Posted on Techdirt - 22 March 2017 @ 4:14pm
Perhaps the thinnest skinned politician on the planet -- Recip "Gollum" Erdogan -- is at it again. His legacy of injunctions, legal threats, and even copyright abuse continues. The latest to draw Erdogan's wrath is Switzerland, which, to be fair, has drawn his wrath in the past. The repeat "offender" was targeted by Erdogan in 2016 for an art exhibit he didn't care for. This wouldn't have happened if Switzerland didn't have a law on the books forbidding insulting foreign leaders. Erdogan has the uncanny ability to sniff out foreign laws that might help him remain un-insulted, but so far has only managed to Streisand himself into infamy.
This time around, it's a Swiss tabloid earning the Turkish president's disdain/threats of prosecution.
The Zurich-based tabloid Blick made Turkish television on Monday night when the country’s president Recep Tayyip Erdogan held up an edition of the Swiss paper with the front-page headline ‘Vote no to Erdogan’s dictatorship’.
The article in German and Turkish called for Turks in Switzerland to vote no in the April 16th referendum which, if successful, would give more powers to Erdogan.
Seems like a logical stance. Erdogan has abused every power he's been given. There's really no reason for other countries to give him more powers to abuse, even indirectly. The Turkish government went full Godwin in response, comparing this editorial's call for a "no" vote to Nazism.
Obviously, the Turkish government saw no irony in immediately demanding the Switzerland government do something about the tabloid's "insults." It has sent four requests for "legal aid," presumably in hopes of getting the tabloid's writers/publishers locked up for saying bad things about the Turkish president.
The Swiss government has responded, telling Turkey to stick to bullying its own citizens.
On Thursday a spokesman from the Swiss justice office, Folco Galli, told broadcaster SRF that four requests lodged by Turkey in mid January had been rejected, citing free speech.
Switzerland would only be obliged to cooperate if the act concerned was considered a crime in both Turkey and Switzerland, he said.
Speaking to the SRF Galli said: “If similar criticisms had been expressed in Switzerland against a federal councillor in the course of a political debate, they would of course have been tolerated as an expression of free speech.”
Which is precisely why the pending referendum should be shot down. The tabloid has perfectly demonstrated why such a law should not be instituted in Switzerland. If it had already been law, Switzerland's government might have been more inclined to assist Erdogan in pushing the editorial's writer.
The statement by the Swiss official is a healthy affirmation of Swiss citizens' protections, but is likely unintelligible to those it's directed at. "Tolerance" and "free speech" are concepts the Turkish president is completely unfamiliar with. As is pointed out in the article, the Turkish government is currently pursuing 2,000 domestic prosecutions over "insulting" social media posts and cartoons. Apparently Erdogan feels his persecution success at home should translate easily abroad. Fortunately for citizens in other countries, it doesn't.
9 Comments | Leave a Comment..
Posted on Techdirt - 22 March 2017 @ 11:44am
The Third Circuit Court of Appeals has ruled that passwords can be compelled with All Writs Orders. Handing down a decision in the case of Francis Rawls, a former Philadelphia police officer facing child porn charges, the court finds the order lawful, but doesn't go quite as far as to determine whether compelling password production implicates the Fifth Amendment.
The Third Circuit doesn't touch the Fifth Amendment implications because Rawls failed to preserve them.
Even if we could assess the Fifth Amendment decision of the Magistrate Judge, our review would be limited to plain error. See United States v. Schwartz, 446 F.2d 571, 576 (3d Cir. 1971) (applying plain error review to unpreserved claim of violation of privilege against self-incrimination). Doe’s arguments fail under this deferential standard of review.
Orin Kerr highlights a footnote from the order [PDF], which shows even if the court had addressed the Fifth Amendment implications, it likely would have sided with government based on its interpretation of the government's "foregone conclusion" argument.
It is important to note that we are not concluding that the Government’s knowledge of the content of the devices is necessarily the correct focus of the “foregone conclusion” inquiry in the context of a compelled decryption order. Instead, a very sound argument can be made that the foregone conclusion doctrine properly focuses on whether the Government already knows the testimony that is implicit in the act of production. In this case, the fact known to the government that is implicit in the act of providing the password for the devices is “I, John Doe, know the password for these devices.” Based upon the testimony presented at the contempt proceeding, that fact is a foregone conclusion.
However, because our review is limited to plain error, and no plain error was committed by the District Court in finding that the Government established that the contents of the encrypted hard drives are known to it, we need not decide here that the inquiry can be limited to the question of whether Doe’s knowledge of the password itself is sufficient to support application of the foregone conclusion doctrine.
This interpretation limits what the government has to assert to avail itself of this argument -- one that's sure to become more common as default encryption comes to more devices and communications services. As applied here, the government only has to show the defendant knows the password. It doesn't have to make assertions about what it believes will be found once the device/account is unlocked. (That being said, the DHS performed a forensic scan of the one device it could access -- the MacBook Pro -- and found data and photos suggesting the locked external drives contained more child pornography.)
The court also addresses the All Writs Act being used to compel password production in service to a search warrant that still can't be fully executed.
Doe asserts that New York Telephone should not apply because the All Writs Act order in that case compelled a third party to assist in the execution of that warrant, and not the target of the government investigation. The Supreme Court explained, however, that the Act extends to anyone “in a position to frustrate the implementation of a court order or the proper administration of justice” as long as there are “appropriate circumstances” for doing so. Id. at 174. Here, as in New York Telephone: (1) Doe is not “far removed from the underlying controversy;” (2) “compliance with [the Decryption Order] require[s] minimal effort;” and (3) “without [Doe’s] assistance there is no conceivable way in which the [search warrant] authorized by the District Court could [be] successfully accomplished.” Id. at 174-175. Accordingly, the Magistrate Judge did not plainly err in issuing the Decryption Order.
This shows just how malleable the New York Telephone decision is. This 1977 Supreme Court decision paved the way for widespread pen register use. Since that point, it has been used by the DOJ to argue for the lawfulness of encryption-defeating All Writs Orders (as in the San Bernardino iPhone case), as well as by criminal defendants arguing these same orders are unlawful.
In Apple's case, the government argued the company was not "far removed" from the controversy, despite it being only the manufacturer of the phone. Apple's distance as a manufacturer provided its own argument against the DOJ's application of this Supreme Court decision.
In this case, the key words are "third party": Rawls is arguing this isn't nearly the same thing as forcing a phone company to comply with pen register orders. This is a "first party" situation where compliance may mean producing evidence against yourself for use in a criminal trial. The government likes the New York Telephone decision for its Fourth Amendment leeway. The defendant here is arguing this isn't even a Fourth Amendment issue.
As the court points out, it can't really assess the Fifth Amendment argument -- not when it hasn't been preserved for appeal. But even so, the court says law enforcement already has enough evidence to proceed with prosecution. If so, the only reason the government's pressing the issue -- which has resulted in Rawls being jailed indefinitely for contempt of court -- is that it wants a precedential ruling clearly establishing the lawfulness of compelling the production of passwords. The court doesn't quite reach that point, but the ruling here seems to suggest it will be easier (in this circuit at least) to throw people in jail for refusing to hand over passwords, since all the government is really being forced to establish is that it knows the defendant can unlock the targeted devices/accounts.
Read More | 25 Comments | Leave a Comment..
Posted on Techdirt - 22 March 2017 @ 10:40am
Back in 2012, a federal court ruled US websites were "places of public accommodation." The ruling (overturned on appeal) came in a lawsuit brought against Netflix by the National Association of the Deaf. It seems like an obvious conclusion -- more people get their information, news, and entertainment from the web than other sources. But the ruling had plenty of adverse consequences, especially for smaller, less profitable purveyors of online content.
Professor Eric Goldman -- who analyzes a ton of internet-related lawsuits -- had this to say at the time:
If websites must comply with the ADA, all hell will break loose. Could YouTube be obligated to close-caption videos on the site? (This case seems to leave that door open.) Could every website using Flash have to redesign their sites for browsers that read the screen? I'm not creative enough to think of all the implications, but I can assure you that ADA plaintiffs' lawyers will have a long checklist of items worth suing over. Big companies may be able to afford the compliance and litigation costs, but the entry costs for new market participants could easily reach prohibitive levels.
The payoff of this lawsuit -- along with the federal government's requirements for making websites "accessible" -- is finally here. A California university is placing 20,000 audio and video lectures behind a registration wall, making them less accessible to everybody, rather than risk being sued for not making them "accessible" to those with disabilities.
The University of California, Berkeley, will cut off public access to tens of thousands of video lectures and podcasts in response to a U.S. Justice Department order that it make the educational content accessible to people with disabilities.
Today, the content is available to the public on YouTube, iTunes U and the university’s webcast.berkeley site. On March 15, the university will begin removing the more than 20,000 audio and video files from those platforms -- a process that will take three to five months -- and require users sign in with University of California credentials to view or listen to them.
This move has more to do with the DOJ's ADA*
accessibility stance, although that stance roughly aligns with the court's 2012 findings. The DOJ is named specifically in the university's statements as being the impetus for it locking up its past content. Future releases will be issued with an eye on compliance, but past lectures are gone for good unless you happen to have the right credentials to view them.
*[This acutally stems from the FCC, not the ADA. Nate Hoffelder has more details in the comments. UPDATE: never mind.]
Then there's this part of the university's statement, which hints it may not all be related to accessibility-compliance.
Finally, moving our content behind authentication allows us to better protect instructor intellectual property from ‘pirates’ who have reused content for personal profit without consent.
