Mike Masnick’s Techdirt Profile


About Mike MasnickTechdirt Insider

Mike is the founder and CEO of Floor64 and editor of the Techdirt blog.

He can be found on Twitter at http://www.twitter.com/mmasnick

Posted on Techdirt - 1 December 2015 @ 11:33am

Our Response To The Latest Ridiculous Legal Threat Against Us: Milorad Trkulja Can Go Pound Sand

from the damn-it-feels-good-to-be-a... dept

As we've noted, we regularly get legal threats, some of which are more serious than others. Sometimes we ignore them entirely, and sometimes we feel the need to respond. Depending on the situation, sometimes we respond privately. Sometimes we respond publicly. The more ridiculous the threat, the more likely we are to respond publicly -- and I think the latest holds up as one of the most ridiculous legal threats we've seen. It comes from Milorad Trkulja, who is also known as Michael Trkulja, and who lives in Australia. Trkulja made some news a few years back when he (somewhat surprisingly) successfully sued both Yahoo and Google for hundreds of thousands of dollars, because when people did image searches on a variety of phrases related to things like "Australian criminal underworld mafia" sometimes a picture of Trkulja would show up. Apparently, Trkulja was actually shot in the back a decade ago by an unknown gunman. And somehow, for whatever reasons, certain websites included pictures of him along with enough keywords that the search algorithms at both Google and Yahoo would return his photo in such searches. We wrote about his victory over Google back in November of 2012, pointing out how ridiculous it was that an Australian court said you could sue search engines because image search happens to pop up your image along with actual gangsters.

Anyway, after we wrote about the case, as happens on Techdirt, people commented on the story, including one anonymous comment from someone who, in a totally offhand way, claimed that "Trkulja's a gangster, too." The actual content of the comment, as you can see was actually to clarify some of the misconceptions -- including who "Tony Mokbel" is (a well-known Australian gangster) and responding to the author of the post, Tim Geigner's (admittedly weak) sarcastic joke that Australians fight with machetes, rather than guns.

Now, it appears that Trkulja just found out about this comment (more on how in a moment) and has sent off a fairly massive 54-page document to both myself and to Google with a series of increasingly hilarious demands -- including that we respond by 4pm today (he does not designate in what time zone -- not that it matters). The letter is, well, you kinda have to read it. It is full of misspellings, along with typographical and grammatical errors of all kinds. For someone who claims to have consulted a lawyer before sending the letter, you'd think he'd consult someone who could proofread his letter as well. No such luck, apparently.

It starts out by claiming that it's "Not for publication" but that's totally meaningless. You send it to us, we can absolutely publish it. Free speech means something here in the US.

It then includes a recitation of some "facts" about certain Australian organized crime individuals, followed immediately by this:
I'm not an expert on Australian law, but I'm pretty sure that's totally false. I believe that he's either referring to his own earlier case, or (more likely!) the dreadful recent decision in a South Australia court, concerning one "Janice Duffy." Duffy, as we've discussed, sued Google after she became quite upset that a Ripoff Report post mocking her was a high result on her name (what is often left out of this discussion was that Duffy went to Ripoff Report first and posted fake posts to attack a psychic website where she felt she had been connected to a psychic who provided her with false information, and the supposedly "defamatory" content on the site was someone referring to Duffy as a "psychic stalker"). The ruling in that case did not say that Google is automatically liable for any defamatory content online, but rather, in this specific instance, Google could be found as the "publisher" of some defamatory content, based on the way that Google chose to display that content. I disagree strongly with the decision as is, but even if we accept it at face value, it does not say what Trkulja is claiming.

Oh yes, speaking of Duffy, it felt... odd... to receive a legal threat from Australia so soon after discussing the Duffy decision -- especially given that Duffy had not only just yelled at us online, but had also been going off on some bizarre rants and outright threats against some individuals who expressed an opinion suggesting that the ruling in favor of Duffy was troubling.

So, it didn't come as a huge surprise that Trkulja then admits he only found out about our post and the comments... thanks to Duffy, who is apparently a "family friend" of his.
If you can't read that, it notes that the "matter in paragraph 14" (which is the comment I mentioned above) "come to my attention when my family friend Dr Duffy from South Australia send me link that you have been defaming me as from 2012."

From there, he notes:
I complains is an article authored by you and posted to the "Techdirt" website situate at https://www.techdirt.com ("the website")....
Well, I'm really not quite sure what to do with that information, because almost everything in it is wrong, but we'll get there. From there, he mentions that he spoke to an Australian defamation lawyer, and suddenly shifts oddly from the first person to the third person -- possibly copying what someone told him, though it's not at all clear from the text of the letter. The key point: he claims that comment is defamatory and that Techdirt is liable for it. This is wrong on a variety of levels -- but we'll get there as well.

Then, we get to the "demands." It starts with a demand for Google. They are apparently supposed to delist Techdirt entirely because of a single comment that Trkulja falsely believes is defamatory. Also, it could be read as to be asking Google to block me personally from Google's website. Or something. Also, he wants Google to block some other websites. No reason or explanation is given.
Then there are demands for me that include identifying the anonymous "subscriber," delete the comment, the post and anything ever mentioning Trkulja. Oh, and I should fork over a bunch of money:
These demands are then repeated again on the next page in slightly different language. And numbered instead of lettered. No idea why. Then there's a demand that we respond by December 1st, 2012. Yes, 2012. I'll assume that's a typo.

Then there are a ton of screenshots that I assume are "exhibits" of some sort. They include my Twitter page for no clear reason. And also the Techdirt profile of the author of the original article, Tim Geigner, and, for reasons unknown, Tim's Amazon author page. He also refers to Tim as "Darknight aka Timothy Geigner" while I think most of our regulars recognize that Tim is better known as "Dark Helmet" in our comments....

Okay, so that's the situation. Now, the response: we're not going to do any of the demanded things. For a whole variety of reasons. Let's go through just a few, because this post is getting too long already and if I had to respond to all of the ways this letter is wrong, none of you would still be reading.
  1. First up, not that it really matters, but the statute of limitations is one year in Australia, as it mostly is in the US as well. Under some circumstances, it can apparently be extended to three years, but (oops) that comment was published on November 13, 2012. The statute of limitations is up. Sorry.
  2. The comment isn't defamatory. The reference claiming you're a "gangster" is totally innocuous. It's a trivial throw away comment on a blog post that no one would notice. Trivial comments are not defamation in Australia (or the US for that matter).
  3. The other lines that you seem to complain about are opinions not statements of fact. The reference to the "gun" was a response to Geigner's joke in the post about machetes, not to anything involving you. Opinions are not defamation. Things unrelated to you are not defamation of you.
  4. Also, we're a US company with no presence in Australia, so your threats are pretty pointless.
  5. Even if you could convince an Australian court with some sort of wacky legal argument, we're totally protected from such judgment thanks to the SPEECH Act.
  6. Free speech, dude.
  7. We have no "subscriber" named Anonymous Coward. That's the designation given to anyone who comments without logging in.
  8. We didn't publish the comment. An anonymous user did. We're not liable for it. If you have any legitimate complaint at all (and you don't), it's with an anonymous user who posted a trivial comment three years ago, rather than us or Google.
  9. Even if none of the above is true: what the fuck? NO ONE is finding a comment buried deep below a blog post about your legal victory and suddenly saying "oh, well that proves that Trkulja was a gangster."
  10. Wait, what's so terrible about being called a "gangster" anyway? To many people it's a compliment or something to brag about.
That's enough of a response. There are tons of other possible responses, but in short: we're not doing a damn thing in response to this ridiculous threat. You have no case whatsoever and complaining about this is ridiculous. It may be time to find a hobby or something, Mr. Trkulja, because poorly written and ridiculous legal threats to foreign entities aren't doing you any good.

Read More | 75 Comments | Leave a Comment..

Posted on Techdirt - 1 December 2015 @ 10:36am

Judge In FBI Case Was Forced To Redact His Mocking Of FBI's Ridiculous Arguments

from the now-revealed dept

We've already discussed how Nicholas Merrill can finally reveal the ridiculous and almost certainly unconstitutional National Security Letter (NSL) he received 11 years ago while operating a small ISP, Calyx Internet Access. However, with that revelation also came the unredacted version of the judge's ruling back in October. When we wrote about the October ruling we had mocked many of the obviously ridiculous redactions -- including this somewhat iconic redacted footnote:

Thanks to the unredacted decision's release, we can now see what exactly was redacted and it was mostly judge Victor Marrero totally mocking the DOJ's ridiculous arguments. Here's that footnote, by the way:
If you can't read it, it says:
The Court notes that the Leahy Letter does not reveal the "180 day" time period in which the FBI sought order and shipping information from Merrill. The Perdue Declaration argues that if this 180-day period is revealed, then "potential terrorists" could manipulate orders to avoid having those orders fall within the 180 day period.... The Court is not persuaded. A "potential terrorist" does not know when, if ever, the FBI will issue a related NSL. The 180-day period clearly relates to the date Merill received the NSL, and it is hard to imagine any person outside of the FBI having the knowledge about when an NSL might be issued, and changing their behavior as a result.
Many of the other redactions just involve hiding what kind of information is currently being redacted, even as the judge wondered why such information was being redacted. For example, we originally highlighted this section:
And in the unredacted portion, we see that basically the government insisted on redacting the fact that the NSL asked for "subscriber day/evening telephone numbers" and the judge can't figure out why the FBI thinks this needs to be secret.
Elsewhere, the redactions get even more direct in hiding the judge totally mocking the DOJ's arguments. Take this section for example:
We now see it was the judge mocking the ridiculousness of these redactions:
If you can't see that, it's the judge pointing out the ridiculousness of the FBI already allowing the public to know it can collect records of an "address" and a "telephone number" but not "addresses" and "telephone numbers" (i.e., the plural versions). As the judge noted, but was originally redacted:
... a potential target of an investigation, even a dim-witted one, would almost certainly be able to determine, simply by running through the alphabet, that "telephone number█" could only be "telephone numbers." Redactions that defy common sense -- such as concealing a single letter at the end of a word -- diminish the force of the Government's claim to "good reason" to keep information under seal, and undermine its argument that disclosures of the currently-redacted information in the Attachment can be linked to a substantial risk of an enumerated harm.
The judge also mocks the ridiculous fact that because the FBI is no longer using NSLs to obtain cell-tower location info, that because it might at some point in the future use it, such info should be redacted:
Here's the unredacted version:
Later in the document, the judge was even forced to redact the phrase "sophisticated foreign adversaries" in noting that such people would already know that the FBI could collect such information.

