Mike Masnick’s Techdirt Profile

mmasnick

About Mike MasnickTechdirt Insider

Mike is the founder and CEO of Floor64 and editor of the Techdirt blog.

He can be found on Twitter at http://www.twitter.com/mmasnick



Posted on Techdirt - 5 May 2016 @ 12:44pm

Techdirt Reading List: No Law: Intellectual Property In The Image Of An Absolute First Amendment

from the the-first-amendment-matters dept

We're back again with another in our weekly reading list posts of books we think our community will find interesting and thought provoking. Once again, buying the book via the Amazon links in this story also helps support Techdirt.



With copyright reform a big topic again these days, we've been talking about some worthwhile books to read in thinking about the topic. The last couple weeks we wrote about some important books by Bill Patry in thinking about how to reform copyright, and this week I'm going to recommend No Law: Intellectual Property in the Image of an Absolute First Amendment by David Lange and H. Jefferson Powell. I had actually just mentioned this book a few weeks ago in discussing copyright's free speech problem, and I'll recommend it again. I'm not sure why the book never seemed to get that much attention, even in copyright circles, because it's really worth reading.

It is not, necessarily, a book about copyright reform, per se. The authors admit that it's more of an intellectual exercise. I should also warn you that the book can be a bit of a dense read at times, but I found it extremely worthwhile. The first half basically explains how copyright and the First Amendment clearly are in strong conflict, and has a rather detailed discussion of how the Supreme Court clearly got things wrong in the infamous Eldred case. The second half of the book then focuses on a possible solution -- that doesn't involve dumping copyright altogether. Instead, they're suggesting something more akin to the way defamation law often works, in which the speech is not removed, since that could violate the First Amendment, but you may need to pay for it. In effect, it would be about creating a compulsory licensing system. I'm not sure I agree with this approach for a variety of reasons, but the book is detailed, thorough and thought provoking.

7 Comments | Leave a Comment..

Posted on Techdirt - 5 May 2016 @ 10:40am

FBI Harassing Core Tor Developer, Demanding She Meet With Them, But Refusing To Explain Why

from the not-cool-fbi dept

Isis Agora Lovecruft is a lead software developer for Tor and has worked on Tor for many years, as well as on a variety of other security and encryption products, including Open Whisper Systems and the LEAP Encryption Access Project. And, apparently, the FBI would really like to talk to her, but won't tell her (or her lawyer) exactly why. It's really worth reading her whole post, which starts with an FBI agent showing up at her parents home and leaving a card, and then later phoning her mother's cell phone while she was at work a few days later. Lovecruft had a lawyer reach out to the FBI agent in question, which resulted in an odd discussion:

Word got to my lawyer in the US, who decided to call FBI Special Agent Mark Burnett, on that Friday, saying that he represented me and my family. Burnett said the FBI simply wanted to ask me some questions. My lawyer responded by stating that, as my invoked representation, all questions should be directed to him rather than to me or my family. The agent agreed, paused while some muffled male voices were heard in the background, and asked to call back in five minutes.

Five minutes later, Burnett called back and said, “I don’t believe you actually represent her.” Burnett stated additionally that a phone call from me might suffice, but that the FBI preferred to meet with me in person. After a pause he said, “But… if we happen to run into her on the street, we’re gonna be asking her some questions without you present.”
Complicating matters was the fact that Lovecruft was deep into the process of moving permanently to Germany, and actually had just been visiting her family in the US. She worried about whether or not she'd even be able to leave, though eventually flew back to Europe without incident. She notes that once back in Germany, she was focused on getting all the documentation in order to get her official residence visa in Germany when the FBI again came looking for her:

The day before my appointment, I spoke with my lawyer. He had received another call, this time from a FBI Special Agent Kelvin Porter in Atlanta.

Lawyer: Hello?

Agent: Hello, this is Special Agent Kelvin Porter at the FBI field offices in Atlanta. I’m calling concerning your client.

Lawyer: Yes. Why are you trying to contact her?

Agent: Well… as before… we would strongly prefer to meet her in person. We have teams in Los Angeles, San Francisco, Chicago, New York, and Atlanta keeping an eye out for her.

Lawyer: Your colleague mentioned last time that you would accept a phone call?

Agent: We would strongly prefer to meet her in person. We… uh… have some documents we’d like her opinion on.

Lawyer: Umm…? What documents?

Agent: Anyway, if she’s available to meet with us, that would be great, thanks.

It didn’t exactly help with the stress of applying for a residence visa to know that there were teams in five cities across America keeping an eye out for me. However, I’m glad to say that, the next day, my residence visa was approved. Eight hours afterwards, my laywer received a voicemail saying:

Agent: Hello this is Special Agent Kelvin Porter, we spoke two days ago regarding your client. Umm… well… so the situation with the documents… it’s umm… it’s all fixed. I mean, we would of course still be happy to meet with your client if she’s willing, but the problem has… uh… yeah… been fixed. And uh… yeah. Just let us know if she wants to set up a meeting.

So, that seemed to settle things for the time being -- though still made her nervous. That last conversation happened in January. But it appears that last week, the FBI came knocking again, and apparently said they want to serve her with a subpoena.
The FBI has contacted my lawyer again. This time, they said, “She should meet with one of our agents in San Francisco to talk. Otherwise, are you the point of contact for serving a subpoena? She’s not the target of investigation, but, uh… we uh… need her to clear up her involvement or… uh… potential involvement in a matter.”
She's (reasonably) worried that whatever the FBI is planning to ask her about or serve her with comes with a gag order and she won't be able to speak about it. She also notes that she's got a personal warrant canary, which might be worth watching for obvious reasons.

But, honestly, the part that struck me as most interesting about all of this is the incredible amount of stress that this obviously caused for her. It doesn't matter if the FBI says she's "not a target," having the FBI come looking for you can really shake you up. Especially when they won't provide any details:
I didn’t talk to anyone who wasn’t already in regular contact with me, fearing I might endanger them — some thug might show up at their mom’s door or make some threats to their lawyers — and I didn’t want to risk harming people I care about. It hurt to not tell my friends what was happening. I felt gagged and frightened. I wanted to play chess in the park. I wanted to learn duets on the piano. I wanted to ride bicycles through the ancient groves in the park in the endless Californian sunshine. I wanted to bring homemade vegan gluten-free brownies and stickers from collectives in France to my friends at the EFF. To be selfish, I wanted to read the number theory papers I’d just downloaded and play with a new pairing-based cryptography library I’d just been given the source to, but I couldn’t do those things either, simply because I was too stressed out to think straight.

I got absolutely no work done.
That, right there, is a clear description of the chilling effects that this kind of thing can cause. And that's a shame. As she later notes, her paychecks for working on Tor come from the US government. She's not a spy or a criminal. She's working on software that makes everyone safer. And no matter what the reason for the FBI's interest, it's ridiculous that someone should have to go through this kind of process.

74 Comments | Leave a Comment..

Posted on Techdirt - 3 May 2016 @ 3:46pm

French National Assembly Votes (Sorta) To Finally Kill Its Three Strikes Hadopi Program

from the interesting-move dept

Remember Hadopi? Back when the legacy copyright players were totally focused on kicking individuals off the internet via a "three strikes" program, France and its former President Nicolas Sarkozy, married to a musician, was the first to embrace the idea of kicking casual file sharers off the internet (we'll leave aside the fact that Sarkozy was a mass infringer himslef). The program that was built up around the plan was eventually called Hadopi, and created a big bureaucracy to send out threat notices. The program turned out to be a complete disaster. It issued many notices, but really had to massage the numbers to make its activities look reasonable. Even when people did lose their internet access, there were problems. A detailed academic study of Hadopi found that it was a miserable failure that actually resulted in an increase in infringement.

When a new administration came into office, they made it clear that they were not impressed by Hadopi, and intended to cut its funding. And while there were efforts to kill it entirely, the government basically just gutted the system and let it live on as a shell of what it once was.

However, it looks like there's been a renewed effort to kill Hadopi completely, and it actually passed a vote in the National Assembly -- but with some caveats.

In a nearly empty chamber, the French National Assembly voted to end the Hadopi institution and law in 2022, Next Inpact reports. What’s noteworthy is that only 7 of the 577 Members of Parliament were present at the vote, and the amendment passed with four in favor and three against.

The decision goes against the will of the sitting Government, which failed to have enough members present at the vote. While it’s being seen as quite an embarrassment, the amendment still has to pass the senate, which seems unlikely without Government support.

In other words, Hadopi will likely still live on to see another day, despite its already diminished state. However, the folks who put together this bit of a publicity stunt say that they're calling attention to the fact that the government has called in the past for the end of Hadopi, and they're just trying to get the government to commit to something:
“Related Greens” MP Isabelle Attard says that it’s time to end the “schizophrenic” behavior of the Government on the matter. “A choice has to be made at some point. We can’t call out Hadopi as useless and, years later, still let it linger on,” she says.

While it’s doubtful that the amendment means the definite end of Hadopi, it certainly puts it back on the political agenda. Whether this will lead to actual change will become apparent in the future.
For all intents and purposes, Hadopi is a shell of what it once was. It's also a standing monument to the stupidity of three strikes/graduated response plans. The government should kill it off, but while it lives on, it's a demonstration of how demands by legacy copyright industries to push for ways to protect legacy business models can create truly wasteful government spending that serves no legitimate purpose.

11 Comments | Leave a Comment..

Posted on Techdirt - 3 May 2016 @ 2:03pm

Greenpeace Publishes Leaked TTIP Documents... Show How Backroom Deals Are Driven By Lobbyists

from the because-of-course-they-are dept

We've written plenty of stories about the TTIP (Transatlantic Trade & Investment Partnership) agreement being worked on between the US and the EU. Think of it as the companion to the TPP, which covers the US and a variety of countries around the Pacific ocean. Like the TPP, the US has demanded extreme levels of secrecy around the negotiations (in the past, the US negotiating body, the USTR, has admitted that the more the public is aware of the details, the less likely they are to support the agreement). And while there have been reports out of the EU arguing that negotiators there are more willing to be more open about the negotiations, so far, the US has not allowed it. This has resulted in some crazy situations including secretive "reading rooms" where politicians are carefully guarded if they look at the current drafts -- and where they're not allowed to bring any device or copy anything from the documents.

