Capitalist Lion Tamer’s Techdirt Profile


About Capitalist Lion TamerTechdirt Insider

List of blogs started with enthusiasm, which now mostly lie dormant:

[reserved for future use]

[recently retired]

[various side projects]

Posted on Techdirt - 15 December 2017 @ 1:30pm

How Minecraft Led To The Mirai Botnet

from the just-a-little-unfriendly-competition dept

The Mirai botnet that swept through poorly-secured devices last year resulted in unprecedented denial-of-service attacks. At one point, the botnet turned its wrath on security researcher Brian Krebs' site, resulting in a sustained attack that saw Krebs' DDoS protection service (Akamai) say it was getting too old for this shit uninterested in providing further protection for this particular user.

The people behind the botnet have just pled guilty to federal charges.

Three men have pleaded guilty to federal cyber-crime charges for launching a cyberattack last year that knocked large parts of the internet offline.

Paras Jha, Josiah White, and Dalton Norman were indicted by an Alaska court in early December, according to documents unsealed Wednesday.

The Justice Dept. released a statement later in the day confirming the news.

Prosecutors accused the hackers of writing and using the Mirai botnet to hijack vulnerable internet-connected devices to launch powerful distributed denial-of-service (DDoS) attacks.

According to Jha's plea agreement, the botnet ensnared more than 300,000 vulnerable devices.

But the story behind the botnet suggests it was never meant to become a global threat or used to target researchers like Krebs. The malware was far from benign, but it wasn't written to bring the internet to its knees. It was meant to do something much simpler.. Garrett Graff has put together an amazing story of Mirai's origin over at Wired -- one that begins in a college dorm room and involves crafting tables, zombie pigs, and battles for server superiority.

As the 2016 US presidential election drew near, fears began to mount that the so-called Mirai botnet might be the work of a nation-state practicing for an attack that would cripple the country as voters went to the polls. The truth, as made clear in that Alaskan courtroom Friday—and unsealed by the Justice Department on Wednesday—was even stranger: The brains behind Mirai were a 21-year-old Rutgers college student from suburban New Jersey and his two college-age friends from outside Pittsburgh and New Orleans. All three—Paras Jha, Josiah White, and Dalton Norman, respectively—admitted their role in creating and launching Mirai into the world.

Originally, prosecutors say, the defendants hadn’t intended to bring down the internet—they had been trying to gain an advantage in the computer game Minecraft.

Minecraft may seem to be a cooperative game, but competition for server traffic is anything but. Popular servers charge players rent for online real estate, allowing them to set up semi-persistent worlds for other players to visit. A popular server is big business. The Wired article says some server owners rake in $100,000/month during summer months when traffic is at its peak.

That's what these students were attempting to do when they unleashed their malware: DDoS competitors' servers to funnel players to theirs.

[A]ccording to court documents, the primary driver behind the original creation of Mirai was creating "a weapon capable of initiating powerful denial-of-service attacks against business competitors and others against whom White and his co-conspirators held grudges.”

Once investigators knew what to look for, they found Minecraft links all over Mirai: In an less-noticed attack just after the OVH incident, the botnet had targeted, a company in San Francisco that specializes in protecting Minecraft servers from DDoS attacks.

“Mirai was originally developed to help them corner the Minecraft market, but then they realized what a powerful tool they built,” [FBI agent Bill] Walton says. “Then it just became a challenge for them to make it as large as possible.”

The end result was a mammoth botnet of 200,000-300,000 enslaved devices capable of generating up to 1.1 terabits per second in junk traffic. Once the three realized what they'd unleashed, they dumped the code online in hopes of obscuring its source.

The whole story is a fascinating read, digging deep into the casual use of botnets and DDoS attacks by Minecraft server owners and the mostly-accidental thermonuclear-level havoc it wreaked on the internet. Unfortunately, you'll also learn little has been learned by manufacturers -- and users -- of internet-connected devices in the aftermath of these attacks.

Two weeks ago, at the beginning of December, a new IoT botnet appeared online using aspects of Mirai’s code.

Known as Satori, the botnet infected a quarter million devices in its first 12 hours.

1 Comments | Leave a Comment..

Posted on Techdirt - 15 December 2017 @ 10:41am

European News Agencies Again Demand Google, Facebook, Etc. Pay Up For Sending Them Traffic

from the definition-of-insanity dept

Because it's worked oh so well in the past, European news agencies are (again!) calling for service providers like Google and Facebook to start paying them money for sending them business.

Nine European press agencies, including AFP, called Wednesday on internet giants to be forced to pay copyright for using news content on which they make vast profits.

The call comes as the EU is debating a directive to make Facebook, Google, Twitter and other major players pay for the millions of news articles they use or link to.

"Facebook has become the biggest media in the world," the agencies said in a plea published in the French daily Le Monde.

"Yet neither Facebook nor Google have a newsroom... They do not have journalists in Syria risking their lives, nor a bureau in Zimbabwe investigating Mugabe's departure, nor editors to check and verify information sent in by reporters on the ground."

"Access to free information is supposedly one of the great victories of the internet. But it is a myth," the agencies argued.

"At the end of the chain, informing the public costs a lot of money."

This is a doomed idea. First off, if the demands are a pain to implement, news agencies can expect to start seeing referral traffic drop as other news sources not tied to payment demands see their search engine stock rise. If they continue to press for a cut of these companies "billions," they can expect to be cut off completely. This isn't hypothetical.

Second, any agency that wants to cut off the search engines supposedly bleeding them dry can always block the engines' crawlers. But this obviously isn't about killing off search engine hits and Facebook sharing -- it's about dipping a hand into pockets of service providers for having the audacity to expand the reach of European news agencies.

Finally, there's nothing in it for news agencies even if they succeed in getting a snippet tax implemented. They see companies worth billions and think skimming a little off the top will put them back in the black permanently. But anyone who knows anything about ad payouts knows CPM "taxes" aren't the road to riches. In reality, any implemented scheme would involve hundreds of news sites divvying up fractions of cents between themselves for search result impressions. Payouts might be slightly higher for more direct clicks from referrers like Facebook, but at best, new agencies should expect a few bucks a month from a link tax, rather than the thousands (or millions) they envision.

The news agencies supporting this move are complaining about declining ad revenue and think charging platforms for sending them traffic is the solution. This has been tried and it hasn't worked, but hope springs eternal when you're all out of innovative ideas.

16 Comments | Leave a Comment..

Posted on Techdirt - 15 December 2017 @ 3:23am

It Looks Like The FBI Thought About Prosecuting FOIA Requesters After Influx Of Automated Requests

from the nice-optics,-g-men dept

Emma Best of MuckRock has unearthed some disturbing details in an FBI response to an FOIA request: apparently the agency considered -- however briefly -- the investigation and prosecution of people filing requests.

The nature of the requests may shed some light on the FBI's thought process because the heavily-redacted email included in the response certainly doesn't. Each year, the FBI updates its Dead List -- the names of people the FBI has files on who have passed away. Death increases the chances of released files because this major life event tends to terminate investigations.

The FBI claims it can't find its updated Dead List. This seems odd, if not downright unbelievable, but the DOJ has backed the FBI's claim and FOIA requests for the latest copy are being rejected. No problem, said MuckRock. It went to work with an older version of the list which included 7,000 names.

To accomplish this, the names of the subjects were extracted from the Dead List and a simple script written to submit FOIA requests for them. The requests were submitted on February 29th 2016, with the script and data made available online so that others could make their own requests and trigger the DOJ’s “rule of three” for frequently requested records, which would see the files posted online by the FBI.

Rather than follow its own rule for publication of frequently-requested files, the FBI decided to stop responding altogether.

The FBI acknowledged a large number of them before they began ignoring them. Over a month later (after the Bureau had exceeded legal time limit), the FBI sent a letter stating that they had “received an exceedingly high volume of submissions” which they would not accept.

Which led to this amazing bit of government agency shitposting:

According to the Bureau, fulfilling the FOIA requests would have prevented the FBI from fulfilling FOIA requests. Their letter stated that the “manner of submission interfered with the FBI’s ability to perform its FOIA and PA statutory responsibilities as an agency. Accordingly, the FBI did not accept these submissions on February 29th, 2016.”

A new FOIA request was sent requesting communications discussing the voluminous requests for files on Dead List subjects. That's when things went from slightly obstructionist to downright ominous.

One of the emails contained in this document dump arrived with all but one word redacted. The FOIA exemption cited for the redaction of the entire body of the email was b(7)e: "techniques and procedures for law enforcement investigations or prosecutions." All that remained of the email is the word "Options." Everything underneath it was apparently a discussion about investigating/prosecuting FOIA requesters who participated in MuckRock's automated FOIA requests. CCed on the email are officials from the Criminal Justice Information Services, which handles the FBI's multiple criminal/investigation target databases.

No one knows for sure what basis the FBI thought it had for prosecuting FOIA requesters, but it's pretty easy to imagine it had something to with the CFAA. It's almost impossible to abuse the FOIA process in a fashion that would result in criminal charges, but give the government some automated computer activity it doesn't like, and the CFAA can be read imaginatively enough to support at least an investigation. Another email in the batch received by the requester contains a heading that appears to show the mass requests had been passed on to the government's ESOC (Enterprise Security Operations Center) as "suspicious."

But this isn't the end of the FBI's bad faith FOIA response "efforts." It took plenty of care to protect the people involved in this prosecution discussion but showed far less interest in protecting FOIA requesters when releasing this batch of documents.