It was pretty clear back in October the redactions were ridiculous (as was the whole gag order in the first place), and now it's been confirmed.

Read More | 18 Comments | Leave a Comment..

Posted on Techdirt - 1 December 2015 @ 9:33am

Recipient Of FBI National Security Letter Can Finally Reveal Details, 11 Years Later

from the and-it's-just-as-messed-up-as-expected dept

Back in October, we followed up on a much older story concerning Nicholas Merrill, the owner of Calyx Internet Access, who back in 2004 had received one of the FBI's infamous National Security Letters (NSLs) complete with a total gag order on it. NSLs have long been widely abused by the FBI to (unconstitutionally) get around the 4th Amendment, demanding all sorts of information from private parties and then putting a perpetual gag order on the request, which also would seem to violate the 1st Amendment. Merrill fought back against the NSL -- at first anonymously because he wasn't even allowed to admit to anyone that he'd received one. In 2010, Merrill was finally granted the right to admit that he had received an NSL and that he was fighting it. But he still couldn't reveal much more than that.

The October ruling said that the entire gag order needed to be lifted, and that Merrill should be able to finally reveal the actual NSL -- and that has now happened. You can see the ridiculously broad list of information that was demanded from Merrill.

Merrill is now able to reveal that the FBI believes it can force online companies to turn over the following information simply by sending an NSL demanding it: an individual’s complete web browsing history; the IP addresses of everyone a person has corresponded with; and records of all online purchases. The FBI also claims authority to obtain cell-site location information with an NSL, which effectively turns a cell phone into a location tracking device. In court filings, the FBI said that at some point it stopped gathering location data as a matter of policy, but that it could secretly choose to resume the practice under existing authority.

“For more than a decade, the FBI has been demanding extremely sensitive personal information about private citizens just by issuing letters to online companies like mine,” said Mr. Merrill.   “The FBI has interpreted its NSL authority to encompass the websites we read, the web searches we conduct, the people we contact, and the places we go. This kind of data reveals the most intimate details of our lives, including our political activities, religious affiliations, private relationships, and even our private thoughts and beliefs,” he explained.

As Marcy Wheeler notes, the depth of information that the NSL was getting willy nilly with no oversight at all through NSLs is rather astounding.
This is what the government means when it does “connection” chaining: gluing together every fragment of your online life together to see it all.
The ACLU has also helpfully created a graphic showing the gradual revealing of this NSL, with each part of the legal fight unmasking a bit more over the course of this decade-plus battle:
Along with the NSL details, Merrill was also able to release an unredacted version of October's ruling -- and we'll deal with that in a separate post, so stay tuned.

Read More | 16 Comments | Leave a Comment..

Posted on Techdirt - 1 December 2015 @ 8:21am

Appeals Court Issues Fantastic 1st Amendment Ruling Against Censorious Sheriff Thomas Dart In His Crusade Against The Internet

from the go-away dept

We've written about Cook County Sheriff Thomas Dart and his desire to censor the internet for a few years now. Back in 2009, he sued Craigslist because he claimed it was "the single largest source of prostitution in the nation." As we noted at the time, Craigslist was just a platform, and suing it made no sense at all -- especially given that the company was more than willing to cooperate closely with law enforcement and help them track down people who were breaking the law online. In other words, whereas a sheriff who was actually interested in stopping law breaking might embrace the site and work with it to track down law breakers, Dart, chose to sue the toolmaker. That lawsuit failed miserably, but Sheriff Dart never gave up his quixotic quest to blame internet companies for prostitution.

Over the past few years, Backpage.com has taken over the boogeyman reputation previously held by Craigslist when it comes to online prostitution. Back in July of this year, Dart proudly announced that he had scared Visa and Mastercard out of working with Backpage after he sent them a misleading letter effectively threatening them if they did not stop working with Backpage. Backpage quickly sued Dart and within weeks received a temporary restraining order, with the court wasting no time claiming that Dart's actions in getting Visa and Mastercard to stop doing business with Backpage was unconstitutional prior restraint. However, the court later appeared to change its mind and refused to issue an injunction, saying that while Dart's letter could be construed as a threat, it wasn't censorship since he had no legal authority over the payment companies.

Backpage quickly appealed to the Seventh Circuit appeals court -- which has now absolutely trashed Dart in a decision written by Judge Richard Posner. The entire ruling is well worth reading, but here are a few excerpts. Posner does not find the lower court's reasoning convincing at all, quoting Okwedy v. Molinari to explain why:

“The fact that a public-official defendant lacks direct regulatory or decisionmaking authority over a plaintiff, or a third party that is publishing or otherwise disseminating the plaintiff’s message, is not necessarily dispositive … . What matters is the distinction between attempts to convince and attempts to coerce. A public-official defendant who threatens to employ coercive state power to stifle protected speech violates a plaintiff’s First Amendment rights, regardless of whether the threatened punishment comes in the form of the use (or, misuse) of the defendant’s direct regulatory or decisionmaking authority over the plaintiff, or in some less-direct form.”
Posner is well aware of Dart's previous failed attempt to sue Craigslist and notes the obvious intention of the letter to payment companies:
The suit against Craigslist having failed, the sheriff decided to proceed against Backpage not by litigation but instead by suffocation, depriving the company of ad revenues by scaring off its payments-service providers. The analogy is to killing a person by cutting off his oxygen supply rather than by shooting him. Still, if all the sheriff were doing to crush Backpage was done in his capacity as a private citizen rather than as a government official (and a powerful government official at that), he would be within his rights. But he is using the power of his office to threaten legal sanctions against the credit-card companies for facilitating future speech, and by doing so he is violating the First Amendment unless there is no constitutionally protected speech in the ads on Backpage’s website—and no one is claiming that. The First Amendment forbids a public official to attempt to suppress the protected speech of private persons by threatening that legal sanctions will at his urging be imposed unless there is compliance with his demands....

Central to Backpage’s case is a letter of June 29 of this year that Sheriff Dart sent both to MasterCard’s CEO and Board of Directors and to the corresponding personnel of Visa. The letter is on stationery captioned “Office of the Sheriff,” and begins: “As the Sheriff of Cook County, a father and a caring citizen, I write to request that your institution immediately cease and desist from allowing your credit cards to be used to place ads on websites like Backpage. com.” Notice that he is sheriff first, father and citizen second; notice his use of the legal term “cease and desist”; notice that he calls MasterCard “your institution,” implying that the same letter is going to other “institutions”—namely other credit card companies—in other words that he is organizing a boycott. And notice that he doesn’t demand that “your institution” refuse to allow “your credit cards” to be used to pay just for ads on Backpage’s website that promote illegal products or services—he demands that “your institution” cease and desist from placing any ads “on websites like Backpage.com” (and a fortiori on Backpage’s own website) even though “adult” ads are only one of eleven types of classified ad published on the website. Visa and MasterCard got the message and cut all their ties to Backpage.

The letter goes on to state that “it has become increasingly indefensible for any corporation to continue to willfully play a central role in an industry that reaps its cash from the victimization of women and girls across the world.” The implication, given whom the letter is addressed to, is that credit card companies, such as MasterCard and Visa, “willfully play a central role” in a criminal activity (emphases added)—so they had better stop! Indeed, the letter goes on to say, those companies are “key” to the “growth” of sex trafficking in the United States. (Actually, as explained in an amicus curiae brief filed by the Cato Institute, Reason Foundation, and DKT Liberty Project, citing voluminous governmental and academic studies, there are no reliable statistics on which Sheriff Dart could base a judgment that sex trafficking has been increasing in the United States.) He is intimating that two of the world’s largest credit card companies may be criminal accomplices.
“Financial institutions,” the letter continues, “have the legal duty to file ‘Suspicious Activity Reports’ to authorities in cases of human trafficking and sexual exploitation of minors.” The letter cites the federal money-laundering statute, 18 U.S.C. § 1956, thereby intimating that the credit card companies could be prosecuted for processing payments made by purchasers of the ads on Backpage that promote unlawful sexual activity, such as prostitution. And “make no mistake,” the letter thunders: “Your [credit] cards have and will continue to be used to buy ads that sell children for sex on sites like Backpage.com. … The use of credit cards in this violent industry implies an undeserved credibility and sense of normalcy to such illicit transactions and only serves to increase demand.” And then, Posner notes, Dart makes his threat pretty damn clear:
And here’s the kicker: “Within the next week, please provide me with contact information for an individual within your organization that I can work with [harass, pester] on this issue.” The “I” is Sheriff Dart, not private citizen Dart— the letter was signed by “Thomas Dart, Cook County Sheriff.” And the letter was not merely an expression of Sheriff Dart’s opinion. It was designed to compel the credit card companies to act by inserting Dart into the discussion; he’ll be chatting them up. Further insight into the purpose and likely effect of such a letter is provided by a strategy memo written by a member of the sheriff’s staff in advance of the letter. The memo suggested approaching the credit card companies (whether by phone, mail, email, or a visit in person) with threats in the form of “reminders” of “their own potential liability for allowing suspected illegal transactions to continue to take place” and their potential susceptibility to “money laundering prosecutions … and/or hefty fines.” Allusion to that “susceptibility” was the culminating and most ominous threat in the letter.
Posner further notes that if an ordinary citizen had sent a letter with similar requests, and without the "demands," the payment companies likely would have been "discarded or filed away." Posner gets down to the truth of the matter:
Visa and MasterCard were victims of government coercion aimed at shutting up or shutting down Backpage’s adult section (more likely aimed at bankrupting Backpage--lest the ads that the sheriff doesn’t like simply migrate to other sections of the website), when it is unclear that Backpage is engaged in illegal activity, and if it is not then the credit card companies cannot be accomplices and should not be threatened as accomplices by the sheriff and his staff.
Posner points out that Section 230 protects Backpage from liability and the hints that Mastercard and Visa might be liable for federal crimes (which are exempt from Section 230) are ludicrous. He also knocks Dart for suggesting that all ads in the adult section of Backpage are illegal themselves, noting that plenty of it is perfectly legal, including fetishism and phone sex.

