Mike Masnick’s Techdirt Profile


About Mike MasnickTechdirt Insider

Mike is the founder and CEO of Floor64 and editor of the Techdirt blog.

He can be found on Twitter at http://www.twitter.com/mmasnick

Posted on Techdirt - 26 August 2016 @ 7:39pm

If You're Learning About It From Slate, Running Your Own Email Server Is A Horrendously Bad Idea

from the don't-do-this dept

So, Slate has a weird article by Nat Meysenburg suggesting that everyday people should run their own email servers. He admits up front that he doesn't think Hillary Clinton should have run her own email server, but for lots of other people he declares it to be "a good idea."

For years, I’ve been trying to convince people that there is value in having an email server in your closet. But few seemed to really get it, so I often found myself wishing for a high-profile example to illustrate why it is a good idea. That wish has, in a way, come true: The casual news consumer has had the pleasure of hearing about a “private email server” quite a lot over the past year.
Except, beyond that, he's basically wrong. Yes, if you're really technologically savvy and want to do it, you can absolutely run your own email server. Though, honestly, it's probably going to be kind of a pain, because you'll need to constantly be patching it and protecting it, and even then it will probably be significantly less secure than if you use an online provider. Meysenberg is right on only one point, barely, and it's that if you run your own email server, and the government wants to get access to it, at least you'll know about it:
When your emails reside on a cloud provider’s server, the owners of that server are ultimately who decide when to let the government, or any other party, access those emails. In the case of your work’s server, those choices are made by your employer. In the case of Gmail (or any other cloud provider), this choice is typically made by the company’s legal team, based on its evaluation of the government’s demands. Most of the big companies, including Google, do have a policy of notifying users about demands before they hand over the requested data, which would give you an opportunity to assert your rights in court. However, there are many cases in which the government’s demand will be accompanied by a gag order forbidding the company from providing that notice.
And, thus, he notes:
Having a private server in your home side steps these uncertainties. At home you as a private individual have the ability determine who has access to your email inbox—just like you have a right to determine who has access to that box of old love letters from high school. By owning the server, all requests for data have to go through you (and/or your lawyers), and any confiscation of the physical hard drives on which your emails are stored requires a search warrant for your home. And unlike with email stored in the cloud, it will always be obvious if and when the police seize your email server.
But, of course, none of that stops the government from getting your server if they want it... it's just that in this one case you'll know about it.

And for what tradeoff? Well, there are some pretty big ones. If you're not particularly skilled and experienced with online security issues, your personal email server is almost certainly significantly less secure than the big companies that have strong security teams and are constantly making it stronger and on the lookout for attacks. If you're that good, you're not learning about the issue of hosting your own email server for the first time in... Slate.

The article insists that it's a myth that running your own server is a security nightmare, but I've yet to see an online security expert who agrees with that even remotely. Even the comments to the Slate piece are filled with IT folks screaming about what a bad idea this is.

In the end, this seems to be an issue of tradeoffs and skills. If you're quite skilled with online security and you think the government might want secret access to your email, then maybe in some limited cases, it might make more sense for you to run your own server -- though, even then you're exposing yourself to being hacked by the government too, because, you know, they do that kind of thing also in some cases. Otherwise, you're almost certainly opening yourself up to a home IT nightmare and a lot more trouble than it's worth for significantly less security.

In short, even if you're not Hillary Clinton, running your own email server is a bad idea. And if you're just now getting the idea from Slate... then it's a really bad idea.

38 Comments | Leave a Comment..

Posted on The Entrepreneur's Corner - 26 August 2016 @ 4:29pm

Administration Creates A Hack For A Entrepreneur's Immigration Visa

from the innovation-for-innovation dept

For many, many years we've talked about why the US should have an entrepreneur's visa to let in smart entrepreneurs who are able to build companies and create jobs in the US, rather than kicking out the very people who are helping to build out the US economy. However, because immigration is such a touchy issue, attempts to do so via Congress have gone nowhere. And while we've had some concerns about the actual implementation (in particular the focus on requiring the entrepreneurs to raise a fair amount of venture capital), the general concept is a good one.