Despite redacting the names and email addresses of the public servants handling the case, the FBI released not only the author’s name and address in the file (technically improper since there was no waiver, albeit understandable) but the name, email address and home address of another requester who also used the script to file requests. Their name along with their email and physical addresses were left unredacted not once, not twice, not thrice - but seven times, not including the email headers, several of which also showed their name and email address.

Given the nature of the FBI's response to the mass request for Dead List files, this careless redaction effort appears to be no accident.

It’s hard to imagine that the Bureau, which once hung a sign in their FOIA office instructing people that “when in doubt - cross it out” would fail to redact this information so many times by accident. In context, it’s hard to see it as anything but retaliatory.

On top of that, the FBI appears to have deliberately ignored the requester's supporting info for his fee waiver request, charged the requester duplication fees for documents it had previously compiled and released to other requesters, and stated -- with the DOJ's support -- there was no "public interest" in Dead List documents, despite the massive number of requests (the ones the FBI chose to ignore en masse) clearly showing otherwise.

This is nasty, petty stuff and it's coming from one of the most powerful law enforcement agencies in the world. People with access to vast databases of information on American citizens are seeking to leverage this access to chill First Amendment-protected activity. The government as a whole barely fulfills it obligations (and almost never in a timely fashion) when it comes to the Freedom of Information Act. Agencies like the FBI are taking it several steps further, shirking obligations while engaging in small-scale vindictive acts.

7 Comments | Leave a Comment..

Posted on Techdirt - 14 December 2017 @ 1:24pm

Florida Public Officials Face Criminal Charges For Dodging Public Records Laws

from the harbinger-or-one-off? dept

Some surprising news out of Florida: actual public officials being held accountable for public records law violations. We're used to hearing about officials finding new and creative ways to dodge public records requests. We're also used to hearing about officials using tried-and-true methods to avoid turning over records, like demanding astronomical fees or abusing exemptions.

In this case, several years of blowing off requests for emails has ended in indictments for two Florida officials.

In a move that should send a chill down the spines of thousands of elected officials in Florida, former Martin County Commissioner Anne Scott, a retired judge originally from Chicago, and current Commissioner Ed Fielding were booked Tuesday night into the county jail after being indicted in a public records scandal that already cost taxpayers upward of $25 million.

The charges aren't much -- a misdemeanor count worth up to a year in jail -- but they're a start. (Another involved government employee -- sitting commissioner Amber Heard -- faces a civil charge and a fine of $500.) Unfortunately, the charges look minuscule compared to the amount taxpayers will have to come up with to settle lawsuits stemming from the actions of these politicians.

Scott, Fielding and Heard, who is in her fourth term on the County Commission, are accused of failing to surrender emails to developers investigating why the commission suddenly started voting against them.

The emails were requested by Lake Point, a mining company on the banks of Lake Okeechobee. The company was out to prove that commissioners were illegally communicating and discussing public business in private and conspiring with members of the public against the company’s interests.

It took several years for the trio to produce their emails. When she was asked to show emails from her private Yahoo account, Heard claimed it had been hacked. In a civil lawsuit, several witnesses testified Heard was lying.

So far, the county has lost one civil lawsuit over the public records and was ordered to pay $500,000 of Lake Point’s legal bill.

That's only the start of the taxpayer pain. Several years of legal costs have already been footed by residents as these government officials argued on behalf of themselves and against the public's interest. The Miami Herald reports a massive payout may be on the horizon. A second lawsuit filed by the mining company alleging breach of contract is about to be settled, with the estimated payout being $25 million.

In the end, it's not a win for the public in terms of dollar amount, but it is at least a sign the government will do something about its own misbehaving employees… provided the collateral damage becomes too big to ignore. It would be nice to see something more proactive but given the number of things governments routinely let slide, we'll chalk this up as a small-w win.

21 Comments | Leave a Comment..

Posted on Techdirt - 13 December 2017 @ 11:58am

Deputies Involved In 62,000 Criminal Cases Shown To Be Liars, Frauds, Domestic Abusers, And Sexual Predators

from the all-hail-the-Good-Guys dept

If you had evidence an opposing witness in a criminal trial was untrustworthy, you'd want to use it, right? Too bad says the local law enforcement union. And too bad says a California court. The issue at hand is the Los Angeles Sheriff's Department's "Brady" list. "Brady" is shorthand for exculpatory evidence and untrustworthy law enforcement officers called to provide testimony certainly falls under that heading.

After Sheriff Lee Baca resigned in disgrace following his department's implication in widespread jailhouse corruption and its tendency to hire some of the worst people possible to staff its jail, new sheriff Jim McDonnell wanted to make this list of questionable officers public. He wanted to hand it to prosecutors so they'd know which deputies to avoid if they wanted honest, untainted testimony. He didn't go so far as to offer the same list to defense attorneys, but it was one step further than any sheriff before him had taken.

The sheriff's union sued, claiming handing the Brady list to prosecutors violated state confidentiality laws. In July, the LA County Appeals Court agreed with the union. The case has been taken up by the California Supreme Court, but it won't be discussed or decided until next year. Meanwhile, the ~300 deputies whose names are on the Brady list may have been witnesses in a combined 62,000 cases since 2000. And still, nobody is allowed to access their disciplinary files.

The Los Angeles Times has obtained copies of the 2014 version of the list. (It does not say how it obtained these, so its presumably a leak.) In it are details of hundreds of acts of misconduct, all relating to "moral" issues which could conceivably be used to cast doubt on these deputies' credibility. The documents contain many more details, but this quick rundown by the Times scratches the surface of the secret Brady list. [h/t CJ Ciaramella]

One deputy on the list endangered the lives of fellow officers and an undercover informant when he warned a suspected drug dealer’s girlfriend that the dealer was being watched by police.

Another pepper-sprayed an elderly man in the face and then wrote a false report to justify arresting him.

A third pulled over a stranger and received oral sex from her in his patrol car.

The list also includes several deputies still with the department who were convicted of crimes — one for filing a false arrest report and another who was charged with domestic battery but pleaded no contest to a lesser offense. In other cases, prosecutors sharply criticized the deputies’ actions but declined to pursue criminal charges against them.

Also included: multiple allegations (some sustained) of domestic violence, forging judges' signatures, falsified reports, and sexual misconduct.

Accusations of dishonesty lead the way, composing 69% of all misconduct allegations. Dishonesty is exactly what you don't want from your prosecution witnesses, and a track record of dishonest behavior should be enough to make any testimony given suspect. Unfortunately, the documents are still officially secret, shielded from public access by California law and an appeals court decision.

But the misdeeds detailed in the document make you wonder why the LASD hasn't kicked many of these deputies to the curb. It's not just a problem for testimony in criminal cases. It's also a terrible business practice when you're in the business of serving the public. When your job is literally law enforcement, the lax internal enforcement of actual laws encourages further misconduct and abuse, and destroys your relationship with the communities you serve.

23 Comments | Leave a Comment..

Posted on Techdirt - 13 December 2017 @ 9:24am

Bogus Wiretap Charges Brought Against Man Who Recorded Cops Costs NH Taxpayers $275,000

from the public-servants-still-screwing-the-people-they-serve dept

One of those things I thought would have gone out of vogue is apparently still in style in New Hampshire. The number of bullshit wiretap prosecutions brought against people recording cops has dropped precipitously over the past half-decade as courts have found use of wiretap statutes in this fashion unconstitutional, but over in the Live Free or Die state, the statute lives freely and dies even harder.

Back in 2015, prosecutors brought wiretapping charges against Alfredo Valentin. Valentin had returned home one day to find a SWAT team in the middle of a no-knock raid. Apparently, Valentin's roommate was also a heroin dealer. Valentin had been called home by a neighbor who noticed his dog wandering the street, apparently set free (and still alive!) by the SWAT team's home-breaching efforts. Valentin chose to record the officers as they proceeded with the raid despite officers telling him (wrongly) that he couldn't.

This became a wiretapping charge because the cops couldn't handle a citizen ignoring a direct order. They claimed Valentin "hid" the phone by placing it down by his leg while he kept recording. Apparently, the officers could still see the phone, so claims of it being a "secret" recording were per se moronic. But this was what the flimsy, highly-questionable charges rested on: a supposedly surreptitious recording officers in attendance knew was happening.

The charges were tossed and Valentin sued. Now, with the ACLU's help, Valentin has obtained a settlement (but not an admission of wrongdoing) from the government.

The settlement, which was reached in late September, was announced Wednesday by the ACLU-New Hampshire.

Lehmann said Valentin received about two-thirds of the settlement, and he will use it to get his life back together. He was arrested in March 2015. The previous year, Free State activists from New Hampshire prevailed when the U.S. First Circuit Court of Appeals ruled that any person has a First Amendment right to video or audio-record police officers engaged in official duties in public places.

Gilles Bissonnette, the ACLU-NH's legal director and co-counsel, said the settlement recognizes that recordings of police are a critical check on police power.

"The police need to understand that individuals who are recording their work without interference have a constitutional right to do so, and it is not cause for their arrest," Bissonnette said.

The First Amendment right exists with or without a police officer giving consent to the recording, the ACLU said.

The $275,000 settlement will hopefully help Valentin piece back together a life law enforcement officers vindictively destroyed. Following his arrest, Valentin lost his job of eleven years and has spent the past two years trying -- and failing -- to restart his career. Having a felony arrest on his record doesn't help, even if charges were ultimately dropped.

