Capitalist Lion Tamer’s Techdirt Profile

capitalisliontamer

About Capitalist Lion TamerTechdirt Insider

List of blogs started with enthusiasm, which now mostly lie dormant:

[reserved for future use]
http://5k500k.wordpress.com

[recently retired]
http://capitalistliontamer.wordpress.com

[various side projects]
http://cliftonltanager.wordpress.com/
http://bl0wbybl0w.wordpress.com/
http://thepenismadeoutofspam.wordpress.com/



Posted on Techdirt - 15 June 2018 @ 3:46pm

Faulty Field Tests And Overblown Drug Raid Claims: The War On Drugs In Clay County, Florida

from the serving-and-press-conferencing dept

Yet another Florida sheriff with a penchant for publicity is using his office (and manpower) to start some garbage viral War on Drugs. Hence, every bust made by his department -- utilizing armored vehicles and deputies that look like they shop at military surplus stores -- is splashed across the department's Facebook page. Fine, if that's what gets your blood flowing, but these scenes of busts, featuring the Sheriff front and center, contain claims that just aren't backed up by the actual paperwork. George Joseph of The Appeal has the details.

The video finds Sheriff [Darryl] Daniels, who announces to the viewer that criminals must leave his county or face the consequences. The camera follows him to the house, briefly focusing on a broken window before Daniels opens the door. Standing in the raided home, Daniels takes a large swig of his morning cup of coffee and declares, “Fifteen going to jail, three big gulps.”

Despite the sheriff’s announcement, the “raid” resulted in only five adult arrests and one juvenile arrest, according to Elaine Brown, a lead records specialist at the sheriff’s office.

At best, maybe five will be going to jail. The sheriff depicts this as a raid on a "narcotics house" targeting opioids. The records obtained by The Appeal show no opioids were found during the raid. Four of the five adults were arrested for marijuana possession. The fifth was charged with MDMA and cocaine possession. But chances are those drugs might vanish along with the nonexistent opioids Sheriff Daniels proudly proclaims were taken out of circulation.

Note the line about the field drug tests performed. These have already been proven bogus. A sheriff's office spokesman informed The Appeal that the 1.2 grams of heroin and fentanyl seized during the raid turned out not be opioids after being lab-tested. But the field tests told Sheriff Daniels everything he wanted to hear.

The reliance on cheap, terrible drug field tests is part of Sheriff Daniels' drug-raiding tradition. Arrests and seizures sound great when you're dragging a camera through someone's house for a Facebook video, but when nothing holds up in court, you're left with an empty charade using citizens as clickbait.

A former deputy contacted by The Appeal points out that cheap drug tests are just another tool for abusive police work.

“The really good ones cost money, but those take away your probable cause,” he said, referring to arrests and police searches for which error-prone drug test field kits can provide legal pretext. “It’s probably the cheapest ones they could get to do the minimum standards for an investigation.”

This same former deputy also pointed out the marijuana charges were trumped up. According to reports, 35 grams of marijuana were seized during the raid, but somehow two people are being charged with possession of more than 20 grams.

Cheap tests, cheap vicarious thrills, and a whole lot of hype over drug charges that will likely dissipate into minimal punishment (if anything) once the lab tests arrive. That's how America's drug warriors roll. Sheriff Daniels rolls a little harder than most, but that's because tough-on-crime sheriffs are newscaster favorites. As The Appeal points out, Daniels has leveraged these videos to appear on national news networks and say ridiculous things like he's planning to treat all drug overdoses as homicides.

This report points out some very unpleasant things about our war on drugs. Law enforcement officials may claim to recognize drug addiction as a sickness, but they're still far more interested in rounding up users than dealers. Faulty field drug tests allow officials to exaggerate their successes (and misrepresent the amount of dangerous drugs in the community), when not allowing them to perform searches they otherwise wouldn't have probable cause to perform. They're part permission slip, part unpaid PR rep. And this constant failure of field drug tests to accurately identify drugs gets ignored but local media, for the most part, isn't willing to follow up on high-profile drug raids to correct the record. And it keeps working because many Americans love the image of "tough on drugs" officers kicking in doors and waving guns around. But, far too often, "tough" just means dumb, brutish, and unconstitutional.

22 Comments | Leave a Comment..

Posted on Techdirt - 15 June 2018 @ 1:41pm

NY Senate Passes Bill That Would Make It A Crime To Publish Photos Of The Elderly Without Their Consent

from the still-trying-to-bypass-that-whole-First-Amendment-thing dept

The New York State Senate just keeps pitching unconstitutional law-balls over the plate, apparently assuming legislators' good intentions will overwhelm judges asked to determine just how much the new laws violate the First Amendment.

The senate recently passed an anti-cyberbullying bill -- its fifth attempt to push this across the governor's desk. The law couldn't be bothered to cite which definition of "cyberbullying" it was using, but once the definition was uncovered, it became apparent the bill has zero chance of surviving a Constitutional challenge should it become law.

Eugene Volokh's post on the bill passed along several examples of criminalized speech the bill would result in, including one with its finger directly on social media's pulse.

An under-18-year-old high school student becomes a nationally known activist, for instance for gun control or transgender rights or some such. People repeatedly mock his arguments online, and condemn his as an idiot, which a prosecutor thinks is "verbal abuse" and "would reasonably be expected to cause ... emotional harm" to him. The people can be prosecuted, and will be convicted if the jury agrees with the prosecutor.

The law makes this a Class A misdemeanor, which can be redeemed for a full year in jail if the prosecutor can get a judge to agree on handing out the maximum sentence. That law protects only minors from a variety of protected speech because everyone knows cyberbullying ends once victims turn 18.

The new law that's looking to steamroll protected speech addresses the other side of this generational gap. Eric Turkewitz was again the first person to spot the bad bill, pointing out it would criminalize the posting of photos of grandparents to social media if the photo's subjects suffer from any form of incapacitation and have not given explicit permission for their photos to be posted publicly. His post takes on the First Amendment ramifications of the NY Senate's latest oblique assault on free speech.

Elder Abuse Bill (S.409) that makes it a crime for caregivers (including family) to post photos on social media if elderly, vulnerable seniors aren’t able to give consent.

[...]

First off, while the First Amendment says that Congress “shall make no law…abridging the freedom of speech,” and the amendment applies to the states, there are still some very limited exceptions to it. But this just isn’t one of them.

The First Amendment is no defense to conspiracy discussions about committing a crime, or defamation, or inciting imminent lawless action, or obscenity or copyright.

I don’t see posting pictures of elderly Ma or Pa on that list. For this bill, if signed, to pass constitutional muster, the Supreme Court would have to create a wholly new category of restricted speech. Do you think they will do that? Or more importantly, did you even analyze that?

My guess is no since this bill passed 61-0, and there are more than a few lawyers in the Senate.

Here's what's being criminalized by this law:

A PERSON IS GUILTY OF UNLAWFUL POSTING OF A VULNERABLE ELDERLY PERSON ON SOCIAL MEDIA WHEN, BEING A CAREGIVER WHILE PERFORMING THEIR DUTY OF CARE FOR A VULNERABLE ELDERLY PERSON, HE OR SHE POSTS AN IMAGE OR VIDEO OF SUCH PERSON ON SOCIAL MEDIA INCLUDING, BUT NOT LIMITED TO FACEBOOK, YOUTUBE, TWITTER, INSTAGRAM, SNAPCHAT, TUMBLR, FLICKR AND VINE, WITHOUT SUCH PERSON'S CONSENT.

So, like the law says, if you act as a caretaker for an elderly person -- someone who might be your parent, grandparent, or close friend -- you can be charged with a misdemeanor for posting photos of them without their consent. "Vulnerable" in this bill simply means about the age of sixty and "suffering from a disease or infirmity" which prevents them from providing for their own health or personal care. That's a whole lot of gray area to cover with a vaguely-worded bill. As Turkewitz points out in his post, this would criminalize a wide swath of social media sharing simply because someone in the photo did not explicitly consent to publication. He also notes it does not simply criminalize sharing photos of elderly people in incapacitated states. It criminalizes the publication of any photos taken at any point in time.

[L]et’s say that on Veteran’s Day you share a photo of your disabled WW II father for whom you sometimes care. He’s 20 years old in that long-ago-taken pic and in uniform. You are proud of his service as part of the Greatest Generation. Guilty of a misdemeanor.

The bill's supporters will almost certainly claim they never intended the law to be read that way. But the best way to prevent laws from being read this way is to craft them carefully, rather than just toss word salad on the senate floor and hope for the best.

But it's all cool with the senators who voted (again!) for an unconstitutional bill that criminalizes protected speech, because one time this bad thing happened.

Recent media reports have highlighted occurrences of a caretaker taking unauthorized photographs or video recordings of a vulnerable elderly person, sometimes in compromised positions. The photographs are then posted on social media networks, or sent through multimedia messages.

There's no better way to craft a bad law than typing something up quick to criminalize a thing you saw on Facebook. Jesus Christ. This is almost too stupid to be true. [Sobs into tattered copy of US Constitution.] You cannot use the First Amendment as a doormat just because some people are assholes.

34 Comments | Leave a Comment..

Posted on Techdirt - 15 June 2018 @ 10:48am

DOJ Lets Cops Know SESTA/FOSTA Is For Shutting Down Websites, Not Busting Sex Traffickers

from the work-dumber,-not-harder dept

SESTA/FOSTA was pushed through with the fiction it would be used to target sex traffickers. This obviously was never its intent. It faced pushback from the DOJ and law enforcement agencies because pushing traffickers off mainstream sites would make it much more difficult to track them down. The law was really written for one reason: to take down Backpage and its owners, who had survived numerous similar attempts in the past. The DOJ managed to do this without SESTA, which was still waiting for presidential approval when the feds hits the site's principal executives with a 93-count indictment.

The law is in force and all it's doing is hurting efforts to track down sex traffickers and harming sex workers whose protections were already minimal. Sex traffickers, however, don't appear to be bothered by the new law. But that's because the law wasn't written to target sex traffickers, as a top DOJ official made clear at a law enforcement conference on child exploitation. Acting Assistant Attorney General John P. Cronan's comments make it clear SESTA/FOSTA won't be used to dismantle criminal organizations and rescue victims of sex traffickers. It's there to give the government easy wins over websites while sex traffickers continue unmolested.

In April, Backpage.com – the internet’s leading forum to advertise child prostitution – was seized and shut down, thanks to the collective action by CEOS and our federal and state partners. The Backpage website was a criminal haven where sex traffickers marketed their young victims. The Backpage takedown – and the contemporaneous arrests of individuals allegedly responsible for administering the site – struck a monumental blow against child sex traffickers.

But other sites inevitably will seek to fill the void left by Backpage, and we must be vigilant in bringing those criminals to justice as well. With the recent passage of the SESTA-FOSTA legislation, state and local prosecutors are now positioned to more effectively prosecute criminals that host online sex trafficking markets that victimize our children.