And thus:
As a citizen or father, or in any other private capacity, Sheriff Dart can denounce Backpage to his heart’s content. He is in good company; many people are disturbed or revolted by the kind of sex ads found on Backpage’s website. And even in his official capacity the sheriff can express his distaste for Backpage and its look-alikes; that is, he can exercise what is called “[freedom of] government speech.”... A government entity, including therefore the Cook County Sheriff’s Office, is entitled to say what it wants to say—but only within limits. It is not permitted to employ threats to squelch the free speech of private citizens. “[A] government’s ability to express itself is [not] without restriction. … [T]he Free Speech Clause itself may constrain the government’s speech.”
Posner clearly notes the potential slippery slope:
For where would such official bullying end, were it permitted to begin? Some public officials doubtless disapprove of bars, or pets and therefore pet supplies, or yard sales, or lawyers, or “plug the band” (a listing of music performances that includes such dubious offerings as “SUPERCELL Rocks Halloween at The Matchbox Bar & Grill”), or men dating men or women dating women—but ads for all these things can be found in non-adult sections of Backpage and it would be a clear abuse of power for public officials to try to eliminate them not by expressing an opinion but by threatening credit card companies or other suppliers of payment services utilized by customers of Backpage, or other third parties, with legal or other coercive governmental action.
Finally, Judge Posner rejects the lower court's claims that issuing an injunction would hurt Dart's own First Amendment rights:
The judge was further mistaken when he said that “the Sheriff’s own First Amendment rights are at stake in this case and the Court must therefore also consider the risk that erroneously entering an injunction would chill Dart’s own right to speak out on issues of public concern. Sheriff Dart has a First Amendment right to publicly criticize the credit card companies for any connection to illegal activity, as long as he stops short of threats” (emphasis added). But the judge himself, in the passages we quoted earlier, had been emphatic that Dart had not stopped short of threats. Those threats were not protected by the First Amendment; they were violations of the First Amendment.
This ruling has lots of great quotes that may be quite useful elsewhere. Over the years we've seen many politicians make similar threats -- often to similar results. Remember when former Senator Joe Lieberman pressured Amazon to stop hosting Wikileaks? And similar pressure led Mastercard and Visa to stop accepting donations for Wikileaks as well -- apparently in a deal with US diplomats. Lieberman (that guy again?!?) also famously put pressure on Google to censor websites that he deemed as promoting "terrorism" and similarly pressured Twitter to silence the feeds of people he didn't like. He also threatened the NY Times for publishing Wikileaks' documents.

And, of course, in just the last few weeks, we've seen increasing pressure from government entities potentially demanding censorship online of "bad" content in the wake of the Paris attacks. Hopefully, this ruling by Posner will provide a useful tool to combat such censorship. While it technically only applies in the 7th Circuit, Posner's rulings are influential in other circuits as well. Of course, there's a chance that Sheriff Dart will decide to waste more taxpayer money and seek for an en banc rehearing in the 7th Circuit or even ask the Supreme Court to hear the case as well. If so, this could become a key free speech case concerning government coercion to silence online speech.

Read More | 10 Comments | Leave a Comment..

Posted on Techdirt - 30 November 2015 @ 2:04pm

Microsoft Lobbying Group Forces 'Pirate' To Get 200,000 Views On Anti-Piracy Video... Whole Thing Backfires

from the 'education'-campaign dept

The history of anti-piracy activities by the legacy entertainment and software industries always seems to focus on the mistaken idea that if only the public were "more educated" piracy would magically go away. That's never been true. In fact, nearly every attempt at an education campaign hasn't just failed to work, it's often actively backfired and been mocked and parodied. And yet, if you talk to politicians and industry folks, they still seem to think that "more education" will magically work next time. One can only wonder what the hell the geniuses at the Software Alliance (the BSA -- which used to be the "Business Software Alliance" but has dropped the "Business" part, but not the "B" in its name) were thinking when they decided to "settle" with a guy who apparently uploaded some Microsoft software in the Czech Republic. The terms of the settlement required him to take part in a "professionally produced" anti-piracy video and that the video needed to get 200,000 views on YouTube or he might face having to pay damages in court.

The BSA is a well-known front for Microsoft, and has a long history of rather ridiculous claims about "piracy," so I guess it's little surprise that it's now engaged in out and out propaganda, but done so badly that it's turned the whole thing into a laughingstock. The whole "compelled speech" aspect of the settlement, including the requirement to get so many views, strikes basically everyone as ridiculous and stupid. Press attention has of course propelled the video to well over 200,000 thousand views at this point, and many of the YouTube comments are completely mocking the campaign -- and noting that they're watching the video to help the accused be let off the hook. The video is in Czech, but even so it's hilarious. It has the same sort of ominous production values as the old "You wouldn't download a car!" ads that have been mocked for years as well:

It really highlights just how out of touch folks at the BSA are, in that anyone actually thought this kind of thing would help it in any way, rather than making it a continued laughingstock.

60 Comments | Leave a Comment..

Posted on Techdirt - 30 November 2015 @ 12:43pm

Saudi Arabia Says It Will Sue Twitter Users Who Compare It To ISIS; Apparently Skips The NY Times

from the can-a-whole-country-do-a-streisand-effect dept

Just about a week ago, the NY Times had a giant article comparing Saudi Arabia to ISIS. It was a rather powerful article that highlights the similarities and connections between the two, while really highlighting the incredibly hypocritical attitude of many Western politicians who freely embrace the Saudi government while claiming that ISIS is barbaric.

Then, just a few days later, Saudi Arabia's Justice Ministry announced that it would sue someone for calling Saudi Arabia "ISIS-like." Of course, it's not the NY Times that the Saudi government is going after, but a Twitter user, who compared a Saudi death sentence for a Palestinian poet to the way ISIS carries out its own "justice" system. The Twitter user in question has not been named. It seems like the strategy here is to scare people away from comparing Saudi Arabia to ISIS, but there's a decent chance that it goes in the other direction. Such a plan is so ridiculous that it seems only likely to draw many more comparisons.

And, really, if your goal is to distance yourself from a group of crazy nutjobs who appear to have a somewhat arbitrary sense of justice and thrive on using the death penalty as a weapon, perhaps announcing plans to go after individuals criticizing you on Twitter isn't the best way to further the distinction.

67 Comments | Leave a Comment..

Posted on Techdirt - 30 November 2015 @ 11:38am

UK ISP Boss Highlights Technical Stupidity Of The Snooper's Charter Proposal

from the surveillance-magic dept

There's just something absolutely nutty when politicians with no technical knowledge whatsoever try to make technology policy, and it often crosses over into out-and-out slapstick when that technology policy involves surveillance. It's why we see things like talk of "golden keys" for encryption that somehow wouldn't be "backdoors" (even though they are). Over in the UK, they're going through something similar with the current "debate" (if you can call it that) over the latest Snooper's Charter bill, officially known as the "Investigatory Powers Bill" or the "IPBill."

A key element in the bill is the demand for "internet connection records." The draft bill has a whole section on these "ICRs" which it defines as:

A kind of communications data, an ICR is a record of the internet services a specific device has connected to, such as a website or instant messaging application. It is captured by the company providing access to the internet. Where available, this data may be acquired from CSPs by law enforcement and the security and intelligence agencies.

An ICR is not a person’s full internet browsing history. It is a record of the services that they have connected to, which can provide vital investigative leads. It would not reveal every web page that they visit or anything that they do on that web page.
That definition, by itself, seems somewhat self-contradictory, but we'll leave that aside for now. Adrian Kennard, the head of a small UK ISP, Andrews & Arnold, has filed some comments highlighting how technically clueless this idea is:
The explanatory notes, and one of the clauses in the bill, make use of the term “Internet Connection Record”. We are concerned that this creates the impression that an “Internet Connection Record” is a real thing, like a “Call Data Record” in telephony.

An ICR does not exist - it is not a real thing in the Internet. At best it may be the collection of, or subset of, communications data that is retained by an operator subject to a retention order which has determined on a case by case basis what data the operator shall retain. It will not be the same for all operators and could be very different indeed.

