Posted on Techdirt - 27 March 2017 @ 3:22am
Twitter's latest Transparency Report contains a new section that shows some governments may be trying to use Twitter's own rules to achieve censorious goals. Legislators and misguided lawsuit plaintiffs have been complaining for years social media services don't do enough to curtail terrorists and terrorism-related content. This has been the subject of multiple lawsuits and multiple Congressional hearings.
However, governments can only do so much to pressure social media services into regulating content. If the government steps in to set the rules, then it crosses the line. The US government has, so far, been unwilling to act as a direct censor of content. Other governments have no qualms about censorship, but have found their efforts somewhat blunted by Facebook, Twitter, etc. being US-based companies, where compliance with foreign directives is a nicety, not a legal requirement. Of course, both companies have voluntarily acted as local censors in response to foreign laws and legal threats.
Fortunately for these governments, Twitter has a way to let them achieve their censorship goals without having to resort to legal threats or new legislation. The new way to control content lies in the site's terms of service, as the Twitter blog post points out.
For the latest reporting period (July - December 2016), this new section is limited to data about government reports to remove content in violation of Twitter’s terms of service (TOS) against the promotion of terrorism. This does not include any legal requests, regardless of whether they result in a TOS violation, which will continue to be published in our Removals Requests report.
For the last six months of 2016, Twitter received reports on nearly 6,000 accounts from a total of 716 reports by government agencies. The numbers aren't broken down any further than that, so there's no telling which governments are utilizing this reporting system most. All Twitter is reporting is that less than 2% of account suspensions are the result of government reports and that it's refused to act on 15% of government-reported accounts. Each account is counted only once, even if there are multiple reports or multiple tweets reported by government agencies.
So, does this government reporting qualify as censorship? It only would with Twitter's help. If Twitter is only removing legitimate requests for terrorism-related content, then government agencies are being treated no differently than any private citizen reporting similar content. If it's suspending accounts or removing tweets simply because the reporting government doesn't like what's being said (or who's saying it), then it's acting as a censorious extension of the reporting government.
7 Comments | Leave a Comment..
Posted on Techdirt - 24 March 2017 @ 2:23pm
The Right to Be Forgotten™ (New York State Edition) is dead. The Media Law Resource Center reports the senator behind the bill (Tony Avella) has pretty much killed it by striking the enactment clause. This means Avella is no longer sponsoring this bill, leaving it to wander the halls of state congress like a child whose father "just stepped out to get some smokes" ten years ago.
It's up to some other senator to step up and attach their name (and reputation) to an incredibly stupid law. I doubt there's a line forming, not after the negative press it's received. The Assembly version lives on, however. Assemblyman David Weprin has a matching proposal, with the same broad language that would make it a civil violation (paired with government-levied penalties) for any site/service providing "inadequate," "irrelevant," or "excessive" information someone wants stricken from the face of the internet.
This is Weprin's second attempt to institute a New York State-only "right to be forgotten." His previous version is identical to this year's model, which shows bad ideas are just as subject to stagnation as the merely mediocre ones. The difference this year is lots of attention has been paid to Avella's version -- which appears to be nothing but a quick copy-paste job with a new sponsor. The Senate version is an outcast. The Assembly version has merely been ignored for more than year.
There's zero chance this will become law in 2017. But, if Weprin's anything to go by, there's always next year. Until its eventual reintroduction, here's Ken White's (Popehat) take on the bill, which will hopefully be passed along to New York legislators for their consideration:
This bill is a constitutional and policy disaster that shows no sign that the drafters made any attempt whatsoever to conform to the requirements of the constitution. It purports to punish both speakers and search engines for publishing—or indexing—truthful information protected by the First Amendment. There's no First Amendment exception for speech deemed "irrelevant" or "inadequate" or "excessive," and the rules for punishing "inaccurate" speech are already well-established and not followed by this bill. The bill is hopelessly vague, requiring speakers to guess at what some fact-finder will decide is "irrelevant" or "no longer material to current public debate," or how a fact-finder will balance (in defiance of the First Amendment) the harm of the speech and its relevance. The exceptions are haphazard and poorly defined, and the role of the New York Secretary of State in administering the law is unclear. This would be a bonanza for anyone who wanted to harass reporters, bloggers, search engines, and web sites to take down negative information, and would incentivize such harassment and inflict massive legal costs on anyone who wanted to stand up to a vexatious litigant.
7 Comments | Leave a Comment..
Posted on Techdirt - 24 March 2017 @ 11:38am
Now that Edward Snowden has done all the leg work, the Intelligence Community is admitting that, yeah, maybe it should have been more upfront about the phone metadata collection. The soon-to-be-former NSA Deputy Director says it might have been better for the agency to be out ahead of the disclosures, rather than forced to play defense.
Richard Ledgett, who is retiring next month, said in an interview with Reuters that disclosing the secret program would have been difficult. But, he said, doing so might have mitigated the damage done by Snowden.
"That's one where I might have to say, yes," Ledgett said in his office at NSA headquarters in Fort Meade, Maryland. "That's one where maybe it would have been less shocking when Snowden did what he did."
Ledgett's not alone in feeling this way. Since the leaking began back in June 2013, several current and former officials have made similar statements. For one thing, controlling the disclosure means controlling the narrative. The IC could have pointed to several things in defense of the bulk domestic collection program, including:
a.) the lawfulness of the collection
b.) the rigorous oversight
c.) the strict compliance with FISA and the FISA court
d.) it's "just metadata"
Doing so might have headed off Snowden and other leakers. Possibly. At the very least, it would have bought the NSA some time and some narrative leeway before documents began being published showing:
a.) the collection's lawfulness was dubious at best
b.) the oversight was a joke
c.) the FISA court routinely discovered abuse by the NSA
d.) metadata exposes quite a bit of a person's life, actually.
Not quite as straightforward were Ledgett's comments on the Section 702 program, which provides backdoor domestic searches for a variety of government agencies, as well as harvests millions of communications from internet backbones. During the run-up to the Section 215 reauthorization two years ago, it sometimes appeared the NSA was willing to make deep compromises on the telephone metadata program in order to spare the internet collection the same sort of Congressional scrutiny.
Since 2011, oversight committee members (well, just a couple of them, actually) have been demanding an estimate of the amount of American communications incidentally-collected by the NSA with this program. Six years later, there have been promises made but none kept. At this point, Ledgett is just another IC official making promises no one seems to have any intent of keeping.
Privacy advocates have repeatedly demanded that the government share an estimate of how many Americans are ensnared by programs authorized under Section 702.
Intelligence officials have declined to do so. But Ledgett, in remarks earlier Tuesday at a forum sponsored by the Aspen Institute, said "yes" when asked if an estimate would be provided before year end.
We'll see. Deadlines have been ignored in the past and Ledgett's on his way out the door, so these are promises he can't be held responsible for not keeping.
7 Comments | Leave a Comment..
Posted on Techdirt - 24 March 2017 @ 10:20am
Late last year, a security researcher noticed what was believed to be an unusual amount of network traffic between Donald Trump's server and a Russian bank. A lot of bad reporting followed -- some it aided by the security researcher's conclusions -- which attempted to tie some spikes in spam to Trump's supposed collusion with the Russians.
It was a conspiracy theory borne of a researcher's belief something was happening, even when further research by others showed it to be a whole lot of nothing. At this point, only the die hard conspiracy theorists are still holding onto this spike in traffic between a Trump server and a Russian bank as evidence of anything.
Now, there's an additional wrinkle. The FBI is investigating possible connections between Trump and Russia that may have played a part in the election. Nothing has been confirmed by the FBI. As for the spike in network traffic noticed by the researcher, it can still be chalked up to the most boring of non-conspiracy theories: spammers using the same domain name server as both Trump's server and a Russian bank to spam recipients with hotel-related email.
The other party that can't let go of this conspiracy theory is the Russian bank's lawyers. CyberScoop reports Alfa Bank's lawyers have issued legal threats to a security researcher behind the Trump-Russia story.
In a document obtained by CyberScoop, Alfa Bank notified Indiana University computer researcher L. Jean Camp that it’s pursuing “all available options” after Camp’s research suggested the bank engaged in some form of communication with the Trump Organization. Washington-based law firm Kirkland & Ellis sent the letter on the bank’s behalf on March 17.
Alfa Bank is considering, among other things, using one of our nation's most easily-abused laws to pursue legal action against Camp for "promoting an unwarranted investigation" into the bank's ties to Donald Trump. The CFAA is cited as one route the bank may take towards making Camp pay for besmirching the reputation of the Russian bank. It also demands [PDF] she retain records possibly needed in upcoming litigation, including those detailed in this memorable sentence:
communications between you and the individuals you have publicly identified as a "loose group of concerned nerds" with whom you reportedly worked in concert regarding this matter
Being a security researcher is dangerous enough, even when you're 100% in the right. Legal threats tend to follow news of security breaches or unpatched exploits. When you follow the wrong conclusion because you're so sure you're right, you make things worse. The CFAA is a blunt weapon with surprising flexibility, and all the data researchers normally avail themselves of without issue can be twisted into "unauthorized access" by a complainant with sufficient motivation.