I'm not sure how much of a problem Berkeley has had with content piracy. This statement could mean it's rampant or could simply mean it's something the university's lawyers have mentioned in passing as a concern. Either way, the move is related to control. What the public can't see, it can't complain about. And that keeps the DOJ at bay, even if it does little for the general public.
However, the piracy part of the statement might become relevant in the near future. It also shows the university's spokesperson isn't aware most of the lectures can't be "pirated." LBRY.io has already mirrored the 20,000 files due for removal, and it notes its move is compliant with the terms governing the sharing and distribution of the recorded lectures.
The vast majority of the lectures are licensed under a Creative Commons license that allows attributed, non-commercial redistribution. The price for this content has been set to free and all LBRY metadata attributes it to UC Berkeley.
The university may have a point about "personal profit," but simply hosting lectures at a site that sells stuff or makes money from ads isn't the same thing as "reusing content for personal profit." And the license the university uses doesn't require permission beforehand.
In the end, what we have is another regulation failure, where best laid plans become self-sabotaging debacles. Attempting to make the web universally-usable is an impossibility. No one's going out of their way to cut the deaf or blind out of the international conversation, but demanding all US sites be compliant with the DOJ's requirements is like demanding all books be made available in Braille and audio format. It's something only a few publishers can afford to do. Even fewer can afford to engage in a legal battle with the federal government over a lack of compliance, which means increased enforcement efforts will only result in less available content. That does nothing to level the playing field for Americans with disabilities.
34 Comments | Leave a Comment..
Posted on Techdirt - 21 March 2017 @ 4:19pm
Another "ag gag" law is in the works in Arkansas. These bills are brought under the pretense of safety -- both for the person supposedly breaking them, as well as for the employees of the entity "trespassed" upon. The unspoken aim of these laws is to prevent whistleblowing, and they often spring into existence after someone has exposed horrible practices at local businesses -- in most cases, the mistreatment of animals. The other consequence of most of these laws -- unintended or not -- is to deter employees from speaking up about questionable business practices, as there often is no exception carved out for employees of the companies protected by these laws.
Kaleigh Rogers of Vice reports another ag gag bill has passed the Arkansas state House and is on its way to a Senate vote. And once again, the bill's wording would deter whistleblowing and make journalistic efforts a civil violation.
Arkansas senators are considering a bill that would allow private businesses to sue whistleblowers that expose abuse or wrongdoing. The bill has already passed the house, but not without receiving plenty of dissent from Republican lawmakers, free speech proponents, and animal rights groups.
The law would make it legal for businesses to sue anybody who goes onto a business's private property and, among other acts, "records images or sound occurring within an employer's commercial property and uses the recording in a manner that damages the employer." This include undercover investigators, but also employees: unless an employee is just doing his or her job, any recordings or information that exposes wrongdoing could be grounds for a lawsuit.
In between all the wording [PDF] that would be expected in a normal trespassing law (unauthorized access, theft, damage to property) are clauses that make exposing wrongdoing grounds for a lawsuit. This section makes the law's deterrent to whistleblowing explicit.
Records images or sound occurring within an employer's commercial property and uses the recording in a manner that damages the employer.
That's combined with an earlier phrase that applies the law to employees, not just muckraking interlopers.
An act that exceeds a person's authority to enter a nonpublic area of commercial property includes an employee who knowingly enters a nonpublic area of commercial property for a reason other than a bona fide intent of seeking or holding employment or doing business with the employer and without authorization…
Excepted from the law are all sorts of government agencies, which are apparently welcome to damage places of employment at will. In addition to damages and fees assessed as the result of a civil action, the state has the option to hit violators (which includes anyone who "directs or assists" the whistleblower/journalist) with $5,000/per day in fines.
The representatives pushing this bill are pretending it's about safety.
Representative Aaron Pilkington (R), who voted in favor of the bill, said the language is intended to prevent people from trespassing and potentially putting themselves in danger.
"It's just about going into places you're not allowed to be in," Pilkington told me. "If you work in a daycare center and there are problems going on, you have every right to whistleblow on that. But if you hear there's a daycare three towns over where something's going on and you're sneaking in there with a video camera, that's not right."
That's a really weird -- and really dangerous -- assertion to make. Violations should be unseen and unheard, apparently… unless they happen to occur at your place of employment. And even then, the wording of the bill contradicts the protections Pilkington alludes to. The bill specifically forbids employees from entering areas not directly-related to their job description and making any sort of recording that "damages" their employer. Whistleblowing always results in some sort of "damage," even if that damage is purely reputational and can be repaired by swift corrective action.
The only reason to pass a bill like this (rather than use existing trespassing laws to punish unauthorized entry) is to deter reporting and whistleblowing. It serves no purpose otherwise. Supporters of the bill know this, though they'll never publicly acknowledge this fact. If it passes, it should expect an immediate constitutional challenge. The bill does too much damage to accountability and protected speech to survive a second read by the courts.
Read More | 32 Comments | Leave a Comment..
Posted on Techdirt - 21 March 2017 @ 9:33am
Because abusing the DMCA process only goes so far, some reputation management entities have begun exploiting an inattentive legal system to push lawsuits past judges. In some cases, these suits have featured fake plaintiffs filing bogus libel lawsuits against fake defendants and using a fake affidavit to fraudulently obtain court orders requiring Google to delist URLs.
Those engaged in this fraudulent behavior aren't likely to get away with it for much longer. Paul Alan Levy and Eugene Volokh managed to track down the person behind one set of bogus lawsuits and get the presiding judge to take a closer look at the bogus documents he was being handed. Pissed Consumer has also been reporting on others using the same MO, and has headed to court to get these suits examined and tossed.
The end of line for supposed reputation manager Richart Ruddie came at the hands of Volokh and Levy, with the judge granting discovery to the defendant after being apprised of the apparently fraudulent filings. Now that Richart Ruddie of Profile Defenders has been exposed, it looks as though he's given up the fight. Levy reports Ruddie has settled anti-SLAPP claims brought against him and is paying restitution for his reputation mismanagement.
The deal has now been signed, the $71,000 settlement sum has been paid in full, and the settlement agreement filed with the court along with a proposed order under which the Judge Smith would retain jurisdiction to enforce Ruddie’s obligation to move to get the fraudulent state court orders lifted, as well as to ensure that the former customers (that is to say, Smith, Rescue One Financial, and Financial Rescue) cooperate in Ruddie’s efforts in that regard. Their cooperation will likely be needed because they, not Ruddie, were the plaintiffs in the state-court litigation and hence the motions to lift the orders will have to be made in the names of those parties companies. It appears at the moment that the threat of being dragged back into the Rhode Island anti-SLAPP litigation has been sufficient to induce the companies and Smith to allow counsel retained by Ruddie to proceed in their names to get the fraudulent order lifted.
While that helps the defendant and partially takes care of Ruddie's liability (not to mention acts as a deterrent against future efforts of this sort), it doesn't do much to deter the other parties listed, who apparently knew Ruddie's courtroom efforts were shady and may have been fully complicit in the fraud. This settlement leaves them pretty much unscathed. There's still the possibility more fees are on their way from others involved in Ruddie's black hat SEO BS. But for now, it's all in Ruddie's name.
Levy's post provides a ton of background info behind the settlement he just collected, including this wonderful paragraph, in which an opposing lawyer claims Levy has an "ethical" obligation to put the opposition's interests ahead of his own.
Apparently, Hirschhorn [attorney for Richart Ruddie representing him for a criminal investigation brought by the state at the request of Judge Smith] was sharing some of the details of our negotiations, because when Rescue One [Ruddie's SEO client] lawyer Michael Mallow learned that I was still pursuing his client’s liability for an anti-SLAPP violation, he hit the roof. He demanded that I call him and, when I did, he began yelling into the telephone that it was my ethical responsibility to reach a complete settlement with Ruddie so that his client would not have to produce any documents. He brought Hirschhorn into the call and demanded that I give Hirschhorn a settlement number that included claims against his clients as well as Ruddie. When I explained that I did not have any basis to set a proposed compensatory damages figure because I had not completed a sufficient analysis to specify a number that I felt I could defend in litigation, Mallow said that this didn’t matter and that I should just make up a number so that there could be a settlement. Hirschhorn indicated that he would take a specific number with that disclaimer; when I articulated a number that was considerably higher than what Hirschhorn said he could get from his client, Mallow told me that it was possible that his own client might contribute to the settlement, but “if that happens you will never know.” That is, the deal would be structured to give his client deniability of any responsibility for the fraud.
The whole post by Levy is amazing and should be read in its entirety to get a better grasp on the cast of characters in this courtroom charade. It initially appeared as though Ruddie's reputation management scheme consisted of filing bogus lawsuits without his SEO clients' knowledge. That no longer appears to be the case. At least a couple of his clients appear to have known exactly how this was being handled and had zero problem with participating in Ruddie's fraudulent filings. The settlement may be an attempt to staunch Ruddie's bleeding, but it's pretty difficult to pitch reputation management services when yours is swirling the drain.
9 Comments | Leave a Comment..
Posted on Techdirt - 20 March 2017 @ 2:55pm
A couple of weeks ago, a federal judge in Utah decided prior restraint was the best way to handle a recently-filed defamation suit against Honest Mattress Reviews by Purple Innovations, makers of the Purple Mattress.
