Capitalist Lion Tamer’s Techdirt Profile

capitalisliontamer

About Capitalist Lion TamerTechdirt Insider

List of blogs started with enthusiasm, which now mostly lie dormant:

[reserved for future use]
http://5k500k.wordpress.com

[recently retired]
http://capitalistliontamer.wordpress.com

[various side projects]
http://cliftonltanager.wordpress.com/
http://bl0wbybl0w.wordpress.com/
http://thepenismadeoutofspam.wordpress.com/



Posted on Techdirt - 27 March 2015 @ 7:39pm

Judge Calls Out Portland Police For Bogus 'Contempt Of Cop' Arrest/Beating

from the self-defense-against-excessive-force-possibly-a-thing dept

It doesn't happen often, but a judge has called out police officers for using a non-existent offense -- "contempt of cop" -- to justify the use of force against a detained person. Multnomah County (OR) Judge Diana Stewart cleared 16-year-old Portland resident Thai Gurule of several charges brought against him after he was pummeled and tased by police officers for… well, basically for responding angrily to a somewhat derogatory gesture.

Police that night had been looking for a group of seven to nine African American men, including one shirtless one, who had been walking the streets, reportedly damaging property and yelling profanities. Within minutes of receiving the group's last known location, police several blocks away focused their attention on a group of three young men: Gurule, his 20-year-old brother and their friend.
That was the narrative up to the point where Thai Gurule found himself on the receiving end of fists and Tasers. Ignoring the fact that this group had little in common with the suspects other than race, we come to what turned this incident into a confrontation and, finally, a one-side melee.

The following comes from the judge's statement on the dismissal of charges:
As the youth walked past, Officer Hughes said, "Hey" to the youth and when the youth continued, he again said, "Hey" and clapped his hands.

Thai Gurule turned to face Officer Hughes and in an angry or aggressive voice said "Don't fucking clap your hands at me". Officer Hughes stepped forward while the youth stepped back.
Cue escalation. The officers decided to cuff Gurule (for "resisting arrest," apparently). As a crowd began to gather, the officers decided to move Gurule into a prone position for cuffing, supposedly for officer safety. But rather than let Gurule move to a prone position, one of the officers decided to speed up the process by sweeping Gurule's feet out from underneath him. From that point, it became an uncontrolled beating. One officer held Gurule by the hair while the other two wrestled him to the ground and hit him multiple times with their fists and knees. Finding the one-sided "struggle" to be ineffective, Sgt. Lile deployed his Taser.

After they were done throwing blows, the officers threw the book at Thai Gurule, listing all of the following charges on the police report:
Aggravated assault
Simple assault
Criminal threats
Disorderly conduct
Interference with public safety
Resisting arrest
The accompanying reports filed by the officers maintained that Gurule repeatedly swung his fists at officers and tried to choke one of them. Unfortunately for these officers, multiple recordings of the incident that contradicted their narrative were made available to the judge.

Judge Stewart was obviously irate at the thick stack of lies delivered to her in the form of police reports and sworn testimony. She also was none too happy with the officers' justification for initiating the arrest of a person who had done nothing more than fail to treat Officer Hughes with as much deference as he felt he deserved. Not only did she dismiss the charges, but she read the entire damning dismissal order out loud.

In discussing the "resisting arrest" charge, Judge Stewart also addressed the pure BS motivating the officers' arrest of Gurule. She points out there's an exceedingly low bar that needs to be met to satisfy the requirements for bringing this charge, but the officers couldn't even meet that.
Actual restraint was placed upon the youth at the moment that Officers Hughes and Hornstein placed control or escort holds on the youth. At that moment, even given the broad authority described above, there is insufficient evidence before the court that the Officers were operating under their community caretaking function, or therefore under color.

At that time, there is no evidence of concerns about a crowd forming. That concern arose as much as a minute later when the officers decided to take the youth to the ground.
Establishing this, she gets to the heart of the matter.
The only facts before the court are that the youth failed the attitude test when he turned and aggressively complained about Officer Hughes clapping him hands. Officer Hughes stepped forward and the youth stepped back and Officer Hughes, immediately followed by Officer Hornstein placed the holds restraining the youth.
And there it is: the bogus arrest was prompted by a little disrespect Officer Hughes just couldn't handle. It is surprising enough that a judge would call out an officer for this sort of behavior. It's even more surprising that she would move on to allowing an arrested suspect's self-defense claims stand. In most cases, the judicial branch shows deference to police officers who use excessive force in their self-defense ("feared for their safety"). In this instance, the deference went the other way.
[W]hile a person may not use physical force to resist what is actually or perceived by the defendant to be an unlawful arrest, a person may use physical force in defending oneself from excessive use of force by an arresting officer. Any injury caused to an officer in the course of engaging in a justifiable use of force to defend oneself may under such circumstances be justified and not criminal.

[...]

In this case, the youth's age is a relevant factor which the court considers even without the testimony of youth. Therefore, the question before the court is whether this youth and a reasonable 16 year old youth in his position would have believed that the use or imminent use of force against him exceeded the force reasonably necessary and whether he was entitled to defend himself with a degree of force which a reasonable 16 year old would reasonably believe to be necessary for the purpose.

[...]

The take down, although intended to be gentle and with adequate warning was nothing like that plan. Officer Hornstein swept the youth's feet out from under him causing him the sensation of falling forward without the use of his hands to break his fall. The next 35 to 45 seconds was a melee of fists and punches and bodies falling upon him. Prior to reaching the wall, the youth was attempting to regain his footing and get back on his feet and remove himself from what a reasonable person would have felt was a senseless and aggressive use of excessive physical force.

Once at the wall, the independent evidence of the video clips is less clear but continues to show the youth trying to struggle away from the officers rather than engage in a physical altercation…

[...]

[G]iven that confusion, rapidity of events, the tangle of officers and the youth and the confusion caused by the crowd, I find that as to all charges herein, the state has not established beyond a reasonable doubt that the youth was not reasonably justified in the use of self-defense as to all of the charges herein.
And with that, Thai Gurule is no longer facing criminal charges. As of yet, there's no word of what consequences, if any, are awaiting the officers involved. The city's police department is only a couple of years removed from a DOJ investigation, but incidents like these show there's still work to be done.

And, of course, the local police union has greeted this decision with assertions that the officers involved did nothing wrong and that Judge Stewart is nothing more than an armchair quarterback, but you'll have to click over to Popehat to read Ken White's entertaining/infuriating take on the union head's counterclaims.

Read More | 57 Comments | Leave a Comment..

Posted on Techdirt - 27 March 2015 @ 9:37am

Defense Department Keeps Losing 'Sensitive' Explosives Gear, Then Finding It For Sale On Ebay

from the Finders-v.-Keepers-comes-into-play-here,-but-with-international-ramifications dept

The Pentagon may not know where some very sensitive equipment has disappeared to, but a variety of private resellers seem to have some idea where it might be found. A leaked US Naval Criminal Investigative Service (NCIS) document obtained by The Intercept details the agency's inability to keep track of its explosives-detecting equipment, bequeathed to it by the Defense Department's Joint Improvised Explosive Device Defeat Organization (JIEDDO).

While it did manage to track down some of its missing equipment at various equipment resellers (the document lists a variety of URLs, including ebay.com and craigslist.org), it still has no idea how much of it is still in the military's possession.

In all, more than 32,000 pieces of equipment were issued. Some kits are still in use, making it difficult to compile a precise inventory of what was issued and what might be missing.
The March 2014 document asks for assistance in locating missing devices to prevent them from being used against the US and its allies. It also points out that the failure to keep tabs on this equipment is mostly internal.
These investigations also determined the loss and theft of advanced technologies intended to give US military personnel tactical advantage on the battlefield was due to poor accountability controls by many of the military units who were issued the gear.
The Intercept managed to track down two eBay listings for NCIS equipment -- one from December of last year and an active listing for a CNVD-T Clip-On Night Vision Device Thermal System. For only $16,599, this equipment can be yours.... (Update: For what it's worth, the ebay seller featured below got in touch to insist that he is a licensed dealer of these items from the manufacturer, and that it's perfectly legal to sell these items).





As is to be expected from a task force that is apparently unable to control its own inventory, JIEDDO isn't a great steward of taxpayer funds.
JIEDDO has been heavily criticized over the years for expending large sums of money without attaining clear results. According to a 2012 report by the Government Accountability Office, JIEDDO had spent over $18 billion yet lacked an effective way to oversee its programs.
And as is so often the case when the government finds new ways to hand out military gear, those receiving the handouts seem alarmingly unconcerned with keeping close tabs on the equipment's whereabouts. Last year, another Pentagon-related equipment dispersal program caught heat for its lousy inventory control systems. The 1033 program, which hands out military equipment and weapons to local law enforcement agencies, is decentralized and disorganized, leading to 184 law enforcement agencies losing their access to militarization toys for misplacing everything from several assault rifles to an entire Humvee.

So, the Department of Defense may do several things well, but ensuring sensitive/powerful military gear remains in its control -- rather than in the hands of enemies or eBay users -- isn't one of them.

And, of course, the NCIS has refused to comment on the leaked document and has yet to make a bid it can neither confirm nor deny on its former property. If you're so inclined, you can always contact the not-quite-redacted Steve Sheldon, Intelligence Specialist (NCIS Southwest Field Office) at (619) 556-1106 and inquire as to whether ~$17,000 is a fair price for a "like new" clip-on night vision scope.

Read More | 17 Comments | Leave a Comment..

