Mike Masnick’s Techdirt Profile

mmasnick

About Mike MasnickTechdirt Insider

Mike is the founder and CEO of Floor64 and editor of the Techdirt blog.

He can be found on Twitter at http://www.twitter.com/mmasnick



Posted on Techdirt - 28 August 2015 @ 7:39pm

Popehat v. James Woods SLAPP-down Match; Coming Soon To A Court Near You

from the can-i-get-front-row-seats? dept

A month ago, we wrote about actor James Woods bizarrely suing a trollish Twitter user who had been mocking Woods on the site. The whole lawsuit seemed ridiculous. The specific tweet that sent Woods over the edge was this anonymous user (who went by the name "Abe List") saying "cocaine addict James Woods still sniffing and spouting." Soon after our post on the subject, Ken "Popehat" White posted an even better takedown entitled James Woods Punches the Muppet. That post has now been updated with a brief note that White has now been retained to defend the anonymous Twitter user. And, if that gets you excited for what to expect in the legal filings, well, you don't have wait. As first reported by Eriq Gardner at the Hollywood Reporter, White has filed the John Doe's opposition to Woods' attempt to unmask the guy. And it's worth reading.

Problem number one with Woods' suit is laid out right at the beginning of the filing, which is that Woods himself has a habit of accusing others of using illegal drugs as well, just as Abe List did:

The filing shows other tweets from Woods that have similar words that Woods complained about Abe List using, such as "clown" and "scum." As the filing notes, it appears Woods thinks that he can use those insults towards others, but if anyone uses them towards him, it's somehow defamatory.
Plaintiff, an internationally known actor, is active on Twitter, a social media platform. There he is known for engaging in rough-and-tumble political debate. Plaintiff routinely employs insults like “clown” and “scum,” and even accuses others of drug use as a rhetorical trope....
But Plaintiff apparently believes that while he can say that sort of thing to others, others cannot say it to him. He has sued Mr. Doe for a derisive tweet referring to him as “cocaine addict James Woods still sniffing and spouting” in the course of political back-andforth.... He also complains, at length, that Mr. Doe has called him things like a “clown” and “scum.” Naturally, Plaintiff has himself called others “clown” or “scum” on Twitter.
The filing, quite reasonably, notes that these kinds of hyperbolic claims cannot be seen as defamatory, and since there's no legitimate claim here, there is no reason to do expedited discovery or to unmask Abe List, who is entitled to have his identity protected under the First Amendment.

Oh, and, not surprisingly, White will be filing an anti-SLAPP motion shortly, which may mean that Woods is going to have to pay for this mess that he caused.

The filing also notes that while Woods sent a subpoena to Twitter to try to seek Abe List's identity, the company turned it down as deficient. The full two page letter is in the filing below as Exhibit B, but a quick snippet on the First Amendment concerns:
Meanwhile, Woods has already filed a response in which he is still seeking to uncover the name of Abe List, and which repeats more ridiculous claims about the whole thing, starting off with the simply false claim that the original "cocaine addict" tweet was likely seen by "hundreds of thousands" of Woods' followers. That's wrong. They would only see if they followed both Woods and the Abe List account, which very few did.

The filing, somewhat hilariously, claims that calling someone "a joke," "ridiculous," "scum" and "clown-boy" are not protected by the First Amendment. Which makes me wonder what law school Woods' lawyers went to. Because that's just wrong:
AL's outrageous claim appears to be the culmination of a mlaicious on-line campaign by AL to discredit and damage Woods' reputation, a campaign which began as early as December 2014. In the past, AL has referred to Woods with such derogatory terms as a "joke," "ridiculous," "scum" and "clown-boy." ... Although AL's rantings against Woods began with childish name calling, it has escalated beyond the protections of free speech, i.e., the First Amendment does not permit anyone to falsely represent to the public that another person is addicted to an illegal narcotic.
Um... but Woods himself did exactly that (see above). It's standard hyperbolic speech, which is clearly not defamatory especially when mocking a public figure like Woods who has a history of using the same sort of hyperbolic insults on Twitter. Even more ridiculously, Woods' lawyers claim that by saying that the statement was a joke, that's Abe List admitting that he knew it was a false statement. I can't see that argument flying. I can see it backfiring big time once the anti-SLAPP motion is made.

So, what about those similar tweets made by Woods himself? His lawyers tell the court to ignore those piddly things.
... to the extent AL or TG attempt to argue that the Court should consider other statements on their Twitter accounts, or any previous tweets by Mr. Woods, the argument is a red herring. First, there is no reason any of Mr. Woods' followers, all of whom were exposed to the defamatory statements, would even bother to investigate the speakers and/or their Twitter sites to determine if they were reliable sources. As to Mr. Woods, we are not aware of any false statements of fact made by Mr. Woods and his sometimes sharp commentary on political matters is irrelevant to the allegations here.
Except, uh, again, Woods suggested someone smoked crack, just like Abe List joked that Woods was a cocaine addict. And, again, Woods and his lawyers are just wrong that all of Woods' followers would have seen Abe Lists' tweets. They're just factually wrong.

You never know how courts will rule in any particular case, no matter how ridiculous, but I have a hard time seeing how Woods gets out of this without having to pay two sets of lawyers -- his own and Ken White -- for filing a clearly bogus defamation case designed to shut up (and identify) an anonymous Twitter critic. No matter what, James Woods may not be a cocaine addict, but he has made it clear that he can dish it out but can't take it back when people make fun of him. What a clown.

Read More | 19 Comments | Leave a Comment..

Posted on Techdirt - 28 August 2015 @ 3:23pm

Universal Music Has No Sense Of Humor, Takes Down Hilarious Twitter Profile Pun Parody Of Nirvana Song

from the get-over-yourself-UMG dept

Earlier today Techdirt writer Tim Geigner pointed me to a YouTube video that used Twitter user names to create a punnish version of the 80s hit "Tainted Love" retitled Tweeted Love. It's pretty amusing:

In checking out the YouTube account of the guy who created it, Jim Mortleman, a more recent video posted just a few days ago popped up, entitled Nerdpunna - Smells Like Tweet Spirit. This was the same style video, using Twitter usernames to create an absolutely hilarious version of the famous Nirvana song. It was so well done (perhaps because Kurt Cobain's lyrics are so unintelligible) that I couldn't believe it had only around 2,000 views. So I tweeted it, joking that people should check it out before it got taken down.
A bunch of people started retweeting and linking to it, with many of them commenting on how great the video was or how funny it was. Even people who aren't Nirvana fans were talking about it. A few examples:
And there were many more like that. In short: the damn thing is really funny and super well done. After realizing that his video was suddenly getting an influx of traffic, the creator of it, Jim Mortleman (who says that the videos are actually a group project in finding the profiles, which he then puts together in the video) tweeted me that he was pretty sure he was safe because he'd been alerted that UMG was "monetizing" his video -- which is one of the options in YouTube for copyright holders if they want to make money on someone using their work, rather than taking it down.
From his YouTube screen, it actually showed that Universal Music had blocked the video in one country while monetizing it elsewhere:
However, just a few hours later, as the video started getting more and more attention, views and tweets... apparently Universal changed its mind -- and if you now visit the page, this is what you see:
Mortleman says that within YouTube it's now officially blocked in all countries. This is a ContentID match, rather than a direct takedown, though the company clearly made the decision to switch it from monetizing it to taking it down -- so someone made a decision.

And it's a hellishly stupid decision. The video was fantastic and didn't take anything away from the song. It certainly wasn't a replacement for the song and, if anything, was likely to draw a lot more interest to the song and remind people of its existence. I'm not a huge fan of the song, but have been humming it to myself all afternoon because of that video (which I ended up watching a few times).

Also, this seems like a pretty clear case of fair use -- though I imagine some will disagree. The hilarious use of twitter user names to create alternative lyrics to the song is quite transformative. No one was watching this video as a replacement for the original song, but because the video itself sort of celebrated the song with alternative lyrics made up entirely of Twitter profile names where "Here we are now, entertain us" because "Huey Long Gnarl Emma Talus" (if you haven't seen the actual video... it's much funnier in the way it was presented). And now it's all gone and you can't see it.

All because of copyright law and UMG's total lack of a sense of humor.

Even if you think the fair use case is bunk and that the video is infringing and UMG is totally, 100% in the right to do what it did, I'm curious how this helps UMG in any way, shape or form. It doesn't help them get any more money, and it just makes people pissed off. How is that a smart business decision?