Purple's lengthy filing contained numerous allegations of harm caused by Honest Mattress Reviews' extended commentary on the white plastic powder covering every mattress Purple ships. It also alleged HMR was just a front for site owner Ryan Monahan's brand management work with Purple's competitor, Ghostbed. Rather than give HMR a chance to respond, the judge decided the review site could publish nothing further about Purple or the lawsuit. It wasn't even allowed to refer to its previous rating of Purple's mattress.
Honest Mattress Review didn't care much for this decision -- one it had been given no chance to contest. It immediately posted an article about the case and offered to comply with the letter of the order, but perhaps not its spirit.
This temporary order commands that we take down all reviews, and even cease rating this company with a rating of “Poor.” Yes, indeed, we are no longer even permitted to rate this company as Poor. I guess we will change its rating to “💩.”
Do you trust a company that, rather than compete in the marketplace, decides that it will just try and sue negative reviews out of existence?
Purple Innovations immediately returned to court, demanding it find HMR in contempt of its order, in particular pointing to the poo emoji and HMR's claims about the unconstitutionality of the order and Purple's alleged disingenuousness in filing the libel suit.
That review has since been reinstated and given this header image.
And HMR has published a long list of court documents it has filed in this case. This includes a motion to dissolve the restraining order and a preliminary examination of the powdery substance Purple claims is harmless and that HMR claims could be hazardous to purchasers' health.
In the motion [PDF] to dissolve the order, attorney Marc Randazza points out that fashioning a libel lawsuit as a tortious interference lawsuit doesn't change the ultimate goal of the litigation: to silence criticism.
The action is a quintessential SLAPP suit designed to suppress negative consumer journalism. Plaintiffs have cleverly attempted to disguise this defamation claim as a Lanham Act claim – presumably to ensure the availability of Federal Court jurisdiction and to try to side-step the clear case law that cuts against them in defamation actions. But, no matter how eloquently someone may call a “dog” a “chicken,” it will never lay eggs. And styling a specious defamation claim as a Lanham Act claim does not remove the underlying speech from the protections afforded by the First Amendment.
He also points out that Purple's claims that the plastic packing dust is harmless haven't been supported by anything Purple's willing to let customers and competitors view. Instead, it's only made vague assertions about its safety. And those statements are ultimately meaningless when examined closely.
Plaintiff sells mattresses that are made of a rubber honeycomb, which they then dust with a powder that they claim is made of plastic and has been shown to be polyethylene microspheres. In other words, someone who sleeps on these mattresses would be expected to inhale these microspheres. The Plaintiff claims that it is “non toxic” and “food grade” plastic – but this does not assuage the concerns. After all, a plastic fork is “food grade” and “non toxic” but you most certainly would not want to actually eat it. The same goes for what a person wants to put in their lungs. It was reasonable to be concerned about this “plastic powder” since (a) if the particles that make up this plastic “powder” are of a certain size, they will pass through the alveoli into the bloodstream; or (b) if they are a bit larger, they will simply lodge themselves inside the lungs.
To support its claims, HMR put a Harvard Professor of Pathology to work. Dr. John Godleski's report [PDF] is far from complete at this point, but what's contained in his preliminary examination of the powder doesn't appear to agree with Purple's assertions of harmlessness.
By Fourier Transformed Infrared spectroscopy (FTIR), the white powder particles were shown to be polyethylene, and the purple frame was found to be polyethylene-polypropylene copolymer. The foam portion of the mattress is still understudy, but has characteristics of butadiene, and may be a form of butadiene polymer.
Polyethylene is a common plastic formed into many structures. As inhalable microspheres, these have the potential to cause respiratory irritation especially when inhaled in large numbers as shown in my laboratory (1- 4). In addition, polyethylene has been associated with allergy in the form of either asthma or contact dermatitis in sensitized individuals (5-7). Based on this assessment, it is important for consumers to be aware of the composition of this fine particulate matter in the mattress which may be released into the air and has the potential for the development of respiratory or dermal hypersensitivity in some individuals.
Also included in the filed documents is an affidavit that undercuts Purple's claims about HMR's site owner being a competitor's "brand manager." This is central to Purple's Lanham Act claims -- the claims it's using to sidestep anti-SLAPP motions. The affidavit from the competitor (Ghostbed) notes HMR's site owner has never been directly employed by Ghostbed and that Ghostbed told him to stop referring to himself as its "brand manager" after noticing that statement on his Twitter profile.
The judge presiding over the case appears to have been overwhelmed by the pile of documents landing on his desk. A short order [PDF] issued on the 15th shows what can happen when a normally adversarial process is allowed to be, you know, adversarial.
For the reasons set forth in the parties’ briefing and at oral argument, the court finds a lack of “clear and unequivocal” support for a right to relief that is necessary for the entry of the “extraordinary remedy” of a preliminary injunction. Greater Yellowstone Coal v. Flowers, 321 F.3d 1250, 1256 (10th Cir. 2003). As such, the court hereby grants Defendants’ motions to dissolve the Temporary Restraining Order (Dkt. No. 36), and denies Plaintiff’s oral Motion to convert the Temporary Restraining Order into a Preliminary Injunction. The court similarly denies Plaintiff’s Motion for Leave to Conduct Expedited Discovery (Dkt. No. 39) and Motion for Order to Show Cause Why Defendants Should not be Held in Contempt (Dkt. No. 17). The court further denies Defendants’ request for sanctions, finding that such sanctions are not warranted here.
The restraining order is lifted and HMR's turd-laced post isn't in danger of being found contemptuous. The lawsuit should continue in a more constitutional fashion from this point forward.
Read More | 34 Comments | Leave a Comment..
Posted on Techdirt - 20 March 2017 @ 11:45am
It looks as though the Supreme Court may have to step in and settle a particularly thorny question involving the First Amendment, Second Amendment, national security interests, and 3D-printed weapons. Cody Wilson and his company, Defense Distributed, sued the State Department over its demands he cease distributing instructions for the creation of weapons and weapons parts.
The State Department came along too late to make much of a difference. It claimed Wilson's instructions violated international arms distribution laws, but by the time it noticed what Defense Distributed was doing, the instructions were all over the web. They still are, and no amount of litigation or government orders is going to change that.
What Defense Distributed is doing is perfectly legal in the United States. The State Department says it's illegal to put these instructions in the hands of foreign enemies. Since it can't control internet traffic, it's decided to take down the publisher.
That's the First Amendment implication, which can't really be separated from Second Amendment concerns considering the legality of distributing these instructions domestically. Last September, the Fifth Circuit Appeals Court found [PDF] in favor of the government and its national security concerns.
Because both public interests asserted here are strong, we find it most helpful to focus on the balance of harm requirement, which looks to the relative harm to both parties if the injunction is granted or denied. If we affirm the district court’s denial, but Plaintiffs-Appellants eventually prove they are entitled to a permanent injunction, their constitutional rights will have been violated in the meantime, but only temporarily. Plaintiffs-Appellants argue that this result is absurd because the Published Files are already available through third party websites such as the Pirate Bay, but granting the preliminary injunction sought by Plaintiffs-Appellants would allow them to share online not only the Published Files but also any new, previously unpublished files. That leads us to the other side of the balance of harm inquiry.
If we reverse the district court’s denial and instead grant the preliminary injunction, Plaintiffs-Appellants would legally be permitted to post on the internet as many 3D printing and CNC milling files as they wish, including the Ghost Gunner CNC milling files for producing AR-15 lower receivers and additional 3D-printed weapons and weapon parts. Even if Plaintiffs-Appellants eventually fail to obtain a permanent injunction, the files posted in the interim would remain online essentially forever, hosted by foreign websites such as the Pirate Bay and freely available worldwide. That is not a far-fetched hypothetical: the initial Published Files are still available on such sites, and Plaintiffs-Appellants have indicated they will share additional, previously unreleased files as soon as they are permitted to do so. Because those files would never go away, a preliminary injunction would function, in effect, as a permanent injunction as to all files released in the interim. Thus, the national defense and national security interest would be harmed forever. The fact that national security might be permanently harmed while Plaintiffs-Appellants’ constitutional rights might be temporarily harmed strongly supports our conclusion that the district court did not abuse its discretion in weighing the balance in favor of national defense and national security.
A lengthy dissent challenged the First Amendment implications of this decision, which brought prior restraint into play by forbidding Defense Distributed from posting new instructions, along with further distribution of plans it had already released. But the majority didn't find much it liked in the dissent -- at least not when weighing it against the government's national security interests.
The dissent argues that we “should have held that the domestic internet publication” of the technical data at issue presents no “immediate danger to national security, especially in light of the fact that many of these files are now widely available over the Internet and that the world is awash with small arms.” We note the following:
(1) If Plaintiffs-Appellants’ publication on the Internet were truly domestic, i.e., limited to United States citizens, there is no question that it would be legal. The question presented in this case is whether Plaintiffs-Appellants may place such files on the Internet for unrestricted worldwide download.
(2) This case does not concern only the files that Plaintiffs-Appellants previously made available online. Plaintiffs-Appellants have indicated their intent to make many more files available for download as soon as they are legally allowed to do so. Thus, the bulk of the potential harm has not yet been done but could be if Plaintiffs-Appellants obtain a preliminary injunction that is later determined to have been erroneously granted.
(3) The world may be “awash with small arms,” but it is not yet awash with the ability to make untraceable firearms anywhere with virtually no technical skill. For these reasons and the ones we set out above, we remain convinced that the potential permanent harm to the State Department’s strong national security interest outweighs the potential temporary harm to Plaintiffs-Appellants’ strong First Amendment interest.
The majority also pointed out the government can violate the First Amendment in the interest of national security, and that this court in particular seemed inclined to let it.