New Hampshire's wiretapping statute still stands. The state requires two-party consent for recordings. But, as has been pointed out by courts previously, the state's statute does not apply to recording public servants like police officers performing their duties in public. The state's Attorney General made this explicitly clear in the wake of the First Circuit Appeals Court's Glik decision. A memo [PDF] clarifying the right to record police was sent to law enforcement agencies in 2012, so the officers here -- and the prosecutor who chose to continue pressing charges -- had no excuse for their actions. In the process, they cost an innocent person his job and derailed his life for the better part of two years. And in the end, they'll have the bill covered by New Hampshire taxpayers and a signed agreement saying they did nothing wrong.

26 Comments | Leave a Comment..

Posted on Techdirt - 13 December 2017 @ 3:29am

UK Drug Lab Misconduct Calls 10,000 Convictions And Prosecutions Into Question

from the limited-oversight,-unlimited-damage dept

UK prosecutors are looking at the possibility of having a whole bunch of convictions overturned, thanks to misconduct by a lab service contracted by the government. Malfeasance at Randox Testing Service, which handles toxicology tests for UK law enforcement, first came to light earlier this year when two of its employees were arrested.

Hundreds of cases could be reviewed after two men who work at a laboratory used by police to test drug samples were arrested.

Randox Testing Services (RTS) is used by forces across the UK to analyse samples used in prosecutions.

Police chiefs said it had been told 484 cases handled by the firm since November 2015 may have been affected.

The men, 47 and 31, were arrested on suspicion of perverting the course of justice and bailed, police said.

At the time, Randox offered to re-run tests handled by the two employees and provided law enforcement with a list of cases affected. The bogus tests affected far more than run of the mill driving under the influence charges. In a few cases, convictions for vehicular homicide were placed under review.

About 50 prosecutions have so far been dropped in what BBC home affairs correspondent Danny Shaw described as "the biggest forensic science scandal in the UK for decades".

Matthew Bravender is appealing against his conviction after pleading guilty to causing death by careless driving while over the legal limit for a prescribed drug.


Also challenging his conviction is Anderson Ward, 39, who was jailed for causing the death of his girlfriend in a crash while he was high on drugs.

Since then, the estimate of affected cases has skyrocketed. The original estimate of 484 cases is now 10,000 and prosecutors have begun dropping prosecutions rather than go toe-to-toe with judges unsympathetic to their requests for extensions. It's now apparent the retests won't be completed until sometime in 2018. To make matters worse, some of the tainted tests can't be retested because the samples have been destroyed or are no longer viable.

And it's no longer just about driving under the influence charges. Randox, which has since seen its contracts with UK police forces suspended, also handled rape kits and investigations of suspicious deaths.

To make matters worse, another government contractor is being investigated for similar misconduct.

Potential data manipulation at a different facility, Trimega Laboratories, is also being investigated by Greater Manchester Police, said the NPCC.

In these incidents, child protection and family court cases could be affected.

Nick Hurd, the minister for policing, fire and criminal justice, said all tests carried out by Trimega between 2010 and 2014 were currently being treated as "potentially unreliable".

He also said due to "poor record-keeping practices", it may not be possible to identify all the customers affected.

This is far more than problematic. It's devastating. It mirrors multiple forensic lab issues uncovered here in the United States. Obviously, law enforcement agencies don't have the manpower to handle testing in-house. So, these are turned over to third parties. This wouldn't be an issue if there were any direct oversight. But there doesn't appear to be anything like that in place. When misconduct is finally uncovered, it has taken place for years and tainted thousands of cases.

If government agencies are sincere in their expressed concerns for public safety, these failures to head off problems before they affect 10,000-20,000 cases are inexplicable. It undermines legitimate convictions, putting criminals back on the street. It dead-ends investigations because lab results are no longer trustworthy.

Worse, it has the potential to land innocent people in jail. Faked results and mishandled tests are used as evidence in criminal trials, "proving" guilt when none exists. This is a problem everywhere, but it seems authorities are more interested in post-debacle damage control than rigorous oversight that could prevent this from happening in the first place.

22 Comments | Leave a Comment..

Posted on Techdirt - 12 December 2017 @ 10:45am

Court Tosses Cop's Attempt To Sue Twitter And Facebook For Someone Killing Cops In Texas

from the lots-of-wrongs-don't-make-a-right...-or-make-anyone-whole dept

Presumably prestigious law firm 1-800-LAW-FIRM is winning some cases somewhere. But it's not having any luck with its dubious legal theories related to social media companies and "material support for terrorism." The firm hasn't racked up any wins in these cases (as far as I'm aware). The page touting its "anti-terrorism" lawsuits has a lot to say about the filings, but provides no details on the firm's lack of success. And yet, the lawsuits keep flowing.

Not content to represent family members of people killed in terrorist attacks, 1-800-LAW-FIRM is also representing law enforcement officers not killed or injured by terrorists, but rather ones who happened to be on the scene of shootings targeting cops. Again, the real villain, according to this law firm (and its plaintiffs), is social media.

In January, Dallas Police Sergeant Demetrick Pennie sued [PDF] Twitter, Google, and Facebook, claiming they were directly responsible for "radicalizing" Micah Johnson, who shot and killed five police officers in Dallas, Texas. According to Pennie, the social media companies actively allowed and encouraged terrorist use of their platforms to spread their message and attract participants.

Pennie's exploration of the outer limits of culpability has come to an end, netting 1-800-LAW-FIRM (and Excolo Law) a loss in its "sue social media for violent acts committed by individuals" sweepstakes.

In dismissing Monday, U.S. Magistrate Judge Joseph Spero found the plaintiffs failed to show a clear link between Hamas’ use of the companies’ social media networks and the Dallas shooting. Many similar cases have been filed, usually unsuccessfully.

“Absent plausible allegations that Hamas itself was in some way a substantial factor in the attack, there is no basis to conclude that any support provided by defendants to Hamas was a substantial factor,” Spero wrote.

The lawsuit was so lacking in connective arguments, Judge Spero never even had a chance to address the Section 230 immunity that likely would have seen it tossed anyway. The plaintiff posed a novel theory: that payments of ad revenue to alleged terrorists strips immunity, but the court says the plaintiff needs a lot more factual assertions on his side for the judge to even reach that question. From the decision [PDF]:

Because Plaintiffs‘ failure to allege a causal connection between Hamas and the Dallas shooting is reason enough to dismiss all claims, the Court declines to resolve the question of if or how the CDA applies where an interactive service provider shares advertising revenue with a content developer that has been designated as a foreign terrorist organization.

Unfortunately, a string of losses all predicated on the same lousy legal theory aren't going to head off further wastes of legal resources in the future. Suing terrorists may be almost impossible, but suing social media companies isn't the solution. The person responsible for violent acts is ultimately the person who committed them. I understand the urge to seek some form of closure or redress when loved ones and colleagues are killed by terrorist acts, but trying to find a way to make Twitter, et al pay for violent acts they aren't plausibly connected to will do little more than make the internet worse for everyone.

Read More | 10 Comments | Leave a Comment..

Posted on Techdirt - 12 December 2017 @ 9:31am

Canadian Supreme Court Says Privacy Protections Apply To Sent Text Messages Obtained From The Recipient

from the fresh-take-on-stale-privacy-laws dept

In the US, the Fourth Amendment protects the privacy of conversations… up to a point. The government can't open mail or intercept phone calls without a warrant. Thanks to a fairly recent Supreme Court decision, the government can't access the contents of a person's phone -- home to a great many conversations -- without a warrant.

But the Fourth Amendment only covers so much. It doesn't stop the recipient of communications from revealing them to anyone else, the government included. Any person can hand over communications to the government voluntarily even if the sender of those messages assumed -- or stated -- they were supposed to be confidential. This is part of the reason why the "going dark" problem has been overstated. The government has multiple ways to access communications without having to crack open a cell phone.

Communications are only as private as all participants feel they are. That's the way the Fourth Amendment has been read in the US. In Canada, there's an equivalent protection under Section 8 of the Canadian Charter of Rights and Freedoms. Contents of communications require warrants to access and the searches themselves must be "reasonably" supported by probable cause.

Canada's highest court has found, in contrast to US judicial views, an expectation of privacy can still be found in messages sent to someone else -- even if those messages are retrieved from the recipient.

In a potentially significant 5-2 ruling*, the high court set aside the convictions against Nour Marakah, whose messages were found by Toronto police on the mobile phone of an alleged accomplice.

The court said Marakah had a reasonable expectation of privacy concerning the messages, meaning he had a right to challenge the police search of the phone as a violation of his guarantees under the Charter of Rights and Freedoms.

In her reasons for the majority, Chief Justice Beverley McLachlin noted that Marakah was the author of the text messages introduced as evidence against him, that he expected the electronic conversation to remain private and that he asked recipient Andrew Winchester numerous times to delete the messages.

*[Note: Ruling not provided by the Globe and Mail for whatever reason. -1 to G&M's JOURNALISM skill.]

There's no bright line being drawn, despite initial appearances, but it will make it much easier for defendants to challenge evidence obtained without a warrant from the recipient of messages. The court [PDF] has this to say about the bar defendants must reach to basically challenge warrantless searches performed on someone else.