We would like to see the term removed, or at least the vague and nondescript nature of the term made very clear in the bill and explanatory notes.
From there, it goes even further, pointing out that the justification for needing these non-existent ICRs was a statement from UK Home Secretary Theresa May about how useful such info would be in finding a missing girl:
"Consider the case of a teenage girl going missing. At present we can ask her mobile provider for call records before she went missing which could be invaluable to finding her. But for Internet access, all we get is that the Internet was accessed 300 times. What would be useful would be to know she accessed twitter just before she went missing in the same way as we could see she make a phone call"
Except, as Kennard points out, that's not how the internet actually works. You don't "connect" to Twitter like that, because you're constantly connected to Twitter:
...in yesterday’s meeting I, and other ISPA members immediately pointed out the huge flaw in this argument. If the mobile provider was even able to tell that she had used twitter at all (which is not as easy as it sounds), it would show that the phone had been connected to twitter 24 hours a day, and probably Facebook as well. This is because the very nature of messaging and social media applications is that they stay connected so that they can quickly alert you to messages, calls, or amusing cat videos, without any delay.

It should be noted that it is quite valid for a “connection” of some sort to last a long time. The main protocol used (TCP) can happily have connections for hours, days, months or even years. Some protocols such as SCTP, and MOSH are designed to keep a single connection active indefinitely even with changes to IP addresses at each end and changing the means of connection (mobile, wifi, etc). Given the increasing use of permanent connections on mobile devices, it is easy to see how more and more applications will use such protocols to stay connected - making one “internet connection record” which could even have passed the 12 month time limit by the time it is logged.

Connections are also typically encrypted and have some data passing all the time, so it would not be practical for an ISP, even using deep packet inspection, to indicate that the girl “accessed twitter” right before she vanished, or even at all (just that there is a twitter app on the phone and logged in).
This seems like a rather important point: the people who put together the Snooper's Charter for spying on the internet don't seem to understand the first thing about how the internet actually works. And yet we're supposed to give them sweeping powers to spy on it? How does that make any sense?

Read More | 15 Comments | Leave a Comment..

Posted on Techdirt - 30 November 2015 @ 3:32am

Details Of How The Paris Attacks Were Carried Out Show Little Effort By Attackers To Hide Themselves

from the but-we-blame-encryption? dept

On Friday, the Wall Street Journal's Stacy Meichtry and Joshua Robinson published an in-depth bit of reporting on the planning and operational setup of the Paris attackers, revealing a bunch of previously unknown details. The key thing, however, isn't just the total lack of anything that looks like sophisticated encryption, but the opposite. The attackers basically did nothing to hide themselves, communicating out in the open, booking houses and cars in their real names, despite some of them being on various terrorist watch lists. It discusses how Brahim Abdeslam booked a house using an online website (Homelidays -- a French service that is similar to Airbnb, though it predates Airbnb by a lot), using his own name. So did his brother, Salah Abdeslam, who booked a hotel for a bunch of the attackers (using his real name) on Booking.com.

The piece mentions, as we noted earlier, that the attackers appeared to communicate via unencrypted SMS. It also mentions how the guy who planned the attacks, Abdelhamid Abaaoud, bragged about his plans in ISIS's English-language glossy magazine months ago. Again, you'd think that this would alert the intelligence community to actually watch the guy, but again it appears he did little to hide his movements or communications.

In fact, the report notes that after Abaaoud shot up a restaurant, he went back to check out the aftermath of the attacks that he had helped put together -- and kept his mobile phone with him the whole time, making it easy to track his whereabouts:

An hour after Mr. Abaaoud finished shooting up restaurants, he emerged from a metro station in the 12th district, according to data police pulled from his cellphone. He headed west toward the sound of sirens, his path zigzagging as he returned to the scene of his crimes.

For two hours after the massacre ended, prosecutors say, Mr. Abaaoud surveyed his handiwork, at one point blending in with panicked crowds and bloodied victims streaming from the Bataclan
You can read the entire thing and note that, nowhere does the word "encryption" appear. There is no suggestion that these guys really had to hide very much at all.

So why is it that law enforcement and the intelligence community (and various politicians) around the globe are using the attacks as a reason to ban or undermine encryption? Again, it seems pretty clear that it's very much about diverting blame for their own failures. Given how out in the open the attackers operated, the law enforcement and intelligence community failed massively in not stopping this. No wonder they're grasping at straws to find something to blame, even if it had nothing to do with the attacks.

69 Comments | Leave a Comment..

Posted on Techdirt - 25 November 2015 @ 12:38pm

Montana Newspaper Announces Plans To Reveal The Names Of All Previous Commenters, Despite Promises To Keep Them Secret

from the well,-that's-one-strategy dept

The Montana Standard, a newspaper in Butte, Montana has apparently decided on a new strategy for its online commenters, requiring "real names" to be associated with every comment. We've spent plenty of time arguing why this is kind of stupid, but many websites falsely believe that anonymity leads to less friendly comments, and using "real names" will magically make people nice (in our experience, people with real names can still be insufferable jackasses, while some of our best comments come from anonymous users, but...). But, that change in policy alone isn't that big of a deal. What is a big deal is that the Standard has decided to do this retroactively. As it stands now, and as it's been in the past, when you sign up to comment, it directly asks you for both your real name and your "screenname" and states pretty clearly that this is the name that will display with your comments:

But on January 1st, all of that changes, and whatever people put in as their "real names" will show up. The Standard is allowing people who are concerned to email them before December 26th to argue for why their comments should be removed before the January 1st switch over, but it seems likely that many won't even realize this is happening. Lots of people have been using the comments on that post itself to criticize this plan, and Paul Alan Levy has written a thorough post explaining why this is so problematic:
The Standard’s retroactive application of its real name policy seems to me highly irresponsible. You can easily imagine a newspaper deciding that is not going to rely on anonymous sources in its news stories – certainly there have been media entities that have claimed to have adopted such policies. But can you imagine a paper doing so retroactively, leaving its stories online that were previously sources anonymously but replacing such categories as “inside source” with the name of a whistleblower, or replacing “highly placed official” with the name of the conniving government official speaking “candidly” about his internal adversaries under cover of source protection? “I’m sorry, Deep Throat, we have decided to tell Nixon and his henchmen who you really are.” You could have a number of unhappy sources, not to speak of some dead ones where the sources live abroad in a society or culture where dissent is not tolerated. The source’s life could be in danger even if the source lives inside the United States, if the source was talking about the Crips, or MS-13, or some militia group.

The Standard’s editor told Davis that it is publishing notice of its new policy, including the retroactive application, in both its print editions and web site, and that it “is sending emails to prior commenters, when it has valid email addresses.” (Although as of today, when I looked at the page where the site’s users register to be allowed to comment, there was no notice of any impending policy; to the contrary, the site still promises that the screen name “is the name that will be displayed next . . . for comments, blog posts, and more. Choose wisely!”) But depending on how long it has been since the Standard started accepting registrations, it is quite possible that users may have changed their email addresses, or have moved on to a new email address without ever canceling the old one, and hence they might not see the Standard’s notice. And it is also quite possible that some of the commenters may have made comments that place their economic or even physical security at risk from the individuals or companies that they criticized in online comments. Or, their comments might have revealed something about their own experiences or past conduct that they were willing to share with the public anonymously, making a valuable contribution to a discussion, but would never have been willing to provide had they known that their own names would be attached. The Standard could be putting livelihoods and more at risk through its retroactive changes.
Levy further tested the existing commenting system, discovering that it was, in fact, easy to sign up with fake "real names" -- including a test where he signed up using the name of the Standard's editor, David McCumber.
I was able to register with a completely invented name, in which I provided a real email address but no other truthful information in the various boxes on the registration page. The comment I posted is the only one that was posted on November 23, 2015 – it appears with the screen name “notmyrealname.” As a further test, I registered again today, again providing false information throughout the registration process, but this time the “real name” I provided was the name of the Standard’s editor, David McCumber, and the street address that I provided was the Standard’s own address. The comment duly appeared on the paper’s web site a few minutes later – it is there under the screen name “NotReallytheEditor.” So, presumably, this comment will appear on January 1 as having been posted by David McCumber.
Promising to keep people's names hidden, and then retroactively changing that with little notice seems like an incredibly irresponsible thing to do. One hopes that the Standard will reconsider.

43 Comments | Leave a Comment..

Posted on Techdirt - 25 November 2015 @ 11:39am

If You Want To Have Sex With Charlie Sheen, You Have To Give Him The Copyrights On Any Photos You Take Of Him

from the wait,-what? dept

As you may have heard, last week actor Charlie Sheen announced that he is HIV positive, which got lots of news coverage. Related to that, In Touch magazine produced the non disclosure agreement (NDA) that it claims "Charlie Sheen had his sexual partners sign when they came to his house." I guess if you're a celebrity known for sleeping around, this is the kind of thing you have your lawyers cook up for you. But what struck me as interesting was that, beyond the basic NDA language, there was some copyright language concerning any images, videos or sound recordings. You can understand why Sheen (and his lawyers) don't want anyone taking pictures of him or even talking about the relationship to book or magazine writers, so they include some bizarre copyright transfer language for the partner to agree to:

It's a little difficult to read, so here are the relevant sections:
1.3 No Participation in Books or Articles. Without Your advance express written consent, I will not give or participate in any interviews, write or be a source for, any articles, books, programs, or stories about You or the Related Parties, whether truthful, fictionalized, on the record, or "off the record." If I breach these promises, My copyright in any such unauthorized material shall be automatically and immediately transferred by Me to You as of its creation and in perpetuity, and this Agreement shall constitute a valid transfer of copyright.