Defense Distributed asked for an en banc rehearing. That has been denied [PDF]. This denial gives the dissent the chance to lead off (so to speak), and the first thing it does is point out the obvious First Amendment violations.
The panel opinion’s flawed preliminary injunction analysis permits perhaps the most egregious deprivation of First Amendment rights possible: a content-based prior restraint. [...] First, the panel opinion fails to review the likelihood of success on the merits—which ten of our sister circuits agree is an essential inquiry in a First Amendment preliminary injunction case. Second, the panel opinion accepts that a mere assertion of a national security interest is a sufficient justification for a prior restraint on speech. Third, the panel opinion conducts a fundamentally flawed analysis of irreparable harm.
As the dissent points out, the majority chose to deploy prior restraint based on little more than the government's vague claims of insecurity.
The Government contends that the gun designs at issue could potentially threaten national security. However, this speculation falls far short of the required showing under Bernard and Nebraska Press, showing neither the immediacy of the danger nor the necessity of the prior restraint. Allowing such a paltry assertion of national security interests to justify a grave deprivation of First Amendment rights treats the words “national security” as a magic spell, the mere invocation of which makes free speech instantly disappear.
But this is exactly what the government does: make rights disappear with its "magic spell." And the courts continue to let it do this. In this case alone, the invocation of "national security" resulted in three consecutive decisions (district court and twice at the appeals court) in favor of prior restraint.
If the Supreme Court decides to review this, there's little in its track record suggesting it will do otherwise. But there's zero chance the government will let this go unregulated, even if the Supreme Court grants Defense Distributed a permanent injunction against the State Department. The government needs to have this threat of prosecution to hang over the head of Defense Distributed, as well as others with similar interests.
If this appears to operate in an area existing legislation can't touch, additional legislation will be introduced to address it. That may result in the government pressing ISPs into service to regulate internet traffic -- spying on users to catch them in the act of distributing illegal gun manufacturing plans. We'll have a Border Patrol but for the internet, maintained by private companies but overseen by the government.
It's not that there aren't potentially-serious repercussions from the distribution of 3D-printed gun plans. There's lots to be concerned about, but the concerns aren't new ones. Untraceable guns end up in the hands of people who aren't supposed to have them all the time. Printing one at home isn't a feasible reality for most people, especially those whose income and expertise are limited, which is most of the world.
Rights aren't sold separately. They're a bundle. The multiple opinions in this case have mostly ignored the Second Amendment implications in favor of examining the First. But those should be considered as well. If it's legal to manufacture these parts in the US, the State Department's order overreaches. Its concerns about worldwide distribution may be valid, but it's impossible to prevent this distribution without preventing Americans from doing something their government has told them it's ok to do.
Read More | 63 Comments | Leave a Comment..
Posted on Techdirt - 20 March 2017 @ 9:28am
If all else fails, blame the millennials.
[T]he former head of the CIA has a theory about a possible root cause of the leak: Millennials.
Michael V. Hayden, who was the CIA director until 2009, said that in order for the agency to engage in the digital espionage described by the documents, the agency must “recruit from a certain demographic” — in this case, younger hackers brought on to help with these efforts.
“I don’t mean to judge them at all, but this group of millennials and related groups simply have different understandings of the words loyalty, secrecy and transparency than certainly my generation did,” Hayden told the BBC in an interview this week. “And so we bring these folks into the agency, good Americans all, I can only assume, but again, culturally they have different instincts than the people who made the decision to hire them.”
That's Hayden's response to the CIA leak, which exposed the agency's exploits and device-targeting tactics. Hayden's saying people used to trust the government more. That's what this breaks down to, even if couched in Hayden's implicit demand youngsters remove themselves from his lawn, but leave any and all government documents behind.
"Transparency" should mean what it's always meant. But "transparency" is defined by government agencies and officials harboring zero desire to engage in it. We spent years listening to Obama pat himself on the back for increased government obfuscation and secrecy, something he referred to as the "most transparent administration." The word "transparency" is meaningless in the government's hands. That's why almost anything of significance is revealed by leakers/whistleblowers routing around the "official channels."
"Secrecy" means the same thing it always has as well. The government likes it. Citizens are not quite as enthralled with government secrecy, especially considering more and more of their lives are open books. An example: anyone shot by a police officer will have their criminal record immediately delivered to the press while EMTs are still checking for a pulse. Weeks or months will pass before law enforcement agencies release the name of the officer whose gun "discharged," much less their disciplinary record.
People of all ages are likely tiring of the government's insistence on keeping secrets, even as it engages in mass surveillance, reinterprets privacy-shielding laws on the fly, builds massive biometric databases, and declares the Constitution invalid within 100 miles of the border. It's not just millennials. It's everyone.
"Loyalty" still means the same thing, too. But the government's used to receiving it unconditionally. It has spent years abusing it and is finally seeing the consequences of its actions. Millennials may be the least willing to show loyalty to a government that has already mortgaged their future, but again, this crosses all ages. Loyalty isn't something the government can demand, not when it's done as much as it has to demonstrate why it's unworthy of it.
Undeniably, leaking is easier than ever, with multiple journalistic outlets offering multiple ways for the anonymous to dump their documents and grievances. Engaging in some sort of age discrimination at the federal level isn't going to stop the flow of leaks.
What's happening now is a severely-broken system reaching its apotheosis. With someone else in the Oval Office, we likely wouldn't be seeing nearly as many leaks. Almost as soon as the administration makes a claim (or a tweet), a leaked document or comment refutes it. Agencies are going rogue. Confidential conversations with administration officials are being discussed on social media by those involved in them.
Trump's tweets about subjects of investigations and national security-related matters show he cares just as little for secrecy or loyalty. His refusal to release information the public's been asking to see (tax returns, divestment plans, etc.) shows he cares little for transparency.
It also sets an example for others. The administration is seemingly moving from one disaster to the next without indicating it has a blueprint for the future. This helps generate even more leaks -- and not just because ill-advised moves tend to produce interesting documents and irate government employees. The leaks are continuous because no one's worried the administration will ever locate the sources. The constant flow sends a clear message: those leaking info and documents -- and there are a lot of them -- feel the President and his staff are too incompetent, or too easily-distracted, to track them down. The CIA may track down the source of the leaked documents, but it's heavily-invested in its own secrets, which has nothing to do with the hurricane of disruptive activity taking place in the White House. But those leaking info related to the current administration have little to fear.
The administration has managed to make enemies of several federal agencies. Federal agencies are amazing at stonewalling. The best. If the administration thinks it's going to get assistance rooting out leakers, it's in for yet another surprise. And the administration will continue to be unsurprisingly surprised by the resistance it faces when it shows up with guns loaded, looking for rogue messengers.
142 Comments | Leave a Comment..
Posted on Techdirt - 20 March 2017 @ 6:30am
There's something to be said for an informed electorate, although it really shouldn't be elected officials advocating for it. They'd benefit least from people knowing more about sausage and the making thereof. And legislators definitely shouldn't be robbing the First Amendment to pay for better information, as a few California lawmakers are attempting to do.
A new bill, pointed out by the EFF's Dave Maass, seems to be a response of sorts to "fake news" and other political detritus of this highly-partisan system. Ostensibly, the bill is aimed at keeping voters from being misled on issues that affect them. The problem is, this bill would allow the government to determine what is or isn't misleading and apply to a citizen's social media posts, blog, etc.
California's existing "political cyberfraud" law (yes, really) already contains wording that forbids cybersquatting, misleading redirects, and otherwise tricking internet users who are seeking information on ballot measures. The existing law is more concerned with acts along the lines of false impersonation and deliberate fraud. The amendment, however, isn't. It adds a couple of new aspects, both making the bad law worse.
First, the law would no longer be limited to "cyberfraud" related to pending ballot measures. It would expand to protect political candidates from being bested by wily web denizens. Where it really goes downhill is this new clause, which criminalizes even more speech.
Section 18320.5 is added to the Elections Code, to read:
It is unlawful for a person to knowingly and willingly make, publish or circulate on an Internet Web site, or cause to be made, published, or circulated in any writing posted on an Internet Web site, a false or deceptive statement designed to influence the vote on either of the following:
(a) Any issue submitted to voters at an election.
(b) Any candidate for election to public office.
With this law, opinions and misinterpretations of ballot measures/candidates' political stances are now illegal acts. The law goes further than simply punishing the writer of false statements. It also aims to punish publishers (which could be read as punishing hosts who would normally be protected by Section 230) and anyone who shares the newly-illegal content. If anything in the original post hints of political leaning, it can be construed as "designed to influence the vote," which would make most heated political discussions a breeding ground for criminal communications.
It would seem the "victims" listed in the proposed amendment aren't really in need of a free speech-abusing law. If California's government doesn't like the tone of online posts about ballot measures, it has plenty of opportunities (and numerous platforms) to set the record straight. Worse, it gives the government the power to shut down speech it doesn't agree with under the pretense preventing voters from being misled.
As for political candidates, they rarely suffer the problem of having too little speech. Bullshit can be countered with more speech, a rhetorical weapon everyone has access to, but political candidates in particular tend to be especially well-equipped in this department.
How the original law managed to survive a constitutional challenge remains a mystery. This addition has zero chance of being found constitutional if it somehow manages to become law.
49 Comments | Leave a Comment..
Posted on Techdirt - 17 March 2017 @ 7:39pm
The First Amendment Lawyer's Association (FALA) is hoping to end the California Attorney General's crusade against Backpage. The website has already ceded ground in the face of constant criticism, investigations, and legal threats. Earlier this year, it shuttered its adult ads rather than continue to bleed money and time defending itself against bogus prosecutions and investigations.