Text messages that have been sent and received can, in some cases, attract a reasonable expectation of privacy and therefore can be protected against unreasonable search or seizure under s. 8 of the Charter. Whether a claimant had a reasonable expectation of privacy must be assessed in the totality of the circumstances. To claim s. 8 protection, claimants must establish that they had a direct interest in the subject matter of the search, that they had a subjective expectation of privacy in that subject matter and that their subjective expectation of privacy was objectively reasonable. Only if a claimant’s subjective expectation of privacy was objectively reasonable will the claimant have standing to argue that the search was unreasonable.

The court says there's perhaps nothing so inherently private as a text message -- a conversation that can't be overheard by anyone in close proximity nor even observed with any certainty by those in the immediate vicinity.

The millions of us who text friends, family and acquaintances may each be viewed as having appropriated a corner of this electronic space for our own purposes. There, we seclude ourselves and convey our private messages, just as we might use a room in a home or an office to talk behind closed doors.

Because texting is an inherently private act, the court finds privacy cannot be dispelled simply by approaching other participants in a private conversation.

An individual does not lose control over information for the purposes of s. 8 of the Charter simply because another individual possesses it or can access it. Nor does the risk that a recipient could disclose an electronic conversation negate a reasonable expectation of privacy in an electronic conversation.

The government obviously did not expect the Supreme Court to reach this conclusion. It made a significant concession which has come back to haunt it.

The Crown concedes that if M had standing the search was unreasonable. The text messages are thus presumptively inadmissible against him, subject to s. 24(2) of the Charter.

That concession, along with actions the police took to access the messages, sees the Supreme Court tossing the obtained evidence along with the conviction.

In considering whether this evidence should be excluded under s. 24(2), society’s interest in the adjudication of M’s case on its merits is significant. The text messages offer highly reliable and probative evidence in the prosecution of a serious offence and their exclusion would result in the absence of evidence by which M could be convicted. This favours admission. However, the police conduct in accessing and searching the electronic conversation through W’s iPhone without a warrant two hours after his arrest was sufficiently serious to favour the exclusion of the evidence. This breached s. 8 of the Charter not only because of the extent of the search, but also because of its timing. On the application judge’s findings, this simply was not a search incident to arrest. In addition, the police conduct had a substantial impact on M’s Charter-protected privacy interest in the electronic conversation. On balance, the admission of the evidence would bring the administration of justice into disrepute. It must therefore be excluded under s. 24(2).

With this unusual ruling, things will get more difficult or more streamlined for law enforcement access to communications, depending on how you view it. It will be more difficult because cops won't be able to perform warrantless searches of devices owned by text message recipients. But it will make law enforcement's job easier in a way. When targeting communications, warrants will be needed if the government wants to guarantee its evidence survives a challenge.

This ruling puts text messaging roughly on the same judicial grounding as wiretaps. In both cases, law enforcement is able to access communications between people, even if only one person is actually the investigation's target. The same thing happens here: if cops want complete conversations, albeit ones delivered through messaging services, they'll need warrants to access them from either end.

Things are shifting dramatically in the upper reaches of judicial systems as a response to a sea change in preferred communication methods. Wiretaps on landlines used to be the ultimate invasion of privacy, subject to multiple restrictions. Just because these communications have shifted from landlines to text messaging shouldn't mean they're afforded less privacy just because of the route they've taken.

Read More | 6 Comments | Leave a Comment..

Posted on Techdirt - 12 December 2017 @ 3:23am

Google Publishes Another Batch Of National Security Letters, Updates Its Transparency Report

from the post-Snowden-landscape dept

Google has released what appears to be its entire collection of National Security Letters to date. Well, at least the entire collection approved for release by the DOJ, which still falls far short of the number received by the search giant.

Liam Tung of ZDNet points to a recent Transparency Report-related blog post by Google, which shows the company is still working to improve its dissemination of materials related to government demands for data and communications.

Since 2010, we’ve shared regular updates in our Transparency Report about the effects of government and corporate policies on users’ data and content. Our goal has always been to make this information as accessible as possible, and to continue expanding this report with new and relevant data.

Today, we’re announcing three updates to our Transparency Report. We’re expanding the National Security Letters (NSL) section, releasing new data on requests from governments to remove content from services like YouTube and Blogger, and making it easier for people to share select data and charts from the Transparency Report.

A new subsection of Google's Transparency Report contains NSLs it's been cleared to publish. This will presumably be updated as gag orders are lifted. Judging from what's published, it's still taking awhile to get gag orders removed. Most of what's contained in Google's NSL document dump was received by the company three to four years ago. Of course, much of this delay can be attributed to a lack of challenge options available to service providers -- something that has improved remarkably since the passage of the USA Freedom Act in 2015.

At this point, challenging gag orders is probably an automated process. If the government continues to hand these out thousands of times a year, it will be forced to review thousands of NSL gag orders within a month of their issuance. Sure, job security is a nice thing, but it seems the DOJ might be better off freeing up some of these resources by issuing NSLs without indefinite gag orders. If the notification ban were limited to 90-180 days on most requests, companies would be unlikely to immediately challenge gag orders, freeing the DOJ from spending time responding to each challenge.

In any event, more transparency is better, especially in Google's case, as it has had very little to say previously about the NSLs it receives.

5 Comments | Leave a Comment..

Posted on Techdirt - 11 December 2017 @ 10:46am

Court Says Google Must Unmask Person Who Left Wordless, One-Star Review Of Local Psychiatrist

from the 1/5-would-not-litigate-again dept

Back in August, psychiatrist Mark Beale filed a defamation lawsuit. His target? A one-star review containing zero words written by someone using the name "Richard Hill." Beale claimed this single review, hosted by Google, had irrevocably damaged his livelihood.

In support of this, he offered several bizarre assertions. (These can be found in voluminous documentation accompanying Beale's amended complaint [PDF].)

- He had no patient named Richard Hill, so the review was bogus.

- Richard Hill was obviously a pseudonym, hence the need for unmasking. (This could also be used to disprove his first assertion, but never mind all that, I guess…)

- His mom thought someone she knew might be trying to ruin his reputation. (No, really. See p. 12.)

- His internet expert affirms one-star reviews are far worse than five-star reviews. (See pp. 51-56 of the Beale complaint.)

- A one-star review (with zero words attached) is defamatory on its face.

Why this litigation is still in process boggles the mind. But strap your brain in. It's about to get much, much bogglier.

When we first covered the lawsuit, Beale's lawyer made what seemed to be a completely ignorant statement in regards to Beale's attempt to force Google to strip the anonymity from masked one-star reviewer "Richard Hill."

Beale's attorney, Steven Abrams of Mount Pleasant, said he has handled several similar cases, and companies like Google, AT&T, Comcast and Verizon typically hand over identifying information of anonymous users.

“Why Google fought this case, I have no earthly idea,” Abrams said. “There’s not really a lot of case law (in South Carolina) ... on these types of cases because they don’t usually result in a fight.”

It turns out there's not a lot of case law in South Carolina. Well, at least not a lot of logical case law, apparently. For reasons explained thoroughly by the court -- but otherwise inexplicable given the standards applied everywhere else -- Google is being forced to strip Richard Hill's anonymity. (h/t FIRE's Sarah McLaughlin.)

It starts out promising, but quickly turns to something completely ridiculous. From the court order [PDF]:

Because South Carolina has not established a test to unmask the author of an anonymous defamatory internet posting, the Court must look to other federal and state courts for persuasive authority. State Courts have applied three different tests. Courts have required plaintiffs to demonstrate one of the following:

(1) a good faith basis warranting disclosure;

(2) evidence sufficient to survive a motion to dismiss before allowing disclosure; or

(3) evidence sufficient to survive a hypothetical motion for summary judgment.

Here, Plaintiff seeks to apply the standard requiring the least stringent proof (the good faith standard) and Google has asked the Court to apply the standard requiring the most robust proof (the summary judgment standard).

After comparing the Dendrite standard (approximately what Google was seeking) and other opinions dealing with "good faith" basis for pursuing unmasking (which includes allegations of defamation), the court decides to split the difference -- only in this case it involves a 90/10 split in favor of Beale. It accomplishes this split by deciding Richard Hill's one-star review is commercial speech, which isn't given nearly as much protection as other forms of speech.

Although Brockmeyer is the only South Carolina case on point, it did not go so far as to adopt the standard in Cahill. Cahill, quoted approvingly in Brockmeyer, is instructive; however, it is important to note that the type of speech in Cahill was political speech. In Cahill, the plaintiff was a city councilman and the alleged defamatory comments were posted on a local political website. The type of speech involved in this case is an online business review, which is commercial speech. Courts have held commercial speech should require a less stringent approach than political speech. The Ninth Circuit addressed this issue in In re Anonymous Online Speakers and suggested the standard in Cahill, although potentially appropriate for political speech, does not apply to commercial speech.

But a review of a business isn't commercial speech. It's an expression of opinion, based on a person's subjective experience. A review can be an advertisement for a business (or its competitors), but only in the way any word-of-mouth opinion is. No one sincerely believes word-of-mouth advertising is "commercial speech," with the possible exception of this court. Websites' monetization of customers' reviews doesn't convert opinions into commercial speech. This determination is not just wrong, it's incredibly obtuse.

Based on this bizarre conclusion, the court agrees to compel service providers (Google is one. Charter and Cox are the others being hit with subpoenas.) to turn over identifying info on pseudonymous reviewer Richard Hill.