Posted on Techdirt - 27 March 2015 @ 8:18am

TSA Waves Convicted Murderer With Explosives Experience Through Its PreCheck Lane

from the waving-through-felons-while-patting-down-toddler dept

The TSA's PreCheck program also expedites security screening for "notorious convicted felons" and "former domestic terrorists." Who knew? From the sounds of its in-depth pre-screening efforts, you would think (unnamed) convicted felons wouldn't be able to sail past the checkpoint without even slowing down, but apparently, that's exactly what happened. And it's not just any former felon/domestic terrorist, but one who was previously convicted of murder and offenses involving explosives. (via Kevin Underhill/Lowering the Bar)

The U.S. Office of Special Counsel (OSC) received a whistleblower disclosure alleging a sufficiently notorious convicted felon was improperly cleared for TSA Pre✓ screening, creating a significant aviation security breach. The disclosure identified this event as a possible error in the TSA Secure Flight program since the traveler’s boarding pass contained a TSA Pre✓ indicator and encrypted barcode.
The good news (such as it were) is that the TSA did not grant the unnamed felon/terrorist PreCheck approval through its laborious and intrusive application process. It also didn't wave him/her through because lines were backing up at the normal checkpoints. (This is called "Managed Inclusion" by the TSA, but it more resembles "For the Hell of It" in practice…) That ends the good news.

It did, however, use its "risk assessment rules" to determine the terrorist/felon to be of no threat. This might be encouraging news for former felons/domestic terrorists, perhaps signaling that government agencies may ultimately forgive some criminal acts and not subject former felons to additional security harassment in perpetuity. Then again, this may just be the TSA's excuse for waving someone with questionable PreCheck clearance through security because a checkmark -- and its own internal bureaucracy -- told it to.
We also determined the Transportation Security Officer (TSO) followed standard operating procedures, but did not feel empowered to redirect the traveler from TSA Pre✓ screening to standard lane screening.
The OIG recommends more "empowerment" for rank-and-file. Good luck with that. If officers don't feel empowered, it's because management has shown them that questioning the (broken and wildly inconsistent) system isn't an option. Neither is doing any independent thinking. When this officer attempted to push it up the line, he/she ran into a pretty predictable response.
[T]he TSO knew of the traveler's TSA Pre✓disqualifying criminal convictions. The TSO followed the standard operating procedures and reported this to the supervisory TSO who then directed the TSO to take no further action and allow the traveler through the TSA Pre✓ lane. As a result, TSA does not have an incident report for this event.
One of the TSA's Behavioral Detection Officers (highly-trained in the art of the mental coin toss) was also contacted by the concerned officer. And, again, no further action was taken/recommended.

In the end, a felon/terrorist boarded a plane because the TSA's bureaucratic process can't handle contradictory variables. The PreCheck approval said "yes," but the previous convictions said PreCheck approval should never have happened. The TSA deferred to the obviously incorrect checkmark on the boarding pass. And now we have the punchline to the joke that starts, "A murderer with explosives experience walks into a PreCheck lane…"

The OIG's mostly-redacted recommendation criticizing the TSA's over-reliance on fallible pre-screening processes was mostly ignored by the agency.
TSA officials did not concur with Recommendation 1. In its response, TSA said that with respect to individuals who may pose an elevated security risk to commercial aviation, theU.S. Government's approach to domestic aviation security relies heavily on the TSDB and its Selectee List and No Fly List subcomponents. TSA said, had the intelligence or national law enforcement communities felt that this traveler posed an elevated risk to commercial aviation, they would have nominated the traveler to one of these lists and prevented the traveler from being designated as lower-risk.
To which the OIG responded, "Well, that 's obviously not working because this traveler should have been automatically denied PreCheck approval."
We consider TSA's actions nonresponsive to the intent of Recommendation 1, which is unresolved and open. TSA said it relies on the U.S. Government watchlisting process to identify individuals that represent an elevated risk to commercial aviation. However, not all non-watchlisted passengers are lower-risk and eligible for TSA Pre✓. For example, TSA has established disqualifying criteria, in addition to the watchlisting process, for an applicant seeking TSA Pre✓ Application Program membership. TSA will deny membership to an applicant convicted of any of the 28 disqualifying criminal offenses or not a U.S. citizen or Lawful Permanent Resident. Even though the traveler is not watchlisted, the traveler would be permanently ineligible for TSA Pre✓.
And yet, a convicted murderer has been PreCheck approved. The TSA wants to blame the rest of the government. The OIG just wants someone to use common sense, rather than never questioning a boarding pass. The OIG has a good point. The TSA claims it's shifting to a smarter, more responsive travel security, like the PreCheck program and its many Behavioral Detection Officers. But when a situation involving both arose, it left the thinking to its brainstem -- unwavering faith in databases and policy -- rather than making any move indicative of higher thought processes.

Read More | 15 Comments | Leave a Comment..

Posted on Techdirt - 27 March 2015 @ 4:07am

Copyright Bots Kill App Over 'Potentially Infringing' Images, Follow This Up By Blocking App For Use Of CC/Public Domain Images

from the and-fair-use-is-nowhere-to-be-found dept

With bots performing all sorts of intellectual property policing these days, fair use considerations are completely off the table. Nuances that can't be handled by a bot should theoretically be turned over to a human being in disputed cases. Unfortunately, dispute processes are often handled in an automated fashion, leading to even more problems.

Tolriq Yatse, the developer of a popular Xbox Media Center (XMBC) remote control app for Android phones, ran into this very problem with Google's Play Store, which suddenly dumped his app over "intellectual property violations" after more than 2 years of trouble-free listing. This might have been a quick fix if Google had been more forthcoming with details, but all Yatse received was a brief notice as his app was removed from the Play store.

Nothing was changed at all apart filling the new forced content rating form and suddenly lost all my revenues.

I hope someone human answer with details soon, but I'm joining the anger from all developers around about how #Google treat devs, take 30% share without problem but certainly do not do support or act as human when killing someone.
His complaints reached his fans and customers, who then made their presence felt. This finally prompted a Google human to give Yatse the details he needed so he could fix his app and get it relisted.
Hi Tolriq,

Thank you for your additional comments.

As previously explained, your promotional images include content that you do not appear to have permission to distribute. For example, images related to films are most likely protected by the various studios that produced and released them. It is reasonable to assume that these would not be made legally available in public domain or via Creative Commons as most studios are extremely protective of their intellectual property. The same could be said of images from various TV series…
This part of Google's response refers to screenshots used in the app's listing. They used to look something like this…


The images used here are only indicative of the app's capabilities. Even if (obviously) unlicensed, the app doesn't promise anything more than control of XBMC content. It doesn't promise access to studios' offerings or otherwise act as a movie/TV show portal. In this context, the movie posters displayed in the screenshots would appear to fall under "fair use." Google's response to Yatse indicates that, even with a human now involved, the Play Store won't tolerate the use of unlicensed images in "promotional" screenshots.

In fact, fair use isn't even discussed. Instead, Google asked Yatse to prove ownership of the disputed artwork before the app could be relisted.
If you are able to prove otherwise, either via direct authorization from a studio representative or the location where you sourced these images (public domain and/or Creative Commons), we could review that information and reconsider the merits of this case.
The motivating factor for this non-consideration is potential litigation, according to the Google Play Team.
This may represent a change from two years ago in that most studios today will file complaints over use of their content unless someone has entered into an agreement with them on some level, and that should not come as a surprise to you.
Even with a direct response, there are still some gray areas the developer is left to address himself.
We are unable to provide specific guidance as to which images may be allowed, but we trust that you will use your best judgment based on what we have mentioned above and in previous communications.
As Yatse points out, this isn't good news for developers.
The answer is very interesting for all Google Play developers :

- Google will remove your application on suspicions and not on real facts.
- No human will check what you upload or say.
- It's nearly impossible to have a real contact and support.
- You need to try to fix problem yourself without details and hope to have it fixed before ban. (Very hard when in fact there's no problem)
Google Play has moved to preemptive takedowns, unprompted by studio complaints. This isn't a good thing. It may protect Google (but only slightly, considering the studios' ongoing antipathy towards the tech company) but it does nothing for developers whose sales it takes a portion of.

In response, Yatse has swapped out the offending artwork for CC-licensed and public domain works. But even that wasn't enough for the Google bots. Those images had to be removed before his app was approved for relisting.
#Yatse is now back on Play Store, without any images until I can figure out what the Google bot does not like in open sources ones.
This understandably limits his options and makes it much harder to convey the app's functionality. Here are the screenshots currently available at Google Play, which show that Yatse (the app) is probably some sort of remote control program and has some color options.


So, based on no complaints from studios or other rights holders, an app comes down. And even with the use of properly-licensed images, it fails to be reinstated. And throughout all of the discussions, fair use isn't mentioned a single time. That's the reality of preemptive IP policing, and it's unlikely to change anytime soon.

45 Comments | Leave a Comment..

Posted on Techdirt - 26 March 2015 @ 3:47pm

California Legislators Pushing Warrant Requirement For All Access To Electronic Information, Including That Obtained By Stingrays

from the strong-nod-towards-long-ignored-rights dept

Good news from California: a bill requiring warrants for Stingray device usage (among other things) has passed out of a Senate committee and is headed for an assembly vote.

Among other sweeping new requirements to enhance digital privacy, the bill notably imposes a warrant requirement before police can access nearly any type of digital data produced by or contained within a device or service.

In other words, that would include any use of a stingray, also known as a cell-site simulator, which can not only used to determine a phone’s location, but can also intercept calls and text messages. During the act of locating a phone, stingrays also sweep up information about nearby phones—not just the target phone.
Despite similar bills being killed by governor vetoes in 2012 and 2013, California legislators are still looking to reform the state's privacy laws. For one thing, this new bill would put the state's Electronic Communication Privacy Act in compliance with the Supreme Court's recent Riley v. California decision (warrant requirement for cell phone searches incident to arrest), as Cyrus Farivar points out.

The committee passed it with a 6-1 vote, suggesting there's broader support for privacy and Fourth Amendment protections now than there were in the pre-Snowden days. Of course, the usual opposition was on hand to portray those pushing for a warrant requirement as being in favor of sexually abusing children.
[Marty] Vranicar [California District Attorneys Association] told the committee that the bill would "undermine efforts to find child exploitation," specifically child pornography.