"Criminals" that "host sex trafficking markets." That's the target. That's any website that might be used by actual sex traffickers to engage in actual sex trafficking. There's no dedicated web service for sex trafficking -- at least not out in the open where Section 230 immunity used to matter. This is all about taking down websites for hosting any content perceived as sex trafficking-related. It wasn't enough to hang Backpage and its execs. The government will be scanning sites for this content and then targeting the website for content posted by third parties it seems mostly uninterested in pursuing.

Hosts of third-party content are usually easy to find. The actual third parties are far more difficult to track down. Intermediary liability is back. Section 230 is no longer an effective defense. The edges have been trimmed back and the government knows it can rack up easy wins over web hosts and slowly start destroying the web under the facade of saving sex trafficking victims. The DOJ knew this law would make it harder to track down traffickers. But it also knows the law allows it to target websites instead. And here it is touting the law it fought against to a conference full of law enforcement officials, letting them know targeting websites will give them wins and accolades and far fewer headaches than tracking down the individuals actually engaged in illegal activity.

22 Comments | Leave a Comment..

Posted on Techdirt - 15 June 2018 @ 6:43am

Inspector General Not Too Happy With James Comey's Handling Of The Clinton Email Investigation

from the FBI-still-sucks-but-in-exciting-new-ways! dept

The damning report the President has been waiting for has arrived. The Inspector General's report covering everything from James Comey's handling of the Clinton email investigation (terribly with bonus insubordination) to a couple of FBI agents forming a two-person #Resistance (stupid and made the FBI look bad, but not illegal) runs almost 600 pages and won't make anyone looking to pin blame solely on one side of the partisan divide very happy.

It's been claimed the report would finally show the FBI to be an agency filled with partisan hacks, further solidifying "Deep State" conspiracy theories that the government Trump runs is out to destroy Trump. It was somehow going to accomplish this despite many people feeling the FBI's late October dive back into the Clinton email investigation handed the election to Trump.

Whatever the case -- and whatever side of the political divide you cheer for -- the only entity that comes out of this looking terrible is the FBI. That the FBI would engage in questionable behavior shouldn't come as a surprise to anyone, but the anti-Trump "resistance" has taken Trump's attacks on the FBI as a reason to convert Comey, the FBI, and the DOJ into folk heroes of democracy.

The summary of the report [PDF] runs 15 pages by itself and hands out enough damning bullet points to keep readers occupied for hours. Then there's the rest of the report, which provides the details and may take several days to fully parse.

Here are some of the low lights from Inspector General Michael Horowitz, possibly the only person who should be touting "Deep State" theories since he's spent his IG career being dicked around by the DEA, DOJ, FBI, and DEA.

The report says everything about the Clinton email investigation was unusual. Termed the "Midyear Exam" by the FBI, the investigation was mostly a voluntary affair. Most of the evidence and testimony obtained was obtained from consenting witnesses and participants. The FBI rarely felt the need to compel testimony or evidence with subpoenas. It also did not access the contents of multiple devices used by Clinton's senior aides, devices that may have contained classified info that had been circulated through a private email server. As the report notes, this is at odds with Comey's sudden interest in Anthony Weiner's laptop, where his estranged wife (and former Clinton personal assistant) Huma Abedin apparently had stored copies of Clinton emails.

The IG says the tactics used were unusual but does not pass official judgment on them. However, the actions of five FBI employees involved in the investigation did further damage to the FBI and its reputation by taking an investigation already viewed as politically-questionable and aggravating the perception.

In undertaking our analysis, our task was made significantly more difficult because of text and instant messages exchanged on FBI devices and systems by five FBI employees involved in the Midyear investigation. These messages reflected political opinions in support of former Secretary Clinton and against her then political opponent, Donald Trump. Some of these text messages and instant messages mixed political commentary with discussions about the Midyear investigation, and raised concerns that political bias may have impacted investigative decisions.

However, the IG did not uncover evidence suggesting any of these FBI employees had the power to steer the investigation. Some of those engaged in anti-Trump texts actually pushed for additional subpoenas and search warrants in an investigation that seemingly had little use for any testimony not obtained voluntarily. But that doesn't mean these actions were harmless.

Nonetheless, these messages cast a cloud over the FBI’s handling of the Midyear investigation and the investigation’s credibility.

From there, it moves on to James Comey's surprising decision to go public with the email investigation's conclusions in July of 2016. This followed the softening of language in the FBI's investigative report. Clinton's handling of classified info went from "grossly negligent" to "extremely careless." The possibility of hostile actors accessing Clinton's email server went from "reasonably likely" to "possible." Then Comey decided to go public, cutting plenty of people out of the loop so they wouldn't prevent him from doing so.

Comey acknowledged that he made a conscious decision not to tell Department leadership about his plans to make a separate statement because he was concerned that they would instruct him not to do it. He also acknowledged that he made this decision when he first conceived of the idea to do the statement, even as he continued to engage the Department in discussions about the “endgame” for the investigation.

Comey admitted that he concealed his intentions from the Department until the morning of his press conference on July 5, and instructed his staff to do the same, to make it impracticable for Department leadership to prevent him from delivering his statement. We found that it was extraordinary and insubordinate for Comey to do so, and we found none of his reasons to be a persuasive basis for deviating from well-established Department policies in a way intentionally designed to avoid supervision by Department leadership over his actions.

[...]

We concluded that Comey’s unilateral announcement was inconsistent with Department policy and violated long-standing Department practice and protocol by, among other things, criticizing Clinton’s uncharged conduct. We also found that Comey usurped the authority of the Attorney General, and inadequately and incompletely described the legal position of Department prosecutors.

The late October letter to Congress about the reopening of the investigation isn't viewed as any better by the OIG. Comey claimed he needed to do this because withholding the discovery of emails on Anthony Weiner's laptop might have been viewed as swinging the election in Clinton's favor. The IG disagrees.

Much like with his July 5 announcement, we found that in making this decision, Comey engaged in ad hoc decisionmaking based on his personal views even if it meant rejecting longstanding Department policy or practice. We found unpersuasive Comey’s explanation as to why transparency was more important than Department policy and practice with regard to the reactivated Midyear investigation while, by contrast, Department policy and practice were more important to follow with regard to the Clinton Foundation and Russia investigations.

Comey’s description of his choice as being between “two doors,” one labeled “speak” and one labeled “conceal,” was a false dichotomy. The two doors were actually labeled “follow policy/practice” and “depart from policy/practice.” Although we acknowledge that Comey faced a difficult situation with unattractive choices, in proceeding as he did, we concluded that Comey made a serious error of judgment.

Then comes the irony. As Comey became the front-mouth for an investigation he shouldn't have been talking about, he routinely engaged in the same behavior he was currently investigating.

We identified numerous instances in which Comey used a personal email account to conduct unclassified FBI business. We found that, given the absence of exigent circumstances and the frequency with which the use of personal email occurred, Comey’s use of a personal email account for unclassified FBI business to be inconsistent with Department policy.

In addition to being a violation of FBI policy, James Comey -- currently idolized by some as a speaker of truth to power for being fired by the president -- also violated FOIA law by using a private email account for government communications. Comey wasn't the only one -- other agents involved in the investigation routinely used private email accounts -- but he was the FBI's personification of the Clinton email investigation. On top of this, he told other FBI agents the use of personal email accounts would subject them to harsh punishment.

In an October 2016 speech at an FBI conference in San Diego, Comey said, "I have gotten emails from some employees about this, who said if I did what Hillary Clinton did I'd be in huge trouble. My response is you bet your ass you'd be in huge trouble. If you used a personal email, Gmail or if you [had] the capabilities to set up your own email domain, if you used an unclassified personal email system to do our business... you would be in huge trouble in the FBI."

Some may quibble about the lack of classified info being circulated by these agents and their Gmail accounts, but the fact remains the use of private email accounts increases the risk of circulation exponentially. Sticking to government accounts reduces this possibility to zero.

There's much more in the report, including some discussion about the propriety of the Russian influence investigation that Trump claims is a witch hunt. Nothing in the report suggests the investigation isn't valid, even if the actions of agents (the anti-Trump texting) and Andrew McCabe's non-recusal (his wife took money from a Clinton-connected PAC) managed to cover everything with a slimy gloss of impropriety.

The upshot of the report is this: James Comey deserved to be fired, although probably not for the reasons Trump had in mind when he did it. The people employed by the FBI are not always able to set aside their personal biases when engaged in investigations. But the FBI is no one party's political tool. It's a blend of both sides, which makes it unlikely anything was done intentionally to harm Trump or Clinton's political prospects. For all the complaining done by Trump, he's the one in office. If the election was "thrown" by Comey's fourth quarter audible in the email investigation, Trump was the beneficiary of the FBI's actions. This makes complaints about a Russian investigation "witch hunt" incoherent, as it tries to retcon the FBI's actions to portray them as being #NeverTrump even when they were (not officially) helping him. The simultaneous investigations of Clinton and Trump make it difficult to craft a coherent conspiracy theory, but it certainly isn't stopping anyone from trying. The FBI is untrustworthy, but it's not a kingmaker.

Read More | 51 Comments | Leave a Comment..

Posted on Techdirt - 14 June 2018 @ 3:29pm

CBP Agrees To Hand Back Almost All Of The $58,000 It Stole From A 64-Year-Old Man At A Cleveland Airport

from the to-the-feds,-any-amount-of-cash-is-a-suspicious-amount-of-cash dept

A 64-year-old man, an Albanian with legal US citizenship, was stripped of more than $58,000 in cash by Customs and Border Protection at Cleveland's Hopkins Airport last year. Rustem Kazazi was headed to Albania with the cash to fix up his family's old home and possibly buy property there. The CBP claims... well, it really claims nothing, other than its right to Kazazi's life savings.

CBP agents thought it was suspicious Kazazi would have so much cash on hand, despite Kazazi also carrying with him documentation of the cash's origin. That didn't slow the CBP's cash-hauling efforts at all. Asset forfeiture allowed the CBP to take Kazazi's money, say something ominous about violating federal law by not reporting the funds, and never bother charging Kazazi for all the violations the CBP claimed it spotted.

It is illegal to take more than $10,000 in funds out of the country without reporting it. The problem is there's nothing in airports suggesting this is the case. Literature at airports, as well as information posted at the TSA's own website, do little to clarify what must be done if you plan to take money out of the country. Even if you do know what needs to be done, it's almost impossible to do before boarding a flight. The funds must be reported at the time of the departure. But they must be reported to a customs office, which is rarely conveniently located on airport property and very definitely never in the terminal.

What's more, Kazazi was apparently planning to follow the law. According to his lawyer, he was going to fill out the forms at the "point of departure," which he assumed would be the Newark, NJ airport where his flight leaving the country would depart from.