Late on Friday, it appears that the White House effectively worked out a way to create a startup entrepreneur's visa on its own, without going through Congress. The US Citizenship and Immigration Services announced a plan to expand the "parole" powers it already has to international entrepreneurs, allowing them to stay in the country while building a company:

The proposed rule would allow the Department of Homeland Security (DHS) to use its existing discretionary statutory parole authority for entrepreneurs of startup entities whose stay in the United States would provide a significant public benefit through the substantial and demonstrated potential for rapid business growth and job creation.
Homeland Security would review each request on a case-by-case basis, but would require the following rules:
  • Who have a significant ownership interest in the startup (at least 15 percent) and have  an active and central role to its operations;
  • Whose startup was formed in the United States within the past three years; and
  • Whose startup has substantial and demonstrated potential for rapid business growth and job creation, as evidenced by:
    • Receiving significant investment of capital (at least $345,000) from certain qualified U.S. investors with established records of successful investments;
    • Receiving significant awards or grants (at least $100,000) from certain federal, state or local government entities; or
    • Partially satisfying one or both of the above criteria in addition to other reliable and compelling evidence of the startup entity’s substantial potential for rapid growth and job creation.
This does seem better than some of the earlier proposals, which included requirements after receiving the visa to have to raise upwards of $1 million from investors. We were worried that this would basically force entrepreneurs to take money from VCs when they might not otherwise need to. This parole system still has raising money as a criteria, but the amount is significantly lower and DHS also has the flexibility to still grant the parole without the investment if there is "other reliable and compelling evidence of the startup entity's substantial potential for rapid growth and job creation."

It does still feel a bit arbitrary, but overall this is definitely a good step for entrepreneurship in the US.

Read More | 9 Comments | Leave a Comment..

Posted on Techdirt - 26 August 2016 @ 2:43pm

France Passes Copyright Law Demanding Royalties For Every Image Search Engines Index Online

from the that'll-work-out-just-fine dept

The Disruptive Competition Project is detailing yet another bad copyright law change in Europe -- France, in particular, this time. Called the Freedom of Creation Act, it actually passed a few months ago, but people are just beginning to understand and comprehend the full horror of what's happening. Basically, it will now require any site that indexes images on the internet (i.e., any image search engine) to pay royalties for each image to a collection society.

How would this work? When an image is published online, the reproduction right and the right of communication to the public of this image shall be transferred to one or more collecting societies appointed by the French government. Online communication services “reproducing and communicating to the public images for search and indexing purposes” shall have to obtain a license from those collecting societies to index images legally. The license fee will either be based on the revenue accruing from the exploitation of the service or be a lump sum fee.
Of course, this makes no sense. In the US, thankfully, multiple cases on things like Google Images have found that indexing the images and showing thumbnails is clearly fair use. But that's not how it's going to work in France.

This seems particularly pointless on any number of levels. First, image search engines aren't "publishing" any works, they're just indexing what's already online and showing people where those images are. Second, if people creating works don't want them indexed they can just use robots.txt. And, yes, someone else might post those images elsewhere, but that's no reason to blame and charge a search engine. But the bigger issue, honestly, is that it's hard to see how this sort of system actually helps content creators at all. Does anyone honestly believe that the money this collection society collects will go to the people who created the indexed images? Remember, copyright collection societies have a very long and very detailed history of abuse and corruption. They collect lots of money, but they're not so great about paying it back out. And, as the Disruptive Competition Project points out, this is particularly problematic in this case, where both jurisdictional questions and just basic logistics make it almost impossible for the collection society to accurately distribute funds:
Moreover, the territorial scope of this measure is unclear. Are the rights of reproduction and communication to the public transferred to a collecting society when an image is published on a French website or on any website? Is the measure based on the nationality of the works? In practice, this measure may claim ownership of the billions of pictures uploaded everyday globally – even though the huge majority of those pictures are published today for personal use by the close-to-3-billion smartphones’ owners, not expecting any revenue. It is also worth noting that a sizable number of those pictures is published under a Creative Commons license that usually refuse remuneration in return, for example, for attribution. Therefore, this measure would override the choice made by users publishing under such a license – and more generally, would deprive rightsholders of the choice between licensing their pictures or not.