Read More | 7 Comments | Leave a Comment..
Posted on Techdirt - 24 March 2017 @ 9:08am
More than 100 phones taken from arrested Inauguration Day protesters have had their data exfiltrated, apparently in hopes of pinpointing perpetrators of damage and additional (but unarrested) suspects. As Buzzfeed reports, the unusual investigative step doesn't appear to have been hampered by device encryption.
Prosecutors are extracting data from more than 100 locked cell phones seized during arrests in downtown Washington, DC, on President Trump’s Inauguration Day, according to court papers prosecutors filed on Wednesday.
Prosecutors said they had search warrants to pull data from the phones, which were taken from individuals arrested on Inauguration Day, including some who were not indicted. All of the phones were locked, according to the government, “which requires more time-sensitive efforts to try to obtain the data.” But the filing appeared to indicate that they were successful in accessing information on the phones.
Presumably, prosecutors are looking for communications and photos that will nail down charges against protesters who directly caused $100,000 worth of damage. (Or maybe they're just looking for paystubs?) Another clue can be found in the Motion for Protective Order [PDF] filed by the US prosecutor before turning over the data to defendants' lawyers.
The police were able to arrest approximately 230 of the rioters that day; all of them were charged with violating DC. Code 22-1322 (Rioting or inciting to riot). However, many other rioters evaded arrest by forcibly charging police officers and fleeing.
It looks like the government prosecutor isn't satisfied with the 214 indictments it already has. Cell phones of "unindicted arrestees" have also been searched. Unusually, the data collected isn't being separated. Instead, defense attorneys will have all the access prosecutors have: a full dump of everything and the responsibility to sort out what is or isn't relevant to their case.
According to the filings on Wednesday, the government plans to produce the information it collects from the seized phones to the defendants by way of an electronic database that would be made available to defense counsel. The extracted data includes irrelevant personal information, prosecutors said, so they’re seeking an order from the court that would prohibit defense lawyers from copying or sharing information unless it’s relevant to defend their client.
The cell phone searches sound sketchy, especially when law enforcement has apparently acquired 100 cell phone-sized warrants or, worse, one warrant to search them all. The cell phones searches aren't the government's only bulk operation. Prosecutors are also hoping to prosecute in bulk, dividing the 200+ indictees into four categories for faster processing. One of the defense lawyers involved is fighting this move, pointing out the Constitution takes precedence over the government's convenience.
Christopher Mutimer, a defense lawyer representing one of the defendants, told BuzzFeed News by email on Wednesday that he would oppose efforts by the government to hold joint trials.
“These cases should be tried individually in a manner that protects each individual defendant’s constitutional rights,” Mutimer said. “Not in groupings that make the trials most convenient for the government. Grouping individuals for trial creates a danger of wrongful convictions based on guilt by association.”
Other constitutional inconveniences will have to wait as well. The presiding judge hasn't granted the data dump court order yet but has told arrestees any unconstitutional searches will have to be sorted out during their trials, not prior to prosecution. Expect statements of expertise from law enforcement officers where the word "drug dealer" has been replaced with "protester" to explain the likelihood of finding evidence of
drug dealing felony rioting on more than 100 seized and searched cell phones.
Read More | 43 Comments | Leave a Comment..
Posted on Techdirt - 23 March 2017 @ 11:03pm
Is it possible to arrest an unarmed homeless person without destroying the residence he's hiding in? To the Fresno County Sheriff's Department and Clovis PD (and far too many other law enforcement agencies), the question remains rhetorical.
David Jessen's farmhouse felt the full, combined force of two law enforcement agencies and all their toys last June. According to his lawsuit [PDF], a homeless man was rousted from a nearby vacant house after he was discovered sleeping in the closet. He left peacefully but was soon spotted by the construction crew breaking into Jessen's house. The construction worker, god bless him, called the police because he thought they could help.
Jessen was notified shortly thereafter. He returned home to find four sheriff's office cars parked at his residence (one of them "on the lawn," because of course it was) and a deputy yelling at his house through a bullhorn. According to the deputies, the homeless man refused to come out and threatened to shoot anyone who came in. Jessen was asked if he had any guns in the house. He replied he did, but two were unloaded and had no ammo and the third was hidden so well "only he could find it."
Jessen was asked to move his pickup truck and leave the area for his own safety. The deputies also asked for a house key and for the garage to be opened before he left. Jessen and his family went to a friend's house about a quarter-mile away. Several hours later, he was told he could return home. This is what Jessen returned to:
As David was driving toward the home from Jensen David counted approximately fifty-five (55) or more law enforcement vehicles. David was then ordered to park along Rolinda Avenue north of his home and instructed to walk to his home. On his way to his home David was stopped by a SWAT person who told him the “operation” was concluded, A second Fresno County Deputy Sheriff, that Jessen’s are informed and believe and upon information and belief allege was a Lieutenant, handed David a card and said “we have insurance for this.”
We'll pause there for a moment and consider the effect this must have on recipients. This is basically a message telling them their stuff has been damaged/destroyed. Not that the law enforcement agency cares. It might end up with higher premiums, but each officer involved still has an undamaged residence to go home to, unlike "civilians" like Jessen, whose houses happen to be at the wrong place at the wrong time. Insurance in the hands of officers like these is a permission slip, rather than a liability buffer.
A third Fresno County Deputy Sheriff showed David the damage and David was overwhelmed by the severity and extent of the damage to the residence. The damage to the Jessens’ residence was massive and extensive. The magnitude of the damage to the Jessen’s’ home was unreasonable and unjustified, needlessly implemented to capture a singular, surrounded, unarmed, hungry, homeless person who posed no danger to anyone, and cooperated in leaving the neighbors residence earlier.
Here's the full list of what local law enforcement deployed to handle a single, resistant homeless person:
a. Utilized over 50 vehicles;
b. A K-9 unit,
c. Two helicopters;
d. Two Ambulances;
e. One Fire Truck;
f. A Crisis Negotiation Team arriving in a large motor home, that Plaintiffs are informed and believe included communications equipment and other support equipment;
g. A Robot;
h. SWAT Team; and
I. Back Up SWAT Team — Clovis City Police.
Now, the officers might have been concerned the homeless person had armed himself with one of Jessen's weapons, despite his assurances they were well-hidden/unloaded. Even so, they had plenty of options available that didn't include doing all the things they did instead.
a. Ripped out the wrought iron door and interior door to the Jessen’s home office;
b. Pulled the wall of the office off the foundation;
c. Broke the window to the office;
d. Teargassed the bathroom near the office;
e. Shattered the sliding glass door to the home for “robot” entry;
f. Ripped the wrought iron door off the laundry room;
g. Teargassed the laundry room;
h. Flash bombed the laundry room and the business office that resulted in breaking six (6) windows;
i. Teargassed the kitchen;
j. Teargassed the master bathroom;
k. Teargassed the sewing room;
l. Teargassed the bedroom in the northeast corner of the home; and
m. Destroyed over 90 feet of exterior fencing with a SWAT vehicle.
For reasons only known to the Sheriff's Department, a deputy continued to search for hidden handgun on Jessen's effed-up residence. He was only able to "recover" after receiving specific directions over the phone from Jessen to locate it. All guns were immediately returned to Jessen, making this last search -- which occurred nearly two hours after Jessen was given an insurance card and a broken home -- especially pointless.
In total, the interloping homeless person cost Jessen one window, an ice cream bar, some milk, and half a tomato. According to the lawsuit's allegations, the two law enforcement agencies rang up more than $150,000 in damaged property. Jessen alleges a long list of constitutional violations but also something a bit more whoa if true:
All of this military-like activity was implemented and completed without Jessen's request, approval, or consent. Jessens are informed and believe the training operation was undertaken because the Fresno County Sheriff’s Department and/or Clovis Police Department had found, by accident, the perfect location to conduct a training exercise on a rural home, on a dead-end street, in rural Fresno County, where “civilians” were not present, “civilians” were not going to congregate, “civilians” were not going to observe or interfere with the military training assault on the Jessen’s home and the situation posed no risk of injury to the officers. The Fresno County Sheriff‘s Department and Clovis Police Department seized upon this fortuitous opportunity to engage in a real-life training exercise.
Unless something amazing comes out of discovery during litigation, this claim is unlikely to survive. And chances are it won't survive an initial reading. Jessen is probably safer staying the Constitutional lane. But there is a hint of truth to the allegation, even if there was no provable intent to use Jessen's house as a SWAT team training ground. Law enforcement agencies spend a lot of money on tools and tactics which are rarely deployed. Recognizing a chance to take all the toys out for a spin isn't necessarily a conspiracy… it's just what happens when you have more power than restraint. That's what turns a "standoff' in which the suspect is armed with half an ice cream bar into a mostly-unusable house.
Read More | 63 Comments | Leave a Comment..