"SB 178 threatens law enforcement’s ability to conduct undercover child porn investigation. the so-called peer-to-peer investigations," he said. "Officers, after creating online profiles—these e-mails provide metadata that is the key to providing information. This would effectively end online undercover investigations in California."
Vranicar failed to explain how an officer conducting an ongoing investigation would be unable to obtain a warrant for PTP user data… unless, of course, the "investigation" was nothing more than unfocused trolling or a sting running dangerously low on probable cause. Nothing in the bill forbids officers from using other methods -- Fourth Amendment-respecting methods -- to pursue those suspected of child exploitation. What it does do is make it more difficult to run stings and honeypots, both of which are already on shaky ground in terms of legality.

Additionally, the bill demands extensive reporting requirements pertaining to government requests for data, and makes an effort to strip away the secrecy surrounding search warrants.
1546.2 (a) Except as otherwise provided in this section, any government entity that executes a warrant or wiretap order or issues an emergency request pursuant to Section 1546.1 shall contemporaneously serve upon, or deliver by registered or first-class mail, electronic mail, or other means reasonably calculated to be effective, the identified targets of the warrant, order, or emergency request, a notice that informs the recipient that information about the recipient has been compelled or requested, and states with reasonable specificity the nature of the government investigation under which the information is sought. The notice shall include a copy of the warrant or order, or a written statement setting forth facts giving rise to the emergency.

(b) If there is no identified target of a warrant, wiretap order, or emergency request at the time of its issuance, the government entity shall take reasonable steps to provide the notice, within three days of the execution of the warrant, to all individuals about whom information was disclosed or obtained.
This isn't blanket coverage or without exceptions. Officers can still offer sworn affidavits in support of sealing to the court, which may then seal warrants on a rolling 90-day basis at its discretion.

Law enforcement will continue to fight this bill, but its opposition seemingly had no effect on the Public Safety Committee. This bill brings the government into a much tighter alignment with the wording and the intent of the Fourth Amendment. The arguments against it demonstrate that the law enforcement community continues to prize efficient policing over the public's (supposedly) guaranteed rights.

Read More | 12 Comments | Leave a Comment..

Posted on Techdirt - 26 March 2015 @ 2:36pm

Dangerously Underpowered NSA Begging Legislators For Permission To Go To Cyberwar

from the poor,-neglected-NSA dept

Cyber-this and cyber-that. That's all the government wants to talk about. The NSA, which has always yearned for a larger slice of the cybersecurity pie, is pushing legislators to grant it permission to go all-out on the offensive to protect foreign-owned movie studios the USofA from hackers.

NSA director Mike Rogers testified in front of a Senate committee this week, lamenting that the poor ol’ NSA just doesn’t have the “cyber-offensive” capabilities (read: the ability to hack people) it needs to adequately defend the US. How cyber-attacking countries will help cyber-defense is anybody’s guess, but the idea that the NSA is somehow hamstrung is absurd.
Yes, we (or rather, our representatives) are expected to believe the NSA is just barely getting by when it comes to cyber-capabilities. Somehow, backdoors in phone SIM cards, backdoors in networking hardware, backdoors in hard drives, compromised encryption standards, collection points on internet backbones, the cooperation of national security agencies around the world, stealth deployment of malicious spyware, the phone records of pretty much every American, access to major tech company data centers, an arsenal of purchased software and hardware exploits, various odds and ends yet to be disclosed and the full support of the last two administrations just isn't enough. Now, it wants the blessing of lawmakers to do even more than it already does. Which is quite a bit, actually.
The NSA runs sophisticated hacking operations all over the world. A Washington Post report showed that the NSA carried out 231 “offensive” operations in 2011 - and that number has surely grown since then. That report also revealed that the NSA runs a $652m project that has infected tens of thousands of computers with malware.
That was four years ago -- a lifetime when it comes to an agency with the capabilities the NSA possesses. Anyone who believes the current numbers are lower is probably lobbying increased power. And they don't believe it. They'd just act like they do.

Unfortunately, legislators may be in a receptive mood. CISA -- CISPA rebranded -- is back on the table. The recent Sony hack, which caused millions of dollars of embarrassment, has gotten more than a few of them fired up about the oft-deployed term "cybersecurity." Most of those backing this legislation don't seem to have the slightest idea (or just don't care) how much collateral damage it will cause or the extent to which they're looking to expand government power.

The NSA knows, and it wants this bill to sail through unburdened by anything more than its requests for permission to fire.
The bill will do little to stop cyberattacks, but it will do a lot to give the NSA even more power to collect Americans’ communications from tech companies without any legal process whatsoever. The bill’s text was finally released a couple days ago, and, as EFF points out, tucked in the bill were the powers to do the exact type of “offensive” attacks for which Rogers is pining.
In the meantime, Section 215 languishes slightly, as Trevor Timm points out. But that's the least of the NSA's worries. It has tech companies openly opposing its "collect everything" approach. Apple and Google are both being villainized by security and law enforcement agencies for their encryption-by-default plans. More and more broad requests for user data are being challenged, and (eventually) some of the administration's minor surveillance tweaks will be implemented.

Section 215 may die. (Or it may keep on living even in death, thanks to some ambiguous language in the PATRIOT Act.) But I would imagine the bulk phone metadata is no longer a priority for the NSA. It has too many other programs that harvest more and face fewer challenges. The NSA wants to be a major cyberwar player, which is something that will only increase its questionable tactics and domestic surveillance efforts. If it gets its way via CISA, it will be able to make broader and deeper demands for information from tech companies. Under the guise of "information sharing," the NSA will collect more and share less. And what it does share will be buried under redactions, gag orders and chants of "national security." Its partnerships with tech companies will bear a greater resemblance to parasitic relationships than anything approaching equitable, especially when these companies will have this "sharing" foisted upon them by dangerously terrible legislation.

But until it reaches that point, the NSA will keep claiming it's under-equipped to handle the modern world. And it will continue to make the very dubious claim that the best defense is an unrestrained offense.

26 Comments | Leave a Comment..

Posted on Techdirt - 26 March 2015 @ 12:32pm

New York Legislators Seeking A 'Right To Repair' Law For Electronic Devices

from the the-end-of-fixed-fixes? dept

Well, this is (potentially) good news. New York is going forward with the first "right to repair" bill in the nation, as pointed out on Twitter by Amanda Levendowski. The bill will allow constituents to bypass manufacturer-authorized dealers/repair centers and use smaller (and cheaper) repair outlets. Or, if neither seems within the price range, they're more than welcome to perform these repairs -- using previously-hidden manufacturer specs and instructions -- themselves.

Perhaps the best thing about the bill (if it passes with as few loopholes as possible) is that it will eliminate the sort of ridiculousness that has been the end result of this tight grip on repair "permission." Like Immigrations and Customs Enforcement (ICE) raiding repair shops for using aftermarket products. Or teens being sued by multi-billion dollar companies for doing the same. Or local governments requiring unrelated licenses to be obtained before a person can start offering repairs.

Here's what's being authorized before the exceptions kick in. (ALL CAPS in the original.)

MANUFACTURERS OF DIGITAL ELECTRONIC PARTS AND MACHINES SOLD OR USED IN THE STATE OF NEW YORK SHALL:

I. MAKE AVAILABLE FOR PURCHASE BY INDEPENDENT REPAIR FACILITIES OR OTHER OWNERS OF PRODUCTS MANUFACTURED BY SUCH MANUFACTURER DIAGNOSTIC AND REPAIR INFORMATION, INCLUDING REPAIR TECHNICAL UPDATES, UPDATES AND CORRECTIONS TO FIRMWARE, AND RELATED DOCUMENTATION, IN THE SAME MANNER SUCH MANUFACTURER MAKES AVAILABLE TO ITS AUTHORIZED REPAIR CHANNEL. EACH MANUFACTURER SHALL PROVIDE ACCESS TO SUCH MANUFACTURER'S DIAGNOSTIC AND REPAIR INFORMATION SYSTEM FOR PURCHASE BY OWNERS AND INDEPENDENT REPAIR FACILITIES UPON FAIR AND REASONABLE TERMS; AND

II. MAKE AVAILABLE FOR PURCHASE BY THE PRODUCT OWNER, OR THE AUTHORIZED AGENT OF THE OWNER, SUCH SERVICE PARTS, INCLUSIVE OF ANY UPDATES TO THE FIRMWARE OF THE PARTS, FOR PURCHASE UPON FAIR AND REASONABLE TERMS…

EACH MANUFACTURER OF DIGITAL ELECTRONIC PRODUCTS SOLD OR USED IN THE STATE OF NEW YORK SHALL MAKE AVAILABLE FOR PURCHASE BY OWNERS AND INDEPENDENT REPAIR FACILITIES ALL DIAGNOSTIC REPAIR TOOLS INCORPORATING THE SAME DIAGNOSTIC, REPAIR AND REMOTE COMMUNICATIONS CAPABILITIES THAT SUCH MANUFACTURER MAKES AVAILABLE TO ITS OWN REPAIR OR ENGINEERING STAFF OR ANY AUTHORIZED REPAIR CHANNELS. EACH MANUFACTURER SHALL OFFER SUCH TOOLS FOR SALE TO OWNERS AND TO INDEPENDENT REPAIR FACILITIES UPON FAIR AND REASONABLE TERMS.
That's the good part. But there are potential loopholes in the bill already, including a major exception for one of the most tightlipped industries: auto manufacturers.
NOTHING IN THIS SECTION SHALL APPLY TO MOTOR VEHICLE MANUFACTURERS OR MOTOR VEHICLE DEALERS AS DEFINED IN THIS SECTION.
If any industry needs to be covered under a "right to repair," it's the auto industry, which has continually abused intellectual property laws to keep the general public from diagnosing their own vehicles in order to perform their own repairs.

There's other potential bad news in there as well.
NOTHING IN THIS SECTION SHALL BE CONSTRUED TO REQUIRE A MANUFACTURER TO DIVULGE A TRADE SECRET.
Yeah. Guess what's going to start being declared "trade secrets?" Probably almost everything the bill orders manufacturers to make available to the public. Even if this bill passes, there's going to be a ton of litigation over what does and does not define a "trade secret." In the meantime, the public will be no better off than they were before the bill's passage.