Now, Greenpeace has leaked a bunch of the TTIP documents... and also set up their own "reading room" which mocks the secrecy of the current reading rooms, by making it very, very transparent:

As for the contents revealed, it's pretty much what everyone suspected. Most of the focus, so far, is on details showing that the US has been pressuring the EU to loosen various consumer and environmental protections in the EU. While it hasn't received as much attention, the leak also does suggest problems for digital rights, mainly by giving telcos much more power. And while the "intellectual property" chapter does not appear to be included, one of the leaks is the "tactical state of play" document. This document isn't part of the negotiating text, but a general summary on where things are... and it's fairly revealing on a variety of topics, including intellectual property.

In the discussion on the intellectual property agreement, it notes that at the latest negotiation, the US refused to put forth "concrete proposals" on issues such as DRM, but the report notes that these are being pushed strongly by "rights holders." The EU, apparently, is nervous about what kind of language it will eventually see from the US. The US, in response, apparently told the EU negotiators that this would be a different kind of intellectual property chapter from the TPP:
A positive feature of the twelfth round of IP discussions was the US submission, for the first time, of some texts on relatively consensual areas (international treaties and general provisions). However, the US remains unwilling to table, at this stage, concrete proposals on more sensitive offensive interests that have been expressed by some of its right holders or that are explicitly referred to in its TPA (for instance on patents, on technical protection measures and digital rights management or on enforcement).

When confronted with the EU warning that bringing sensitive proposals that would require changes in EU law to the table – and doing it at a late stage of the negotiation – may have a negative impact on stakeholders and has very limited chances of being accepted, the US reiterated its understanding that the IPR chapter should not be a standard (TPP type) text, but also insisted that such a departure from its “model” creates some difficulties in terms of addressing the demands included in the IPR related sections of its TPA.
The report also notes that Congress' unwillingness to pass laws to stop patent trolls or in support of (awful) broadcast rights, public performance rights and resale rights, may be an issue, since all three are important to EU rightsholders. We've covered all three issues at various points in time, and all three involve basically expanding copyright law in dangerous ways that will further limit the public's rights. In this case, it looks like it's the EU that's pushing more strongly for them, which is too bad. The public performance rights have the most forward progress in the US right now, with the push to ratify the Beijing Treaty, but hopefully that's an area where legislative indifference kills a horrifically bad idea.

In short, it appears that there are a lot of competing interests on both sides of the Atlantic around the intellectual property chapter, but both sides appear to be focused almost entirely on the protectionist, anti-innovation, anti-public interests of specific rights holders and how to make them happy. There's basically no discussion of how all of this impacts the public.

That's not too surprising, but it also shows why they've worked so hard to keep these documents from being seen by the public. The TTIP agreement was already way behind the TPP agreement, and it's quite doubtful that a final agreement will be reached before the new US administration is in place, which could result in some pretty massive changes in terms of what the White House is demanding. But, as of right now, the agreement looks like yet another mess where lobbyists try to divvy up the spoils in taking things away from the public.

Read More | 21 Comments | Leave a Comment..

Posted on Techdirt - 3 May 2016 @ 11:42am

Judge Tells Twitter Revealing Classified Stats Isn't Protected By 1st Amendment... But Says Twitter Can Challenge Classification

from the inching-forward dept

Back in late 2014, we wrote about Twitter suing the US government over whether or not it was allowed to publish just how many National Security Letters and FISA Court orders it receives in its transparency report. This came after a bunch of other tech companies had settled a similar lawsuit with an agreement that they could reveal certain "bands" of numbers, rather than the specific number. It still boggles the mind that merely revealing the number of NSLs and/or FISC orders received would create any problem for national security, but the government seems hellbent on keeping that information secret. Probably because they don't want the public to understand how widely this system is used to obtain info.

We had mentioned this case just a few weeks ago, noting that a bunch of companies had filed an amicus brief pointing out that it's unclear if they can even admit that they've never received such a request (i.e., it's possible that warrant canaries are illegal).

Meanwhile, the DOJ has been trying to get the entire case thrown out because that's what the DOJ does. Judge Yvonne Gonzalez Rogers has now given a mixed ruling denying some of the DOJ's motion, but granting a key part concerning Twitter's First Amendment claim. The good news, though, is that the issue there is at least partially procedural, allowing Twitter to try again.

Twitter had argued, of course, that it has a First Amendment right to publish this information. But the government -- and the judge -- noted in response that you don't have a First Amendment right to publish classified information if you are a party that is "subject to secrecy obligations."

Under Executive Order 13526, information may be classified by the “original classification authority determines that the unauthorized disclosure of the information reasonably could be expected to result in damage to the national security, which includes defense against transnational terrorism, and the original classification authority is able to identify or describe the damage.”...

The First Amendment does not permit a person subject to secrecy obligations to disclose classified national security information.
That said, the court notes that this is partially a procedural issue, because Twitter can (and perhaps should) first challenge whether or not the classification on those aggregate statistics is appropriate:
The Court agrees with the Government that Twitter has not alleged that the information is not properly classified by the Government. Count I challenges the FISA non-disclosure provisions as being prior restraints of indefinite duration, but the claim does not take into account the fact that a classification decision is necessarily limited in duration by its nature, as the Government asserts. Along those same lines, Count II’s as-applied challenge contends that the FISA nondisclosure provisions are unconstitutional, but does not account for the fact that the Government has refused to permit disclosure of the aggregate numbers on the grounds that the information is classified pursuant to the Executive Order (not because of any FISA order or provision).

Again, Twitter has conceded that the aggregate data is classified. In the absence of a challenge to the decisions classifying that information, Twitter’s Constitutional challenges simply do not allege viable claims.
In short: try again, but this time challenge whether or not the aggregate data is properly classified.

On the two other issues in the case, the DOJ lost both. First, it argued that since it was the FISA Court, and not the DOJ, that classified the statistics, the challenge should be under FISA's jurisdiction and not the court that it's in. The court here, disagrees, and points out that Twitter is not challenging a specific FISA ruling, but rather the aggregate data.
The Government does not identify any order of the FISC addressing, as a general matter, publication of aggregate data about receipt of legal process, the crux of the matter before the Court here. Likewise, Twitter’s Amended Complaint does not challenge any prohibition on disclosure in any individual FISC order, FISA directive, or NSL. Rather, Twitter contends that the Government’s reliance on the FISA non-disclosure provisions as a basis for prohibiting disclosure of aggregate data about legal process directed to Twitter violates the First Amendment. Nothing in the Amended Complaint would require the Court to interpret, review, or grant relief from any particular FISC order or directive.
The other DOJ argument was that Twitter did not have standing regarding the Espionage Act. Twitter, in its lawsuit, was seeking declaratory judgment that it is not running afoul of the Espionage Act in publishing such data. It did this because the DOJ had warned Twitter that publishing such data might violate the Espionage Act. Seems fairly straightforward, right? But the DOJ told the court that Twitter's concerns are "merely speculative" and thus it had no standing on this issue. The court isn't buying it:
The Court finds that the allegations here—that Twitter presented the draft Transparency Report it planned to publish to the Government and that the Government informed Twitter that it could not publish the information because it is classified—are sufficient to show an “imminent” injury to establish Twitter’s standing here. The Government’s contention that the threat of prosecution is low because there are other avenues of recourse for Twitter to challenge individual nondisclosure orders simply does not address the issue here, reporting of aggregate data. The motion to dismiss the Espionage Act claim on these grounds is DENIED.
Of course, it's the First Amendment claims that are the main show here -- and without them, the rest of the case is pretty limited. It seems likely that Twitter will file an amended complaint now, arguing that the classification was improper, but then it just becomes a fight over classification, and the government is pretty good about screaming "national security!!!!" at the top of its lungs whenever people challenge classification decisions. The alternative, of course, is that Twitter could appeal the First Amendment decision and see if the appeals court thinks the judge here got that part wrong. Either way, I imagine we'll find out soon.

Read More | 26 Comments | Leave a Comment..

Posted on Techdirt - 3 May 2016 @ 8:32am

Zappa Threatens Zappa Over Zappa Plays Zappa

from the stupid-family-ip-disputes dept

Another week, another story about the abuse of intellectual property. This one, like many, involve the "estate" of a famous, but deceased, creator. In this case, it's the estate of Frank Zappa, which apparently is managed by two of his four children: Ahmet and Diva. The other two children are beneficiaries of the estate, but not trustees. The issue here is that one of the other siblings, Dweezil Zappa, wanted to go out on tour under the name "Zappa Plays Zappa" in which he plays songs by Frank Zappa. Sounds reasonable... and, in fact, he's been playing under that moniker for a while. Except, this time, Ahmet has said that it's not allowed and forced Dweezil to change the name to "Dweezil Zappa Plays Frank Zappa" which is not nearly as catchy.

The intellectual property claims made by Ahmet and the Zappa Family Trust are mostly not based in any actual US law. Here's the way the NY Times describes it:

This month, the Zappa Family Trust, which owns the rights to Mr. Zappa’s music, informed Dweezil that he did not have permission to tour as Zappa Plays Zappa — the name is a trademark owned by the trust — and that he risked copyright infringement damages of $150,000 each time he played a song without proper permission.
The trademark claim makes at least some sense. The estate does, in fact, hold a trademark (78938430) on "Zappa Plays Zappa," which was registered back in 2007 and covers live music concerts. Late last year, however, it appears that Ahmet and the Zappa Family Trust filed for two more trademarks on the phrase: one to cover various apparel and one for musical recordings. It appears this may be the root of the issue here. However, Dweezil claims that he's already licensed the Zappa Plays Zappa brand for his concerts from his now deceased mother, claiming he paid her "an exorbitant fee."