Even worse, there is no realistic way for collecting societies to redistribute the revenues from the license fees accurately and fairly to billions of rightsholders all over the world. The relevant collecting societies won’t attempt to contact all French rightsholders (when close to 70% of French citizens above 15 years old have a smartphone!), let alone all global rightsholders. In practice, the money will be split between the relevant collecting societies and the few rightsholders affiliated to those societies, who – as we say in France – won the “Jackpot”.
It will be worth following to see how this plays out. If France does follow through and a collection society actually goes after Google, it does make me wonder if Google might pull out the nuclear option yet again and shut down Google Images in France as it did with Google News in Spain, when the Spanish government passed a similar tax on news aggregation.

Once again, like so many of these laws, this seems to not be so much about copyright as it is about taxing Google.

61 Comments | Leave a Comment..

Posted on Techdirt - 26 August 2016 @ 10:49am

The FBI's Megaupload Domains Are Now Hosting Porn Ads

from the well,-they-have-some-experience dept

Well, we know the FBI is particularly adept at hosting porn on the internet. After all, just a few days ago it was revealed that in the short time it was running a child porn site as a honeypot, it actually made the site run much faster. But now Torrentfreak points us to the news that some other FBI sites are serving up porn as well, though mostly out of FBI incompetence, rather than competence. Apparently the domain the FBI was using for its nameservers for the domains it seized from Megaupload expired, and someone else snapped it up and redirected all the sites using those nameservers to advertisements basically for porn. So, the FBI is now essentially pointing people to porn via Megaupload.

Here's the really amazing thing, though: this is not the first time this has happened. The same exact thing happened last year for Megaupload.com. And after Torrentfreak reported on that, the FBI removed the namerservers completely. But just for the .com. The rest of the Megaupload domains continued pointing to the same nameserver... and the domain for that nameserver expired again and has been snapped up by another company pushing porn sites.
Now, the FBI apologists will argue that this is no big deal. Obviously, the FBI didn't do this on purpose. But it certainly does continue to raise questions about the FBI's competence on tech matters. Why the hell were they using nameservers that they either didn't control in the first place, or that were held by someone so incompetent that they were allowed to expire and be snapped up by someone else? Having nameserver domains expire is not a particularly common occurrence. Maybe it's time for the FBI to admit that seizing websites isn't exactly a core competence. Unless it's operating child porn websites. Then, apparently, it has super skills.

17 Comments | Leave a Comment..

Posted on Techdirt - 26 August 2016 @ 9:40am

Newspaper Archive Disappears From Google, Because Company Wants To Cash In

from the all-about-the-money dept

Another day, another case of copyright being used to lock up information, rather than make it more accessible. In this case, it's the news archives of the Milwaukee Journal-Sentinel, according to an interesting piece by Henry Grabar over at Slate. A decade or so ago, the newspaper partnered with Google to digitize all of its archives and make them publicly accessible.

The archive had initially been made available on Google around 2008 as part of the company’s effort to digitize historical newspapers. That project ended in 2011, but not before Google had scanned more than 60 million pages covering 250 years of history’s first drafts. Those newspapers have remained publicly accessible, and serve both professional historians and home genealogists.

When the Milwaukee project began, Google used microfilms from the papers that had already been uploaded to the ProQuest research database. Because some things were missing from ProQuest, the Journal-Sentinel asked the Milwaukee Public Library to help out. The library let the company digitize decades of microfilms to bulk out the digital archives.

