Mike Masnick’s Techdirt Profile


About Mike MasnickTechdirt Insider

Mike is the founder and CEO of Floor64 and editor of the Techdirt blog.

He can be found on Twitter at http://www.twitter.com/mmasnick

Posted on Techdirt - 22 July 2016 @ 7:39pm

Yes, The Democratic National Committee Flat Out Lied In Claiming No Donor Financial Info Leaked

from the it-leaked-like-a-seive dept

You may recall, from last month, that a hacker (who many have accused of working for the Russian government) got into the Democratic National Committee's computers and copied a ton of stuff. All of the emails that were obtained (a little over 19,000, from seven top DNC officials) are now searchable on Wikileaks, so there are tons of stories popping up covering what's been found. The Intercept, for example, appears to be having a field day exposing sketchy behavior by the DNC.

But one point that hasn't received as much attention: the DNC appears to have flat out lied right after the hack happened. In its statement on the hack, the DNC had insisted that no personal donor info got out:

The hackers had access to the information for approximately one year, but that access was wiped clean last weekend, The Washington Post reported, noting that the DNC said that no personal, financial or donor information had been accessed or taken.
Except, well, no. There had been reports, driven by the hacker, that the files absolutely did include personal donor info, and now you can see some of that for yourself. For example, it took me all of about 5 minutes to find a list of donors and their email addresses, which I won't be sharing here, but I'm sure others can find as well. And, then, of course, you can find things like this discussion about a potential donor, Niranjan Shah, with "ties" to disgraced and convicted former Illinois Governor Rod Blagojevich, noting that there were "pay to play" accusations associated with him. The DNC noted that they "could be ok" with Shah donating to the DNC, but that the administration might not want him to show up at their events. And, of course, there are emails detailing specific donations by specific people.

There are claims that some emails contain credit card data, though I haven't seen that myself. Either way, it certainly appears that in the rush to "nothing to see here" the leak of the info, the DNC simply lied about what was leaked.

32 Comments | Leave a Comment..

Posted on Techdirt - 21 July 2016 @ 2:35pm

Ed Snowden And Bunnie Huang Design Phone Case To Warn You If Your Phone Is Compromised

from the busy-day dept

Bunnie Huang is having quite a day -- and it's a day the US government perhaps isn't too happy about. Huang has worked on a number of interesting projects over the years from hacking the Xbox over a dozen years ago to highlighting innovation happening without patents in China. This morning we wrote about him suing the US government over Section 1201 of the DMCA. And now he's teamed up with Ed Snowden (you've heard of him) to design a device to warn you if your phone's radios are broadcasting without your consent. Basically, they're noting that your standard software based controls (i.e., turning on "airplane mode") can be circumvented by, say, spies or hackers. But their tool is designed to actually determine if the radios are broadcasting for real:

The aim of that add-on, Huang and Snowden say, is to offer a constant check on whether your phone’s radios are transmitting. They say it’s an infinitely more trustworthy method of knowing your phone’s radios are off than “airplane mode,” which people have shown can be hacked and spoofed. Snowden and Huang are hoping to offer strong privacy guarantees to smartphone owners who need to shield their phones from government-funded adversaries with advanced hacking and surveillance capabilities—particularly reporters trying to carry their devices into hostile foreign countries without constantly revealing their locations.
They've published a paper describing the product and it's a good read.
Front-line journalists risk their lives to report from conflict regions. Casting a spotlight on atrocities, their updates can alter the tides of war and outcomes of elections. As a result, front-line journalists are high-value targets, and their enemies will spare no expense to silence them. In the past decade, hundreds of journalists have been captured, tortured and killed. These journalists have been reporting in conflict zones, such as Iraq and Syria, or in regions of political instability, such as the Philippines, Mexico, and Somalia.

Unfortunately, journalists can be betrayed by their own tools. Their smartphones, an essential tool for communicating with sources and the outside world–as well as for taking photos and authoring articles–are also the perfect tracking device. Legal barriers barring the access to unwitting phone transmissions are failing because of the precedent set by the US’s “third-party doctrine,” which holds that metadata on such signals enjoys no legal protection. As a result, governments and powerful political institutions are gaining access to comprehensive records of phone emissions unwittingly broadcast by device owners. This leaves journalists, activists, and rights workers in a position of vulnerability. Reporter Marie Colvin’s 2012 death is a tragic reminder of how real this vulnerability can be. A lawsuit against the Syrian government filed in 2016 alleges she was deliberately targeted and killed by Syrian government artillery fire. The lawsuit describes how her location was discovered in part through the use of intercept devices that monitored satellite-dish and cellphone communications.
Of course, at this point, all that exists is the paper explaining how this will work. They haven't yet built the actual system. But given Huang's history of hardware hacking and his relationships in Shenzhen, it seems likely that he could get it made pretty quickly if there was demand.
Huang, who lives in Singapore but travels monthly to meet with hardware manufacturers in Shenzhen, says that the skills to create and install their hardware add-on are commonplace in mainland China’s thriving iPhone repair and modification markets. “This is definitely something where, if you’re the New York Times and you want to have a pool of four or five of these iPhones and you have a few hundred extra dollars to spent on them, we could do that.” says Huang. “The average [DIY enthusiast] in America would think this is pretty fucking crazy. The average guy who does iPhone modifications in China would see this and think it’s not a problem.”
Again, who knows if people will actually end up using this, but it's still good to see solutions like this being explored and tested.

Read More | 22 Comments | Leave a Comment..

Posted on Techdirt - 21 July 2016 @ 12:59pm

Techdirt Reading List: Don't Panic: A Legal Guide (in Plain English) For Small Businesses & Creative Professionals

from the don't-panic dept

We're back again with another in our weekly reading list posts of books we think our community will find interesting and thought provoking. Once again, buying the book via the Amazon links in this story also helps support Techdirt.

We've long argued that it's pretty ridiculous that creative artists and entrepreneurs sometimes find themselves at odds with one another, as there are a ton of similarities. It's why, a few years ago, we hosted an Artists & Entrepreneurs branstorming workshop, bringing together a bunch of content creators along with the entrepreneurs building platforms for those artists. A part of our thesis was that the two had a lot more similarities than differences. Both types were trying to be creative and innovative. Both were trying to run a business of sorts as well. There were some obvious areas where things were slightly different, but the similarities certainly outweighed the differences.

And that's just part of the reason it's nice to see the new book from New Media Rights' Art Neill and Teri Karobonik called Don't Panic: A Legal Guide (in plain english) for Small Businesses & Creative Professionals. New Media Rights does some really great work on the legal side helping content creators out, such as when big companies abuse copyright to censor creative works of artists.

This new book is a super useful (plain English!) legal guide to a variety of issues that face both creative artists and small businesses. Besides being super understandable for the non-lawyer artist or developer, it also reinforces that the issues both face are fairly similar.

Leave a Comment..

Posted on Techdirt - 21 July 2016 @ 11:50am

Donald Trump Threatens 'Art Of The Deal' Ghostwriter, Claiming His 'Disloyalty' Somehow Amounts To Defamation

from the slappity-slapp-slapp dept

Earlier this week there was a fascinating piece in the New Yorker by Jane Mayer, interviewing Tony Schwartz, who is credited as the co-author to Donald Trump's first and most famous book, The Art of the Deal (Schwartz is interchangeably referred to as the ghostwriter or co-author -- his name appears on the book as the much smaller type-faced co-author, which is unlike most ghostwriters -- but Schwartz claims he really wrote the book after just following Trump around for a bit and getting some ideas from him). The interview with Schwartz is great storytelling and focuses on his belief that Trump would be a disastrous President (and the fact that The Art of the Deal was exaggerated reality).

Despite the fact that the Republican National Convention happened this week, where Trump was officially nominated as the Republican Party candidate for President, Trump apparently found the time to have his lawyer dash off a ridiculously stupid cease and desist letter. It's the kind of cease and desist letter that we tend to see from complete cranks, rather than serious businessmen, let alone the official nominee for President from a major political party. Everything about the letter is flat out ridiculous (and at points, contradictory). Throughout it, Trump's Chief Legal Officer, Jason Greenblatt, keeps saying that Schwartz's statements are defamatory, but fails to name a single one. As has been pointed out many times, if you're screaming "defamation" but fail to point to a factual statement that is defamatory, you're just making noise.