Apparently, some of the complaints here stem from disagreements over payments from merchandise sales on this tour and who gets the money.

But the really nutty part of all this is the copyright part. The claim that he risked $150k each time he played a song is just nuts. First of all, even if it was infringing (and it's not, as we'll explain in a minute), the law actually provides only a maximum of $150k "per work infringed" not "per act of infringement." It's a fine line distinction, obviously, but it's worth noting. But, either way, it's dumb because Dweezil isn't infringing.

As we've discussed probably hundreds of times here at Techdirt, anyone can cover another artist's song. If you're doing a recording, you just need to pay compulsory mechanical licenses, but if you're just performing it live, it's covered via the venue's blanket performance licenses with ASCAP or BMI (with Frank Zappa, it's ASCAP). Except... the Zappa family wants the world to believe that the law there does not apply to them. Rather, they're playing fast and loose with some tricky definitions. Section 115 of the Copyright Act is about how the compulsory licensing works, and it has an adjective that the Zappas are trying to turn into a loophole:
In the case of nondramatic musical works, the exclusive rights provided by clauses (1) and (3) of section 106, to make and to distribute phonorecords of such works, are subject to compulsory licensing under the conditions specified by this section.
"Nondramatic." Historically, this has been interpreted by many in the copyright space (perhaps reasonably) to say that compulsory licensing a la ASCAP or BMI can't be used for putting on a musical. Instead, for a musical, you do need to negotiate directly with the composers/publishing rights holders. A somewhat murky area of copyright law has grown up around this which is sometimes referred to as "grand rights," despite no such phrase appearing anywhere in the actual law, and that has resulted in some amount of confusion. If you really want a deep dive on grand rights, this article is a pretty good start.

But, again, grand rights (whatever they may actually be) only apply to "dramatic performances," which generally means plays and musicals. That's got absolutely nothing whatsoever to do with Dweezil Zappa going on tour as (basically) a cover band of his father's work. But don't tell that to Ahmet Zappa:
But the most contentious part of the dispute is over the minutiae of music licensing, an area in which the Zappa estate has long taken controversial stances. The family trust argues that for a show consisting largely of Frank Zappa’s music, performers cannot rely on the standard performing-rights licenses that music venues typically get from agencies like Ascap or BMI, but instead need special permission from the estate for “grand rights,” a term that usually applies to theatrical presentations.

Gail Zappa and Ascap pursued a number of bands under this theory, with mixed success. Project/Object, a well-known Zappa tribute group, had some of its shows canceled by clubs that had received legal letters, but Andre Cholmondeley, a member of the band, said that the group was advised by a lawyer that it did not need a special license, and so has never gotten one. “We simply adhered to U.S.A. law,” Mr. Cholmondeley said in an email.
The NY Times article, thankfully, quotes a copyright lawyer, Conrad Rippy, who explains why grand rights don't apply here at all:
“Is it performed in a place where you generally would perform a theatrical work? Are people wearing costumes? Does it advance a narrative story line?” Mr. Rippy said. “The closer you get to answer those questions ‘Yes,’ the more it looks like that’s a grand right. A tribute band playing a Frank Zappa song in a club meets none of those tests.”
So, yeah, the whole "grand rights" claim is ridiculous -- and as with so many intellectual property disputes involving the heirs of famous artists/creators, this seems to be yet another case where it's just family members squabbling over how to divvy up the spoils, and using obscure intellectual property laws to try to advantage themselves over others. And, in the end, all it really seems to do is tarnish the legacy of those creators.

39 Comments | Leave a Comment..

Posted on Techdirt - 2 May 2016 @ 11:40am

Once Again All Of Whatsapp Is Being Blocked In Brazil Because A Judge Is Upset It Won't Turn Over Data

from the whats-up-brazil? dept

Brazilian judges are apparently not very big fans of the popular messaging app Whatsapp, which is owned by Facebook (but run independently). Judge Marcel Montalvao has ordered the app blocked entirely across Brazil, because Whatsapp has refused to provide data (which it likely does not have) to help out with a drug investigation. Any phone companies that don't block Whatsapp will be fined about $143,000 per day.

If this sounds familiar, it's because we went through this back in December in another case with another judge. And, of course, in March a Facebook (not Whatsapp) exec was arrested over a similar issue in a different case. When Whatsapp again refused to turn over information, because it could not, the judge had the exec arrested (another judge freed the exec pretty quickly).

Once again, Whatsapp points out that it's cooperated as much as possible:

“After cooperating to the full extent of our ability with the local courts, we are disappointed a judge in Sergipe decided yet again to order the block of WhatsApp in Brazil,” WhatsApp said in a statement. “This decision punishes more than 100 million Brazilians who rely on our service to communicate, run their businesses, and more, in order to force us to turn over information we repeatedly said we don’t have.”
The order is shutting down Whatsapp for 72 hours, but considering just how widely the app is used there (it is basically the way many Brazilians communicate) the impact is pretty massive. As Glenn Greenwald and Andrew Fishman over at the Intercept note, this is a ridiculous move that harms many people, but is also a sign of what's to come as governments continue to freak out over encrypted communications:
It is stunning to watch a single judge instantly shut down a primary means of online communication for the world’s fifth-largest country. The two Brazilian communication experts in the NYT wrote of the first WhatsApp shutdown: “the judge’s action was reckless and represents a potentially longer-term threat to the freedoms of Brazilians.” But there is no question that is just a sign of what is to come for countries far from Brazil: there will undoubtedly be similar battles in numerous countries around the world over what rights companies have to offer privacy protections to their users.

24 Comments | Leave a Comment..

Posted on Techdirt - 2 May 2016 @ 10:38am

Australian Gov't Commission Also Wants To Fix Patent Laws Down Under

from the another-wow dept

So we already wrote about the Australian government's Productivity Commission's Draft Report on Intellectual Property Arrangements, talking about what was said about copyright law, but the report also goes into other areas of intellectual property as well, with some pretty good ideas on patent law as well (on this one I think they could go even further, but most of the recommendations in the report are a good start).

Once again, they offer up a nice infographic demonstrating the key points, which focuses on the serious problems of allowing patents on obvious ideas:

The Productivity Commission clearly recognizes that too many patents stifle innovation. In fact, they note that the only time patents really should be issued are in cases where those inventions would not occur without that incentive. And thus, since so much public policy around innovation always seems to focus on figuring out ways to increase patent numbers, the authors of the report recognize that patent policy is probably harming, not helping innovation:
Indeed, it appears to have become accepted wisdom that because patenting plays some role in promoting innovation, more and stronger patents are always better. But research reveals that greater patenting activity is not always associated with more innovation and that a non-trivial number of patented inventions have low social value, or would have occurred anyway.

Low-value patents impede innovation by frustrating the efforts of follow-on innovators and researchers. In some cases, low-value patents can be used as a strategic tool for stalling or excluding market entry, and can contribute to ‘patent thickets’, which potential market entrants must ‘hack’ their way through in order to compete in a particular technology space.
And thus, they suggest that Australia's entire patent system should be rethought and refocused towards trying to encourage things that are socially beneficial. That is, the system should be set up not with the inventors as the sole focus, but rather what will lead to the greatest possible public benefit. And the failure to do so is creating "substantial costs" on the public.
While the incidence of some low–value patents does not come as a surprise, a multitude of such patents imposes substantial costs on the community. Low-value patents impede innovation by frustrating the efforts of follow–on innovators and researchers.
To fix this, they have a few suggestions -- all of which seem worthwhile. First, they say the bar is way too low for granting patents, so Australia should raise the bar for what's considered "inventive." They suggest the standard should be changed to if the invention or solution "would have been obvious for a person skilled in the art to try with a reasonable expectation of success." They even consider going beyond that, but recognize that some patent holders outside of Australia may freak out at such a suggestion and avoid the Australian market.

The second suggestion is giving an "overarching objective" to patent law, which examiners can use as a sort of guiding light or touchstone. Basically, allow Australia to reject patents by arguing that granting such patents would go against the public interest.
The objects clause should describe the purposes of the legislation as being to enhance the wellbeing of Australians by providing patent protection to socially valuable innovations that would not have otherwise occurred and by promoting the dissemination of technology. In doing so, the patent system should balance the interests of patent applicants and patent owners, the users of technology — including follow–on innovators and researchers — and Australian society as a whole.

The Australian Government should amend the Patents Act such that, when making a decision in relation to a patent application or an existing patent, the Commissioner of Patents and the Courts must have regard to the objects of the Patents Act.
That would be a big and wonderful change to the patent system.

Next up, they suggest increasing the fees associated with patents (both for applying and for renewals -- which would escalate), which acts as a mechanism to better ensure that a patent is valuable (i.e., making it less worthwhile if the patent holder isn't actually going to do something with it). It also encourages patent holders to stop renewing the patent and push the info into the public domain sooner if the patent itself is no longer making an economic return.

The report doesn't spend much time on patent trolls, noting that they're not a big problem down under, and suggests that the existing "loser pays" litigation structure probably helps keep patent trolling at a lower level there. At the very least, that seems like an important data point for folks here in the US looking to add a "loser pays" provision in patent reform.