Kazazi's money was spotted by a TSA agent, who immediately reported it to CBP officers. This is something the CBP and DEA strongly encourage, skewing the focus from airline security (which is part of TSA's name) to scanning for dollars. The CBP agents made sure the whole experience was as awful as possible for Kazazi (whose command of the English language is limited) even before they walked off with his money.

"They asked me some questions, which I could not understand as they spoke too quickly," according to Kazazi's declaration. "I asked them for an interpreter and asked to call my family, but they denied my request."

The CBP agents led Kazazi to a small windowless room and conducted multiple searches of him and his belongings, he said. According to Kazazi's declaration, the agents asked him to remove all of his clothing and gave him a blanket to cover the lower portion of his body. Kazazi said that a man wearing rubber gloves then "started searching different areas of my body."

After failing to find more cash hidden in the crevices of Kazazi's body, the CBP agents gave him a receipt for the money they were taking -- one with no dollar amount written in -- and handed out this fluff to the press when it came asking questions.

In a statement, a CBP spokesman said that "pursuant to an administrative search of Mr. Kazazi and his bags, TSA agents discovered artfully concealed U.S. currency. Mr. Kazazi provided inconsistent statements regarding the currency, had no verifiable source of income and possessed evidence of structuring activity," that is, making cash withdrawals of less than $10,000 to avoid reporting requirements.

The "artful concealment" was paper and the "inconsistent statements" can probably be chalked up to CBP's refusal to locate a translator. Cash spends better in foreign countries, especially those -- like Albania -- where banks aren't trusted and foreign currency preferable to the local version.

Following this seizure, the CBP then did nothing, apparently hoping the Kazazi family would never ask for the money back. It had 90 days to begin to process the forfeiture but it chose instead to give conflicting information to Kazazi (detailed in his son's declaration [PDF]) and push the family towards "settling" for only a portion of the funds seized.

The Kazazis chose to sue because, obviously, they don't trust the CBP to handle this honestly. First off, the CBP claims it took $57,330. Kazazi disputes this amount, stating he had $58,100 with him. The $770 difference may seem minimal, but it appears to another indicator of the CBP's untrustworthiness. According to Kazazi, he only took $100 bills. Therefore, a total of $57,330 is impossible. It almost looks as though the CBP took an unofficial service fee off the top before notifying the Kazazis of their right to dispute the forfeiture.

The Institute of Justice has stepped in to fight for Kazazis, like it has in many other asset forfeiture cases. As it points out in its lawsuit [PDF], CBP had until April 17 of this year to begin processing the forfeiture. It hasn't and federal law says unprocessed forfeitures that pass the 90-day expiration date must be returned in full to their owners.

Fortunately for Kazazi, this legal battle may be over already. Kazazi sued on May 31st. Following a conference with a district judge, the CBP has decided to return all of the money it took. Well, almost all of it.

The minutes of the proceeding says that customs officials told the judge that "they were beginning the process of tendering a check to Petitioner Kazazi in the amount of $57,330 plus interest."

There will be a little more legal wrangling because Kazazi wants back every cent the government took: $58,100. A bench trial has been scheduled, but it will be December of this year before his case is heard.

This whole debacle shows two things: asset forfeiture ain't dead yet, despite its high-profile reputation for being thinly-disguised theft. And it shows the government can be forced to do the right thing without having to undertake a long and expensive legal battle. The turning point here appears to be plenty of negative coverage from the press, rather than the legal filing. But the lawsuit helps, as it makes it crystal clear the CBP is violating federal law by holding onto it past the 90-day deadline for processing.

Read More | 52 Comments | Leave a Comment..

Posted on Techdirt - 14 June 2018 @ 10:40am

Apple Pulls Plug On Phone-Cracking Tech Vendors, Will Prevent Data Transfer From Locked Phones

from the law-enforcement's-access-hole-is-everyone-else's-security-problem dept

The FBI lost control of the "going dark" narrative. Part of it unraveled thanks to outside vendors. Two vendors -- Cellebrite and Grayshift -- announced they could crack any iPhone made. This shot holes in the FBI's theory that locked phones stayed locked forever and thereafter were only useful for hammering legislators over the head with until they cranked out an anti-encryption law.

The second unraveling was the FBI's own unforced error. Supposedly it couldn't count phones without software and the software it had couldn't count phones. What the FBI and others claimed was 8,000 uncrackable threats to the safety of the American public was actually a little over 1,000 phones. As for the latent threat posed by these locked devices, that's still pure speculation until the FBI starts handing over some info on what criminal acts these phones are tied to.

The FBI will probably be looking to restart its "going dark" campaign, thanks to Apple's latest effort, which will render Cellebrite and Grayshift's phone cracking boxes obsolete.

Apple is closing the technological loophole that let authorities hack into iPhones, angering police and other officials and reigniting a debate over whether the government has a right to get into the personal devices that are at the center of modern life.

Apple said it was planning an iPhone software update that would effectively disable the phone’s charging and data port — the opening where users plug in headphones, power cables and adapters — an hour after the phone is locked. While a phone can still be charged, a person would first need to enter the phone’s password to transfer data to or from the device using the port.

Law enforcement may be angered by this but private companies are not obligated to make law enforcement's job easier. Apple's official statement on the software update is probably meant to be placating, but is unlikely to change the mind of any law enforcement official who sees this reaction to phone cracking devices as another extended middle finger from tech companies. According to Apple spokesman Fred Sainz, this fix is being issued to fix a security hole, not "frustrate" law enforcement efforts.

But law enforcement efforts will be frustrated. The same goes for criminal efforts. Any device that can crack any iPhone exploits a flaw in the software or hardware. There's no such thing as a security hole that can only be exploited for good. Grayshift's GrayBox could end up in the hands of criminals and it may well be that both vendors have already sold tech to law enforcement agencies in countries where civil liberties aren't as valued as they are in the United States.

The article quotes several law enforcement officials complaining about being locked out of iPhones again. And while the frustration is understandable, the fact is plenty of data and communications are stored in the cloud, untouched by device encryption. Generally speaking, companies like Apple and Google have been cooperative when approached directly by law enforcement, as long as the request doesn't involve breaking device encryption.

This isn't the end of the discussion. Nor should it touch off another skirmish in the Encryption War 2.0. This setback should be viewed as temporary. Holes with be found and exploits deployed and these will be met with patches and firmware upgrades by the tech companies affected. This all can be traced back to the earlier days when it was only criminals looking for ways to defeat personal security measures. Law enforcement was late to the game, but its arrival shouldn't mean companies forgo protecting their customers to avoid inconveniencing the government.

44 Comments | Leave a Comment..

Posted on Techdirt - 14 June 2018 @ 9:29am

Canadian Music Industry Pitches 'You Must Be A Pirate' Tax On Smartphones

from the physical-tax-for-a-non-physical-age dept

Every electronic device capable of storing data is just another tool in the pirate's chest. If you think your phone or mp3 player or hard drive is just something for storing data and perhaps even purchased software, movies, and music, think again. The simple fact you've decided to purchase any of these devices pretty much ensures content creators everywhere will go bankrupt.

The "you must be a pirate" tax is being pitched again. The senseless fee tacked on to blank plastic discs for so many years continues to migrate to electronic devices, including the tiny chips stashed away inside smartphones. Apparently, the Canadian music industry needs something to replace the revenue stream that dried up when people stopped buying blank CDs. Michael Geist, working with documents secured through a public records request, reports the Canadian music industry is looking for a hefty payout from the government.

According to documents released under the Access to Information Act, the collective arrived with a startling demand, asking the federal government to pay $160 million over the next four years to compensate for music copying.

The demand, which now forms part of the platform of demands from the Canadian music industry, is based on a $40 million annual handout. While the industry has not provided details on how it arrived at its figure, notes (likely from Graham Flack) reveal the basis of the demand.

This apparently breaks down to $3.50 a device, according to the cocktail napkin math handed in by the industry.

But the industry isn't willing to wait around for devices to be sold. The CPCC (Canadian Private Copying Collective) wants the government to just hand it $40 million a year and assume it all adds up in the end. So, it's a much broader "you must be a pirate tax" that calls all Canadians pirates, whether or not they've actually purchased a new piratephone during the fiscal year.

What's more, the document [PDF] makes it clear the CPCC wants a new revenue stream just because an old one has vanished. It points out revenues from "pirate" taxes have dropped from a high of $38 million back in the heyday of blank media to an expected $2 million in 2017. It also notes that streaming services are replacing music sales, accelerating this decline in "pirate" taxes.

However, the report carefully does not point out revenues from streaming services have increased from $3.4 million in 2013 to $49.3 million in 2017. It also ignores the fact that much less copying -- authorized or unauthorized -- is taking place.

The business model this "pirate" tax depended on -- copying of music to media or devices -- is slowly being eliminated. That doesn't mean taxpayers owe CPCC a living. It just means sales are being replaced with "rentals." If the CPCC failed to capitalize on the shift to streaming, it shouldn't be allowed to make up its "lost" revenue by taxing smartphones just because that's where most music streaming takes place. It makes as much sense as envelope manufacturers demanding a per-device tax because email and instant messaging has replaced snail mail as a means of communication.

Read More | 41 Comments | Leave a Comment..

Posted on Techdirt - 13 June 2018 @ 7:36pm

South Carolina Drug Warriors Routinely Serving Regular Warrants Like No-Knock Warrants

from the not-constitutional-and-a-whole-lot-more-dangerous-for-everyone-involved dept

Radley Balko is uncovering more rights violations and more law enforcement falsehoods with his coverage of South Carolina resident Julian Betton's lawsuit against the Myrtle Beach-area drug task force. Betton's house was raided by the drug unit after a confidential informant made two pot purchases for a total of $100. The police didn't have a no-knock warrant, but they acted like they did, going from zero to hail-of-gunfire in mere seconds. (via FourthAmendment.com)

On April 16, 2015, the task force battered Betton’s door open with a ram, then almost immediately opened fire, releasing at least 29 bullets, nine of which hit Betton. One bullet pierced a back wall in the building, sped across a nearby basketball court and landed in the wall of another house. (This was a multi-family building.)

Betton was hit several times. He didn't die, but he doesn't have much left in working order. He lost part of his gallbladder, colon, and rectum. His liver, pancreas and small intestine all suffered damage. His left leg was broken along with one of his vertebrae.

The cops immediately set about justifying their extreme tactics. First, they claimed Betton fired at them, but ballistics tests showed Betton's gun hadn't been fired. Then they claimed he pointed a gun at them, but did not fire it. This could have easily been proven if any of the task force had bothered to activate their body cameras before breaking Betton's door down. But the footage shows no cameras were activated until after the task force stopped firing.

The task force used a regular search warrant, meaning the officers were supposed to knock and announce their presence. Nearly all of them said they followed these stipulations. Video from Betton's home security camera (which can be seen at the Washington Post) caught all these officers in a lie.

These 11 seconds of footage from that camera show that no member of the task force knocked on Betton’s door.