Former California Attorney General Kamala Harris -- who blew off court decisions against her office to continue to prosecute Backpage -- has now moved on to the US Senate. But just because Harris has moved on doesn't mean the local AG's office isn't going to continue with Harris' unfinished business.
The letter from FALA is covered (but not published[?]) by Elizabeth Nolan Brown at Reason.
On March 14, FALA—a nonprofit membership association launched in the late '60s that has boasted some of the country's top constitutional lawyers—sent a letter to Becerra condemning "the abusive prosecution of individuals associated with the online classified advertising website Backpage.com, and also the use of expansive search warrants seeking vast amounts of constitutionally-protected material, including personally identifiable information about all of the website's users." In the letter, FALA President Marc Randazza says he can identify "no theory under the First Amendment that would countenance such an abusive use of prosecutorial discretion or such a dragnet demand for information."
The letter points out the flaws of the AG's case against Backpage. Not only does it do damage to protected speech, but it ignores Section 230 protections in the ongoing quest to punish the site's owners for the actions of its users.
On top of that, there's the overbreadth of prosecutors' demands for info from the site. Not content to steamroll the First Amendment, the office also made a mockery of the term "investigation." From the letter:
We have learned that a subpoena was served on Backpage.com that calls for the production of massive amounts of information for a several-year period, including copies of all advertisements posted (in all content categories), all billing records, the identities of all of the website's users and their account histories, all internal communications, and even the source code for the operation of the website.
As FALA points out, this sounds a whole lot like the colonial-era "general warrants" -- the same ones our government sought to eliminate with the Fourth Amendment.
On the plus side, the new California Attorney General has pledged to protect civil liberties. FALA's hoping that pledge extends to Kamala Harris' unfinished business.
34 Comments | Leave a Comment..
Posted on Techdirt - 17 March 2017 @ 10:45am
The standard for warrants is probable cause. The warrant obtained by Edina, MN police doesn't even approach reasonable suspicion. In its attempt to locate the person behind a fraudulent bank transfer, the Edina police have asked Google to bring them everyone, as public records enthusiast Tony Webster reports.
A Minnesota bank received a call in January from who they thought was Douglas, their customer, asking to wire transfer $28,500 from a line of credit to another bank. To verify the transaction, the bank relied on a faxed copy of his passport. But it wasn’t him, the passport was fake, and the transfer request was fraudulent.
The Edina Police Department figured out that while searching Google Images for the victim’s name, they found the photo used on the fake passport, and investigators couldn’t find it on Yahoo or Bing. So, they theorized the suspect must have searched Google for the victim’s name while making the fake passport.
Edina Police Detective David Lindman detailed this theory in an application for a search warrant filed in early February, asking the Court to authorize a search warrant for names, email addresses, account information, and IP addresses of anyone who searched variations of the victim’s name over a five-week period of time.
Supposedly, the warrant [PDF] limits Google's search for searches to the Edina area, but that puts Google in the position of determining who was located where when these searches were made. Not that Google is likely to fulfill this request, warrant or not. There's nothing approaching probable cause in the warrant -- just the minimum of "detective" work that failed to uncover similar images in response to search terms at Yahoo and Bing.
Incredibly, this isn't the Edina PD's first attempt to obtain search results and the identifying information associated with them. In the warrant, Detective David Lindman notes he'd already served Google with an administrative subpoena, which Google rejected because it demanded content rather than transaction records.
Detective Lindman apparently feels Google's rejection was BS.
Though Google Inc.'s rejection of this administrative subpoena is arguable, your affiant is applying for this search warrant so that the investigation of this case does not stall.
I'm guessing Google's not going to be sending anything in response to this warrant, either. This is likely to be challenged by the company. If it isn't, anything turned over to the Edina PD will be highly suspect in terms of admissible evidence. There's no probable cause contained in the warrant application -- only the theory that any information obtained might help the investigation move forward.
Will this lead to Edina officers raiding homes because someone searched for the name "Douglas [REDACTED]" during the specified time period? Quite possibly. It obviously won't take much effort to get those warrants signed, not if judges are willing to turn law enforcement wishes into reality, without asking for anything (like actual probable cause) in return.
Read More | 27 Comments | Leave a Comment..
Posted on Techdirt - 17 March 2017 @ 3:40am
The DHS and CBP have both taken a healthy interest in travelers' social media posts. The DHS head even suggested withholding this information would no longer be an option -- that demands for account passwords were on the way. (Considering the government can search every person and their electronic devices at the border, demands for social media info would seem to be mostly redundant...) The underlying premise is this would give the US a jump on incoming terrorists by checking travelers' posts against a list of troublesome terms.
This isn't a welcome development, but the federal government continues to be its own worst enemy. You can't fear what can't be deployed competently. The DHS isn't going to stop trying to hoover up social media posts as part of the vetting process, but as a just-released Inspector General's report [PDF] points out, it may be several years before this vetting program operates in any sort of useful fashion. (via The Register)
[T]hese pilots, on which DHS plans to base future department-wide use of social media screening, lack criteria for measuring performance to ensure they meet their objectives. Although the pilots include some objectives, such as determining the effectiveness of an automated search tool and assessing data collection and dissemination procedures, it is not clear DHS is measuring and evaluating the pilots’ results to determine how well they are performing against set criteria.
It appears the DHS has only a vague grasp on what it's looking for in a social media harvesting program. Combining this with a lack of useful metrics means the agency has been throwing algos at the wall and hoping one sticks. Of course, deciding which one has "stuck" also appears to be out of the agency's technical reach.
USCIS started a pilot in December 2015 to screen the social media accounts of [REDACTED] and [REDACTED] applicants for [REDACTED] status. The pilot’s objective was to examine the feasibility of using social media screening with an automated search tool called [REDACTED] and determine whether useful information for adjudicating refugee applications could be obtained. Although the pilot had an objective, it did not define what would constitute a successful outcome…
As the OIG points out, the absence of any metric meant there was no way to know if the program was successful or not. All the DHS determined is that a redacted number of those screened had "confirmed social media accounts," something the agency could likely have achieved without deploying the unnamed "automated search tool." [Google?]
The next pilot program went live in April 2016. It, too, had the same lack of quantifiable results or stated goals.
The applicants were asked to voluntarily give their social media user names. USCIS then screened the user names against [REDACTED] using the [REDACTED] tool; USCIS also manually screened the user names against [REDACTED]. USCIS assessed identified accounts to determine whether the refugees were linked to derogatory social media information that could impact their eligibility for immigration benefits or admissibility into the United States. Using the tool and manual screening, USCIS identified [REDACTED] individuals with confirmed social media accounts and [REDACTED] individuals with unconfirmed accounts. In reviewing the pilot, USCIS concluded that the tool was not a viable option for automated social media screening and that manual review was more effective at identifying accounts.
USCIS said this tool delivered results with "low match confidence," but did not bother measuring the program's success or lack thereof against anything that might have helped choose an algorithmic successor. Meanwhile, ICE was testing its own search tool. Like the rest of the agencies, it also failed to implement anything that might have quantified the tool's usefulness. While it did draft up some prerequisites and metrics, it failed to develop a plan for moving the program forward or even apply the metrics to the pilot program's results. ICE's tool, however, sounds more invasive than the others discussed in the report. Not only would this be used to screen applicants, but would provide post-screening "monitoring" of flagged accounts.
The OIG recommends these agencies do all the things they're not currently doing, instead of wasting time and money deploying software solutions without any apparent attempt to determine if they're capable of solving the government's social media "problem." This doesn't mean social media snooping is on hold. Lord no. It just means it's being done badly by multiple agencies, all of them more interested in the snooping than the snooping's usefulness.
Read More | 17 Comments | Leave a Comment..
Posted on Techdirt - 16 March 2017 @ 3:28am
A couple of years ago, the Freedom of the Press Foundation sued the DOJ over its refusal to release its secret rules governing spying on the nation's journalists. This was prompted by revelations the FBI had used National Security Letters to obtain information on AP and Fox News journalists. The DOJ then issued new rules on the do's and don'ts of surveilling journalists, but once again (a) redacted them into uselessness and (b) granted the FBI an NSL exception, undercutting the entire point of the recrafted rules.
The OIG report -- in which the Inspector General disputed the DOJ's extensive redactions -- still has yet to be released in a less-redacted form. Sadly, it now appears it will never be any less redacted than the unintelligible mess the DOJ handed over a few years ago. A federal judge has sided with the government, finding its investigative techniques and methods are too sensitive to be handed over to the public, much less journalists it may or may not have surveilled using NSLs. (h/t Trevor Timm, Mike Scarcella)
Underlying everything is the government's barely-contested assertion that these rules contain information of national security interest. It's a handy assertion because it means the DOJ doesn't even have to explain why the redactions it made are relevant to its national security claims. From the opinion [PDF]:
Recognizing the Court’s “limited institutional expertise on intelligence matters,” the Court accords substantial weight to Hardy’s representation that “any greater specificity in the descriptions and justifications . . . could reasonably be expected to jeopardize the national security of the United States.” Hardy Decl. ¶ 46. In the area of national security, “it is conceivable that the mere explanation of why information must be withheld can convey valuable information to a foreign intelligence agency.”