How about business method and software (BM&S) patents -- which make up many of the most abused patents in the US? The Commission is not impressed by the arguments in favor of such patents and suggests making those things unpatentable. They point out that there's little evidence that such patents encourage innovation, and that most innovation associated with them almost certainly would have happened without the patents, because the focus was on building products (and that there would be first mover advantages for those who got there first, so the copycat issue isn't that big a deal). Furthermore, they point out that BM&S patents can often hold back important follow-on innovations. Quoting Nobel prize winning economist Eric Maskin, the report notes:
Specifically, in the software industry, progress is highly sequential: progress is typically made through a large number of small steps, each building on the previous ones. If one of those steps is patentable, then the patent holder can effectively block (or at least slow down) subsequent progress by setting high license fees. … Thus, in an industry with highly sequential innovation, it may be better for society to scrap patents altogether than try to tighten them.
And they conclude:
On balance, the Commission considers it unlikely that granting patents in the area of BM&S increases the welfare of the community. BM&S patents likely compensate activity that would have occurred in any event (are nonadditional) and reward low– (or even no–) value innovations. BM&S patents can also frustrate would–be competitors and follow–on innovators. While broader changes to patents, particularly around the inventive step and dispensing with innovation patents (chapters 6 and 7), may ‘knock out’ a large share of BM&S patents, the Commission still considers that there is value in making clear that BM&S should not be considered patentable subject matter.
There's a separate section on pharmaceutical patents, recognizing that the market factors there are somewhat different. Obviously, the pharma industry relies more heavily on patents. But they also note that Australia has a public policy need to "improve the health of all Australians." They suggest that the government shouldn't be as willing to hand over "extensions of terms" on phama patents, and should only do so in specific cases.

On the related question around data protection and biologics (a key sticking point in the TPP negotiations), the report finds that the policy should be designed to encourage much more openness and information sharing, rather than locking up information and biologics for too long.
There should be no extension of the period of data protection, including that applicable to biologics.

Further, in the context of international negotiations, the Australian Government should work with other nations towards a system of eventual publication of clinical trial data in exchange for statutory data protection.
These all seem like decent suggestions, though I still think they could go further. For years I've pushed for an independent inventor defense and for independent invention being a sign of obviousness (such that it might invalidate a related patent from someone else). That concept doesn't seem to make it into the report.

Still, as with copyright, the report's authors do seem to understand the key problems of the patent system in working against innovation.

And, once again, this is fairly amazing. The stunning thing about this report is that it pushes back on a lot of the accepted -- but bogus -- wisdom around copyright and patents that just gets repeated without question in most government reports. Kudos to the authors of the report.

Read More | 26 Comments | Leave a Comment..

Posted on Techdirt - 2 May 2016 @ 9:26am

Australian Gov't Commission: Copyright Is Copywrong; Hurting The Public And Needs To Be Fixed

from the wow dept

Three years ago, down in Australia, the Australian Law Reform Commission started examining various copyright reform proposals, and eventually made a rather mild suggestion: bring fair use to Australia. Frankly, we felt that the Commission could have gone much further, but it basically said to copy the American approach to fair use. Not surprisingly, Hollywood flipped out, claiming that it would "lead to an increase in piracy." And, soon after that, the new government, led by Attorney General George Brandis flat out ignored the report and pushed for expanding copyright against the public interest, and very much towards exactly what Hollywood wanted. This wasn't all that surprising, given that it was revealed that Hollywood representatives spent a lot of time with Brandis, while he deliberately avoided meeting with representatives of the public.

But, in a bit of a surprise, last week, a different Australian government commission, the Productivity Commission, released one of the most amazing reports on copyright that you'll see out of a government body. The Productivity Commission is a government agency designed to give independent advice to the government -- and had been tasked with exploring how well Australia's intellectual property laws were working.

In short, the answer provided by the commission is: not well.

Just take a look at the infographic the Commission pushed out along with the report, which is titled "Copy(not)right."

The whole section on the problems of copyright as currently in place in Australia is worth reading. They don't pull many punches:
Australia’s copyright arrangements are weighed too heavily in favour of copyright owners, to the detriment of the long-term interests of both consumers and intermediate users. Unlike other IP rights, copyright makes no attempt to target those works where ‘free riding’ by users would undermine the incentives to create. Instead, copyright is overly broad; provides the same levels of protection to commercial and non-commercial works; and protects works with very low levels of creative input, works that are no longer being supplied to the market, and works where ownership can no longer be identified.
Like the report from three years ago, this report strongly supports fair use (citing that report in part), and their proposal in that area is really strong too. For years now, here at Techdirt, we've argued against calling fair use a "limitation and exception" to copyright, because that's misleading. Fair use is about the public's rights. And it appears that the Commission agrees, titling its section on fair use: "A new system of user rights."

In that section, the Commission notes that fair use is important in making sure that copyright law only is used to "target those works where 'free riding' by users would undermine the economic incentives to create and disseminate works." This should make intuitive sense to basically everyone. Copyright is much more defensible if it's only used in cases where infringement is undermining the incentives to create. But where that's not happening, then claiming infringement seems inappropriate.

The report then supports the basic four-factor test as used in the US. It also points out that the main complaint against this approach by legacy copyright industry players -- that because there's no case law, it would lead to a big litigation mess -- was unfounded and suggests a workaround to make the transition easier:
In the Commission’s view, legal uncertainty is not a compelling reason to eschew a fair use exception in Australia, nor is legal certainty desirable in and of itself. Courts interpret the application of legislative principles to new cases all the time, updating case law when the circumstances warrant doing so.

To reduce uncertainty, the Commission is recommending Australia’s fair use exception contain a non-exhaustive list of illustrative uses, which provides strong guidance to rights holders and users. Existing Australian and foreign case law, particularly from the United States where fair use has operated for some time, will provide further guidance on what constitutes fair use.
Later in the more detailed part of the report, the Commission is even more direct in refuting (in great detail) each and every objection by the legacy copyright industries. In fact, they have a whole callout box that picks apart the ridiculous claims by various legacy copyright players on the "costs" of fair use:
It also notes that the fair use recommendation from three years ago should be the starting point for reform, representing the "minimum level of change" and suggesting Australia go much further, specifically in exempting orphan works and "out-of-commerce" works.

Yes, you read that right, the Commission is suggesting a "use it or lose it" feature for copyright:
The lack of any requirement for rights holders to actively supply the Australian market reduces the efficiency of Australia’s copyright regime. Demand for works that have been created, but are not being supplied, reduces consumer welfare and the profits of intermediaries and original rights holders. Where a rights holder has made a choice not to supply their works to the market (or refuses to supply a market), granting consumers access to that work, such as through a fair use exception, improves consumer wellbeing without reducing incentives to create copyright works. By definition, if a work is not being supplied to the market, concerns about copying and ‘free riding’ are moot.
While this will undoubtedly be shocking to many in the copyright space -- the report points out that such features are common in other areas of intellectual property law.

From there, the report points out how ridiculous geoblocking is, and says that getting around those blocks should not be seen as infringement:
The use of geoblocking technology is pervasive, and frequently results in Australian consumers being offered a lower level of digital service (such as a more limited music or TV streaming catalogue) at a higher price than in overseas markets. Studies show Australian consumers systematically pay higher prices for professional software, music, games and e-books than consumers in comparable overseas markets. While some digital savvy consumers are able to avoid these costs (such as through the use of proxy servers and virtual private networks), many are relegated to paying inflated prices for lower standard services.

The Australian Government should make clear that it is not an infringement of Australia’s copyright system for consumers to circumvent geoblocking technology and should seek to avoid international obligations that would preclude such practices.
Also, not surprisingly, the report finds that copyright terms are ridiculously long and that harms the public massively:
The evidence (and indeed logic) suggests that the duration of copyright protection is far more than is needed. Few, if any, creators are motivated by the promise of financial returns long after death, particularly when the commercial life of most works is less than 5 years.

Overly long copyright terms impose costs on the community. Empirical work focussing on Australia’s extension of copyright protection from life plus 50 years to life plus 70 years (a requirement introduced as part of the Australia–United States Free Trade Agreement) estimated that an additional 20 years protection would result in net transfers from Australian consumers to foreign rights holders of around $88 million per year. But these are likely to be a fraction of the full costs of excessive copyright protection. The retrospective application of term extension exacerbates the cost to the community, providing windfall gains to copyright holders with no corresponding benefit.
The report even suggests that a copyright term of maybe 25 years seems a lot more appropriate, based on actual empirical studies (what a concept: not basic copyright policy entirely on faith).

The report also states what many of us have argued for years, but which seems like something that rarely comes up in "respectable" conversations around copyright: if the copyright is being used outside the "incentive to create," then it makes no sense:
Unlike other IP rights, copyright makes no attempt to target those works where ‘free riding’ by users would undermine the incentives to create. Instead, copyright is expansive and ‘all encompassing’, providing the same levels of protection to commercial and non-commercial works, to works with essentially no degree of creativity, to works that are no longer being supplied to the market, and to works where ownership can no longer be identified. This leads to copyright covering works that require no incentive for creation, and works that have exhausted their commercial life and are no longer available. Beneficial uses of such material are unrealised. Accordingly, the current Copyright Act is weighted too heavily in favour of copyright owners, to the detriment of the long-term interests of users.
Finally, the report notes that international trade agreements are doing a terrible job constraining Australia and blocking its ability to fix the many problems of copyright and to implement the sensible recommendations in the document. This is quite telling, since Australia was actually one of the voices in the TPP negotiations pushing for expanded copyright. This report is basically slapping those negotiators and pointing out that what they're doing runs directly counter to the public interest. After pointing out the state of these agreements, the report notes:
a consequence of embodying so much of our IP provisions in international agreements is that Australia is significantly constrained in reforming its IP arrangements
The report also notes that greater enforcement against individuals for file sharing or intermediaries for providing tools has "only had a modest impact," and that the real way to decrease piracy is not to ratchet up the law, but to make more legal content available:
Changes to the law to encourage Internet service providers to cooperate with rights holders, as well as litigation, have only had a modest impact in reducing infringement. Further legislative change is unlikely to improve compliance with the law.