Update: Jim has now posted a silent version of the video so you can see what it looks like, though it's really not the same effect (though you can try to line up the audio with it to try to replicate the effect):

31 Comments | Leave a Comment..

Posted on Techdirt - 28 August 2015 @ 2:32pm

American Teen Gets 11 Year Sentence For Pro-ISIS Tweets That Taught People How To Use Bitcoin

from the really,-now? dept

Earlier this summer, the DOJ proudly announced that a Virginia teenager, Ali Shukri Amin, had taken a plea deal for "providing material support to ISIL" (the terrorist organization that everyone outside of the US government calls ISIS). This is back in the news now that Amin has been sentenced to 11 years in prison. Let's get this out of the way: ISIS is clearly a horrific and dangerous organization. But does what Amin did really deserve 11 years in prison? The details of the case against him also seem to raise some serious First Amendment questions about what counts as "material support."

First: the one area where Amin's actions do seem fairly questionable are when he helped another Virginia teen travel to Syria, apparently to join ISIS. That part definitely seems like it stepped over the legal line. But, the rest of the charges against him seem... like a teenager using Twitter and other social media to discuss stuff he's interested in. Amin ran a Twitter account called @AmreekiWitness, which had about 4,000 followers. He tweeted pro-ISIS propaganda, but that still seems to be a form of protected speech, last I checked. And, his big "crime" appears to be linking to an article about why ISIS supporters should use Bitcoin.

The following are examples of the defendant's use of Twitter in furtherance of his conspiracy to provide material support to ISIL:
On or about July 7, 2014, using the @AmreekiWitness account, the defendant tweeted a link to an article he authored entitled "Bitcoin wa' Sadaqat al-Jihad" (Bitcoin and the Charity of Jihad). The link transferred the user to the defendant's blog, where the article was posted. The article discussed how to use bitcoins and how jihadists could utilize this currency to fund their efforts. The article explained what bitcoins were, how the bitcoin system worked and suggested using Dark Wallet, a new bitcoin wallet, which keeps the user of bitcoins anonymous. The article included statements on how to set up an anonymous donations system to send money, using bitcoin, to the mujahedeen.

On approximately August 1, 2014, the defendant showed support for ISIL and his desire to help garner financial support for those wanting to commit jihad. Through @AmreekiWitness the defendant discussed methods to provide financial support for those wanting to commit jihad and for those individuals trying to travel overseas.

On approximately August 19, 2014, the defendant showed support for ISIL and desire to support ISIL. The defendant tweeted that the khilafah needed an official website "ASAP," and that ISIL could not continue to release media "in the wild" or use "JustPaste." Through various tweets, the defendant provided information on how to prevent the website from being taken down, by adding security and defenses, and he solicited others via Twitter to assist on the development of the website.
The defendant also operated an Amreeki Witness page on the website ask.fm. The defendant used these accounts extensively as a platform to proselytize his radical Islamic ideology, justify and defend ISIL's violent practices, and to provide advice on topics such as jihadists travel to fight with ISIL, online security measures, and about how to use Bitcoin to finance themselves without creating evidence of crime, among other matters.

The defendant also created the pro-ISIL blog entitled, "Al-Khilafah Aridat." On this blog, the defendant authored a series of highly-technical articles targeted at aspiring jihadists and ISIL supporters detailing the use of security measures in online communications to include use of encryption and anonymity software, tools and techniques, as well as the use of the virtual currency Bitcoin as a means to anonymously fund ISIL.
Tweeting about Bitcoin and saying that ISIS needs a website is a crime? One that deserves over a decade in jail? Obviously, aiding ISIS in any way is incredibly stupid, but it seems like a pretty slippery slope to argue that teaching people how to use Bitcoin or saying that ISIS needs a website rises to the level of "material support for ISIS" by itself. It seems like such a definition could lead to many, many people at risk. If you disagree with US policy for dealing with ISIS and say so -- at what point does it cross over the line? It seems way too easy to twist this into criminalizing dissent, rather than actually supporting a designated terrorist organization.

I'm all for coming up with ways to stop the spread of ISIS, and to prevent further attacks by the group. But jailing an American teenager over his tweets seems... excessive.

Read More | 39 Comments | Leave a Comment..

Posted on Techdirt - 28 August 2015 @ 10:43am

Appeals Court Strikes Down Ruling Finding NSA Phone Records Collection Unconstitutional

from the well-that's-too-bad dept

Back in December of 2013, judge Richard Leon of the DC district court, ruled that the NSA's bulk metadata collection under Section 215 of the PATRIOT Act was unconstitutional and issued an injunction against it (though, recognizing the inevitable appeal, Judge Leon stayed the injunction). This was in the case brought by Larry Klayman and FreedomWorks.

Leon's ruling was detailed and thorough... but the DC circuit appeals court has overturned it and sent it back to the lower court, focusing mainly on the "standing" question that has been raised in basically every case against NSA surveillance. In short, the government says "if you can't prove that we spied on you directly, then you can't sue us over our spying on everyone generally." That seems sketchy for all sorts of reasons, and Judge Leon, in his original ruling pointed out how ridiculous it was, mocking the government's reliance on the Supreme Court ruling in "Clapper" (a case against James Clapper) where the Supreme Court basically agreed that you needed more evidence to show you had standing. Of course, that ruling only happened after the US Solicitor General lied to the Supreme Court about how defendants arrested using such data would be told how it was collected. Besides, here, Judge Leon noted, there was plenty of evidence that everyone's information was being collected.

Straining mightily to find a reason that plaintiffs nonetheless lack standing to challenge the metadata collection, the Government argues that Judge Vinson's order names only Verizon Business Network Services ("VBNS") as the recipient of the order, whereas plaintiffs claim to be Verizon Wireless subscribers. The Government obviously wants me to infer that the NSA may not have collected records from Verizon Wireless (or perhaps any other non-VBNS entity, such as AT&T and Sprint). Curiously, the Government makes this argument at the same time it is describing in its pleadings a bulk metadata collection program that can function only because it "creates an historical repository that permits retrospective analysis of terrorist-related communications across multiple telecommunications networks, and that can be immediately accessed as new terrorist-associated telephone identifiers come to light."

[....] Put simply, the Government wants it both ways. Virtually all of the Government's briefs and arguments to this Court explain how the Government has acted in good faith to create a comprehensive metadata database that serves as a potentially valuable tool in combating terrorism--in which case the NSA must have collected metadata from Verizon Wireless, the single largest wireless carrier in the United States, as well as AT&T and Sprint, the second and third-largest carriers.... Yet in one footnote, the Government asks me to find that plaintiffs lack standing based on the theoretical possibility that the NSA has collected a universe of metadata so incomplete that the program could not possibly serve its putative function. Candor of this type defies common sense and does not inspire confidence!
But, the appeals court just doesn't buy it. From the opinion by Judge Janice Brown:
The record, as it stands in the very early stages of this litigation, leaves some doubt about whether plaintiffs’ own metadata was ever collected. Plaintiffs’ central allegation is that defendants “violated the Fourth Amendment to the U.S. Constitution when they unreasonably searched and seized and continue to search Plaintiffs’ phone records . . . without reasonable suspicion or probable cause.” ... Plaintiffs have supported this claim with specific facts, notably: (1) The NSA operates a bulk telephony-metadata collection program; and (2) on April 25, 2013, the FISC issued an order requiring Verizon Business Network Services to produce its subscribers’ call detail records to the NSA on a daily basis from April 25, 2013 to July 19, 2013. However, plaintiffs are Verizon Wireless subscribers and not Verizon Business Network Services subscribers. Thus, the facts marshaled by plaintiffs do not fully establish that their own metadata was ever collected.
Judge Brown admits that Judge Leon explains why the government's own statements make it clear that its metadata collection goes beyond just Verizon Business Network Services, but doesn't think it's enough evidence. She also highlights how there is at least some more substantial evidence than in the Clapper/Amnesty International case that the Supreme Court ruled on, but still doesn't find it enough:
However, the burden on plaintiffs seeking a preliminary injunction is high. Plaintiffs must establish a “substantial likelihood of success on the merits.” ... Although one could reasonably infer from the evidence presented the government collected plaintiffs’ own metadata, one could also conclude the opposite. Having barely fulfilled the requirements for standing at this threshold stage, Plaintiffs fall short of meeting the higher burden of proof required for a preliminary injunction.
Instead, Judge Brown says that the lower court could try to determine if it's appropriate for Klayman/Freedomworks to be allowed to conduct discovery with the government to obtain more evidence that his phone record info was collected -- while admitting that's unlikely because "secret program" and all that.
On remand it is for the district court to determine whether limited discovery to explore jurisdictional facts is appropriate.... Of course, I recognize that, in order for additional discovery to be meaningful, one of the obstacles plaintiffs must surmount is the government’s unwillingness to make public a secret program.... It is entirely possible that, even if plaintiffs are granted discovery, the government may refuse to provide information (if any exists) that would further plaintiffs’ case. Plaintiffs’ claims may well founder in that event. But such is the nature of the government’s privileged control over certain classes of information. Plaintiffs must realize that secrecy is yet another form of regulation, prescribing not “what the citizen may do” but instead “what the citizen may know.”... Regulations of this sort may frustrate the inquisitive citizen but that does not make them illegal or illegitimate. Excessive secrecy limits needed criticism and debate. Effective secrecy ensures the perpetuation of our institutions. In any event, our opinions do not comment on the propriety of whatever privileges the government may have occasion to assert.
Got that? Excessive government secrecy sucks, but, hey, what can you do?