1.4 Images and Recordings. Without Your advance express written consent, I will not create any photographs, movies, videos, sound or image recordings or otherwise capture any depictions or likenesses of You, Your family, friends, associates or employees ("Images and Recordings"). If I breach these promises any images and Recordings I create shall be considered Confidential Information, and My copyright in them shall be deemed automatically and immediately transferred by Me to You as of its creation and in perpetuity, and this Agreement shall constitute a valid transfer of copyright. If you expressly direct Me to create any Images and Recordings, they will be Confidential Information in which I have no legal rights or interest whatsoever, including any copyright, trademark, "moral rights," patent, or other similar rights, and I convey, transfer and assign to You all of My right, title and interest (if any) of whatever kind or nature in all Images and Recordings as of their creation and in perpetuity, and this Agreement shall constitute a valid transfer of copyrights.
Of course, the "in perpetuity" is not really accurate, as you can't give up your termination rights, even with a contractual agreement, to take back your copyrights after 35 years, but, really, that's besides the point. I do wonder how valid Section 1.3 is at all. If the partner is interviewed for a book or a magazine article, there likely isn't any copyright for Sheen's partner to transfer in the first place, as nothing is "fixed" by that partner. Furthermore, in most cases, the book or magazine author/publisher would likely have a strong fair use claim if Sheen tried to have those quotes deleted via copyright. If anything, this just seems like a way to make it sound scary to go out and talk to a magazine or book author.

The transfer of copyright in the photos and videos at least seems a bit more legit, if still sketchy. Of course, once again, though, this shows where copyright is being used directly for censorship purposes, entirely divorced from its supposed purpose of providing incentives to create.

Read More | 20 Comments | Leave a Comment..

Posted on Techdirt - 25 November 2015 @ 10:39am

European Patent Office Threatens Blogger With Defamation Lawsuit For Criticism

from the thin-skin dept

World Intellectual Property Review (WIPR) is reporting that the European Patent Office, EPO, has threatened Roy Schestowitz with a defamation lawsuit over a blog post he did. Schestowitz writes the Techrights blog, which I personally think can go overboard with some of its stories at times. However, to argue that his stories are defamation, especially by a government agency, is crazy. Back in October, Schetowitz had a story claiming that the EPO was prioritizing patent applications from large companies like Microsoft to "foster a better esprit de service." I actually don't think the program described by the EPO actually sounds that crazy, and the EPO's response isn't that crazy either -- it's just about more efficiently handling certain patent applications to keep the office from getting swamped. Indeed, it does seem like Schestowitz may have overreacted with his interpretation of the memo. But, misinterpreting something is hardly defamation.

In fact, to argue that Schestowitz's post is defamatory is crazy. Threatening Schestowitz with a defamation claim is much crazier and dangerous than even Schestowitz's own interpretation of the EPO's memo. If you're working for a government agency, such as the EPO, you have to be willing to accept some amount of criticism, even if you disagree with it. To claim it's defamation and to threaten a lawsuit is really, really screwed up. Frankly, this calls into question what the EPO is focused on much more than any claims of favoring large companies. Also bizarre is the fact that WIPR edited its own story to remove any mention of what Schestowitz's original blog posts were about in the first place. They had originally included a sentence briefly describing the original Techrights blog post that got the EPO upset, but then deleted that part.

The EPO has been coming under a fair bit of criticism lately, and the entire organization appears to be astoundingly thin-skinned. A few months ago, the office apparently blocked access to Techrights altogether from within its network. That seems like a pretty strange move in the first place. Florian Mueller (and, yes, I know that many people here don't trust Mueller, but...) has pointed out how absolutely ridiculous the EPO can be about just about anything related to how it works:

The European Patent Office is the last dictatorship on Central European soil. Local police cannot allowed to enter the EPO's facilities without an invitation from the president. National court rulings cannot be enforced; compliance is voluntary. Employees and visitors are subjected to covert surveillance. And if employees are fired (or "suspended"), which just happened to several staff representative, they won't get their day in court for about ten years.

The EPO's leaders have a rather selective attitude toward the law. When it's about their wrongdoings, they want their organization to be a lawless, autocratic island that disrespects human rights. But when the rules of the world around the EPO come in handy, the leadership of the EPO tries to leverage them against those who dare to criticize it.
I'm having trouble thinking of any other governmental agency that has ever threatened a public critic with defamation. Basic concepts around free speech suggest that the EPO should suck it up. If it disagrees with Schestowitz's interpretation of what it's doing, then it can come out and explain its side of the story. Threatening him with defamation actually only makes me think that perhaps his interpretation hits closer to home than I originally believed.

13 Comments | Leave a Comment..

Posted on Techdirt - 25 November 2015 @ 6:30am

German Publisher Axel Springer Just Can't Stop Suing Ad Blockers, And Attacking Its Own Readers

from the why-would-you-do-that?!? dept

As you hopefully already know, we take a bit of a different view of ad blockers around here on Techdirt, recognizing that many people have very good reasons for using them, and we have no problem if you make use of them. In fact, we give you the option of turning off the ads on Techdirt separately, whether or not you use an ad blocker. And we try to make sure that the ads on Techdirt are not horrible, annoying or dangerous (and sometimes, hopefully, they're even useful). Most publications, however, continue to take a very antagonistic view towards their very own communities and readers, and have attacked ad blockers, sometimes blocking users from reading content if they have an ad blocker. Perhaps no publication has fought harder against ad blockers than German publishing giant Axel Springer, the same company that frequently blames Google for its own failure to adapt.

Axel Springer has been suing the makers of various ad blockers. So far, those cases have failed miserably, making Axel Springer look like a whiny, out-of-touch publication that refuses to get with the times. But, instead, it just keeps on suing. From TechCrunch:

German media giant Axel Springer, which operates top European newspapers like Bild and Die Welt, and who recently bought a controlling stake in Business Insider for $343 million, has a history of fighting back against ad-blocking software that threatens its publications’ business models. Now, it’s taking that fight to mobile ad blockers, too. According to the makers of the iOS content blocker dubbed “Blockr,” which is one of several new iOS 9 applications that allow users to block ads and other content that slows down web browsing, Axel Springer’s WELTN24 subsidiary took them to court in an attempt to stop the development and distribution of the Blockr software.

Specifically, explains the law firm representing Blockr, Axel Springer wanted to prohibit Blockr’s developers from being able to “offer, advertise, maintain and distribute the service” which can be used today to block ads on http://www.welt.de, including the website’s mobile version.

Isn't that nice. Rather than recognize that people don't like your ads, you try to sue the companies serving an actual consumer need so that you can continue to piss off your readers. It's the dinosaur strategy -- rather than innovate, you sue to try to stave off the inevitable decline.

67 Comments | Leave a Comment..

Posted on Techdirt - 24 November 2015 @ 12:45pm

Did You Hear About How ISIS Has A Sophisticated Training Manual For Encryption? Yeah, It Was Actually A Pamphlet For Journalists And Activists

from the fud-fud-fuddy-fud-fud dept

Did you hear that story about how ISIS is so sophisticated with encryption that they have a special "opsec" manual on computer security protocols? You might have, because last week it was all over the internet. Yahoo kicked it off with a story, claiming it was the secret manual ISIS "uses to teach its soldiers about encryption." Wired followed up with its own story, as did The Telegraph. The "manual" was "discovered" by analysts at the Combating Terrorism Center, based out of the US Military Academy at West Point. Thankfully, Buzzfeed has the details, noting that the guide, created by a cybersecurity firm in Kuwait, named Cyberkov, is actually a guide for journalists and activists to protect their communications from oppressive governments. And there's nothing particularly secret about it, as apparently it's basically just repurposed stuff from the EFF's website:

“Our guide is based on publicly available tools, instructions and best practices. The guidelines in our manual are sourced from the EFF [Electronic Frontier Foundation] and other sources of privacy organizations,” wrote CyberKov CEO Abdullah AlAli to BuzzFeed News in an email. He said his organization had no idea its guide had been repurposed by ISIS. He was surprised to see it cited in articles, many of which have been updated since they were originally posted to note the document’s origin, and “even more shocked to see the Combating Terrorism Center at West Point simply Google-Translated it and claimed it as ISIS’s.”
Now, it does appear that some folks in ISIS may have sent around versions of the guide, but it sort of undermines the idea that they had created their own special set of guidelines to avoid being tracked, when all they're doing is picking up publicly available information on security best practices.

31 Comments | Leave a Comment..

Posted on Techdirt - 24 November 2015 @ 8:21am

A Month Ago, Dianne Feinstein Said Cybersecurity Was Super Important... Now She Says We Should Undermine Encryption

from the which-side-is-she-on? dept

Look, everyone has known for quite some time that Senator Dianne Feinstein's big push for so-called "cybersecurity" legislation in the form of CISA had absolutely nothing to do with cybersecurity. It was always about giving another surveillance tool to her friends at the NSA. However, given that she was one of the most vocal in selling it as a "cybersecurity" bill (despite the fact that no cybersecurity experts actually thought the bill would help) it seems worth comparing her statements from just a month ago, with her new attacks on actual cybersecurity in the form of encryption.

Here is Feinstein just a month ago, claiming to worry about "cyberattacks" on Americans:

"Millions of personal records and hundreds of billions of dollars fall victim to cyber-attacks every year, and we’ve done little to stem the tide."
Of course, CISA does nothing to protect any of that. You know what does protect against that -- better use of encryption to keep that information from getting hacked in any useful manner.

Okay, fast forward. Following the Paris attacks, Feinstein has been among the most vocal in claiming that we need to undermine encryption, which is pretty amazing given that she represents California (and is from San Francisco), home to tons of tech companies that actually get this and think she's completely crazy for undermining actual cybersecurity.