The letter also claims that Schwartz is attempting to "rewrite history" and even starts out suggesting that Schwartz's claim of writing the book is an exaggeration, because the contract was merely to "provide certain services." But, rather than actually follow through on that line of argument, Greenblatt then more or less admits it, while arguing something totally different: that the book was successful because of Trump's association with it, not because of Schwartz. But Schwartz never argued otherwise, and that's completely besides the point.

Mr. Trump hired you to provide certain services in connection with the preparation of the Book. Although it has long-suited you to dramatically overstate your work on the Book in order to further your own career, (for example, telling George Stephanopoulos on Good Morning America that, "I wrote every word of [the Book], Donald Trump made a few red marks when I handed him the manuscript, but that was it."), let me set the record straight about the origin of the Book: Mr. Trump was the source of all of the material in the Book and the inspiration for every word in the Book. You would not have had access to any of the information that appeared in the Book without Mr. Trump. He was the mastermind behind the deals described in the Book, and he provided you with the facts and facets of each of these deals in order for you to write them down. What's more, Mr. Trump is wholly responsible for the great success of the Book, not you. It was his ingenuity that made the deals described in the Book happen, and it was his promotion of the Book that made it a runaway success.
Again, so what? That's got nothing to do with Schwartz's point and is nowhere near defamatory. Greenblatt also goes on to weirdly attack the one claim from Schwartz that he's pretty sure that many of the things in The Art of the Deal are false. Greenblatt wastes many perfectly good English words arguing that the book contract gave Schwartz the right to make changes to the book to make sure it was accurate, and somehow suggesting that his failure to change things proved that he didn't actually believe things in the book were false. Of course, again, this is not what Schwartz was arguing. He was saying that the stuff Trump told Schwartz, which Schwartz then crafted into the narrative of the book, were lies told by Trump. That should be obvious to anyone with basic reading comprehension skills.

Also, the above accusation is doubly weird, because just a page earlier in the letter, Greenblatt was arguing that Schwartz was a mere conduit and was basically just hired to scribble down Trump's words of wisdom. If he played such a minor part, then isn't that more or less admitting that Schwartz would have no say in correcting falsehoods in the book? The letter also tries to claim that Schwartz has been begging Trump for more work for decades and recently signed an agreement for royalties on the audiobook version of it. Schwartz, for his part, denies ever asking Trump for more work and says he actually turned down the offer to work on the sequel. The agreement on the audiobooks may be true, but it's difficult to see how that matters. Schwartz now speaking out against Trump, if anything, would likely diminish the interest in the book, and would impact Schwartz's own royalties (for which Schwartz has pledged to charity for any works purchased this year).

Even more hilariously, Greenblatt ends the letter by demanding Schwartz not only shut up, but also return all the royalties earned over the years from the book, including his half of the $500,000 advance.

Thankfully, Schwartz had lawyer Elizabeth McNamara at Davis Wright Tremaine respond to the letter, calling bullshit on it. The whole thing is worth a read (it's really only two pages), but here's a snippet:
Your letter alludes vaguely to "defamatory statements," "outright lies" and "downright fabrications," but you do not identify a single statement by Mr. Schwartz that is factually false, let alone defamatory. Instead, it is self-evident that Mr. Trump is most concerned with Mr. Schwartz's well-founded expressions of his own opinion of Mr. Trump's character, as well as Mr. Schwartz's accurately taking credit for the writing of The Art of the Deal, which you pointedly do not contest. Also, in Mr. Trump's eyes, Mr. Schwartz has been "very disloyal" in speaking out on these issues, as he is quoted saying to Mr. Schwartz in the recent New Yorker article by Jane Mayer.

The fact that Mr. Trump would spend time during the week of the Republican National Convention focused on settling a score with and trying to censor his co-author on a thirty-year-old book is, frankly, baffling, but only further underscores the very basis for Mr. Schwartz's criticisms. In any event, the demands you make in the letter are without any foundation in law or fact. Mr. Schwartz will not be returning any of the advance or royalties from the Book, and he has no intention of retracting any of his opinions about the character of the Republican nominee for the presidency, nor does he have any obligation or intention to remain silent about this issue going forward.
Of course, as we've noted in the past, this is kind of par for the course for Trump. When people say mean things about him, his lawyers tend to go ballistic, threatening (and sometimes suing for) defamation, even when there clearly is no defamation at all. This is why it's so ridiculous when Trump talks about "opening up" libel laws to go after those who write or say mean things about him.

Being so thin skinned and willing to at least threaten to drag an author to court for stating his opinion hardly seems particularly Presidential.

Read More | 60 Comments | Leave a Comment..

Posted on Techdirt - 21 July 2016 @ 10:39am

EFF Lawsuit Challenges DMCA's Digital Locks Provision As First Amendment Violation

from the well,-that's-interesting dept

Computer security professor Matthew Green and famed hardware hacker Bunnie Huang have teamed up with the EFF to sue the US government, challenging the constitutionality of Section 1201 of the DMCA, also known as the "anti-circumvention" clause. As we've discussed for many years, 1201 makes it against the law to "manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof" that is designed to "circumvent" DRM or other "technological protection measures." There are all sorts of problems with this part of the law, including the fact that it doesn't matter why you have that tool or why you're circumventing the DRM. For example, it would still be considered infringement if you cracked DRM on a public domain work. That's... insane.

The only "safety valve" on this is the ridiculous triennial review process, whereby people can beg and plead with the Librarian of Congress to "exempt" certain scenarios from being covered by 1201. The process is something of a joke, and even if you get an exemption one time, it automatically expires after three years, and the Library of Congress might not renew it.

The lawsuit, filed by EFF and some excellent lawyers from Wilson Sonsini, points out that the Supreme Court has long stated that fair use is the "safety valve" that stops copyright law from violating the First Amendment in regulating speech. But fair use isn't an allowable defense under 1201, leading to a question of whether or not 1201 itself violates the First Amendment:

Enacted in 1998, these provisions broadly restrict the public’s ability to access, speak about, and use copyrighted materials, without the traditional safeguards—such as the fair use doctrine—that are necessary to protect free speech and allow copyright law to coexist with the First Amendment. The threat of enforcement of these provisions chills protected and noninfringing speech that relies on copyrighted works, including independent technical research into computer security systems and the discussion of that research, and accessing copyrighted works in order to shift the content to a different format, space, or time. The triennial rulemaking process by which the public may seek exemptions pursuant to 17 U.S.C. § 1201(a)(1)(C) does not alleviate these problems. To the contrary, the rulemaking is itself an unconstitutional speech-licensing regime.
The complaint highlights how both Green and Huang have been scared away from working on various projects that have nothing to do with copyright-covered content, but both of which involve circumventing technological protection measures. In Green's case, it's about his security research, finding computer security problems in various devices. For Huang it's his work on a NeTVCR, an advancement on the NeTV device he created in the past. For it to work, however, he needs to get around HDCP and that, of course, would violate 1201. This presents a problem:
To the extent that the purpose of Section 1201 is “to promote the progress of science and the useful arts,” see U.S. Const. Art I, Sec. 8, cl. 8, its restrictions are not narrowly tailored to this purpose. Rather, they sweep up a vast amount of protected speech. This includes the speech that Green, Huang, Alphamax, and users of NeTVCR would undertake, but for the fear or criminal and other penalties. It also includes the many forms of speech that have been the subjects of exemption requests, and many additional forms of speech that have not yet been the subject of an exemption request. The means chosen in Section 1201 specifically targets the communicative impact of uses of copyrighted works and speech about the circumvention of TPMs that restrict such works.
Separately, as noted in the quote above, the case argues that the triennial review process itself violates the First Amendment.
The rulemaking contemplated by Section 1201(a)(1) is a licensing regime that lacks the safeguards the First Amendment requires. The combined ban and exemption process grants excessive power to a government official to make discretionary case-by-case decisions absent sufficient controlling standards.