The video lacks audio, but both the Myrtle Beach police chief and a federal magistrate have since concluded that the video also strongly suggests there was no announcement. None of the officers’ lips appear to be moving, and it all happens very quickly. At best, they announced themselves simultaneously or nearly simultaneously, with the battering ram hitting the door.

A neighbor who was on Betton's sidewalk (and was told to lie on the ground by the task force on their way to Betton's door) backs up the camera footage. No announcement was made before the door was breached.

This is apparently standard operating procedure in Myrtle Beach. Only in rare cases does the task force seek no-knock warrants. (Task force officials say no-knocks are only "1-2%" of warrants obtained.) But they apparently serve plenty of normal warrants without knocking or announcing their presence.

It seems clear from the testimony in depositions that the 15th Circuit Drug Enforcement Unit doesn’t know any of this. Officer Christopher Dennis, for example, said that the “reasonable” waiting period for someone to answer the door begins the moment police arrive on the scene, not after they knock and announce themselves. This is false. Officer Chad Guess — who, remember, planned the Betton raid — said in a deposition that it’s “not the law to knock and announce. You know, it’s just not. It’s the officer’s discretion, each dictate determines itself.” This, again, is wrong. Officer Belue said under oath that he had no idea how long officers are supposed to wait before forcing entry, and that no one had trained him on the matter.

It's a convenient misunderstanding of the law. It's made even more convenient by the task force's lack of clearly-written policies on serving warrants. Since everyone of the task force remains as ignorant as possible, they're more likely to be granted immunity when victims of unconstitutional drug raids take them to court.

But these officers may not get off so lightly. Their reports and testimony have been disproven by the 11 seconds of video captured by Betton's security camera. Officers who swore they knocked and announced their presence now have to explain how those both occurred with zero officers knocking on Betton's door or even moving their lips.

More lies can be found elsewhere in the report. Officers stated in police reports they heard the sound of Betton's gun firing. Ballistics testing has shown Betton never fired his handgun, so everyone making that same claim about gunfire is either mistaken about what they heard or, more likely, aligning themselves with the narrative they created in the aftermath of the shooting.

Maybe these officers are hoping their professional ignorance will outweigh their bogus reports. The task force has made it incredibly easy for members to write their own rules when executing warrants. As Balko points, the single most invasive and dangerous thing the task force participates in (~150 times a year) -- warrant service -- has zero official policies dictating how task force members serve warrants. Apparently, all that time and effort went into creating a cool skull-and-crossbones logo for members to stitch on their not-very-coplike raid gear.

In any event, the court system is the last stop for justice. If any of these officers are ever going to be held accountable for their actions in the Betton raid, it will be here. Every level of oversight task force members answer to has already offered their official blessings for the knock-and-announce warrant that was carried out without knocks or announcements.

What happened to Julian Betton is an entirely predictable product of the failures, culture and mindset of the 15th Circuit Drug Enforcement Unit. And yet to date, state officials won’t even concede that this was a bad outcome, much less do anything to prevent it from happening again. Citing the SLED investigation, South Carolina solicitor Kevin Bracket cleared the officers of any wrongdoing within just a few months. In the three years since the raid, no officer involved has been disciplined, even internally. Nor has any officer has been asked to undergo additional training. No policies have been changed. The DEU never bothered with its own investigation, or even an after-action examination to determine what went wrong.

The police clear themselves of wrongdoing and a pending civil lawsuit has zero motivation effect on the drug unit. The task force is operating outside Constitutional boundaries with no internal guidance or effective oversight. Myrtle Beach-area drug warriors have no desire to clean up their act, and a large settlement paid by taxpayers is unlikely to result in a change of heart.

71 Comments | Leave a Comment..

Posted on Techdirt - 13 June 2018 @ 1:35pm

State Appeals Court Finds Government's Actions In Craigslist Sex Sting 'Outrageous' And 'Repugnant'

from the ruinous-behavior dept

Our courts will let the government get away with almost anything. Although judges have expressed immense amounts of displeasure at the ATF's sting operations involving fictitious drug stash houses, it has seldom resulted in reversed convictions. To "shock the conscience," the government must cross lines courts are very reluctant to draw. Running a child porn website for a few weeks doesn't do it. Neither does taking a trucking company's truck and employee and returning both full of bullet holes after a sting goes south.

Very occasionally, the government will find its way across this line. Eric Goldman has uncovered one of these rare cases. It involves a child sex sting operation perpetrated by a law enforcement agency, during which the undercover officer refused to leave a "target" alone after he repeatedly made it clear he wasn't looking to buy sex from an underage female.

This case’s setup resembles dozens or hundreds of similar cases I’ve read. In 2014, a law enforcement officer (in this case, Skagit County Sheriff’s detective Theresa Luvera) posted a sex solicitation on Craigslist’s casual encounters. As we’ve discussed before, Craigslist’s rules required all participants to be 18+. something that has undermined sex stings in the past (if you read that post, the parallels to this post will be obvious).

The defendant responded to the solicitation. After some online exchanges between the detective and the defendant, the detective claimed she is underage (“almost 15 but waaay advanced”). Even further into the exchanges, the detective brought up money-for-sex. At every step along the way but the end, the defendant seemingly made it clear he was seeking free sex with a female adult. Eventually the defendant shows up at the designated rendezvous point with the requested items. He “was charged with one count of communication with a minor for immoral purposes, one count of commercial sex abuse of a minor, and one count of attempted rape of a child in the third degree.”

The trial court dismissed the charges, pointing to the detective's "outrageous misconduct." More specifically, it pointed to the state's violation of the defendant's due process right to "fundamental fairness." The appellate court upholds the decision in its opinion [PDF], which recaps, verbatim, some of the nearly 100 sexually explicit messages sent by the detective to push someone who had disengaged from the conversation multiple times into breaking the law.

In this matter, a law enforcement officer anonymously published an advertisement on an online classifieds platform reserved for those over the age of 18 and indicated that she was "a young female" seeking an individual interested in a casual sexual encounter. Joshua Solomon responded to the advertisement. Thereafter, the police officer assumed the guise of a fictional 14-year-old girl and sent Solomon nearly 100 messages laden with graphic, sexualized language and innuendo and persistently solicited him to engage in a sexual encounter with the fictional minor, notwithstanding that he had rejected her solicitations seven times over the course of four days.

At one point, Solomon rejected the "teen's" advances, stating specifically he thought this was "a setup by cops or a website." This only resulted in Detective Luvera increasing her pleas for illegal sex and amping up the sexual content of the messages. The appellate court's analysis tracks the trial court's distaste for the state's actions. But, as it notes, the government is cut so much slack in so many edge cases, precedential decisions on the topic are few and far between.

A decade later, for the first time, a claim of outrageous governmental misconduct was presented to the Supreme Court in a case in which a full trial court record was extant. In State v. Athan,law enforcement officers, "posing as a fictitious law firm, induced Athan to mail a letter to the firm." 160 Wn.2d 354, 362, 158 P.3d 27 (2007). They did so in order to obtain a sample of his DNA.

That's what the Washington state court has to work with after 100+ years of jurisprudence: one case roughly on point involving something which seems less violative of due process rights. (More of a 4th Amendment violation than a 14th Amendment violation.) The trial court certainly didn't need a bunch of precedent on hand to find the government's behavior disgusting. The appellate decision quotes it at length on the way to upholding the lower court's findings. In this case, the only thing propelling the sting forward was the government. Seven times the defendant tried to disengage and seven times the detective assailed him with increasingly-graphic text messages. And all of this stems from an action the government took: the placement of an ad in an area of Craigslist where all ad posters were supposed to be over the age of 18.

Here's just a small part of the trail court's oral comments on the sheriff department's actions (NSFW in parts):

I can't believe the detective would want to go to trial on this and subject this language to citizens. I'm just going to give you a little tidbit. At 3:17 on Wednesday, September 17th, the detective says, "OMG U R so fing hung baby!!! VVTF . . . I'm so amped up after seeing this. I have wait for my sister to leave and I am gonna video tape me finger banging me to ur plc! Can't u cum and see me now!!!" Yeah, that's repugnant. I don't care how you cut that pie. You can be a seasoned old sailor or whatever, but that is repugnant. That's a detective letting line out very fast on a free spool trying to get Mr. Solomon back in the game. And there is no other way to -- there is no other way to describe it. It's outrageous. That is repugnant. It's egregious.

The appeals court sums this all up with a couple of concise paragraphs.

In ruling to dismiss the charges, the trial court did not adopt a view that no reasonable judge would take. Given the court's finding that law enforcement had initiated and controlled the criminal activity, persistently solicited Solomon to commit the crimes so initiated, and acted in a manner (through the use of language and otherwise) repugnant to the trial judge's view of the community's sense of justice, the trial court's determination was tenable.

Accordingly, the trial court did not abuse its discretion by ordering that the charges against Solomon be dismissed. There was no error.

This isn't how you catch criminals. This is how you manufacture criminals. Much like the ATF's stash house stings and a great many of the FBI's terrorist investigations, the government does 99% of the work and jails the unlucky person who has been coerced and cajoled into doing something they likely would have never done if the government hadn't instigated it. A good call here by both courts working without almost zero precedent. Unfortunately, the lack of precedent doesn't suggest a well-behaved government. Instead, it points to a whole lot of judicial slack being cut over the years.

Read More | 11 Comments | Leave a Comment..

Posted on Free Speech - 13 June 2018 @ 9:33am

French President Pushing 'Fake News' Bill That Would Demand Decisions From Judges In 48 Hours

from the 48-hours-or-your-violated-rights-are-free dept

France's government will likely be following Germany's into the halls of speech regulation infamy. Germany's new "hate speech" law backed 24-hour removal demands with hefty fines to ensure social media platform compliance. This has prompted proactive enforcement by Twitter and Facebook, resulting the removal of content that doesn't violate the law, along with the removal of satire's life support.

The French government is already eyeballing a carbon copy of this hate speech law. But it's willing to do Germany one better: it wants to regulate "fake news." This push comes from new president Emmanuel Macron, who's decided to make his personal beef with fake news a public concern. A false story about offshore accounts owned by Macron made its way around the internet during his presidential campaign, prompting him to declare war on "fake news" if he was elected.

He's been elected, and now appears to be abandoning the base that thought he would be less radical and more reasonable than many of his opponents.

Taking aim at so-called fake news, France’s Parliament on Thursday is set to begin debating a tough bill aimed at repressing phony news items, one pushed by President Emmanuel Macron amid criticism that it poses a potential threat to press freedom.

The measure would allow judges to block content deemed false during a three-month period preceding an election.

During elections, it appears normal speech protections will be disabled. And it will be France's court system doing the heavy lifting under duress. The law would force judges to make a call on suspected "fake news" within 48 hours of the government submitting its case. Forty-eight hours is a ridiculous turn time for judicial matters, which makes it extremely likely literal judgment calls will be blown and/or overblocking will occur.