Never mind that, though. Here she is this past weekend, on CBS's Face the Nation totally attacking encryption itself and mocking the tech companies that just a month ago she was insisting needed special government help to protect against cyberattacks. She was asked if the intelligence community has the tools it needs, and she decides to attack encryption -- even choosing to cite as a source CIA director John Brennan -- the same John Brennan who illegally spied on her staffers and then lied about it repeatedly.
"I can say this. [FBI] Director [James Comey] and, I think John Brennan, would agree, that the Achilles Heel in the internet is encryption. Because there are now... it's a black web! And there's no way of piercing it. And this is even in commercial products! PlayStation, John! Which our kids use. If the two ends communicate, that's encrypted. So terrorists can use PlayStation to be able to communication and there's nothing that can be done about it."
The host, John Dickerson, then points out that the tech industry (again, mostly based in or near Feinstein's hometown, and that she's supposed to be representing) says that backdooring encryption makes us less safe and opens us up to more attack, and Feinstein brushes it off, relying on her apparent years of computer security training...
No. I don't think so. I think with a court order, with good justification, all of that can be prevented. It can be prevented in Europe, because Europe has been a major driver for more encryption. And I think that they are now seeing the results. I have visited with all of the General Counsels of the tech companies, just to try to get them to take bomb building recipes off the internet. Recipes that have been tested and we know can explode a plane. Directions. Where to sit on the plane to blow it up. We know that there are bombs that can go through magnetometers. And to put that information out on the internet, is terrible. And I sorta got 'well, pass a law.' So, we may just have to do that. But I am hopeful that the companies, most of whom are my constituents -- not most, but many -- will understand what we're facing. And we're not crying wolf. There's good reason for this. And people are dying all over the world. And I think the Sinai-Russian airliner is a classic example of a bomb that got on a plane, that blew up that plane.
Where to start with this nonsense? First, note that she doesn't actually respond to the question concerning how undermining encryption will make us all less safe and make all that information Feinstein herself claimed was under attack just a month ago more vulnerable, other than to say that she, personally, doesn't think that what every computer security expert has been saying is true. Yikes.

Second, rather than focus on encryption, she pivots to her other pet projects, claiming that the government should force internet companies to censor The Anarchist's Cookbook. She keeps on this despite the fact that all the way back in 1997, the DOJ directly told Feinstein that this would violate the First Amendment. From the DOJ to Feinstein:
The First Amendment would impose substantial constraints on any attempt to proscribe indiscriminately the dissemination of bombmaking information. The government generally may not, except in rare circumstances, punish persons either for advocating lawless action or for disseminating truthful information -- including information that would be dangerous if used -- that such persons have obtained lawfully.
Third, this weird infatuation with The Anarchist's Cookbook, despite the fact that it's generally recognized as a joke for fools, where the likelihood of being able to build an actual bomb from it are minimal at best. And, while she pretends that the GCs of tech companies just sort of shrugged their shoulders about this, it's much more likely that it's because they thought she was being ridiculous trying to censor the internet in violation of the First Amendment. Whoever told her "well, pass a law" was almost certainly trying to get rid of her, knowing that any such law would be unconstitutional.

Fourth, this tangent about "bomb making instructions" online still has absolutely nothing to do with encryption or the question about how encryption makes us all much more vulnerable to attack and actually makes us all less safe.

Fifth, the comment about Europe is insane. Again, while the attackers may have used some encryption, it's been revealed (since long before Feinstein did this interview) that they did an awful lot of communicating in the clear, including unencrypted SMS and Facebook messenger. On top of that, what the hell does "Europe has been a major driver for more encryption" even mean? Perhaps it's true that they've been adopting more encryption to hide from the NSA's spying that Feinstein herself helped hide from everyone.

Sixth: the whole PlayStation thing has been debunked as a way that the Paris attackers communicated. They did not. Furthermore, she's just wrong that the PlayStation has end-to-end encryption. It does not.

Seventh, does she honestly believe that whoever blew up that Russian airplane downloaded bomb-making instructions from the internet? Also, if it were really so easy to get such instructions and get them through security, don't you think we'd have seen a lot more airplanes blown up by now?

In summary, Feinstein (a month ago) said we should all be deathly afraid of cyberattacks, and the only way to solve it was to give the government much greater access to companies' computer systems, via CISA. And, now, she insists that encryption is an "Achilles's heel" and that actual cybersecurity experts are lying when they say undermining encryption will put everyone at risk. Why? Because The Anarchist's Cookbook is online and Google won't take it down.

Is it really so much to ask for politicians to actually understand technology before they go off on ridiculous, ignorant, uninformed rants about it -- often leading to even more ridiculous and dangerous legislation?

40 Comments | Leave a Comment..

Posted on Techdirt - 23 November 2015 @ 10:40am

Telegraph Publishes The Dumbest Article On Encryption You'll Ever Read... Written By David Cameron's Former Speechwriter

from the no dept

Over the weekend, the Telegraph (which, really, is probably only the second or third worst UK tabloid), published perhaps the dumbest article ever on encryption, written by Clare Foges, who until recently, was a top speech writer for UK Prime Minister David Cameron (something left unmentioned in the article). The title of the article should give you a sense of its ridiculousness: Why is Silicon Valley helping the tech-savvy jihadists? I imagine her followups will including things like "Why is Detroit helping driving-savvy jihadists?" and "Why are farmers feeding food-savvy jihadists?"

The article is perhaps even dumber than the headline, but let's dig in.

What will it take? 129 dead on American soil? 129 killed in California? What level of atrocity, what location will it take for the Gods of Silicon Valley to wake up to the dangerous game they are playing by plunging their apps and emails ever deeper into encryption, so allowing jihadists to plot behind an impenetrable wall?
"Plunging their apps even deeper into encryption"? I don't even know what that means, but let's flip it around: How many hacked credit cards, medical information and email accounts will it take for the Gods of Silicon Valley to wake up and recognize they need to better protect user data. Because that's what's actually happening. Encryption is not about "allowing jihadists to plot behind an impenetrable wall" it's about protecting your data -- even that of Clare Foges -- from malicious attackers who want access to it. Or does Foges and her former boss David Cameron communicate out in the open where any passerby can snoop on their messages?

Does this mean some bad people can use encryption? Yes. But it's not as "impenetrable" as she seems to think (we'll get to her knowledge of technology and encryption in a moment). Even if you're using encryption, there is still plenty of metadata revealed. Furthermore, there have always been ways to communicate in less-than-understandable or less-than-trackable way -- and the terrorist community has used them forever. They don't need to rely on "Silicon Valley" giants.

But, more to the point, undermining encryption makes everyone significantly less safe. The whole idea that weakening encryption makes people more safe is profoundly ignorant. Even more ridiculously, Foges blames Ed Snowden for this:
Why? It goes back to Edward Snowden, the weaselly inadequate whose grasp for posterity has proved a boon for Isil. They should be gratefully chanting his name in Raqqa, for it was Snowden’s revelations about government surveillance methods that triggered this extraordinary race towards deeper encryption.
This, of course, is wrong. Stupidly, ignorantly, wrong. Again, studies have shown that post-Snowden, terrorists didn't change anything in how they communicate. They were already using encryption and reports suggest that they'd been using encryption going back more than a decade. Snowden's revelations only pointed out how governments were doing mass surveillance on ordinary citizens. Everyone -- including various terrorist organizations -- already assumed (correctly) that they were spying on terrorist organizations and sympathizers. So it's not clear what Foges is claiming here, other than that she's pulling a Dana Perino and shielding her ex-boss from criticism by blaming the whistleblower.
All this is making the job of the security services infinitely harder. FBI Director James Comey calls the challenge “going dark”. Leads are followed until they hit the brick wall of indecipherable data. A few years ago law enforcement agencies could approach Hotmail or Google with a warrant and get vital information to stop horrors unfolding. Now the data they salvage is often gobbledegook – a load of encrypted numbers that are impossible to read. They are trying to save lives but are being frustrated by encrypted technology.
This is also astoundingly ignorant and wrong. To date, the FBI and others have failed to present a single example of where encryption has actually been a problem in deciphering this information. Also, naming Hotmail and Google is wrong as well, as neither Hotmail nor Gmail currently offer end-to-end encryption in a manner that anyone really uses. Google does have a test version available, but the number of people using it is barely notable. So, yes, if law enforcement goes to Google with a valid warrant, it's going to turn over your emails.
This isn’t about privacy, it’s about profit
This may be the most ignorant statement of all. Encryption also means that these same companies cannot scan the contents of your email, for example to place ads against them. In fact, most people have noted that the reason Google hasn't really embraced end-to-end encryption in Gmail is that it would undermine the business model of that product. But, Foges is on a roll of ignorant bullshit and she can't let little things like facts get in the way.

And, of course she concludes with the usual ridiculousness about how she's just so sure that if they put their minds and money to it, they can figure out how to fix this "problem."
The global tech industry made around $3.7 trillion last year. They employ some of the brightest people on the planet. Apple et al could, if they wanted, employ a fraction of these resources to work out how we can simultaneously keep the good guys’ data secure and keep the bad guys in plain sight. The geniuses of Silicon Valley would be more than a match for the dunderheads in the desert.
Except, overestimating your side and underestimating the enemy seems like a pretty stupid idea -- especially when you're pushing for the impossible. And the idea that you can magically "keep the good guys’ data secure and keep the bad guys in plain sight" is pretty laughable. You don't need to be an expert to recognize the ridiculousness of that statement. Who do you determine are "the good guys" and who are "the bad guys"? Is that something you can code? Because, based on this, I'd argue that Foges is "a bad guy." Is she okay with her information being passed in plain sight? And, of course, the reality is even more ridiculous because, as has been explained in great detail in the past, encryption where "the good guys" have access is encryption that doesn't work -- and thus it's encryption that makes us all less safe.