And there's this exception, which would seem to pick up whatever slack "trade secrets" can't.
NOTHING IN THIS SECTION SHALL BE CONSTRUED TO REQUIRE MANUFACTURERS OR AUTHORIZED REPAIR PROVIDERS TO PROVIDE AN OWNER OR INDEPENDENT REPAIR PROVIDER ACCESS TO NON-DIAGNOSTIC AND REPAIR INFORMATION PROVIDED BY A MANUFACTURER TO AN AUTHORIZED REPAIR PROVIDER PURSUANT TO THE TERMS OF AN AUTHORIZING AGREEMENT.
"Non-diagnostic" could become the new "diagnostic." And the use of the word "and" seems to make "repair information" off-limits if any agreements are already in place with authorized dealers and repair shops.

There's also a good chance the bill's "fair and reasonable terms" will be construed as permission to price independent repair shops and the general public out of the market. Legislators obviously can't set base prices (or even determine a fair market price -- that information is kept under wraps as well), so the suggestion of a "fair" price is open to advantageous interpretation. There's an attempt to set some limits in the bill's definitions, with the most significant one being "THE ABILITY OF AFTERMARKET TECHNICIANS OR SHOPS TO AFFORD THE INFORMATION," but that, again, is going to generate a lot of friction (possibly of the litigious variety) when manfacturers and the rest of the public repeatedly fail to agree on the definition of "affordable."

Still, it's more than most governments are willing to attempt. Massachusetts passed one in 2013 -- one that targeted auto manufacturers and dealers. It met with the usual resistance from the auto industry (both ends) but gathered 86% of the public's votes, clearly signaling unhappiness with the automakers' closed systems. A federal "right to repair" law has been mooted several times, but has never gained significant traction.

If this bill is going to succeed as a law, legislators need to do some loophole stitching pre-passage, and regulators will need to keep a very close eye on reticent manufacturers after it becomes law.

Read More | 13 Comments | Leave a Comment..

Posted on Techdirt - 26 March 2015 @ 11:33am

Bill Introduced To Repeal Patriot Act And Prevent The Government From Demanding Encryption Backdoors

from the a-legislator-can-dream,-can't-he? dept

Since the Snowden leaks began, there have been several efforts made -- legislative and administrative -- in response to the exposure of the NSA's domestic surveillance programs. Some have been real fixes. Some have been fake fixes. Others have targeted the thing the NSA desires even more than seemingly limitless access to data from all over the world: funding.

But none of these, not even the President's weak reform efforts, have managed to take hold. Neither will this, most likely, although you have to admire the audacity of the bill's authors, Reps. Thomas Massie and Marc Pocan.

The bill would completely repeal the Patriot Act, the sweeping national security law passed in the days after Sept. 11, 2001, as well as the 2008 FISA Amendments Act, another spying law that the NSA has used to justify collecting vast swaths of people's communications through the Internet.
If anything's due for a complete revamp, if not a complete repeal, it's the Patriot Act. It wasn't even good legislation back when it was passed. At best, it was "timely," which is a term that gives the rushed, secretive, knee-jerk legislation far more credit than it deserves. Pocan and Massie's (the latter of which has just introduced a new phone-unlocking bill with Rep. Zoe Lofgren to replace the bad one passed by the House in 2014) "Surveillance State Repeal Act" doesn't waste any time "tinkering around the edges."

Not only would the bill repeal the law, it would reset anything (amendments/additional government powers) brought into force by the Patriot Act and the FISA Amendments Act of 2008. On top of that, it would demand the immediate deletion of tons of data from the NSA's collections.
DESTRUCTION OF CERTAIN INFORMATION.—The Director of National Intelligence and the Attorney General shall destroy any information collected under the USA PATRIOT Act (Public Law 107-56) and the amendments made by such Act, as in effect the day before the date of the enactment of this Act, concerning a United States person that is not related to an investigation that is actively ongoing on such date.
The bill, oddly, also describes a path towards FISA Judge For Life positions.
TERMS; REAPPOINTMENT.—Section 103(d) of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1803(d)) is amended— (1) by striking ‘‘maximum of seven’’ and inserting ‘‘maximum of ten’’; and (2) by striking ‘‘and shall not be eligible for re-designation’’.
Which is fine (not really) if you like the judges already appointed. But this is the sort of thing that leads to the permanent appointment of judges favored by either side of the surveillance question. And so far, presidential administrations have come down in favor of domestic surveillance. Removing the term limits just encourages the appointment of permanent NSA rubber stamps.

The bill creates a warrant requirement for the acquisition of US persons' data under the FISA Amendments Act and Executive Order 12333. It also expressly forbids a government mandate for encryption backdoors, although the first sentence of this section seems to be a rather large loophole.
Notwithstanding any other provision of law, the Federal Government shall not mandate that the manufacturer of an electronic device or software for an electronic device build into such device or software a mechanism that allows the Federal Government to bypass the encryption or privacy technology of such device or software.
If this bill somehow manages to pass a round or two of scrutiny, language tweaks will certainly be requested -- possibly leading to a complete subversion of the bill's intent. But that's a huge "if." Very few legislators have the stomach to gut the Patriot Act or the FISA Amendments Act. Many will be happy to entertain smaller fixes, but most won't be willing to essentially strip the NSA of its domestic surveillance powers. No one wants to be the "yea" vote that's pointed to in the wake of a terrorist attack and only a few more are actually willing to go head-to-head with the intelligence agency.

Read More | 30 Comments | Leave a Comment..

Posted on Techdirt - 26 March 2015 @ 10:31am

CyberNadir: Former Pilot Randomly Speculates (Incorrectly) That Recent Airbus Crash Could Be The Work Of Hackers

from the all-the-'news'-that's-fit-to-cram-into-a-24-hour-sprawl dept

CNN and Fox had the market cornered on ridiculous airplane crash theories, up until recently. When Malaysia Airlines Flight 17 just up and vanished, CNN produced wall-to-wall coverage seemingly cribbed from low-rent conspiracy theory sites. UFO? Black hole? Any and all theories were entertained.

Fox News hasn't exactly been the epitome of restraint, either. While it managed to avoid following CNN down these plane crash rabbit holes, it too has entertained some theories better left to operations that don't claim "news" to be a major part of their offerings. Fox News host Anna Kooiman suggested the metric system was to blame, what with kilometers being different than miles and Celsius and Fahrenheit not seeing eye-to-eye, potentially leading to some sort of in-flight calculation error.

MSNBC has decided it won't let its competition be the only "news" agencies spouting ridiculous theories. In an effort to get out ahead of the facts -- black box recordings indicated the co-pilot of the aircraft deliberately crashed the plane after locking the commanding pilot out of the cockpit -- MSNBC allowed the following theory to be presented -- completely unchallenged -- by one of its guests.

“There’s one possibility that no one has brought up, and I wonder could this be a hacking incident?” former commercial pilot Jay Rollins told MSNBC’s Diaz-Balart. “This is very similar in my mind to what happened when the U.S. lost that drone over Iran. The same thing, suddenly the aircraft was responding to outside forces…"

Rollins said that the plane’s descent was “worrisome” because “it makes me think about hacking, some sort of interference into the computer system.”
Now, hacking a plane isn't impossible. At 2013's Hack in the Box conference, German security consultant Hugo Teso used his own app -- PlaneSploit -- to demonstrate that an Android phone could be used to reroute a plane, send it diving towards the ground or to set off every alarm in the aircraft.

Or not. Teso's demonstration involved sending flight information to airborne planes with these instructions (in a simulated environment, of course) via ACARS (Aircraft Communications and Response Addressing System) to the FMS (Flight Management System). But there were multiple problems with his plan. First of all, the flight computer has to accept the new instructions and, secondly, pilots would have to be unable to override bad instructions. Neither of which are a distinct possibility.

Patrick Smith, another commercial airline pilot, albeit one far less likely to openly speculate on "hacked" planes than Jay Rollins, pointed out the flaws in Teso's hack.
The problem is, the FMS — and certainly not ACARS — does not directly control an airplane the way people think it does, and the way, with respect to this story, media reports are implying. Neither the FMS nor the autopilot flies the plane. The crew flies the plane through these components. We tell it what to do, when to do it, and how to do it. Whatever data finds its way into the FMS, and regardless of where it’s coming from, it still needs to make sense to the crew. If it doesn’t, we’re not going to allow the plane, or ourselves, to follow it.

The sorts of disruptions that might arise aren’t anything a crew couldn’t notice and easily override. The FMS cannot say to the plane, “descend toward the ground now!” or “Slow to stall speed now!” or “Turn left and fly into that building!” It doesn’t work that way. What you might see would be something like an en route waypoint that would, if followed, carry you astray of course, or an altitude that’s out of whack with what ATC or the charts tells you it ought to be. That sort of thing. Anything weird or unsafe — an incorrect course or altitude — would be corrected very quickly by the pilots.
So, the problem isn't that hacking is impossible. It's just very, very unlikely. And in this case, hacking had nothing to do with the plane crash.

No, the problem is that news agencies looking to wring every bit of ratings possible from a tragedy are willing to make viewers stupider under the guise of "news." When facts just aren't available, 24-hour news teams lean heavily on whatever theory will provide the most entertainment (for lack of a better word). Former pilot Jay Rollins may have three decades of experience, but his speculation draws on none of it. Instead, it just takes a bit of what's selling right now (anything "cyber") and what has always sold (fear) and leaves the viewers with less information than they would have obtained by skipping the coverage completely. The truth, however, is simultaneously more horrific (in that there's little that can be done to thwart a pilot determined to crash a plane) than the "hacked plane" theory and more mundane -- at least in terms of "exciting" news coverage.

50 Comments | Leave a Comment..

Posted on Techdirt - 25 March 2015 @ 2:50pm

Senator Wants To Know Why The US Marshals Asset Forfeiture Division Is Blowing Money On $10,000 Tables

from the converting-expensive-things-into-money-to-spend-on-expensive-things dept

Asset forfeiture -- both at state and national levels -- is receiving some intense scrutiny, thanks to unflattering coverage in major news outlets like the New York Times and Washington Post. Attorney General Eric Holder made some minor cuts to the DOJ's participation in states' forfeiture programs. Meanwhile, at the state level, legislators have introduced bills targeting these programs' perverted incentives -- namely, that the agency performing the asset seizure usually benefits directly from the "forfeited" wealth.