This also allows the French government to make the initial declaration of a news item's veracity. Forty-eight hours is barely enough time to read the government's case and pass a judgment, much less provide any due process to those accused of faking their news. Anyone who can't find something wrong with the general idea of a government declaring certain speech bogus and placing it before a judge with ticking time is either a budding authoritarian or Emmanuel Macron.

Unfortunately for Macron, the not-so-very-enlightened president is going to have a hard time shoving this terrible idea down parliament's throat. He's getting shot from both sides during his push to harm free speech protections and journalists.

[I]n heated exchanges in parliament on Thursday, members of the rightwing Les Républicains party accused Macron of trying to create a “thought police” that threatened freedom of expression. The leftwing France Insoumise party warned of a new kind of censorship and cautioned against a hasty, unnecessary and ineffective law against an ill-defined concept of fake news.

France's culture secretary said these fears were overblown as was any perceived attack on journalists. But the law Macron is pushing would do exactly what the culture secretary denies it will do. Supposedly "professional media" won't be targeted. But how can that statement possibly be true?

Social networks would also have to clearly state who was sponsoring content. The law would also give the French media regulator new powers to remove broadcasters’ rights to air content in France if it is deemed to be deliberately fake or implausible. Foreign broadcasters could be taken off air if they were deemed to be attempting to destabilise France, a measure taken to be aimed at Russian state-backed outlets.

Even if the culture secretary is to be believed, this just means the government will decide who is or isn't a journalist after the law is passed -- most likely on a case-by-case basis that allows it to target those perceived of being less able to challenge a judicial determination. Journalism isn't something only big name news agencies do. Plenty of amateurs engage in journalism and it will be those without privilege or access who can most easily be silenced by the government's "fake news" accusations.

16 Comments | Leave a Comment..

Posted on Techdirt - 13 June 2018 @ 3:10am

UK Security Minister Says Only A Drivers Licence For The Internet Can Bring Back Online Civility

from the has-other-terrible-ideas-as-well dept

A bad idea that continues to persist is a favorite of many government officials. The problem with the internet is anonymity, according to them. Wouldn't we all be better off if we were forced to identify ourselves before using social media platforms? The theory is people won't say mean, stupid, or regrettable things if their posts and comments are linked to their real names. Several years of Facebook-only commenting systems has proven this wrong.

And yet the idea continues to be pushed by European politicians and DHS officials. The latest to call for an internet drivers license is UK security minister Ben Wallace. His theory is the use of real names and verifiable info will inflict mass civility on the internet, which is currently home to roving bands of ruffians and Wild West content. [Paywall ahead.] [Alternate link to article provided by Alec Muffet, who has helpfully taken a screenshot of the print edition.]

Ben Wallace, a former soldier, said bullying and grooming occurred on social media because offenders believed they cannot be identified. “It is mob rule on the internet. You shouldn’t be able to hide behind anonymity as much as you can now,” he added.

Of course, it will all be so easy to implement in Wallace's limited view. After all, banks authenticate users' identities, so it stands to reason people will be happy to turn over names, addresses, phone numbers, and whatever else might be demanded in exchange for the heightened possibility of being doxed, sued, or exposed to overbroad prosecutorial efforts.

Wallace says there's a damn good reason to demand ID from everyone on the internet: the children.

The former soldier described being part of an uncover investigation into child sex exploitation where they found a children’s chatroom with a 45-year-old man pretending to be a 12-year-old.

He said: “It was like blood in the water with a shark – he was trying to chat up a girl to get her to come and meet him.

Whoa, if true. In the US, cops do this all the time. I'm sure UK cops do it as well, so this may have been nothing more than a couple of cops chatting to each other for all anyone knows. Even if this went down exactly the way Wallace portrays it, the institution of an internet ID card isn't going to magically make it impossible for 45-year-olds to pretend they're 12. It won't even make a dent.

What it will do is harm the internet and its users. The only services that will be able to comply will be the largest. Forums and discussion groups, hosted on free platforms and maintained by members, won't be able to cover the cost or provide the manpower. If anyone's concerned about the dominance of the major social media platforms, regulation like this isn't the answer. It will only further cement their dominance.

And there are plenty of legitimate reasons to maintain online anonymity. In the eyes of officials like Wallace, anonymity is an admission of guilt. "Nothing to hide, nothing to fear," except for people like undercover journalists, journalists' sources, dissidents, opponents of authoritarian governments, people who don't like being pre-doxed by their service provider, security researchers, government employees, people who don't like being blackmailed, critics of powerful people or corporations, kids who want to keep sexual predators from knowing they're kids… the list goes on and on.

To add injurious action to an insulting idea, Wallace has another boneheaded idea: intermediary liability for national security threats.

Mr Wallace called on social media giants to take responsibility for their own technology, as he said the UK was spending hundreds of millions of pounds on coping with the challenges of end-to-end encryption, which makes it harder for the security services to foil terror plots.

He said: “There should be an element of the ‘polluter pays’. You contribute to the cost your technology is engendering.”

What even the fuck. This is more than stupid. It's dangerous. It does very little to combat terrorism and gives the government (and lawsuit plaintiffs) a chance to grab some money from the biggest, easiest-to-locate target, rather than the actual criminals engaging in terrorist acts. This is lazy legislating and it's a cheap comparison. Terrorists may use encrypted communication services, but it hardly follows that terrorism is the result of companies offering encrypted messaging. Pollution, on the other hand, can be traced back to its source and the manufacture of products. There's a direct link from manufacturing to the production of pollutants. Offering an encrypted messaging service does not create terrorists or terrorist activity.

Fortunately for Wallace, he's floating these terrible ideas in the UK's legislative cesspool, unhampered by the First Amendment or rational national security legislation. This means UK residents, and the companies that serve them, may be eventually forced to fork over their personal info to access Facebook, much like they're expected to do if they want to access porn.

48 Comments | Leave a Comment..

Posted on Techdirt - 12 June 2018 @ 7:31pm

Legislators Reintroduce Pro-Encryption Bills After FBI Destroys Its Own 'Going Dark' Narrative

from the [mugato-voice]-irons-so-hot-right-now dept

The FBI may have overplayed its hand in the encryption game, but that doesn't mean someone further down the legislative food chain won't suffer from a sudden burst of enthusiasm for destroying encryption in the wake of a local tragedy. The same DC legislators looking to prevent federal legislation mandating encryption backdoors is taking the fight to the state level. Or, rather, looking to disqualify legislative contestants before they even enter the ring.

A bipartisan group of lawmakers is renewing a push for legislation to block states from mandating that technology companies build “backdoors” into devices they produce in order to allow law enforcement access to them.

The measure is designed to preempt state and local governments from moving forward with their own laws governing encryption before the federal government acts on the issue.

The bill would prevent backdoor mandates, as well as encryption-subverting technical assistance demands or encryption bans.

A State or political subdivision of a State may not—

(1) mandate or request that a manufacturer, developer, seller, or provider of covered products or services—

(A) design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product, by any agency or instrumentality of a State, a political subdivision of a State, or the United States; or

(B) have the ability to decrypt or otherwise render intelligible information that is encrypted or otherwise rendered unintelligible using its product or service; or

(2) prohibit the manufacture, sale or lease, offering for sale or lease, or provision to the general public of a covered product or service because such product or service uses encryption or a similar security function.

This bill was originally introduced in 2016, back when the FBI was just getting its anti-encryption electioneering underway, but this time around appears to have a larger list of bipartisan sponsors.

Since then, things have changed considerably. The FBI's claimed number of locked devices swelled dramatically, from a little under 800 to nearly 8,000 in less than two years. Its "going dark" rhetoric increased pace along with the increase in number of inaccessible phones.

But the biggest change in the last couple of years -- a time period during which this legislation hasn't moved forward -- is the FBI's self-own. Forced to account for its growing number of locked devices given the multiple options available to crack the phones or obtain evidence located in the cloud, the agency finally decided to take a look at all the phones it had amassed. And it found it didn't have nearly as many as it had claimed. The 8,000 phones turned out to be somewhere between 1,000-2,000 (likely around 1,200 devices). The FBI blamed it on faulty software and has begun issuing corrections to the many, many public statements it published about the "going dark" problem.

Given the FBI's disastrous discovery, the time would seem to be perfect to push forward with pro-encryption legislation. A new bill is on the way -- likely a carbon copy the 2016 proposal. It should pair nicely with another bill introduced in May, which would prevent federal agencies or courts from demanding companies create backdoors or otherwise weaken their encryption. The only exception would be for mandates or court orders stemming from CALEA, which would limit assistance demands to the interception of communications (with wiretap warrants), not the contents of locked devices.

If both move forward, phone users will be protected on both ends from both levels of government. No backdoors, and no demands phone manufacturers kick down the front door so law enforcement can carry out their search warrants.

62 Comments | Leave a Comment..

Posted on Techdirt - 11 June 2018 @ 8:12pm

Australian Cops Say Their Unreliable Drug Dogs Will Decide Who Gets To Attend Music Festivals

from the 4/5ths-wrong,-1/5-creeping-authoritarianism dept

The New South Wales Police think they've figured out this whole drugs-and-music thing. To slow the entry of drugs (and drug users) to events where drugs (and drug users) might be found, they're going to station their most unreliable officers at the entrance and have them point out the people who should be forbidden from entering. From the NSW Police Facebook post:

Police are warning patrons attending the ‘Above and Beyond’ music festival at Sydney this weekend that drug detection dogs will be at the venue.

The event will run from 6pm until midnight on Saturday (9 June 2018), at the Sydney Showground.

Police warn that drug detection dogs will patrol the venue and can detect the presence of prohibited drugs or someone who has recently had drugs on them. If a dog makes an indication you will be denied entry.

[...]

Police will exclude any person from the venue that the drug dog indicates has or who has recently had drugs on them, regardless of whether drugs are located.

This is great news for all those pro-Drug War types who think the innocent are just as guilty as the guilty until proven otherwise. Drug dogs are much better at detecting handler cues than detecting drugs, so it's inevitable this deployment of K-9 units will result in paying customers being screwed out of their money by four-legged animals.

Drug dogs have outrageous failure rates, considering law enforcement (and some courts) hold them up to be "probable cause on four legs." It's quite possibly even worse in Australia.

Last year, of the 15,779 searches conducted after police-dog identification, no drugs were found in 11,694 cases. Drugs were found in 4085 cases, resulting in a ''false positive'' rate of 74 per cent, said the Greens MP David Shoebridge, who obtained the figures

Those stats are from 2010. There's every reason to believe accuracy has improv...

A record 80 per cent of sniffer dog searches for drugs resulted in ''false positives'' this year, figures show.

The figures obtained from the state government in response to parliamentary questions on notice show 14,102 searches were conducted after a dog sat next to a person, indicating they might be carrying drugs. But, in 11,248 cases, no drugs were found.

