attached.

On February 8, 2016, counsel received a letter from Tessie Douglas, FP&F Officer, US. Customs and Border Protection, Middleburg, Ohio, dated February 4, 2016. In the letter Ms. Douglas stated,

This is with reference to your inquiry on behalf of your client Mr. Najehm Muhana, about the currency that was seized on November 6, 2015.

The circumstances of this case have been reviewed. It has been determined that since your client waived his rights to the currency by signing the abandonment form, he cannot make claims on the currency. The forfeiture process was completed on February 1, 2016.
The next day, Muhana's lawyer wrote back, pointing out several things. First, he had received nothing in the way of a signed waiver by Mr. Muhana indicating his relinquishment of ownership. Furthermore, even if Muhana had signed something of that sort during the arrest, he is unable to read or write in English and may not have known what he was signing. In addition, even if such a signed waiver exists, there's nothing forbidding Muhana from attempting to correct his mistake during the time between the seizure and its finalization. Muhana's attorney demanded the CBP provide him with a copy of the supposed waiver.

A reasonable request, one would think, especially when a quarter of a million dollars was on the line. But guess what? The CBP doesn't turn over that sort of paperwork to people it's taking money from. It will only turn that paperwork over to anyone who asks for it using a completely unrelated process. And that's only if it decides it isn't covered by multiple investigation-related exemptions. Behold: your tax dollars at work, giving you the finger over its cubicle wall.
There was no response until March 7, 2016. This time, counsel received an email from Rose Parks, Paralegal Specialist, U.S. Customs and Border Protection, Cleveland, which stated as follows:

The subject-referenced case has been re-assigned to me, as Ms. Graham has left our department. Per my supervisors, we do not provide copies of abandonment forms. To obtain a copy of the form, you would need to file a FOIA request.
Muhana's lawyer fired right back, hoping to find someone willing to provide more info on the up-to-this-point nonexistent waiver.
Ms. Parks:

Thank you for your message. Please confirm that the Agency has referred this matter to the US Attorneys' Office per my prior email for determination regarding forfeiture. Again, my client is making claim to the money. I understood from my conversations with Ms. Graham that the case had been re-assigned to the US Attorney for that purpose. If I have misunderstood her, please let me know immediately.
Nothing there for Mr. Muhana either.
Ms. Parks then stated as follows in her follow-up response: "The currency has been forfeited and the case is closed. No referral is being made."
The money is gone, apparently, after having skipped some necessary intermediate steps. As the filing points out, the government must notify involved parties of the intent to pursue a forfeiture. This is to give people like Najeh Muhana a very slim window in which to raise a challenge. Muhana's lawyer says that -- contrary to the law -- he was never given written notice of the agency's intentions.

The agency claims (sort of) that it had no obligation to do so because Muhana had disclaimed his ownership of it. But the chain of communications clearly show Muhana had both claimed ownership and was interested in pursuing its recovery. The agent directly involved with the seizure was made aware of this in December 2015, less than a month after the funds were taken. The agency itself was notified in writing of Muhana's intent to challenge in January 2016 -- well before the agency's February 1st declaration that the money had been forfeited.

As Muhana's lawyer points out, this is clearly bullshit.
Here, the Agency knew that Mr. Muhana was claiming to be the owner of the Currency through the repeated inquiries of his counsel. Rather than acknowledge those inquiries and respond to them, the Agency delayed any response until after February 1, 2016, when it unilaterally declared a forfeiture of the Currency. Thus, despite actual knowledge that Mr. Muhana was the owner of the Currency, the Agency refused to provide written notice to him about the Currency being seized and the Agency's intention to declare a forfeiture.
Given what's detailed here, it strongly appears as though the CBP processed a forfeiture while skipping past all the due process niceties. If so, Muhana is likely to not only prevail, but "strongly prevail" in his claim against the agency, which means it will not only have to give him back his $240,000 but pay his legal fees as well.

Read More | 19 Comments | Leave a Comment..

Posted on Techdirt - 4 May 2016 @ 9:29am

DOJ Deploys Highly-Questionable Legal Arguments In Attempt To Save FBI's Hacking Warrants

from the let-us-tell-you-how-to-read-the-applicable-statutes-and-precedent dept

The proposed Rule 41 changes recently adopted by the US Supreme Court can't go into force fast enough for the FBI. The changes -- if approved by Congress (which needs to do nothing more than literally nothing for this to happen) -- would allow it to hack computers anywhere in the nation by removing jurisdictional restrictions.

Its decision to keep a child porn site up and running in order to deploy a hacking tool to sniff out obscured user information now appears to have been a colossal mistake. The warrant for the search performed by the FBI's NIT was issued in Virginia, but the actual searches took place all over the nation. While the seized server may have been located in the state, the users identified by the NIT were located as far away as the opposite coast. The FBI's decision to ignore jurisdiction limits under Rule 41 is now costing it loads of evidence.

Judges in Massachusetts, Oklahoma and Kansas have found the searches to be illegal because they're based on invalid warrants. The government is now fighting these suppression orders. In Oklahoma, it recently entered its challenge of the court's decision to suppress evidence obtained with the NIT, using an interesting take on Rule 41 that attempts to align it with the infamous All Writs Act -- mainly that Rule 41 should be construed liberally to allow the FBI to do anything Congress hasn't expressly forbidden it to do.

Rule 41(b) is meant to be applied flexibly, not rigidly. United States v. Koyomejian, 970 F.2d 536, 542 (9th Cir. 1992). When emerging technologies create a situation in which the specific language of Rule 41 does not explicitly permit a warrant, the Supreme Court has concluded that Rule 41 “is sufficiently flexible to include within its scope electronic intrusions authorized upon a finding of probable cause.” United States v. New York Tel. Co., 434 U.S. 159, 169 (1977). The Supreme Court goes on to explain that a flexible application of Rule 41 is supported by Fed. R. Crim. P. 57(b), which provides in the absence of controlling law, “a judge may regulate practice in any manner consistent with federal law, these rules and the local rules[.]”
Just as the DOJ government would prefer we focus on a case that's almost four decades old (1979's Smith v. Maryland) when discussing bulk surveillance, Stingray devices and cell site location info, it wants us to page through late 70s court decisions when discussing the FBI's actions during the last couple of years.

In the middle of its paragraph stating that courts should be granting the FBI much more leeway when it deploys previously-unused investigative techniques, the DOJ slips in a reference to 1977's US v. New York Telephone Company -- the same Supreme Court decision it says justifies its use of the All Writs Act to force Apple to comply with demands to unlock encrypted iPhones.

The problem with the DOJ's argument is that this isn't a case where a warrant isn't "explicitly permitted." Warrants were permitted, but deployment was supposed to be limited to the jurisdiction where they were issued. The DOJ basically wants the court to forget its position as a check against government overreach and validate the FBI's invalid warrants. In doing so, it misleadingly portrays the Supreme Court's statements on the matter by selectively quoting from the decision. The wording surrounding the DOJ's pull quotes only shows the court determining that Rule 41(h) does not restrict warrants to justifying the search and seizure of "tangible items."
Although Rule 41 (h) defines property "to include documents, books, papers and any other tangible objects," it does not restrict or purport to exhaustively enumerate all the items which may be seized pursuant to Rule 41. Indeed, we recognized in Katz v. United States, 389 U. S. 347 (1967),which held that telephone conversations were protected by the Fourth Amendment, that Rule 41 is not limited to tangible items but is sufficiently flexible to include within its scope electronic intrusions authorized upon a finding of probable cause. 389 U. S., at 354-356, and n. 16 See also Osborn v. United States, 385 U. S. 323, 329-331 (1966).
This obscures the real issue here: Rule 41(b), which currently limits deployment of warrants to the jurisdictions where they were issued.

Going beyond this legal sleight of hand, the DOJ also claims that the entire two-week period it ran the child porn site while it deployed its NIT was fraught with "exigent circumstances."
The magistrate judge’s Report and Recommendation rejects the assertion that exigent circumstances would have justified the warrant. The judge’s analysis identifies the underlying exigency as being the “downloading and distribution of child pornography,” exigent “only because the Government opted to keep the Playpen site operating while it employed the NIT.” Doc. 42, p. 27. The exigent circumstances that would have justified the use of the NIT, however, were tied to the on-going rape and abuse of children—as opposed to simply its depiction.
Even if you buy the DOJ's argument that a two-week period -- in which warrants were obtained -- is still somehow "exigent," you have to get over the hurdle that exigent circumstances is almost always used to salvage the results of warrantless searches. It can't be used -- or at least hasn't been used until now -- to salvage the warrants themselves. The court here declared the warrant to be "void ab initio," meaning the warrant was never valid at any point.

Circumstances cannot be declared "exigent" if the time exists to obtain warrants. The DOJ's argument here isn't even coherent enough to be circular. It's simply nonsensical. Either the situation is exigent and warrants must be put on the back burner, or circumstances are not exigent and warrants can be obtained. It can't be both things at once, even if it would be oh so convenient for the DOJ if they were.

Exigent circumstances or not, the warrant obtained was invalid. The DOJ is hoping to turn a search with a void warrant into a warrantless search in order to bypass the Rule 41(b) restrictions it argues one paragraph earlier shouldn't prevent it from performing its searches wherever it feels like it.

The worst case scenario, though, is what could happen if everything falls into place for the DOJ. If the jurisdiction limitations are removed with the Rule 41(b) changes, future NIT warrants would be valid and suppression would be nearly impossible. But if the court buys its "exigent circumstances" argument, the FBI may feel more comfortable relying on the exception... and begin deploying its hacking tools anywhere it feels like without ever running it past a judge.

Read More | 11 Comments | Leave a Comment..

Posted on Techdirt - 4 May 2016 @ 8:20am

Michigan Politicians Want People Who Hack Cars To Spend The Rest Of Their Lives In Prison

from the plus-cancer,-where-permitted-by-local-ordinances dept

There's apparently no situation legislators can't make worse. Self-driving cars are an inevitability, as are all the attendant concerns about autonomous vehicles roaming the streets unattended, mowing down buses at 2 miles per hour or forcing drivers behind them to obey all relevant traffic laws.

There are fears that people will just stop paying attention to driving, which is weird, because that's one of the few immediate advantages of self-driving vehicles. There are also fears that a robot car is nothing more than a tempting attack target for malicious hackers. There's some truth to this last one, especially as manufacturers have loaded up vehicles with on-board computers but given little thought to properly securing them.

Even so, that's no excuse for the sort of legislation being proposed by two Michigan politicians, which would reward self-driving car hackers with lifetime stays at the nearest prison.