Instead, evidence suggests infringement declines with better content availability and most consumers prefer paid, legal consumption. As such, an effective approach to reducing infringement is the timely release of content to Australian consumers. This requires action by rights holders and their intermediaries.
Honestly, this is the most thorough and amazing document on copyright I've ever seen come out of a government body (we'll address its coverage of patents in another post...). It's level headed and reasonable and actually hits on most of the key "big issues." I'm guessing that it's so right on and so detailed... that it will be (1) attacked viciously by legacy players and (2) ignored by lawmakers when it comes time to actually reform the system. Oh, and while the report is technically under copyright (Australia has crown copyright, which allows government works to be under copyright), the authors wisely have slapped a CC-BY license on it, meaning that we can share it here as well.

Read More | 42 Comments | Leave a Comment..

Posted on Techdirt - 29 April 2016 @ 11:43am

EU Regulators Can Barely Contain Their Desire To Attack Google And Facebook, Believing It Will Help Local Competitors

from the not-how-it-works dept

Look, we warned everyone. Back in December of last year, we told you that the EU Commission was looking to put in place new regulations that were clearly designed to hamper Google and Facebook with needless regulations. It was pretty obvious from the way it phrased its broken survey form, that this was the intent. We, along with a bunch of internet startups told the EU that this was a mistake. We explained that Google and Facebook are big and they'll be able to handle whatever regulations the EU throws at them, because they can just throw money at the problem.

But... everyone else? They're going to get screwed over. The folks over at Euractiv have got their hands on a leaked draft of the plan to regulate online platforms, and it's more or less what we expected, and what was hinted at a few weeks ago.

The EU Commission is trying to pretend it's not going to do what it's obviously going to do. On the one hand, it talks about not creating a one-size-fits-all solution. In the conclusion, it states:

Overall, at this stage, there is no compelling case for general ex-ante regulation of online platforms across the board.
However, elsewhere throughout the document, you can see that the EU is chomping at the bit to put some shackles on Google and Facebook and basically any American company, in the belief that it will magically open things up for EU competitors to take over the market. The document whines about the lack of EU companies:
However so far Europe is not driving the online platform revolution: at present the EU represents only 4% of the total market capitalization of the largest online platforms, with the vast majority of platform enterprises originating in the US and Asia. As online platforms increasingly capture new digital value chains, this particularly limits the competitiveness and growth of the EU. Given the growing importance of online platforms in the economy and the disruptive role they play in business, including acting as gateways to customers, the EU must ensure favourable conditions for the creation and growth of online platforms.
It really takes a bureaucrat's mind to look at the market and say that the problem here has to be not enough regulation on internet platforms, and not recognize that the overall conditions in the EU are not conducive to the kinds of internet innovations that create successful internet companies. Hell, one of the few truly successful European platforms, Spotify, is threatening to move the company headquarters from Sweden to New York, because the regulatory environment is so hostile. And yet, rather than setting things up to encourage more innovation, the focus is constantly on how can regulations be put onto the big companies to keep them hindered in the EU market.

Yes, there is some talk of things, but it's the usual misguided bureucrat's idea of how to encourage innovation: (1) throw money at it and (2) beef up intellectual property protections. On the first one, they talk about increasing funding for innovation. That's not a bad thing, per se, but it almost never works when the government is the one behind such a project. Governments rarely know how to truly invest for innovation. On the second one, it's no surprise that the legacy copyright industries are using this effort as yet another vector to attack internet players, and the EU Commission has bought it hook, line and sinker. It calls for "sectorial legislation" for "ensuring a fair allocation of revenues for the use of copyright-protected content." We keep hearing this line over and over again about "fair allocation." How does that work exactly? Will it mean that record labels no longer are allowed to take musicians' copyrights, and then charge them expenses against their advance so that they never make another dime beyond the advance (which they'll have to use to record)? Seems unlikely.

In fact, nearly all of the report uses bureaucratic speak for "we just need to stop these successful companies, and our own companies will grow." That's not how it works. You get a lot of "level playing field" claims throughout:
Online platforms have disrupted traditional business models and are increasingly regarded by users as equivalent or as substitutes of traditional services in various sectors. Current examples range from the media and entertainment sectors to the retail and communications sectors. As a general regulatory principle, the same activities must be subject to the same rules in the Digital Single Market. This principle is usually referred to as a "level playing field."
Yes, but too often the "leveling" of the playing field seems to be to push it back towards the way legacy businesses ran. The reason startups are disruptive is because they're innovative in ways that tilt the playing field towards them. Having government put its thumb back on the other end of the field doesn't help innovation. It doesn't help the public. It just helps legacy businesses remain static and feel less of a need to innovate themselves.

And yes, the report makes a brief nod to that potentially, noting:
Competition from online platforms can provide incentives for traditional market players to innovate and improve their performance, as well as point to a need to simplify and modernise existing regulation. This modernisation should seek to avoid imposing a disproportionate burden on online platforms business models. At the same time, in areas where competitive pressures have been increased, deregulation of traditional sectors may offer the most beneficial response to achieve a level playing field.
But none of the rest of the report seems to follow up on that. Instead it's just more ways to push the innovation back down.

The report also says "we know our intermediary liability protections are important, so we'll keep them... but... we really won't."
The public consultation showed strong support for the existing principles of the e-Commerce Directive, but also for the need to clarify certain concepts, including the scope of the safe harbour for intermediary liability, including for online platforms. Given this background, the Commission intends to preserve the existing liability regime.

However, with the rise of online platforms monetising users' content and data, and with the need for online platforms to contribute to making the Internet a safer place, the EU needs to further define its approach to their broader responsibility. As they occupy a special role in the economy and society with unmatched influence, online platforms should behave responsibly and have frameworks in place to take reasonable and effective action to protect their users from illegal and harmful activities.
Got that? The second paragraph totally undermines the first.

Basically it appears that, as we suspected from the way the report was set up, the plan here is to put some sort of "duty of care" or some such on internet platforms. This will mean that Google and Facebook will be fine -- they can staff up giant warehouses of people reviewing content. But it will become extremely expensive and risky for anyone else to enter the space, since they won't have the resources to satisfy the EU's regulators.

Read More | 19 Comments | Leave a Comment..

Posted on Techdirt - 29 April 2016 @ 10:38am

Senators Burr & Feinstein Write Ridiculous Ignorant Op-Ed To Go With Their Ridiculous Ignorant Bill

from the learn-something-people dept

Senators Richard Burr and Dianne Feinstein are not giving up that quickly on their ridiculous and technically ignorant plan to outlaw real encryption. The two have now penned an op-ed in the WSJ that lays out all the same talking points they've laid out before, without adding anything new. Instead, it just continues to make statements that show how incredibly ignorant they are. The piece is called Encryption Without Tears (and may be paywalled, though by now everyone knows how to get around that), which already doesn't make any sense. What they're pushing for is ending basic encryption, which will lead to many, many tears.

It starts out with their standard ridiculous line, pretending that because a company builds end-to-end encryption, it's acting "above the law."

In an increasingly digital world, strong encryption of devices is needed to prevent criminal misuse of data. But technological innovation must not mean placing individuals or companies above the law.
People have gone over this time and time again: this is not about anyone being "above the law." It's about whether or not companies can be forced to directly undermine the safety and security of their products (and the public). A paper shredder can destroy evidence. A paper shredder maker is not "above the law" when it decides not to build a system for piecing back together the shreds.

And speaking of "above the law" I still don't see Feinstein or Burr commenting on the FBI/DOJ announcing that it will ignore a court order to reveal how it hacked into computers over Tor. That is being above the law. That involves a situation where a court has asked for information that the FBI absolutely has. The FBI is just saying "nope." If Burr and Feinstein are really worried about being "above the law," shouldn't they worry about this situation?
Over the past year the two of us have explored the challenges associated with criminal and terrorist use of encrypted communications. Two examples illustrate why the status quo is unacceptable.
I love this. They give two examples that have been rolled out a bunch in the last few weeks. The attack in Garland, Texas, where the attackers supposedly exchanged some messages with potential ISIS people, and the case of Brittney Mills, who was tragically murdered, and whose case hasn't been solved. Mills had her smartphone, but no one can get into it. Of course, it took nearly two years of fretting before law enforcement could dig up these two cases, and neither make a very strong argument for why we need to undermine all encryption.

It's a simple fact that law enforcement never gets to have all of the evidence. In many, many, many criminal scenarios, that's just the reality. People destroy evidence, or law enforcement doesn't find it or law enforcement just doesn't understand it. That's not the end of the world. This is why we have police detectives, who are supposed to piece together whatever evidence they do have and build a picture for a case. Burr and Feinstein are acting like in the past, law enforcement immediately was handed all evidence. That's never been the way it works. Yes, law enforcement doesn't get access to some information. That's how it works.

You don't go and undermine the very basis of computer security just because law enforcement can't find a few pieces of evidence.
Our draft bill wouldn’t impose a one-size-fits-all solution on all covered entities, which include device manufacturers, software developers and electronic-communications services. The proposal doesn’t define the technological solutions or tell businesses how to solve the problem.
This is also misleading. The bill requires an end to real encryption. That's it. Real encryption means that only one person has the key. This is what Burr and Feinstein don't seem to get. They seem to think it's trivial to leave a key with Apple or whoever. But as basically every crypto expert has explained, it is not. Doing so creates a vulnerability... and worse, it's a vulnerability that cannot be patched. That's hellishly dangerous. Sure, the bill doesn't tell them exactly how to do this, but it does make it clear: you cannot offer real encryption, you can only offer something that can be hacked. That's a problem.
We want to provide businesses with full discretion to decide how best to design and build systems that maintain data security while at the same time complying with court orders.
We want to provide businesses with full discretion to decide how best to travel back in time, in order to prevent crimes.