In a separate ruling, Judge Stephen Williams also says there's no standing, giving even more deference to the Supreme Court's ruling in the Clapper/Amnesty International case. While at least Judge Brown was willing to distinguish the two, Judge Williams sees no such distinction:
Here, the plaintiffs’ case for standing is similar to that rejected in Clapper. They offer nothing parallel to the Clapper plaintiffs’ evidence that the government had previously targeted them or someone they were communicating with (No. 3 above). And their assertion that NSA’s collection must be comprehensive in order for the program to be most effective is no stronger than the Clapper plaintiffs’ assertions regarding the government’s motive and capacity to target their communications
In fact, Judge Williams takes the odd position of adding in possible reasons why the NSA might not be collecting everyone's metadata to show why such an inference is unfounded:
The strength of plaintiffs’ inference from the government’s interest in having an effective program rests on an assumption that the NSA prioritizes effectiveness over all other values. In fact, there are various competing interests that may constrain the government’s pursuit of effective surveillance. Plaintiffs’ inference fails to account for the possibility that legal constraints, technical challenges, budget limitations, or other interests prevented NSA from collecting metadata from Verizon Wireless. Many government programs (even ones associated with national defense) seem to be calibrated or constrained by collateral concerns not directly related to the program’s stated objectives, such as funding deficiencies, bureaucratic inertia, poor leadership, and diversion to non-defense interests of resources nominally dedicated to defense. It is possible that such factors have operated to hamper the breadth of the NSA’s collection.
Basically, we can't assume that Verizon Wireless metadata was collected because, you know, maybe it wasn't. Maybe "bureaucratic inertia" meant the NSA really didn't care about Verizon Wireless. Who can really say?

The only "dissent" on the three judge panel comes from Judge David Sentelle, who says he basically agrees with absolutely everything Judge Williams says except for the idea that the case should be remanded to the district court for further discovery, saying the entire case should be dismissed outright.
Plaintiffs have not demonstrated that they suffer injury from the government’s collection of records. They have certainly not shown an “injury in fact” that is “actual or imminent, not conjectural or hypothetical.” ... I agree with the conclusion of my colleagues that plaintiffs have not shown themselves entitled to the preliminary injunction granted by the district court. However, we should not make that our judicial pronouncement, since we do not have jurisdiction to make any determination in the cause. I therefore would vacate the preliminary injunction as having been granted without jurisdiction by the district court, and I would remand the case, not for further proceedings, but for dismissal.

[....]

Without standing there is no jurisdiction. Without jurisdiction we cannot act.... Therefore, I agree with my colleagues that the issuance of the preliminary injunction was an ultra vires act by the district court and must be vacated. However, I believe we can do no more. I would remand the case for dismissal, not further proceedings.
So... that's not great. However, it also creates a pretty clear circuit split between the DC Circuit and the 2nd Circuit, which you may recall ruled that the ACLU and others had standing in a similar lawsuit. Given this clear circuit split, perhaps the Supreme Court can actually be persuaded to take up the case and fix the mistake it made in the Clapper case a couple years ago...

Read More | 19 Comments | Leave a Comment..

Posted on Techdirt - 28 August 2015 @ 9:33am

UK Music Collection Society PRS Sues SoundCloud

from the and-so-it-begins dept

There have been rumors for months that various elements of the legacy recording industry were gearing up to sue SoundCloud, the super popular and useful audio hosting site (we use it to host the Techdirt Podcast). In the last year or so, SoundCloud has been ramping up its efforts to appear super responsive to takedown requests, leading to ridiculous situations including the takedowns of public domain material, or of officially uploaded material. The company has also been completely ridiculous about fair use, telling users that it doesn't recognize it, since it's only a US concept.

As always, it appears that appeasing copyright extremists never gets you very far in the long run. The rumors for months are that, as with pretty much every other successful internet music-related service, the legacy players come asking for huge chunks of equity if you don't want to get sued. They basically demand companies bleed themselves dry, or be forced to be bled dry by a lawsuit. And now the lawsuits are starting. First up is not actually a record label, but PRS, the rather infamous UK music collection society that just recently told its members that it was keeping more of the money it collected, in order to funnel it into lawsuits. This is the same PRS that is so desperate to collect more money that it has gone after a woman who played music to her horses, a woman who sang to herself while stocking grocery store shelves and against a charity for daring to have children sing Christmas carols without paying up.

That lovely organization is now suing SoundCloud:

Our aim is always to license services when they use our members’ music. It has been a difficult decision to begin legal action against SoundCloud but one we firmly believe is in the best, long-term interests of our membership. This is because it is important we establish the principle that a licence is required when services make available music to users. We have asked SoundCloud numerous times to recognise their responsibilities to take a licence to stop the infringement of our members’ copyrights but so far our requests have not been met. Therefore we now have no choice but to pursue the issue through the courts.
PRS itself notes that SoundCloud is arguing that its service in the UK is protected by EU safe harbors as a host of content, rather than the publisher, but PRS isn't buying it. SoundCloud, in its response, notes that this follows a pattern of the recording industry to sue internet services as a negotiating tactic. As noted over at Music Ally:
“It is regrettable that PRS appears to be following this course of action in the midst of an active commercial negotiation with SoundCloud. We believe this approach does not serve the best interests of any of the parties involved, in particular the members of the PRS, many of whom are active users of our platform and who rely on it to share their work and communicate with their fanbase,” said a spokesperson.

“SoundCloud is a platform by creators, for creators. No one in the world is doing more to enable creators to build and connect with their audience while protecting the rights of creators, including PRS members. We are working hard to create a platform where all creators can be paid for their work, and already have deals in place with thousands of copyright owners, including record labels, publishers and independent artists.”
This is one of those fights where it's unlikely that there will be any winners, other than the lawyers. SoundCloud will eventually probably just pay up, and continue to make its platform less and less useful. And PRS may get a little bit more money in the short term at the expense of long term support of the platforms musicians need to embrace in this modern internet era.

32 Comments | Leave a Comment..

Posted on Techdirt - 28 August 2015 @ 8:18am

Bill That Was Supposed To Limit Police Drone Activity Changed By Lobbyist To Enable Weaponized Drones

from the this-won't-go-wrong-at-all... dept

North Dakota state representative Rick Becker had a good idea with his House Bill 1328, which would forbid the use of drones by law enforcement in the state without a warrant. A few other states have been looking at similar proposals, after there have been growing concerns about police using drones for surveillance activities. Virginia, for example, recently passed a law that requires a warrant for police drone use. So, good idea, Rep. Becker.

Except... in stepped Bruce Burkett, a lobbyist from the North Dakota Peace Officer's Association, who "was allowed by the state house committee to amend HB 1328" to now make it about legalizing weaponized drones for police. Yes, a "peace officer" representative just made it possible to weaponize drones. The trick? He amended the bill to make it only about "lethal weapons," which now opens the door to what police like to refer to as "less than lethal" weapons like "rubber bullets, pepper spray, tear gas, sound cannons, and Tasers" -- some of which have a history of leading to deaths, despite their "less than lethal" claims.

Even “less than lethal” weapons can kill though. At least 39 people have been killed by police Tasers in 2015 so far, according to The Guardian. Bean bags, rubber bullets, and flying tear gas canisters have also maimed, if not killed, in the U.S. and abroad.
Meanwhile, local police are still freaking out about the need to require a warrant. Check out this bit of police state nonsense:
Grand Forks County Sheriff Bob Rost said his department’s drones are only equipped with cameras and he doesn’t think he should need a warrant to go snooping.

“It was a bad bill to start with,” Rost told The Daily Beast. “We just thought the whole thing was ridiculous.”

Rost said he needs to use drones for surveillance in order to obtain a warrant in the first place.
Yes, we need to spy on your first, to then see if we should get a warrant to spy on you some more. That's not how this works.