Section 1201 does not provide for timely review of requests for permission to speak. Applicants must wait up to three years for an opportunity to participate in the triennial rulemaking, and the Rulemaking Defendants have no deadlines governing when they must issue a rule granting or denying exemption requests.
As Huang notes in his blog post about the case, this is a really big issue. It's both about free speech and what it means to "own" something.
Before Section 1201, the ownership of ideas was tempered by constitutional protections. Under this law, we had the right to tinker with gadgets that we bought, we had the right to record TV shows on our VCRs, and we had the right to remix songs. Section 1201 built an extra barrier around copyrightable works, restricting our prior ability to explore and create. In order to repair a gadget, we may have to decrypt its firmware; in order to remix a video, we may have to strip HDCP. Whereas we once readily expressed feelings and new ideas through remixes and hardware modifications, now we must first pause and ask: does this violate Section 1201? Especially now that cryptography pervades every aspect of modern life, every creative spark is likewise dampened by the chill of Section 1201.

The act of creation is no longer spontaneous.

Our recent generation of Makers, hackers, and entrepreneurs have developed under the shadow of Section 1201. Like the parable of the frog in the well, their creativity has been confined to a small patch, not realizing how big and blue the sky could be if they could step outside that well. Nascent 1201-free ecosystems outside the US are leading indicators of how far behind the next generation of Americans will be if we keep with the status quo.

Our children deserve better.
The argument here is compelling. 1201 has all sorts of problems, but no one has tested this First Amendment argument before. Unfortunately, our courts have been incredibly (and unfortunately) reluctant to seriously consider constitutional challenges to copyright law. The cases that have made it up through the court system have ended unfortunately badly -- cases like the Eldred case challenging copyright term extension, for example. I hope that this one turns out differently, and it may become a case to watch. Again, the arguments are quite compelling to me, but I'm unfortunately skeptical that the judicial system will agree. I hope I'm wrong.

Read More | 15 Comments | Leave a Comment..

Posted on Innovation - 21 July 2016 @ 9:25am

Elon Musk's Master Plan Includes Turning Tesla Into An Autonomous Uber

from the one-more-thing dept

Tesla's Elon Musk is not afraid to think big and then go for it. He famously published the Secret Tesla Motors Master Plan ten years ago, and has pretty much stuck to that plan. The short version was this:

Build sports car
Use that money to build an affordable car
Use that money to build an even more affordable car
While doing above, also provide zero emission electric power generation options
Don't tell anyone.
Now it's 10 years later, and Tesla is in the process of trying to buy another of Musk's companies, Solar City, which he argues helps target the final point in the list above, while the runaway demand for the Tesla Model 3 suggests that the "even more affordable car" is soon to be reality as well.

And thus, Musk has now released the next part of his master plan, which spends a fair bit of time trying to justify the merger with Solar City, and then focuses on a bunch of the self-driving efforts that Tesla is working on. Obviously, the company has been in the spotlight recently over some autopilot accidents that have killed drivers. The company's PR reaction to that hasn't been great, though there is a really good point that tons of people die in regular car accidents all the time. If Autopilot can be just marginally safer, even if there are still some accidents, that's still a big improvement. But, even so, Musk argues that their goal is to get Autopilot to be 10x safer before Tesla would remove the "beta" description on the feature.

But, of course, the most interesting bit comes at the end, where he basically announces that once Tesla really gets Autopilot working, they'll more or less turn the company into an Uber competitor, where any Tesla owner can just put their car to work earning money for the owners while they wouldn't normally be using the car:
When true self-driving is approved by regulators, it will mean that you will be able to summon your Tesla from pretty much anywhere. Once it picks you up, you will be able to sleep, read or do anything else enroute to your destination.

You will also be able to add your car to the Tesla shared fleet just by tapping a button on the Tesla phone app and have it generate income for you while you're at work or on vacation, significantly offsetting and at times potentially exceeding the monthly loan or lease cost. This dramatically lowers the true cost of ownership to the point where almost anyone could own a Tesla. Since most cars are only in use by their owner for 5% to 10% of the day, the fundamental economic utility of a true self-driving car is likely to be several times that of a car which is not.

In cities where demand exceeds the supply of customer-owned cars, Tesla will operate its own fleet, ensuring you can always hail a ride from us no matter where you are.
Now that's interesting. Of course, lots of people have predicted how the idea of car sharing may change in the age of autonomous vehicles. That part isn't entirely new. But a lot of the predictions I've seen about it focused on the idea of a big company (generally Uber) owning the fleet itself. The idea was that if you could summon a car at super low cost whenever you needed it, why would you ever need to actually own a car. And that makes some amount of sense. But Musk's vision appears to be slightly different, in that people could "own" their own cars, but put them to work, drastically lowering the net cost of the vehicle itself for those who choose to own, rather than just make use of ride sharing. Now, that does raise other questions. It would certainly increase the wear and tear on the car, and lower its value at a more rapid rate, but perhaps that doesn't matter so much if the options are cheap enough that you could replace the cars more frequently.

Who knows how any of this will play out in reality -- we're still a pretty long distance from it becoming reality. But the very nature of transportation and car ownership may be about to undergo a fairly fundamental shift. And that's a pretty big deal.

51 Comments | Leave a Comment..

Posted on Techdirt - 21 July 2016 @ 8:28am

Kickass Torrents Gets The Megaupload Treatment: Site Seized, Owner Arrested And Charged With Criminal Infringement

from the because-of-course dept

So just as the US government itself is accused of being engaged in massive copyright infringement itself, the Justice Department proudly announces that it has charged the owner of Kickass Torrents with criminal copyright infringement claims. The site has also been seized and the owner, Artem Vaulin, has been arrested in Poland. As with the original Kim Dotcom/Megaupload indictment, the full criminal complaint against Vaulin is worth reading.

As with the case against Dotcom/Megaupload, the DOJ seems to ignore the fact that there is no such thing as secondary liability in criminal infringement. That's a big concern. Even though Kickass Torrents does not host the actual infringing files at all, the complaint argues that Vaulin is still legally responsible for others doing so. But that's not actually how criminal copyright infringement works. The complaint barely even shows how Vaulin could be liable for the infringement conducted via Kickass Torrents.

But, of course, that doesn't matter because the guy at Homeland Security Investigations (formerly: ICE: Immigrations & Customs Enforcement) just spoke to the MPAA and the MPAA said that Kickass Torrents had no permission to link to their content. Yes, link.

As part of the investigation, I have communicated with representatives of the Motion Picture Association of America (MPAA) regarding this investigation. The representatives provided me with information the MPAA had developed about KAT, among other websites. The representatives stated that the MPAA closely monitors KAT and that a significant portion of the movies available on KAT are protected by copyright. The representatives also specified that the MPAA has not granted permission to KAT to index, link, frame, transmit, retransmit, provide access to, or otherwise aid or assist those who distribute and reproduce infringing copies of copyrighted motion picture or television content of MPAA members.
Here's the thing: most of those things listed above are not rights granted by the copyright act. The copyright act is pretty specifically limited to a few rights, including reproduction and distribution. But, again, note the games played in the complaint: "index, link, frame, transmit, retransmit, provide access to" don't directly infringe on the stated copyright exclusive rights (yes, there are some cases where some of the above may infringe on some of the exclusive rights, but it's not particularly cut and dry). So instead, the government tosses in this "otherwise aid or assist those who distribute and reproduce infringing copies of copyrighted motion picture or television content."

So, you see, once again, the government is creating a form of secondary liability for copyright infringement that does not exist in the law. That's a problem. Because that's not how criminal copyright law works. At all.

Furthermore, the complaint goes on about how KAT, as it calls Kickass Torrents, rejected DMCA takedown notices for a variety of reasons, but leaves out the fact that KAT is not an American company and is not under the jurisdiction of US laws. So I'm not entirely clear why US copyright laws apply here. The best they can do is note that they found a few servers that were apparently in Chicago.

The complaint spends lots of time on the fact that KAT makes a fair bit of money from advertising revenue. But, again, I'm not entirely clear how that's relevant to the claim of criminal copyright infringement. The implicit argument is clearly "people go to KAT to get infringing content, the site makes advertising from all that traffic, thus the revenue is ill-gotten gains." But... again that relies on the idea that KAT itself is engaged in criminal behavior. Creating a popular tool for finding content -- some of which may be infringing -- and then making money from advertising, are separate things. It seems wrong to make this weird if->then conditional assumption that just because the site made lots of money it was infringing.