It hasn't always been successful. Wyoming legislators were shot down by the governor -- a former prosecutor -- who explained that asset forfeiture is "good" and "right" -- something it rarely is in practice. Washington DC's city council managed to push its reform bill through, placing more constraints on seizures and raising the evidentiary standard needed to declare other people's assets "guilty."

Back at the national level, Sen. Chuck Grassley is raising some pointed questions about the US Marshals' use of asset forfeiture funds. He sent two letters to the agency recently, the first of which questioned its hiring practices.

Grassley said a whistleblower claimed that Kimberly Beal, then the deputy assistant director of the AFD, had qualification requirements waived to hire a person for a high-paying contract who was recommended by Stacia Hylton, the director of the Marshals Service. According to the whistleblower, Beal did so while under consideration for her current position of assistant director, raising suspicions that the hiring was a quid pro quo arrangement.

“This quid pro quo exchange of favors, if true, would raise serious doubts about the operational practices of the USMS AFD under Ms. Beal as well as, frankly, Ms. Hylton’s leadership of the USMS,” Grassley’s office said in the letter.
The second letter questions the Marshals Service's appetite for office luxuries.
1. Regarding AFD offices at Crystal Mall 4, please answer the following questions:

a. Did AFD purchase a conference table that exceeded $10,000 in cost? If so, what was the cost and why was a less expensive table not considered?
b. Did AFD replace window treatments already provided for in the office lease with expensive custom window treatments? If so, why and what was the cost?
c. Did AFD install custom wallpaper, artwork, crown moldings, and chair rails in its offices? If so, why and at what cost for each of these installations?
d. Does AFD intend to expend similar amounts to decorate and furnish new office space it anticipates moving into in the near future? What will happen to the furnishings and decorations after AFD moves out?
That's the most eyegrabbing part of Grassley's letter but the rest asks similar -- if less dramatic -- questions about the agency's spending habits.

The US Marshals Service doesn't necessarily have a long history of asset forfeiture abuse, but it has previously been called out by the DOJ's Inspector General for being less than accurate with its bookkeeping.
In at least eight of the 55 cases taken up by the asset team between 2005 and 2010, the purchaser or the price of the asset was not recorded. On top of that, the team failed to perform sufficient market research to properly value the assets it was eyeing; for some of them, it couldn’t even provide the OIG with bank statements and other basic documentation.
More damning was the OIG's discovery of a huge conflict of interest. Another whistleblower uncovered lead asset forfeiture official Leonard Briskman's extremely fortuitous moonlighting gig. Briskman, who appraised assets for the US Marshals Service, ran his own private appraisal business on the side.
The inspector general reported that in several instances, Briskman valued and sold the same asset himself without supervision by anyone in the marshal’s office. In addition, he failed to publicly announce the sale of some assets, which limited their availability to the general public. In one case, an assistant U.S. Attorney from the Southern District of New York objected to a decision by Briskman to sell assets that had been seized during the Bernard Madoff case–more than one million shares of a pet prescription firm and a 5 percent stake in another investment portfolio–without announcing the sale.
The US Marshals Service doesn't need to dirty its hands by performing seizures. All it has to do is sit there and wait for assets from equitable sharing programs to roll in. And roll in they do, thanks to local law enforcement agencies partnering up with the DOJ to avoid state laws put in place to limit the sort of abuse that is all too frequent when cops are given the authority to declare money, vehicles and other property guilty on the spot.

As would befit any government agency spending other people's money and divesting itself of other people's property, the US Marshals Service buys $10,000 tables and does little to ensure its auctioned items return something close to market value. Because of its lax accounting and questionable appraisals, money from sales went AWOL and what it did receive from auctions was likely less than it would have obtained with a bit more diligence and competence.

Whether Grassley will receive any answers to his questions remains to be seen, but the recent history of the US Marshals Service doesn't indicate it's an agency enthralled with concepts like fiscal responsibility and public accountability. If the agency is blowing seized funds on pricey tables and custom window treatments, it's going to take more than a couple of angry letters to change its "Spend it like you seized it!" culture.

22 Comments | Leave a Comment..

Posted on Techdirt - 25 March 2015 @ 1:15am

Attorney General Threatens To Prosecute Reporters For Doing Their Job

from the with-great-power-comes-great-ridiculousness dept

Following a trail blazed by Maryland councilman Kirby Delauter, a Virgin Islands Attorney General is making an ass of herself by threatening journalists for having the audacity to do their job. Delauter infamously publicly attacked a reporter for daring to publish his name in her paper, apparently unaware that this sort of thing happens to public officials roughly all the damn time. The ensuing internet maelstrom forced a retraction and apology from Delauter.

The Virgin Islands Daily News is still waiting for an apology from acting Attorney General Terri Griffiths for this wholly inappropriate response to acts of journalism. [via Jim Romenesko]

Acting Attorney General Terri Griffiths told executives of The Virgin Islands Daily News on Thursday morning that she will prosecute the newspaper on criminal charges because of its telephone calls to obtain comment and information from her.

"I'll be filing criminal charges against you," Griffiths said as she abruptly left a meeting at The Daily News' offices on St. Thomas.
She also claimed a quote appearing in one of the paper's stories was "fabricated." This is the quote:
"I will not comment on the Parole Board hearings."
This quote seems like something an attorney general would be very likely to say. In fact, the refusal to comment has long been a hallmark of law enforcement-press relations. Not commenting is the national pastime of law enforcers, who are often the first party to issue a solid "no comment" after controversial incidents. But Griffith claims this completely innocuous and completely boring quote was fabricated. The Daily News found otherwise.
The Daily News has reviewed Griffiths' allegations that a quote attributed to her had been fabricated and stands by its published report, Robbins said.

"We take any report of inaccuracy very seriously, and we publish a clarification or correction if an error appears in print," Robbins said. "In this case, we found that the reporter was accurate."
But Griffiths is more upset that Daily News reporters are calling her on her cell phone to obtain additional "no comments" on various stories involving her office. This would almost be a legitimate complaint (provided you ignore the ensuing "I'll put you in jail" threat that accompanied it), if it weren't for the fact that Griffiths herself provided the cell phone number to the paper.
Griffiths spoke at length about her desire not to be called on the cell phone or after hours, and she termed the calls "telephone harassment."

Daily News reporters have called Griffiths on her cell when unable to reach her on her office phone. The cell number they used is the one she provided to the newspaper.

The meeting broke down when Robbins asked Griffiths to answer specific questions about her grievances.

Griffiths objected to that and said she did not want to be "blindsided."

"I don't want to talk to your reporters ever. There will be no communication between me and The Daily News ever again," she said.

She asked Robbins whether he would instruct reporters not to call her on the cell phone.

Robbins said, "No."

Griffiths then left the meeting, announcing, "Then I am going to file criminal charges against you."
Welcome to the life of a public figure, Ms. Griffiths. Reporters are going to call you when your input is needed or desired. It won't always be during business hours, especially if your office can't provide "I will not comment" (non)comments in your absence. Certainly, an excessive amount of calls after "business hours" (whatever that means to powerful law enforcement figures/journalists -- I would imagine those timetables have significant differences) would be irritating, but it doesn't rise to the level of harassment.

And Griffiths' comment about resenting being "blindsided" strongly suggests she'd rather not deal with this part of the job at all. Any question can be deferred to a later time if the answer isn't immediately apparent, but the pattern of calls Griffiths calls "harassment" suggests she's not exactly forthcoming or timely in her responses.

Harassment may be a crime, but journalism isn't. If Griffiths would rather not answer questions, she can place that burden on her staff. Or she can communicate only through official statements and press releases. Or she can give the newspaper guidance on what times are acceptable to call. But what she definitely can't do -- or at least shouldn't -- is abuse the power of her position to mute pesky guardians of public accountability.

23 Comments | Leave a Comment..

Posted on Techdirt - 24 March 2015 @ 3:46pm

Cops To Congress: Please Leave Us And Our License Plates Readers Alone

from the any-limits-will-immediately-result-in-ALL-THE-CRIME dept

Poor dears. A bunch of law enforcement associations are worried that they won't be able to keep all that sweet, sweet ALPR (automatic license plate reader) data for as long as they want to. In fact, they're so worried, they've issued a letter in response to a nonexistent legislative threat.

Despite the fact that no federal license plate legislation has been proposed, the International Association of Chiefs of Police (IACP) has sent a pre-emptive letter to top Congressional lawmakers, warning them against any future restrictions of automated license plate readers. The IACP claims to be the "world's oldest and largest association of law enforcement executives."
The letter is stained with the tears of law enforcement entities whose thirst for bulk collections is only rivaled by national security agencies.
We are deeply concerned about efforts to portray automated license plate recognition (ALPR) technology as a national real-time tracking capability for law enforcement. The fact is that this technology and the data it generates is not used to track people in real time. ALPR is used every day to generate investigative leads that help law enforcement solve murders, rapes, and serial property crimes, recover abducted children, detect drug and human trafficking rings, find stolen vehicles, apprehend violent criminal alien fugitives, and support terrorism investigations.
The "efforts to portray" ALPRs as ad hoc tracking devices aren't limited to imaginative conspiracy theorists. Millions of plate scans are added to private companies' databases every day. The total number of records retained by Vigilant, the most prominent manufacturer of ALPRs, totals in the billions. That amount of data can easily be used to track nearly anyone's day-to-day movements. And the database is accessible by law enforcement agencies around the nation. There's no geofencing keeping the data compartmentalized to what's "relevant" to local agencies.