The court notes it's not at the point where it can discuss the case on its merits -- not without a defendant being served and given a chance to respond. But it's not like it doesn't have that option. That the court is willing to even entertain the notion that a one-star review with zero written statements is libelous is fucking ridiculous. The complaint should have been laughed out of court after a first reading. For the judge to go further and decide a one-star review posted by an anonymous person on a third party site is somehow commercial speech is mind blowing. If this is the state of free speech protection in South Carolina, no wonder Beale's counsel seemed genuinely confused a third party would stand up for a user's anonymity.

Woe be to those who dare one-star a business in South Carolina. Fortunately, the court considers this sort of review to be "political speech."

Read More | 41 Comments | Leave a Comment..

Posted on Techdirt - 11 December 2017 @ 6:25am

FBI Director Complains About Encryption, Offers To Sacrifice Public Safety In The Interest Of Public Safety

from the an-argument-divided-against-itself dept

FBI Director Christopher Wray offered testimony to the House Judiciary Committee at a hearing entitled "Oversight of Federal Bureau of Investigation." Not much in terms of oversight was discussed. Instead, Wray took time to ask for a reauthorization of Section 702 before using several paragraphs of his prepared comments to discuss the "going dark" problem.

It picks up where Wray left off in October: offering up meaningless statistics about device encryption. Through the first eleven months of the fiscal year, the FBI apparently had 6,900 locked phones in its possession. Wray claims this number represents "roughly half" of the devices in the FBI's possession. The number is meaningless, but it serves a purpose: to make it appear device encryption is resulting in thousands of unsolved crimes.

That number has been updated in Wray's latest comments [PDF]:

In fiscal year 2017, the FBI was unable to access the content of approximately 7800 mobile devices using appropriate and available technical tools, even though there was legal authority to do so. This figure represents slightly over half of all the mobile devices the FBI attempted to access in that timeframe.

This number will always grow. And it will always be meaningless. There's no context provided by the FBI, nor will there ever be. The FBI needs us to believe every locked cell phone contains evidence crucial to investigations and prosecutions. It needs us -- and our Congressional representatives -- to believe thousands of criminals are roaming the streets thanks to device encryption. But it should make people wonder how the FBI ever managed to complete investigations successfully before the advent of cell phones.

Wray goes on to make familiar complaints. Metadata isn't enough to generate evidence needed for convictions. (But Wray still believes every uncracked phone is loaded with just such evidence. Nothing provided by the FBI shows how many times accessing phones fails to produce prosecution-worthy evidence.) Hacking into phones isn't a solution that scales. (This is dubious as well. If hacking into phones can't scale, then the ongoing existence of companies like Cellebrite is a mystery. The solution must work often enough, across several models of phones, to justify the millions being spent by US law enforcement agencies.)

Finally, Wray again presents a intellectually dishonest equation.

Some observers have conceived of this challenge as a trade-off between privacy and security. In our view, the demanding requirements to obtain legal authority to access data—such as by applying to a court for a warrant or a wiretap—necessarily already account for both privacy and security.

"Some" observers may say this, but they're not the sort of observers worth observing. The real tradeoff is personal security versus government access. The FBI is willing to trade away citizens' personal security for easier access -- something only the FBI benefits from. (And as to how often access is truly a benefit, we're deliberately left in the dark. The FBI is unwilling to divulge how many accessed phones are dead ends and how many cases it closes despite the presence of a locked device.)

This willingness to make personal device use less safe for millions of phone owners is inserted directly into heartwarming statements about public safety. According to Wray, the existence of devices the FBI can't access is a public safety issue. This is said despite no evidence being provided there's been a correlating rise in criminal activity. We continue to live in an era of unprecedented safety -- even with the threat of worldwide terrorists organizations being supposedly omnipresent. The spikes in homicide rates experienced in a few cities do not indicate a new era of lawlessness being ushered in, led by criminals emboldened by device encryption.

If Wray gets his way, the public will be less safe. Encryption will either be backdoored or no longer an option. For years law enforcement asked cell phone providers to give their users more protection against device thieves. Encryption prevents thieves from doing much more than stealing a phone. They can't harvest personal info or directly access sensitive services accessible from a stolen phone. Now that companies are offering this, the FBI is complaining about its lack of access.

The numerous leaks of hacking tools from the CIA and NSA show the government can't be trusted with encryption backdoors. If the FBI truly values public safety, it would drop the anti-encryption arguments and continue working with companies to make cell phone use safer. Instead, it takes its misguided complaints directly to Congress, dropping hints that it would like a legislative "solution" -- mandated backdoors or an encryption ban -- rather than the tools it already has.

Read More | 49 Comments | Leave a Comment..

Posted on Techdirt - 11 December 2017 @ 3:22am

Court Holds NYPD In Contempt For Refusing To Hand Over Documents Related To Black Live Matter Surveillance

from the momentary-stay-of-the-judicial-backhand dept

The NYPD continues to extend a middle finger to every entity that isn't the NYPD. The department's long history of doing everything it can to thwart public records requesters has been discussed here several times. It's not on much better terms with its oversight, which it routinely ignores when directed to do something about its officers' routine rights violations and deployment of excessive force.

If it's not going to be accountable to the public -- either via FOIL (Freedom of Information Law) compliance or respecting the decisions of its oversight -- it's certainly not going to let the judicial branch push it around.

The NYPD has 30 days to turn over surveillance videos of Black Lives Matter protesters after a Manhattan judge ruled Wednesday that the department flouted his previous order to disclose the records.

Manhattan Supreme Court Justice Manuel Mendez, who issued the contempt of court ruling, stopped short of immediately imposing sanctions on the police. Instead, he said the NYPD could "purge" the contempt ruling by turning over more material related to the monitoring of protesters at Grand Central Terminal in November 2014 and January 2015 within a month.

This ruling arrives eight months after the NYPD made a mockery of an earlier court order on records disclosure, turning over nothing more than a few pieces of paper and short, blurry cell phone recording of Black Lives Matter protesters. According to Judge Mendez, the NYPD's efforts to comply with the FOIL request at the heart of the lawsuit have been "disingenuous" at best.

Undoubtedly, the NYPD has a large number of records related to its surveillance of protesters. It just doesn't want to release them. The NYPD has repeatedly engaged in surveillance of First Amendment activity. That's the sort of thing one should expect from a law enforcement agency that views protests and terrorism as two sides of the same coin. When that's your viewpoint, you get you a special operations unit that can do both: the Strategic Response Group, which, according to the Mayor, is capable of handling both protests or "attacks like those in Mumbai."

Mendez may have issued a ruling of contempt, but city lawyers aren't exactly springing into action to comply with the judge's February order. According to the city, it's still "weighing its options" and angsting away uselessly.

The city’s Law Department immediately cried foul, saying it is reviewing its legal options and is “deeply concerned with this ruling and the dilemma in which it places the city.”

“On the one hand, we are constrained by genuine security concerns from explaining publicly how disclosure could endanger the lives and safety of undercover officers,” a Law Department spokesman said. “On the other hand, we were not afforded an opportunity to explain those concerns to the court in a non-public setting.

Well, I call bullshit. There's not a court in the land that won't allow in camera hearings or ex parte submissions where the government can attempt to explain its refusal to hand over evidence or documents. I'm sure Judge Mendez would have allowed it if he thought this sort of hearing was appropriate. Chances are he would have been much more amenable to the city's request for a private explanation if it had engaged in a little more good faith effort during its search for relevant documents.

If the city returns to court with nothing more than its unearned dismay, the judge will probably start issuing sanctions. As it stands now, the NYPD has the choice of producing more responsive documents or submit sworn affidavits explaining why it can't -- or won't -- turn over more documents related to its surveillance of Black Lives Matter protesters.

It's hard to imagine what sanctions will have a lasting deterrent effect on the NYPD. Everything else that's been tried hasn't produced a more accountable entity. Short of jailing some top brass, any punishment the court hands out will likely be suffered by the public, especially if it's nothing more than fines the NYPD can pay with other people's money.

34 Comments | Leave a Comment..

Posted on Techdirt - 7 December 2017 @ 9:18am

State Board That Fined Man For Criticizing The Government Without A License Admits It Was Wrong

from the but-reserves-option-to-do-it-again-to-someone-else dept

Earlier this year, government entities in Beaverton, Oregon got fed up with a resident's refusal to stop pestering them about problems with their traffic light timing. Mats Jarlstrom, a red light camera ticket recipient and consequential thorn in the side of local pols, tried repeatedly to get state traffic engineers to take a look at his research on yellow light timing. They refused. And they refused in a way only powerful bureaucracies can.

The Oregon Board of Examiners for Engineering and Land Surveying told Jarlstrom to shut up by issuing him a $500 fine for practicing engineering without a license. It was, of course, bullshit. Jarlstrom couldn't alter traffic light timing and certainly wasn't sending in bids for government work while presenting himself as an engineer. He just wanted to talk about his research. But the state board wasn't interested in his work or his refusal to stop talking. Despite holding a bachelor's degree in electrical engineering, Jarlstrom was told he wasn't enough of an engineer to talk about subjects he'd thoroughly researched.

The Institute for Justice picked up Jarlstrom's case, securing an injunction against the state board earlier this year. We're another step closer to a full resolution in this case, as the state board has finally conceded it trampled all over Jarlstom's rights in its efforts to get him to stop talking.

A state panel violated a Beaverton man's free speech rights by claiming he had unlawfully used the title "engineer'' and by fining him when he repeatedly challenged Oregon's traffic-signal timing before local media and policymakers, Oregon's attorney general has ruled.