Michigan Senators Ken Horn and Mike Kowall have proposed a cybersecurity bill aimed at hackers and connected and autonomous cars. While Senate Bill 928 (pdf) sets out the type of crime and corresponding sentencing guidelines for car hacking, Senate Bill 927 (pdf) spells out that car hacking will be a felony. Further down, the legislation says car hacking will be punishable by life in prison.
This would be fine if… well, no, actually it's not fine at all. One tends to think of prison terms as being somewhat related to the harm caused and if someone fires off malware that prevents someone from starting their vehicle, there's no way that should be punished by a life sentence. I'm sure the legislators are contemplating worst-case scenarios where someone electronically hijacks a vehicle and causes someone's death, but that sort of thing should be punishable under other laws more commensurate with the end result of the hacking.

I can also see how not explicitly targeting hacking of vehicles might become a legal loophole which allows perpetrators to walk away from more serious charges. But this is overkill, especially because the list of violations is far too broadly written.
A PERSON SHALL NOT INTENTIONALLY ACCESS OR CAUSE ACCESS TO BE MADE TO AN ELECTRONIC SYSTEM OF A MOTOR VEHICLE TO WILLFULLY DESTROY, DAMAGE, IMPAIR, ALTER, OR GAIN UNAUTHORIZED CONTROL OF THE MOTOR VEHICLE.
Basically the bill says all electronic systems created by manufacturers must be sealed black boxes that purchasers, security researchers, hobbyists, and third-party suppliers should never, ever access under the pain of life imprisonment. "Alter" could mean "make things work better," but it still would be treated as a criminal act under this law. Repairs to on-board computers by "non-certified" mechanics could net them charges, especially if something malfunctions down the road. I'm sure this is a perfectly acceptable outcome to the US automakers still cranking out cars in Michigan, that would now have something more than copyright to threaten people with.

The senators claim this is necessary because they want to stay out in front of any technological developments.
Automotive News quoted Kowall as saying, “I hope that we never have to use it. That's why the penalties are what they are. The potential for severe injury and death are pretty high. Some of these people are pretty clever. As opposed to waiting for something bad to happen, we're going to be proactive on this and try to keep up with technology.”
You don't "keep up" with technology by treating electronic access to certain systems like some particularly powerful form of witchcraft, only punishable by the most severe sentences. This isn't legislators staying abreast of the latest developments. This is legislators bypassing evidence gathering and stocking up on fear. Because nothing eases the mind of the public more than declaring the autonomous car apocalypse to be upon us, with only this badly written bill standing in the way of death and destruction.

Read More | 68 Comments | Leave a Comment..

Posted on Techdirt - 3 May 2016 @ 11:23pm

Appeals Court Says Trademark Bully/HIV Denialist Must Pay Defendant's Legal Fees

from the beating-back-the-bullies dept

Almost three years ago, a team of pro bono attorneys (D. Gill Sperlein, Paul Alan Levy, Gary Krupkin and Neal Hoffman) took up the defense of Jeffrey DeShong, an HIV-positive blogger who had been served a bogus trademark infringement lawsuit by Clark Baker, a retired LAPD officer who spends his free time defending people who have hidden their HIV-positive status from sexual partners.

Baker had no legal basis for his claims, but was obviously hoping airy claims of Lanham Act violations based on URL similarities would be all that was needed to shut up a vocal critic. He was wrong. The lawsuit was tossed in the pleading stages by the district court and that decision was upheld by the Fifth Circuit Court.

What the appeals court did not address the first time around -- shifting legal fees to the vexatious litigant -- has now been addressed. The Fifth Circuit Court of Appeals, at the urging of DeShong's defense team, has taken a new approach to its standard for fee shifting in obviously bogus lawsuits. Paul Alan Levy explains:

The federal court in Dallas readily dismissed the trademark claims on the face of the complaint, then declined to retain jurisdiction over the state-law defamation claims; in that way, the trial judge avoiding having to address DeShong's anti-SLAPP motion. But even though our path to overruling the Fifth Circuit's rule got easier when the Supreme Court held, in Octane Fitness, that the term "exceptional cases" in the Patent Code is not limited to lawsuits brought in bad faith, the trial judge was unwilling to buck clear Fifth Circuit precedent: he denied our fee motion relying on the Fifth Circuit's bad faith standard. Today, however, the Fifth Circuit held that its previous bad faith standard (and its requirement of clear and convincing evidence) has been effectively superseded by the Supreme Court's ruling in Octane Fitness. Henceforth, "an exceptional case is one where (1) in considering both governing law and the facts of the case, the case stands out from others with respect to the substantive strength of a party's litigating position; or (2) the unsuccessful party has litigated the case in an 'unreasonable manner.'"
This new standard will make it easier for defendants facing SLAPP-type lawsuits to retain counsel, as there's a significantly better chance for fee awards once courts have examined the case. Levy, however, notes that this won't help much in this lawsuit, as the trademark bully filed for bankruptcy while the appeal was pending. This not only means it's highly unlikely the $50,000 in fees requested will ever make their way to DeShong's defense team, but the filing also allowed Baker to drag out the appeals process for an additional year.

This outcome doesn't help the defense team's bottom line but for free speech defenders like Paul Levy and his partners in this case, the precedent set here is the bigger win. This should act as a deterrent against future acts of censorship-via-litigation in the Fifth Circuit's jurisdiction and lays another brick on the path towards a unified judicial stance against censorship through litigation.

Read More | 3 Comments | Leave a Comment..

Posted on Techdirt - 3 May 2016 @ 10:39am

Another Theater Mounts A Legal Battle Against Law Saying It Can't Serve Customers Beer And R-Rated Films At The Same Time

from the with-more-Deadpool-than-usual dept

In the US, you can be given a gun and a chance to catch bullets for your country at age 18. Three years after that, the US government will finally allow you to purchase your own alcohol. At 21, you can finally be the "adult" in "adult beverages." Except in some states. Some states tie booze purchases to morality. (I mean, even more so. It's subject everywhere to "sin taxes.")

As we covered here earlier, the state of Idaho says adults can drink booze and watch movies meant for mature audiences, but not always simultaneously. In Idaho, state police have been busting theaters for showing certain movies while serving alcohol, thanks to statutes that say it's illegal to serve up both booze and "simulated sexual acts."

In Idaho, theaters are trying to get the law ruled unconstitutional -- pointing out that the law is only selectively enforced (cops raid theaters showing "Fifty Shades of Gray" rather than "American Sniper," even though both contain depictions of sexual acts) and allows the state to use liquor statutes to regulate speech.

Over in Utah, the same problem exists. The theater targeted here -- Brewvies -- isn't taking the state to court. Yet. Instead, it's fighting to stay alive. It appears a bunch of cops went to see a movie they probably wanted to see anyway while on the clock and handed the theater an ultimatum.

Brewvies is facing a fine of up to $25,000 fine and could lose its liquor license after undercover officers attended a screening of Marvel's R-rated antihero film "Deadpool" in February.

The state says playing "Deadpool" while serving booze violates Utah law because the movie includes nudity and simulated sex, including a suggestive scene in the film's credits involving a cartoon unicorn. The obscenity law is generally used to regulate strip clubs, which are required to have dancers wear G-strings and pasties if the club serves liquor.

It also bans showing any film with sex acts or simulated sex acts, full-frontal nudity or the "caressing" of breasts or buttocks if at businesses with liquor licenses.
In addition to seeking funds to pay the threatened fine, the theater is hoping to raise enough to seek an injunction against the statute on the same grounds as the challenge in Idaho: that liquor laws are being abused to regulate First Amendment activity.
The theater is seeking $75,000 and Deadpool himself, Ryan Reynolds, has already pitched in.

The theater has since set up a gofundme page and has raised, at the time of writing, $17,352 out of its $75,000 goal. $5,000 of that came from Deadpool star Ryan Reynolds himself.
The underlying problem is the state's insistence on deciding what the right combination of booze and entertainment should be for a state full of adults who are legally allowed to do other things far more "adult" than having a beer while watching a movie that contains depictions of sexual activity. Why either activity is OK when enjoyed separately, but somehow a problem when combined, is something only the state pretends to comprehend. These are leftover laws meant to regulate sexually-oriented businesses like strip clubs and porn theaters, but they're being used to extract fees from theater owners who want to treat adults like adults. Like any other badly-written law, it's being enforced selectively with an eye on easy citations and excessive fines.

31 Comments | Leave a Comment..

Posted on Techdirt - 3 May 2016 @ 9:36am

National Intelligence Office's Top Lawyer Fires Off Spirited Defense Of Bulk Surveillance, Third Party Doctrine

from the "in-order-for-programs-to-remain-legal,-I-must-view-it-this-way" dept

Robert Litt, General Counsel for the Office of the Director of National Intelligence, has been given space at the Yale Law Review Journal to publish his citable article "Why Everyone's Wrong About the Fourth Amendment." Or, as Litt would like us to refer to it:

Preferred Citation: Robert S. Litt, The Fourth Amendment in the Information Age, 126YALE L.J. F. 8 (2016), http://www.yalelawjournal.org/forum/fourth-amendment-information-age.
To be fair, Litt never says we're all wrong about the Fourth Amendment and the Third Party Doctrine. He only says Judge Leon is. Judge Leon was the single district court judge who found the bulk collection of phone metadata to be unconstitutional.

Technically, we're not all wrong, but we may as well be, because no court has found the collection unconstitutional save Judge Leon's and Litt doesn't agree with it. Several paragraphs follow, but the crux of Litt's argument is nothing new: it's just 1979's Smith v. Maryland decision all over again.
I do not think that Judge Leon’s efforts to distinguish Smith were successful. First, while Judge Leon is certainly right that metadata can be very revealing of personal activities, there is nothing new about that insight. Justice Stewart dissented from the decision in Smith itself in part because he recognized that metadata “easily could . . . reveal the most intimate details of a person’s life.” The point of Smith was not that metadata is innocuous, but that you have chosen to reveal it to a third party. To use an analogy, if you give a document to a third party, you have lost your expectation of privacy in that document, whether it is a laundry ticket or a confession of mortal sin. Moreover, the fact that cell phones today contain a lot of information beyond metadata does not seem relevant when the government did not actually search or collect any of that other information.

[...]

[I] find it hard to understand the alchemy by which information that you choose to disclose to a third party develops an expectation of privacy because you have chosen to disclose a lot of that information. That seems counter-intuitive to say the least. For all of these reasons, if you accept Smith’s holding that there was no expectation of privacy in the telephone metadata in that case because it had been voluntarily exposed to a third party, you can’t conclude there was an expectation of privacy in the metadata in this case.
The thing is that while people may voluntarily agree to hand over certain information to service providers (and it's safe to say the "agreement" is anything but "voluntary"), they do not naturally assume the service provider will share this -- no questions asked or warrants demanded -- with anyone else who comes asking for it. That's where the reliance on Smith v. Maryland fails. "Choose to disclose" is much different than "forced to disclose." And it's not as if it can truly be said phone users relinquish all ownership of that data. It's specifically tied to them and they "share" it with service providers -- which if that's how Litt wants to interpret the interaction, he should at least be honest and give both parties some sort of ownership, along with the privacy expectations that go with it.