As for the rest of the paragraph, those claims have yet to be backed up by arrest statistics. The amount of plate data collected far outweighs the results.
There is a misconception of continuous government tracking of individuals using ALPR information. This has led to attempts to curtail law enforcement’s use of the technology without a proper and fair effort to truly understand the anonymous nature of the data, how it is used, and how it is protected.
Note how the "misconception" is nothing privacy advocates are actually saying. No one's mistaking plate scans for a GPS tracking device. They've just noted that the end result is nearly identical. Gather enough data and you don't need a more "intrusive" method.
We are seeing harmful proposals – appropriations amendments and legislation – to restrict or completely ban law enforcement’s use of ALPR technology and data without any effort to truly understand the issue. Yet, any review would make clear that the value of this technology is beyond question, and that protections against mis-use of the data by law enforcement are already in place. That is one of the reasons why critics are hard-pressed to identify any actual instances of mis-use.
Translation: no one understands this high-tech device but us cops.

Also: "value" is "beyond question?" If so, why is it so hard to get any law enforcement agency to produce some evidence to back up this claim? It's high tech, but it's also fallible tech. And it's tech that is being deployed with little to nothing in the way of privacy protections or oversight.

That's what legislators (non-federal) are seeking. Some sort of limits and accountability. Virginia just passed one of the most restrictive pieces of legislation pertaining to ALPRs -- one that installs limits on collection and retention.
Virginia has become the first state in America to impose a very short data retention limit on the use of automated license plate readers (LPRs, or ALPRs). VA cops will now only be able to keep such data for seven days unless there is an active, ongoing criminal investigation.
Only a few states have imposed any legislative limits on the technology. For most US law enforcement agencies, the data is gathered en masse (and sometimes in inappropriate places) and held forever. The LAPD argued that every one of the thousands of plate scans it had gathered is somehow "relevant" to ongoing investigations. When you're faced with claims like that, it's hard to argue with legislative limits being introduced. The police won't police themselves. Someone usually has to force them into applying even the most minimal of restrictions on ALPR use.
We call on Congress to foster a reasonable and transparent discussion about ALPR.
That's rich. "Transparent discussion." The hell does that even mean in a law enforcement context? Agencies don't want to talk about ALPRs, drones, Stingray devices, their officers' misconduct, etc. The prevailing law enforcement mentality is almost completely opposed to transparency. These police associations aren't interested in Congress or anyone else having a "transparent discussion." What they want is a guided discussion that results in more data-hauling business as usual for the agencies these associations represent.

But this sentence is the best thing about this overwrought letter:
If legislative efforts to curtail ALPR use are successful, federal, state, and local law enforcement’s ability to investigate crimes will be significantly impacted given the extensive use of the technology today.
Shorter police: "We like our shiny tech tools so much, we've forgotten how to perform police work." If they can't get as much as they can, as often as they can and access it at their leisure, the streets will run red with the blood of the innocent. This sort of thinking goes all the way to the top, where the FBI's James Comey has promised death, molestation and Colombia 2.0 if the government isn't allowed to build itself backdoors in cellphone encryption.

How a device that delivers a 0.2% hit rate has become something the cops lean on so heavily they simply can't go on without it is a question that deserves a "transparent" answer, rather than the hitch-in-the-throat talking points delivered here. All anyone wants is something telling cops they can't keep everything for as long as they want. They want privacy impact assessments and honest answers to worrying questions. All we've received so far is unproven claims of the tech's "effectiveness" and the constant pimping of dead children and human trafficking victims, with the existential threat of suppliers delivering product to a receptive market thrown in for good measure.

49 Comments | Leave a Comment..

Posted on Techdirt - 24 March 2015 @ 9:31am

Even If Congress Lets Section 215 Expire, The NSA May Be Able To Keep On Collecting Phone Metadata

from the your-expired-laws-have-no-power-here dept

The NSA's bulk phone metadata program is unstoppable. Despite being called out by legislators and the administration's civil liberties oversight board as unconstitutional and illegal -- and despite being targeted by several of the administration's surveillance reforms -- it continues uninterrupted and largely unchanged.

Legislators who watched their Section 215-targeting bills die on the Congressional floor are now watching the clock. This part of the PATRIOT Act is set to expire June 1st (as is the latest bulk metadata order) and if Congress doesn't act to renew it, the program will grind to a halt. Or so you would think. But the FISA judge James Boasberg doesn't see why this provision's sunset should have any negative effect on the continued collection of phone metadata.

On the last page of the court's most recent order, Boasberg says the following:

If Congress, conversely, has not enacted legislation amending § 1861 or extending its sunset date established by Section 102(b) of Public Law 109-177, 120 Stat. 195, as most recently amended by Section 2(a) of Public Law 112-14, 125 Stat. 216, the government is directed to provide a legal memorandum pursuant to Rule 11(d) addressing the power of the Court to grant such authority beyond June 1, 2015.
It's Public Law 109-177 that's aiding the effortless reauthorization. Charlie Savage of the New York Times noted this possibility last year. There's an exception in place that allows authorized surveillance programs to continue even after their authorizations have lapsed.
(2) Exception.–With respect to any particular foreign intelligence investigation that began before the date on which the provisions referred to in paragraph (1) cease to have effect, or with respect to any particular offense or potential offense that began or occurred before the date on which such provisions cease to have effect, such provisions shall continue in effect.
This could provide for endless bulk surveillance under Section 215, even without renewal of the program. Or it could just be the FISA judge signaling conversations the general public isn't privy to, as Marcy Wheeler points out.
That basically says the Court is aware of this discussion, either because it reads the NYT or because the government has mentioned it. This order doesn’t tip a hand on how FISC would regard this claim, but it does make clear it considers it a distinct possibility.

Note, unless I’m missing something, no language like this appears in any of the unredacted sections of previous dragnet orders, not even when Congress was giving the government straight renewals. We can’t be sure, but that certainly seems to suggest the Court has been having conversations — either by itself or with the government — about alternatives in a way Bob Litt and others are not having publicly.
Even if the court chooses to read the PATRIOT Act as killing Section 215 when it sunsets, this likely won't end the collection of phone metadata. The government still has other options.
Many privacy advocates believe the White House would have two routes available if it chose to continue the program, absent congressional action. Along with potentially being able to continue investigations that are ongoing despite an expiration, the administration could also rely on a "pen/trap" statute, which allows for phone tapping and has a loose standard of relevancy, akin to Section 215, and typically does not require probable cause.
This option would require a bit more paperwork and slightly refined targeting of court-approved numbers. It would, at least temporarily, halt the incoming collection of everything and force the NSA to relinquish control of the database. A PR/TT order wouldn't allow for collection in bulk, but rather return records linked to certain numbers from telcos searching their own databases. So, it would be a step forward in terms of Section 215 reform (moving the database out of the NSA's control), however inadvertently.

Others believe the language in the latest FISA order signifies nothing in particular.
Stewart Baker, a former general counsel at the NSA, said it's possible the surveillance court could use the leeway to grant a "one-off measure" in May to keep the bulk-records program going only through June. He noted that Boasberg's order requests that a memorandum from the government be filed not by June 1 but by May 22, a notable deadline, given that "most observers expect that Congress will only act at the last minute."

"The much harder question is whether it could issue any orders in June," Baker said. "There's an argument that it can, but I suspect that the administration won't be willing to make that argument."
Section 215 might expire, but the door is open for the NSA to continue its collecting uninterrupted. Things may become much more interesting in late May as the clock winds down. Perhaps Congress will have the courage to just let this section of the PATRIOT Act die, but it will have to weather plenty of "terrorists... terrorists everywhere!" posturing from Section 215's defenderss. If nothing else, an expiration would force the reforms the NSA has shown little interest in implementing.

Read More | 13 Comments | Leave a Comment..

Posted on Techdirt - 24 March 2015 @ 4:09am

Amazon Quietly Bricked Jailbroken Kindle Devices Last Year

from the taking-money;-building-walls dept

It appears that Amazon is very serious about walling off its garden. Late last year, it pushed out a firmware update for its Amazon Fire TV devices that not only made rooted devices unusable, but prevented Fire TV owners from rolling back firmware to previous, more root-friendly versions. Apparently, Kindle users were also included in this lockdown.

A recent post at Good Reader notes that the latest firmware for Kindles is pretty much identical to its Fire TV firmware, right down to the destruction of functionality.

The new firmware was pushed out to all modern Kindle devices in late November of last year. Anything after version 5.60 will not allow you to hack the firmware and do interesting things like change the screensaver system or install custom apps.
And, like its firmware for the Fire TV, rollback to less hack-resistant firmware is nearly impossible. You can force it back, provided you have a soldering iron (and the willingness to apply it to your device) or you can follow a few not-so-simple steps to take your root access back from Amazon. But once again, it's the company removing functionality for the sole purpose of making devices perform the way Amazon wants them to, rather than leaving these sorts of decisions to those who have purchased the devices.

And it's not as though Kindle owners are receiving any heads up from Amazon about the firmware's plans for their jailbroken devices. No mention of it is made in the firmware's specifications, which only tells you about the (supposedly) good things the update will bring: vague "bug fixes and improvements." Softpedia's hosting page for the latest version (5.6.1) goes into a little more detail, but it only contains a list of slightly-upgraded Amazon features, rather than the limitations the firmware will impose on paying customers.

If you like Amazon's walled garden, the company is more than happy to ensure you never find the gate. If you don't, Amazon is more than happy to step in and brick over any openings. The latter does a huge disservice to paying customers who are looking to get the most out of something they purchased and own, but seems to still somehow "belong" to Amazon.

111 Comments | Leave a Comment..

Posted on Techdirt - 23 March 2015 @ 1:38pm

UK Police Can't Confirm Or Deny Investigation Of Journalists It Publicly Confirmed In 2013

from the Glomar-logic dept

If you're a UK-based journalist who's reported on the Snowden leaks, it's safe to say you're under investigation. Not only are you being investigated, but that investigation itself is so secret, it can't be discussed. The Intercept's Ryan Gallagher sent a Freedom of Information request to London's Metropolitan Police (the Met) for more information about the investigation -- something twice publicly confirmed by Met representatives.

But when asked specifically for information on the ongoing investigation, the agency had nothing to say.