Posted on Techdirt - 23 March 2017 @ 12:46pm
Here come even more revelations of surveillance abuse by UK law enforcement. To date, various law enforcement agencies have been exposed as participating in very broad readings of very broadly-written anti-terrorism laws to spy on journalists and activists. The latest abuse detailed by The Guardian concerns the surveillance of activists by UK law enforcement on behalf of a foreign government.
The police watchdog is investigating allegations that a secretive Scotland Yard unit used hackers to illegally access the private emails of hundreds of political campaigners and journalists.
The allegations were made by an anonymous individual who says the unit worked with Indian police, who in turn used hackers to illegally obtain the passwords of the email accounts of the campaigners, and some reporters and press photographers.
Hacked passwords were passed to the Metropolitan police unit, according to the writer of the letter, which then regularly checked the emails of the campaigners and the media to gather information. The letter to Jones listed the passwords of environmental campaigners, four of whom were from Greenpeace. Several confirmed they matched the ones they had used to open their emails.
This is more of the same for any UK agencies with access to surveillance tools and easily-abusable laws. These complaints are adding to the pile sitting in front of the Independent Police Complaints Commission. Not that the Commission will ever get to the bottom of this, as it's finding its oversight being thwarted by the agencies it's assigned to oversee.
Last month the IPCC said it had uncovered evidence suggesting the documents had been destroyed despite a specific instruction that files should be preserved to be examined by a judge-led public inquiry into the undercover policing of political groups.
The letter claimed that the shredding “has been happening for some time and on a far greater scale than the IPCC seems to be aware of”. The author added that “the main reason for destroying these documents is that they reveal that [police] officers were engaged in illegal activities to obtain intelligence on protest groups”
It's unclear what the Indian police -- who used hackers to obtain account passwords -- were looking for or why they turned to Scotland Yard for assistance. Those whose accounts were accessed were far from dangerous individuals. Although the activists may be vehemently opposed to UK government policies and the actions of several major corporations, the worst of the worst of those confirmed to be surveilled did 80 hours
hard time community service stemming from an incident where unwanted solar panels were forcibly installed on a deputy prime minister's house.
Presumably, the valuable info snagged from hacked accounts gave police on both sides heads up on planned demonstrations, as well as any other non-protest-related conversations the activists might have had. Considering what flows into the average email account, police could have gained access to financial transactions, medical information, and conversations between activists and those with zero interest in making the world a subjectively better place.
Fortunately, the documentation backing up the hacking accusations is still in the hands of repentant hackers, rather than headed for the Scotland Yard shredder.
11 Comments | Leave a Comment..
Posted on Techdirt - 23 March 2017 @ 3:23am
The Santa Maria (CA) Police Department -- like the FBI -- is in the fake news business. Last February, it issued a bogus press release via online service Nixle, falsely stating it had apprehended two suspects. This was picked up by local news sources and redistributed. It wasn't until until December that the ruse was uncovered. The Sun -- which hadn't released a story on the bogus press release -- discovered this fact in a pile of court documents. (h/t Dave Maass)
Police allege in the court documents that members of the local MS-13 gang planned to kill the two men, referred to in court documents as John Doe No. 1 and John Doe No. 2. Police had gleaned this information from telephone surveillance on several suspects in the case, according to the documents. The police acted by putting out the false press release, expecting local news media to report the fake story and the MS-13 gang members to stop pursuing the John Does.
The police chief confirmed the PD had issued the fake press release knowingly. He also remained unapologetic, stating that misleading journalists served a greater good: keeping two gang targets alive. He has yet to remove the bogus press release from Nixle, even though it violates the service's terms, which forbid knowingly publishing "fraudulent, deceptive, or misleading communications."
[S]anta Maria Police Chief Ralph Martin wasn’t aware what the terms of service were or that they existed when initially asked by the Sun. At first, Martin said he’d more than likely take the press release down, but then he changed his mind.
“I don’t have any plans to take it down,” Martin said, adding that he has yet to be notified by Nixle. “If it violates their policy then it’s Nixle’s policy to contact us.”
The department has also refused to apologize to the news services it misled, most of which rightly feel this diminishes the public's trust in its public servants.
According to Chief Martin, it was a "moral and ethical" decision to lie to the public. He also says this is the first time in his 40 years as a cop he's seen this sort of thing done. Of course, it's now much more difficult to take this assertion at face value, especially when Martin's refusing to remove fake news from a site after it's already served its purpose.
This may be the first time the Santa Maria PD has deceived the press, but it's certainly not the first time it's deployed fake "facts" as a means to an end. The Sun reported earlier the PD had -- on multiple occasions -- presented fake sworn affidavits and statements to criminal suspects in hopes of provoking confessions or securing plea bargains.
Police reports obtained by the Sun verified [Jesus] Quevedo’s claims, showing SMPD Gang Task Force officers had indeed presented Quevedo with a search warrant issued by Judge Beebe on April 15, with a false document included.
“I had previously prepared a ruse affidavit,” [Detective David] Cohen wrote in his report in Quevedo’s case. “The ruse affidavit contained details of two crimes for which Quevedo was being investigated. Many of the details were true, and many were fabricated.”
The ruse highlights several actual unsolved robberies, including a home invasion in Santa Ynez, where an eyewitness describes a man matching Quevedo’s characteristics fleeing the scene. A mugshot of a smiling Quevedo is circled with a “100%” marked over his name, indicating the victim of the invasion also had positively identified Quevedo as the robber.
Other fabrications include an anonymous neighbor seeing a car matching Quevedo’s parked outside the scene of one of the robberies, as well as statements from confidential citizens alleging Quevedo’s strong ties to the Mexican Mafia.
Other convicts have contacted The Sun claiming to have been subjected to the same ruse. Those claims are probably as trustworthy as the police chief's, but evidence appears to show this ruse has not only been used more than once, but that the District Attorney's office feels it's a perfectly legal strategy.
Asked to comment, the Santa Maria Police Department referred all questions regarding Quevedo’s case—and the ruse tactic in general—to Chief Deputy District Attorney Steve Foley and Deputy District Attorney Bramsen. Bramsen did not return phone calls from the Sun, though Foley confirmed Cohen had met with Bramsen before employing the ruse.
“Our office was consulted by the police department on this particular ruse,” Foley said. “The police did in fact say, ‘Would this be a legal ruse?’ and [Bramsen] researched it and felt, based on her legal research, it was a legal ruse.”
The DA's office clarified it had simply said the fake affidavit plan was legally in the clear, but it had never told the PD to follow through with it… as if there were really any distance between those two stances. The office maintains this is all part of its "ethical" prosecution of lawbreakers.
It also said, ridiculously, that attempting to trick people into confessions or plea agreements with fake witness statements and fake evidence isn't actually an attempt to trick people into confessions or plea agreements.
In a written opposition to the motion, the DA argued there was nothing improper about the use of the ruse affidavit in Quevedo’s case, because prosecutors and police never intended the document to be used in court, either to obtain a search warrant or to coerce a false confession.
Ah. The PD was only interested in coercing a true confession. I guess that makes it ok.
Or not. The judge presiding over Quevado's case didn't find it quite as legally-acceptable as the DA did.
While the judge stopped short of issuing any sanctions against Cohen, Parker, or the DA’s office, she ruled all evidence obtained through the use of the ruse affidavit would be inadmissible in Quevedo’s case.
“The police can do a lot of things,” she said. “But when they use a false affidavit, intending for it to be believed as true, with the judiciary’s signature, that conduct cannot be tolerated.”
If the PD feels the ends justify the deceptive means, how exactly does it justify making its own evidence inadmissible? If the "end" is to get criminals off the street, how does undercutting the prosecution achieve that end?
The public isn't just being deceived by fake press releases. It's being deceived about the effectiveness of its law enforcement agencies, who are willing to damage their own cases in their hurry to file charges and commence prosecutions.
34 Comments | Leave a Comment..
Posted on Techdirt - 22 March 2017 @ 4:14pm
Perhaps the thinnest skinned politician on the planet -- Recip "Gollum" Erdogan -- is at it again. His legacy of injunctions, legal threats, and even copyright abuse continues. The latest to draw Erdogan's wrath is Switzerland, which, to be fair, has drawn his wrath in the past. The repeat "offender" was targeted by Erdogan in 2016 for an art exhibit he didn't care for. This wouldn't have happened if Switzerland didn't have a law on the books forbidding insulting foreign leaders. Erdogan has the uncanny ability to sniff out foreign laws that might help him remain un-insulted, but so far has only managed to Streisand himself into infamy.
This time around, it's a Swiss tabloid earning the Turkish president's disdain/threats of prosecution.
The Zurich-based tabloid Blick made Turkish television on Monday night when the country’s president Recep Tayyip Erdogan held up an edition of the Swiss paper with the front-page headline ‘Vote no to Erdogan’s dictatorship’.
The article in German and Turkish called for Turks in Switzerland to vote no in the April 16th referendum which, if successful, would give more powers to Erdogan.