A lot of the rest of it is given over to Litt's displeasure that courts have even granted plaintiffs standing in bulk metadata program lawsuits. Whatever the Third Party Doctrine doesn't shut down, the plaintiffs' inability to claim anything more than theoretical rights violations by programs the government refused to discuss publicly should have seen the cases tossed immediately. He agrees the framework is there for massive violations of privacy but these actually damaging acts simply never occurred. But abuses did occur and were covered up by the NSA, nearly resulting in the program being shut down back in 2008 by FISC Judge Reggie Walton.

This fact undercuts Litt's assertions in defense of the now-curtailed program.
For several years, and with judicial authorization, the NSA collected metadata in bulk about U.S. phone calls from telephone companies for counterterrorism purposes. The metadata was kept in secure databases. It could only be accessed by a few specially trained NSA analysts, and then only to identify telephone numbers in contact with so-called “seed” numbers as to which there was a reasonable and articulable suspicion of an association with terrorism—such as, for example, a number used by a suspected terrorist.
First off, the program was accessed by more than just a "few" specially trained analysts. It was a free-for-all until the FISA Court shut that down. Second, the reasonable, articulable suspicion standard wasn't always applied to searches of the database. For a period of time, NSA analysts ran searches against an "Alert List" of numbers the FISA Court had never approved for use -- i.e., no RAS declaration was made by the NSA to support additions to the list used for searches of the bulk data. Some of these numbers were added simply because they were two or three hops away from an RAS-supported number, meaning there was nothing supporting the use of these "connected" numbers as new "seeds" for database searches and contact chaining.

What Litt does get right is that the NSA has done itself no favors with its decades of opacity.
Where we fell short was on the third leg of the stool, transparency. There would have been less damage to the Intelligence Community from the disclosures of the last couple of years had we been more forthcoming about our activities before those leaks. Obviously, intelligence activities have to be conducted with some degree of secrecy, and the same is true of some law enforcement activities. Specific methods and targets of surveillance have to be protected. But if we don’t discuss what we are doing and how we are regulating it even in general terms, we cede the field to those who are hostile to intelligence activities.
And, perhaps inadvertently, Litt lets us know President Obama is just as big a fan of the NSA as his predecessor was.
A decision by Congress to authorize certain activities under certain controls, made after discussion and debate, should be a strong factor in support of the reasonableness of those activities. Congress is going to have a number of opportunities to address these issues. For example, Section 702 expires at the end of 2017, and there are continued efforts to modernize the Stored Communications Act. It may be too much to hope that in the current political environment, Congress could have a dispassionate and comprehensive discussion about such weighty issues, but the Executive Branch would welcome such a discussion.
Given the selection of presidential frontrunners, I have no reason to believe Litt's assessment of the situation will be any less accurate by the time the Section 702 expiration date rolls around.

27 Comments | Leave a Comment..

Posted on Techdirt - 3 May 2016 @ 3:25am

The Proper Channels For Whistleblowers Are Still A Joke

from the like-a-big,-dysfunctional-family...-fighting-over-a-will dept

This administration has made it clear whistleblowing isn't tolerated. It has prosecuted more whistleblowers than all other administrations combined. It's even planning a "Welcome Home" prosecution for the nation's most famous whistleblower -- Edward Snowden -- should he ever decide to return to the US.

Officials, of course, claim to love whistleblowing. That seems to be the main objection raised to Snowden's activities: "If only he'd gone through the proper channels, we wouldn't be seeking to jail him the moment he returns to American soil (or the soil of any country with a favorable extradition policy)."

But there are no official channels -- or, at least, no channels whistleblowers feel safe using.

Foreign Policy has the story of another NSA whistleblower the agency has chosen to make miserable rather than investigate the source of her complaints. It started with an FBI raid of her house -- something she found out via a phone call from an FBI agent already in her house. From there, it got worse.

“They suspended my clearances without giving me any reason,” she remembers. She wasn’t allowed at work, and for two years, the NSA made her “call every day like a criminal, checking in every morning before 8.” Khorasani went to the agency only for interrogations, she says: eight or nine sessions that ran at least five hours each. She was asked about her family, her travel, and her contacts.
This was all triggered by a meeting she set up with Thomas Drake -- another famous whistleblower prosecuted by this administration -- about how to follow through with a complaint about what she felt was an unfair reassignment. According to Drake, it was already too late.
“He said, ‘You’ve got the bull’s-eyes on you. You’re done,’” Khorasani recalls.
As the article points out, her story is one of several. The agency -- and the administration -- have made no meaningful distinction between whistleblowing and insider threats. They treat both in the same way, even if one is an integral part of government accountability. Anything the agency considers to be a threat, it handles with swift severity.

Individuals can find their clearances yanked, something that is signalled to other NSA employees with a red security badge, rather than the normal blue one. Employees are encouraged to report anything questionable about other employees to supervisors. Some employees aren't even employees. They're plants put in place to encourage incriminating statements or actions.

This isn't doing the NSA -- and dozens of other government agencies -- any favors. Talented people are leaving because they don't want to work in this environment. Potential employees are looking elsewhere for work. And still others are being forced out of a job because they aren't willing to simply shut up when they see something that bothers them.

The DOJ is no different. It's no fan of whistleblowers either. Unfortunately for it, it's not a national security agency so it can't maintain quite as much control over disclosures by whistleblowers. That's why it's been fighting legislators over whistleblower protection proposals. Marcy Wheeler has highlighted some of its objections to Senator Grassley's legislation, raised in recent testimony in front of a Congressional committee.

First off, it apparently feels too many of the proper channels are out of its direct control.
[A]s Attorney General Loretta Lynch revealed, DOJ is worried that permitting FBI Agents to report crimes or waste through their chain of command would risk exposing intelligence programs.

"What I would say is that as we work through this issue, please know that, again, any concerns that the Department raises are not out of a disagreement with the point of view of the protection of whistleblowers but again, just making sure that the FBI’s intelligence are also protected at the same time."

I suspect (though am looking for guidance) that the problem may be that the bill permits whistleblowers to go to any member of Congress, rather than just ones on the Intelligence Committees. It’s also possible that DOJ worries whistleblowers will be able to go to someone senior to them, but not read into a given program.
It's also likely concerned that whistleblowers will expose a number of questionable activities.
Still, coming from an agency that doesn’t adequately report things like its National Security Letter usage to Congress, which has changed its reporting to the Intelligence Oversight Board so as to exempt more activities, and can’t even count its usage of other intelligence programs, it seems like a tremendous problem that DOJ doesn’t want FBI whistleblowers to have protection because it might expose what FBI is doing on intelligence.
The FBI must be severely damaged at this point, or have too many secrets it would hate to see fall into the hands of legislators not connected to its mostly-captive audience in the Intelligence Committee. Grassley noted one of the agency's objections to additional whistleblower protections is that there's so damn much about the agency employees would complain about.
One of the issues that your department has raised is that allowing FBI employees to report wrong-doing to their chain of command could lead to too many complaints. You know? What’s wrong with too many complaints? … Seems to me you’d invite every wrong doing to get reported to somebody so it could get corrected.
If there's any agency that is sorely in need of some periodic deep housecleaning, it's the FBI.
This is the FBI! Not only a bureau that has tremendous power over people, but also one with a well-documented history of abuse. It should be the first entity that has whistleblower protection, not the last!
This is why there aren't more whistleblowers. The "proper channels" at the NSA will most likely net a whistleblower a search of their house and belongings en route to a forced resignation. Meanwhile, the FBI, with the DOJ's backing, is trying to narrow the reporting channels so it can -- like its NATSEC big brother -- eliminate unhappy employees before they can do any damage.

23 Comments | Leave a Comment..

Posted on Techdirt - 2 May 2016 @ 2:12pm

Paper That Couldn't Be Bothered To Report On Local Police Misconduct Fires Off Editorial Insulting Writer Who Actually Did

from the unearned-superiority dept

As we recently covered here, a few Aiken, South Carolina, police officers engaged in a steady procession of Constitutional violations during a traffic stop predicated on nothing more than a (fully legal) temporary plate. Shirts were lifted and breasts exposed. At least one cop spent a considerable amount of time probing the passenger's anus. For all intents and purposes, it was a roadside raping, performed under the color of law.

The horrific traffic stop is the focus of a federal lawsuit… and a whole lot of belated scrambling by law enforcement and city officials. Radley Balko of the Washington Post, who broke the story, found himself on the receiving end of a sneering, condescending editorial by the Aiken Standard -- the local paper which had no interest in covering the lawsuit until after national internet hellfire began raining down on the town it serves.

The editorial is worth reading all the way through, if only to experience the surreality of being talked down to by an editor who wouldn't know unbiased journalism if it showed up at his desk wearing a blue uniform and told him to kill an unflattering story.

First, the editorial -- even as it throws shade at Balko for being a mere "blogger" -- acknowledges that it didn't even pick up on this story until after it had been covered at Balko's Washington Post blog. From that point, it only gets worse. These three sentences are enough to give you some idea of how underqualified the Aiken Standard editorial staff is to be entering into a heated debate over journalistic priorities or law enforcement misconduct. (It also must be noted that the paper feels perfectly fine criticizing Balko's blogging while not providing readers a link to his post so its readers can view the source material for themselves.)

We’re not criticizing the blog writer’s assertions since we are as ardent protectors of the First Amendment as is The Washington Post.

Our point is that The Washington Post blog was rooted in opinion, which is how the blog should be regarded. It’s not a news story conveying information from a neutral perspective. The incident also didn’t happen last week or even last month. It happened 17 months ago.
First off, the First Amendment not only protects criticism, it practically demands it. This editorial -- as horrendous and misguided as it is -- is the "more speech" the First Amendment encourages. If you don't like something someone wrote, write something of your own rebutting it. There's no need to pretend the First Amendment is there to saddle up your High Horse and act as your squire during your trip down the High Road. And, for that matter, the editorial does criticize Balko's assertions, along with taking cheap shots at his lowly blogger status (for the Bezos-owned paper serving one of the nation's largest subscriber bases).

As for the Aiken Standard being concerned about "neutral perspectives," it would have been nice for it to have any perspective at all prior to a mere "blogger" making public news that it should not only already have known about, but should have addressed in print months ago.