So, there's an 80% chance festival goers who get booted by a dog won't have any drugs on them, or near them, or only in residue form. And the determination can't be challenged by showing officers you're not carrying any drugs. If a dog says you're not allowed to enjoy the music festival, despite having shelled out at least $128, the dog's call is final.

This is a very police state-ish thing to do. It allows police to arbitrarily boot people from venues, depriving them of both their freedom and their money. And it's a coward's way out. Rather than put their own reputations on the line, NSW police are simply going to shrug people express their anger at being kicked out of a concert for drugs they don't have and say a dog told them to do it.

28 Comments | Leave a Comment..

Posted on Free Speech - 11 June 2018 @ 12:00pm

Police Chief Sends Officers Out To Arrest Man For Calling The Chief A 'Dirty' Cop

from the in-a-move-guaranteed-to-only-garner-more-respect-for-the-chief dept

If any state still has a criminal defamation law on the books (and there are more than you would think), it needs to get rid of it posthaste. Besides the obvious Constitutional implications, the laws act as lèse-majesté analogs wielded by powerful government officials to silence their critics.

Criminal defamation laws have been abused multiple times by law enforcement officers and their public official friends. Louisiana public officials (and the law enforcement that willingly serves them) seem especially fond of deploying a law already declared unconstitutional to harass citizens who just won't stop complaining about the actions of their public officials.

For whatever reason, New Hampshire still has a criminal defamation law on the books. It's only a misdemeanor but that's still plenty of hassle for those who've been targeted by vindictive cops. [h/t Adam Steinbaugh]

On May 23, a police officer arrested Robert W. Frese in Exeter, New Hampshire and took him to the station for booking. Frese is no stranger to law enforcement; in the past, he has been convicted of fraud, criminal trespassing, and a hit-and-run. (His vehicle was easy to track because of its notable vanity plate: TRUMP1.) But this latest arrest, Frese learned, had nothing to do with those earlier mishaps. Instead, he had been apprehended for insulting a police officer on the internet.

The facts of the case, laid out by the Seacoast Online and the criminal complaint against Frese, are straightforward. On May 3, Frese wrote a comment on a Seacoast Online article about recently retiring police officer Dan D’Amato. He believed that D’Amato had treated him unfairly and harshly criticized his alleged misconduct. He then tore into Exeter Police Chief William Shupe, declaring that “Chief Shupe covered up for this dirty cop.”

Chief Shupe had plenty of options to respond to being called "dirty" by an Exeter resident. He could have said nothing. He could have responded by calling Frese's character into question. He could have demanded proof. He could have taken his badge off and headed to the courthouse to file a civil defamation complaint just like the rest of the unwashed masses. But he did none of these things.

Instead, he arrested Frese and charged him. The arrest itself was unusual. Class B misdemeanors generally result in citations, not arrests, because no jail time is involved. But Chief Shupe had someone to punish for daring to insult a public official, so an arrest was carried out. Shupe got his man -- and a planned arraignment -- but that's as far as this bogus criminal defamation case is going. (h/t Eugene Volokh)

Citing a review by the New Hampshire attorney general's office, Exeter police dropped the criminal defamation charge against Robert Frese for online comments he made accusing the police chief of "covering up for a dirty cop."

In a press release issued Thursday afternoon, Exeter police said "In further review by the attorney general's office of the facts of this case and the law, it is their opinion that the state would not prevail at trial. After careful consideration of all the opinions involved, the Exeter Police Department has decided to nolle prosse the charge."

This is what tends happens when someone other than an aggrieved party -- in this case, the town's police chief -- gets involved. The stupidity of the arrest is exposed by the law being read in the context of the situation. If anything is definitively protected by the First Amendment, it's political debate. An angry man venting about perceived police corruption is part of that debate. Whether or not Chief Shupe is actually corrupt remains to be seen. But this vindictive arrest certainly doesn't make him appear any more trustworthy or honest.

22 Comments | Leave a Comment..

Posted on Techdirt - 11 June 2018 @ 9:36am

DOJ Stacks Charges On MalwareTech, Including Stuff Put Out Of Reach By The Statute Of Limitations

from the 'lying-to-feds'-bingo-card-complete dept

The government's case against Marcus Hutchins, aka MalwareTech, isn't getting any stronger. After detaining him at a Las Vegas airport following some post-conference partying, the FBI decided to hit the guy who inadvertently shut down WannaCry with charges for allegedly creating the Kronos malware. In essence, the case is about criminalizing security research, and the government's indictment decided to hang Hutchins out to dry while allowing the people who actually sold the malware to remain unarrested and unindicted.

The charges were weak and the government appeared to know it. Deployment of malware to cause damage and wreak havoc is one thing, but creating malware -- something lots of security researchers do -- isn't a criminal activity in and of itself. Thrown into the mix were wiretap charges based on the very thin premise that the malware was used to intercept communications.

Hutchins' defense team pushed back, forcing the government to actually show its work. A discovery request intended to show Hutchins was drunk and tired when he was "interviewed" by the FBI was rebuffed by the government. It also appears -- using the FBI's own testimony and recordings -- that Hutchins was never properly Mirandized.

Between them, the agents described how they flew out to Vegas the night before the arrest. Surveilling agents tracked Hutchins as he went to the airport and got through TSA then sat down at a first class lounge. As soon as Hutchins ordered a drink that turned out to be Coke but that the agents worried might be booze, Chartier, wearing business casual civvies, and two CBP agents wearing official jackets pulled Hutchins away from the lounge, placed him under arrest and cuffed him in a stairwell inside the secure area, and walked him to a CBP interview room, where Chartier and Butcher Mirandized him, then interrogated him for 90 to 100 minutes.

Even in telling that story, Chartier and Butcher’s stories conflicted in ways that are significant for determining when Hutchins was Mirandized. He said it took “seconds” to get into the stairwell and then to the interview room. She noted that the “Airport is rather large. Would have taken awhile.” to walk from place to place (it was 36 minutes between the time Hutchins cleared TSA, walked to the lounge, ordered a Coke, and the time Chartier first approached Hutchins). There seems to be a discrepancy on how many CBP agents were where when (that is, whether one or two accompanied Chartier and Hutchins all the way to to the interrogation room). Those discrepancies remained in spite of the fact that, as Butcher admitted, they had spoken, “Generally, about the interview, and Miranda, and making sure that we were on, that our facts were the same.”

Chartier described that the CBP recording equipment in the room “wasn’t functional that day,” which is why they relied on Butcher pressing a record button herself, which she didn’t do until (she said) Chartier started asking “substantive” questions, but after the Miranda warning.

With all of this going on, and the government's charges relying on some very generous interpretations of the CFAA and wiretap laws, the feds appear unable to close this case successfully. Prosecutors were unable to get Hutchins to agree to a plea deal with their first try, so they're going to take another crack at it. A superseding indictment [PDF] has been entered by the government and, as Marcy Wheeler explains, it's even worse than the extremely shaky one it's replacing.

[T]he government, which refuses to cut its losses on its own prosecutorial misjudgments, just doubled down with a 10-count superseding indictment. Effectively, the superseding creates new counts, first of all, by charging Hutchins for stuff that 1) is outside a five year statute of limitations and 2) he did when he was a minor (that is, stuff that shouldn’t be legally charged at all), and then adding a wire fraud conspiracy and false statements charge to try to bypass all the defects in the original indictment.

The government has added another piece of malware to its indictment -- UPAS Kit -- and is attempting to tie it to Hutchins. Even if it's able to do this, it likely won't help the government secure a conviction for two reasons. First, if the date is accurate, it means Hutchins was still a minor when this alleged crime took place. Second, the government has only five years to prosecute and the July 2012 date stated in the indictment means the statute of limitations has tolled.

There's far more to it than that. Wheeler's post detailing everything wrong with the superseding indictment is a masterpiece deconstruction of government desperation. The indictment wants jurors to believe simply writing about malware is a criminal act, even when the post cited actually details how to thwart malware. And it now includes an old DOJ favorite: making false statements to the FBI.

This last one might cause more problems for the FBI than it will solve. This will rely on statements made during the interrogation of Hutchins -- one that's already been marred by conflicting testimony by FBI agents.

First of all, as I’ve noted, one agent Hutchins allegedly lied to had repeatedly tweaked his Miranda form, without noting that she did that well after he signed the form. The other one appears to have claimed on the stand that he explained to Hutchins what he had been charged with, when the transcript of Hutchins’ interrogation shows the very same agent admitting he hadn’t explained that until an hour later.

So the government is planning on putting one or two FBI agents who have both made inaccurate statements — arguably even lied — to try to put Hutchins in a cage for lying. And they’re claiming that they were “conducting an investigation related to Kronos,” which is 1) what they didn’t tell Hutchins until over an hour after his interview started and 2) what they had already charged him for by the time of the interview.

The best case scenario, as Wheeler explains, in the government tying the 2012 (past the statute of limitations) criminal act to some "marketing" of the malware in 2014, allowing it to salvage all these charges.

In other words, they’re accusing Hutchins of wiretapping and CFAA crimes because someone else posted a YouTube.

And if it can tie anything to this YouTube video, it can nail down venue because YouTube is a US company. (Hutchins is a UK resident.)

What it may also be is another attempt to get Hutchins to cave to a plea deal. This indictment adds more charges, which could mean additional jail time and fines if he's convicted. But that's a huge if. What the government has shown so far doesn't even meet the lowest standards of competency. It's a garbage prosecution made worse by the FBI's apparent decision to let the two people who actually marketed and sold malware walk away from this -- either because the agency can't locate them or (at least in "Randy's" case) has already agreed to drop charges in exchange for testimony.

Read More | 14 Comments | Leave a Comment..

Posted on Techdirt - 11 June 2018 @ 3:10am

Attorneys In Seth Rich-Linked Defamation Case Demand Identifying Info Of Thousands Of Twitter Users [Updated]

from the only-the-DOJ-can-issue-a-broader-bullshit-subpoena dept

UPDATE: According to Dissent Doe (who runs the essential Databreaches.net), the ridiculous subpoena has apparently been withdrawn by Aaron Rich's lawyers.

The brother of murdered DNC employee Seth Rich is suing some right-wing writers and their publishing platforms for defamation. Aaron Rich raises some rather decent libel claims, pointing out he's been subjected to numerous articles, tweets, podcasts, and livestreams pushing the theory he's either responsible for his brother's death or profited from it in some way. The lawsuit [PDF] names America First Media, the Washington Times, and writers Edward Butowsky and Matt Couch as defendants.

The allegations are serious. Everything that's been claimed by the defendants accuses Aaron Rich of multiple criminal acts. This is the list of allegedly defamatory claims made by those being sued.