Seems like a logical stance. Erdogan has abused every power he's been given. There's really no reason for other countries to give him more powers to abuse, even indirectly. The Turkish government went full Godwin in response, comparing this editorial's call for a "no" vote to Nazism.
Obviously, the Turkish government saw no irony in immediately demanding the Switzerland government do something about the tabloid's "insults." It has sent four requests for "legal aid," presumably in hopes of getting the tabloid's writers/publishers locked up for saying bad things about the Turkish president.
The Swiss government has responded, telling Turkey to stick to bullying its own citizens.
On Thursday a spokesman from the Swiss justice office, Folco Galli, told broadcaster SRF that four requests lodged by Turkey in mid January had been rejected, citing free speech.
Switzerland would only be obliged to cooperate if the act concerned was considered a crime in both Turkey and Switzerland, he said.
Speaking to the SRF Galli said: “If similar criticisms had been expressed in Switzerland against a federal councillor in the course of a political debate, they would of course have been tolerated as an expression of free speech.”
Which is precisely why the pending referendum should be shot down. The tabloid has perfectly demonstrated why such a law should not be instituted in Switzerland. If it had already been law, Switzerland's government might have been more inclined to assist Erdogan in pushing the editorial's writer.
The statement by the Swiss official is a healthy affirmation of Swiss citizens' protections, but is likely unintelligible to those it's directed at. "Tolerance" and "free speech" are concepts the Turkish president is completely unfamiliar with. As is pointed out in the article, the Turkish government is currently pursuing 2,000 domestic prosecutions over "insulting" social media posts and cartoons. Apparently Erdogan feels his persecution success at home should translate easily abroad. Fortunately for citizens in other countries, it doesn't.
20 Comments | Leave a Comment..
Posted on Techdirt - 22 March 2017 @ 11:44am
The Third Circuit Court of Appeals has ruled that passwords can be compelled with All Writs Orders. Handing down a decision in the case of Francis Rawls, a former Philadelphia police officer facing child porn charges, the court finds the order lawful, but doesn't go quite as far as to determine whether compelling password production implicates the Fifth Amendment.
The Third Circuit doesn't touch the Fifth Amendment implications because Rawls failed to preserve them.
Even if we could assess the Fifth Amendment decision of the Magistrate Judge, our review would be limited to plain error. See United States v. Schwartz, 446 F.2d 571, 576 (3d Cir. 1971) (applying plain error review to unpreserved claim of violation of privilege against self-incrimination). Doe’s arguments fail under this deferential standard of review.
Orin Kerr highlights a footnote from the order [PDF], which shows even if the court had addressed the Fifth Amendment implications, it likely would have sided with government based on its interpretation of the government's "foregone conclusion" argument.
It is important to note that we are not concluding that the Government’s knowledge of the content of the devices is necessarily the correct focus of the “foregone conclusion” inquiry in the context of a compelled decryption order. Instead, a very sound argument can be made that the foregone conclusion doctrine properly focuses on whether the Government already knows the testimony that is implicit in the act of production. In this case, the fact known to the government that is implicit in the act of providing the password for the devices is “I, John Doe, know the password for these devices.” Based upon the testimony presented at the contempt proceeding, that fact is a foregone conclusion.
However, because our review is limited to plain error, and no plain error was committed by the District Court in finding that the Government established that the contents of the encrypted hard drives are known to it, we need not decide here that the inquiry can be limited to the question of whether Doe’s knowledge of the password itself is sufficient to support application of the foregone conclusion doctrine.
This interpretation limits what the government has to assert to avail itself of this argument -- one that's sure to become more common as default encryption comes to more devices and communications services. As applied here, the government only has to show the defendant knows the password. It doesn't have to make assertions about what it believes will be found once the device/account is unlocked. (That being said, the DHS performed a forensic scan of the one device it could access -- the MacBook Pro -- and found data and photos suggesting the locked external drives contained more child pornography.)
The court also addresses the All Writs Act being used to compel password production in service to a search warrant that still can't be fully executed.
Doe asserts that New York Telephone should not apply because the All Writs Act order in that case compelled a third party to assist in the execution of that warrant, and not the target of the government investigation. The Supreme Court explained, however, that the Act extends to anyone “in a position to frustrate the implementation of a court order or the proper administration of justice” as long as there are “appropriate circumstances” for doing so. Id. at 174. Here, as in New York Telephone: (1) Doe is not “far removed from the underlying controversy;” (2) “compliance with [the Decryption Order] require[s] minimal effort;” and (3) “without [Doe’s] assistance there is no conceivable way in which the [search warrant] authorized by the District Court could [be] successfully accomplished.” Id. at 174-175. Accordingly, the Magistrate Judge did not plainly err in issuing the Decryption Order.
This shows just how malleable the New York Telephone decision is. This 1977 Supreme Court decision paved the way for widespread pen register use. Since that point, it has been used by the DOJ to argue for the lawfulness of encryption-defeating All Writs Orders (as in the San Bernardino iPhone case), as well as by criminal defendants arguing these same orders are unlawful.
In Apple's case, the government argued the company was not "far removed" from the controversy, despite it being only the manufacturer of the phone. Apple's distance as a manufacturer provided its own argument against the DOJ's application of this Supreme Court decision.
In this case, the key words are "third party": Rawls is arguing this isn't nearly the same thing as forcing a phone company to comply with pen register orders. This is a "first party" situation where compliance may mean producing evidence against yourself for use in a criminal trial. The government likes the New York Telephone decision for its Fourth Amendment leeway. The defendant here is arguing this isn't even a Fourth Amendment issue.
As the court points out, it can't really assess the Fifth Amendment argument -- not when it hasn't been preserved for appeal. But even so, the court says law enforcement already has enough evidence to proceed with prosecution. If so, the only reason the government's pressing the issue -- which has resulted in Rawls being jailed indefinitely for contempt of court -- is that it wants a precedential ruling clearly establishing the lawfulness of compelling the production of passwords. The court doesn't quite reach that point, but the ruling here seems to suggest it will be easier (in this circuit at least) to throw people in jail for refusing to hand over passwords, since all the government is really being forced to establish is that it knows the defendant can unlock the targeted devices/accounts.
Read More | 33 Comments | Leave a Comment..
Posted on Techdirt - 22 March 2017 @ 10:40am
Back in 2012, a federal court ruled US websites were "places of public accommodation." The ruling (overturned on appeal) came in a lawsuit brought against Netflix by the National Association of the Deaf. It seems like an obvious conclusion -- more people get their information, news, and entertainment from the web than other sources. But the ruling had plenty of adverse consequences, especially for smaller, less profitable purveyors of online content.
Professor Eric Goldman -- who analyzes a ton of internet-related lawsuits -- had this to say at the time:
If websites must comply with the ADA, all hell will break loose. Could YouTube be obligated to close-caption videos on the site? (This case seems to leave that door open.) Could every website using Flash have to redesign their sites for browsers that read the screen? I'm not creative enough to think of all the implications, but I can assure you that ADA plaintiffs' lawyers will have a long checklist of items worth suing over. Big companies may be able to afford the compliance and litigation costs, but the entry costs for new market participants could easily reach prohibitive levels.
The payoff of this lawsuit -- along with the federal government's requirements for making websites "accessible" -- is finally here. A California university is placing 20,000 audio and video lectures behind a registration wall, making them less accessible to everybody, rather than risk being sued for not making them "accessible" to those with disabilities.
The University of California, Berkeley, will cut off public access to tens of thousands of video lectures and podcasts in response to a U.S. Justice Department order that it make the educational content accessible to people with disabilities.
Today, the content is available to the public on YouTube, iTunes U and the university’s webcast.berkeley site. On March 15, the university will begin removing the more than 20,000 audio and video files from those platforms -- a process that will take three to five months -- and require users sign in with University of California credentials to view or listen to them.
This move has more to do with the DOJ's ADA*
accessibility stance, although that stance roughly aligns with the court's 2012 findings. The DOJ is named specifically in the university's statements as being the impetus for it locking up its past content. Future releases will be issued with an eye on compliance, but past lectures are gone for good unless you happen to have the right credentials to view them.
*[This acutally stems from the FCC, not the ADA. Nate Hoffelder has more details in the comments. UPDATE: never mind.]
Then there's this part of the university's statement, which hints it may not all be related to accessibility-compliance.
Finally, moving our content behind authentication allows us to better protect instructor intellectual property from ‘pirates’ who have reused content for personal profit without consent.
I'm not sure how much of a problem Berkeley has had with content piracy. This statement could mean it's rampant or could simply mean it's something the university's lawyers have mentioned in passing as a concern. Either way, the move is related to control. What the public can't see, it can't complain about. And that keeps the DOJ at bay, even if it does little for the general public.
However, the piracy part of the statement might become relevant in the near future. It also shows the university's spokesperson isn't aware most of the lectures can't be "pirated." LBRY.io has already mirrored the 20,000 files due for removal, and it notes its move is compliant with the terms governing the sharing and distribution of the recorded lectures.