And, now, while there will be warrant requirements for some uses -- though with broad exceptions including within 25 miles of the US/Canada border and for "exigent circumstances" -- the bill will (thanks to a lobbyist) allow the police to also experiment with weaponizing drones. If you thought the militarization of police wasn't screwed up enough, now you might need to worry about stun guns and rubber bullets hailing down from the sky...

Read More | 39 Comments | Leave a Comment..

Posted on Techdirt - 28 August 2015 @ 6:17am

Border Patrol Agent Forwarded All Emails To Someone Else's Gmail; Only Discovered When 'Civilian' Responded

from the oops dept

Intercept reporter Jenna McLaughlin alerts us to a rather stunning security mistake by a Customs and Border Patrol (CBP) agent, as outlined in some DHS released "incident reports" concerning "cloud data breaches." The very first one involves the CBP agent forwarding all of his email to a personal account, but messing up the configuration, so that it actually forwarded to someone else's Gmail account (someone with a similar name) -- and this mistake was only noticed when this "civilian" responded to an email he had received via this forwarding, and the response was sent to a wider mailing list of Homeland Security employees:

If you can't see that, here's what it says:
CBP reports that one (1) CBP user had an auto-forwarding rule setup to have emails sent externally to a civilian's personal Gmail account. There is a possibility that sensitive information to include Personally Identifiable Information (Pll) has been accidently sent out due to this rule. The incident was discovered when a civilian responded to a CBP user's email to a distribution list of other CBP/DHS users. The CBP user noticed the civilian's Gmail address and reported it to the FTO who then reported the incident to the CBP CSIRC. Upon investigation and confirmation from EaaS, one (1) CBP Border Patrol Agent who was on the email distribution list had an auto-forwarding rule setup within their Exchange account to a non-CBP/DHS user's personal Gmail account. The name of the Border Patrol Agent and the civilian are very similar, but it was determined that the Border Patrol Agent misconfigured the rule by using the civilian's personal Gmail address instead of his own. Technical remediation will include working with the EaaS team to implement a rule to disable the auto-forwarding rule and only allow it when requests are made to the Exchange team. The incident has been reported to the CBP Privacy Office and Joint Intake Center for action (assisting the user to have all government emails removed and confirmed).
It seems rather stunning that CBP/DHS didn't already have such a rule in place. Then again, this is Customs and Border Patrol, who has something of a history of not really giving a fuck because they can get away with doing whatever they want and no one ever does anything about it.

Later in the same report, it is revealed that this auto-forwarding from inside DHS to private accounts happened somewhat frequently. An investigation just a month after the incident above showed 771 such rules set in DHS staffers Exchange systems:
If you can't read that, it says:
DHS SOC reports that a total of 771 rules are configured in Exchange to auto-forward emails external to DHS. DHS SOC requested and received a list of 771 automated email forwarding rules created by DHS Email as a Service (EaaS) users. Auto-forwarding or redirecting of DHS email to address outside of the .gov or .mil domain is prohibited and shall not be used per DHS 4300A policy, section 5.4.6.i and poses a high risk of accidental disclosure of Pll, SBU, FOUO, LES, or classified data. The incident has been reported to the Joint Intake Center (JIC). Affected Components (CBP, FEMA, DHS HQ, and DC2) are asked to identify and remediate the rules.
Not sure about to you, but this doesn't make me feel much safer about DHS at all. And, remember, DHS is one of the government bodies currently looking to manage the government's cybersecurity efforts -- and they're considered the better option given just how little people trust the NSA or the FBI (the two other main contenders).

Read More | 30 Comments | Leave a Comment..

Posted on Techdirt - 28 August 2015 @ 3:20am

United In Flight WiFi Blocks Popular News Sites

from the because-we-said-so dept

So, just last month, we wrote about United Airlines idiotic inflight video system that forces you to install DRM on your own devices to watch a movie. And, now, it appears that the company is filtering out all sorts of news sites. The EFF's Nate Cardozo was on a flight yesterday when he started noticing that he couldn't get to certain tech websites, including Ars Technica and The Verge -- instead receiving messages they were blocked due to United's "access policy." The same was true for political news site Daily Kos. Eventually he even realized that United also blocks the NY Times (via his phone after the laptop battery ran out).




Both the terms of use that United has, as well as the company's FAQ about the service warn that "inappropriate or unsuitable for inflight viewing" websites may be blocked:
Of course, it's difficult to see what kind of content on any of those news sites would be considered inappropriate or unsuitable for inflight viewing. And, you know, it's letting through plenty of much sketchier sites like, uh, us at Techdirt. Basically, this makes no sense at all, and I'm sure that if United's PR people ever getting around to commenting on it, they'll say it was a "glitch" and that it won't happen again. But this is the kind of problem that you run into when you deem yourself able to control what people can and can't access online.

32 Comments | Leave a Comment..

Posted on Techdirt - 27 August 2015 @ 11:18pm

New Malware Attack Tries To Trick People By Pretending To Be EFF

from the who-are-they-targeting? dept

The Electronic Frontier Foundation has put out an alert noting that, as part of a larger spear phishing attack campaign, to try to gain control over computers, a group has created a fake EFF website, designed to trick people into thinking they're going to EFF's actual website, but really installing some pretty nasty malware.

Electronicfrontierfoundation.org was not the only domain involved in this attack. It seems to be part of a larger campaign, known as “Pawn Storm”. The current phase of the Pawn Storm attack campaign started a little over a month ago, and the overall campaign was first identified in an October 2014 report from Trend Micro (PDF). The group behind the attacks is possibly associated with the Russian government and has been active since at least 2007.

The attack is relatively sophisticated—it uses a recently discovered Java exploit, the first known Java 0-day in two years. The attacker sends the target a spear phishing email containing a link to a unique URL on the malicious domain (in this case electronicfrontierfoundation.org). When visited, the URL will redirect the user to another unique URL in the form of http://electronicfrontierfoundation.org/url/{6_random_digits}/Go.class containing a Java applet which exploits a vulnerable version of Java. Once the URL is used and the Java payload is received, the URL is disabled and will no longer deliver malware (presumably to make life harder for malware analysts). The attacker, now able to run any code on the users machine due to the Java exploit, downloads a second payload, which is a binary program to be executed on the target's computer.

Needless to say, don't visit the site unless you know what you're doing -- and also, a good reminder not to click on URLs in emails. Go directly to sites.

18 Comments | Leave a Comment..

Posted on Techdirt - 27 August 2015 @ 12:53pm

Techdirt Reading List: Data And Goliath

from the privacy-and-security dept

This is our second week of doing the Techdirt Reading List (don't miss last week's!). Once again, each week, we'll be discussing a book that we think our community might really enjoy. If you click on the Amazon link in this story and buy it that way, you'll also be supporting Techdirt in the process.

This week, the book of choice is famed computer security expert (and meerkat impersonator) Bruce Schneier's latest book, Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.

Beyond having a damn good title, the book is a really fantastic discussion about the ways in which data is being collected and used these days -- sometimes for good reasons, but often with not nearly enough concern for security and privacy. It's not a "never give your data away" screed like some privacy extremists prefer, but rather a much more thoughtful look at the real tradeoffs involved, and suggestions on a way forward. The book notes that we shouldn't look at "surveillance" as being a tradeoff with "security." Instead, we should focus on security first, as that will always protect us more than surveillance. And with that, there should be much greater transparency in how data is used -- for both governments and corporations. With real transparency people can better understand the tradeoffs and have a better understanding of what data they're handing over in exchange for what benefits. For governments, there needs to be much greater oversight (real oversight) and accountability for what they're doing with our data.

There's obviously a lot more in the book, and some people may feel it doesn't go far enough, while others may feel it goes too far. But overall, it's a very thoughtful and thought-provoking discussion on how data is being collected all around us, and we haven't fully come to terms with what's happening and who's in control over that data. So, if you haven't read it yet, go check it out!

6 Comments | Leave a Comment..

Posted on Techdirt - 27 August 2015 @ 11:52am

AP Sues FBI Over Impersonating An AP Reporter With A Fake AP Story

from the stop-impersonating-us dept

Last fall, we wrote about how the FBI had set up a fake AP news story in order to implant malware during an investigation. This came out deep in a document that had been released via a FOIA request by EFF, and first noticed by Chris Soghoian of the ACLU. The documents showed the FBI discussing how to install some malware, called a CIPAV (for Computer and Internet Protocol Address Verifier) by creating a fake news story:


It later came out that the way the FBI used this was an undercover agent pretended to be an AP reporter and sent the suspect -- a 15 year old high school kid... -- a "draft" of the article to review. And when the kid opened it, the malware was deployed.

In response to this, FBI director James Comey defended the practice, saying that it was legal "under Justice Department and FBI guidelines at the time" and, furthermore, that this bit of deception worked. Comey also said that while guidelines had changed, and such impersonation would require "higher-level approvals," it was still something the FBI could do.