Oregon's Board of Examiners for Engineering and Land Surveying unconstitutionally applied state law governing engineering practice to Mats Järlström when he exercised his free speech about traffic lights and described himself as an engineer since he was doing so "in a noncommercial'' setting and not soliciting professional business, the state Department of Justice has conceded.

"We have admitted to violating Mr. Järlström's rights,'' said Christina L. Beatty-Walters, senior assistant attorney general, in federal court Monday.

Jarlstrom will get a $500 refund from the state, but perhaps more importantly, an admission of wrongdoing -- a rarity in litigation settlements. Jarlstrom and the Institute for Justice would like to see further changes made in the state's government. They want the court [PDF] to review the laws used to silence Jarlstrom and find them unconstitutional. The state, unsurprisingly, does not. Its settlement offer [PDF] wants awards limited to its admission of wrongdoing and a refund of the fine paid by Jarlstrom. The state would still like to be able to declare who is or isn't an engineer. But it's already been used as a weapon against a critic once. There's nothing in the board's settlement offer that would prevent it from doing it again.

Read More | 37 Comments | Leave a Comment..

Posted on Free Speech - 7 December 2017 @ 3:19am

Appeals Court Can't Decide Whether It Should Protect Critic's Anonymity, Boots Free Speech Case Back To Lower Court

from the results-are-inconclusive dept

A rather strange ruling has been handed down by the Sixth Circuit Appeals Court. It's a ruling that could have an adverse effect on anonymous speech, although it does mitigate the potential damage by booting it back to the lower court for a final determination. But that still might not stop an aggrieved multi-level management company from learning the identity of one of its critics.

Signature Management Team is the plaintiff/pyramid scheme. John Doe posted a link to a copy of one of SMT's books on his "Amthrax" blog. SMT filed a DMCA takedown notice with the blog's hosting service, Automattic. After being served with the notice, Doe removed the link to the copyrighted instruction book.

This quick concession didn't stop SMT from suing Doe. It alleged one count of copyright infringement. Doe asserted a fair use defense and alleged copyright misuse, i.e., the use of copyright to silence a critic. He also asserted his right to speak anonymously and argued against being unmasked.

SMT moved to compel disclosure of Doe's identity. The district court agreed with Doe, feeling Doe had a chance to prevail with his fair use argument. It did compel Doe to reveal his identity to the court and issued a protective order preventing SMT from learning his identity.

Unfortunately, Doe did not prevail in this legal battle. The court denied summary judgment to Doe, siding with SMT on its copyright infringement claim. The only thing the court ordered, however, was destruction of the infringing PDF by Doe. Doe complied. SMT, however, persisted in its arguments for unmasking. Again, the court refused to turn over Doe's information to the plaintiff, pointing out Doe had complied with the DMCA notice and court order immediately. SMT appealed.

The Appeals Court weighs a lot of factors, but notes this is a question normally addressed before discovery, not after a judgment has already been rendered (mostly) in favor of the party seeking to unmask an anonymous defendant. From the ruling [PDF]:

With the explosion of anonymous Internet speech, courts have begun to develop balancing tests weighing the First Amendment right to anonymous speech against a plaintiff’s interest in unmasking an anonymous defendant. See id. at 1175–76 (compiling balancing tests). All of these cases, however, have dealt with anonymity rights during the discovery process. No case has considered the issue presented here—whether and under what circumstances a court can properly protect a party’s anonymity after judgment. This is an important distinction. The prejudgment cases often deal with a plaintiff’s need to unmask a defendant in order to effect service of process.


In contrast, the entry of judgment against a Doe defendant largely eliminates these concerns because the plaintiff will have established liability. On the other hand, where the anonymous defendant is determined to have fully complied with the relief granted, there is no practical need to unmask the defendant.

Setting itself up with opposed theories, the court spends the next several questions thinking out loud. Public litigation carries a presumption of open judicial records, which includes identifying information pertaining to both sides of lawsuit. In this case, however, not only is one side still anonymous, but even the plaintiff is unaware of the true identity of the person it's suing. This stands in contrast to sealed cases where both parties are known to each other, but withheld from the general public. The fact that Doe lost a copyright infringement case weighs heavily against his continued anonymity.

[W]here a Doe defendant’s speech is found to be beyond the protection of the First Amendment, countering the presumption will require a showing that the Doe defendant participates in a significant amount of other, non-infringing anonymous speech that would be chilled if his identity were revealed.

This chilling effect could be argued using nothing more than Doe's anti-MLM blog. Certainly, there's plenty of evidence (both judicial and anecdotal) companies -- especially questionable ones -- like to silence critics. One good way of silencing persistent critics is eliminating their anonymity, making them more likely to be sued or otherwise harassed by the entities they criticize.

But the Appeals Court gets hung up on the copyright infringement, even though there's little on the record here showing Doe was a repeat offender. He could have been more careful in his use of the copyrighted MLM manual, but his quick compliance with SMT's demands and district court's order shows he had no intention of thumbing his nose at copyright law.

Doe's compliance seems to weigh against an order for unmasking on remand, even though Doe is definitely the loser in this legal battle. The Appeals Court tries to weave both of these disparate views into a single, mostly-cohesive text, but fails.

We do not agree either that the district court lacks discretion to allow Doe to remain anonymous or that Doe’s legitimate First Amendment right to speak anonymously is collateral to these proceedings. Although Doe’s infringing speech is not entitled to First Amendment protection, that speech occurred in the context of anonymous blogging activities that are entitled to such protection. An order unmasking Doe would therefore unmask him in connection with both protected and unprotected speech and might hinder his ability to engage in anonymous speech in the future.

Further, we do not agree that allowing Doe to remain anonymous would necessarily diminish the impact of the ordered injunctive relief. The dissent’s suggestion that a failure to unmask Doe would obligate the district court and Team’s attorneys to monitor Doe’s activity is inapposite because the district court declined to enter any ongoing injunctive relief. Since Doe has already complied with all aspects of the court’s order, there will be no need for monitoring regardless whether the district court ultimately decides to unmask Doe. Finally, to the extent that the concerns identified by the dissent cut in favor of unmasking Doe, the district court should consider those factors on remand.

The Appeals Court sounds like it might be inclined to let Doe keep his anonymity, but pulls back from that bright line and boots it back to the lower court. The good news, as far as Doe is concerned, is that the lower court already ruled in favor of his arguments against unmasking. Nothing in this ruling suggests the lower court should feel compelled to overturn its earlier decision.

SMT's insistence the infringer/critic be unmasked smacks of pure vindictiveness. Doe has complied with all requests and orders, leaving very little for SMT to truly complain about, especially as the lower court did not issue an order requiring monitoring of Doe's blogging for possible further violations. If SMT is given a win, it will do more than chill Doe's speech. It will chill the speech of anyone criticizing SMT and its business practices. It certainly wouldn't be a good precedent to set: allowing more powerful entities to unmask weaker ones if they can secure some form of judgment in a court. Hopefully, the lower court will come to the same conclusion the second time around.

Read More | 12 Comments | Leave a Comment..

Posted on Techdirt - 6 December 2017 @ 1:40pm

Snopes Debunks Fake YouTube Video; Video's Creator Responds With A Bogus DMCA Notice

from the pressing-the-shut-up-button dept

Nothing But the Truth Films (NBT) has a credibility problem. Oh, the irony, I would normally say, except for the fact NBT deals mostly with this sort of "truth."

We present the black and white facts about the geopolitical climate which include Islam, Illuminati, Freemasonry, Cults and more. See how your freedoms are slowly eroding and spread the message with the help of our channel.

So… that's the kind of "truth" we're dealing with, often pronounced "conspiracy theory." J.K. Sheindlin is the person behind NBT Films and the author of a book that has supposedly blown minds of Islam adherents everywhere, resulting in them renouncing their faith on camera.

One popular video on NBT's YouTube channel shows a supposed Islamic man angrily and bitterly decrying the religion after having his eyes opened by Sheindlin's book. But the video isn't what it seems: it's actually footage taken from somewhere else, dealing with an entirely different issue, but with NBT's fabricated subtitles giving the impression Sheindlin's book has unconverted another follower of Islam.

It made the internet rounds enough that Snopes picked it up and debunked it.

While the video purports to tell the “black and white facts” about someone renouncing his faith because of Sheindlin’s book, the clip in reality does not capture an Arab’s reaction to a controversial book, nor does it capture that person renouncing his faith on live television. Sheindlin added fabricated captions to the video (while pledging to tell “nothing but the truth”) in order to generate buzz for his book The People vs Muhammad.

This footage is dated 2 July 2013, when Egyptian president Mohamed Morsi rejected the military’s ultimatum to leave office. Opposition activist Ihab al-Khouli, the “Arab guy” in the video displayed above, was reacting to Morsi’s speech…

Having been caught out, Sheindlin did what any self-respecting truth-seeker huckster would do: he decided to get Google involved. The invaluable Dean Sterling first spotted the bogus DMCA notice:

Last month, the conspiracy channel filed a DMCA copyright complaint requesting that Google delist Evon’s article from its search results. That’s according to the Lumen Database, which archives online takedown requests.

And here's what the bogus takedown notice says:

The copyrighted work is a video that our company produced, and has been embedded on the following website without our permission. You can see the video embedded on the page, under the section ‘Origin’. We did not give any authorisation for the website ‘Snopes’ to use our video for their news. Therefore, the company Snopes has infringed our copyright.