The vast majority of the lectures are licensed under a Creative Commons license that allows attributed, non-commercial redistribution. The price for this content has been set to free and all LBRY metadata attributes it to UC Berkeley.
The university may have a point about "personal profit," but simply hosting lectures at a site that sells stuff or makes money from ads isn't the same thing as "reusing content for personal profit." And the license the university uses doesn't require permission beforehand.
In the end, what we have is another regulation failure, where best laid plans become self-sabotaging debacles. Attempting to make the web universally-usable is an impossibility. No one's going out of their way to cut the deaf or blind out of the international conversation, but demanding all US sites be compliant with the DOJ's requirements is like demanding all books be made available in Braille and audio format. It's something only a few publishers can afford to do. Even fewer can afford to engage in a legal battle with the federal government over a lack of compliance, which means increased enforcement efforts will only result in less available content. That does nothing to level the playing field for Americans with disabilities.
45 Comments | Leave a Comment..
Posted on Techdirt - 21 March 2017 @ 4:19pm
Another "ag gag" law is in the works in Arkansas. These bills are brought under the pretense of safety -- both for the person supposedly breaking them, as well as for the employees of the entity "trespassed" upon. The unspoken aim of these laws is to prevent whistleblowing, and they often spring into existence after someone has exposed horrible practices at local businesses -- in most cases, the mistreatment of animals. The other consequence of most of these laws -- unintended or not -- is to deter employees from speaking up about questionable business practices, as there often is no exception carved out for employees of the companies protected by these laws.
Kaleigh Rogers of Vice reports another ag gag bill has passed the Arkansas state House and is on its way to a Senate vote. And once again, the bill's wording would deter whistleblowing and make journalistic efforts a civil violation.
Arkansas senators are considering a bill that would allow private businesses to sue whistleblowers that expose abuse or wrongdoing. The bill has already passed the house, but not without receiving plenty of dissent from Republican lawmakers, free speech proponents, and animal rights groups.
The law would make it legal for businesses to sue anybody who goes onto a business's private property and, among other acts, "records images or sound occurring within an employer's commercial property and uses the recording in a manner that damages the employer." This include undercover investigators, but also employees: unless an employee is just doing his or her job, any recordings or information that exposes wrongdoing could be grounds for a lawsuit.
In between all the wording [PDF] that would be expected in a normal trespassing law (unauthorized access, theft, damage to property) are clauses that make exposing wrongdoing grounds for a lawsuit. This section makes the law's deterrent to whistleblowing explicit.
Records images or sound occurring within an employer's commercial property and uses the recording in a manner that damages the employer.
That's combined with an earlier phrase that applies the law to employees, not just muckraking interlopers.
An act that exceeds a person's authority to enter a nonpublic area of commercial property includes an employee who knowingly enters a nonpublic area of commercial property for a reason other than a bona fide intent of seeking or holding employment or doing business with the employer and without authorization…
Excepted from the law are all sorts of government agencies, which are apparently welcome to damage places of employment at will. In addition to damages and fees assessed as the result of a civil action, the state has the option to hit violators (which includes anyone who "directs or assists" the whistleblower/journalist) with $5,000/per day in fines.
The representatives pushing this bill are pretending it's about safety.
Representative Aaron Pilkington (R), who voted in favor of the bill, said the language is intended to prevent people from trespassing and potentially putting themselves in danger.
"It's just about going into places you're not allowed to be in," Pilkington told me. "If you work in a daycare center and there are problems going on, you have every right to whistleblow on that. But if you hear there's a daycare three towns over where something's going on and you're sneaking in there with a video camera, that's not right."
That's a really weird -- and really dangerous -- assertion to make. Violations should be unseen and unheard, apparently… unless they happen to occur at your place of employment. And even then, the wording of the bill contradicts the protections Pilkington alludes to. The bill specifically forbids employees from entering areas not directly-related to their job description and making any sort of recording that "damages" their employer. Whistleblowing always results in some sort of "damage," even if that damage is purely reputational and can be repaired by swift corrective action.
The only reason to pass a bill like this (rather than use existing trespassing laws to punish unauthorized entry) is to deter reporting and whistleblowing. It serves no purpose otherwise. Supporters of the bill know this, though they'll never publicly acknowledge this fact. If it passes, it should expect an immediate constitutional challenge. The bill does too much damage to accountability and protected speech to survive a second read by the courts.
Read More | 33 Comments | Leave a Comment..
Posted on Techdirt - 21 March 2017 @ 9:33am
Because abusing the DMCA process only goes so far, some reputation management entities have begun exploiting an inattentive legal system to push lawsuits past judges. In some cases, these suits have featured fake plaintiffs filing bogus libel lawsuits against fake defendants and using a fake affidavit to fraudulently obtain court orders requiring Google to delist URLs.
Those engaged in this fraudulent behavior aren't likely to get away with it for much longer. Paul Alan Levy and Eugene Volokh managed to track down the person behind one set of bogus lawsuits and get the presiding judge to take a closer look at the bogus documents he was being handed. Pissed Consumer has also been reporting on others using the same MO, and has headed to court to get these suits examined and tossed.
The end of line for supposed reputation manager Richart Ruddie came at the hands of Volokh and Levy, with the judge granting discovery to the defendant after being apprised of the apparently fraudulent filings. Now that Richart Ruddie of Profile Defenders has been exposed, it looks as though he's given up the fight. Levy reports Ruddie has settled anti-SLAPP claims brought against him and is paying restitution for his reputation mismanagement.
The deal has now been signed, the $71,000 settlement sum has been paid in full, and the settlement agreement filed with the court along with a proposed order under which the Judge Smith would retain jurisdiction to enforce Ruddie’s obligation to move to get the fraudulent state court orders lifted, as well as to ensure that the former customers (that is to say, Smith, Rescue One Financial, and Financial Rescue) cooperate in Ruddie’s efforts in that regard. Their cooperation will likely be needed because they, not Ruddie, were the plaintiffs in the state-court litigation and hence the motions to lift the orders will have to be made in the names of those parties companies. It appears at the moment that the threat of being dragged back into the Rhode Island anti-SLAPP litigation has been sufficient to induce the companies and Smith to allow counsel retained by Ruddie to proceed in their names to get the fraudulent order lifted.
While that helps the defendant and partially takes care of Ruddie's liability (not to mention acts as a deterrent against future efforts of this sort), it doesn't do much to deter the other parties listed, who apparently knew Ruddie's courtroom efforts were shady and may have been fully complicit in the fraud. This settlement leaves them pretty much unscathed. There's still the possibility more fees are on their way from others involved in Ruddie's black hat SEO BS. But for now, it's all in Ruddie's name.
Levy's post provides a ton of background info behind the settlement he just collected, including this wonderful paragraph, in which an opposing lawyer claims Levy has an "ethical" obligation to put the opposition's interests ahead of his own.
Apparently, Hirschhorn [attorney for Richart Ruddie representing him for a criminal investigation brought by the state at the request of Judge Smith] was sharing some of the details of our negotiations, because when Rescue One [Ruddie's SEO client] lawyer Michael Mallow learned that I was still pursuing his client’s liability for an anti-SLAPP violation, he hit the roof. He demanded that I call him and, when I did, he began yelling into the telephone that it was my ethical responsibility to reach a complete settlement with Ruddie so that his client would not have to produce any documents. He brought Hirschhorn into the call and demanded that I give Hirschhorn a settlement number that included claims against his clients as well as Ruddie. When I explained that I did not have any basis to set a proposed compensatory damages figure because I had not completed a sufficient analysis to specify a number that I felt I could defend in litigation, Mallow said that this didn’t matter and that I should just make up a number so that there could be a settlement. Hirschhorn indicated that he would take a specific number with that disclaimer; when I articulated a number that was considerably higher than what Hirschhorn said he could get from his client, Mallow told me that it was possible that his own client might contribute to the settlement, but “if that happens you will never know.” That is, the deal would be structured to give his client deniability of any responsibility for the fraud.
The whole post by Levy is amazing and should be read in its entirety to get a better grasp on the cast of characters in this courtroom charade. It initially appeared as though Ruddie's reputation management scheme consisted of filing bogus lawsuits without his SEO clients' knowledge. That no longer appears to be the case. At least a couple of his clients appear to have known exactly how this was being handled and had zero problem with participating in Ruddie's fraudulent filings. The settlement may be an attempt to staunch Ruddie's bleeding, but it's pretty difficult to pitch reputation management services when yours is swirling the drain.
9 Comments | Leave a Comment..
Posted on Techdirt - 20 March 2017 @ 2:55pm
A couple of weeks ago, a federal judge in Utah decided prior restraint was the best way to handle a recently-filed defamation suit against Honest Mattress Reviews by Purple Innovations, makers of the Purple Mattress.