Seriously: this is basically the same thing that Burr and Feinstein are saying here. They're asking for something that's impossible, and acting like it's a routine suggestion. If they need to comply with these All Writs Act style orders, they cannot build systems that maintain data security. That's a fact. It's mind-boggling that Burr and Feinstein still can't understand this.
Critics in the industry suggest that providing access to encrypted data will weaken their systems. But these same companies, for business purposes, already maintain and have access to vast amounts of encrypted personal information, such as credit-card numbers, bank-account information and purchase histories.
Argh. This paragraph shows that whatever poor staffer Burr and Feinstein assigned to write this drivel doesn't understand even the first thing about what he or she is talking about. Storing encrypted passwords, credit card info, bank account info, etc. is a totally different thing. Those are encrypted to keep them safe, and part of the reason they're encrypted is so that even those companies cannot reveal them. This point is making the opposite point of what Burr and Feinstein think. Companies encrypt passwords and credit card info and the like so that they're not storing the plaintext info, and there's no easy way for anyone to get that info. This protects user data, and the companies cannot actually provide the plaintext. They're comparing hashes. That's what keeps it safe.

If we received a court order demanding our users' passwords, we couldn't provide them. Because they're encrypted. We don't know our users' passwords and can't give them to you. When someone logs in to our website, we can compare a hash of their password to our hashed version and then if they match, we let them in. But we don't know what their password is. So this is a terrible example that actually goes against what Burr and Feinstein are saying. Those encrypted stores of information would be illegal under this bill!
We are not asking companies to provide law enforcement with unfettered access to encrypted data. We aren’t even asking companies to tell the government how they gain access to this encrypted data. All we are doing is asking companies to find a way to keep their data secure while also cooperating with law enforcement in terrorism and criminal investigations.
Again, that last line is impossible. They're asking the impossible -- and in the process, making everyone less safe. The only way to provide such info to law enforcement is to no longer keep the data truly secure. And the big concern is not unfettered access for law enforcement, but rather whatever this backdoor means for those with malicious intent, who will be very, very, very focused on finding these vulnerabilities and exploiting them.
President Obama said earlier this year, “You cannot take an absolutist view on this.” We agree—and believe that strong data security and compliance with the justice system don’t have to be mutually exclusive.
Because you don't know what you're talking about.
American technology companies have done some amazing things that are the envy of the world. We think that finding a way to achieve both goals simultaneously is not beyond their capabilities.
So, in the end, despite basically every cryptography expert telling them this is impossible, Burr and Feinstein come back with "NERD HARDER, NERDS!"

64 Comments | Leave a Comment..

Posted on Techdirt - 29 April 2016 @ 9:29am

FBI Spent $1.3 Million To Not Even Learn The Details Of The iPhone Hack... So Now It Says It Can't Tell Apple

from the wtf dept

Once the DOJ told the court in San Bernardino that it had succeeded in hacking into the iPhone of Syed Farook, the big question people asked is whether or not the FBI would then tell Apple about the vulnerability. After all, the administration set up the so-called "Vulnerabilities Equities Policy" (VEP) with the idea of sharing most vulnerabilities it discovers with companies. The White House directly stated:

One thing is clear: This administration takes seriously its commitment to an open and interoperable, secure and reliable Internet, and in the majority of cases, responsibly disclosing a newly discovered vulnerability is clearly in the national interest. This has been and continues to be the case.

This spring, we re-invigorated our efforts to implement existing policy with respect to disclosing vulnerabilities – so that everyone can have confidence in the integrity of the process we use to make these decisions. We rely on the Internet and connected systems for much of our daily lives. Our economy would not function without them. Our ability to project power abroad would be crippled if we could not depend on them. For these reasons, disclosing vulnerabilities usually makes sense. We need these systems to be secure as much as, if not more so, than everyone else.
Of course, there's a big "but" there -- and it's that there's an "exception" for law enforcement. Last fall, after (yet another) big legal fight, the good folks over at the EFF finally got access to the VEP details and you can now read a (heavily redacted) version.

Still, one could make a strong case that this vulnerability should be disclosed... even if almost no one expected it to be. Amusingly, just a few days ago, Apple revealed that the FBI used the VEP to disclose a vulnerability for the very first time, on April 14th, just as everyone was arguing about this. Of course, the flaw it revealed was not about hacking into the iPhone, and was actually about a flaw that Apple had discovered and fixed... nine months ago. But, again, if this is the very first time the FBI has disclosed something to Apple, it certainly suggests that the VEP process generally means nothing gets disclosed. In fact, the timing of this really suggests that someone in the DOJ recently flipped out and realized that there's now going to be scrutiny on the VEP, so they might as well disclose something. Thus, they found an old bug that had already been patched and "revealed" it.

Either way, things got stranger a couple of days later, when the FBI -- which had already admitted to paying over $1 million to access Farook's iPhone, said that, for all that money, the people it hired never explained the vulnerability. They just opened the phone. Really.
“The F.B.I. purchased the method from an outside party so that we could unlock the San Bernardino device,” Amy S. Hess, executive assistant director for science and technology, said in a statement.

“We did not, however, purchase the rights to technical details about how the method functions, or the nature and extent of any vulnerability upon which the method may rely in order to operate. As a result, currently we do not have enough technical information about any vulnerability that would permit any meaningful review” by the White House examiners, she said.
Now, some are arguing that this suggests absolutely terrible bargaining on the side of the DOJ/FBI. But, another interpretation is that it's how the DOJ knew that it wouldn't have to reveal the flaw to Apple. Of course, this might also explain why the DOJ at one point appeared to claim that the hack in question only worked for Farook's phone. They later claimed that was a misstatement, and it really meant that it only applied to that iPhone configuration. But, if the FBI never actually got the details, then in some sense they'd be right that for the FBI the crack only worked for that one phone. And if they wanted to do it on another phone, they'd have to shell out another ~$1 million or so...

32 Comments | Leave a Comment..

Posted on Techdirt - 28 April 2016 @ 12:39pm

Techdirt Reading List: How To Fix Copyright

from the copyright-reform-time dept

We're back again with another in our weekly reading list posts of books we think our community will find interesting and thought provoking. Once again, buying the book via the Amazon links in this story also helps support Techdirt.



In last week's Reading List post, we highlighted William Patry's Moral Panics and the Copyright Wars, in which he laid out a strong case for just how badly the debate on copyright has been warped by legacy industry forces creating bogus analogies. One of the complaints some leveled at that book was that it only discussed the problems, rather than offering any solutions. Of course, that wasn't the point of the book.

Nevertheless, Patry was then convinced to write a follow up book How to Fix Copyright, in order to respond to those critics (most of whom will never be satisfied). Once again, the book is an excellent read. It is not -- as some believed -- an entire book dedicated to discussing possible solutions. Instead, it again spends a lot of time making sure people really understand how messed up copyright law has become, and then towards the end proposes a few, relatively simple, solutions (which, frankly, may not go far enough). It talks about things like bringing back formalities (i.e., make copyright opt-in again) and shortening copyright terms.

Since it appears that Congress is really moving forward with copyright reform, it's definitely worth reading Patry's book again, and seeing if Congress goes anywhere near implementing his suggestions. My guess: not a chance.

8 Comments | Leave a Comment..

Posted on Techdirt - 28 April 2016 @ 9:30am

Even The Surveillance-Loving Wall Street Journal Is Bashing The FBI For Its War With Apple

from the didn't-see-that-one-coming dept

The Wall Street Journal has been a reliably pro-surveillance voice over the years, calling Snowden a "sociopath" while calling for even less NSA oversight, making up bizarre conspiracy theories, and fighting back against any surveillance reform. It even once argued that the tech industry should put backdoors into its encryption to better help the surveillance state.

That's what makes its recent editorial, The Encryption Farce (possibly behind a paywall, though the version I just opened showed up fine), so remarkable. It completely bashes the FBI over its attempts to force Apple to build a backdoor into its encryption -- though mainly because of the ridiculous fact that in the two most high profile cases, the DOJ magically got into the phones just as the cases got serious. The WSJ editorial doesn't pull any punches, asking what the hell is going on at the Justice Department:

If history repeats itself first as tragedy and then as farce, what does the FBI have in store next for its encryption war with Apple? After withdrawing its demands in San Bernardino and then reopening hostilities with a drug prosecution in Brooklyn, the G-men abruptly dumped the second case over the weekend too. Is anyone in charge at the Justice Department, or are junior prosecutors running the joint?
The editorial goes on to mock the FBI's claim that these cases are all about getting into just that phone, and notes that constantly finding ways in at the last minute are destroying the FBI's credibility.
This second immaculate conception in as many months further undermines the FBI’s credibility about its technological capabilities. Judges ought to exercise far more scrutiny in future decryption cases even as Mr. Comey continues to pose as helpless.
It goes on to suggest that the FBI stop bringing these cases, and that the President and the DOJ should put an end to this ridiculous attack on encryption:
Yet forgive us if this “conversation” now seems more like a Jim Comey monologue. The debate might start to be productive if the FBI Director would stop trying to use the courts as an ad hoc policy tool and promised not to bring any more cases like the one in Brooklyn.

Meanwhile, the White House has taken the profile-in-courage stand of refusing to endorse or oppose any encryption bill that Congress may propose. If the Obama team won’t start adjusting to the technological realities of strong and legal encryption, they could at least exercise some adult supervision at Main Justice.
On its own, such an editorial might not seem like a huge deal, but coming from the Wall Street Journal -- a source that has previously championed much greater surveillance and even supported backdoors -- it's a surprising shift. And it shows just how badly the DOJ and FBI miscalculated in their attempts to use the courts to get their desired results in breaking encryption.

13 Comments | Leave a Comment..

Posted on Techdirt - 28 April 2016 @ 8:31am

Mississippi Attorney General Jim Hood Withdraws Google Subpoena As Google Appeals Court Ruling

from the not-over-yet dept

Earlier this month, the Fifth Circuit appeals court tossed out the lawsuit that Google had filed against Mississippi Attorney General Jim Hood, following Hood's decision to send a subpoena that was written by the MPAA's lawyers, as part of a plan by the MPAA to pay money to get state Attorneys General to attack Google.