No one is suggesting that Kickass Torrents was not regularly used by individuals to infringe on copyrights. It was. A lot. And you can argue how horrible that is and how it was killing Hollywood and all that -- but the specifics here do matter. The same arguments were made about the VCR for years. After all, the MPAA insisted that it was used exclusively to infringe on content for years until they finally realized that it was a good idea to release content for the home video market. And, again, the US government isn't allowed to make up criminal liability concepts that aren't actually in the law. They, and their supporters, of course will now argue that it's not about secondary liability, but about "aiding and abetting." But that argument doesn't fly either. The standards for aiding and abetting are much more involved -- and would require that the actual infringement be criminal. But that won't fly, because the individuals downloading via Kickass Torrents weren't violating criminal copyright law themselves.

In other words, the DOJ is trying to argue that helping a bunch of people engaged in civil copyright infringement magically turns into criminal aiding and abetting. But that's not how the law works.

Meanwhile, the DOJ's press release on this is filled with all the usual insane bluster:
"Copyright infringement exacts a large toll, a very human one, on the artists and businesses whose livelihood hinges on their creative inventions," said U.S. Attorney Fardon. "Vaulin allegedly used the Internet to cause enormous harm to those artists. Our Cybercrimes unit at the U.S. Attorney’s Office in Chicago will continue to work with our law enforcement partners around the globe to identify, investigate and prosecute those who attempt to illegally profit from the innovation of others."
Funny. Is he also going to charge the US Navy for its massive copyright infringement? Or is that not the kind of copyright infringement harm Fardon goes after?
"Vaulin is charged with running today’s most visited illegal file-sharing website, responsible for unlawfully distributing well over $1 billion of copyrighted materials," said Assistant Attorney General Caldwell. "In an effort to evade law enforcement, Vaulin allegedly relied on servers located in countries around the world and moved his domains due to repeated seizures and civil lawsuits. His arrest in Poland, however, demonstrates again that cybercriminals can run, but they cannot hide from justice."
The $1 billion of copyrighted materials is a nice touch, but again represents merely the estimated cover price, not any actual losses to the industry. Not that the DOJ wants to admit that. But the next guy is even worse, no longer just claiming that over $1 billion was distributed, but directly stating that Vaulin stole $1 billion.
"Artem Vaulin was allegedly running a worldwide digital piracy website that stole more than $1 billion in profits from the U.S. entertainment industry," said Executive Associate Director Edge. "Protecting legitimate commerce is one of HSI’s highest priorities. With the cooperation of our law enforcement partners, we will continue to aggressively bring to justice those who enrich themselves by stealing the creative work of U.S. artists."
Aren't law enforcement people supposed to actually know the law? There was no stealing. There may have been copyright infringement using the tool that Vaulin built, but that's not stealing.
"Investigating cyber-enabled schemes is a top priority for CI," said Chief Weber. "Websites such as the one seized today brazenly facilitate all kinds of illegal commerce. Criminal Investigation is committed to thoroughly investigating financial crimes, regardless of the medium. We will continue to work with our law enforcement partners to unravel this and other complex financial transactions and money laundering schemes where individuals attempt to conceal the true source of their income and use the Internet to mask their true identity."
Illegal commerce? It was basically a search engine for free content. What illegal commerce happened there?

Yes, yes, lots of infringement happened via the site. No one denies that. But having law enforcement folks stand up and make clueless statements like this suggest they don't even understand what Kickass Torrents did, and they just want to puff themselves up and look good for Hollywood.

Meanwhile: does anyone really believe that this move will cause anyone who used KAT to suddenly go back to purchasing movies?

Read More | 99 Comments | Leave a Comment..

Posted on Techdirt - 20 July 2016 @ 2:45pm

Kudos To Senator Leahy: Fighting To Keep Privacy & Civil Liberties Board From Being Hobbled

from the keep-at-it dept

While I think that Senator Patrick Leahy has been ridiculously and dangerously wrong on copyright issues for years, he's actually quite good on a number of other issues that are of interest to us here at Techdirt. In particular, he's been a strong supporter of civil liberties on the internet and protecting the 4th Amendment (it's unfortunate that he doesn't see how his desired copyright policies might undermine some of that, but that's another post for another day). Thankfully, his latest move is to push back against a plan by the Senate and House Intelligence Committees to strip the federal government's Privacy and Civil Liberties Board (PCLOB).

Back in May, we wrote about this effort, whereby Congress appeared to be deliberately stripping powers from the PCLOB in order to limit the board's ability to actually make sure that the intelligence community wasn't abusing its powers. Senator Leahy has now sent a fairly direct letter to Senate Intelligence chair Senator Richard Burr and vice chair Senator Dianne Feinstein calling out how terrible this plan is.

The letter calls out the "pattern" that has been put in place by both the House and Senate Intelligence Committees to one by one by one strip powers from the PCLOB. After giving a bunch of examples of this playing out, with the language stripping the powers being agreed upon in secret (of course), Leahy notes:

The PCLOB has served a valuable role in reviewing government surveillance programs and recommending reforms that have largely been implemented by the executive branch. It is particularly inappropriate to debate and report legislation in a closed markup that is designed to diminish the authority of a public, independent oversight board. Congress should b enhancing its role, not undercutting it.
It then asks them to remove these PCLOB-undermining provisions from the intel re-authorization bill. Of course, Feinstein and Burr want to hobble the PCLOB because they've long been cheerleaders for widespread surveillance, and have actively fought against any real or significant oversight. There's a reason why these riders undermining the PCLOB keep showing up, and it's because Senators like Feinstein and Burr are deliberately trying to protect the intelligence community from oversight. So unless some bigger force comes along, it's doubtful this letter will have much of a direct impact. But, even so, kudos to Leahy for sending the letter as a starting point. Hopefully he follows through and continues to keep the pressure up.

Read More | 11 Comments | Leave a Comment..

Posted on Techdirt - 20 July 2016 @ 1:15pm

EU Court Of Justice Advisor Suggests UK's Last Surveillance Bill May Be Legal, But Hints That The New One Might Not Be

from the reading-the-tea-leaves dept

Over at the EU Court of Justice, the Advocate General has weighed in on the legal challenge to DRIPA, the Data Retention and Investigatory Powers Bill (DRIPA) that was rushed through the UK Parliament almost exactly two years ago. The law was challenged by a group made up of cross-party Parliament Members, and the Advocate General has sort of punted on the issue. If you don't recall, the Advocate General's role in the EU Court of Justice is basically to make a recommendation for the actual rulings. The court doesn't have to (and doesn't always) follow the Advocate General's suggestion, but does so often enough that the opinions certainly carry a lot of weight and suggest what's likely to happen. In this case, the opinion stated that, even though the court had previously rejected the EU-wide Data Retention Directive as intruding on privacy -- the UK's data retention law might be okay.

The opinion basically says some data retention laws may be okay if the powers are "circumscribed by strict safeguards" set up by the national courts.

Of course, the timing on this is important, given that the UK is (1) eagerly trying to push through its new surveillance law, the Investigatory Powers Bill which was (2) championed by then Home Secretary Theresa May as a necessary surveillance tool -- and May is now the Prime Minister due to a series of issues in the UK you may have heard about lately. And some folks who are trying to read the tea leaves of the Advocate General's opinion are suggesting that it may actually hint that while the old DRIPA might possibly be okay, the new Investigatory Powers bill probably is not. Of course, a lot of this depends on how you read the opinion and how certain key phrases are interpreted.

Many of those responding to Tuesday's opinion emphasised the main finding that "solely the fight against serious crime is an objective in the general interest that is capable of justifying a general obligation to retain data, whereas combating ordinary offences and the smooth conduct of proceedings other than criminal proceedings are not."
Basically, it appears that while it may be possible to twist DRIPA into shape so that it's not violating the court's required safeguards, the same cannot be said for the new bill. Whether or not that actually stops forward progress on that bill is another story altogether. And, of course, if the UK really is going to go through with its plan to leave the EU entirely, none of this may matter at all. Well, except for the privacy of everyone in the UK.