Even stupider is the idea that horrific violations have some sort of expiration date. Lawsuits take time -- generally being the tail end of a process in which other, less expensive options are exhausted first. Just because it didn't happen within the last week doesn't mean it's not worthy of coverage. But that's apparently the Aiken Standard's standard.

Towards the end of its piece, it takes time to thank law enforcement for the hard work they do when not violating citizens' rights.
Police officers face danger every day. They’re not perfect, but they lay their lives on the line every day so we can be safe.
For a paper making the claim that "opinions" from "bloggers" are worth less than its "neutral" reporting that allows "every stakeholder" to have their say, it sure sounds like the Aiken Standard is issuing absolution before all the facts are in.

Ken White at Popehat responded to the Aiken Standard's blog-slamming editorial with an opinionated blog post of his own. Again, his is worth reading all the way through, but for much different reasons than the Aiken Standard's. He calls the paper out for claiming to be the arbiter of neutrality and civility with two paragraphs that should serve as a stinging rebuke for every reporter granting law enforcement officials vast amounts of deference while still claiming to be a member of the Fourth Estate.
Civility is a good thing, even when discussing controversial subjects. It's a goal I often fall short of, but a goal nonetheless. Civility even on heated subjects is a good thing because of humility: we may be wrong about the things we are angriest about. It's a good thing because of proportionality: our sense of what is outrageous enough to provoke incivility may be idiosyncratic. It's a good thing because of perspective: the world is full of people ready to be uncivil to us about things we have every damn right to do, and if we encourage incivility we'll get what we ask for.

[...]

But civility can take pernicious forms. It's pernicious if we shy from calling out outrageous and despicable conduct. It's pernicious when we give armed government officials the benefit of the doubt because the culture tells us they're brave and nice. It's pernicious when we don't demand public explanations for conduct because the conduct is horrifying and unseemly. Most of all, it's pernicious when we decide that civility is substantive rather than procedural. Civility weighs against gratuitous shouting, insults, and threats. But civility does not require that we let the government beg the question. It does not require that we accept, as true, the premises about government power that have been served to us since birth.
Balko's response to the Aiken Standard editorial is just as damning, but his closing paragraph really nails everything the Aiken Standard got wrong when it started believing subservience to law enforcement was the same thing as "neutral reporting." If you want to sling arrows of journalistic superiority, you'd best have your shit nailed down tight.
The most important function of the press is to be a watchdog on power. I’d think that when made aware an incident such as this, caught on video, a good newspaper would start digging around to see if there had been similar incidents. (Here’s a tip for the paper’s assignment editors: If it’s happened once, it’s probably happened before.) Instead, the Aiken editorial board has chosen to praise police and local officials, and to reserve its skepticism for the publication that reported the incident. For all its derision toward me (the 665-word editorial uses the word “blog” 10 times), maybe the Aiken Standard could stand to take a lesson or two from opinion journalism. Do that, and perhaps the next time there’s national news in Aiken, the town’s newspaper will be the outlet that breaks it.
Since the point the Washington Post broke the story the Aiken Standard couldn't be bothered to cover until it became unavoidable, there's been all sorts of attentiveness from the local paper. Multiple stories have appeared covering the fallout of these officers' actions -- which includes everything from the hasty installation of a citizen complaint review board to the city asking the FBI to open its own investigation into the incident. But nowhere in this flurry of coverage will you find the Aiken Standard walking back its petty attack on Balko and his "blogging." I suppose now that it's finally performing acts of journalism, it feels it's too far above the fray to offer an apology to Balko for its snide editorial, or to its readers for its journalistic failings.

41 Comments | Leave a Comment..

Posted on Techdirt - 2 May 2016 @ 12:47pm

DOJ Issues New Rules On Espionage Investigations To Keep It From Embarrassing Itself So Often

from the it's-not-so-much-the-bad-prosecutions-as-it-is-people-making-fun-of-us dept

A string of aborted federal prosecutions of alleged "traitors" has the DOJ rethinking its national security strategies. The DOJ went after National Weather Service employee Sherry Chen, who shared public web links about reservoir water funding with a senior Chinese official, who also happened to be Chen's friend. It went after Temple University's physics department head Xi Xiaoxang for allegedly sharing secret semiconductor blueprints with Chinese scientists. The case fell apart once the DOJ was informed by actual experts in the field that the shared blueprints weren't for the item the DOJ claimed they were for. Finally, it went after Robin Raphael, a State Department advisor, who it believed was passing on state secrets to Pakistani officials. At this point, the DOJ's case has dissolved into little more than an accusation that Raphael kept classified documents in her home, something others like Hillary Clinton and General Petraeus have managed to walk from unscathed.

The New York Times reports the DOJ has issued some new guidelines for national security prosecutions -- ones that will hopefully result in fewer misguided prosecutions and destroyed lives.

In a letter last month to federal prosecutors nationwide, Deputy Attorney General Sally Q. Yates said that would change. All cases affecting national security, even tangentially, now require coordination and oversight in Washington. That had always been the intention of the rule, but Ms. Yates made it explicit.

“The term ‘national security issue’ is meant to be a broad one,” she wrote.

Ms. Yates told federal prosecutors that consulting with experienced national security prosecutors in Washington would help “ensure prompt, consistent and effective responses” to national security cases.
This doesn't exactly sound encouraging, but it's a step away from the DOJ's autonomy, which has led to a run of botched prosecutions predicated on next to no evidence. According to the letter shared with the New York Times, the DOJ will now have to consult with "espionage experts" before moving forward with investigations and will face more direct supervision from higher-ranking officials during the investigative process.

This fix -- if that's what it actually is -- will possibly head off misguided investigations before they wreck the lives of people who've done nothing wrong. Sadly, the DOJ doesn't seem to view its high-profile failures as being anything more than a learning experience. There's no effort being made to undo the damage done by the agency during its botched prosecutions. And even though prosecutors dropped all charges against Sherry Chen, the government is still seeking to fire her.

The problem with espionage investigations is that they're a completely opaque process. Tying something to "national security" is a great way to circumvent due process, and the DOJ has used this to pursue extremely dubious cases without having to face any sort of legal challenge until the life-destroying process is well underway. The new guidelines don't appear to open up this process in any appreciable fashion, but any additional eyes on "evidence" collected by the DOJ can only be a good thing as it's obviously terrible at making those determinations on its own.

13 Comments | Leave a Comment..

Posted on Techdirt - 2 May 2016 @ 8:22am

The Chilling Effect Of Mass Surveillance Quantified

from the be-good...-or-be-watched dept

There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. but at any rate they could plug in your wire whenever they wanted to. You have to live - did live, from habit that became instinct - in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized.

George Orwell, 1984
There has been much talk about the chilling effect of mass surveillance. The problem isn't that anyone is actively watching everyone. The problem is that algorithms and search tools are doing the watching, meaning everything eventually receives some level of scrutiny if it's deemed suspicious by the filters.

It's been mostly talk, though. Anecdotal evidence passed on by journalists, security researchers and others whose interests might clash with what the US government has deemed acceptable. Now, there's data. A study by Jonathon W. Penney shows searches for certain subject matter have declined in response to the NSA leaks. Penney cites earlier studies of Google traffic that showed a statistically significant decline of 5% in searches involving terms people might believe would be flagged as suspicious by mass surveillance software. He also notes that the dip was short-lived, corresponding roughly to the initial Snowden leaks before resuming at their normal pace after a few months.

Penney instead focuses on Wikipedia, a site a large percentage of the population uses for research. It also offers far more comprehensive data to researchers than an examination of Google Trends provides.
There are also methodological reasons for this case study’s focus on Wikipedia. First, unlike Google Trends, Wikimedia Foundation provides a wealth of data on key elements of its site, including article traffic data, which can provide a more accurate picture as to any impact or chilling effects identified. Second, Wikipedia, a “unique, online, collaborative encyclopedia,” has over 500 million visitors per month, and its collaborative and peer-produced content is growing at a rate of 17,800 articles per day (as of May 2014, English Wikipedia content includes over 4.6 million articles). In other words, Wikipedia is both a massively popular medium, but one that is also growing in content and scope. As such, any observed chilling effect would implicate a large number of Internet users (accessing Wikipedia) doing something wholly legal—accessing information and knowledge in an encyclopedia—and, arguably, such chilled or reduced use would run counter to these Wikipedia use and content trends.
Using the DHS's own keyword list for terrorism-related terms, Penney examined Wikipedia's data. Using a 32-month period surrounding the first Snowden leak (June 2013), Penney compared the number of visits to "terrorist-related" Wikipedia pages and found a significant drop post-Snowden.

The difference in mean values is notable—a reduction of 526,614 in the average monthly views for the article after June 2013, which represents approximately a 19.5% drop in article view counts. This is more than mean differences found in the Google search terms study before and after June 2013.
Those are Penney's non-empirical findings, something he notes could track with an overall decline in Wikipedia traffic. (Not that Penney actually examined all Wikipedia traffic during that same period and found a decline, but rather providing a non-chilling effect theory for the drop off.)

The empirical findings, however, back up the non-empirical.

The shifting trend of the data, which in this case is a sudden and immediate drop, is particularly consistent with a chilling effect arising from June 2013 revelations. If the outlier data relating to Hamas view counts is excluded, the decline in page views is less sudden (e.g. 20% immediate drop off if the Hamas data are excluded compared to the 30% drop off in the Hamas data remains in the study). However, regardless of whether the Hamas data is included, there is still a substantial and statistically significant decrease.
The numbers appear to back up the claims of many journalists and researchers in the wake of the Snowden leaks. Glenn Greenwald, writing for The Intercept, adds the anecdotal evidence back into the mix.
The fear that causes self-censorship is well beyond the realm of theory. Ample evidence demonstrates that it’s real – and rational. A study from PEN America writers found that 1 in 6 writers had curbed their content out of fear of surveillance and showed that writers are “not only overwhelmingly worried about government surveillance, but are engaging in self-censorship as a result.” Scholars in Europe have been accused of being terrorist supporters by virtue of possessing research materials on extremist groups, while British libraries refuse to house any material on the Taliban for fear of being prosecuted for material support for terrorism.
Some journalists and researchers can assert definitively there's a chilling effect. Many of those associated with the Snowden leaks have experienced everything from constant security harassment (and detainment) at airports to the government actually stopping by the office and destroying computers.

For others, it's a gloom that never encroaches past the horizon, but also never fully dissipates. The feeling that something may trigger a detainment at an airport or an unseen investigation is always there. Even in my work for Techdirt, I've second-guessed Google searches that have resulted in warnings about illegal activity (related to posts about various child porn defendants) or accusations I'm a robot (searches for specific document types containing certain wording). I don't feel I'm actively on anyone's radar, but it wouldn't take much for someone to assemble my internet history and use it to build a case against me. Even if it fell apart immediately, I would still have to deal with an arrest, searches/seizures of my electronics, and the possibility of losing my other job.