While some in the legacy copyright world painted the ruling in the Fifth Circuit as a "victory" for Jim Hood, and a loss for Google, anyone reading the details would recognize it was anything but that. The court made it pretty clear that Hood's subpoena was ridiculous and had no chance of surviving a judicial review... but dumped the case on a procedural issue, arguing that since Jim Hood had not yet taken any action concerning Google's unwillingness to respond to parts of the subpoena, there was nothing to dispute. Basically, the court said "wait until Hood actually tries to force you to do something... and then we'll tell him his subpoena is bogus."

Google has now asked the appeals court to reconsider throwing out the case, but also reveals an interesting tidbit in the footnotes: it appears that after the ruling, Hood withdrew the entire subpoena:

If you can't read that, it says:
By letter of April 22, 2016, Hood withdrew the subpoena that Google had challenged.
That should be a pretty clear indication that this wasn't the victory some of the MPAA/Hood supporters have been claiming. Of course, Google does think it's entirely possible that Hood will issue an updated subpoena, which is part of the reason that it's asking the court to review the ruling. In a later footnote it points out that along with the withdrawal letter, Hood did warn them that the letter requiring Google to retain documents for possible litigation "remains in effect."

As for the meat of Google's petition, the company argues that the court was wrong to dump the entire lawsuit, pointing out that there were two claims in the original filing -- one for injunctive relief (i.e., blocking Hood from doing anything with the subpoena) and one for declaratory judgment (basically saying that the company was doing nothing wrong). The company says that the ruling tossing the lawsuit just referred to the injunctive relief question, not the declaratory judgment -- and further makes the argument that there was a real risk of Hood pursuing unconstitutional measures, meaning that a lawsuit for declaratory judgment is perfectly reasonable.
The panel directed the district court to dismiss the entire case as unripe because Google had not shown an “imminent threat of irreparable injury.” ... But that standard does not apply to Google’s claims for declaratory relief regarding threatened enforcement action. Under settled law, such claims “need cross only a low threshold; the Supreme Court requires no more than a ‘credible threat of prosecution,’ one that is not ‘chimerical,’ or ‘imaginary or speculative.’” .... Google met that standard. Accordingly, Google requests that the panel amend its decision to permit Google’s claims for declaratory relief regarding threatened enforcement action to proceed.
Of course, it's also possible that the court may argue that even if that's true, the whole thing is moot now that Hood has withdrawn the subpoena.

Google tries to address that as well, but I'm not convinced the court will buy it.
In addition to identifying specific conduct he deemed unlawful, Hood took concrete steps that reinforced the peril Google faces. He wrote the company’s outside counsel requesting that Google “preserve potentially relevant information that may be used as evidence in pending or reasonably foreseeable litigation.”... Hood gave a presentation to fellow attorneys general that detailed Google’s alleged wrongdoing, explained the elements of “Possible Causes of Action,” and offered theories to overcome Google’s anticipated defenses.
It's in this section that Google includes the footnote noting that Hood told the company that the preservation letter was still in effect, suggesting that he may still intend to go after Google.

Still, it looks like all the MPAA got for the hundreds of thousands of dollars it threw at this was making Mississippi's Attorney General look foolish, and showing just how far the MPAA will go to try to attack Google, rather than adapt to the internet.

Read More | 26 Comments | Leave a Comment..

Posted on Techdirt - 27 April 2016 @ 3:33pm

House Votes Unanimously In Favor Of Requiring A Warrant To Search Emails

from the yay! dept

The push to reform ECPA -- the Electronic Communications Privacy Act -- have been going on basically as long as this site has been in existence (i.e. nearly 20 years). There are lots of problems with ECPA, but the big one that everyone points to is that it considers any communication that's on a server more than 180 days to be "abandoned" and accessible without a warrant. That perhaps made some amount of sense back in 1986 when the law was written, because everything was client-server and you downloaded your email off the server. But in an age of cloud computing and webmail it makes no sense at all. Still, the IRS and the SEC really, really liked the ability to use ECPA to snoop on people's emails.

In the past few years, Congress has kept supporting reform, but it always dies when some part of the administration complains and tries to block it. And yet, each time it enters Congress, it gets more and more sponsors. And, finally, the full House has voted to pass the Email Privacy Act. It was no surprise that it passed. The bill had an astounding 315 cosponsors. Seriously:

Still, it's impressive that the bill ended up passing unanimously, 419 votes to 0 (and 14 missing votes). On an issue like this, that's surprising. You figured there would be some Congressional rep from somewhere arguing that this would let terrorists and child predators off the hook or something.

The bill is certainly not perfect, and could be improved, but it's nice to see the House get the basics right. Now, we wait and see what happens in the Senate... Will the Senate ignore a unanimous House and let this bill just die, or will it finally do the right thing and protect email privacy?

24 Comments | Leave a Comment..

Posted on Techdirt - 27 April 2016 @ 11:38am

And Out Come The Wolves: Now Getty Images Files EU Antitrust Complaint Against Google About Image Piracy

from the uh,-why-not-a-copyright-complaint? dept

With the EU making the first big antitrust move against Google in the EU over Android bundling practices (and more still expected over search), it seems that lots of other companies that have had trouble adapting to the internet are coming out of the woodwork to file complaints of their own (well, everyone except Microsoft, which has agreed to drop its complaints -- despite kicking off much of the EU antitrust focus on Google). Last week, we wrote about News Corp. confusingly arguing that Google News was an antitrust violation, because it both linked to its content and because it wouldn't link to its content (don't ask me, I don't understand it either).

Next up? Getty Images complaining about Google Images. According to Time, Getty has filed an antitrust complaint against Google in the EU, apparently arguing that Google's image search is undermining Getty's licensing business and "encouraging piracy."

Photography company Getty Images is accusing Google of scraping images from third party websites and encouraging piracy, adding a new wrinkle to the Mountain View, Calif.’s ongoing legal battles in Europe.

In its complaint to the European Union’s antitrust commission, Getty says Google Images, which displays full-screen slideshows of high-resolution copyrighted images, has hurt the stock agency’s licensing business as well as content creators worldwide. Google first introduced the feature in Jan. 2013. Previously, the search engine only displayed tiny thumbnails of images.
Getty has not actually released the complaint but put out a press release with a few more details and had its General Counsel Yoko Miyashita, post an open letter. The big issue, it seems, for Getty is that three years ago Google made its Images search act a little different, in that you can display full resolution images, rather than just purely thumbnails. Getty claims that this is decreasing the rate of clickthroughs to its site, where it might be able to extract some licensing fees.

Getty, of course, has a troubled history with the internet. It has a pretty long history of fairly idiotic bouts of pure copyright trolling, demanding cash as a bully, often in cases where there was no legitimate infringement at all. We were cautiously optimistic a couple of years ago, when the company finally started experimenting with offering up images for free, via a system that would let you embed many images (though there were some concerns about the setup and conditions).

Reading between the lines, it sounds like that effort has not taken off to the level Getty had hoped... and rather than recognizing that people just aren't comfortable with embedding images from Getty (or that they don't really know about the program), the company appears to be blaming Google Image search. And that's doubly weird since an actual analysis of why Getty's internet efforts haven't taken off shows that it's got nothing to do with Google's Image search and everything to do with cheap stock photo sites and Getty's inability to understand basic search engine marketing practices. Rather than take that to heart and adapt, the company joins many others in just whining about another company that is more successful.

The whole complaint is confusing. Most people searching Google Images aren't going to be licensing a photo in the first place. People who are looking to license a photo go elsewhere. So it's not like Google Images is likely to have a real impact on Getty. But that's not how Getty sees it:
Because image consumption is immediate, unlike other mediums searchable through Google, such as news or music, once an image is displayed in high-resolution, large format, there is little impetus to view the image on the original source site. These changes have allowed Google to reinforce its role as the internet’s dominant search engine, maintaining monopoly over site traffic, engagement data and advertising spend. This has also promoted piracy, resulting in widespread copyright infringement, turning users into accidental pirates.
Of course, this is interesting, because you'll note that Getty isn't filing a copyright case here, it's filing an antitrust case. If this were really about "piracy" why not file a copyright case? It's because Getty knows damn well it would lose any such copyright case. And it would lose badly. So it's filing this antitrust case as a sort of backdoor copyright case, hoping that in the EU's current hatred towards Google, regulators won't pay attention to the nuances.
Getty Images’ General Counsel, Yoko Miyashita says: “Getty Images represents over 200,000 photojournalists, content creators and artists around the world who rely on us to protect their ability to be compensated for their work. Google’s behavior is adversely affecting not only our contributors, but the lives and livelihoods of artists around the word – present and future. By standing in the way of a fair marketplace for images, Google is threatening innovation, and jeopardizing artists’ ability to fund the creation of important future works. Artists need to earn a living in order to sustain creativity and licensing is paramount to this; however, this cannot happen if Google is siphoning traffic and creating an environment where it can claim the profits from individuals’ creations as its own.”
I've read this four times now and none of it makes sense. Again, people searching Google Images aren't looking to license images. Getty is breezily mixing up very different markets because of just how weak its overall argument is here. Also, the whole "artists need to earn a living" bit is similarly misleading. It's a favorite line that comes up over and over again but is bullshit. Most artists don't earn a living doing artwork. That's just a fact. That's true with copyright and without. It's not the copyright that pays people. It's having a good business model that people find worth supporting. That's it.

And, really, if Getty were really in this to help photographers get paid, then why is it so easy to find photographers online bitching about the ridiculously low royalties that Getty Images pays? This isn't about helping photographers get paid. This is about Getty Images and the fact that it hasn't figured out how to make a compelling product on the internet.