First off, no one needs permission to embed a YouTube video. If someone wants to prevent others from embedding their videos, they can always turn that option off. Second, Sheindlin's complaint about someone else using "his" video is especially rich considering he's using footage created by someone else without acknowledgment and, on top of that, adding his own subtitles to misconstrue the content of the footage he "borrowed."

It appears Sheindlin is now warning people about his bogus subtitle work (he has more videos purporting to be people denouncing their Islamic faith after reading his book). This annotation has been added to the beginning of the bogus faith rejection video.

If you can't see it, the text box says: "SUBTITLES CHANGED FOR PROMOTIONAL PURPOSES."

At long last, Nothing But the Truth Films finally engages in a close approximation of honesty. Refreshing. And once again, someone looks at a tool created to stop copyright infringement and sees a way to silence a critic.

Finally, for comparison purposes, here's the legitimate, unaltered video with the correct translation:

And here's NBT's "promotional" garbage bullshit version:

41 Comments | Leave a Comment..

Posted on Techdirt - 6 December 2017 @ 10:44am

Appeals Court: Forcing A Teen To Masturbate So Cops Can Take Pictures Is A Clear Violation Of Rights

from the well-no-shit dept

I cannot imagine what it must be like as an appellate court judge to have to write these words (h/t Brad Heath):

Construing the facts in the light most favorable to [Trey] Sims, a reasonable police officer would have known that attempting to obtain a photograph of a minor child’s erect penis, by ordering the child to masturbate in the presence of others, would unlawfully invade the child’s right of privacy under the Fourth Amendment.

I don't know which is sadder: the fact that this case -- the absolute nadir (so far!) of stupid teen sexting prosecutions -- even exists or that the lower court somehow found in favor of the officer (now deceased) being sued.

A cop engaged in the act of producing child pornography by attempting to force a teen to arouse himself while surrounded by police officers supposedly for the purpose of matching the teen's erect penis to photos the cop already had in his possession as part of a sexting "investigation." The officer was told by prosecutors to do this, which shows the twisted logic of this abhorrent request didn't spring entirely from the mind of Detective David Abbott. He, however, did not turn down the prosecution's request. The prosecutor who ordered this "production" of evidence was Claiborne Richardson. Unfortunately, he has the sort of immunity cops like Abbott can only wish they had: absolute immunity. Richardson walks away from this with little more than reputational damage.

There's a judge out there somewhere with their name scrawled across a granted warrant request ordering a teenager to produce an erection for cops. Actually, there's two of them, though both go unnamed in the decision [PDF]. (Oral arguments are embedded at the bottom of the post.) From the dissent's[!] footnote:

On this record, search warrants were issued on June 3, 2014, and again on July 1, 2014, by two different magistrates. See Supp. J.A. 72, 76. The June warrant was the only one executed. In executing the June warrant, Abbott was unable to obtain some of the photos being sought. Because the prosecutor and the detective agreed that additional photos were necessary, Abbott was directed to seek the July warrant. That warrant was never executed and was voided.

And there's the judge who heard the prosecution's request to get this warrant and said that was fine. That judge's name is Jan Roltsch-Anoll. All of these justice system components worked together to put a teen in a room full of cops with the instructions to masturbate so a detective could take photos.

Abbott's representation was willing to take a chance on seeing the lower court's awful immunity decision upheld, despite there being nothing remotely sane -- much less Fourth Amendment-compliant -- about law enforcement's actions. Detective Abbott's survivors continue his fight for him as Abbott killed himself in late 2015 as police tried to arrest him for allegedly molesting two teens he met coaching youth hockey. (Make of that what you will.)

The Fourth Circuit Court of Appeals finds nothing at all to like about Abbott's pleas for qualified immunity.

Abbott’s search directed at forcing Sims to achieve an erection intruded “upon an area in which our society recognizes a significantly heightened privacy interest.” See Winston v. Lee, 470 U.S. 753, 767 (1985). Requiring Sims to masturbate in the presence of others, like searches involving physical penetration of genitalia, constituted “the ultimate invasion of personal dignity.” Amaechi, 237 F.3d at 363-64; see also King, 825 F.3d at 215.

Moreover, we observe that this sexually intrusive search was rendered more egregious by being conducted in a manner that would instill fear in Sims. See Edwards, 666 F.3d at 884-85. Here, Sims alleged that he was “surrounded” by three armed officers as he questioned whether he was required to submit to Abbott’s orders. Upon Abbott’s insistence, Sims ultimately attempted to comply. Sims further alleged that the search caused him to suffer emotional harm. Winston, 470 U.S. at 761-63 (explaining that intrusions without risk of physical harm nonetheless damage the individual’s sense of personal privacy and security). Accordingly, both the outrageous scope of the sexually intrusive search and the intimidating manner in which the search was conducted weigh strongly against any finding that the search was reasonable.


We cannot perceive any circumstance that would justify a police search requiring an individual to masturbate in the presence of others.

Abbott's estate argued the search violated no clear precedent. In other words, no comparative case had reached this level in the justice system and found ordering a teen to masturbate in front of police officers (while one of them photographed him) was a clearly established violation of the Fourth Amendment. The court agrees, but notes there's a very good goddamn reason why there's no precedent exactly on point with this abysmal abuse of power.

We further observe that the Administrator is not entitled to invoke qualified immunity simply because no other court decisions directly have addressed circumstances like those presented here. See Clem, 284 F.3d at 553. For good reason, most outrageous cases of constitutional violations rarely are litigated. See K.H. ex rel. Murphy v. Morgan, 914 F.2d 846, 851 (7th Cir. 1990) (explaining that never before had there been a case accusing welfare officials of selling foster children into slavery, but those officials nevertheless would not be entitled to immunity). Abbott’s conduct affronted the basic protections of the Fourth Amendment, which at its core protects personal privacy and dignity against unjustified intrusion by governmental actors.

The dissent actually believes Abbott should still be granted immunity because a) he obtained warrants and b) he consulted with Commonwealth prosecutors (namely, Claiborne Richardson, whose reputation should be just as worthless as Abbott's) before obtaining them. If we follow this line of thinking, we are being asked to absolve all officers of egregious misconduct so long as certain procedural steps are followed before they go off the deep end. In fact, it asks to reward officers (and other government employees) who can find support from equally-questionable colleagues for their actions. According to the dissent, the whole rotten barrel should be excused from punishment because the rot was caused by several bad apples, rather than a single, rogue actor.

Even worse, if you're going to choose a qualified immunity hill to die on, why would you choose the one containing cops and prosecutors taking photographs of a masturbating teen? What possible public service could a decision in the detective's favor possibly provide? All it would do is create one more line an Appeals Court has yet to draw, allowing cops to force minors to strip and masturbate as long as they have a warrant. But that's what Judge Robert B. King apparently wants: no precedential declaration that forcing minors to masturbate in the presence of officers is a clear violation of established rights. But that's the way the system works. It so insulates police officers and prosecutors from accountability, no one at the bottom level of this pathetic prosecutorial food chain took any action to stop this from happening until after two warrants were issued and one was executed.

True fact: people in these positions can stop at any time. They don't need to wait for clearly-established precedent from high-level federal courts. No one forces prosecutors to suggest taking photos of a teen's erect penis and insane requests from prosecutors can always be turned down by law enforcement officers. But no one did anything to head off the clear rights violation. And once it was done, Detective Abbott tried to Nuremberg his way out of it and the Commonwealth's attorney -- Claiborne Richardson -- ducked out of the public eye as soon as the shit started hitting the fan. The legacy of everyone involved, from the detective executing the warrant to the juvenile court judge who granted time for it to be executed should be tarnished forever.

Read More | 60 Comments | Leave a Comment..

Posted on Techdirt - 6 December 2017 @ 3:23am

Things The Intelligence Community Is Cool With: Backdoor Searches, Skirting Reporting Requirements, Parallel Construction

from the it's-pretty-clear-the-FBI-needs-more-direct-oversight dept

More answers have been provided to Senate Intelligence Committee questions (most of those penned by the always-inquisitive Ron Wyden) by the Office of the Director of National Intelligence. Some, like how often the NSA "incidentally" collects domestic communications, remain unanswered. But the ODNI's answers [PDF] -- given to the Committee in July -- have finally been made public. There are a few things worth noting in this rare display of transparency. (By which I mean a lack of redactions, rather than expansive openness by the ODNI).

To begin with, the ODNI argues the new amicus position created by the USA Freedom Act is harmful to national security. Its theory? Any delays caused by the introduction of some semblance of an adversarial process only slows the NSA down.

The appointment of an amicus curiae is not without effect. Notably, it is likely to increase the time needed for the government to obtain the authorities it is seeking. For instance, in 2015 when the FISC appointed an amicus curiae in connection with its review of the Section 702 certifications, the Court ultimately extended the time for its consideration of the 2015 Section 702 certifications by 90 days, issuing an opinion and order approving those certifications more than two months alter the statute otherwise would have required. As the government noted at that time, such a delay could be harmful to national security under certain scenarios, for instance if the government were to submit an additional certification or make an important time sensitive change in the Section 702 targeting or minimization procedures.

This sounds a lot like law enforcement's continual annoyance at warrant requirements. Respecting things like the Fourth Amendment and the idea of checks and balances just takes too long -- even when it means spending a hour trying to talk someone into granting consent for a search, rather than phoning a judge to get a warrant sworn out. The ODNI's complaint is, basically, it doesn't want anyone arguing for the rights of Americans (who get swept up in collections and deliberately targeted by the FBI) or on behalf of the rest of the world the NSA views as little more than a prolific source of data.