And what I research isn't that all uncommon, considering the subject matter we cover here. There are plenty of writers, researchers and journalists out there treading into even murkier waters -- some of whom have been second-guessing their own efforts since the Snowden leaks, if not earlier.

It's no longer a case of peering out the blinds and seeing a van sitting at the end of the street, one that's never been there before. The surveillance is largely passive. The NSA gathers a ton of data and sifts through it, ensuring as many people as possible are caught in its nets, even if most of them are released after an algorithmic examination. The FBI and other DOJ agencies partake in this data haul and local law enforcement agencies are increasing their own use of passive, keyword-oriented internet surveillance.

The problem goes much deeper than the NSA and its bulk surveillance. We've seen the FBI build terrorism cases out of nothing and cops raid houses because someone purchased something from a gardening supply store. We've seen people's lives destroyed by bogus espionage cases built on nothing any rational person would consider "evidence" -- except that all rational thought is immediately thrown out the window the moment someone says "national security." It's no surprise that some of those in these fields have just said "fuck it" and wandered off into safer areas. Why roll the dice on your own lives/livelihoods? The odds of the government dragging you down may be low, but they're far from nonexistent.

Read More | 22 Comments | Leave a Comment..

Posted on Techdirt - 2 May 2016 @ 3:22am

NYPD Using 'Nuisance Abatement' Law To Force Small Businesses To Install Cameras, Agree To Warrantless Searches

from the the-law-with-built-in-'speed-holes' dept

Sarah Ryley at ProPublica has a fascinating, depressing, and exhaustive report on the NYPD's apparent ongoing civil rights abuses. Under the guise of policing "nuisance businesses," certain precincts are targeting minority-owned businesses -- usually small bodegas, laundromats, etc. -- with abatement actions that force owners to either lose their source of income or capitulate to the NYPD's overreaching demands.

One business owner was hit with a "nuisance abatement" action -- one which could lead to his laundromat being closed for at least 30 days -- after undercover officers twice sold stolen goods to store customers. Sung Cho's laundromat had nothing to do with either sale, other than being open for business when the sales were made. Despite Cho's lack of culpability in the selling of stolen goods, the NYPD portrayed his business as a "facilitator" of illegal activity and hit his store with a restraining order.

As Ryley reports, the nuisance abatement program is prone to abuse, what with its one-sided court process (NYPD files complaint and asks for restraining orders without notifying the business owner or allowing them to challenge the orders) and very loose definition of "facilitation." While the statute does provide that business owners must be given a chance to challenge an order within three business days of being presented with it, the NYPD routinely serves orders on Thursday or Friday, forcing businesses to close over the weekend, normally their busiest sales days.

The article points out that most of these orders are served by officers in precincts where the minority population is the majority, suggesting once again that the NYPD regularly engages in biased policing. A judge who has presided over abatement cases lends some credence to this conclusion.

“You never see the white bar owner from the Meatpacking District in here; it’s always some bodega owner from Uptown,” said the judge, who asked not to be named. “It’s a complete double standard.”
In terms more familiar to Techdirt's audience, nuisance abatement enforcement is nothing more than law enforcement trolling.
Once served with nuisance abatement actions, business owners are faced with a choice. They can fight the case and remain shut down until it’s resolved, earning no income. Or they can agree to the NYPD’s demands, sign a settlement, and reopen. As a result, cases tend to get resolved very quickly.
When not using sales of stolen goods to customers to push nuisance abatement actions, the NYPD also likes to use sales of alcohol to minors as leverage -- despite the fact there's an entire arm of enforcement as well as a separate government agency in place to deal with liquor license violations. As Ryley points out, doubling up on enforcement allows the city to punish business owners twice for these violations. And some of the busts are highly questionable. The ProPublica piece contains footage of a contested sting "buy:" a two-second "interaction" in a busy convenience store where the undercover buyer obscured the beer can with his hand and tossed a dollar at a clerk who was in the middle of handling another customer's transaction.

The ends here appears to be the expansion of the NYPD's already-robust surveillance powers. The laundromat owner faced with losing his business agreed to the PD's "settlement offer" -- one that gave the NYPD uninterrupted, warrantless access to his place of business.
He agreed to pay a $2,000 fine, maintain cameras that the NYPD can access at any time, and to allow the police to conduct warrantless searches. If anyone is even accused of breaking the law at his business again — whether a store employee or not — he faces escalating penalties: closures that would increase from 30 days to 60 days to 90 days to a full year with each alleged offense; fines climbing as high as $15,000.

Perhaps most damaging of all, the terms continue in perpetuity, even if the business changes hands.
This isn't an aberration. This is the standard operating procedure. Other businesses facing NYPD abatement orders have not only installed cameras and agreed to warrantless searches, but have also put $1000 credit card readers in place that store personally-identifiable info on every customer that uses them -- and which all can be accessed anytime by police officers without a warrant.

An NYPD official contacted by ProPublica isn't shy about the desire to expand the NYPD's surveillance dragnet.
Robert Messner, who heads the NYPD’s Civil Enforcement Unit, which handles the cases, said during an interview with the Daily News in December that his unit does not keep a database of the businesses required to maintain cameras. He said their purpose is to make neighborhoods safer and to help police solve crimes.

“We want everybody to install cameras. We think that’s the greatest,” he said.
He's also not afraid to say why he prefers nuisance abatement proceedings to other statutes the NYPD has at its disposal to handle these sorts of "problems."
When asked about the Padlock Law in December, Messner said the last case filed under it was “15 years ago maybe.”

He said the padlock law “was a creaky old law” that cost a lot of police resources and often resulted in protracted litigation.

“This thing,” Messner said, referring to the nuisance abatement law, “is simple and elegant.”
Yes, there's nothing more "simple and elegant" than greasing your own wheels. The "Padlock Law" -- instituted during Bill Bratton's first run at the top of the NYPD -- allowed business owners to contest the orders and allegations in court before being threatened with a business closure. The new way -- now more than 15 years old -- deprives business owners of any meaningful form of due process, which makes it much easier to use the threat of a business shutdown to coerce owners into providing the NYPD with 24-hour warrantless access and a larger surveillance footprint.

42 Comments | Leave a Comment..

Posted on Techdirt - 29 April 2016 @ 7:39pm

Redaction Failure In FTC/Amazon Decision Inadvertently Allows Public To See Stuff It Should Have Been Able To See Anyway

from the not-even-good-enough-for-government-work dept

A court has found that Amazon engaged in deceptive practices by not obtaining "informed consent" about in-app charges, especially with apps targeted at children. The finding is perhaps unsurprising, as the world of microtransactions relies greatly on a minimum number of steps between app makers (and app purveyors like Amazon) and users' wallets.

What's more surprising is the opinion itself, which arrived in redacted form. Both the FTC and Amazon obviously wanted to keep parts of the opinion from being made public. The problem is that whoever handled the redaction process blew it.

Coughenor released two rulings -- a complete decision, which was marked as "sealed" and a decision for the public, which was marked as "redacted." That redacted version has large swaths of text covered with black bars, but the opinion can be read in its entirety by cutting and pasting it into another file.
The unintended consequence of this screw-up is that the public can now see what the government and Amazon wanted to prevent the public from knowing -- which is exactly the sort of stuff the public should know, as Public Citizen's Scott Michelman explains.
The redactions included a good deal of information that was central to court's decision, including the evidence showing what Amazon officials knew and when, the FTC's estimate of damages, the length of the injunction the FTC was seeking, and more. All of these are of great public importance to understanding what Amazon was doing, what the FTC argued to the court, and why the court ruled as it did.
It's not as though any sort of trade secrets or confidential government techniques are hiding behind the retractions. Much of what is redacted appears to have been for the benefit of Amazon, which does not come out of this surprise un-redaction looking good.
[I]n developing its Kindle Fire tablet, Amazon identified "soccer parents" as a key target customer base, referring to them as "low-hanging fruit." (Dkt. No. 121 at 8; see also Dkt. No. 122 at 3.)

[...]

[T]he evidence demonstrates that Amazon was aware that many customers did not understand in-app purchases when they were first implemented. In a confidential document regarding Amazon's marketing plan for launching in-app purchases, the company acknowledged that "'IAP' isn't a concept widely known by customers." (Dkt. No. 120 at 5.) And, despite its assertion that "[c]ustomers are not looking for apps based on how much they cost," the company was aware that customers' top searches in selecting apps indicate that customers were seeking free apps to use. (Id. at n. 2; five of the top searches included the word "free.") Amazon was aware that in many instances, the person initiating the in-app purchase was a child: in a document discussing company strategy to promote increases in in-app purchasing, Amazon acknowledged "the disconnect between the account owner (e.g., parent) and the app user (e.g., child)."

[...]

Moreover, regardless of its reputation for customer service, it is Amazon's stated policy that in-app purchases are final and nonrefundable, likely discouraging much of its customer base from attempting to seek refunds in the first place. (See Dkt. No. 127 at 275.) ("Yeah, that's the – that's our official policy, is digital content's not refundable.")

[...]