The article notes that another company, named Newsbank, also has a deal with the Journal-Sentinel to digitize and archive its papers, and tried to get the Milwaukee Public Library to buy access to its database. The library found the offerings way too expensive (it was almost the entire amount of the library's materials budget). Newsbank decided that part of the problem was that the stuff was also available for free via Google, so it got the Journal-Sentinel to get Google to take down the archive that it had helped create, with help from the library.
Then, in August, Newsbank let the other shoe drop: According to Urban Milwaukee, Gannett—which purchased the paper in April—asked the Journal-Sentinel to ask Google to remove the paper’s digital archives, which the company did. It’s harder to sell a product when it’s being given away for free, after all.
So now the digital archive that the Milwaukee Public Library had helped Google and the Journal-Sentinel create, is no longer available, because another company wants the MPL to pay a significant percentage of its operating budget to access the same material.
What’s different about Milwaukee is that the city is being asked to buy back something it already had—and, in the case of the library’s digital scans, had even helped build.
The library has said that it plans to have the new archive available for people soon -- but it likely won't be free any more. Perhaps because it now needs to pay to get access to the same database it had helped create. Remember when copyright law was supposed to be about furthering knowledge and learning -- and not locking it up so that one company could extract all profit from it?

26 Comments | Leave a Comment..

Posted on Techdirt - 26 August 2016 @ 8:32am

Former US Patent Office Director Freaked Out That Business Methods & Software Are Less Patentable Than Before

from the chill-out,-david dept

Bloomberg has an interesting article noting how the US Patent Office is (rightfully!) rejecting lots of software and business method patent applications these days, thanks to the Supreme Court's excellent ruling in the Alice case.

Fewer than 5 percent of applications for business-method patents are getting approved by the patent office, according to data from law firm Kilpatrick Townsend & Stockton and LexisNexis PatentAdvisor. (A typical approval rate is 25 percent to 45 percent.) When asked how many business-method patents they’ve approved in the past year or two, patent examiners often say “the answer is zero,” according to Kate Gaudry, a Kilpatrick Townsend patent lawyer. “Some of them are saying, ‘My hands are tied.’ ” The number of business-method patent applications has fallen in half since 2014, as patent owners seek different classifications or give up altogether.
Courts are doing similar work:
Courts have invalidated more than 370 software patents under the new standard, according to data compiled by law firm Fenwick & West. District and appellate courts have thrown out two of three patents brought before them since Alice Corp. v. CLS Bank.
Now, for those of us who were paying attention to what a mess things were before this is an undeniably good situation. Bad patent applications and bad patents are getting rejected. We don't need broad patents on software and business methods. Let people build stuff and compete in the marketplace. This is good for innovation.

But, of course, if you're former US Patent and Trademark Office boss David Kappos -- who presided over a massive increase in patenting, which the Government Accountability Office recently noted was mainly due to basically no quality standards being used -- this is a bad thing. Perhaps he takes it personally that the current patent situation really puts an exclamation point on the fact that he helped usher in hundreds of thousands of anti-innovation weapons that could be used to shake down actual innovators. So he has to lash out at this change where you can't just willy nilly patent obvious software and business method ideas:
He says the invalidation of patents is “out of control” and has “definitely gone too far,” citing a case awaiting an appellate ruling in which a patent has been invalidated for software enabling video game developers to more easily manipulate the movements of characters’ mouths to match dialogue. “Important software innovations that are highly technical are being deemed unpatentable,” Kappos says. “You can get software patents allowed in both China and Europe that aren’t allowable in the U.S. anymore.”
So? That's actually a good thing for innovation. It means more people can build on and improve on that work and there can be more competition, which leads to more rapid innovation. Why is Kappos so against that? We're seeing amazing new innovations happening all the time and it's not because of patents. If Kappos got away from all the patent lawyers he spends his time with and spoke to actual engineers who are doing the innovating, he'd find they don't care about patents. They're excited about patents being rejected because it means they can focus on building cool and innovative stuff again.

11 Comments | Leave a Comment..

Posted on Techdirt - 26 August 2016 @ 6:33am

Certificate Authority Gave Out Certs For GitHub To Someone Who Just Had A GitHub Account

from the oops dept

For many years now, we've talked about the many different problems today's web security system has based on the model of security certificates issued by Certificate Authorities. All you need is a bad Certificate Authority to be trusted and a lot of bad stuff can happen. And it appears we've got yet another example.