Wyden also wanted to know who's allowed to unmask US persons in NSA collections. The ODNI answered "any authorized recipient" of NSA intelligence, which hardly answers the question. Drilling it down a little further, the ODNI noted it has 20 individuals in the NSA who can authorize unmasking. There are doubtless many more in the FBI, which can use 702-derived collections to search for evidence of nearly any criminal activity or just browse stuff if it can be argued the information is already "publicly available." The decision to unmask US persons in the FBI is left to "agents and analysts" conducting "fully predicated investigations."

As for its all-but-abandoned duties to inform defendants of the use of Section 702-derived evidence, the ODNI explained it will almost never have to do this because of parallel construction.

As we have publicly stated previously, the Department has concluded that in determining whether information is "derived from" FISA-authorized surveillance, including Section 702, the appropriate standards and analyses are similar to those applied in the context of surveillance conducted pursuant to the criminal Wiretap Act, Title of the Omnibus Crime Control and Safe Streets Act of 1968, 18 U.S.C. 2510-2522. As such, the "derived from" standard incorporates a "fruit of the poisonous tree" analysis analogous to that conducted under the Fourth Amendment exclusionary rule context. The general question under a "fruits" analysis is whether the evidence was acquired as an indirect result of the surveillance, taking into account doctrines such as independent source, inevitable discovery, and attenuation.

In other words, if there's any way the government could have conceivably obtained this evidence -- rather than the way it actually did it -- the DOJ can bypass its notification obligations.

As for the number of times Intelligence Community components access purely domestic communications -- either directly or "incidentally" -- the ODNI is nowhere closer to providing the numbers explicitly requested by Sen. Wyden on multiple occasions or fulfilling the reporting requirements of USA Freedom Act.

The ODNI claims one recipient of 702 data (the CIA) "does not currently have the technical capability" to track these numbers. According to the ODNI, this capability won't be up and running until the end of 2018. The ODNI goes on to point out the FBI performs no internal tracking of its 702 searches/queries and makes no statement suggesting the agency is even looking into providing these numbers. The NSA, however, performed 30,355 "queries" on US persons' data, using 2,280 "approved" search terms.

The ODNI also explains the difference between a "query" and a "search" in reference to accessing unminimized domestic data and communications. A "query" flags relevant data in existing collections. A "search" actually looks at the contents of communications. In both cases, the ODNI says no warrant is needed. If the domestic communications are swept up lawfully (as part of a FISA-ordained collection), there's no Fourth Amendment violation when content is accessed by a "search." The legal rationale is that the Fourth Amendment is adhered to during the collection process, so it cannot possibly be violated when the collections are accessed by the FBI, NSA, CIA or other IC component.

Wyden's long-running question about incident collection of US persons communications remains unanswered. Questions about the FBI's prolific use of NSA data have been answered with a shrug. The DOJ has been given a pass on its evidence source obligations and IC components have multiple ways of search foreign-facing collections for US persons communications and data, all while supposedly upholding Fourth Amendment ideals. These are the powers the ODNI wants to see renewed for several years with zero changes to the status quo and, given the looks of surviving legislation, its wishes might come true.

Read More | 15 Comments | Leave a Comment..

Posted on Techdirt - 5 December 2017 @ 3:46pm

Senator Kamala Harris Serves Up A Not-Completely-Terrible Revenge Porn Bill

from the Oscar-season-but-for-pet-projects dept

Senator Kamala Harris -- famous here mostly for her constant, Quixotic attempts to turn Backpage into a criminal defendant -- is now crafting laws at the federal level. Her support for the internet-crippling SESTA is already known. Her next target, apparently, is revenge porn purveyors.

Harris' bill [PDF] will likely be remembered more for its too-clever acronym than its content. The ENOUGH Act of 2017 (brace yourself: Ending Nonconsensual Online User Graphic Harassment) is another attempt to criminalize revenge porn at the federal level. The problem is the subject matter is slippery and difficult to nail down precisely enough to avoid First Amendment concerns.

The bill does make an attempt at narrowly crafting a definition and at least tries to limit the liability of platforms hosting user-generated content, but it still has some issues. For one, the definition of images covered by the act is a bit too vague to prevent the possible criminalization of harmless images.

The term ‘intimate visual depiction’ means any visual depiction (as that term is defined in section 2256(5)), in original or modified format, of an individual who is reasonably identifiable from the image itself or information displayed in connection with the image, in which—

(A) the individual is engaging in sexually explicit conduct; or

(B) the naked genitals or post-pubescent female nipple of the individual are visible.

The non-consensual sharing of photos of men clad only in their underwear is apparently fine as only the female nipple is afforded protection. And if all it takes is an exposed female nipple to trigger possible charges, anyone who captures images of wardrobe malfunctions, breastfeeding mothers, or topless protesters better have some waiver forms on hand.

But beyond that, there's the issue of sharing of any explicit depiction without the consent of all parties. Any non-consensual sharing of depictions of sexual activity and/or nudity is criminalized unless the person can show the sharing was a "matter of public concern." This would be the bill's journalism exception. There are also exceptions for law enforcement, legal proceedings, and "good faith" reporting of unlawful activity.

What makes this bill a bit better than many of its competitors is the burden placed on the government to prove intent.

[I]t shall be unlawful to knowingly use any means or facility of interstate or foreign commerce to distribute an intimate visual depiction of an individual—

(1) with knowledge of or reckless disregard for—

(A) the lack of consent of the individual to the distribution;

(B) the reasonable expectation of the individual that the depiction would remain private; and

(C) harm that the distribution could cause to the individual; and

(2) without an objectively reasonable belief that such distribution touches upon a matter of public concern

The bill also drags service providers into the mix, but fortunately doesn't expect them to police content or otherwise threaten their Section 230 protections. The only service providers that would be targeted would be those that "intentionally solicit and predominantly distribute content" that the provider "knows" is in violation of the law. So, there's intent needed to be proven there as well.

Still, the bill has some questionable components. First, the bill treats threats of publication as equally criminal as actual publication. In both cases, violators could be subject to an unspecified fine and up to five years in prison. It also includes an extraterritoriality clause that would allow the US to pursue overseas violators as long as the subject depicted was an American. We'll have to see if that still holds up once Congressional lawyers have taken a look at it.

Overall, the bill isn't terrible. It requires a showing of intent, something other revenge porn laws have disregarded. It does still present some First Amendment issues because the stipulations attached to violation (expectation depiction would remain private, distribution would cause harm to the subject depicted, etc.) are bound to swallow up some journalistic endeavors or documentation of sexual assault allegations (if the latter isn't shared exclusively with law enforcement). The edge cases will be left to prosecutors' discretion, which definitely isn't a good thing. All the evidence needed to argue for less prosecutorial discretion is the long string of embarrassments committed by prosecutors pursuing charges against sexting teens.

Given the aggressiveness of Harris' pursuit of Backpage for sex trafficking, it's somewhat of a surprise to a Harris-backed revenge porn bill take a mostly hands off approach to internet service providers. Still, there's a chance the bill could be made worse after a few markup rounds, turning it from an almost-acceptable piece of legislation into a speech-chilling, Section 230-damaging monstrosity.

Read More | 24 Comments | Leave a Comment..

Posted on Techdirt - 5 December 2017 @ 12:10pm

Intelligence Director Says Gov't Can Demand Encryption Backdoors Without Having To Run It By The FISA Court

from the keeping-secrets-from-the-secret-court dept

A set of questions from Senator Ron Wyden -- directed at the Office of the Director of National Intelligence -- have finally received answers. The answers [PDF] were actually given to the Senate oversight committee in July but have just now been made public.

Zack Whittaker of ZDNet has taken a look at the answers the ODNI provided and found something that indicates the government can not only compel the creation of backdoors, but can do so without explicit approval from the FISA court.

The government made its remarks in July in response to questions posed by Sen. Ron Wyden (D-OR), but they were only made public this weekend.

The implication is that the government can use its legal authority to secretly ask a US-based company for technical assistance, such as building an encryption backdoor into a product, but can petition the Foreign Intelligence Surveillance Court (FISC) to compel the company if it refuses.

In its answers, the government said it has "not to date" needed to ask the FISC to issue an order to compel a company to backdoor or weaken its encryption.

The government would not say, however, if it's ever asked a company to add an encryption backdoor.

The way this process works is the agency requesting the backdoor or other compelled assistance runs the request by the FISA court. This process does not ask the FISA court to approve the method used, nor does it provide the court with details on the assistance sought. All the FISC determines is whether or not compelled assistance is necessary.

The ODNI maintains it has never asked for compelled decryption or the installation of backdoors… at least not under this authority. If it has, there'd be little in the way of a paper trail to prove it. The FBI, as part of the Intelligence Community, appears to be more interested in securing the help of US courts -- something that would prove far more useful in the long run, considering its domestic focus.

This information comes at a critical time. The surveillance wing of the government wants Section 702 (and related authorities) renewed at the end of this year -- unaltered and with at least a half-decade before the next chance of reform. So far, its two Congressional oversight bodies have been compliant with the IC's wishes. Serious reform efforts have been dumped by both House and Senate judiciary committees, leaving only those authored by longtime surveillance state cheerleaders in the running. With limited oversight and an easy way to route around FISA roadblocks, Section 702 reform is badly needed if we have any hope of the next decade being less filled with Fourth Amendment violations than the last one.

Read More | 31 Comments | Leave a Comment..

More posts from Capitalist Lion Tamer >>