Amazon has received many complaints from adults who were surprised to find themselves charged for in-app purchases made by children. By December 2011, Aaron Rubenson referred to the amount of customer complaints as "near house on fire." (Dkt. No. 115 at 19.) Rubenson also referred to "accidental purchasing by kids" as one of two issues the company needed to solve. (Id.) Rubenson additionally stated that "we're clearly causing problems for a large percentage of our customers."
Also "withheld" is the FTC's justification of its damages estimate.
Julie Miller, a lead FTC data analyst, calculated the total in-app purchase revenue and refund amounts for seven different categories: (1) orders of $20 or more in High-Risk Non-Casino apps from the earliest date available to March 25, 2012,1 (2) orders of $19.99 and below in High-Risk Non-Casino apps from the earliest date available to February 5, 2013, (3) orders of $19.99 and below in High-Risk NonCasino apps from February 6–April 30, 2013 excluding those on the “Otter” device, (4) orders of $19.99 and below in High-Risk Non-Casino apps from May 1–July 30, 2013 excluding those on the Otter device, (5) orders of $19.98 and below in High-Risk Non-Casino apps from July 31, 2013–June 3, 2014 excluding those on the Otter device, (6) orders of $19.99 and below in High-Risk Non-Casino apps from February 6–October 9, 2013 on the Otter device, and (7) orders of $0.99 and below in High-Risk Non-Casino apps from October 10, 2013 to the latest date available on the Otter device. (Id.) These categories were selected in order to omit authorized charges. This calculation gave Ms. Miller a total of charges made without authorization by password. Ms. Miller calculated $86,575,321.38 in revenue and also found that $10,060,646.48 was provided in refunds. (Dkt. No. 110 at 3.) Ms. Miller then calculated an “unauthorized charge rate,” the rate at which users failed to properly enter a password in initiating an in-app purchase as a percentage of the overall total.
Amazon's rebuttal of the FTC's math is redacted...
Amazon argues that Ms. Miller’s estimate is so “fundamentally flawed” as to not be able to support a finding of substantial injury. (Dkt. No. 179 at 18.) In so arguing, Amazon primarily takes issue with Ms. Miller’s calculation of an “Unauthorized charge rate.” (Id.) In dividing the number of password entry “failures” and dividing that by the total number of password prompts presented, the FTC argues that it identified a “reasonable proxy for the rate at which children would incur an in-app charge without consent . . when password entry was not required.” (Dkt. No. 184 at 18.) Amazon asserts that this rate calculation “assumes that every single password failure was an attempt by a child that would otherwise have been a completed in-app purchase.” (Dkt. No. 179 at 18.) This point is well taken: many password “failures” could have occurred because the user got distracted, changed his or her mind, or simply could not remember their password. However, it is reasonable to assume that of the group of users faced with a password prompt who ultimately failed to provide a password, many were children who, absent a password prompt, would have gone on to complete an in-app purchase.
...as is the court's partial agreement with Amazon's assessment of the assessment. [redacted portion in bold]
While, as discussed above, the general methods used by the FTC to reasonably approximate the damages to consumers by unauthorized in-app charges serve as a fair starting place, the Court finds that the unauthorized charge rate of 42% is too high. The Court has received Amazon’s “Adjustments to the FTC’s Estimates of Injury and Monetary Relief” (Dkt. No. 221 at 2) and invites further briefing on the issue of the scope of appropriate monetary relief.
Also redacted is the FTC's declaration of how long it felt Amazon should remain under the government's supervision.
The injunction sought would subject Amazon to government oversight for twenty years.
While FTC intervention has resulted in better refund policies and better notification about in-app purchases, the fact is that app makers are just as culpable as Amazon -- even if it's Amazon that will be paying the fines. There was no line of app developers at Amazon's door demanding better protections for app users. And Amazon is hardly alone in its targeting of low-hanging soccer parent fruit. When it comes to monetization of microtransactions, the lack of purchase controls is a feature, not a bug.

Then there's the question of whether we really want the government to be in the business of designing app store front-ends. While the concerns central to this case are valid, the best solution isn't necessarily the FTC setting itself up as an additional middleman for in-app purchases -- especially not for the next 20 years.

And, as for this opinion, it just goes to show courts are still far too willing to grant ridiculous redaction requests from plaintiffs and defendants -- a practice that further separates the public from the government that's supposed to be serving it.

Read More | 20 Comments | Leave a Comment..

Posted on Techdirt - 29 April 2016 @ 6:18pm

Scientists Looking To Fix The Many Problems With Forensic Evidence

from the can-you-fix-the-people-performing-the-tests? dept

Everything everyone saw in cop shows as evidence linking people to crimes -- the hair left on someone's clothing, the tire tracks leading out to the road, the shell casings at the scene, etc. -- is all proving to be about as factual as the shows themselves.

While much of it is not exactly junk science, much of it has limited worth. What appears to indicate guilt contains enough of a margin of error that it could very easily prove otherwise. Science Magazine is taking a look at the standbys of forensic science and what's being done to ensure better presentations of evidence in the future.

On a September afternoon in 2000, a man named Richard Green was shot and wounded in his neighborhood south of Boston. About a year later, police found a loaded pistol in the yard of a nearby house. A detective with the Boston Police Department fired the gun multiple times in a lab and compared the minute grooves and scratches that the firing pin and the interior of the gun left on its cartridge casings with those discovered on casings found at the crime scene. They matched, he would later say at a pretrial hearing, “to the exclusion of every other firearm in the world.”

[...]

So how could the detective be sure that the shots hadn’t been fired from another gun?

The short answer, if you ask any statistician, is that he couldn’t. There was some unknown chance that a different gun struck a similar pattern. But for decades, forensic examiners have sometimes claimed in court that close but not identical ballistic markings could conclusively link evidence to a suspect—and judges and juries have trusted their expertise. Examiners have made similar statements for other forms of so-called pattern evidence, such as fingerprints, shoeprints, tire tracks, and bite marks.
Six years ago, the National Academy of Sciences found that these forensic standbys had a much larger margin of error than was portrayed in court by detectives and expert witnesses. It recommended the margin of error be delivered along with the testimony to head off future verdicts based on faulty evidence.

To date, not much has changed. While actual junk science like bite marks has largely been discarded by prosecutors, the others remain, even as their reliability has been constantly questioned. The FBI loved hair analysis, right up to the point that it determined its witnesses had overstated test results 90% of the time in the two decades prior to 2000.

Even fingerprints, which have long been considered unassailable because of their supposed uniqueness, aren't much better. Some of it has to do with the presumption that every fingerprint is so unique even a partial print can eliminate suspects. The rest of its issues lie with those matching the prints.
One study of 169 fingerprint examiners found 7.5% false negatives—in which examiners concluded that two prints from the same person came from different people—and 0.1% false positives, where two prints were incorrectly said to be from the same source. When some of the examiners were retested on some of the same prints after 7 months, they repeated only about 90% of their exclusions and 89% of their individualizations.
The NIST has given $20 million to the Center for Statistics and Applications in Forensic Evidence (CSAFE) to come up with a better way to present this sort of evidence -- one that clearly accounts for any uncertainties in the results or processes. CSAFE is still trying to figure out how to present this as a number/rating. But that might not be the only problem. The other issue is that juries and judges may not find specifics about forensic reliability to play much of a part in deciding guilt or innocence.
In a 2013 study, for instance, online participants had to rate the likelihood of a defendant’s guilt in a hypothetical robbery based on different kinds of testimony from a fingerprint examiner. It didn’t seem to matter whether they were simply told that a print at the scene “matched” or was “individualized” to the defendant, or whether the examiner offered further justification—the chance of an error is “so remote that it is considered to be a practical impossibility,” for example. In all those cases, jurors rated the likelihood of guilt at about 4.5 on a 7-point scale. “As a lawyer, I would have thought the specific wording would have mattered more than it did,” Garrett says. But if subjects were told that the print could have come from someone else, they seemed to discount the fingerprint evidence altogether.
The other part of the problem is the people who perform the tests. Multiple incidents where evidence was falsified or not properly tested have been uncovered. The evidence is only as good as the processes, and if steps are skipped because of sloppiness or laziness, the evidence's credibility becomes highly questionable -- not just for the specific instance where results were faked, but for every test this person has touched.

There's no possible way to eliminate honest errors, much less prevent anyone from falsifying results. In both cases, the problems are caught after the damage has been done. Humans are the most unpredictable part of the chain of evidence but also an irreplaceable part. CSAFE will be working with forensics labs to create best practices, but it can do nothing to prevent the lazy and/or incompetent from completely ignoring the proper steps.

Problems are also present higher up the chain. When bad science or bad practices result in questionable evidence, it's often extremely difficult to have convictions resulting from them overturned.
What’s troubling, [federal judge Nancy] Gertner says, is that when judges accept junk science, an appeals court rarely overrules them. Attaching a numerical probability to evidence, as CSAFE hopes to do, “would certainly be interesting,” she says. But even a standard practice of critically evaluating evidence would be a step forward. “The pattern now is that the judges who care about these issues are enforcing them, and the judges who don’t care about these issues are not.”
In this way, the courts are no better than labs where shoddy work is done. Variations in personality undermine the dispassionate nature of science, making it susceptible to human prejudices rather than the strength of the evidence itself.

32 Comments | Leave a Comment..

Posted on Techdirt - 29 April 2016 @ 3:42pm

FBI Used FISA Warrant To Prosecute Boeing Employee For Child Porn Possession

from the regular-crime;-special-warrant dept

Ellen Nakashima of the Washington Post has the disturbing story of former Boeing employee Keith Gartenlaub, whose home was searched for evidence of his alleged spying for the Chinese. Specifically, the FBI was looking for documents about the military's C-17 transport plane. Instead, FBI agents came across something else.

[S]ince the search in January 2014, no spy or hacking charges have been brought against him.

Instead, seven months later, he was charged with the possession and receipt of child pornography. He has denied the charges, but a jury convicted him in December.
Questions have been raised about the evidence obtained during the search.
In Gartenlaub’s case, the defense unsuccessfully argued that he could not be linked to identical copies of child pornography videos found on four hard drives in his house. Two of the hard drives had been in a computer that was kept at a beach house where numerous people had access to it, Gartenlaub said.

[...]

Jeff Fischbach, a forensic technologist for the defense, said there is no evidence that the child pornography was ever seen by anyone who used the computer, much less Gartenlaub.

The government’s own forensic expert, Bruce W. Pixley, said he could not find any evidence of the material being downloaded onto any of the computers, the defense noted. That means it had to have been copied onto the computer — but by whom is unknown.
The defense had more difficulty than usual in challenging the evidence. The search wasn't performed with a standard FBI warrant, but instead -- due to its supposed national security implications -- with a warrant issued by the FISA court. That the FBI found child pornography instead is unfortunate, but that fact shouldn't nullify the original warrant or result in the suppression of the evidence, at least according to the DOJ.

While the DOJ is correct in the fact that the FBI wasn't going to call off the search after it uncovered evidence of other wrongdoing, its defense of the way the evidence was obtained is disingenuous. Unlike a regular warrant, a FISA warrant is almost completely unchallengeable. The entire process is ex parte, including the submission of evidence obtained -- even if the evidence has nothing to do with national security.

In Gartenlaub's case, every submission by the government was done under seal. His legal representation had no access to the government's presentation of evidence. The possession of child porn is certainly nothing the government takes lightly, but once the focus of the investigation shifted away from alleged espionage, the process likewise should have changed. At the very least, the FBI should have had a new warrant issued, signed by a regular magistrate judge -- one that would have allowed the defense to examine the affidavit and the results of the search.

JoAnne Musick of Fault Lines points out just how much the FISA Court's involvement screwed Gartenlaub.
Once the warrant issued, there was virtually no means by which Gartenlaub could challenge the basis for the warrant. Of course, the court found the pornography material “obtained pursuant to FISA was lawfully acquired” and did not violate the defendant’s Fourth Amendment rights. Additionally, after ex parte pre-trial briefings between the court and government, the judge found:

"[T]here is no indication of any false statements having been included in the FISA materials."