This same argument appears later in the decision when dispensing of the plaintiff's challenge to yet another FOIA exception deployed by the FBI:
[T]he Court finds Defendant has met its burden and properly withheld documents under Exemption 7(E) for all five categories of documents. Defendant described with particularity that the withheld documents all contained non-public information about the FBI’s investigative techniques and procedures. These pages not only identified NSLs as an investigative technique, but also described information such as the circumstances under which the techniques should be used, how to analyze the information gathered through these techniques, and the current focus of the FBI’s investigations. As in Hamdan, the Court concludes that the declarations, which state that further detail would “reveal the very information it seeks to protect,” are sufficient to satisfy Defendant’s burden.
The court's also uninterested in double-checking the DOJ's secrecy assertions. As always, the court has the option to review contested documents behind closed doors (and away from plaintiffs) to see if the government's claims of national security/investigative concerns are valid. The court here declined to exercise this privilege.
The Court finds that in camera review is unnecessary here as Defendant already provided sufficiently detailed factual information in support of its exemptions in the Hardy Declarations and Vaughn Index.
The FBI is still free to use NSLs to obtain information -- including call records -- about journalists. The DOJ may have reined in other options, but NSLs have always been the FBI's go-to form when it's stymied by the FISA court, magistrate judges, or internal guidelines. Nothing about that will change. As for what's actually changed at the DOJ as a result of this public outing of journalist surveillance, the public apparently can't be trusted with that information.
Read More | 16 Comments | Leave a Comment..
Posted on Techdirt - 15 March 2017 @ 5:09pm
In the fall of 2015, privacy activist Phil Mocek and the Center for Open Policing sued the city of Tacoma for its response to a request for Stingray documents. The documents Mocek obtained were heavily-redacted, despite there being several mostly-unredacted versions of the FBI's Stingray non-disclosure agreement already in public circulation.
(This would be the standard NDA the FBI appends to every Stingray purchase by local law enforcement agencies -- one that says all public records requests should be forwarded to the feds and encourages locals to toss cases rather than expose Stingray use. It's also the same contract the FBI was shocked to hear agencies were complying with after signing on the dotted line to take ownership of their new cell tower spoofers.)
The lawsuit was filed under the state's open records law, with Mocek challenging the Tacoma PD's use of the "investigative records" exemption to withhold significant amounts of a mostly bog-standard nondisclosure agreement. As was noted back then, the continued withholding of this information could become costly (for taxpayers): the state's public records law allows for fines of $500/day for violations.
The court has spoken and the Tacoma PD's excessive secrecy is indeed going to cost residents a chunk of change.
The city of Tacoma will pay a $50,000 fine as well as legal fees for violating the Public Records Act by withholding most of a nondisclosure agreement it signed to obtain cellphone surveillance equipment commonly known as a Stingray.
In an order signed Friday, Pierce County Superior Court Judge Frank Cuthbertson said the city’s redactions violated state law.
He ordered Tacoma to pay $100 a day for every day the city “wrongfully withheld the unredacted NDA from June 21, 2014, until November 3, 2015, when the city provided this record to plaintiffs,” a penalty period of 500 days. The penalty is the maximum allowable under state law.
The judge determined the exemption cited was improper and withholding large amounts of contractual language served no conceivable law enforcement purpose. The city blamed the FBI for its lavish deployment of black toner. Presumably, the FBI will push back, stating it expects no one to uphold the terms of an agreement it forces them to sign before they can acquire the devices.
This unjustified secrecy is going to hurt the city (and its taxpaying residents) a few more times. The Tacoma New Times points out there are several pending lawsuits dealing with the same Stingray documents, including one filed by the ACLU. The city says it won't seek reimbursement from the federal government for fines and fees, but maybe it should, especially if it's going to blame the FBI for the Tacoma PD's secrecy. This actually sounds like a "good faith" attempt to respect the terms of its agreement with the FBI. The FBI got the secrecy it wanted -- at least temporarily. The least it can do is offer to cover the damages of the NDA it says everyone must sign, but apparently doesn't expect anyone to follow.
4 Comments | Leave a Comment..
Posted on Techdirt - 15 March 2017 @ 10:51am
The DOJ is still fighting a lawsuit over the iPhone exploit the FBI purchased to access the (worthless) contents of a phone used by a participant in the San Bernardino shooting. FBI director James Comey and the DOJ made comments at the time stating a couple of things:
1. The phone crack was expensive.
Specifically, Comey said that buying the exploit from this group cost the FBI "more than I will make in the remainder of this job, which is seven years and four months, for sure." Comey makes $185,100 per year at his job, implying that buying the exploit cost at least $1.3 million or so.
2. The phone crack only applied to a small subset of iPhones.
A DOJ spokesperson says... the crack only applied to iPhone 5C devices.
These statements are being wielded against the DOJ by the new agencies bringing this FOIA lawsuit. The DOJ isn't happy seeing the FBI director's words (along with its own) being used to undermine its arguments: namely, that almost nothing about the iPhone exploit can be revealed without ripping holes in the national security fabric or nullifying the FBI's intelligence-gathering techniques.
In its latest filing [PDF] in the lawsuit, the DOJ seemingly contradicts itself while arguing against revealing the contractor's name or even the amount paid for the iPhone crack. (h/t Brad Heath)
Plaintiffs remaining objection is unavailing. They claim that the iPhone tool itself is of no current value. See Opp’n at 15-16 (“Acceptance of the FBI’s argument would also require this Court to ignore that the FBI has been exceedingly public about the fact that the tool applies only to a specific model of phone (the iPhone 5c) running a specific, and already outdated, operating system (iOS9). Were adversaries on the hunt for actually effective countermeasures, they need only to heed [Director] Comey’s public statement and simply use a different kind of phone, or a different operating system.”) (citation omitted). But this argument is unvarnished speculation about the efficacy of this intelligence tool – and this Circuit has made exceedingly clear that such speculation cannot defeat an agency’s summary judgment claim.
Someone's assertions are wrong. Either the DOJ was lying when it said it would only work on certain iPhones, or it's lying now to protect its secrecy by implying the purchased exploit is usable on other iPhones.
The DOJ clarified last spring the exploit affected any iPhone 5c and wasn't limited to those running iOS9. But even if that clarification is applied to its arguments in this lawsuit, this paragraph stills points to someone at the DOJ being dishonest. The counterargument that people wishing to prevent the FBI from accessing their phone's contents could just switch to a newer iPhone still applies. And that's the part the DOJ is calling "unvarnished speculation."
Of course, the plaintiffs are in the unfortunate position of having little more than unvarnished speculation to work with. Some documents pertaining to the purchased iPhone crack have been released, but have been almost completely redacted, save for some standard contractual language of no informational value. The DOJ is leveraging information it doesn't want to release to argue against being forced to release it. That's certainly convenient for the DOJ, as are any of its intelligence gathering arguments, which grant it the power to dispel questions about over-redaction without having to explain its side of the issue.
Thus, while the identity of the vendor may not itself be an intelligence source or method, see Opp’n at 18, releasing that information leads “logically or plausibly” to information about the intelligence source or method, see Judicial Watch, 715 F.3d at 941, and is thus exempt from disclosure under Exemption 3. That is particularly true in light of the “considerable deference” owed to the FBI in this context. Leopold, 106 F. Supp. 3d at 58; see also Ctr. for Nat’l Sec. Studies v. Dep’t of Justice, 331 F.3d 918, 927 (D.C. Cir. 2003) (“[W]e have consistently deferred to executive affidavits predicting harm to the national security, and have found it unwise to undertake searching judicial review.”). Accordingly, the FBI has appropriately applied Exemption 3 to these two pieces of information.
A version of this argument just helped the DOJ keep its journalist-surveilling secrets hidden from journalists (it possibly surveilled) in another FOIA lawsuit. Chances are, the court will side with the FBI and its national security assertions. Unfortunately, the DOJ's contradictory statements aren't on trial here -- just its broad assertions about national security and intelligence-collecting methods, both of which appear to be so easily compromised it can't even let the country know how much it paid to crack a single iPhone.
Read More | 4 Comments | Leave a Comment..
Posted on Techdirt - 15 March 2017 @ 9:30am
New York state legislators apparently think the state's so cosmopolitan it may as well be Europe. As Adam Steinbaugh points out on Twitter, though, local comparisons aren't nearly as flattering.
[If you can't read/see the tweet]
New York legislature working diligently on overtaking California and Arizona on demonstrating least understanding of the First Amendment
There's nothing like being negatively compared to Arizona (remember the short-lived "First Amendment-protected activity is against the law" bill?) to take the gloss off the latest legislative ridiculousness. A new bill in the state legislature would make New York an outlier in constitutional protections (or no, it wouldn't, because it wouldn't survive a constitutional challenge, but for the sake of argument…). For no conceivable reason, the bill seeks to implement a New York-located "right to be forgotten." How that's supposed to work out when it's not the law in the other 49 states remains unexplained.
§ 50-f. Right to be forgotten act.
1. Upon the request from an individual, all search engines, indexers, publishers and any other persons or entities that make available, on or through the internet or other widely used computer-based network, program or service, information about the requester, shall remove information, articles, identifying information and other content about such individual, and links or indexes to any of the same, that is "inaccurate", "irrelevant", "inadequate" or "excessive" within thirty days of such request, and without replacing such removed information, article or content with any disclaimer, takedown notice, hyperlink, or other replacement notice, information or content, or cooperating with any other person or entity who does any of the foregoing. For purposes of this section, "inaccurate", "irrelevant", "inadequate", or "excessive" shall mean content, which after a significant lapse in time from its first publication, is no longer material to current public debate or discourse, especially when considered in light of the financial, reputational and/or demonstrable other harm that the information, article or other content is causing to the requester's professional, financial, reputational or other interest, with the exception of content related to convicted felonies, legal matters relating to violence, or a matter that is of significant current public interest, and as to which the requester's role with regard to the matter is central and substantial.