A message on Mozilla's security policy mailing list notes that a free certificate authority named WoSign appeared to be doing some pretty bad stuff, including handing out certificates for a base domain if someone merely had control over a subdomain. This was discovered by accident, but then tested on GitHub... and it worked.

In June 2015, an applicant found a problem with WoSign's free certificate service, which allowed them to get a certificate for the base domain if they were able to prove control of a subdomain.

The reporter proved the problem in two ways. They accidentally discovered it when trying to get a certificate for med.ucf.edu and mistakenly also applied for www.ucf.edu, which was approved. They then confirmed the problem by using their control of theiraccount.github.com/theiraccount.github.io to get a cert for github.com, github.io, and www.github.io.

They reported this to WoSign, giving only the Github certificate as an example. That cert was revoked and the vulnerability was fixed. However recently, they got in touch with Google to note that the ucf.edu cert still had not been revoked almost a year later.
As you can imagine, this should be a cause for quite some concern:
The lack of revocation of the ucf.edu certificate (still unrevoked at time of writing, although it may have been by time of posting) strongly suggests that WoSign either did not or could not search their issuance databases for other occurrences of the same problem. Mozilla considers such a search a basic part of the response to disclosure of a vulnerability which causes misissuance, and expects CAs to keep records detailed enough to make it possible.
Mozilla also noted that WoSign never informed it of the earlier misissuance either. This is a pretty big mistake. The Mozilla post also calls out some questionable activity by WoSign in backdating certificates, but this first point is the really troubling one.

I recognize that until a better system is found, certificate authorities issuing certificates is about all we have right now for web security -- but, once again, it really seems like we need to be moving to a better solution.

10 Comments | Leave a Comment..

Posted on Techdirt - 25 August 2016 @ 4:05pm

Team Prenda Done Fighting Judge Otis Wright

from the govern-yourself-accordingly dept

Well, one of the big Prenda cases may finally be over. As you may recall, the first truly scathing legal ruling against Team Prenda came a little over three years ago when Judge Otis Wright basically lit Team Prenda on fire. If you haven't read that whole decision in a while, it's still a thing of beauty. Here's just one paragraph:

Plaintiffs have demonstrated their willingness to deceive not just this Court, but other courts where they have appeared. Plaintiffs’ representations about their operations, relationships, and financial interests have varied from feigned ignorance to misstatements to outright lies. But this deception was calculated so that the Court would grant Plaintiffs’ early-discovery requests, thereby allowing Plaintiffs to identify defendants and exact settlement proceeds from them. With these granted requests, Plaintiffs borrow the authority of the Court to pressure settlement.
Since this was their first really major loss in court, Team Prenda still brashly insisted they would prevail on appeal, and that Judge Wright's ruling would not last. At the time Prenda mastermind John Steele even insisted that this was the only time that they had lost:
But very few people can argue that these [sanctions] are allowed, legally. The overwhelming majority of courts have found in our favor in hearings. The only cases that stand out are Judge Wright.
Of course, since then, court after court after court after court after court has ruled against Steele (there are more, I just got tired of finding them all). And, of course, Steele is facing discipline from the Illinois Attorney Discipline Board and, quite possibly, criminal trials (where the investigation likely began following Judge Wright's ruling, which passed along the info to law enforcement).