Surely the government would not have proven any false statements in their private discussions with the court. Perhaps had the defense had an opportunity to review or challenge the basis for the warrant, the court might have found false statements. Yet, we will never know as the defense was unable to review the evidence or otherwise challenge it. It’s disturbing that the accused was unable to obtain even basic information on how the information was obtained and why the warrant was issued.
The ability to challenge presented evidence is a key part of the justice system. Wrongs committed by the government during the search for evidence can only be righted through this process. But the use of a FISA warrant deprives the accused of that potential remedy. When it became apparent the investigation was no longer focused on matters of national security, the FBI should have unsealed documents and turned over evidence to Gartenlaub's legal reps. Instead, it chose to keep operating under the pretense it was investigating espionage and availed itself of all the advantages that come with national security-related investigations.

Then there's this: even though the FBI had enough evidence of child porn possession to prosecute (successfully) Gartenlaub and nothing in the way of evidence he was involved in spying for the Chinese, it still attempted to leverage what it had obtained to turn Gartenlaub into a government informant.
During his initial appearance in a federal courthouse in Santa Ana, Calif., the prosecutors indicated a willingness to reduce or drop the child pornography charges if he would tell them about the C-17, said Sara Naheedy, Gartenlaub’s attorney at the time.
So, not only did the government use its additional national security benefits to keep Gartenlaub from mounting a serious challenge to submitted evidence, but it also used evidence it gathered with an unrelated search to pressure him into admitting he was a spy -- something it had no evidence of at all.

30 Comments | Leave a Comment..

Posted on Techdirt - 29 April 2016 @ 12:41pm

Supreme Court Approves Rule 41 Changes, Putting FBI Closer To Searching Any Computer Anywhere With A Single Warrant

from the impeccable-timing dept

The DOJ is one step closer to being allowed to remotely access computers anywhere in the world using a normal search warrant issued by a magistrate judge. The proposed amendments to Rule 41 remove jurisdiction limitations, which would allow the FBI to obtain a search warrant in, say, Virginia, and use it to "search" computers across the nation using Network Investigative Techniques (NITs).

This won't save evidence obtained in some high-profile cases linked to the FBI's two-week gig as child porn site administrators. Two judges have ruled that the warrants obtained in this investigation are void due to Rule 41(b) jurisdiction limitations. (Another has reached the same conclusion in an unrelated case in Kansas). The amendments recently approved by the US Supreme Court would strip away the jurisdiction limitation, making FBI NIT use unchallengeable, at least on jurisdiction grounds.

Rule 41. Search and Seizure

(b) Venue for a Warrant Application. At the request of a federal law enforcement officer or an attorney for the government:

(6) a magistrate judge with authority in any district where activities related to a crime may have occurred has authority to issue a warrant to use remote access to search electronic storage media and to seize or copy electronically stored information located within or outside that district if:

(A) the district where the media or information is located has been concealed through technological means; or

(B) in an investigation of a violation of 18 U.S.C. § 1030(a)(5), the media are protected computers that have been damaged without authorization and are located in five or more districts.
The DOJ claims the updates are needed because suspects routinely anonymize their connections, making it difficult to determine where they're actually located. Opponents of the changes point out that this significantly broadens the power of magistrate judges, who would now be able to approve search warrants targeting any computer anywhere in the world.

The real problem, though, is this: there's no significant Congressional opposition (save Ron Wyden) to the proposed amendments.
“These amendments will have significant consequences for Americans’ privacy and the scope of the government’s powers to conduct remote surveillance and searches of electronic devices. I plan to introduce legislation to reverse these amendments shortly, and to request details on the opaque process for the authorization and use of hacking techniques by the government,” said Wyden.

“Under the proposed rules, the government would now be able to obtain a single warrant to access and search thousands or millions of computers at once; and the vast majority of the affected computers would belong to the victims, not the perpetrators, of a cybercrime. These are complex issues involving privacy, digital security and our Fourth Amendment rights, which require thoughtful debate and public vetting. Substantive policy changes like these are clearly a job for Congress, the American people and their elected representatives, not an obscure bureaucratic process.”
Worse, the amendments will be adopted if Congress does what it frequently does best: nothing. Congress actually needs to take action to block the amendments, but seeing as it only has until December 1, 2016, to do it, it seems highly unlikely that it will make the effort to do so -- not during an election year and certainly not during the annual struggle of approving a budget.

On the bright side, Ron Wyden is generally pretty good at mobilizing opposition, even when there appears to be little support for his efforts. We can also expect a variety of civil liberties groups and activists to start pushing Congress to "opt out" of the proposed changes.

Read More | 18 Comments | Leave a Comment..

Posted on Techdirt - 29 April 2016 @ 8:32am

Reputation Management Revolution: Fake News Sites And Even Faker DMCA Notices

from the the-dishonest-leading-the-dishonest-into-a-new-world-of-unaccountability! dept

Pissed Consumer has uncovered another apparent case of bad reputation management, this one revolving around bogus websites facilitating bogus DMCA takedowns. It previously exposed a pair of lawyers using shell companies and highly-questionable defamation lawsuits to force Google to delist negative reviews hosted around the web. These faux litigants always managed to not only find the supposed "defamers," but to also obtain a signed admission within 48 hours of the lawsuit being filed -- a process that usually takes weeks or months, especially if the alleged "defamer" utilizes anything other than their real name when posting negative reviews.

In this case, the reputation management scheme involves the use of hastily-set up "news" sites that contain a blend of scraped content and negative reviews hosted at sites like Yelp, Ripoff Report and Pissed Consumer.

Frankfort Herald, frankfortherald.com is a newspaper website that, despite its trustworthy name, has never really existed, for all intents and purposes, before January 2016 (according to archive.org). However, this did not stop them from sending a DMCA notice to Google claiming that they were the owners of the copyrighted material from Pissed Consumer that was published back in 2012.

On April 15, 2016 Pissed Consumer received a takedown notice for a review where frankfortherald.com claimed that they originally wrote the piece of news in question back on January 5, 2012. The review is about Brad Kuskin, and they claimed they had it published only 2 days prior to the article appearing on PissedConsumer.com.
Here's the supposed news article Frankfort Herald claims it owns in its bogus DMCA takedown notice.

The scheme is just as stupid as convicted fraudster Sean Gjerde's rep management Hail Mary: post copies of reviews or articles you want to see vanished at your own website and then issue DMCA notices claiming you own the words of others. It seldom works and tends to draw more attention to the content someone's trying to hide. (Of course, Sean Gjerde went the extra mile and tried to have the FBI's press release about his conviction delisted by Google…)

That's not the only negative content masquerading as "news" at the Frankfort Herald. There's also a negative Yelp review about a Spanish language school, a Ripoff Report review of a Georgia law firm and a CBS story about an apparent scam artist who suckered parents into shelling out thousands of dollars by pretending he was scouting talent for Disney. Disney disavowed any connection to the event. All of these have been targeted by bogus takedown notices under several names linked to the definitely-not-a-local-news-site "Frankfort Herald."

Whoever's behind that site has issued bogus takedown notices under the name "Heart Broadcasting" (a name that can only be found in the Frankfort Herald's site footer), "Frankfort Herald News Corp.," and "Frankfort News Corp." Perhaps most idiotically, it has co-opted the name of one of the world's biggest publishers in hopes of giving its bogus takedowns a veneer of respectability: "Hearst Media LLC."

Other fake "news" sites containing a jumble of scraped content and completely unrelated negative reviews have also issued bogus takedown notices within the last 30 days.

AthaNews sent one on March 25th where the sender claims the following is the result of their journalistic efforts:

Bought a house from Lala Ragimov and her “Developer” Husband “Tod”. On the surface their renovatinos seem solid but there were several red flags that I now wish we listened to. 1) “The Ragimov’s” are effectively the same entity. The claim of a seperate relator vs. develoiper and the games they play about “checking with the developer” are a joke. They are husband and wife! 2) We were told our roof was new but the condition was listed as “unknown” in discolsures. We were told this is common since the roof was repaired not replaced. The building was also conviently too tall to bring an inspector with a ladder without a special fee. The result? Leaks almost immideatley! [...]
Of course, the alleged infringer is none other than Ripoff Report, which shamelessly claimed this "journalist's" misspelling-laden "exposé" into a local realtor as its own. [eyeroll] AthaNews' mission statement -- found in the website's footer -- is lorem ipsum translated into English.

SEI World News is doing the same thing. It issued a DMCA notice to Google on April 7th, claiming one of its "news articles" was being "copied."

I am senior editor and my article is copied . Just to harm my reputation online . The article owner anonymously copied my content . Please look into this matter .
Once again, Ripoff Report is home to the targeted URL. SEI World has been playing this game for several months now, targeting negative reviews at other site with bogus claims of "copied" articles.

Searching Google's DMCA database using Ripoff Report as the target uncovers all sorts of "news" sites claiming negative reviews hosted elsewhere are the genuine byproduct of their journalistic endeavors. "Mass Communications Inc.?" Bogus takedown of a Ripoff Report review. Some site called "Global Girl Magazine" wants Ripoff Report to stop ripping off its "journalist's" work -- which is apparently something about a fund manager with an alleged penchant for scamming clients after taking their retainer fees, written in the first person. The same thing goes for the "Lewisburg Tribune." And so on...

The clustering of DMCA notices seems to point to a single reputation management bozo pulling the strings on multiple websites like a more focused Patrick Zarrelli. On the other hand, the scattershot approach and slippery grasp of the English language exhibited in the DMCA notices may indicate this is nothing more than a bunch of Fiverr freelancers making reputation management promises they can't keep. In some cases, it appears to have worked. Several of the bogus takedowns show Google has taken action and delisted links. But those victories will only be temporary. Any challenge from a legitimate site should see these decisions swiftly reversed.

16 Comments | Leave a Comment..

Posted on Techdirt - 29 April 2016 @ 3:30am

USTR: Foreign Governments Engaging In Censorship And Rights Abuses Should Add IP Enforcement To Their 'To Do' Lists

from the let-the-USTR-set-your-priorities-for-you dept

If it's mid-spring, it means it's time for the US Trade Representative's "Special 301 Report," the annual "event" that names and shames countries who don't live up to US industries' intellectual property protection ideals. The same countries that have made the list for years still make the list, although a few have moved up a notch from the "Priority Watch" list to just the normal "Watch" list.

There are lots of familiar names on the lists, including such perennial favorites as China, India, Russia and… Canada. The report offers congratulations to countries like Italy, which has managed to steer clear of the watchlists by instituting censorious IP enforcement procedures like site-blocking. And it pats other countries on the head for ceding to the USTR's IP imperialism in exchange for upgraded 301 listings.