This is a horribly-written, horribly-broad, no good, terrible-all-around proposal. I have no idea what sort of information could be described as "inadequate" or "excessive," and the chances are information that's truly "irrelevant" will sink to the bottom of search engine rankings soon enough.
The bill does not define any of these terms (well... not in any meaningful way), nor does it address how information that fits its inadequate definitions will be removed from the web when a great deal of hosting services lie far outside the law's jurisdiction.
On top of that, there's the question of what's "material to public debate/discourse." Who gets to decide what's still material? The person bringing the complaint? If so, the law is entirely subjective and provides no affirmative defense for those facing charges/fines under the law. It's as if the legislators crafting this law looked at the DMCA and decided it just wasn't abusable enough. Citizens clearly deserve a second, more streamlined route for the removal of criticism, unflattering photos, or whatever doesn't further the marketing of a person's brand.
Then there's the prior restraint. (This bill is truly breathtaking in its sheer level of unconstitutional shittiness.) The law forbids those served with a "right to be forgotten" order from discussing the government's content removal demands.
...without replacing such removed information, article or content with any disclaimer, takedown notice, hyperlink, or other replacement notice, information or content, or cooperating with any other person or entity who does any of the foregoing.
It's not just prior restraint on those served with an order. It's prior restraint that effectively silences everyone in the law's jurisdiction. Site A's order and subsequent content removal can't be discussed anywhere on that site. And Site A can't point to other sites discussing Site A's content removal, even if these other sites lie outside the law's jurisdiction.
This bill should -- if there's any amount of brain activity in the NY legislature -- die a swift and unceremonious death. But nothing this bad stays dead forever. It will return in some other shape or form months or years later because some people truly believe information doesn't want to be free -- it wants to be forgotten.
48 Comments | Leave a Comment..
Posted on Techdirt - 15 March 2017 @ 3:25am
The ATF's sting operations have already drawn plenty of criticism. Not from law enforcement agencies who partner up with the ATF for easy busts or the DOJ which oversees them, but from almost everyone else, including federal judges. These stings result in government-made criminals who are led by undercover agents towards robbing fake stash houses of nonexistent drugs, cash, and weapons. The fun thing about the nonexistent drugs is it can be whatever amount ATF agents say it is. And that amount of drugs -- that exists nowhere but in the imagination of federal agents -- is used to determine lengths of sentences.
Judge Gerald McHugh trimmed back a sentence given a defendant caught in an ATF stash house sting, pointing out the crooked system allows prosecutors to play judge, jury and executioner -- all before the case even lands in court. As the judge notes, he has never run into a sting prosecution where the imaginary drug stash was below the statutory guideline triggering the longest sentences.
From my review of reported cases nationwide, I have not identified any investigation where the specified amount of cocaine in the fictional stash house was less than 5 kilograms. By statute, 21 U.S.C. § 841(b)(1)(A), 5 kilograms is the amount that triggers exposure to a 20-year mandatory minimum sentence.
Judge Otis Wright was even less kind, pointing out the government's standard operating procedure of goading desperate people into committing fake crimes that result in lengthy sentences. The feds then dangle plea bargains above their heads, hoping defendants will take the less onerous offer and skip the courtroom proceedings where the details of the stash house sting might be examined by skeptical judges and juries.
The end result of these stings? Nothing but people being locked up.
Zero. That’s the amount of drugs that the Government has taken off the streets as the result of this case and the hundreds of other fake stash-house cases around the country. That’s the problem with creating crime: the Government is not making the country any safer or reducing the actual flow of drugs. But for the Government’s action, the fake stash house would still be fake, the nonexistent drugs would still be nonexistent, and the fictional armed guards would still be fictional.... Instead, the Government comes close to imprisoning people solely because of their thoughts and economic circumstances rather than their criminal actions.
The other ugly truth about these sting operations is their consistent targeting of minorities.
A recently unsealed study by a nationally renowned expert concluded that ATF showed a clear pattern of racial bias in picking its targets for the drug stings. The disparity between minority and white defendants was so large that there was "a zero percent likelihood" it happened by chance, the study found.
The vast majority of those swept up in the stings in Chicago were minorities, and a close examination of the criminal backgrounds of some of those targeted raises questions about whether they were truly the most dangerous gun offenders whom ATF was aiming to remove from the street.
The ATF should be in the business of removing dangerous individuals from circulation. Instead, it preys on the less fortunate. Much like the FBI's continued material support of handcrafted terrorists, the ATF frequently has to provide the means, motive, plan, and pretty much everything else that might be required to rob a stash house.
Some had trouble even coming up with guns to do the job — including one crew that after months of preparation managed to find only one World War I-era pistol with a broken handle that could barely fire a round. Others had no history of carrying out high-risk armed robberies — a key provision in the ATF playbook designed to make sure targets were legitimate, defense lawyers argued in recent court filings.
Drugs aren't being taken off the streets. The only weapons being seized are the ATF's. And plenty of truly dangerous people are still walking around while the ATF pushes minorities with money problems into plans composed of pure bullshit.
This poses more problems for the DOJ. It will at least have to defend itself against some new lawsuits in the future. Trump's DOJ may be less concerned about civil liberties violations than his predecessor, but his DOJ still has to answer for past violations.
This new report echoes Brad Heath's 2014 research into stash house stings.
At least 91% of the people agents have locked up using those stings were racial or ethnic minorities, USA TODAY found after reviewing court files and prison records from across the United States. Nearly all were either black or Hispanic. That rate is far higher than among people arrested for big-city violent crimes, or for other federal robbery, drug and gun offenses.
The ATF operations raise particular concerns because they seek to enlist suspected criminals in new crimes rather than merely solving old ones, giving agents and their underworld informants unusually wide latitude to select who will be targeted. In some cases, informants said they identified targets for the stings after simply meeting them on the street.
The sad fact is it takes the private sector to put this damning information together. The ATF likes its easy busts and it likely knows its practices reek of racial bias. That's the only reasonable explanation for its deliberate avoidance of any sort of record keeping.
The ATF said it could not confirm those figures because the agency does not track the demographics of the people it arrests in stash-house cases.
Despite its lack of tracking, the ATF insists it's not participating in discriminatory behavior. It has nothing to offer in its defense, but it continues to insist it's doing the Lord's work with its stash house stings.
Current and former ATF officials insist that race plays no part in the operations. Instead, they said, agents seek to identify people already committing violent robberies in crime-ridden areas, usually focusing on those who have amassed long and violent rap sheets.
"There is no profiling going on here," said Melvin King, ATF's deputy assistant director for field operations, who has supervised some of the investigations. "We're targeting the worst of the worst, and we're looking for violent criminals that are using firearms in furtherance of other illegal activities."
The research available directly contradicts these statements. It's not just independent researchers who have noticed the profiling and the general uselessness of the sting operations. As was noted above, federal judges have arrived at the same conclusions. And federal judges have access to documents the DOJ refuses to release to FOIA requesters as well as the contents of cases still under seal.
More information continues to be pried from the DOJ's grip, thanks to discovery requests in stash house prosecutions. Everything that's been uncovered points to the conclusions drawn two years ago by USA Today and Brad Heath. The federal government is engaged in seriously troubling behavior, targeting poor minorities and fitting them for decades of imprisonment. And it can't even argue the end justifies the means. The drugs and weapons being "robbed" are imaginary. A stash house sting removes no drugs, no guns, and very few dangerous criminals from the streets. The ends are an illusion, meaning nothing about the means is truly justified.
98 Comments | Leave a Comment..
Posted on Techdirt - 14 March 2017 @ 10:49am
The Constitution -- which has always been malleable when national security interests are in play -- simply no longer applies at our nation's borders. Despite the Supreme Court's finding that cell phone searches require warrants, the DHS and CBP have interpreted this to mean it doesn't apply to searches of devices entering/leaving the country.
For the past 15 years, the government has won 9/10 constitutional-violation edge cases if they occurred within 100 miles of our borders -- a no man's land colloquially referred to as the "Constitution-free zone." But the pace of device searches has increased exponentially over the last couple of years. The "border exception" is no longer viewed as an "exception" -- something to be deployed only when customs officers had strong suspicions about a person or their devices. Now, it's the rule, as NBC News reports.
Data provided by the Department of Homeland Security shows that searches of cellphones by border agents has exploded, growing fivefold in just one year, from fewer than 5,000 in 2015 to nearly 25,000 in 2016.
According to DHS officials, 2017 will be a blockbuster year. Five-thousand devices were searched in February alone, more than in all of 2015.
Given the current state of immigration policy, this will get a whole lot worse before it gets better… if it ever does. Expanding government power is easy. Contracting it is almost impossible.
In practical terms, boots-on-the-ground travelers are being subjected to intrusive searches just because there's nothing effectual in the law to prevent it. Asserting your rights at the border is a non-starter. You simply don't have any. No one's going to be playing Twenty Quasi-Relevant Questions with travelers hoping to luck into consent. Officers and agents are seizing and searching devices by force.
A couple who had traveled to Canada twice in a period of three days were subjected to invasive device searches both time. The second time much more force was applied to ensure compliance.
Three days later, they returned from another trip to Canada and were stopped again by CBP.