The AP has now sued the FBI, along with the Reporters Committee on Freedom of the Press (RCFP) over its failure to reveal any more details about this effort following a FOIA request. For reasons that are beyond me, even though it's the AP filing the lawsuit and the AP writing about the lawsuit, reporter Michael Biesecker apparently doesn't think its readers can handle the actual filing, so they don't include it (this is bad journalism, folks). However, you can read the actual lawsuit here.

In short, the AP made a FOIA request for documents related to this specific case above, as well as "an accounting of the number of times" that the FBI "has impersonated media organizations or generated media-style material" to deliver malware. The FBI said it was working on it, and then bizarrely told the AP that the request was being "closed administratively" because it was being combined with someone else's FOIA request, which left the AP reasonably confused, since they had not initiated that request and had no idea who had.
In a letter from Mr. Hardy dated December 10, 2014, the FBI stated that, even though the request had yet to be fulfilled, the AP Request was unilaterally “being closed administratively,” because the “material responsive to your request will be processed in FOIA 1313504-0 as they share the same information.”

The combining of Mr. Satter’s request with Request No. 1313504-0 occurred despite the fact that Mr. Satter had not filed Request No. 1313504-0 and was given no information about the identity of the requester underlying FOIA Request No. 1313504-0.
When the AP asked the FBI for more info, it was told that "the estimated completion time for large requests is 649 days." And still refused to reveal who had sent in the other FOIA request. The AP filed a formal appeal, and a week ago was told that there was nothing to appeal because the FBI had not completed Request No. 1313504-0 (which, again, the AP had not actually sent in). Hence the lawsuit.

The RCFP FOIA request received a somewhat more standard "no responsive records" response, to which the RCFP pointed out that the FBI was clearly lying, given that the earlier response (to the EFF FOIA, which kicked off this whole thing) showed that there was, in fact, such responsive results (I know this experience all too well).

And thus, both organizations are now suing to force the FBI to actually turn over the damn documents. Can't wait to find out all the national security reasons (or will they be redacted) for why the FBI won't respond, and why it combined the AP's FOIA request with some totally unknown party's.

Read More | 21 Comments | Leave a Comment..

Posted on Techdirt - 27 August 2015 @ 9:32am

SciFi Headline Turns Real: US Drone Kills ISIS Hacker

from the headlines-from-the-future dept

Welcome to your dystopian future. Reports from yesterday say that a US drone strike in Syria has killed a British-born computer hacker who had joined ISIS and was involved in that group's online activities:

A US air strike is believed to have killed a British citizen who rose to prominence within the Islamic State, officials have told the Guardian.

The Birmingham-born Junaid Hussain, who adopted the nom de guerre Abu Hussain al-Britani, had been a key figure within Isis’s so-called “Cyber Caliphate” before being killed in the strike in Syria, where he had travelled in 2013.
Remember when President Obama said (of Ed Snowden): "I'm not going to be scrambling jets to get a 29-year-old hacker." Apparently, that changes when the hacker is working for ISIS (and the hacker is only 21 years old).

There's no doubt that ISIS is a dangerous organization, but sending drones to go after hackers, even those targeting American interests, still feels like a pretty big overreaction.

104 Comments | Leave a Comment..

Posted on Techdirt - 27 August 2015 @ 8:22am

Tobacco Industry's Interest In Trade Negotiations? Totally Redacted

from the public-interest? dept

The folks at Corporate Europe Observatory (CEO) sent a freedom of information request to the EU Commission, asking for details of meetings that trade officials held with the tobacco industry. This matters, because the tobacco industry is one of the major abusers of trade agreements, repeatedly making use of the "corporate sovereignty" ISDS provisions to effectively sue any country passing anti-smoking health laws -- as was covered a few months back by John Oliver:

So, as new trade agreements are being negotiated -- especially since the powers that be tell us these agreements are designed to protect the health and well being of the public -- it seems that Big Tobacco's efforts in these negotiations is pretty relevant. After numerous delays and confusing responses, CEO finally received a response. And it's [redacted]. Well, not entirely, but basically anything useful is blacked out. Such as this lovely document, which is oh so revealing:
Democracy in action!

24 Comments | Leave a Comment..

Posted on Techdirt - 26 August 2015 @ 11:45am

Virginia Police Force BBC Reporters To Delete Camera Footage Of Police Pursuit Of Shooter

from the hello-first-amendment dept

The story of this morning's live "on air" shooting of a local TV news reporter in Virginia is horrifying on many, many levels. Like with many senseless killings, there are all sorts of "big questions" being raised, most of which aren't really appropriate Techdirt fodder, though I'm sure those of you interested in those things can find other outlets for them. However, one tangential story fits right into Techdirt's core areas of focus: apparently two BBC reporters who were covering the police pursuit of the apparent shooter (who then shot himself) were forced by police to delete their own camera footage. This is illegal. I don't know how many times it needs to be repeated. Even the DOJ has somewhat forcefully reminded police that they have no right to stop anyone from photographing or videotaping things, so long as they're not interfering with an investigation. And yet...

Two BBC reporters covering the police pursuit of Vester Lee Flanagan said that cops threatened to seize their car and camera if they didn't delete footage of site where the Flanagan shot himself. "Was too far away to get any good footage. One officer threatened to tow my car and take my camera," reporter Franz Strasser tweeted. "Watched me delete my one file, and let me go. Other officer apologized and said we have to understand." His colleague, Tara McKelvey, filmed the encounter.
It appears that the cops used the same bullshit excuse we've seen them use in the past: that it's "evidence."
But, as Strasser notes, if that's true, then why did the cops make them delete it?
As has been noted before, this is a clear violation of Constitutional rights, and the BBC and the reporters in question could file a civil suit against the police department, potentially winning a fair amount of taxpayer money because the police in Virginia are apparently unfamiliar with the First Amendment of the Constitution.

53 Comments | Leave a Comment..

Posted on Techdirt - 26 August 2015 @ 10:45am

Complaint To FTC Says It’s 'Deceptive' For Google To Not Recognize 'Right To Be Forgotten' In US

from the what-the...? dept

If you want an understanding of my general philosophy on business and economics, it's that companies should focus on serving their customers better. That's it. It's a very customer-centric view of capitalism. I think companies that screw over their customers and users will have it come back to bite them, and thus it's a better strategy for everyone if companies focus on providing good products and services to consumers, without screwing them over. And, I'm super supportive of organizations that focus on holding companies' feet to the fire when they fail to live up to that promise. Consumerist (owned by Consumer Reports) is really fantastic at this kind of thing, for example. Consumer Watchdog, on the other hand, despite its name, appears to have very little to do with actually protecting consumers' interests. Instead, it seems like some crazy people who absolutely hate Google, and pretend that they're "protecting" consumers from Google by attacking the company at every opportunity. If Consumer Watchdog actually had relevant points, that might be useful, but nearly every attack on Google is so ridiculous that all it does is make Consumer Watchdog look like a complete joke and undermine whatever credibility the organization might have.

In the past, we've covered an anti-Google video that company put out that contained so many factual errors that it was a complete joke (and was later revealed as nothing more than a stunt to sell some books). Then there was the attempt to argue that Gmail was an illegal wiretap. It's hard to take the organization seriously when it does that kind of thing.

Its latest, however, takes the crazy to new levels. John Simpson, Consumer Watchdog's resident "old man yells at cloud" impersonator, recently filed a complaint with the FTC against Google. In it, he not only argues that Google should offer the "Right to be Forgotten" in the US, but says that the failure to do that is an "unfair and deceptive practice." Really.

As you know by now, since an EU court ruling last year, Google has been forced to enable a right to be forgotten in the EU, in which it will "delink" certain results from the searches on certain names, if the people argue that the links are no longer "relevant." Some in the EU have been pressing Google to make that "right to be forgotten" global -- which Google refuses to do, noting that it would violate the First Amendment in the US and would allow the most restrictive, anti-free speech regime in the world to censor the global internet.

But, apparently John Simpson likes censorship and supporting free speech-destroying regimes. Because he argues Google must allow such censorship in the US. How could Google's refusal to implement "right to be forgotten" possibly be "deceptive"? Well, in Simpson's world, it's because Google presents itself as "being deeply committed to privacy" but then doesn't abide by a global right to be forgotten. Really.