5 Comments | Leave a Comment..

Posted on Techdirt - 20 July 2016 @ 11:56am

Paris Court Says Search Engines Don't Need To Block Torrent Searches

from the good-ruling dept

Copyright rulings in France have occasionally been a complete disaster in the past, so it's nice to see the High Court of Paris recognize that Google and Microsoft cannot be forced to block any searches that include the word "torrent." The two separate lawsuits were brought by SNEP, which could be seen as the French version of the RIAA. The organization argued that since the law allowed "all appropriate measures" to be used to block infringement, it could demand that search engines block any searches that include the word torrent. The court wasn't buying it, noting correctly that not all torrents are infringing, and such a rule would be way too broad:

“SNEP’s requests are general, and pertain not to a specific site but to all websites accessible through the stated methods, without consideration for identifying or even determining the site’s content, on the premise that the term ‘Torrent’ is necessarily associated with infringing content,” the Court writes in its order.

More specifically, the court notes that the word “torrent” has many legitimate uses, as does the BitTorrent protocol, which is a neutral communication technology. This means that blocking everything “torrent” related is likely to censor legal content as well.

“Yet [torrent] is primarily a common noun, with a meaning in French and in English; it also refers to a neutral communication protocol developed by the company Bittorrent that enables access to lawfully downloaded files.

“The requested measures are thus tantamount to general monitoring and may block access to lawful websites,” the High Court order adds.
That was in the ruling in the case against Microsoft. In the case against Google, SNEP lost on more of a procedural technicality. Google pointed out that SNEP brought the case in the name of just three artists, rather than itself, and the court more or less agreed that SNEP couldn't bring a case on behalf of just those artists. Still, the clear ruling on the Microsoft case suggests that SNEP wouldn't have had any more luck against Google if it had filed the case in the correct procedural way.

11 Comments | Leave a Comment..

Posted on Techdirt - 20 July 2016 @ 10:51am

German Software Company Sues US Gov't For Copyright Infringement

from the navy-pirates dept

A German software company, Bitmanagement Software, is now suing the US government for copyright infringement and demanding almost $600 million. The lawsuit, which was filed in the US Court of Federal Claims (basically a special court set up just for cases involving suing the US government for money), says that the US Navy copied Bitmanagement's 3D virtual reality software, BS Contact Geo. Apparently, the Navy had tested the software and had an evaluation license allowing the software to be used on 38 computers. And then the Navy just copied it onto hundreds of thousands of computers.

The lawsuit notes that the Navy had specifically requested the removal of Bitmanagement's usage tracking code, and then told the company that it wanted to license the software for upwards of 500,000 computers -- but also that it started doing those installs while the company was still negotiating a license. While that negotiation was ongoing, someone (accidentally, apparently) forwarded an email to Bitmanagement indicating that the software had already been installed on 104,922 computers. Apparently, a few months later, the Navy also disabled some other tracking software, called Flexwrap. This part is a bit confusing in the lawsuit, since earlier it notes that the evaluation contract required Bitmanagement to remove tracking software, but then the lawsuit notes that later on it was the Navy that removed Flexwrap, "in violation of the terms" of the license.

This is also a rare copyright case where the plaintiff is asking for actual damages, rather than mere statutory damages. That's partly because it notes that a single license of its software runs approximately $1,000 -- and it believes the software may have ended up on 558,466 computers. Thus, it's asking for $596,308,103, which is the market value of the unpaid licenses. If it had sought statutory damages, it would have been limited to just $150,000, as that's the maximum per "work infringed." But it's also because the US government has a special super power, called sovereign immunity when it comes to copyright claims, basically allowing it to avoid a copyright lawsuit in a regular ("Article III") district court. However, at least based on my understanding of the law, they can still go to the Federal Claims court (as Bitmanagement is) and seek the actual licensing fees.

It will be interesting to see how the US government responds. After all, this is the very same US government that regularly insists that copyright infringement is a horrible evil and that we need to ratchet up punishment for it. Yet, here is the Navy doing what appears to be fairly blatant direct infringement on software that it was evaluating, but failed to fully license. In the past, the US government has found itself negotiating settlements in similar cases. But, of course, none of that has resulted in the government recognizing that perhaps its hardline position on infringement by others is a bit extreme, considering its own behavior.

Read More | 54 Comments | Leave a Comment..

Posted on Techdirt - 20 July 2016 @ 9:31am

Turkey Blocks Wikileaks After It Dumps Nearly 300,000 Turkish Gov't Emails

from the censorship-wars dept

Turkey has a pretty detailed history of banning websites that it doesn't like, so the news that it's now blocking Wikileaks hardly comes as a surprise. After all, following the failed coup attempt, President Recep Tayyip Erdogan wasted no time in moving forward with what appears to be a somewhat vicious crackdown on tens of thousands of people. So, when Wikileaks suddenly released 300,000 emails from the Turkish government for anyone to search and explore, it's no surprise that all access to Wikileaks was quickly blocked.

Of course, it seems at least marginally noteworthy that, just a few months ago, the European Court of Human Rights had ruled that at least one of Turkey's internet bans, on YouTube, had breached the right to information. Of course, with Erdogan's activities this week, you get the feeling he doesn't care much at all what the European Court of Human Rights thinks about his actions right now.

19 Comments | Leave a Comment..

Posted on Techdirt - 20 July 2016 @ 6:35am

Prenda (Mostly) Loses Again; Court Says 'We Warned You To Stop Digging, But You Still Did'

from the first-rule-of-holes dept

Here's a quick lesson in reading judicial opinions. If this is how the ruling on your appeal starts out, things did not go well:

When last we considered John Steele and Paul Hansmeier’s challenges to contempt sanctions imposed on them, we gave them some friendly advice: stop digging.... Apparently they did not realize that we meant what we said. Hoping to avoid paying additional sanctions, they dissembled to the district court and engaged in discovery shenanigans.
And, yes, this is the latest in the still ongoing Prenda saga. Specifically, this is the appeal in the Lightspeed case, one of a few "main" cases where Team Prenda (John Steele, Paul Hansmeier and the late Paul Duffy) got completely slammed by courts for lying and other dishonest and sketchy behavior. Prenda lost big back in 2013, but kept lying. The judge then slapped them with huge fees. On appeal, the 7th Circuit smacked Prenda down again, and (as you probably surmised from above) explained the "rule of holes" to Prenda:
The first rule of holes, according to an old saying, is to stop digging. The two appeals before us bring that to mind, for reasons that will become apparent.
The case went back to the lower court, where the judge hit Team Prenda with sanctions for its behavior, including contempt, and then added on attorneys' fees for good measure.

Because Steele and Hansmeier can't help themselves, they appealed again, leading to this latest ruling. Believe it or not, Steele actually may be temporarily happy with this latest ruling as he actually won on one point (but may lose even bigger in the long run). Still, the court is clearly not happy with either Steele or Hansmeier. It does note that since Hansmeier has filed for a (highly questionable) bankruptcy, he cannot pursue the appeal and thus his appeal is dismissed out of hand.

Steele's appeal, however moves forward. And he still mostly loses and the court doesn't miss opportunities to slam Steele:
Steele offers only the weak argument that Smith should have obtained and submitted this evidence earlier, and that Smith’s lack of diligence should cut off this line of inquiry.... This approach has little but chutzpah—a quality that Steele and his compatriots have long demonstrated—going for it. To begin with, it was Steele and Hansmeier’s actions that prevented Smith from obtaining the necessary evidence in time for the November 12, 2014 hearing. (Indeed, Steele and Hansmeier maintained at the hearing that Smith should receive no further discovery because he already had all the relevant documents in his possession.) Steele’s misrepresentations and Hansmeier’s motion to quash delayed Sabadell’s production regarding Steele’s finances until November 17, 2014. The district court denied Smith’s motion the next day. Meanwhile, Smith first sought discovery regarding Monyet from TCF Bank on March 24, 2014. Because of Hansmeier’s second motion to quash and initially incomplete production, Smith was unable to obtain it until February 2015.