"One of the officers calls out to me and says, 'Hey, give me your phone,'" recalled Shibly. "And I said, 'No, because I already went through this.'"
The officer asked a second time..
Within seconds, he was surrounded: one man held his legs, another squeezed his throat from behind. A third reached into his pocket, pulling out his phone. McCormick watched her boyfriend's face turn red as the officer's chokehold tightened.
Then they asked McCormick for her phone.
"I was not about to get tackled," she said. She handed it over.
The coercion doesn't have to be a chokehold. It can just be the fact that government agents stand between you and your home and aren't willing to let you get back to the part of the country where your rights still exist without you handing over PINs and passwords.
On February 9, Haisam Elsharkawi was stopped by security while trying to board his flight out of Los Angeles International Airport. He said that six Customs officers told him he was randomly selected. They demanded access to his phone and when he refused, Elsharkawi said they handcuffed him, locked him in the airport's lower level and asked questions including how he became a citizen. Elsharkawi thought he knew his rights and demanded access to legal counsel.
"They said if I need a lawyer, then I must be guilty of something," said Elsharkawi, and Egyptian-born Muslim and naturalized U.S. citizen. After four hours of questioning in detention, he unlocked his smartphone and, after a search, was eventually released. Elsharkawi said he intends to sue the Department of Homeland Security.
This is how certain government agents and agencies view constitutional rights: as luxuries only needed by people with something to hide. This mindset -- combined with Trump's "gloves off" approach to immigration enforcement -- helps explain the 5,000 device searches in the last 30 days. Device searches were always considered intrusive, despite the Constitution-free aspect of US borders. These were saved for criminal suspects and watchlisted travelers. Now, it's everyone.
The only good news to come out of this is a potential change in applicable laws. Sen. Ron Wyden is introducing a bill to create a warrant requirement for device searches at the border. Unfortunately, it's being introduced into an ecosystem now streamlined to reject affirmations of existing rights. If it somehow makes it to the President's desk without being amended into uselessness, there's almost zero chance Donald Trump won't veto it. Given the current makeup of Congress, it's unlikely there's enough support for a bill that might give "bad hombres" more rights to override a veto.
94 Comments | Leave a Comment..
Posted on Techdirt - 14 March 2017 @ 8:33am
Like many bad laws, I'm sure this bill lying on the Utah governor's desk has its heart in the right place. But, like many bad laws, its head is completely up its ass. Eugene Volokh reports there's Yet Another Cyberbullying Bill on the threshold of passage. Like many that have come before it, it's full of constitutional issues and easily-abusable language.
Here’s Utah SB118, which passed both houses of the legislature unanimously and is awaiting the governor’s signature:
A person is guilty of electronic communication harassment and subject to prosecution in the jurisdiction where the communication originated or was received if with intent to intimidate, abuse, threaten, harass, frighten, or disrupt the electronic communications of another, the person: …
(e) electronically publishes, posts, or otherwise discloses personal identifying information of another person, in a public online site or forum, without that person’s permission.
This sounds like it's meant to deter doxing. But that's only if you don't read the section detailing "personal identifying information," which includes such innocuous items as "names" or "photos." In between everything else no one should be posting online without that person's permission (Social Security number, driver's license number, "electronic identification number," etc.) are bits of "personal information" that could criminalize a great number of social media posts.
So if someone posts something in Utah that is intended to insult a politician or engages in “excessive and unfounded criticism, humiliation, and denigration” of the politician, that would be a crime — it would be “electronically … post[ing]” “personal identifying information” (the target’s name) without his permission and with the intent to “abuse” (or perhaps “harass,” especially if one does it several times). After all, “personal identifying information” may include a person’s name.
Likewise if someone sharply condemns some government official, indicating the place where the official works (e.g., “Judge X in Courthouse Y is biased and incompetent”). Likewise if someone illustrates an article harshly critical of some official, businessperson, celebrity or anyone else with the person’s photograph.
To their credit, legislators at least trimmed back a bit of the broad language before passage, keeping it from criminalizing posts that merely "annoyed" or "offended" complainants. But what's left in it still carries huge potential for abuse. And it will be abused if allowed to pass. It won't protect the hundreds of people who've been targeted, harassed, and doxed, but it will give the powerful yet another tool to deploy to shut down critics. It won't be normal citizens availing themselves of this law first. It will be politicians, government officials, law enforcement officers -- basically anyone with more power than skin thickness.
Hopefully, it will be vetoed. But it received support from both sides of Utah's legislature, and Utah's government has been known to humor laughable/harmful legislation with alarming frequency. Should it receive the governor's signature, it will swiftly find itself on the receiving end of a temporary restraining order while the state's court determines its constitutionality. As written, it's unlikely to survive this scrutiny.
23 Comments | Leave a Comment..
Posted on Techdirt - 14 March 2017 @ 3:22am
The problem with bad laws (well, ONE problem) is they'll need to be enforced at some point. Legislators pass laws out of fear, boredom, or a desire to look busy. They'll pass laws to push personal agendas and closely-held beliefs. They'll pass laws in response to bizarre tragedies so unique they can't be found in expanded actuarial tables or at the behest of favored industry leaders. Every so often, they'll even pass laws citizens are demanding. But far too often, they'll just pass laws because they're legislators and it's right there in the job description.
They'll pass laws with zero regard for enshrined rights or their consitutents' civil liberties… like this Tennessee law which almost seems constitutional if no one examines it too closely. (via Adam Steinbaugh)
To avoid distracting other drivers and thereby reduce the likelihood of accidents arising from lack of attention or concentration, the display of obscene or patently offensive bumper stickers, window signs, or other markings on a motor vehicle which are visible to other drivers is prohibited and display of such materials shall subject the owner of the vehicle on which they are displayed, upon conviction, to a fine of not less than two dollars ($2.00) nor more than fifty dollars ($50.00).
The catch here is offensive speech can still be protected speech while obscenity cannot. The state attorney general's office felt the law was perfectly consititutional, even as it was amended further to prevent the showing of "obscene or patently offensive movies" in vehicles if the content could be viewed outside of the vehicle. (My apologies. I have no idea what incident prompted this amendment, but I would imagine it would involve another driver or passerby being shocked, shocked! at the content being viewed by another driver in their own car.)
It even believes this law is constitutionally-sound despite paragraphs it included in its recommendation that clearly show this law actually ISN'T constitutional.
The Supreme Court has held that the police powers of the state permit the regulation of the display of obscene materials, including movies, and established the following test for judging whether material is obscene: (1) whether "the average person, applying contemporary community standards" would find that the work, taken as a whole, appeals to the prurient interest; (2) whether the work depicts or describes, in a patently offensive way, sexual conduct specifically defined by the applicable state law; and (3) whether the work, taken as a whole, lacks serious literary, artistic, political or scientific value.
As the AG clearly stated in 2004, it could regulate obscenity. What it can't do is regulate mere offensiveness. It has to hit a pretty high bar to do so. The question is: does this window decal clear that bar?
This is why laws should be carefully crafted. This decal was applied to a man's car by his brother as a joke. And it's clearly a lowbrow parody of all those stick figure family decals, but for those who are more interested in the act of procreation.
A Metro police officer apparently didn't like the decal. Luckily, the Metro police had the (bad) law on its side. And a hint of Nuremberg in its press statement.
Channel 4 reached out to Metro police who said they don't make the laws, they simply enforce them.
It's not a law that needs much enforcement, fortunately.
Since 2011, Metro police have only cited four other people with violating the state's obscene sticker law.
Actually, this indicates that it's a law that's very selectively enforced. With enough imagination, a great many bumper stickers and decals could be considered offensive. This law allows police officers to make that call subjectively. With the fine being $50 and the end result usually a fix-it ticket, no one's going to protest the unconstitutional law too loudly. Until they do.
Daniel Horowitz has taken up the driver's case. Horowitz is hoping to block [PDF] the law's enforcement until the court can rule on its constitutionality. The law certainly doesn't play nice with the First Amendment. Horowitz's restraining order motion [PDF] points out the parodic stick figure decal is protected speech as it's neither obscene nor patently offensive.
It does not, for example, display genitalia or any vivid portrayal of an ultimate sex act. It certainly does not display bestiality. And, in fact, the only indication that the stick-figure cartoons depicted in Mr. Owens’s bumper sticker are engaging in sex at all comes from the context offered from the description: “Making My Family.” See Exhibit B. Consequently, the notion that Mr. Owens’ stick-figure cartoon is even theoretically on par with “the ‘hard core’ types of conduct suggested by the examples given in Miller” is fantastical, and no reasonable fact-finder is likely to find otherwise.
The parodic nature of the decal only adds to its free speech value.
Rather than portraying his family, it indicates instead that he is in the process of “making [his] family,” and it displays two cartoon stick-figures engaged in that process. Id. Consequently—its crass nature notwithstanding— Mr. Owens’ sticker is a humorous and highly effective parody of “family stickers,” and it carries serious First Amendment value as a result.
With this filing, the state will likely be forced to confront its speech-hindering law. Dismissing the charges isn't going to dismiss the lawsuit and belated attempts to remove the plaintiff's standing aren't going to gather much judicial sympathy. This is why laws need to be crafted with an eye on the unintended consequences as well as their compliance with the Constitution. Doing otherwise results in litigation, which forces taxpayers to pay for the privilege of having to comply with unconstitutional laws -- and this is on top of the money they pay their representation to hopefully not screw things up TOO MUCH while in office.
Read More | 64 Comments | Leave a Comment..
More posts from Capitalist Lion Tamer >>