Asking for encryption that only protects "the good guys" is publicly asking for the impossible. It's an astoundingly ignorant question, that anyone with any amount of expertise would tell you is not a good question to ask.

On Twitter, some people have been pushing back on Foges, and her response has been... well, less than inspiring. When people have pointed out that she seems ignorant of the facts, she not only misses the point, but seems proud of her ignorance.
It's fairly stunning, but Foges article gets almost everything wrong. It doesn't understand encryption. It doesn't understand what tech companies are doing. It doesn't understand how security works. It's just... wrong. When someone on Twitter confronted her about this, she insisted that she interviewed people who felt that it was possible to create such encryption, but then went silent when lots and lots of tech experts asked her to name a single technology professional who agreed with her.

Similarly, it's somewhat bizarre that the Telegraph doesn't note that Foges spent the past few years as UK Prime Minister David Cameron's chief speech writer, and still lists herself as an advisor to Cameron. Seems like something that should have been disclosed. The newspaper isn't exactly known for its accuracy, but this is an embarrassment for both Foges and the Telegraph.

96 Comments | Leave a Comment..

Posted on Techdirt - 20 November 2015 @ 7:39pm

Judge Mocks Public Interest Concerns About Kicking People Off Internet, Tells Cox It's Not Protected By The DMCA

from the that's-a-problem dept

Judge Liam O'Grady -- the same guy who helped the US government take all of Kim Dotcom's stuff, is the judge handling the wacky Rightscorp-by-proxy lawsuit against Cox Communications. The key issue: Rightscorp, on behalf of BMG and Round Hill Music flooded Cox Communications with infringement notices, trying to shake loose IP addresses as part of its shake down. Cox wasn't very happy about cooperating, and in response BMG and Round Hill sued Cox, claiming that 512(i) of the DMCA requires ISPs to kick people off the internet if they're found to be "repeat infringers." Historically, it has long been believed that 512(i) does not apply to internet access/broadband providers like Cox, but rather to online service providers who are providing a direct service on the internet (like YouTube or Medium or whatever). However, the RIAA and its friends have hinted for a while that they'd like a court to interpret 512(i) to apply to internet access providers, creating a defacto "three strikes and you lose all internet access" policy. Rightscorp (with help from BMG and Round Hill Music) have decided to put that to the test.

This is a big, big deal. If the case goes against Cox, then it would create a massive problem for the public on the internet. Accusations of infringement could potentially lead to you totally losing access to the internet, which could really destroy people's lives, given how important the internet is for work and life these days. The details of the case look like they should favor Cox pretty easily. After all, Cox pointed out that Rightscorp only had licenses from the publishes, meaning they had no copyright in the sound recording -- yet they admitted to downloading the sound recording, suggesting that, if anything, Rightscorp was a mass infringer. On top of that there was pretty strong evidence that Rightscorp does not act in good faith in how it runs its shakedown practice, telling people that they have to take their computers to the police to prove their innocence (really).

Unfortunately, as Eriq Gardner reports, Judge O'Grady has ruled against Cox on a very key point: does its current policy grant it safe harbor under the DMCA. The judge said no, though we're still waiting for the full ruling as to why.

The bigger story is O'Grady's determination that there is "no genuine issue of material fact as to whether defendants reasonably implemented a repeat-infringer policy as is required by §512(i) of the DMCA," granting a motion that Cox is not entitled to a safe harbor defense.
Now, just because you're not protected by the safe harbor it does not mean that you are automatically guilty of infringement. There are cases where sites have not qualified for the safe harbor and still prevailed. But it does make things more difficult and complicated and, much more importantly, opens the door to lots and lots of mischief by the RIAAs and MPAAs of the world to use this to kick people off the internet entirely based on accusations of copyright infringement. That's immensely worrisome.

O'Grady doesn't seem to think that kicking people off the internet is really a big deal. Earlier in the case, we've discovered, in the process of flat out rejecting an attempt by Public Knowledge and EFF to file an amicus brief, Judge O'Grady made his views clear:
I read the brief. It adds absolutely nothing helpful at all. It is a combination of describing the horrors that one endures from losing the Internet for any length of time. Frankly, it sounded like my son complaining when I took his electronics away when he watched YouTube videos instead of doing homework. And it's completely hysterical.
That's his response to two well known public interest groups explaining to him the "real world harmful effects" of Rightscorp's copyright shake-down trolling business. But he didn't want to hear any of it. Because protecting the ability of Americans to not be the subjects of extortion schemes and to enable them to communicate and work is "hysterical" and no different from kids not doing their homework because of too much YouTube.

The details here matter, but I would imagine that Cox is likely to appeal. One hopes that the appeals court is more open to listening to the concerns over copyright trolling and kicking people off the internet.

113 Comments | Leave a Comment..

Posted on Techdirt - 20 November 2015 @ 12:48pm

France Responds To Paris Attacks By Rushing Through Internet Censorship Law

from the always-good-to-legislating-while-freaking-out,-huh? dept

The attacks in Paris were a horrible and tragic event -- and you can understand why people are angry and scared about it. But, as always, when politicians are angry and scared following a high-profile tragedy, they tend to legislate in dangerous ways. It appears that France is no exception. It has pushed through some kneejerk legislation that includes a plan to censor the internet. Specifically the Minister of the Interior will be given the power to block any website that is deemed to be "promoting terrorism or inciting terrorist acts." Of course, this seems ridiculous on many levels.

First, there are the basic concerns about free speech. Yes, I know this is France and it doesn't value free speech in the same way as the US, but it's still rather distressing just how quickly and easily the French government seems willing to adopt censorship measures. Second, what good does this actually do? If ISIS sympathizers are expressing their views publicly, doesn't that make it easier to track them and to find out what they're doing and saying? Isn't that what law enforcement should want? Focusing on censorship rather than tracking simply drives those conversations and efforts underground where they can still be used to influence people, but where it's much harder for government and law enforcement ot keep track of what's being said. It also only confirms to ISIS supporters that what they're saying must be so important and valuable if the government won't even let them say it. It's difficult to see how it does any good, and instead it opens up the possibility of widespread government censorship and the abuse of such a power.

41 Comments | Leave a Comment..

Posted on Techdirt - 20 November 2015 @ 10:41am

YouTube Puts Some Monetary Weight Behind Fighting For Fair Use: Others Should Too

from the make-your-users-trust-you dept

Back in 2013, we were impressed when the folks at Automattic (the company behind WordPress), actually filed some lawsuits against people who were abusing DMCA takedown notices just to takedown content they didn't like. Earlier this year, the company also took a strong stand against DMCA abuse by including a "Hall of Shame" in which it called out and shamed particularly egregious takedowns. At the time, we mentioned that other companies should pay attention. Fighting for your users' rights is important, but too many companies don't do it (and many just take things down on demand).

Now YouTube has stepped up a bit as well. There have been plenty of complaints about how YouTube -- and ContentID in particular -- deal with fair use. It's quite difficult for an algorithm to determine fair use, and that's part of the reason why we get nervous when copyright system defenders insist that you can automate takedown processes without collateral damage. However, Google has announced that it will promise to pay the legal fees (up to $1 million) of certain YouTubers where takedowns have been issued in cases where YouTube agrees that fair use applies:

We are offering legal support to a handful of videos that we believe represent clear fair uses which have been subject to DMCA takedowns. With approval of the video creators, we’ll keep the videos live on YouTube in the U.S., feature them in the YouTube Copyright Center as strong examples of fair use, and cover the cost of any copyright lawsuits brought against them.

We’re doing this because we recognize that creators can be intimidated by the DMCA’s counter notification process, and the potential for litigation that comes with it (for more background on the DMCA and copyright law see check out this Copyright Basics video). In addition to protecting the individual creator, this program could, over time, create a “demo reel” that will help the YouTube community and copyright owners alike better understand what fair use looks like online and develop best practices as a community.
It is absolutely true that even when video creators believe that their use is non-infringing because it's fair use, many still won't issue a counternotice, because the next step, if the copyright holder disagrees, is to go to court. And even if you have a slam dunk case, that can be both time consuming and incredibly expensive. And, of course, if you lose, it can be life-destroying expensive, thanks to the idiocy of statutory damages provisions in copyright law.

The NY Times actually has more details than Google's own post and includes some examples.

Constantine Guiliotis, who goes by Dean and whose channel dedicated to debunking sightings of unidentified flying objects has just over 1,000 subscribers, is one of the video makers YouTube will defend. Mr. Guiliotis has received three takedown notices from copyright holders of videos that he has found online and posted to his YouTube channel, U.F.O. Theater.

In his videos, Mr. Guiliotis includes the videos he found but also provides analysis and commentary, which YouTube argues is within the guidelines of fair use rules. The site reposted the videos after its review and told Mr. Guiliotis it would defend him against any future legal action. Like the other creators YouTube has selected, Mr. Guiliotis has not been sued for his videos.

“It was very gratifying to know a company cares about fair use and to single out someone like me,” Mr. Guiliotis said.

Sherwin Siy, over at Public Knowledge, notes that Google probably won't have to spend much money, as any copyright holder who realizes that Google is backstopping the videos will probably (wisely) realize that going to court is less likely to have the desired effect (which is usually just intimidating people into taking down content). However, it's still an important move in creating extra protection for fair use and in helping to establish a clear bar of what's considered to be fair use:

But while this means that Google isn’t likely to spend much, if any money, in litigating these cases, the program still does two very important things. First, it does in fact protect those uploaders. By giving these videos a stamp of approval, Google’s legal team will make the sort of person who sends a bogus or careless takedown notice think even harder about filing a bogus lawsuit. That sort of reassurance can be enough encouragement for someone to put back a video. Oftentimes, someone receiving a takedown notice can shy away from exercising her rights to have it put back because doing so exposes her to a lawsuit. With this sort of protection, much of that fear disappears.