Steele nonetheless says that Smith should have found the relevant documents earlier because Monyet’s existence was “public record” in 2010, and the relevant documents were attached as exhibits to a debtor’s exam in a Minnesota bankruptcy case in June and July 2014. The fact that Monyet’s existence was public record is of little import: Smith had no reason to know of its existence, let alone any way to know of Hansmeier’s control of the company or the transfers Hansmeier made from its Scottrade account. Moreover, Smith was not a party to the Minnesota bankruptcy case. The district court did not abuse its discretion in granting Smith’s motion to reconsider.
The court notes that the sanctions on Steele are "easy to justify" given "Steele's entire pattern of vexatious and obstructive conduct."

And that included deliberately seeking to hide his and Hansmeier's money just as the sanctions were being ordered:
This was the very time when Steele and Hansmeier were emptying accounts they controlled of sums vastly in excess of the sanctions they owed. This was obviously egregious behavior, and a flat violation of the district court’s order. Their actions necessitated Smith’s litigation over their ability to pay the sanctions. Smith’s compensable expenses reasonably reached back to his first round of third‐party subpoenas, issued on January 16, 2014, as the district court found.
The one point that Steele won on, however, was on the contempt fine. Steele had argued that it was issued as a form of criminal contempt, rather than civil contempt, and there are different standards there. After looking it over, the appeals court appears to reluctantly agree.
Examining the nature of Steele’s fine and its justification, we are convinced that it falls on the criminal side of the line. It was an unconditional fine that did not reflect actual costs caused by the attorneys’ conduct. The district court justified the fine of $65,263.00 solely by reference to the attorneys’ “contemptuous statements in court.” This number, the court commented, was “twenty‐five percent of Judge Murphy’s original sanction.” It added that a “pattern is purposefully developing whereby the contemnors could find their way back to the full sanction … for their original wrongdoing if they continue their misdeeds before this Court.” This justification most naturally supports a fine meant to vindicate the authority of the court and deter future misconduct, not an award designed to be compensatory or coercive.

It is also telling that the amount of the fine was not connected to any cost imposed on either Smith or the district court. The court meant instead to punish past behavior and to deter future contemptuous conduct. Nor was the fine tied to any specific future action. While Lightspeed I found a fine quantified without reference to billing statements to be a civil contempt, the fine there “corresponded to attorneys’ fees and costs incurred by defendants during the course of litigating the contempt motion.” ... That is not the case here: the district court said nothing about Smith’s costs. It had taken care of the costs attributable to the separate discovery sanctions in a separate part of its order.
Of course, this small victory may be short-lived:
We make no comment on what type of contempt Smith may wish to seek, whether the court might re‐consider the possibility of civil contempt, or whether criminal contempt could be justified once the proper procedures are followed. We are confident that the district court will take a fresh look at these questions in light of this opinion.
This issue actually came up during the original appeal, when the judges on the 7th Circuit, somewhat incredulously, asked the lawyer representing Steele and Hansmeier if he was really asking for the courts to consider if Steele and Hansmeier had committed criminal acts when it had already focused solely on civil ones. And, now, Steele, at least may find himself in a deeper hole because of this. That's what happens when you keep digging.

Read More | 25 Comments | Leave a Comment..

Posted on Techdirt - 20 July 2016 @ 3:31am

For The Third Time, Whatsapp Blocked (And Then Unblocked) By Brazilian Judges For Failing To Decrypt

from the we've-seen-this-before dept

What's up with Brazilian judges not understanding Whatsapp? In the last few months, judges keep freaking out that Whatsapp messages are end to end encrypted, and that the company is unable to decrypt them at all. On Tuesday morning, the news broke that Judge Daniela Barbosa had ordered Whatsapp blocked yet again, along with a $50,000 per day fine until it decrypts information that it cannot decrypt. While various ISPs set about blocking the extremely popular app, as with the previous times, it took only a few hours for a higher court to suspend Barbosa's ruling, and to make the app available again.

Of course, this is the third time that Brazilian courts have done this particular dance. It happened in December and again in May. And who can forget the time in March where a Brazilian judge ordered a Facebook exec arrested over the same issue (Facebook owns Whatsapp).

Whatsapp's founder/CEO Jan Koum called the latest news "shocking," noting how these blocks had been rejected "loudly" in the past. Given how widespread this news was, as well as the basic architecture of Whatsapp, making it impossible to decrypt messages, it makes you wonder just what Brazilian judges think they're accomplishing each time they do this. Do they think they're sending a message to Facebook/Whatsapp? If anything, it just looks Brazil and its judicial system seem backwards and out of touch.

24 Comments | Leave a Comment..

Posted on Techdirt - 18 July 2016 @ 4:10pm

Just As Open Competitor To Elsevier's SSRN Launches, SSRN Accused Of Copyright Crackdown

from the the-inevitable dept

A couple of months ago, we wrote about how publishing giant Elsevier had purchased the open access pre-publisher SSRN. SSRN is basically the place where lots of research that we regularly report on is published. Legal and economics academics quite frequently post their journal articles there. Of course, Elsevier has a well-known reputation for being extreme copyright maximalists in dangerous ways. Having Elsevier take over SSRN concerned a lot of academics, and even led to calls for alternatives, including many asking the famed arXiv to open a social science research operation as well.

Indeed, it appears that arXiv was paying attention, because just about a week ago, SocArXiv was announced, and it already has a temporary home hosted by Open Science Framework.

And perhaps this came just in time, because just as that happened, Stephen Henderson, a law professor, noted that SSRN took down his paper saying that they didn't think he retained the copyright to it.

When I posted a final PDF of an article for which not only do my co-author and I retain the copyright, but for which the contract also includes _explicit_ permission to post on SSRN, I received the typical happy “SSRN Revision Email” saying all was well. Only when I went to take a look, I found there was no longer any PDF to download at all—merely the abstract. So, download counts are gone, and no article. Not the former working version nor the final version. And then in the revision comments, I found this:

It appears that you do not retain copyright to the paper, and the PDF has been removed from public view. Please provide us with the copyright holder's written permission to post. Alternatively, you may replace this version with a working paper or preprint version, if you so desire. Questions and/or written permissions may be emailed to support@ssrn.com, or call 1-877-SSRNHELP (877-777-6435 toll free) or 1-585-442-8170 outside the US.

So, not only have they completely changed their model, but—at least to me—they gave no effective notice, and they pull papers without asking. Nobody bothered to _ask_ whether I had permission; they simply took down every version of the article and said nothing. Alas. And when I called customer support and someone called back, I pointed out that some profs have hundreds of articles posted for which SSRN doesn’t hold the copyright agreements. “Are you going to take all those down too?,” I asked. The answer, in essence, “Those were posted in error.” Unbelievable.
As that story started to make the rounds, SSRN insisted that it was just a technical glitch, in that it had sent the wrong email, but others aren't buying it.
And now, the Authors Alliance has come out with a notice telling SSRN authors that it may be time to try something new (such as SocArXiv) because Elsevier cannot be trusted. The Alliance notes that after Elsevier purchased SSRN, it reached out to Elsevier to try to get the company to commit to some basic principles of openness, and Elsevier refused:

Since we first heard of mega-publisher Elsevier’s acquisition of SSRN, the popular social sciences pre-print and working paper repository, we have expressed concern. Elsevier is not known to be an avid supporter of the open access publishing practices favored by many of our members, and has historically taken a restrictive stance toward author control and ownership of scholarship.

In response, we reached out to Elsevier and to SSRN with a set of principles the service could adopt that would reassure authors that SSRN could continue to be a go-to resource for those looking to refine and share their work. We have since heard back from SSRN: they would not commit to adopting even one of our principles. They offered more general reassurances that their policies would continue as before. We were not satisfied, but we decided to wait and see whether our fears would be borne out.

The article notes more examples of SSRN pulling down research, even when the authors do retain the copyright, combined with a misunderstanding of how Creative Commons licenses work. It seems fairly clear that this was not just the case of one email improperly sent. And thus, for those who rely on SSRN, it's probably time to start looking for alternative ways of posting documents.
SSRN authors: you have not committed to SSRN. You can remove your papers from their service, and you can opt instead to make your work available in venues that show real commitment to the sharing, vetting, and refinement of academic work.
The Authors Alliance also points out that researchers don't need to just post their research in one place, and can often host it themselves as well. But, it appears that SSRN under Elsevier is quickly losing trust. Considering that it was basically the go to place for all legal and economics research pre-publishing, that's quite a quick turn around, thanks entirely to Elsevier.