“The Internet giant aggressively and repeatedly holds itself out to users as being deeply committed to privacy. Without a doubt requesting the removal of a search engine link from one’s name to irrelevant data under the Right To Be Forgotten (or Right to Relevancy) is an important privacy option,” Consumer Watchdog’s complaint said. “Though Google claims it is concerned about users’ privacy, it does not offer U.S. users the ability to make such a basic request. Describing yourself as championing users’ privacy and not offering a key privacy tool – indeed one offered all across Europe – is deceptive behavior.”
That's, uh, not how this all works. In his complaint to the FTC, Simpson's theory is laid out in all its kooky nuttiness. Basically, because in the past we didn't have technology, and things would get forgotten thanks to obscurity -- and because Google claims to support privacy, it must magically pretend that we still live in such an age, and agree to forget stuff people want it to forget. He'd also, apparently, like Google to get off his lawn.
Here is why the Right To Be Forgotten – or Right of Relevancy – is so important to protecting consumers’ privacy in the digital age: Before the Internet if someone did something foolish when they were young – and most of us probably did – there might well be a public record of what happened. Over time, as they aged, people tended to forget whatever embarrassing things someone did in their youth. They would be judged mostly based on their current circumstances, not on information no longer relevant. If someone else were highly motivated, they could go back into paper files and folders and dig up a person’s past. Usually this required effort and motivation. For a reporter, for instance, this sort of deep digging was routine with, say, candidates for public office, not for Joe Blow citizen. This reality that our youthful indiscretions and embarrassments and other matters no longer relevant slipped from the general public’s consciousness is Privacy By Obscurity. The Digital Age has ended that. Everything – all our digital footprints – are instantly available with a few clicks on a computer or taps on a mobile device.

[....]

Google’s anti-consumer behavior around privacy issues is deceptive. The Internet giant holds itself out to be committed to users’ privacy, but does not honor requests that provide a key privacy protection. Google explains: “We know security and privacy are important to you – and they are important to us, too. We make it a priority to provide strong security and give you confidence that your information is safe and accessible when you need it. We’re constantly working to ensure strong security, protect your privacy, and make Google even more effective and efficient for you.” Recently Google said, “Protecting the privacy and security of our customers’ information is a top priority, and we take compliance very seriously.” In its Privacy & Terms Technologies and Principles Google claims, “We comply with privacy laws, and additionally work internally and with regulators and industry partners to develop and implement strong privacy standards… People have different privacy concerns and needs. To best serve the full range of our users, Google strives to offer them meaningful and fine-gained choices over the use of their personal information.”

In other words the Internet giant aggressively and repeatedly holds itself out to users as being deeply committed to privacy. Without a doubt requesting the removal of a search engine link from one’s name to irrelevant data under the Right To Be Forgotten (or Right to Relevancy) is an important privacy option. Though Google claims it is concerned about users’ privacy, it does not offer U.S. users the ability to make this basic request. Describing yourself as championing users’ privacy while not offering a key privacy tool – indeed one offered all across Europe – is deceptive behavior.
This is an absolutely insane interpretation of "deceptive." A company that supports user privacy is not being deceptive just because its definition of privacy doesn't match your crazy definition. It's just a different policy. If Google had flat out said that it would support a "right to be forgotten" in the US and then refused to process any requests, that would be deceptive. But accurately stating what the company does is not deceptive, no matter what Simpson seems to think.

What about the "unfair" part of "unfair and deceptive"? I honestly can't summarize the logic because there is none. Apparently, some people might not like what searches on their name turn up, and that's bad and thus... unfair?
Not offering Americans a basic privacy tool, while providing it to millions of users across Europe, is also an unfair practice. Acts or practices by a business are unfair under Section 5 of the Federal Trade Commission Act if they cause or are likely to cause substantial injury to consumers that consumers cannot reasonably avoid themselves and that is not outweighed by countervailing benefits to consumers or competition.6 Here are some examples of people who have been harmed by Google’s refusal to honor Right of Relevancy or Right To Be Forgotten removal requests in the United States. Clearly there is no countervailing benefit in continuing to link to the items from search results. Consider these examples:
  • A young California woman was decapitated in a tragic auto accident. Photos from the grisly accident scene were wrongfully leaked by California Highway Patrol officers and posted to the Internet. A search on her name still returns the horrible photographs.
  • A guidance counselor was fired in 2012 after modeling photos from 20 years prior surfaced. She was a lingerie model between the ages of 18-20, and she had disclosed her prior career when she first was hired. Despite this, when a photo was found online and shown to the principal of her school, she was fired.
I don't see how any of this is "protecting consumers." It's seems quite the opposite, actually. It seems to be assuming that the public is made up of pure idiots who can't ever figure out context or understand that sometimes bad things happen. But that's not true. People learn and adapt and adjust to new technologies, even as people like John Simpson fear them. When cameras first started becoming popular they were banned from beaches because people might take photographs of other people there. But people grew up and realized that wasn't destroying anyone's privacy. Simpson has this weird infatuation not with protecting consumers, but with censoring the internet to keep the public from knowing factual information, because apparently he thinks the public can't handle it.

Last week, on On The Media, host Bob Garfield pointed out to Simpson how ridiculous all of this was, and Simpson doesn't have a single reasonable response. Garfield points out that public information, even embarrassing public information, is, by definition, not private information, and thus there's no privacy violation here. And all Simpson can do is pull his nostalgia gig about how things used to be different when people would forget your embarrassing things in the past. But that doesn't answer the question at all. It just makes Simpson seem totally out of touch with the modern world.

Read More | 50 Comments | Leave a Comment..

Posted on Techdirt - 26 August 2015 @ 9:39am

The Rise Of ContentID Trolls: Dan Bull Has Someone Claim His Music, Take His Money, Issue Takedowns

from the that's-bull... dept

Hopefully you know who singer Dan Bull is by now. We've written about him many times. He's written and performed a bunch of songs about topics that we're interested in (and recently composed the awesome new theme song for the Techdirt Podcast (which you do listen to, right?). Dan has been able to build a career around giving away his music, and letting others do stuff with it. But he keeps running into ridiculous issues with YouTube's ContentID system. There was the time his video got silenced after another singer used the same sample he did, and then claimed the original work as his own. Or the time he got his video taken down because another rapper, Lord Finesse, was pissed off that Bull was criticizing Finesse's lawsuit against yet another rapper, Mac Miller. While YouTube has been a key place where Bull has built his audience, his run-in's with bogus claims and other problems even led him to write an entire diss track about ContentID.

And, wouldn't you know it, he's having yet more problems with it. As we've discussed, in the last few years, there's been a rise in a new breed of trolls, known as ContentID trolls, who claim to hold the copyright in music that they don't have copyright in, and then use ContentID to "monetize" other people using that work for themselves. There are a number of companies and middlemen that help them do this, including one called Horus Music, which has become the perfect tool for ContentID trolls. The trolls take someone else's work, sign up with Horus, upload that other person's music, claim it as their own, and then start making claims on other people's videos. Free money.

That's what just happened to Dan Bull -- who actively encourages people to use and share his own music (over which he claims no copyright restrictions). A fan of Dan's reached out to him, after a video he had made received a copyright claim, supposedly covering a song that the fan had used from Dan Bull. Bull reached out to Horus Music, telling them that its user, "DrewMCGoo72" was claiming copyright on other people's music, and asked the company to investigate the situation, and to explain "how this happened, and what exact steps will be taken to prevent such a thing from occurring again."

The company issued a weak apology, saying that the DrewMCGoo72 account had already been suspended but "this must have been missed." And then they tell Dan (who encourages people to share his music) "It is a real shame that people feel that it is acceptable to steal someones music!" Except this isn't about "stealing music." This is about filing bogus copyright claims and claiming revenue or harming individuals who used music that they knew to be without copyright restrictions. Dan responded to Horus noting that he wasn't satisfied with the company's response:

Horus Music's system has been exploited with the following results:

A) An anonymous stranger has walked away with revenue from fraudulently claiming my music as their own, facilitated by Horus Music
B) A child has received a copyright claim through Content ID from Horus Music and as a result has removed his 100% legitimate video out of fear of the consequences
C) I look like a hypocrite and a dick for telling kids they can use my music, and they then receive a copyright claim on their videos for using the very same music

You say you can only apologise - is an apology really all you are going to do?
Horus' only response was that since the kid took down his original video, the company can't do anything to release the claim "but I assume we aren't claiming it any longer."

It seems pretty clear that this is not the only time this has happened, since you can find other examples of Horus being used in this manner. This seems to raise a pretty serious question about how those companies are allowed to continue using the ContentID platform. After all, ContentID has a three strikes program for people who receive copyright violation claims. Why doesn't it have a similar three strikes program for those who abuse ContentID to claim copyright over projects they have no right to?