USTR has noted the willingness of two Watch List countries, Turkmenistan and Tajikistan, to work with the United States on improving their IPR protection and enforcement regimes and will conduct an OCR for each country to evaluate whether specific steps taken merit their removal from the Watch List.
The USTR has no interest in determining whether the US's IP laws are actually a good fit for other nations, especially those with a host of more pressing problems. All it cares about it whether they live up to the American ideal, as stated by the loudest "more-is-better" IP enforcement proponents. All in all, it's a completely ridiculous bit of paper rattling, served up annually for maximum theatricality.

Sadly, many of those who have landed on the USTR's Naughty 301 list take this process far too seriously. Even at its gravest, the USTR's only real threat is that if things don't change, it will be forced to print out Country X's name under a different bold sub-header in next year's report.
USTR extends the current OCR of Paraguay, which is currently on the Watch List, to provide additional time for conclusion of a bilateral IPR Memorandum of Understanding (MOU). USTR encourages Paraguay to conclude the MOU by June 30, 2015, and notes that if Paraguay does not do so, USTR will evaluate possible implications accordingly, including with respect to Paraguay’s status under Special 301.
Meanwhile, the USTR wants governments with histories of human rights abuses to institute stricter IP-related policies -- one that should better aid them in achieving their censorious ends. Thailand, which has already put mass internet surveillance in place to make sure its king remains unbesmirched, is encouraged to put its police force to use to round up infringers. Pakistan, itself engaged in censorship and mass surveillance of its citizens, is told it should hand over ex officio power to law enforcement to move against infringers without having to wait around for rights holder complaints. Ecuador, which already knows a thing or two about abusing the DMCA process, is elevated to the "Priority" list for not treating other nations' IP as worthy of the same sort of censorious actions. The USTR wants Mexico to divert law enforcement resources to combating counterfeiting and piracy, as if dealing with the consequences of four decades of US drug warring wasn't enough to keep it busy. And the USTR issues demands to Venezuela, as if that dumpster fire of a government has any interest in listening to what a US representative has to say -- especially one acting on behalf of a handful of US industries.

Like every year, the report is a joke. And it's not even a report -- not in the normal definition of the word. There's no independent action by the USTR to investigate IP laws and violations elsewhere in the world. Instead, it relies on submissions from entities like the MPAA and BSA and writes their accusations up as a "report" on the state of IP protections elsewhere in the world. Unfortunately, there aren't enough countries in on the joke. Canada, for one, at least issues nothing more than an eye roll in response to being listed as one of the world's top offenders, despite having IP laws at least as stringent as the United States'. And there's something both surreal and ugly about a process that includes the executive vice president of the American Apparel and Footwear Association -- whose members depend heavily on cheap foreign labor -- complaining that other countries aren't doing enough to prevent citizens from purchasing affordable knockoffs of the same clothes they're making for US companies, but can't actually afford to buy.

Read More | 12 Comments | Leave a Comment..

Posted on Techdirt - 28 April 2016 @ 10:38am

So Much For The Fifth Amendment: Man Jailed For Seven Months For Not Turning Over Password

from the enjoying-your-rights,-citizen? dept

The FBI recently spent more than $1 million for assistance in decrypting a device's contents. It may have overpaid. Alternatives exist, whether it's a $5 wrench or indefinite imprisonment for not helping the government with its prosecution efforts.

A Philadelphia man suspected of possessing child pornography has been in jail for seven months and counting after being found in contempt of a court order demanding that he decrypt two password-protected hard drives.

The suspect, a former Philadelphia Police Department sergeant, has not been charged with any child porn crimes. Instead, he remains indefinitely imprisoned in Philadelphia's Federal Detention Center for refusing to unlock two drives encrypted with Apple's FileVault software in a case that once again highlights the extent to which the authorities are going to crack encrypted devices. The man is to remain jailed "until such time that he fully complies" with the decryption order.
The Fifth Amendment should prevent the government from punishing a person for not testifying against themselves, which is what's being argued by the defendant's representation in its appeal to the Third Circuit. (Although it's actually indirect representation. The government's case is actually against Doe's devices ["United States of America v. Apple MacPro Computer, et al"] and his lawyer is hoping for a stay of the contempt order during the appeal process.)
Mr. Doe… has a strong likelihood of success on the second issue: whether compelling the target of a criminal investigation to recall and divulge an encryption passcode transgresses the Fifth Amendment privilege against self-incrimination. Supreme Court precedent already instructs that a suspect may not be compelled to disclose the sequence of numbers that will open a combination lock — clearly auguring the same rule for any compelled disclosure of the sequence of characters constituting an encryption passcode.
Doe's rep also argues that the All Writs order obtained by the government has no jurisdiction over Doe or his devices.
Mr. Doe’s first claim is that the district court lacked subject matter jurisdiction. The claim stems from the government’s apparently unprecedented use of an unusual procedural vehicle to attempt to compel a suspect to give evidence in advance of potential criminal charges. Specifically, the government took resort not to a grand jury, but to a magistrate judge pursuant to the All Writs Act, 28 U.S.C. § 1651. (Ex. F at 1).

It is black letter law that the All Writs Act never supplies “any federal subject-matter jurisdiction in its own right[.]” Sygenta Crop Protection, Inc. v. Henson, 537 U.S. 28, 31 (2002) (citation omitted). It is equally well-settled that the Act has no application where other provisions of law specifically address the subject matter concerned. Pennsylvania Bureau of Correction v. United States Marshals Service, 474 U.S. 34, 40-42 (1985). The compelled production of evidence in advance of criminal charges is specifically addressed by Rules 6 and 17 of the Federal Rules of Criminal Procedure, which authorize the issuance and enforcement of grand jury subpoenas; and by 28 U.S.C. § 1826(a), which specifies the authorized penalties for a witness who refuses without good cause to give the evidence demanded by the grand jury.
As it stands now, Doe is still being held in contempt of court for refusing to decrypt his devices for investigators. The district court that held him in contempt has refused direct appeal of that order, resulting in the labyrinthine legal strategy of using the government's case against Doe's devices as a vehicle for challenging the lower court's contempt order.

Doe has not been charged, yet he's in prison. Backing up the government's assertions for holding him in contempt are two dubious pieces of hearsay. One is from his estranged sister, who claims to have seen child porn on Doe's computer, but can't actually say whether it was located on the devices the government is seeking to have decrypted. The other is from some sort of law enforcement encryption whisperer, who can apparently see things in the scrambled bits.
The government’s second witness was Detective Christopher Tankelewicz, a forensic examiner with the Delaware County District Attorney’s Office. He testified only that it was his “best guess” child pornography would be found on the hard drives. (Ex. J at 346). According to Tankelewicz’s understanding of the Freenet online network (in which he admits having no training), there were signs on an Apple Mac Pro computer seized with the hard drives of a user accessing or trying to access message boards with names suggestive of child pornography. (Ex. J at 306, 311-312, 339-340). In rather ambiguous testimony, Tankelewicz did not appear to say this meant any image traded over these boards was on the hard drives. (See Ex. J at 303-317, 336-340, 345-350). Instead, he identified a single image he believed there to be a “possibility” was on the drives. (Ex. J at 308-309). As he described it, the image was of “a four or five-year-old girl with her dress lifted up, but the image itself was small so you really couldn’t see what was going on with the image.” (Ex. J at 308).
No one wants to see a sex offender walk away from charges, but at this point, Doe hasn't even been officially charged with anything more than contempt. The problem with that charge is it has no end date. He can either stay in jail or comply with the order, even when the order conjures jurisdiction out of nowhere and violates his Fifth Amendment rights. If the government doesn't have enough evidence to pursue a case against Doe, it should cut him loose until it does.

Read More | 143 Comments | Leave a Comment..

Posted on Techdirt - 27 April 2016 @ 12:46pm

Rhode Island Attorney General Pushing For A State-Level CFAA That Will Turn Researchers, Whistleblowers Into Criminals

from the 'unauthorized-access'-isn't-always-a-bad-thing... dept

We recently wrote about the Rhode Island attorney general's "cybercrime" bill -- a legislative proposal that seeks to address cyberbullying, revenge porn, etc. with a bunch of broadly -- and poorly -- written clauses. Two negative comments written months apart could be viewed as "cyber-harassment" under the law, separating it from the sustained pattern of abuse that one normally considers "harassment."

In addition, the proposed law would criminalize "non-consensual communications." If the sender does not obtain the recipient's permission to send a message, it's a criminal act if the recipient finds the message to be distressing -- which could mean anything from emailing explicit threats to posting a negative comment on someone's Facebook page.

But that's not Attorney General Peter F. Kilmartin's only bad idea. It appears he's behind another legislative proposal -- one that would amend the state's computer crime laws into something more closely resembling the catastrophic federal equivalent: the CFAA.

Here's the worst part of the suggested amendments:

Whoever intentionally and without authorization or in excess of one's authorization, directly or indirectly accesses a computer, computer program, computer system, or computer network with the intent to either view, obtain, copy, print or download any confidential information contained in or stored on such computer, computer program, computer system, or computer network, shall be guilty of a felony and shall be subject to the penalties set forth in §11-52-5.
This would make the following Google search illegal:
filetype:pdf site:*.gov "law enforcement use only"
Anything deemed "confidential information" -- if accessed by people not "authorized" to do so -- falls under the protection of this legislation, even if it can be accessed by any member of the public without actually "breaking into" a company/government/etc. server.

The definition of "confidential information" makes the legislation even more problematic.
"Confidential Information" means data that is protected from disclosure on a computer, computer program, computer system or computer network and that the computer, computer program, computer system or computer network does not transmit or disclose unless initiated by the owner of such computer, computer program, computer system or computer network.
Something accessible by a Google search is not "protected from disclosure" by any stretch of the imagination. But this phrase, "unless initiated by the owner of such computer…," makes it illegal to obtain documents not otherwise protected. Uploading a sensitive document to a public-facing website crawled by Google is stupid and the person doing the uploading should take any "unauthorized access" as a learning experience. But under the law, it could successfully be argued that the uploading of a document to a publicly-accessible website is not the same thing as "initiating transmission."

The proposal makes several exemptions for service providers, software manufacturers and (no kidding) advertisers, so that their trawling of confidential information in the course of their businesses won't be viewed as criminal acts. But what it doesn't do is carve out an exception for security researchers, who often access confidential information during the course of their work.

In this form, the legislation is dangerous. It will criminalize security research and punish citizens for the stupidity of others. On top of that, the law would pretty much turn every whistleblower into a criminal by treating the access of confidential information as a crime, no matter what the circumstances are. Running it through an editing process involving politicians surrounded by "cyberwar" hype is unlikely to improve it.

Read More | 22 Comments | Leave a Comment..

More posts from Capitalist Lion Tamer >>