11 Comments | Leave a Comment..

Posted on Techdirt - 15 July 2016 @ 3:48pm

As Erdogan Faces Turkish Coup, The Guy Who Once Banned Social Media Sites, Forced To Address Nation Via Facetime & Twitter

from the digital-irony dept

We've written a fair amount about Turkish President Recep Tayyip Erdogan. Lately, it's mostly been about his ridiculously thin skin over insults, and his willingness to take his hurt feelings international. But, even prior to that, he had a history of irrational hating on social media. Back when he was Prime Minister, he tried to blame Twitter for social unrest, even going so far as to order it banned in the country. And, when that failed, he actually sued his own government over the failure to block content on Twitter that he disliked.

Now, as you hopefully know from news sources other than Techdirt, as I write this, it appears that there's a military coup going on in Turkey, trying to usurp Erdogan. As part of that effort, all those social media sites that Erdogan himself does not like, including Facebook, Twitter and YouTube are being blocked. For Erdogan himself, that's meant that he's been cut off from his own means of communication to the public, leaving him to use Apple's Facetime to call a local TV station to put him on the air:

And, of course, the social media blocks aren't even that effective anyway -- with many Turkish citizens using VPNs to get around the blocks. Plenty of people are now seeing live coverage of what's happening in Turkey thanks to Facebook Live and Twitter's Periscope.

I have no idea how this will turn out, but from the perspective of how the internet has changed the media landscape, this is all fairly incredible to watch as it plays out.

Update: And the irony gets thicker. Erdogan is now reaching out to the public... via Twitter:

43 Comments | Leave a Comment..

Posted on Techdirt - 15 July 2016 @ 2:28pm

Could Donald Trump Block Hillary Clinton's Campaign From Visiting His Website Via The CFAA?

from the who-the-hell-knows dept

In the past few weeks, we've written about two troubling rulings in the 9th Circuit appeals court concerning the CFAA, the Computer Fraud and Abuse Act. That law, that was literally written in response to Ronald Reagan being freaked out by the (fictional) movie War Games, was designed to go after hackers and make computer hacking into other people's computers a crime. The law is woefully outdated and unfortunately vague, with terms like "unauthroized access" and "exceeds authorized access." For years, many of us have been pushing for Congress to reform the law to make it not quite so broad, because in its current setup it's the law the DOJ relies on when all else fails. That's why the DOJ loves it. If you did something it doesn't like on a computer, it'll try to use the CFAA against you.

The two recent cases were not helpful. The first, called Nosal II (because it was the second CFAA case involving David Nosal trying to use data from his former employer), found that convincing a former colleague to share their password with you could violate the CFAA. The court tried to limit the impact of this, by adding some caveats, and insisting that mere password sharing wouldn't qualify without some additional event that indicated a lack of authorization, but it does still seem like a vague standard that many will try to use going forward. The second case, Facebook v. Power, found that Power violated the CFAA by continuing to access Facebook accounts, with permission of those Facebook users, after Facebook had sent a cease-and-desist. The court found that the cease-and-desist acted as a clear point that said "you're not allowed here."

But it's difficult to square that with the original Nosal ruling (Nosal 1) which found that merely violating a terms of service was not a CFAA violation. So ignoring a terms of service is not a CFAA violation, but ignoring a cease-and-desist letter is. It's not clear why one has power over the other, though perhaps there's an argument that a cease-and-desist is a proactive action towards an individual by a website, whereas a terms of service is broadly applicable. Still, it feels weak.

And, it raises tricky situations like the following, first raised by Andy Sellars, about a situation in which one individual alerts another that they can no longer visit a website. Let's say this happened between two presidential candidates. Hypothetically.

And, as Eriq Gardner at the Hollywood Reporter notes in response, the answer is totally unclear. And that seems really problematic. I had tossed out some hypotheticals in my original post on the Facebook v. Power ruling, but this is a good one as well, because you could absolutely see some political candidates issuing that kind of cease-and-desist. There may be arguments about whether then accessing such a website would create a loss necessary to qualify for the CFAA, but it's still quite worrisome that the court has now put in place a vague standard that at least suggests that you can bar someone from a website by merely telling them not to go there. That's going to create a bunch of messy litigation going forward.

20 Comments | Leave a Comment..

Posted on Techdirt - 15 July 2016 @ 12:43pm

Oracle v. Google Not Over Yet: Oracle Seeks Another New Trial While Google Seeks Sanctions On Oracle's Lawyers

from the keep-trying-and-trying dept

As you probably remember, a jury decided in Google's favor after a somewhat wacky trial that its use of some of the Java APIs was considered fair use. Oracle, of course, isn't going down quietly. It immediately asked the judge, William Alsup, to reject the jury's verdict, which he refused to do. Everyone expects that Oracle will appeal this as high as it can go, though its chances aren't great.

In the meantime, though, Oracle isn't done trying every possible door at the district court level. Last week it simply asked for a new trial in what I can only describe as Oracle's sour grapes motion. It starts out by claiming that "the verdict was against the weight of the evidence" and thus a new trial is necessary. And then it whines about a whole bunch of other issues, including Google's plans to use Android on computers, meaning that the "harm" portion of the trial was unfairly limited to just tablets and phones. It also whines about certain limitations and exclusions of information it was not allowed to present. These are purely "waaaaah, we lost, fix it, waaaaaah" kinds of arguments. The court also excluded lots of Google evidence as well, and Oracle may not really want to revisit some of that either. You can read the full document below or at the link above, but analyzing all of it is pretty silly. It's strictly a sour grapes argument that is unlikely to go anywhere.

At the same time, Oracle filed yet another motion for judgment as a matter of law... that also seems unlikely to go anywhere. Here, though, the argument is basically that the jury got fair use wrong. The argument here is pretty laughable. It goes through each of the four factors and argues why the jury got it wrong. Now, it's true, as some have argued, that a court can take the four fair use factors and basically come to any conclusion it wants, but it's hard to see Judge Alsup doing that here. It would be shocking to see him do so actually. And, rather than go through each argument, I'll just present the table of contents of Oracle's filing here so you can see how desperate the company is:

Basically, Oracle is continuing to falsely pretend that fair use only applies to non-commercial use (it doesn't), and that creating something new with an API isn't transformative unless it's like artwork or something (this is wrong). Oracle's interpretation of fair use is not supported by the history or case law of fair use, and it would be shocking to see the court accept it here.

Meanwhile, on the flip side, Google is looking to punish Oracle's lawyers and asking for sanctions against them for revealing in open court sensitive information that had been sealed by the court.
On January 14, 2016, Oracle’s counsel Annette Hurst disclosed in open court representations of sensitive confidential financial information of both Google and third-party Apple Inc., as well as extremely confidential internal Google financial information.... After Ms. Hurst’s improper disclosures, Oracle and its counsel neither sought to remedy the effects of the disclosures nor acknowledged their wrongdoing. They instead refused to take responsibility for the disclosures, claimed they were inconsequential because Oracle hoped to use the information at trial (which it never did), and even argued that Google’s motion to seal the third party Apple information—which Judge Ryu subsequently granted,... —was “merely a delaying tactic.” ... Within days of the disclosures, and following Oracle’s failure to take remedial action, this information became headline news for major news outlets, at least one of which noted that, thanks to Ms. Hurst, the press could finally report on confidential information that had theretofore been only a subject of speculation.

Oracle’s disclosures and its subsequent actions reveal a profound disregard for this Court’s Protective Order and for other parties’ confidential information. Google and third party Apple were harmed by Oracle’s counsel’s disclosure regarding the terms of a significant and confidential commercial agreement. Google believes it is important, both for this case and for other cases in this District, for the Court to make clear that Oracle’s counsel’s actions were improper, that Oracle’s excuses for the disclosures are invalid, and that Oracle’s failure, after the fact, to cooperate in remedying the disclosures was inconsistent with the Protective Order.
Disclosing confidential/sealed information in court is a pretty big deal, though I have no idea how the court will rule on this matter.

Either way, it's safe to say that there's little love lost between Google and Oracle (and their lawyers).

Read More | 20 Comments | Leave a Comment..