Either way, we'll leave you with Dan's song about ContentID, as it seems only fitting:

120 Comments | Leave a Comment..

Posted on Techdirt - 26 August 2015 @ 7:07am

Latest TVEyes Ruling A Mixed Bag: Archiving & Sharing Privately Is Fair Use; Downloading & Sharing Publicly Is Not

from the some-good,-some-bad dept

Last year, we wrote about a big fair use win by TV monitoring company TVEyes -- a service used by governments, news companies and more to record, index and store TV broadcasts and make them searchable. Fox, a company that sometimes relies on fair use itself, sued TVEyes, alleging infringement and a violation of the infamous hot news doctrine. The court ruled pretty unambiguously in favor of fair use (yes, even as TVEyes is storing everything) for most of TVEyes basic operation (searching and indexing), and completely rejected the hot news claim. However, it did leave aside one area for further investigation: the features provided by TVEyes that allows users to save, archive, download, email and share clips as well as the feature for doing a "date-time search" (allowing users to retrieve video from a specific network based on the date and time of the broadcast. For those, the court wanted more evidence before deciding.

It has now ruled on that aspect and it's a partial win for fair use and a partial loss, which may be troubling. The court declared the archiving function to be fair use. But the downloading and "date time search" functions are not fair use. The emailing feature could be fair use, "but only if TVEyes develops and implements adequate protective measures."

Let's look at the details. First, the court decides that the archiving function is fair use because it is integral to TVEyes' overall service:

Democracy works best when public discourse is vibrant and debate thriving. But debate cannot thrive when the message itself (in this case, the broadcast) disappears after airing into an abyss. TVEyes' service allows researchers to study Fox News' coverage of an issue and compare it to other news stations; it allows targets of Fox News commentators to learn what is said about them on the network and respond; it allows other media networks to monitor Fox's coverage in order to criticize it. TVEyes helps promote the free exchange of ideas, and its archiving feature aids that purpose.

Archiving video clips to remain stored beyond 32 days and to facilitate successive reference is integral to TVEyes' service and its transformational purpose of media monitoring. And Fox has not identified any actual or potential market harm arising from archiving. I hold that the archiving function is fair use, complementing TVEyes' searching and indexing functions.
As for emailing and sharing, there the court says it is fair use... if TVEyes includes a few protections:
I agree that to prohibit e-mail sharing would prevent TVEyes users from realizing much of the benefit of its transformative service. For example, members of Congress rely on TVEyes to be made aware of what the media has to say about the issues of the day and about them. But their interns and staffers, not they, sit at computers querying keywords of interest through the TVEyes portal, and then e-mail the results up the chain of command. Without e-mail, the Congressman would be limited to either sharing a computer with his staffer or else having the staffer describe the contents of the clip to the Congressman without showing him the clip. In practice, the former is unrealistic and the latter fails to deliver "the full spectrum of information . . . [including] what was said, [and] how it was said with subtext body language, tone of voice, and facial expression-all crucial aspects of the presentation of, and commentary on, the news."

[....]

However, there is also substantial potential for abuse. In its current incarnation, TVEyes' e-mailing feature cannot discriminate between sharing with a boss and sharing with a friend, nor between sharing for inclusion in a study and sharing a clip for inclusion in a client sales pitch. Fair use cannot be found unless TVEyes develops necessary protections. What limits should be placed on subscribers who share links through social media? What can prevent subscribers from sharing for purposes not protected by § 107? If TVEyes cannot prevent indiscriminate sharing, it risks becoming a substitute for Fox's own website, thereby depriving Fox of advertising revenue.
This seems a bit strange to me, frankly. You still have to be a subscriber to make use of TVEyes, but then you can share clips freely online, which would seem to be a part of a reasonable news function, which should support fair use. But the court seems to think it's only fair use if it's kept "internally" via email.

Moving on to downloading, here, the court is not convinced that this is "integral" to the purpose of the product, citing a bunch of famed copyright cases, including the cases against Napster, ReDigi and MP3.com. Basically "downloading," according to the court, must be infringing, and thus not fair use.
I believe that TVEyes' downloading function goes well beyond TVEyes' transformative services of searching and indexing.... TVEyes is transformative because it allows users to search and monitor television news. Allowing them also to download unlimited clips to keep forever and distribute freely may be an attractive feature but it is not essential. Downloading also is not sufficiently related to the functions that make TVEyes valuable to the public, and poses undue danger to content-owners' copyrights.
The court completely rejects TVEyes argument that downloading is essential for offline use, because the court insists that broadband is basically available anywhere, so it's unlikely anyone will really need the service online.

Finally, there's the "date-time search" feature, which apparently is used in nearly 6% of all TVEyes' searches. Again, the court doesn't buy the fair use argument, saying that the date-time search isn't so much a "search" as it is a way for people to find something they already know is there, and that makes it much closer to the original programming and thus less "transformative."
The feature is not as much a "search" tool as a content delivery tool for users who already know what they seek. In such cases, TVEyes is not so transformational, since users should be able to procure the desired clip from Fox News or its licensing agents, albeit for a fee. Put simply, if a user wants to watch the first half of last Thursday's 0 'Reilly Factor, the Court sees no reason why he should not be asked to buy the DVD/

Unlike TVEyes' core business, its "Date-Time search" function duplicates Fox's existing functionality. Fox's contention that TVEyes' Date-Time search is likely to cannibalize Fox News website traffic and sales by its licensing agents is persuasive.
It does seem a bit worrying when courts get to decide which features of your service are okay and which are not. We generally want markets determining innovative features, rather than judges. And this ruling seems... particularly subjective on a number of points. There is no four factors test being done in any of these. It basically just takes the original ruling that the search and indexing is fair use, and then just focuses on whether these features are "essential" to that service to determine if they, too, are fair use. Again, it's troubling when a court is deciding if a feature that customers clearly like is "essential." That's not how innovation is supposed to work.

This case is still early and I expect that there will be appeals on both sides, so this ruling, by itself, isn't that important yet. What happens next, in terms of how the appeals court rules, is where things will get really interesting.

Read More | 24 Comments | Leave a Comment..

Posted on Techdirt - 25 August 2015 @ 10:35am

Appeals Court: No, You Can't Copyright A Chicken Sandwich

from the though-you-can-indict-a-ham-sandwich dept

There's a famous line about grand juries and their willingness to indict anything prosecutors put in from of them, that they will "indict a ham sandwich" (coined by a judge who was later indicted himself in an effort to prove the point). But, someone apparently asked, can you copyright a chicken sandwich? This apparently serious legal question was recently taken up by the First Circuit appeals court to review a dispute about who owns the idea for a chicken sandwich.

The backstory is that a guy named Norbeto Colon Lorenzana, working for Church's Chicken (owned by South American Restaurant Corporation, or SARCO) in Puerto Rico, thought that the restaurant should add a chicken sandwich to the menu. His bosses tested out some recipes and settled on the following recipe (which does not seem all that original): "a fried chicken breast patty, lettuce, tomato, American cheese, and garlic mayonnaise on a bun." Church's dubbed this the "Pechu Sandwich" and apparently it sold pretty well at Church's Chicken. Colon apparently decided that because it was his idea, he deserved a cut of every sale. And thus he sued for trademark and copyright violations (sorta, as you'll see)... because popular culture keeps falsely telling people that "intellectual property" must "protect" any possible "idea" they ever come up with, no matter how common or obvious it is, and no matter whether or not those ideas are even remotely protectable.

The lower court correctly laughed this out of court, and Colon appealed, only to find the appeals court similarly unamused. Not surprisingly, apparently Colon's original complaint was so devoid of actual legal arguments that the court decided to "generously glean a claim for violations of the Copyright Act and a second claim under the Lanham Act for trademark infringement." As the ruling notes in a footnote, Colon didn't actually state either such thing, but the court said he claim close enough, and then in a reply to the company's motion to dismiss, Colon clearly was relying on copyright law, so it's a "copyright claim" even if the original complaint failed to make such a claim. The court also notes that "Colon does not seize upon the generosity of the district court and fails to develop any argument in his appellate briefing related to trademark infringement," so it drops the (bogus) trademark arguments entirely.

Either way, even with the court "generously" saying there's a copyright claim, there isn't actually a copyright claim, because this is a freaking chicken sandwich.