But perhaps the more useful aspect of the program is that it sets a clear example of what fair use is. As videos are added to the program, other users will have a useful set of models that show what Google’s lawyers, at least, are confident is fair use. That information can help an everyday YouTube user in ways that more text-based and specific guides (for educators, etc.) might not.

And this collection of videos sets an example for far more than just other video creators. The set of fair uses on display can act as a living example of the predictability of fair use. Too often, the doctrine is considered hazy or indefinite or impossible to determine. And while there are lots of cases that can exist in a gray area, there’s even more cases that actually are pretty black or white. Most people have seen clearly infringing videos; this program will show a wider audience clearly non-infringing videos. That’s particularly important in the face of other countries who have yet to adopt fair use as a limit on their copyright laws, and have been told that it’s too unpredictable for them to rely upon.

Jeff Roberts, over at Fortune goes even further in calling this "a game changer."
This is why YouTube’s announcement is a game-changer: Copyright-based censorship strategies are no longer risk free. Now, before launching an unjustified DMCA takedown, the claimant will have to weigh the risk of going up against Google and its deep pockets in a lawsuit. (The legal environment could get even more interesting in light of a recent ruling in the Prince “dancing baby” that could make it easier for fair use victors to claim legal fees from those who removed their videos).
I don't know if I'd go that far. Again, Google is only protecting a "handful" of videos, but at the very least it may scare off some of the more egregious abuses, and that's always a good thing. Now, we just need even more platforms to recognize that fighting for your users' fair use rights is important.

17 Comments | Leave a Comment..

Posted on Techdirt - 20 November 2015 @ 9:22am

Dumb Idea... Or The Dumbest Idea? Seize Terrorists' Copyrights And Then Censor Them With The DMCA

from the no-no-no-no-no-no-no-no-no-no-no-no dept

At this point, we all know that the DMCA is a tool that is widely abused for censorship purposes. We have written post upon post upon post upon post upon post upon post upon post upon post upon post upon post upon post upon post upon post upon post upon post upon post detailing this (and those were just from the first page of my search results).

Most people, once aware of this, would recognize that perhaps there's a problem with the DMCA and that it should be fixed. However, some people seem to look at that and say "hey, that's an awesome censorship tool, perhaps we should expand it to other content I don't like." That's why we see people talk about expanding it to cover revenge porn or mean people online.

Or, apparently, terrorism. Yes, terrorism. Paul Rosenzweig, who (believe it or not) really once was a high ranking official in the Department of Homeland Security thinks one way to fight ISIS is to seize their copyrights and then use the DMCA to censor them. He's not joking. Or, at least I think he's not. There's a small chance that it's really a parody, but Rosenzweig has a history of truly nutty ideas behind him, so I'm pretty sure he's serious.

That model might, with a small legislative change, be adapted to the removal of ISIS terrorist speech.  All that would be required was a modification of the law to assign the copyright in all terrorist speech to a non-terrorist organization with an interest in monitoring and removing terrorist content.  Here are the essential components of such a plan:

  • Identification of terrorist organizations to whom the law would apply;
  • A definition of unprotected content associated with that terrorist organization;
  • An extinguishing of copyright in such unprotected content; and
  • Transfer of that copyright to a third party.
I love that "all that would be required" because what he's really saying is that "all that would be required" is we upend basically all concepts regarding free speech and copyright just to silence some people I really don't like. No biggie.

At this point, you should probably already be banging your head on a nearby hard surface, but it gets worse. He actually then worries about how much work it would be for the government to take all these copyrights and issue all those darn takedowns, so instead he suggests handing the copyrights to a third party, which he suggests could be set up similarly to the Red Cross (?!?) and saddling them with the task of issuing takedowns. Perhaps we can name them the Silencing Cross or something along those lines.

He insists that the First Amendment isn't really a problem here because terrorist speech can be seen as "material support" of terrorism and the Supreme Court has already wiped that away.

The most salient case on point is Holder v. Humanitarian Law Project, 561  U.S. 1 (2010), a Supreme Court case that construed the USA PATRIOT Act's prohibition on providing “material support” to foreign terrorist organizations (18 U.S.C. § 2339B). The case is one of the very rare instances of First Amendment jurisprudence in which a restriction on political speech has been approved, and the only one of recent vintage.

The Humanitarian Law Project (“HLP”) had sought to provide assistance to the Kurdistan Workers’ Party in Turkey and Sri Lanka's Liberation Tigers of Tamil Eelam.  According to HLP, their goal was to teach these two violent organizations how to peacefully resolve conflicts. Congress had, previously, prohibited all material aid to designated organizations that involved “training”, “expert advice or assistance,” “service,” and “personnel.”  HLP argued that its assistance was protected political speech.  The government countered with the argument that a categorical prohibition on speech in the form of assistance was required because even non-terrorist assistance would "legitimate" the terrorist organization, and free up its resources for terrorist activities.  The Court approved the limitation on speech because it was narrowly drawn to cover only “speech to, under the direction of, or in coordination with foreign groups that the speaker knows to be terrorist organizations” and served a national interest of the highest order – combatting terrorism.

It would follow, in the wake of Humanitarian Law Project, that just as speech “to” or “under the direction of” or “in coordination” with a foreign terrorist organization may be limited, so too may the content actually published “by” the terrorist organization.

I'm not so sure that First Amendment scholars would agree with him that the shift from speech "to" to speech "by" is that simple, but that's really besides the point.

Let's go back to basics here. Congress only has limited power over creating copyright law. Here it is:
To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries.
I've read that a few times now and I really am struggling to find the part that says "and to censor terrorists."

I mean, I guess the single redeeming idea in Rosenzweig's proposal here is that it's a pretty blatant admission that copyright law is about censorship much of the time. The ISIS-insanity-freakout among political types is really kinda crazy to watch in action. First they wanted to use net neutrality to censor ISIS and now they want to use copyright law? What will they think of next? Defamation law is always popular. Perhaps we can amend Section 230 to silence terrorists. Or, I know, why don't we use the ITC. Or trade agreements. Oh wait, that's basically the MPAA's playbook to censor speech... and now surveillance state apologists can make use of it too!

Meanwhile, hey, maybe instead of trying to censor the folks at ISIS, you watch what they're saying and use that for surveillance purposes. I know, I know, crazy thought. But at the very same time we're having this debate, these very same people are arguing that we need less encryption so law enforcement and the intelligence community can see what ISIS is saying. Yet here's a way to see what they're saying and the focus is on "how do we silence such speech and make it harder to track!"

But, really, Paul, congrats -- we thought we'd heard the dumbest idea in a long time with Joe Barton's "use net neutrality to censor ISIS," but you've topped it. This is the dumbest idea we've heard in a long, long time.

79 Comments | Leave a Comment..

Posted on Techdirt - 20 November 2015 @ 6:08am

Hillary Clinton Joins The 'Make Silicon Valley Break Encryption' Bandwagon

from the are-there-any-good-presidential-candidates? dept

Presidential candidate Hillary Clinton gave a speech yesterday all about the fight against ISIS in the wake of the Paris attacks. While most of the attention (quite reasonably so) on the speech was about her plan to deal with ISIS, as well as her comments on the ridiculous political hot potato of how to deal with Syrian refugees, she still used the opportunity to align herself with the idiotic side of the encryption debate, suggesting that Silicon Valley has to somehow "fix" the issue of law enforcement wanting to see everything. Here's what she said:

Another challenge is how to strike the right balance of protecting privacy and security. Encryption of mobile communications presents a particularly tough problem. We should take the concerns of law enforcement and counterterrorism professionals seriously. They have warned that impenetrable encryption may prevent them from accessing terrorist communications and preventing a future attack. On the other hand, we know there are legitimate concerns about government intrusion, network security, and creating new vulnerabilities that bad actors can and would exploit. So we need Silicon Valley not to view government as its adversary. We need to challenge our best minds in the private sector to work with our best minds in the public sector to develop solutions that will both keep us safe and protect our privacy.

Now is the time to solve this problem, not after the next attack.
It does not. Weakening encryption undermines both security and privacy. There's no "balance" to be had here. You want to maximize both security and privacy and the way you do that is with strong encryption.

Also, the bit about "Silicon Valley" has to "not view government as its adversary" is another bullshit line that has been favored by James Comey and others, who keep insisting that when technologists explain to him that backdooring encryption in a manner that only "the good guys" can use it is impossible that they really mean they haven't tried hard enough. Once again, that's not it. What pretty much the entire tech community has been saying is that it's impossible to create such a thing without undermining the whole thing and making everyone less safe. Hell, here's security expert Steve Bellovin explaining this pretty clearly. He goes step by step through why it won't work, why it makes things more dangerous, why it will be abused, and why it will put us all at risk.

And the reason that Silicon Valley views the government as adversaries is because speeches like Clinton's sets them up that way. Her speech, like Comeys' past speeches are directly setting up the government as an adversary to good computer security, asking technologists to undermine their own creations and make everyone less safe for some unclear amorphous belief that it might make a few people more safe at some point in the future. So, the answer isn't scolding Silicon Valley as Hillary has chosen to do, but rather understanding reality, and recognizing that what she is directly advocating for is to harm the safety of Americans and others around the globe.

This raise serious questions about who is advising Clinton on tech policy. When she was at the State Department, it actually did a lot of really good things on encryption and protecting communications of people around the globe. It's pretty ridiculous for Clinton to undermine her own efforts with such a dumb statement in this speech.

149 Comments | Leave a Comment..

More posts from Mike Masnick >>