Purple's lengthy filing contained numerous allegations of harm caused by Honest Mattress Reviews' extended commentary on the white plastic powder covering every mattress Purple ships. It also alleged HMR was just a front for site owner Ryan Monahan's brand management work with Purple's competitor, Ghostbed. Rather than give HMR a chance to respond, the judge decided the review site could publish nothing further about Purple or the lawsuit. It wasn't even allowed to refer to its previous rating of Purple's mattress.
Honest Mattress Review didn't care much for this decision -- one it had been given no chance to contest. It immediately posted an article about the case and offered to comply with the letter of the order, but perhaps not its spirit.
This temporary order commands that we take down all reviews, and even cease rating this company with a rating of “Poor.” Yes, indeed, we are no longer even permitted to rate this company as Poor. I guess we will change its rating to “💩.”
Do you trust a company that, rather than compete in the marketplace, decides that it will just try and sue negative reviews out of existence?
Purple Innovations immediately returned to court, demanding it find HMR in contempt of its order, in particular pointing to the poo emoji and HMR's claims about the unconstitutionality of the order and Purple's alleged disingenuousness in filing the libel suit.
That review has since been reinstated and given this header image.
And HMR has published a long list of court documents it has filed in this case. This includes a motion to dissolve the restraining order and a preliminary examination of the powdery substance Purple claims is harmless and that HMR claims could be hazardous to purchasers' health.
In the motion [PDF] to dissolve the order, attorney Marc Randazza points out that fashioning a libel lawsuit as a tortious interference lawsuit doesn't change the ultimate goal of the litigation: to silence criticism.
The action is a quintessential SLAPP suit designed to suppress negative consumer journalism. Plaintiffs have cleverly attempted to disguise this defamation claim as a Lanham Act claim – presumably to ensure the availability of Federal Court jurisdiction and to try to side-step the clear case law that cuts against them in defamation actions. But, no matter how eloquently someone may call a “dog” a “chicken,” it will never lay eggs. And styling a specious defamation claim as a Lanham Act claim does not remove the underlying speech from the protections afforded by the First Amendment.
He also points out that Purple's claims that the plastic packing dust is harmless haven't been supported by anything Purple's willing to let customers and competitors view. Instead, it's only made vague assertions about its safety. And those statements are ultimately meaningless when examined closely.
Plaintiff sells mattresses that are made of a rubber honeycomb, which they then dust with a powder that they claim is made of plastic and has been shown to be polyethylene microspheres. In other words, someone who sleeps on these mattresses would be expected to inhale these microspheres. The Plaintiff claims that it is “non toxic” and “food grade” plastic – but this does not assuage the concerns. After all, a plastic fork is “food grade” and “non toxic” but you most certainly would not want to actually eat it. The same goes for what a person wants to put in their lungs. It was reasonable to be concerned about this “plastic powder” since (a) if the particles that make up this plastic “powder” are of a certain size, they will pass through the alveoli into the bloodstream; or (b) if they are a bit larger, they will simply lodge themselves inside the lungs.
To support its claims, HMR put a Harvard Professor of Pathology to work. Dr. John Godleski's report [PDF] is far from complete at this point, but what's contained in his preliminary examination of the powder doesn't appear to agree with Purple's assertions of harmlessness.
By Fourier Transformed Infrared spectroscopy (FTIR), the white powder particles were shown to be polyethylene, and the purple frame was found to be polyethylene-polypropylene copolymer. The foam portion of the mattress is still understudy, but has characteristics of butadiene, and may be a form of butadiene polymer.
Polyethylene is a common plastic formed into many structures. As inhalable microspheres, these have the potential to cause respiratory irritation especially when inhaled in large numbers as shown in my laboratory (1- 4). In addition, polyethylene has been associated with allergy in the form of either asthma or contact dermatitis in sensitized individuals (5-7). Based on this assessment, it is important for consumers to be aware of the composition of this fine particulate matter in the mattress which may be released into the air and has the potential for the development of respiratory or dermal hypersensitivity in some individuals.
Also included in the filed documents is an affidavit that undercuts Purple's claims about HMR's site owner being a competitor's "brand manager." This is central to Purple's Lanham Act claims -- the claims it's using to sidestep anti-SLAPP motions. The affidavit from the competitor (Ghostbed) notes HMR's site owner has never been directly employed by Ghostbed and that Ghostbed told him to stop referring to himself as its "brand manager" after noticing that statement on his Twitter profile.
The judge presiding over the case appears to have been overwhelmed by the pile of documents landing on his desk. A short order [PDF] issued on the 15th shows what can happen when a normally adversarial process is allowed to be, you know, adversarial.
For the reasons set forth in the parties’ briefing and at oral argument, the court finds a lack of “clear and unequivocal” support for a right to relief that is necessary for the entry of the “extraordinary remedy” of a preliminary injunction. Greater Yellowstone Coal v. Flowers, 321 F.3d 1250, 1256 (10th Cir. 2003). As such, the court hereby grants Defendants’ motions to dissolve the Temporary Restraining Order (Dkt. No. 36), and denies Plaintiff’s oral Motion to convert the Temporary Restraining Order into a Preliminary Injunction. The court similarly denies Plaintiff’s Motion for Leave to Conduct Expedited Discovery (Dkt. No. 39) and Motion for Order to Show Cause Why Defendants Should not be Held in Contempt (Dkt. No. 17). The court further denies Defendants’ request for sanctions, finding that such sanctions are not warranted here.
The restraining order is lifted and HMR's turd-laced post isn't in danger of being found contemptuous. The lawsuit should continue in a more constitutional fashion from this point forward.
Read More | 34 Comments | Leave a Comment..
Posted on Techdirt - 20 March 2017 @ 11:45am
It looks as though the Supreme Court may have to step in and settle a particularly thorny question involving the First Amendment, Second Amendment, national security interests, and 3D-printed weapons. Cody Wilson and his company, Defense Distributed, sued the State Department over its demands he cease distributing instructions for the creation of weapons and weapons parts.
The State Department came along too late to make much of a difference. It claimed Wilson's instructions violated international arms distribution laws, but by the time it noticed what Defense Distributed was doing, the instructions were all over the web. They still are, and no amount of litigation or government orders is going to change that.
What Defense Distributed is doing is perfectly legal in the United States. The State Department says it's illegal to put these instructions in the hands of foreign enemies. Since it can't control internet traffic, it's decided to take down the publisher.
That's the First Amendment implication, which can't really be separated from Second Amendment concerns considering the legality of distributing these instructions domestically. Last September, the Fifth Circuit Appeals Court found [PDF] in favor of the government and its national security concerns.
Because both public interests asserted here are strong, we find it most helpful to focus on the balance of harm requirement, which looks to the relative harm to both parties if the injunction is granted or denied. If we affirm the district court’s denial, but Plaintiffs-Appellants eventually prove they are entitled to a permanent injunction, their constitutional rights will have been violated in the meantime, but only temporarily. Plaintiffs-Appellants argue that this result is absurd because the Published Files are already available through third party websites such as the Pirate Bay, but granting the preliminary injunction sought by Plaintiffs-Appellants would allow them to share online not only the Published Files but also any new, previously unpublished files. That leads us to the other side of the balance of harm inquiry.
If we reverse the district court’s denial and instead grant the preliminary injunction, Plaintiffs-Appellants would legally be permitted to post on the internet as many 3D printing and CNC milling files as they wish, including the Ghost Gunner CNC milling files for producing AR-15 lower receivers and additional 3D-printed weapons and weapon parts. Even if Plaintiffs-Appellants eventually fail to obtain a permanent injunction, the files posted in the interim would remain online essentially forever, hosted by foreign websites such as the Pirate Bay and freely available worldwide. That is not a far-fetched hypothetical: the initial Published Files are still available on such sites, and Plaintiffs-Appellants have indicated they will share additional, previously unreleased files as soon as they are permitted to do so. Because those files would never go away, a preliminary injunction would function, in effect, as a permanent injunction as to all files released in the interim. Thus, the national defense and national security interest would be harmed forever. The fact that national security might be permanently harmed while Plaintiffs-Appellants’ constitutional rights might be temporarily harmed strongly supports our conclusion that the district court did not abuse its discretion in weighing the balance in favor of national defense and national security.
A lengthy dissent challenged the First Amendment implications of this decision, which brought prior restraint into play by forbidding Defense Distributed from posting new instructions, along with further distribution of plans it had already released. But the majority didn't find much it liked in the dissent -- at least not when weighing it against the government's national security interests.
The dissent argues that we “should have held that the domestic internet publication” of the technical data at issue presents no “immediate danger to national security, especially in light of the fact that many of these files are now widely available over the Internet and that the world is awash with small arms.” We note the following:
(1) If Plaintiffs-Appellants’ publication on the Internet were truly domestic, i.e., limited to United States citizens, there is no question that it would be legal. The question presented in this case is whether Plaintiffs-Appellants may place such files on the Internet for unrestricted worldwide download.
(2) This case does not concern only the files that Plaintiffs-Appellants previously made available online. Plaintiffs-Appellants have indicated their intent to make many more files available for download as soon as they are legally allowed to do so. Thus, the bulk of the potential harm has not yet been done but could be if Plaintiffs-Appellants obtain a preliminary injunction that is later determined to have been erroneously granted.