Contrary to Colón's protests on appeal, the district court properly determined that a chicken sandwich is not eligible for copyright protection. This makes good sense; neither the recipe nor the name Pechu Sandwich fits any of the eligible categories and, therefore, protection under the Copyright Act is unwarranted. A recipe -- or any instructions -- listing the combination of chicken, lettuce, tomato, cheese, and mayonnaise on a bun to create a sandwich is quite plainly not a copyrightable work.... As for the "Pechu Sandwich" moniker, we have previously held that "copyright protection simply does not extend to 'words and short phrases, such as names, titles, and slogans.'"
The court separately rejects Colon's claim that SARCO registered the trademark in the sandwich by fraud (apparently in not giving it to him or something). The court again has trouble figuring out what he means, because he has no explanation:
We need not linger over the potential elements of a Section 38 claim or the application of Rule 9(b) because the complaint fails for a more fundamental reason. It simply fails to sufficiently allege that any false statement exists. Colon merely offers conjecture about SARCO's actions and intentions. He avers that SARCO "intentionally, willfully, fraudulently and maliciously procured the registration of Plaintiff's creation in the Patent and Trademark Office without his consent and . . . with the intent to injure the Plaintiffs," but the complaint is silent as to any facts to support such conclusions.
These kinds of lawsuits are what you get when you keep telling people that ideas are "ownable" and that anyone who does anything with your idea must be somehow infringing on your rights. Thankfully, the courts have quickly dumped this, but it's still a waste of time and resources.

Read More | 42 Comments | Leave a Comment..

Posted on Techdirt - 25 August 2015 @ 9:34am

Ashley Madison Continues To Use Dubious Legal Takedown Threats To Try To Disappear The Data It Failed To Protect

from the not-a-good-idea dept

We've written a few times now about how the parent company of Ashley Madison, Avid Life Media, has been committing perjury and issuing completely bogus copyright demands to try to hide the information that was leaked after its servers got hacked. Last month, that tactic (despite not complying with the law) apparently worked briefly, until the full data dump happened last week. But that hasn't stopped the company from continuing to try. EFF wrote a long blog post detailing how this was a clear abuse of the law, but Avid Life Media doesn't seem to care.

After the leak came out, a few sites sprung up quickly to help people search the database. Whether or not you think it's appropriate to set up such a site (or to use it) is a separate issue, but what hopefully everyone can agree on is that such a site should not be taken down for copyright reasons. There were two main sites that got the bulk of attention for setting up such a database, and one has already shut down and the other has received a takedown demand (though not a copyright one). I won't link to either site, but here's what's now posted on one of the sites:

Meanwhile, the creator of the other main search engine has said on Twitter that he, too, has been hit with "a vexatious DMCA from lawyers acting on behalf of Avid Life Media" and reporters are similarly mistakenly calling it a DMCA, but according to the copy the guy posted to Pastebin, the letter sent by Avid Life Media's lawyers at giant law firm DLA Piper to CloudFlare is not actually a DMCA, but rather a weird "please, take this down because... vague reasons and terms of service violations." That is, there's no real legal threat (because there's no basis for one). It's just vaguely threatening hoping to scare off people:
Our firm is counsel to Avid Life Media, Inc. (“ALM”) with respect to its intellectual property and data privacy matters. As you may know, ALM is the parent company of the online dating and social networking service Ashley Madison. Because users entrust ALM with highly sensitive and intimate details (collectively the “Ashley Madison User Data”), the privacy of ALM’s users is of utmost importance. As a result, ALM proactively and arduously regulates any authorized (and unauthorized) use of Ashley Madison User Data.

This letter is to inform CloudFlare, Inc., and all related entities (collectively, “You”) that, upon information and belief, CloudFlare, Inc.’s client (“Your Client”), has posted a searchable database of the Ashley Madison User Data to a website hosted on a domain name hosted by You. Specifically, Your Client has posted the Ashley Madison User Data at the following URL: https://ashley.cynic.al/ (the “URL”). Your Client’s publication of the Ashley Madison User Data may constitute illegal disclosure of private personal information, and potentially expose millions of individuals around the world to identity theft.

Moreover, we believe that the website content hosted at the URL may violate the Your Terms of Use, located at: https://www.cloudflare.com/terms. Specifically, the website content hosted at the URL may violate the Terms of Use in that it likely infringes upon the privacy and personal data rights of the Ashley Madison users. Accordingly, ALM requests that You take action to remove and/or disable access to all content at the URL.

Please note that this letter is made without prejudice to any other rights or remedies that may be available to ALM. Nothing contained herein should be deemed a waiver, admission, or license by ALM, and ALM expressly reserves the right to assert any other factual or legal positions as additional facts come to light or as the circumstances warrant.
CloudFlare, in response, told the guy that it had forwarded the name of the actual hosting provider (a non-US company) to the lawyers at DLA Piper, and at last check, the guy claims that his hosting company, ColoCall out of Ukraine, has not done anything about it. That may change, but it's not clear what legal basis ALM has for the demand. It's nice to see that ALM is no longer making totally bullshit copyright claims, but these weird "privacy and personal data rights" claims don't have much legal basis either.

50 Comments | Leave a Comment..

Posted on Techdirt - 25 August 2015 @ 8:35am

Google Disappears Techdirt Article About Right To Be Forgotten Due To Right To Be Forgotten Request

from the going-to-dredge-this-up-again dept

Well, well. Just a few days ago, we wrote about the fact that Google was being asked to "forget" articles about the right to be forgotten, under new right to be forgotten requests... and suddenly we've been notified that a Techdirt article about the right to be forgotten has been similarly stuffed down the memory hole*. The article in question, is our story from last fall about the NY Times writing about the right to be forgotten requests that resulted in NY Times articles disappearing from some searches. The NYT detailed what each story was about and it wasn't too difficult to figure out who was likely trying to make sure the articles were no longer linked to their names.

It would appear that one of those individuals similarly has sent in this request -- but that's completely bogus, as we'll explain in a moment. First up, the notice:

Due to a request under data protection law in Europe, we are no longer able to show one or more pages from your site in our search results in response to some search queries for names or other personal identifiers. Only results on European versions of Google are affected. No action is required from you.

These pages have not been blocked entirely from our search results, and will continue to appear for queries other than those specified by individuals in the European data protection law requests we have honored. Unfortunately, due to individual privacy concerns, we are not able to disclose which queries have been affected.

Please note that in many cases, the affected queries do not relate to the name of any person mentioned prominently on the page. For example, in some cases, the name may appear only in a comment section.
Despite the claim that it might be someone in the comments, that seems unlikely here. Remember, the NYT article suggested who may have made the original requests, and it appears that person was likely now trying to cover up that fact. One of the individuals that the NYT story original wrote about was one Thomas Goolnik. Here's what the NY Times wrote in its original piece:

One Times article that is being shielded from certain searches in Europe is a report from 2002 about a decision by a United States court to close three websites that the federal government accused of selling an estimated $1 million worth of unusable Web addresses. The complaint named three British companies, TLD Network, Quantum Management and TBS Industries, as well as two men who it said controlled the companies: Thomas Goolnik and Edward Harris Goolnik of London.

The case was later settled. Thomas Goolnik did not respond to messages left via social networking sites.

The NYT suggested that there was a decent likelihood that Thomas Goolnik made the original request. It seems likely that Goolnik made this new request as well. I just did a search from the US on US Google for Thomas Goolnik's name and the NY Times piece shows up as result number two. If you go to page two, the second item is our Techdirt story on the NY Times story. Yet, if you go to Google UK, neither story shows up when you search on Goolnik's name.

At first glance, perhaps this seems reasonable. If Google has decided that a lawsuit against a company supposedly controlled by Goolnik is no longer relevant for those searching on Goolnik's name, then it's potentially reasonable to delink those results (though I have trouble seeing how the factual information that the lawsuit happened and that Goolnik was associated with it is no longer relevant. It seems abundantly relevant.)

However, the second order censorship here is much more troubling. Because the story is no longer about some long ago event which Goolnik might now wish to have hidden away in the depths. It's about his actions less than a year ago of likely filing for a right to be forgotten request. It's that news that both the NYT and Techdirt were reporting on. And that's not some "irrelevant" tidbit from history. That's recent, factual reporting.

So I'm at a loss as to how this latest bit of censorship could possibly be legit. And it raises some of the many concerns about the whole "right to be forgotten" concept. Is it really just limited to the supposedly out of date and "irrelevant" information? Or is it now supposed to extend to any reporting on the new and very relevant information about using the whole right to be forgotten process.

There is no official appeals process, other than that we can share "additional information regarding this content" that we feel "Google should be aware of" which may make the company reconsider -- though it also says "we can't guarantee responses." So it's just a blind "hey, that's crazy" and hoping common sense prevails. Or, you know, we'll keep writing about this story, because it's newsworthy no matter what the EU Court of Justice thinks or whatever whoever sent the request things, whether it's Thomas Goolnik or someone else.

* To be clear, the article itself doesn't fully disappear from Google's index, it just means that anyone who searches on the name of the person who made the RTBF request will no longer have the article show up under that search. Other searches may still turn up the article.

79 Comments | Leave a Comment..

More posts from Mike Masnick >>