And, going back to the way in which Google displays images, it does so because it knows that it's providing a better consumer experience. When people are looking for images online, they want to see the images, and thus Google is delivering what people want. Getty may not like that, because it hoped that Google would fail to deliver what people want, thereby forcing them over to the also terrible Getty Images experience, but it's difficult to see how that's an antitrust issue. If Getty wants to compete, why doesn't it compete? Build a better image search engine and layer its business model on top of it.

But, no, instead, it whines to the EU about "antitrust" and pretends that it's helping photographers, all while making sure they get only a tiny percentage of any money that Getty actually makes from selling their photos.

60 Comments | Leave a Comment..

Posted on Techdirt - 27 April 2016 @ 10:38am

Brazilian Media Giant Realizes It Can Use The DMCA To Censor Criticism Of Its Coverage

from the what-a-wonderful-censorship-tool dept

As we've explained over and over again, copyright and censorship go hand in hand. People who want to censor seem to love the power that copyright conveys on them. Take, for example, the Brazilian media giant Globo. As you may have heard, there's a big political fight down in Brazil, as the Congress there looks to impeach the President, Dilma Rousseff. It's a big political mess, made even more ridiculous by the fact that many of the leading voices looking to impeach Rousseff have themselves been indicted for corruption or are being investigated for corruption. Last week, David Miranda wrote an article for the Guardian, arguing that the whole thing is political, and that the corruption claim against Rousseff is just a pretext for an opposing party to gain power. In that article, he blames the major media properties in Brazil for supporting the fiction in pushing an anti-Rousseff story.

The story of Brazil’s political crisis, and the rapidly changing global perception of it, begins with its national media. The country’s dominant broadcast and print outlets are owned by a tiny handful of Brazil’s richest families, and are steadfastly conservative. For decades, those media outlets have been used to agitate for the Brazilian rich, ensuring that severe wealth inequality (and the political inequality that results) remains firmly in place.

Indeed, most of today’s largest media outlets – that appear respectable to outsiders – supported the 1964 military coup that ushered in two decades of rightwing dictatorship and further enriched the nation’s oligarchs. This key historical event still casts a shadow over the country’s identity and politics. Those corporations – led by the multiple media arms of the Globo organisation – heralded that coup as a noble blow against a corrupt, democratically elected liberal government. Sound familiar?
Globo TV was apparently not happy with that and asked the Guardian to post its response, written by the company's Chair of the Editiorial Board, Joao Roberto Marinho, who apparently is the heir to the Globo empire.

Miranda then responded to Marinho over at the Intercept, to show why Globo has been extremely biased in pushing one side of the story in Brazil. Miranda goes through Globo's somewhat sordid history as a propaganda arm, and then goes point for point debunking Marinho's claims. Towards the end he tries to show just how one-sided Globo's coverage has been:
For more than a year, one Globo-owned Epoca magazine cover after the next used manipulative, demonizing art to incite the public in favor of impeachment. The Twitter feeds of Globo’s stars — both news and entertainment — are filled every day with pro-impeachment propaganda. Even when Jornal Nacional tries to deny that it is placing its heavy finger on the scale in favor of pro-impeachment protests, it cannot help itself: It glorifies those pro-impeachment protests and gives them far more airtime than their pro-democracy counterparts:
After this, he linked to a video demonstrating all of this... but soon after his article went up, that video became this:
Yup. Globo suddenly decided to make a copyright claim on the video that was being used in an article demonstrating how its coverage has been incredibly biased. That video had been up for months before that with no problem, but just a little while after it was included in Miranda's article it was gone. Poof.

And people still want to claim copyright isn't regularly used as a tool for censorship?

Yes, the content in the video is content from Globo. But it's not taking it down over any concern over licensing issues or "piracy." It issued the takedown to clearly hide the video from the public viewing Miranda's article. It is purely a censorship move, and copyright is just a convenient tool. Thankfully, others have been reuploading the videos elsewhere, but just think what will happen if the legacy entertainment industry is successful in pushing a "notice and staydown" regime? This kind of censorship will become much, much more effective.

7 Comments | Leave a Comment..

Posted on Techdirt - 27 April 2016 @ 9:32am

Thank Snowden, As NSA Estimates He Singlehandedly Sped Up Encryption Adoption By 7 Years

from the thank-you-ed dept

Post sponsored by

Golden Frog

As part of our funding campaign for our coverage of encryption, we reached out to some companies that care about these issues to ask them to show their support. This post is sponsored by Golden Frog, a company dedicated to online privacy, security and freedom.


James Clapper, Director of National Intelligence, is claiming that, according to NSA estimates the Snowden revelations sped up the adoption rate of encryption by 7 years. Apparently, that's based on NSA estimates of the adoption curve of encryption. As reported by Jenna McLaughlin at the Intercept:

“As a result of the Snowden revelations, the onset of commercial encryption has accelerated by seven years,” James Clapper said during a breakfast for journalists hosted by the Christian Science Monitor.

The shortened timeline has had “a profound effect on our ability to collect, particularly against terrorists,” he said.

When pressed by The Intercept to explain his figure, Clapper said it came from the National Security Agency. “The projected growth maturation and installation of commercially available encryption — what they had forecasted for seven years ahead, three years ago, was accelerated to now, because of the revelation of the leaks.”
Of course, it's worth noting that, in the past few months, it seemed as if the NSA and the intelligence community was moving away from its kneejerk hatred of encryption, pushing back against the FBI's argument that we need to backdoor encryption. But, apparently they're not willing to go quite this far. Basically, the NSA wants strong encryption out there, but it doesn't really want you to use it.
Asked if that was a good thing, leading to better protection for American consumers from the arms race of hackers constantly trying to penetrate software worldwide, Clapper answered no.

“From our standpoint, it’s not … it’s not a good thing,” he said.
Yup. James Clapper would prefer that the American public be less safe by not using encryption, rather than protecting their digital lives.

Of course, many other people do think it's a very, very good thing. Including Ed Snowden:
So, the guy in the US government is upset that the public is more safe, and the guy that people want to accuse of being a traitor is proud of helping Americans to better protect themselves. Maybe we ought to reverse their roles...

Privacy & Security on the Golden Frog Blog:

VyprVPN from Golden Frog is the world's fastest highly-secure VPN.
Get 25% off VyprVPN now »

26 Comments | Leave a Comment..

Posted on Techdirt - 27 April 2016 @ 8:32am

Yet Another Court Says FBI's Hacking Tool In Child Porn Case Was An Illegal Search

from the the-4th-amendment-matters dept

Just last week, we wrote about another ruling in one of the many cases kicked off when the FBI took control over a Tor-based child porn site, called Playpen, and ran it for two weeks. While the courts have said that it was okay for the FBI to run a child porn service for two weeks as part of a sting operation, they've been having a lot more trouble with the fact that the FBI then used its control over the service to infect any visitor with malware in order to figure out who they were. In the ruling last week, in the case against Alex Levin, in the Massachusetts District Court, the court said that the malware/hacking tool represented an illegal search under the 4th Amendment and suppressed the evidence. The key issue was that the warrant was issued for searches in the Eastern District of Virginia, but Levin clearly was not there.

Now a court in the Northern District of Oklahoma, in a case against Scott Arterbury, has more or less reached the same conclusion. Specifically, Artebury's lawyers pointed out that his computer was "seized" by the malware (called the Network Investigative Technique or NIT), and that was clearly in Oklahoma, beyond the bounds of the warrant. The government tried to play some games, arguing that it was the data that was seized in Virginia when it accessed the FBI-hosted site. The court doesn't buy it. The NIT acted in Oklahoma, not Virginia:

The Court is not persuaded by this argument. The property seized in this instance was Arterbury’s computer, which at all relevant times remained in Oklahoma. The NIT warrant allowed the Government to send computer code or data extraction instructions to Arterbury’s computer, wherever it was located. The Government “seized” that computer and directed it to send certain information to the Government – all without Arterbury’s knowledge or permission. Arterbury’s computer was never in the Eastern District of Virginia and subsection (b)(2), therefore, does not apply. Furthermore, even if the property seized was electronic information, that property was not located in the Eastern District of Virginia at the time the warrant was signed. This information only appeared in Virginia after the Warrant was signed and executed and the Government seized control of Defendant’s computer in Oklahoma.
None of this, of course, is to absolve those who were actively engaged in activities around child pornography. But, as the judge notes, the FBI could have easily gotten an appropriate warrant:
Furthermore, the drafters of Rule 41 knew how to avoid the territorial limit on issuance of warrants when they wished to do so. Rule 41(b)((3) removes the territorial limitation in cases involving domestic or international terrorism. In such cases, a magistrate judge “with authority in any district in which activities related to the terrorism may have occurred has authority to issue a warrant for a person or property within or outside that district.” Rule 41(b)(3). The drafters of Rule 41 could easily have included child pornography in Rule 41(b)(3) and, thereby, avoided the territorial limitation of Rule 41(b)(1) & (2). They did not do so. The Court can only conclude that they did not intend to remove the territorial limit in cases such as the one before the Court.
The court then delves a bit deeper to determine if it should order the evidence suppressed. Even in some of the other cases where the court found the NIT to be an illegal search, it still allowed the evidence to be used, often because of the "good faith exception." But not here. After a long discussion about the good faith exception... the court explains it just doesn't apply here, because this wasn't just a technical error, but an error that destroys the entire warrant.
I conclude that where the Rule 41 violation goes directly to the magistrate judge’s fundamental authority to issue the warrant, as in the violation presented here, it is not a “technical violation” of the Rule. The warrant is void ab initio, suppression is warranted and the good-faith exception is inapplicable.
Once again, it's looking like the FBI and DOJ's failure to respect the 4th Amendment means that evidence will be suppressed.

Read More | 18 Comments | Leave a Comment..

More posts from Mike Masnick >>