(3) The world may be “awash with small arms,” but it is not yet awash with the ability to make untraceable firearms anywhere with virtually no technical skill. For these reasons and the ones we set out above, we remain convinced that the potential permanent harm to the State Department’s strong national security interest outweighs the potential temporary harm to Plaintiffs-Appellants’ strong First Amendment interest.
The majority also pointed out the government can violate the First Amendment in the interest of national security, and that this court in particular seemed inclined to let it.
Defense Distributed asked for an en banc rehearing. That has been denied [PDF]. This denial gives the dissent the chance to lead off (so to speak), and the first thing it does is point out the obvious First Amendment violations.
The panel opinion’s flawed preliminary injunction analysis permits perhaps the most egregious deprivation of First Amendment rights possible: a content-based prior restraint. [...] First, the panel opinion fails to review the likelihood of success on the merits—which ten of our sister circuits agree is an essential inquiry in a First Amendment preliminary injunction case. Second, the panel opinion accepts that a mere assertion of a national security interest is a sufficient justification for a prior restraint on speech. Third, the panel opinion conducts a fundamentally flawed analysis of irreparable harm.
As the dissent points out, the majority chose to deploy prior restraint based on little more than the government's vague claims of insecurity.
The Government contends that the gun designs at issue could potentially threaten national security. However, this speculation falls far short of the required showing under Bernard and Nebraska Press, showing neither the immediacy of the danger nor the necessity of the prior restraint. Allowing such a paltry assertion of national security interests to justify a grave deprivation of First Amendment rights treats the words “national security” as a magic spell, the mere invocation of which makes free speech instantly disappear.
But this is exactly what the government does: make rights disappear with its "magic spell." And the courts continue to let it do this. In this case alone, the invocation of "national security" resulted in three consecutive decisions (district court and twice at the appeals court) in favor of prior restraint.
If the Supreme Court decides to review this, there's little in its track record suggesting it will do otherwise. But there's zero chance the government will let this go unregulated, even if the Supreme Court grants Defense Distributed a permanent injunction against the State Department. The government needs to have this threat of prosecution to hang over the head of Defense Distributed, as well as others with similar interests.
If this appears to operate in an area existing legislation can't touch, additional legislation will be introduced to address it. That may result in the government pressing ISPs into service to regulate internet traffic -- spying on users to catch them in the act of distributing illegal gun manufacturing plans. We'll have a Border Patrol but for the internet, maintained by private companies but overseen by the government.
It's not that there aren't potentially-serious repercussions from the distribution of 3D-printed gun plans. There's lots to be concerned about, but the concerns aren't new ones. Untraceable guns end up in the hands of people who aren't supposed to have them all the time. Printing one at home isn't a feasible reality for most people, especially those whose income and expertise are limited, which is most of the world.
Rights aren't sold separately. They're a bundle. The multiple opinions in this case have mostly ignored the Second Amendment implications in favor of examining the First. But those should be considered as well. If it's legal to manufacture these parts in the US, the State Department's order overreaches. Its concerns about worldwide distribution may be valid, but it's impossible to prevent this distribution without preventing Americans from doing something their government has told them it's ok to do.
Read More | 63 Comments | Leave a Comment..
Posted on Techdirt - 20 March 2017 @ 9:28am
If all else fails, blame the millennials.
[T]he former head of the CIA has a theory about a possible root cause of the leak: Millennials.
Michael V. Hayden, who was the CIA director until 2009, said that in order for the agency to engage in the digital espionage described by the documents, the agency must “recruit from a certain demographic” — in this case, younger hackers brought on to help with these efforts.
“I don’t mean to judge them at all, but this group of millennials and related groups simply have different understandings of the words loyalty, secrecy and transparency than certainly my generation did,” Hayden told the BBC in an interview this week. “And so we bring these folks into the agency, good Americans all, I can only assume, but again, culturally they have different instincts than the people who made the decision to hire them.”
That's Hayden's response to the CIA leak, which exposed the agency's exploits and device-targeting tactics. Hayden's saying people used to trust the government more. That's what this breaks down to, even if couched in Hayden's implicit demand youngsters remove themselves from his lawn, but leave any and all government documents behind.
"Transparency" should mean what it's always meant. But "transparency" is defined by government agencies and officials harboring zero desire to engage in it. We spent years listening to Obama pat himself on the back for increased government obfuscation and secrecy, something he referred to as the "most transparent administration." The word "transparency" is meaningless in the government's hands. That's why almost anything of significance is revealed by leakers/whistleblowers routing around the "official channels."
"Secrecy" means the same thing it always has as well. The government likes it. Citizens are not quite as enthralled with government secrecy, especially considering more and more of their lives are open books. An example: anyone shot by a police officer will have their criminal record immediately delivered to the press while EMTs are still checking for a pulse. Weeks or months will pass before law enforcement agencies release the name of the officer whose gun "discharged," much less their disciplinary record.
People of all ages are likely tiring of the government's insistence on keeping secrets, even as it engages in mass surveillance, reinterprets privacy-shielding laws on the fly, builds massive biometric databases, and declares the Constitution invalid within 100 miles of the border. It's not just millennials. It's everyone.
"Loyalty" still means the same thing, too. But the government's used to receiving it unconditionally. It has spent years abusing it and is finally seeing the consequences of its actions. Millennials may be the least willing to show loyalty to a government that has already mortgaged their future, but again, this crosses all ages. Loyalty isn't something the government can demand, not when it's done as much as it has to demonstrate why it's unworthy of it.
Undeniably, leaking is easier than ever, with multiple journalistic outlets offering multiple ways for the anonymous to dump their documents and grievances. Engaging in some sort of age discrimination at the federal level isn't going to stop the flow of leaks.
What's happening now is a severely-broken system reaching its apotheosis. With someone else in the Oval Office, we likely wouldn't be seeing nearly as many leaks. Almost as soon as the administration makes a claim (or a tweet), a leaked document or comment refutes it. Agencies are going rogue. Confidential conversations with administration officials are being discussed on social media by those involved in them.
Trump's tweets about subjects of investigations and national security-related matters show he cares just as little for secrecy or loyalty. His refusal to release information the public's been asking to see (tax returns, divestment plans, etc.) shows he cares little for transparency.
It also sets an example for others. The administration is seemingly moving from one disaster to the next without indicating it has a blueprint for the future. This helps generate even more leaks -- and not just because ill-advised moves tend to produce interesting documents and irate government employees. The leaks are continuous because no one's worried the administration will ever locate the sources. The constant flow sends a clear message: those leaking info and documents -- and there are a lot of them -- feel the President and his staff are too incompetent, or too easily-distracted, to track them down. The CIA may track down the source of the leaked documents, but it's heavily-invested in its own secrets, which has nothing to do with the hurricane of disruptive activity taking place in the White House. But those leaking info related to the current administration have little to fear.
The administration has managed to make enemies of several federal agencies. Federal agencies are amazing at stonewalling. The best. If the administration thinks it's going to get assistance rooting out leakers, it's in for yet another surprise. And the administration will continue to be unsurprisingly surprised by the resistance it faces when it shows up with guns loaded, looking for rogue messengers.
144 Comments | Leave a Comment..
Posted on Techdirt - 20 March 2017 @ 6:30am
There's something to be said for an informed electorate, although it really shouldn't be elected officials advocating for it. They'd benefit least from people knowing more about sausage and the making thereof. And legislators definitely shouldn't be robbing the First Amendment to pay for better information, as a few California lawmakers are attempting to do.
A new bill, pointed out by the EFF's Dave Maass, seems to be a response of sorts to "fake news" and other political detritus of this highly-partisan system. Ostensibly, the bill is aimed at keeping voters from being misled on issues that affect them. The problem is, this bill would allow the government to determine what is or isn't misleading and apply to a citizen's social media posts, blog, etc.
California's existing "political cyberfraud" law (yes, really) already contains wording that forbids cybersquatting, misleading redirects, and otherwise tricking internet users who are seeking information on ballot measures. The existing law is more concerned with acts along the lines of false impersonation and deliberate fraud. The amendment, however, isn't. It adds a couple of new aspects, both making the bad law worse.
First, the law would no longer be limited to "cyberfraud" related to pending ballot measures. It would expand to protect political candidates from being bested by wily web denizens. Where it really goes downhill is this new clause, which criminalizes even more speech.
Section 18320.5 is added to the Elections Code, to read:
It is unlawful for a person to knowingly and willingly make, publish or circulate on an Internet Web site, or cause to be made, published, or circulated in any writing posted on an Internet Web site, a false or deceptive statement designed to influence the vote on either of the following:
(a) Any issue submitted to voters at an election.
(b) Any candidate for election to public office.