[T]he Metropolitan Police... says everything about the investigation’s existence is a secret and too dangerous to disclose. In response to a Freedom of Information Act request from this reporter, the force has repeatedly refused to release any information about the status of the investigation, how many officers are working on it, or how much taxpayer money has been spent on it. The Met wrote in its response:

"to confirm or deny whether we hold any information concerning any current or previous investigations into the alleged actions of Edward Snowden could potentially be misused proving detrimental to national security.'

In this current environment, where there is a possibility of increased threat of terrorist activity, providing any details even to confirm or deny that any information exists could assist any group or persons who wish to cause harm to the people of the nation which would undermine the safeguarding of national security."
The response is hardly a response. In fact, almost the entirety of the nine-page document Gallagher received is simply reasons WHY the Met won't be responding affirmatively or negatively to his inquiry. The only new information gleaned is that control of the investigation has changed hands.
AC Mark Rowley has taken over as Head of Specialist Operations following the departure of Cressida Dick
That's the one thing the "Counter Terrorism Command" can confirm. This would be the same department within the Met that was directly involved with the detainment and questioning of Glenn Greenwald's partner, David Miranda. Everything else falls under a variety of exemptions, including the oh-so-opaque "state secrets" designation.
The Metropolitan Police Service can neither confirm nor deny whether it holds any of the information that you have requested, as the duty in S1(1)(a) of the Freedom of Information Act 2000 does not apply, by virtue of the following exemptions:

Section 23(5) - Information supplied by, or concerning, certain security bodies
Section 24(2) - National Security
Section 30(3) Criminal Investigations
Section 31(3) - Law Enforcement
Section 40(5) - Personal information
There's more detail later, when the response details the agency's decision to declare the request to be "not in the public interest."
The security of the country is of paramount importance and the Police service will not divulge whether information is or is not held if to do so would undermine National Security or law enforcement. Whilst there is a public interest in the transparency of policing operations and providing assurance that the police service is appropriately and effectively engaging with the threats posed by groups or individuals there is a very strong public interest in safeguarding the integrity of police investigations and operations in the highly sensitive area of extremism, crime prevention, public disorder and terrorism prevention.

[...]

After weighing up the competing interests I have determined that confirmation or denial of any information being held concerning whether the MPS has investigated the alleged actions of Edward Snowden or not would not be in the public interest. To confirm or deny that information is held regarding any individual or investigation that may or may not have taken place could be detrimental to any investigations that may be being conducted now or in the future.
But, of course, all of this discussion about national security, public interest and possibly compromised investigations does not confirm that there's a twice-previously-confirmed investigation of UK journalists in progress.
However, this should not be taken as necessarily indicating that any information that would meet your request exists or does not exist.
This UK-style Glomar tosses the request back to The Intercept, which has tossed it to the nearest governing body..
The Intercept has filed a complaint with the Information Commissioner’s Office, the public body that enforces the U.K.’s freedom of information laws, about the Met’s refusal to release information about the current status of the investigation. The commissioner will now look at how the police handled the request and decide whether they should be ordered to hand over the relevant details.
Even in the UK, information doesn't want to be free. It wants to be litigated.

The Met continues to maintain its code of silence in the face of its earlier public statements about investigating those publishing the Snowden leaks. When asked how something the agency itself publicly discussed several months ago is now a "national security" issue, the Met offered a swift "no comment" -- a handy way to dodge the logic hole in its Freedom of Information request denial.

Read More | 14 Comments | Leave a Comment..

Posted on Techdirt - 23 March 2015 @ 8:08am

The DOJ Isn't Interested In Protecting FBI Whistleblowers From Retaliation

from the a.-ignore-b.-drag-feet dept

You don't hear much about FBI whistleblowers. Many other agencies have had wrongdoing exposed by employees (and the government has often seen fit to slap the whistles out of their mouths with harsh prosecution), but the FBI isn't one of them. Forty-three years ago, whistleblowers broke into the FBI and retrieved damning documents, but no one's really broken out of the FBI to do the same. In fact, the FBI would rather not talk about whistleblowing at all.

An optimist might chalk this up to the FBI being a tightly-run organization that polices itself for malfeasance and wrongdoing. They'd be wrong, of course. Just within the past year, the FBI has twice thwarted its own oversight and may soon face budgetary constraints if it won't turn over the documents the DOJ's Inspector General is seeking.

There's a reason no one blows the whistle at the FBI and this GAO report spells it out: unlike every other government agency, the DOJ's internal policies contain nothing to shield FBI whistleblowers from retaliation.

Unlike employees of other executive branch agencies, FBI employees do not have a process to seek corrective action if they experience retaliation based on a disclosure of wrongdoing to their supervisors or others in their chain of command who are not designated officials. This difference is due, in part, to DOJ’s decisions about how to implement the statute governing FBI whistleblowers. When issuing its regulations in 1999, DOJ officials did not include supervisors in the list of entities designated to receive protected disclosures, stating that Congress intended DOJ to limit the universe of recipients of protected disclosures, in part because of the sensitive information to which FBI employees have access.
To ostensibly protect means, methods and (presumably) the country itself, the DOJ eliminated several options whistleblowers could pursue when taking their complaints through official channels. A 2012 Presidential Policy Directive aimed at increasing whistleblower protections failed to move the needle.
In response to this requirement, DOJ reviewed its regulations and in an April 2014 report recommended adding more senior officials in FBI field offices to the list of designated entities, but did not recommend adding all supervisors. DOJ cited a number of reasons for this, including concerns about striking the right balance between the benefits of an expanded list and the additional resources and time needed to handle a possible increase in complaints. By dismissing retaliation complaints based on a disclosure made to an employee’s supervisor or someone in that person’s chain of command, DOJ leaves some FBI whistleblowers—such as the 17 complainants we identified—without protection from retaliation.
The DOJ is plainly uninterested in sheltering those who would point out FBI wrongdoing. It has set up a minefield most whistleblowers are unable to navigate.
We concluded that, without clear information on how to make a protected disclosure, FBI whistleblowers may not be aware that, depending on how they report their allegation, they may not be able to seek corrective action if they experience retaliation.
So, with no roadmap and extremely limited protections, whistleblowers who do manage to bring their complaints up through proper channels are often subjected to retaliatory actions for which they have no remedy.
[I]n 2002, former FBI agent Jane Turner filed a whistleblower complaint with DOJ alleging that her colleagues had stolen items from Ground Zero after the September 11, 2001, terrorist attacks. She was then given a “does not meet expectations” rating, placed on leave, and notified of proposed removal.
This retalitation was reported by Agent Turner to the DOJ, which then slowly ground its heavy wheels of so-called justice for more than a decade.
[The] DOJ ultimately found in her favor in 2013—over 10 years later.
Turner's case isn't an anomaly. The GAO found that, while the DOJ was often quick to dismiss retaliation complaints simply because the whistleblower failed to properly navigate its labyrinthine reporting restrictions, it was seldom interested in moving quickly on behalf of those who managed to luck into complete compliance.
The 4 complaints we reviewed in our 2015 report that met threshold regulatory requirements and that DOJ ultimately adjudicated on the merits, took up to 10.6 years to resolve, and DOJ did not provide parties with expected time frames for its decisions throughout these cases.
The DOJ blames this on "case complexity" and "staffing priorities." The latter excuse is likely the most honest. The DOJ is far more inclined to prosecute whistleblowers than protect whistleblowers. Blowing the whistle at the FBI means being subjected to vindictive actions with little to no recourse. The DOJ may decide to take a whistleblower's case, but will do little, if anything, to escalate its response. In the meantime, whistleblowers are apparently supposed to take a number and wait things out in a hostile environment.

Will this GAO report result in better protections? Highly doubtful, considering a directive issued by the President's office itself failed to produce any significant change. Even the agency's inside oversight -- the Office of the Inspector General -- is finding the DOJ completely unresponsive to its complaints about FBI stonewalling and obfuscation. It's highly unlikely the DOJ will handle lower-level whistleblower complaints with more speed or openness.

The DOJ, along with the FBI, has successfully neutralized most forms of accountability. The OIG is openly ignored. FOIA requests are frequently greeted with massive amounts of withheld documents and redactions. When pressed, the nation's top law enforcement agency tends to wrap itself in a patchwork of undeclared wars (drugs, terrorism) and claims accountability will lead to an unsafe and unsecured country. Meanwhile, its own underling agencies go rogue while tangled, useless policies keep whistleblowers from ever opening their mouths.

Read More | 15 Comments | Leave a Comment..

Posted on Techdirt - 23 March 2015 @ 5:49am

Amazon Still Won't Talk About Government Requests For User Data

from the usually,-silence-speaks-volumes,-but-in-this-case,-just-more-silence dept

In the wake of the Snowden leaks, more and more tech companies are providing their users with transparency reports that detail (to the extent they're allowed) government requests for user data. Amazon -- home to vast amounts of cloud storage -- isn't one of them.

Amazon remains the only US internet giant in the Fortune 500 that has not yet released a report detailing how many demands for data it receives from the US government.

Although people are starting to notice, the retail and cloud giant has no public plans to address these concerns.

Word first spread last week when the ACLU's Christopher Soghoian, who's spent years publicly denouncing companies for poor privacy practices, told attendees at a Seattle town hall event that he's "hit a wall with Amazon," adding that it's "just really difficult to reach people there."
Zack Whittaker and ZDNet ran into the same wall. Nearly thirty Amazon representatives were contacted but only one provided a response: an anonymous statement that the company was under "confidentiality obligations" not to discuss requests for data.

There are several reasons why Amazon might be hesitant to share intel/law enforcement request data, perhaps none bigger than its $600 million/10-year contract with the US intelligence community. It might also be its multiple contracts with other federal agencies, including connecting the nation's law enforcement agencies through its AWS-hosted Criminal Justice Information Service.

But that can't be the whole explanation. It's not as if other companies now providing transparency reports aren't similarly engaged with the government at some level.
Microsoft has contracts with various governments to provide Windows and Office software. Google offers a range of open-source and cloud-based services to the government, and Apple provides iPhones and iPads to government and military users, thanks to earning various certifications.
Even telephone service providers, which have historically been very proactive in accommodating government demands for data -- going so far as to give intelligence analysts guidance on how to skirt legal restrictions -- are producing bi-annual transparency reports. But Amazon simply refuses to do so, and then refuses to explain its refusal.