Aaron worked with his brother, Seth, to steal and leak DNC documents to WikiLeaks, including by serving as the information technology expert that made the leak of documents to WikiLeaks possible;

Aaron received money into his own bank account from WikiLeaks for helping Seth provide those stolen documents;

Aaron knew in advance that his brother was going to be murdered for his role in leaking documents to WikiLeaks, but did nothing to stop it, and even warned Seth’s girlfriend in advance to break up with him to protect her own safety;

Aaron has covered up his involvement in his purported role in leaking documents to WikiLeaks; and

Aaron has obstructed justice by interfering with law enforcement efforts to bring his brother’s murderer to justice, including his purported refusal to provide law enforcement with access to investigative materials.

The lawsuit is interesting reading. And it's disturbing reading. Rich made several private attempts to secure retractions from the defendants but his efforts only encouraged more articles and unproven claims to appear.

But this post isn't about that lawsuit... at least not directly. Twitter user Virgil spotted a rather disturbing subpoena linked to the case. Sent to Twitter by Rich's lawyers, the subpoena [PDF] demands Twitter produce identifying info for thousands of Twitter users.

It first lists the "primary" Twitter accounts it wishes to obtain information about:

Twitter accounts associated with the following Twitter handles: @RealMattCouch; @americafirstmg; @EdButowsky; @WashTimes; @JamesALyonsJr, @ThinBlueLR; @Hannibalmoot; @FITE4THE USERS; @Eddie_Graham23; @TruthinGovernment201; @therealbp65; @jflippo1327; @Ty_Clevenger; @JaredBeck; @CassandraRules; @gatewaypundit; @KimDotcom; @JulianAssange; @Wikileaks; @RogerStoneJr.

This would be concerning enough if that were the end of it. Many of these Twitter accounts have nothing to do with the defendants other than their echoing of allegedly-defamatory claims and their general political persuasion. Wikileaks has nothing to do with this other than its release of DNC emails. Everything tying Aaron Rich to Wikileaks stems from the defendants' actions and words -- not anything Wikileaks has done itself. This is already overbroad and we haven't even gotten to the really broad part.

The next paragraph of the subpoena demands info for all of the following accounts:

The term "Secondary Accounts" means any Account that communicated with the Primary Accounts, including but not limited to tweeting, re-tweeting, direct messages, and replies from January 1, 2015 to the present.

This has the potential to snare thousands, if not millions, of Twitter users in Rich's subpoena dragnet. (I know I would be one of the "secondary accounts," as would be all of the Techdirt writing staff and site owner Mike Masnick.)

To be clear, Twitter has not turned over this info to Rich's lawyers. His legal team is going to be facing a lot of tough questions from the judge once Twitter submits its challenge. (According to the docket, it doesn't appear Twitter has done that yet, but then again, it was only served June 1st.) There's always a small chance the judge will see nothing wrong with Twitter producing information linked to thousands of accounts, but that's very unlikely. Twitter, fortunately, has a solid legal team. Other outlets that may be served in this case may not.

Rich's lawyers should know better than this. Perhaps they're hoping the absurdity of the request will result in a narrowing that still allows them to access account info they would like to have, but haven't shown any legal reason to demand. It's also a reminder that subpoenas are only judicially vetted after they've been submitted to recipients and (this is important) after the recipient challenges them. Subpoena power is immense and it's up to courts and recipients to ensure the power isn't abused.

Read More | 16 Comments | Leave a Comment..

Posted on Techdirt - 8 June 2018 @ 7:39pm

FBI Hoovered Up Two Years Of A Journalist's Phone And Email Records To Hunt Down A Leaker

from the sorry,-citizens,-we-have-an-omelette-to-make dept

The New York Times reports the FBI has crossed a line it's generally hesitant to cross. An investigation into classified info leaks by a Senate Intelligence Committee aide involved the seizure of two year's worth of a New York Times reporter's phone and email records.

The former aide, James A. Wolfe, 57, was charged with lying repeatedly to investigators about his contacts with three reporters. According to the authorities, Mr. Wolfe made false statements to the F.B.I. about providing two of them with sensitive information related to the committee’s work. He denied to investigators that he ever gave classified material to journalists, the indictment said.

[...]

Mr. Wolfe’s case led to the first known instance of the Justice Department going after a reporter’s data under President Trump. The seizure was disclosed in a letter to the Times reporter, Ali Watkins, who had been in a three-year relationship with Mr. Wolfe. The seizure suggested that prosecutors under the Trump administration will continue the aggressive tactics employed under President Barack Obama.

The war on unofficial transparency continues -- this time ensnaring a reporter. The indictment [PDF] shows Wolfe was in regular contact with four unnamed reporters and the classified info leaked apparently related to the investigation of Carter Page. (The indictment refers only to MALE-1.).

Despite all the dots connected by the Justice Dept. after hoovering up email and phone records of four reporters, none of the charges brought against Wolfe involved mishandling classified info. All three charges listed are for lying to the FBI, not exposing secret info. While the info obtained may have been necessary to prove Wolfe lied to investigators, it does seem like a serious breach first amendment boundaries for nothing but vanilla "lied to the feds" charges. Those charges are mostly there for the government to punish people when it thinks it can't nail down more serious charges.

And it is a breach of expected norms, if not a reliable indicator of how many civil liberties the government is willing to doormat to hunt down leakers and whistleblowers.

Under Justice Department regulations, investigators must clear additional hurdles before they can seek business records that could reveal a reporter’s confidential sources, such as phone and email records. In particular, the rules require the government to have “made all reasonable attempts to obtain the information from alternative, non-media sources” before investigators may target a reporter’s information.

In addition, the rules generally require the Justice Department to notify reporters first to allow them to negotiate over the scope of their demand for information and potentially challenge it in court. The rules permit the attorney general to make an exception to that practice if he “determines that, for compelling reasons, such negotiations would pose a clear and substantial threat to the integrity of the investigation, risk grave harm to national security, or present an imminent risk of death or serious bodily harm.”

It's not clear all these steps were followed. But there are a whole lot of exceptions available to the FBI to bypass these steps meant to protect the First Amendment. No one seems to have been notified beforehand, and it was far more than call/email metadata that was obtained. The indictment cites the content of encrypted messages -- suggesting yet another area where the FBI's "going dark" rhetoric is overblown.

After the story was published, WOLFE congratulated REPORTER #3, using Signal, stating "Good job!" and "I'm glad you got the scoop." REPORTER #3 wrote back, using Signal,"Thank you. [MALE-l] isn't pleased, but wouldn't deny that the subpoena was served."

Going after reporters' records may become standard operating procedure. The Obama Administration prosecuted more leakers and whistleblowers than all previous presidents combined. This administration appears ready to dwarf Obama's numbers.

Attorney General Jeff Sessions said last year that the Justice Department was pursuing about three times as many leak investigations as were open at the end of the Obama administration.

If the DOJ isn't going to give the First Amendment a wide berth, it's not going to be much friendlier to the rest of them -- like the Fourth. Aggressive pursuit of leakers -- and the attendant collection of reporters' communications/data -- will continue. The DOJ may have guidelines meant to limit investigators from obtaining journalists' records, but they're not much practical use when they can be waived to preserve the "integrity of the investigation."

Read More | 60 Comments | Leave a Comment..

Posted on Techdirt - 7 June 2018 @ 9:39am

NY State Legislators Unanimously Pass A Cyberbullying Bill That Can't Be Bothered To Define Cyberbullying [Update]

from the passed-without-an-ounce-of-credibility-or-sincerity dept

Update: Eugene Volokh points out (via email) that there is a definition of cyberbullying on the books in New York state. The bill does not reference it, however. This bill appends Section 12a to Section 12, which is part of the state's consolidated education law. Section 12 says "no student will be subjected to harassment or bullying by employees or students on school property or at a school function." There's still no definition here of bullying or cyberbullying, nor is there anything pointing to the state's definition of these terms. To find a definition, readers must look to Section 11 (again, not mentioned anywhere in the new bill), which is another part of the state's education laws. This is how that section defines cyberbullying:

“Harassment” and “bullying” shall mean the creation of a hostile environment by conduct or by threats, intimidation or abuse, including cyberbullying, that (a) has or would have the effect of unreasonably and substantially interfering with a student's educational performance, opportunities or benefits, or mental, emotional or physical well-being;  or (b) reasonably causes or would reasonably be expected to cause a student to fear for his or her physical safety;  or (c) reasonably causes or would reasonably be expected to cause physical injury or emotional harm to a student;  or (d) occurs off school property and creates or would foreseeably create a risk of substantial disruption within the school environment, where it is foreseeable that the conduct, threats, intimidation or abuse might reach school property.  Acts of harassment and bullying shall include, but not be limited to, those acts based on a person's actual or perceived race, color, weight, national origin, ethnic group, religion, religious practice, disability, sexual orientation, gender or sex.  For the purposes of this definition the term “threats, intimidation or abuse” shall include verbal and non-verbal actions.

This definition helps, but it's still an unconstitutional proposal. What might have been limited to acts on school property or those resulting in disruption is now being spread to cover the act (as defined here) anywhere it takes place. Criminalizing the act takes it a step further than it should be taken, and in doing so, infringes on protected speech. Volokh's post give several examples of protected speech that would be considered a criminal act if the law goes into effect. Here are just a couple of them:

[3.] A popular local blogger harshly condemns an under-18-year-old accused of crime, calling him a thug or other words that are viewed as "verbal abuse." The blogger knows that opinion among high schoolers about the accused criminal is sharply divided (perhaps on ethnic, racial, or religious lines), with some people stridently defending him and others condemning him. The article is foreseeably read on school property, as students pull it up on their phones or computers. The article also foreseeably leads some students to again condemning the accused criminal, and others to defend it; foreseeably, a fight breaks out, or threatens to break out, which means the article "foreseeably create[d] a risk of substantial disruption within the school environment." The blogger is a criminal.

[4.] An under-18-year-old high school student becomes a nationally known activist, for instance for gun control or transgender rights or some such. People repeatedly mock his arguments online, and condemn his as an idiot, which a prosecutor thinks is "verbal abuse" and "would reasonably be expected to cause ... emotional harm" to him. The people can be prosecuted, and will be convicted if the jury agrees with the prosecutor.

Tl;dr: I screwed up. It is defined elsewhere in the state's statutes. Unfortunately, there's no acknowledgment of that fact in the bill's wording. It simply assumes everyone knows what cyberbullying is and what is covered under that definition. I can assure you many of those voting for the bill are likely unaware of how much protected speech this bill targets.


New York state legislators are back at it, attempting to tackle cyberbullying with a "new" law. In reality, this would be the legislature's fifth attempt to enact an anti-cyberbullying law. New York attorney Eric Turkewitz was the first to catch the New York's Senate's self-congratulatory tweet. The tweet touted the bill's unanimous passage (a 56-0 vote). But "widespread support" isn't synonymous with "well-crafted law." No state senator wants to appear "soft" on bullying, so the law passes without anyone bothering to ascertain its effectiveness, much less its constitutionality.