With this law, opinions and misinterpretations of ballot measures/candidates' political stances are now illegal acts. The law goes further than simply punishing the writer of false statements. It also aims to punish publishers (which could be read as punishing hosts who would normally be protected by Section 230) and anyone who shares the newly-illegal content. If anything in the original post hints of political leaning, it can be construed as "designed to influence the vote," which would make most heated political discussions a breeding ground for criminal communications.
It would seem the "victims" listed in the proposed amendment aren't really in need of a free speech-abusing law. If California's government doesn't like the tone of online posts about ballot measures, it has plenty of opportunities (and numerous platforms) to set the record straight. Worse, it gives the government the power to shut down speech it doesn't agree with under the pretense preventing voters from being misled.
As for political candidates, they rarely suffer the problem of having too little speech. Bullshit can be countered with more speech, a rhetorical weapon everyone has access to, but political candidates in particular tend to be especially well-equipped in this department.
How the original law managed to survive a constitutional challenge remains a mystery. This addition has zero chance of being found constitutional if it somehow manages to become law.
49 Comments | Leave a Comment..
Posted on Techdirt - 17 March 2017 @ 7:39pm
The First Amendment Lawyer's Association (FALA) is hoping to end the California Attorney General's crusade against Backpage. The website has already ceded ground in the face of constant criticism, investigations, and legal threats. Earlier this year, it shuttered its adult ads rather than continue to bleed money and time defending itself against bogus prosecutions and investigations.
Former California Attorney General Kamala Harris -- who blew off court decisions against her office to continue to prosecute Backpage -- has now moved on to the US Senate. But just because Harris has moved on doesn't mean the local AG's office isn't going to continue with Harris' unfinished business.
The letter from FALA is covered (but not published[?]) by Elizabeth Nolan Brown at Reason.
On March 14, FALA—a nonprofit membership association launched in the late '60s that has boasted some of the country's top constitutional lawyers—sent a letter to Becerra condemning "the abusive prosecution of individuals associated with the online classified advertising website Backpage.com, and also the use of expansive search warrants seeking vast amounts of constitutionally-protected material, including personally identifiable information about all of the website's users." In the letter, FALA President Marc Randazza says he can identify "no theory under the First Amendment that would countenance such an abusive use of prosecutorial discretion or such a dragnet demand for information."
The letter points out the flaws of the AG's case against Backpage. Not only does it do damage to protected speech, but it ignores Section 230 protections in the ongoing quest to punish the site's owners for the actions of its users.
On top of that, there's the overbreadth of prosecutors' demands for info from the site. Not content to steamroll the First Amendment, the office also made a mockery of the term "investigation." From the letter:
We have learned that a subpoena was served on Backpage.com that calls for the production of massive amounts of information for a several-year period, including copies of all advertisements posted (in all content categories), all billing records, the identities of all of the website's users and their account histories, all internal communications, and even the source code for the operation of the website.
As FALA points out, this sounds a whole lot like the colonial-era "general warrants" -- the same ones our government sought to eliminate with the Fourth Amendment.
On the plus side, the new California Attorney General has pledged to protect civil liberties. FALA's hoping that pledge extends to Kamala Harris' unfinished business.
34 Comments | Leave a Comment..
Posted on Techdirt - 17 March 2017 @ 10:45am
The standard for warrants is probable cause. The warrant obtained by Edina, MN police doesn't even approach reasonable suspicion. In its attempt to locate the person behind a fraudulent bank transfer, the Edina police have asked Google to bring them everyone, as public records enthusiast Tony Webster reports.
A Minnesota bank received a call in January from who they thought was Douglas, their customer, asking to wire transfer $28,500 from a line of credit to another bank. To verify the transaction, the bank relied on a faxed copy of his passport. But it wasn’t him, the passport was fake, and the transfer request was fraudulent.
The Edina Police Department figured out that while searching Google Images for the victim’s name, they found the photo used on the fake passport, and investigators couldn’t find it on Yahoo or Bing. So, they theorized the suspect must have searched Google for the victim’s name while making the fake passport.
Edina Police Detective David Lindman detailed this theory in an application for a search warrant filed in early February, asking the Court to authorize a search warrant for names, email addresses, account information, and IP addresses of anyone who searched variations of the victim’s name over a five-week period of time.
Supposedly, the warrant [PDF] limits Google's search for searches to the Edina area, but that puts Google in the position of determining who was located where when these searches were made. Not that Google is likely to fulfill this request, warrant or not. There's nothing approaching probable cause in the warrant -- just the minimum of "detective" work that failed to uncover similar images in response to search terms at Yahoo and Bing.
Incredibly, this isn't the Edina PD's first attempt to obtain search results and the identifying information associated with them. In the warrant, Detective David Lindman notes he'd already served Google with an administrative subpoena, which Google rejected because it demanded content rather than transaction records.
Detective Lindman apparently feels Google's rejection was BS.
Though Google Inc.'s rejection of this administrative subpoena is arguable, your affiant is applying for this search warrant so that the investigation of this case does not stall.
I'm guessing Google's not going to be sending anything in response to this warrant, either. This is likely to be challenged by the company. If it isn't, anything turned over to the Edina PD will be highly suspect in terms of admissible evidence. There's no probable cause contained in the warrant application -- only the theory that any information obtained might help the investigation move forward.
Will this lead to Edina officers raiding homes because someone searched for the name "Douglas [REDACTED]" during the specified time period? Quite possibly. It obviously won't take much effort to get those warrants signed, not if judges are willing to turn law enforcement wishes into reality, without asking for anything (like actual probable cause) in return.
Read More | 27 Comments | Leave a Comment..
Posted on Techdirt - 17 March 2017 @ 3:40am
The DHS and CBP have both taken a healthy interest in travelers' social media posts. The DHS head even suggested withholding this information would no longer be an option -- that demands for account passwords were on the way. (Considering the government can search every person and their electronic devices at the border, demands for social media info would seem to be mostly redundant...) The underlying premise is this would give the US a jump on incoming terrorists by checking travelers' posts against a list of troublesome terms.
This isn't a welcome development, but the federal government continues to be its own worst enemy. You can't fear what can't be deployed competently. The DHS isn't going to stop trying to hoover up social media posts as part of the vetting process, but as a just-released Inspector General's report [PDF] points out, it may be several years before this vetting program operates in any sort of useful fashion. (via The Register)
[T]hese pilots, on which DHS plans to base future department-wide use of social media screening, lack criteria for measuring performance to ensure they meet their objectives. Although the pilots include some objectives, such as determining the effectiveness of an automated search tool and assessing data collection and dissemination procedures, it is not clear DHS is measuring and evaluating the pilots’ results to determine how well they are performing against set criteria.
It appears the DHS has only a vague grasp on what it's looking for in a social media harvesting program. Combining this with a lack of useful metrics means the agency has been throwing algos at the wall and hoping one sticks. Of course, deciding which one has "stuck" also appears to be out of the agency's technical reach.
USCIS started a pilot in December 2015 to screen the social media accounts of [REDACTED] and [REDACTED] applicants for [REDACTED] status. The pilot’s objective was to examine the feasibility of using social media screening with an automated search tool called [REDACTED] and determine whether useful information for adjudicating refugee applications could be obtained. Although the pilot had an objective, it did not define what would constitute a successful outcome…
As the OIG points out, the absence of any metric meant there was no way to know if the program was successful or not. All the DHS determined is that a redacted number of those screened had "confirmed social media accounts," something the agency could likely have achieved without deploying the unnamed "automated search tool." [Google?]
The next pilot program went live in April 2016. It, too, had the same lack of quantifiable results or stated goals.
The applicants were asked to voluntarily give their social media user names. USCIS then screened the user names against [REDACTED] using the [REDACTED] tool; USCIS also manually screened the user names against [REDACTED]. USCIS assessed identified accounts to determine whether the refugees were linked to derogatory social media information that could impact their eligibility for immigration benefits or admissibility into the United States. Using the tool and manual screening, USCIS identified [REDACTED] individuals with confirmed social media accounts and [REDACTED] individuals with unconfirmed accounts. In reviewing the pilot, USCIS concluded that the tool was not a viable option for automated social media screening and that manual review was more effective at identifying accounts.
USCIS said this tool delivered results with "low match confidence," but did not bother measuring the program's success or lack thereof against anything that might have helped choose an algorithmic successor. Meanwhile, ICE was testing its own search tool. Like the rest of the agencies, it also failed to implement anything that might have quantified the tool's usefulness. While it did draft up some prerequisites and metrics, it failed to develop a plan for moving the program forward or even apply the metrics to the pilot program's results. ICE's tool, however, sounds more invasive than the others discussed in the report. Not only would this be used to screen applicants, but would provide post-screening "monitoring" of flagged accounts.
The OIG recommends these agencies do all the things they're not currently doing, instead of wasting time and money deploying software solutions without any apparent attempt to determine if they're capable of solving the government's social media "problem." This doesn't mean social media snooping is on hold. Lord no. It just means it's being done badly by multiple agencies, all of them more interested in the snooping than the snooping's usefulness.
Read More | 17 Comments | Leave a Comment..
More posts from Capitalist Lion Tamer >>