Posted on Techdirt - 15 July 2016 @ 11:45am

Bill Introduced To Create Copyright Small Claims Court... Which Copyright Trolls Are Going To Love

from the flooding-the-system dept

For a while now, some in the copyright community have been pushing for a copyright "small claims court" as an alternative to filing a federal lawsuit over copyright law. It's true that, especially for small copyright holders, the cost of filing a lawsuit may appear to be rather prohibitive. But it's not clear that a small claims court is the answer. A few years ago, we wrote about some potential concerns with such an approach, but have also admitted that if set up right, it could have some advantages. But that requires it be set up right.

Unfortunately, a new bill has been introduced, by Rep. Hakeem Jeffries, along with Rep. Tom Marino, to officially set up such a system -- and it's done in a way that looks like it will not be well-designed, and instead will lead to a massive rush of small claims, especially by copyright trolls. The bill is called the Copyright Alternative in Small-Claims Enforcement Act of 2016, or CASE Act, and... it's got problems.

The "good" news, if you can call it that, is that claims that would go before this appointed tribunal, made up of copyright lawyers recommended by the Register of Copyrights and appointed by the Librarian of Congress, would have much lower statutory damages availability than the federal courts. A copyright claim in a federal court has statutory damages up to $150k, for willful infringement. In the small claims system, the maximum statutory damages would be $15k. But, really, that's just half of today's official statutory damages -- because if there's no willful infringement, the Copyright Act puts a cap at $30k. In the small claims world, there's no option to claim willful infringement.

Another potentially good feature is that this small claims setup would be able to hear two kinds of claims: the standard ones involving claims of someone violating one of the established rights under copyright law... but then also to hear cases about abusive DMCA notifications, under Section 512(f) of the DMCA. Of course, as we've noted in the past, the federal courts have effectively written 512(f) out of the law and refuse to punish those who file bogus DMCA notices. It's not at all clear how things would change here. The bill explicitly notes that the remedies for a 512(f) bogus DMCA notice claim would be limited "to those available under this chapter." But it's unclear if that really means that you could get $15k for a bogus DMCA filing. And that's because the section on statutory damages is clearly written only with people suing for copyright infringement in mind, and not people suing over bogus DMCA takedowns.

For example, it notes that in order to qualify for the $15k maximum statutory damages, it only applies to "works timely registered." But... how does that make sense for 512(f) claims? In those cases, the question of whether or not the defendant timely registered a copyright makes no sense at all. If someone sends a bogus DMCA takedown over a copyright that doesn't exist or that they don't hold, why should its registration status matter? It's almost as if Rep. Jeffries (or the lobbyists who wrote this bill) only tossed in the part about 512(f) claims to appease people concerned about abusive DMCA takedowns, and then completely forgot about it after they included that.

But the really big problem in my mind is that this seems likely to just be swamped by copyright trolls. We already see that they're flooding the federal court system, where multiple rulings against joinder (i.e., the ridiculous bundling of thousands of possible file sharers together) has meant that when trolls do sue, they're generally limited in how many people they can sue. Making the process cheaper, but still offering statutory damages amounts that can be quite scary to the average American, and that can still get the job done of scaring threatened users into paying up fines that are much smaller than the $15,000.

And, yes, this small claims system will allow for discovery, which is the key feature that trolls want. They want to sue, and then get discovery where they can send demands to ISPs for names of subscribers based on IP addresses, and there doesn't appear to be anything in the bill to stop that. It does note that parties seeking discovery need to show "good cause" to enable discovery, but that may be a fairly low bar. It also notes that responding to discovery requests to non-parties in the dispute will be "voluntary" so perhaps ISPs will resist, but that's not certain. And thus, this three-panel board may find itself on the receiving end of a ton of ridiculous claims from trolls who have no intention of following through with the case. One would hope, with the federal court system's copyright docket currently overrun with trolling cases, that whoever drafted this law would have thought through a better plan to stop that from happening here.

Another potential issue: the bill would let individuals go after not just actual infringers, but also service providers if they fail to follow through on a DMCA takedown notice. Basically, it exports the DMCA safe harbors to this small claims process as well, but that may mean that internet platforms are going to get dragged through this process that was meant to focus on small claims that could be easily adjudicated.

There's also this oddity. After laying out the specific responsibilities of the three individuals who will handle all of these small claims cases, the bill notes:

When not engaged in performing their duties as prescribed in this chapter, to perform such other duties as may be assigned by the Register of Copyrights.
What, exactly, is that going to entail?

Who knows how this will actually play out. A few years back, the UK introduced its own small claims copyright system. But I have no idea how it's doing. I haven't seen any numbers or indication of how widely it's used. Perhaps it works great and is a useful tool for dealing with small scale infringement issues. But I do worry about the way the bill is currently written and how it can be abused, especially by trolls who just want to pressure people into settling, and where the threat of a $15k award might be plenty.

Read More | 18 Comments | Leave a Comment..

Posted on Techdirt - 15 July 2016 @ 10:39am

Federal Revenge Porn Bill Not As Bad As It Could Have Been, Still Probably Unconstitutional

from the just-saying dept

For the last two and half years or so, my Congressional Representative, Jackie Speier, has insisted that she was just about to introduce a federal law outlawing revenge porn. And then it wouldn't come. There would be an article saying it was almost ready... and then nothing. Months would go by, another article would appear... and then nothing. Finally, on Thursday, Speier introduced the bill, insisting that the delay was in convincing Silicon Valley companies to sign on to it. Of course, that leaves out the fact that the reason many refused to sign on was because previous iterations of the bill were incredibly problematic and almost certainly unconstitutional. With two and half years to work on it, however, the finally introduced bill, called the Intimate Privacy Protection Act of 2016, or IPPA, is not nearly as bad as it could have been, nor as bad as some of the suggestions passed around by those who "consulted" on drafting the bill.

But that doesn't mean the bill isn't unconstitutional.

Let's be clear: revenge porn is horrific. The creeps who put up revenge porn sites deserve to be shamed and mocked. The people who actually upload images to such sites or visit them are complete losers who need to get a life. But there are really important legal issues that come up when you try to outlaw such things, starting with the First Amendment. Yes, yes, as everyone will say, there are some exceptions to the First Amendment (though if you claim that shouting fire in a crowded theater is one of them, you're going to be mocked as well). But the exceptions to the first First Amendment are very narrowly prescribed by the Supreme Court, and they're much more narrow than most armchair lawyers believe. Looking over the list, it's pretty difficult to see how revenge porn fits.

Next up, context matters a lot, and while the bill tries to take some of that into account, it's unclear if it actually succeeds. The bill has a vague and nearly totally undefined "public interest" exception -- but what does that actually include? That's left unclear. Remember last year when Lenny Kravitz accidentally exposed himself at a concert. Was everyone who passed around videos of images of that violating this new revenge porn bill? It would seem so. That would be "knowingly" using an "interactive computer service... to distribute a visual depiction of a person who is identifiable from the image itself or information displayed in connection with the image... of the naked genitals... of a person, with reckless disregard for the person's lack of consent to the distribution."

Remember, tons of people were passing around that image and video last year. Should all of them face five years in prison plus fines? That seems... extreme. And extremely problematic.

The ACLU has a rather simple request to fix this problem with the law: add an intent requirement, such that it only applies to those who "maliciously and intentionally invade another person's privacy." Even that may have some First Amendment issues, but supporters of the law refused to add an intent standard, claiming that such a standard would be too limiting, and wouldn't cover those who weren't motivated by "malice" but by money or fame. But, that's ridiculous. Any court would likely decide that setting up a revenge porn site for money was a form of malice.

Thankfully, this version of the law says that it does not apply to online platforms, as defined by Section 230 of the Communications Decency Act, which is a big jump from where some of the crafters of this bill were a few years ago, in which they openly discussed undermining CDA 230 as a way to attack revenge porn.

In the end, two and a half years of effort means that the bill isn't as horrible as some of the earliest suggestions, but it's still not clear that it's constitutional. It seems likely that the ACLU, and possibly others, will likely challenge this law should it pass and then I guess we'll find out what the courts actually think of it.

Read More | 18 Comments | Leave a Comment..

More posts from Mike Masnick >>