For an anti-bullying law to survive a constitutional challenge, it must be exceedingly well-crafted and narrowly-defined. This bill -- with 56-0 support -- has none of that. From Turkewitz's post on the bill:

Just one teensy little problem seems to have escaped the drafters, however. This “cyber-bullying” that they wish to make a misdemeanor has a flaw. I’m almost embarrassed to mention it, but here goes.

Cyber-bullying doesn’t seem to have a definition.

It doesn't. Once you get past the full page of preamble explaining why such a law is needed, you run into this, which defines nothing but who would be protected by the law.

S 12-A. CYBERBULLYING. 1. AS USED IN THIS SECTION, THE FOLLOWING TERMS SHALL HAVE THE FOLLOWING MEANINGS:

A. MINOR SHALL MEAN ANY NATURAL PERSON OR INDIVIDUAL UNDER THE AGE OF EIGHTEEN.
B. PERSON SHALL MEAN ANY NATURAL PERSON OR INDIVIDUAL.

ANY PERSON WHO KNOWINGLY ENGAGES IN A REPEATED COURSE OF CYBERBULLYING OF A MINOR SHALL BE GUILTY OF AN UNCLASSIFIED MISDEMEANOR PUNISHABLE BY A FINE OF NOT MORE THAN ONE THOUSAND DOLLARS, OR BY A PERIOD OF IMPRISONMENT NOT TO EXCEED ONE YEAR, OR BY BOTH SUCH FINE AND IMPRISONMENT.

This act shall take effect immediately.

Up to one year in prison based on a definition apparently to be determined post-arrest by prosecutors or presiding judges. And, apparently, cyberbullying ends once the victim turns 18, so there's no need to extend this dubious protection to adults.

State lawmakers should know better. First, they should know laws attempting to regulate speech must be particular and explicit in their definitions of the prohibited speech. Second, the justification for regulating speech must clearly and heavily outweigh the negative repercussions of the government's act of censorship. All this law has is a statement saying schools are powerless to stop cyberbullying that occurs off campus. That's not nearly enough justification to start handing out misdemeanor charges to mean people.

There have been better-defined bills passed in the state of New York. The county of Albany actually took the trouble to define the terms central to the law.

1. "any act of communicating … by mechanical or electronic means,”

2. “including posting statements on the internet or through a computer or email network,”

- “disseminating embarrassing or sexually explicit photographs;”

- “disseminating private, personal, false or sexual information,”

- “or sending hate mail,”

3. ”with no legitimate private, personal, or public purpose,”

4. “with the intent to harass, annoy, threaten, abuse, taunt, intimidate, torment, humiliate, or otherwise inflict significant emotional harm on another person.”

This definition is 73 words longer than the state senate's definition of "cyberbullying" and it still couldn't beat a Constitutional challenge. The state's highest court shut down enforcement of the law, noting that its definitions would "criminalize a broad spectrum of speech outside the popular understanding of cyberbullying."

On its fifth attempt to push through anti-cyberbullying legislation, the state senate can't even be bothered to craft a definition narrow enough to be rejected by the state's courts, much less one that would survive even the most cursory challenge.

A bill like this -- one that's seen four previous attempts -- serves one purpose. And it's got nothing to with the children we're always supposed to be thinking about. Here's Scott Greenfield's take:

[T]his law is just a cynical attempt to game the emotions of the electorate, as it has absolutely no chance of passing constitutional muster. The senators didn’t even give it a try, and as much as they may not be the sharpest knives in the legislature, even they know that you can’t criminalize cyberbullying by defining it as cyberbullying.

The proposed law is electioneering dressed up to look like empathethic legislation. It's multiple campaign efforts being funded by taxpayers who not only pay the salaries of legislators who can't be bothered to do their job properly, but will also be on the hook for legal fees if the bill becomes law and has to be defended in court. When one of these partners in unanimous useless ask for donations during the next election run, point to bullshit like this and tell them you gave at the office.

38 Comments | Leave a Comment..

Posted on Techdirt - 7 June 2018 @ 3:41am

Court Says German Intelligence Agency Can Continued To Deploy Its Dragnet On World's Largest Internet Hub

from the court:-dump-pipes-shouldn't-worry-about-end-users dept

The post-Snowden effects on Germany's surveillance architecture have been muted. Oversight in the US is a joke, but it's marginally better than what's being offered in other countries. You'd think a country that survived almost-consecutive crushing surveillance states would be a bit more cautious about deploying dragnets. Not so. All evidence points to German surveillance programs flourishing under the lack of effective oversight, limited only by technical prowess rather than concerns for those swept up by them.

Internal investigations prompted by revelations seemed like a step forward, but the government gave German surveillance programs a thumbs up three years later. The information revealed by Snowden and other leakers did give residents and advocates enough ammunition for legal battles, but the German courts haven't really given them anything in return.

David Meyer of ZDNet reports a court has handed a win to Germany's Federal Intelligence Service (BND) in a lawsuit filed by Frankfort's De-Cix, the largest internet hub in the world. The BND has tapped this for years, sweeping up massive amounts of data and communications, and frequently passing this on to surveillance partners around the world. De-Cix was compliant until 2016, when it decided to sue BND for violating German law.

Until a revision to German law last year, the Federal Intelligence Service, Bundesnachrichtendienst or BND, could only inspect up to 20 percent of the traffic flowing through the hub.

That traffic amounts to over 5TB per second of information coming from and going to places all over the world. The 'G10 law' also says the agency can only inspect international communications.

However, De-Cix's 2016 complaint said the BND was scooping up the lot, without any targeting. It also said the agency was illegally monitoring internal German communications as part of those activities, as its filters for emails involving a .de address did not work properly.

Unfortunately, the allegations of illegal spying won't be examined. The court has decided De-Cix cannot bring this lawsuit, which is nominally on behalf of those being illegally spied on (end users). The court says De-Cix just routes traffic, and as such, cannot allege harm.

De-Cix isn't happy with this ruling.

De-Cix said in a statement that it finds it "incomprehensible" that the Leipzig court failed to deal with the BND's alleged violations, as detailed by the exchange. It added that everyone's privacy rights are now solely in the hands of the government's intelligence oversight committee.

German residents shouldn't be happy with it either. What's been shown repeatedly in the wake of the Snowden leaks is that government oversight of surveillance agencies and programs is weak, ineffective, and frequently given little to no information to work with. The powers granted by various national security laws make the problem worse by expanding surveillance powers and reining it whatever's left of their oversight. Recent years have seen some reform efforts put in place, but beyond making hypocritical noise about the NSA's surveillance of German politicians, not much has been done on the legislative front in Germany, other than to codify abusive surveillance to make it more resistant to legal challenges.

15 Comments | Leave a Comment..

Posted on Techdirt - 6 June 2018 @ 7:51pm

State Court Says Cop Posing As A Facebook Friend To Snag Criminal Evidence Isn't A 4th Amendment Violation

from the of-course-it-isn't dept

Getting roped in by your public Facebook posts isn't a Fourth Amendment violation -- not even if the viewing "public" contains undercover cops. The Delaware Supreme Court [PDF] got to wrestle with an interesting question, but the public nature of conversations prevents the Fourth Amendment from being much of an issue. [h/t Eric Goldman]

Here, the defendant-appellant, Terrance Everett (“Everett”), accepted the friend request from a detective who was using a fictitious profile. The detective then used information gained from such monitoring to obtain a search warrant for Everett’s house, where officers discovered evidence that prosecutors subsequently used to convict him.

Everett posted pictures of cash and weapons. As a convicted felon, he certainly wasn't supposed to be in possession of the latter. There's a discussion of privacy settings in the court's decision, but it only shows nothing conclusive was determined by the lower court. Apparently, Everett did set his account to "Friends-only" at some point, but that most likely did not occur until after the photos used to obtain a search warrant had already been viewed.

Ultimately, the court decides the privacy settings don't really matter -- at least not as far as Everett extended them. It would have still allowed the detective to see the photos Everett posted, given that the law enforcement officer was already a Facebook friend.

Attempting to claim his privacy was violated by the three-year subterfuge, Everett's challenge partially hinged on a key omission from the detective's warrant affidavit. The detective never informed the judge he had spent three years pretending to be Everett's friend to gather probable cause for a search. If nothing else, this seems like a waste of law enforcement resources, given the only charge Everett was convicted for was firearms possession. Then again, surveillance through a Facebook account is a largely passive enterprise.

The lower court found the omission did not affect the warrant's validity and the state Supreme Court agrees. Then it moves on to address the larger issue: is a fake friend a privacy violation?

We reject Everett’s contentions because Everett did not have a reasonable expectation that the Facebook posts that he voluntarily shared with Detective Landis’s fake profile and other “friends” would not be disclosed. We observe that Detective Landis did not request or access the Photo directly from Facebook, the third-party service provider— a scenario that we need not address here. Rather, Everett made the Photo accessible to his “friends” and, by doing so, he assumed the risk that one of them might be a government officer or share his information with law enforcement.

This is true across all communications platforms, including personal conversations and snail mail. The expectation of privacy the sender might have can be "violated" at any time by the recipient of the communications. Even if the recipient is a cop pretending to be a Facebook friend, the privacy of communications is only as solid as the other participant.

The court also notes this isn't even comparable to wiretapping. The detective did not intercept private communications or otherwise place himself between Everett and message recipients. Everything gathered to support the warrant was visible to Everett's Facebook friends. Any one of them could have turned the photo over to police without violating Everett's privacy. The detective's passive monitoring of a Facebook account doesn't change the equation much.

One cannot reasonably believe that such “false friends” will not disclose incriminating statements or information to law enforcement—and acts under the risk that one such person might actually be an undercover government agent. And thus, one does not have a reasonable expectation of privacy in incriminating information shared with them because that is not an expectation that the United States Supreme Court has said that society is prepared to recognize as reasonable.

[...]

If one allows others to have access to his or her information that contains evidence of criminal wrongdoing, then that person assumes the risk that they might expose that information to law enforcement—or they might be undercover officers themselves. As the United States Supreme Court has put it, “[t]he risk of being . . . betrayed by an informer or deceived as to the identity of one with whom one deals is probably inherent in the conditions of human society” and “is the kind of risk we necessarily assume whenever we speak.”

That's how it works. Communications are public, to a certain extent. The government can't access certain conversations you have with others without a warrant, but nothing says it can't pretend to be another person to be invited into incriminating conversations. Posting photos to Facebook isn't a private act, even if the settings only allow "friends" to view them. The subterfuge deployed makes it seem like more of a privacy violation than it actually is. What this should be is a cautionary tale, rather than an indictment of the Fourth Amendment's limitations. If someone doesn't want evidence of criminal activity used against them, they should probably keep that information to themselves, rather than post it on social media sites.

Read More | 19 Comments | Leave a Comment..

More posts from Capitalist Lion Tamer >>