This lack of transparency has gone past the point of being merely vexatious. Amazon isn't satisfied with simply selling and storing. It's gathering far more data than its more famous offerings would indicate.
With its smartphone and tablet line-up, the company is taking on even more data -- including browsing history through its Silk browser, reading habits, and other data like IP addresses. The company is slated to be moving into the enterprise and work-based email provider space.
Silence and secrecy aren't improving Amazon's reputation, at least not with those with privacy concerns. Unfortunately for them, it's been well-established that Amazon will do whatever it wants with little regard for public opinion. No one's going to "guilt" Amazon into doing anything. But the concerns are legitimate. Who wants to be housed "next door" to the CIA, knowing it has shown little respect for data barriers put in place to safeguard other government entities? I'm sure the answer is "hardly anybody," but Amazon's opacity prevents ordinary people from knowing even the slightest about the government's activities and demands.

25 Comments | Leave a Comment..

Posted on Techdirt - 20 March 2015 @ 10:24am

Cisco Shipping Hardware To Bogus Addresses To Throw Off NSA Intercept-And-Implant Efforts

from the 1324-Middle-Finger-Extended-Blvd. dept

Cisco became an inadvertent (and very unwilling) co-star in the NSA Antics: Snowden Edition when its logo was splashed across the web by a leaked document detailing the agency's interception of outbound US networking hardware in order to insert surveillance backdoors.


It moved quickly to mitigate the damage, sending a letter to the President asking him and his administration to institute some safeguards and limitations to protect US tech companies from the NSA's backdoor plans. To date, there has been no direct response. So, Cisco has decided to handle the problem itself.
Cisco will ship boxes to vacant addresses in a bid to foil the NSA, security chief John Stewart says.

The dead drop shipments help to foil a Snowden-revealed operation whereby the NSA would intercept networking kit and install backdoors before boxen reached customers…

"We ship [boxes] to an address that's has nothing to do with the customer, and then you have no idea who ultimately it is going to," Stewart says.

"When customers are truly worried ... it causes other issues to make [interception] more difficult in that [agencies] don't quite know where that router is going so its very hard to target - you'd have to target all of them. There is always going to be inherent risk."
Stewart acknowledges that Cisco's modified dead drop shipping operations aren't foolproof, but will at least force the agency to do a little more research before intercepting packages. Stewart also noted that some customers aren't taking any chances, opting to pick up their hardware from Cisco directly.

There are also variables Cisco simply can't control, like the possibility of inbound components from upline manufacturers arriving pre-compromised. But it's doing what it can to ensure that "Cisco" isn't synonymous with "spyware."

Then there's always the possibility that the government may find Cisco's new routing methods to be quasi-fraudulent and force the company to plainly state where each package is actually going. No response has been issued by the ODNI or NSA to this news, and most likely, none will be forthcoming. Any statement on Cisco's fictitious routing would tip its hand.

Cisco's plan makes a lot of assumptions about the NSA's capabilities, most of which aren't particularly sound, but this seems to be more a public display of pique than a surefire way to eliminate most of the NSA's hardware interceptions. It also sends a message to the NSA, one it's been hearing more and more of over the last couple of years: the nation's tech companies aren't your buddies and they're more than a little tired of being unwilling partners in worldwide surveillance.

36 Comments | Leave a Comment..

Posted on Techdirt - 20 March 2015 @ 8:11am

US Marshals Service Withholds Publicly-Available Data From Its Stingray Device FOIA Response

from the open-[secrets] dept

Overclassification and abuse of FOIA exemptions is a given with most of our nation's security/law enforcement agencies. Two agencies -- the DHS and the FBI -- both redacted publicly-available information on drone possession and usage. Why? Because no one will stop them. Public accountability isn't something these agencies embrace. Their real love is secrecy, obfuscation and an allegiance to the eternal protection of "techniques and procedures," even when the information has already been disseminated elsewhere.

MuckRock's Phil Mocek recently received responsive documents from the US Marshals Service on its Stingray usage. The Marshals Service is notoriously secretive about the Stingrays in its law enforcement stable and is equally infamous for the thug-like tactics it has deployed to hide documents from public records requests.

So protective is it of this information that its response to Mocek jumped the secrecy shark. Hidden behind the numerous black redaction bars is information freely available on an official government website.

While it appears the USMS is not under any nondisclosure agreement with the device manufacturer, the agency has withheld a wide range of basic information under an exemption meant to protect law enforcement techniques. However, much of the redacted data is already available online via a federal accounting website…

Particular item names and descriptions are universally redacted throughout the documents. But released invoices and purchase orders indicate that USMS spending on cell site simulators and related services totaled nearly $10 million between September 2009 and April 2014.
As MuckRock's Shawn Musgrave points out, this information deemed too sensitive to be released to a FOIA requester can be found at the General Services Administration's website. The GSA handles a majority of government contracts and, as a government entity, is only allowed to display information deemed suitable for public consumption. The same information withheld by the US Marshals Service has been previously cleared for release on the GSA's site.

An overabundance of caution by the US Marshals Service? Maybe. Or maybe it's just accustomed to throwing plenty of black ink around when fielding FOIA requests. Either way, this withholding of publicly-available data suggests one thing: the USMS's justification for blotting out this info doesn't mean shit.
Extensive redactions throughout the document cache are made under a provision in the federal Freedom of Information Act — exemption (b)(7)(E), for the FOIA nerds — meant to protect law enforcement information.

Specifically, per the Justice Department’s own guidelines, this exemption covers information that "would disclose techniques and procedures for law enforcement investigations or prosecutions”, or that “would disclose guidelines for law enforcement investigations or prosecutions if such disclosure could reasonably be expected to risk circumvention of the law."

The trouble is, much of the information blacked out by USMS FOIA officers is already available online to the general public, and hardly qualifies as law enforcement information as defined in this provision.
It's not that the US Marshals Service doesn't understand the correct deployment of FOIA exemptions. It just doesn't care. How a dollar amount can be both publicly-available through the GSA and a too-sensitive-for-the-public "technique or procedure" will never be explained by the wilfully opaque law enforcement agency. At best, it will suggest the redaction was an error. But more likely, it will be happy to stay quiet on the issue and allow the BS exemptions to speak for themselves.

14 Comments | Leave a Comment..

Posted on Techdirt - 20 March 2015 @ 6:04am

Patent Not Sufficiently Broad Or Generic? Cloem Will Help You By Automatically Generating Dozens Of Nearly Identical Patents

from the a-mass-transit-vehicle-for-abuse dept

VentureBeat has news on two "startups" (which neither really are) that could possibly "upend" intellectual property laws: Qentis (copyright) and Cloem (patents).

The first, Qentis, was covered here previously. Qentis isn't actually a company. It appears to be the trolling byproduct of artist Marco Marcovici. The "company" claims to be algorithmically generating millions of photos and pages of text at a rate that will soon see it creating copyrighted material faster than the creators themselves. At some point, Qentis will hold the copyright of everything that can possibly be created, making every new creation instantly infringing.

Never mind the fact that no one has the computing power to generate photos and text at the rate Qentis is claiming it can, or the fact that algorithmically banging out creative works in advance of others doesn't make independent creations automatically infringing. Never mind pretty much all of it because the claims are so blatantly false as to be laughable, especially considering the source.

On the other hand, Cloem's business model seems a bit more grounded in reality. VentureBeat describes Cloem -- and its aims -- this way:

[A] company that provides software (not satirically, it appears) to linguistically manipulate a seed set of a client’s patent claims by, for example, substituting in synonyms or reordering steps in a process, thereby generating tens of thousands of potentially patentable inventions.
Cloem describes its team as a mixture of patent experts and "computer linguistic specialists." The key element of its potentially-patentable variations lies within "seed lists," which draw from a variety of sources, including (according to Cloem) "70,000,000 patent documents." Its algorithms then brute force together lists of "new" patent claims, which can then be filed and used offensively or defensively.

Cloem's business model seems custom-built for patent trolls, who will be able to "expand" their already-broad patents to nail down even more IP turf. Cloem's service also makes it easy for non-inventors to jam up patent offices with me-too "inventions" based on minor iterations of existing patents. While there's a good chance some of these will be tossed due to prior art, more than a few will inevitably make their way past examiners. With millions of patents just waiting to be iterated into "new" methods, Cloem's service further separates "inventing" from "invention."

It's a system that's built for abuse, but Cloem doesn't see it that way. In response to a somewhat critical post at RatioIP, Cloem's rep offers up the defense of "Hey, we just make the tool. We can't control how it's used."
In our view, Cloem is a logical and natural evolution of the patent system. The technology in itself is neutral. Like a tool, we can use it in many ways, both offensive and defensive. It may well be that we could help to “raise the bar” and get rid of undue patents. Some see our system as an embodiment of the “skilled person” (i.e. which indicates what “routine work” can produce and reach), although we do think that cloem texts can be inventive, that is not excluded from patentability.
And that's mostly true. Entities wishing to protect their prior inventions could "fence off" adjacent territory and deter future lawsuits by producing and filing very closely-related patents. But a tool like this -- if it creates anything patentable at all -- will always be more attractive to the "offensive" side of the equation.

Cloem's pitch sets the company at the forefront of an IP revolution, but its envisioned future is no more heartening than Qentis' dystopian, IP-generating machines of loving grace. At least Qentis is a joke. Cloem's taglines only read like jokes.
With Cloem, you can invent more, faster and cheaper.
Except there's no "invention" taking place. Nothing generated by Cloem's algorithms will be any more "inventive" than all the re-skins and palette swaps clogging up the "Games" section in mobile app stores. Cloem hopes to bridge the gap between its "silos of knowledge" and its silos of synonyms, somehow coming up with worthwhile patents in the process. Sure, previous knowledge always informs new creations, but it takes more than swapping the sentence "a plurality of discrete content items arranged chronologically" around in the method description to generate inventive, worthwhile patents.

26 Comments | Leave a Comment..

More posts from Capitalist Lion Tamer >>