In the midst of all of this, Steele's big appeal of Wright's ruling, that he was so sure about, fell flat on its face back in June. For all of Steele's talk about how Wright was totally off base and there was no basis for sanctions, the 9th Circuit didn't buy it at all.
The district court did not abuse its discretion in ordering the Prenda Principals to post additional bond to cover Doe’s attorney’s fees on appeal. The district court had ample reason to do so. The Prenda Principals have engaged in abusive litigation, fraud on courts across the country, and willful violation of court orders. They have lied to other courts about their ability to pay sanctions.... They also failed to pay their own attorney’s fees in this case. Considering the Prenda Principals’ tactics throughout this case, it was not an abuse of discretion to increase the bond amount to cover the projected cost of attorney’s fees on appeal.
Given all that, the case went back down to Judge Wright and, finally, it appears that this case is really over. Earlier this week, Judge Wright basically closed out the case after Steele and Hansmeier* agreed to settle rather than try to fight on, with the insurance company that had originally secured the bond they needed to get to cover the possible sanctions, SureTec, agreeing to pay out the money. (*Well, not really Hansmeier -- since he filed bankruptcy, the bankruptcy trustee handled it for him instead).
Doe, Steele, and Hansmeier filed a stipulation and proposed order with the Ninth Circuit seeking to settle all issues that were the subject of the appeal, the relevant terms of which are as follows: (1) Doe shall be paid a total amount of $132,393.75, which consists of the original $81,319.72 sanction, $278.73 in interest, and $50,795.30 in costs and fees incurred on appeal; (2) Doe will move this Court for summary adjudication of SureTec’s obligation on the bonds in the amount of $132,393.75, which Steele and Hansmeier agree not to oppose; and (3) Doe, Steele, and Hansmeier agree not to file any further motions, appeals, or petitions for writ of certiorari on the issues adjudicated on appeal.
Judge Wright accepts the agreement and the case is basically, finally, over.

Read More | 24 Comments | Leave a Comment..

Posted on Techdirt - 25 August 2016 @ 2:31pm

Uber & Lyft As An Extension Of... Or Replacement For... Public Transit

from the well-that's-interesting dept

Lyft just announced an interesting partnership with MARTA, the Metropolitan Atlanta Rapid Transit Authority to basically help get more people to and from MARTA stations. It's an interesting approach to try to help make public transit more convenient:

Partnering with transit agencies like MARTA is a core part of our vision to build a sustainable transportation network. By helping fill the first and last miles between a passenger’s home and a MARTA station, we’re making it easier than ever to ride transit. We believe that when transit is within reach of everyone, our cities are more liveable, connected, and prosperous.
Of course, it's not entirely clear what's really involved in the "partnership" beyond marketing. Yes, Lyft is offering discount vouchers, but only for 10 rides. And you could already use Lyft or Uber to do this without the partnership.

Where this potentially gets more interesting is the decision of Dublin, California, to look to Lyft and Uber as a substitute for public transportation by subsidizing rides via those companies instead of taking a bus.
In a first for California, a public transit agency next month plans to begin subsidizing fares of people who take private Uber and Lyft cars to local destinations rather than riding the bus.

Passengers ordering Uber or Lyft car trips within two test areas of Dublin will be eligible to get door-to-destination service at a big discount under a partnership between the ride-hailing companies and the Wheels public bus system in Dublin, Alameda and Pleasanton.
The local transit authority is even suggesting that this might change the way they set up routes and serve certain communities. In fact, they've already killed off one (little used) bus route, suggesting that this new partnership can help replace that route more efficiently.

I can see why this might annoy some people -- and certainly those who don't trust big private companies like Uber and Lyft are going to complain. Similarly the bus driver's union rep is apparently pissed off. But this is still a really interesting experiment. If it allows municipalities to truly offer better, more efficient transportation and it's cheaper overall, then is it really a problem that some companies might also make some profits from it? It will be interesting to see how this experiment in Dublin works out and if other cities follow suit. And it seems like a much better idea than what's happening in Massachusetts, where the government has instituted a special tax on Lyft and Uber... and giving that money to the taxi companies who didn't innovate.

13 Comments | Leave a Comment..

Posted on Techdirt - 25 August 2016 @ 1:04pm

Techdirt Reading List: Knowledge And The Wealth Of Nations: A Story Of Economic Discovery

from the the-economics-of-information dept

We're back again with another in our weekly reading list posts of books we think our community will find interesting and thought provoking. Once again, buying the book via the Amazon links in this story also helps support Techdirt.

Okay, this is one of my absolute favorite books for understanding economics -- and especially the economics of information. Have you ever read a book where you keep finding yourself excited because you've discovered that other people had independently worked out a bunch of the ideas that had been sifting through your brain? That's what Knowledge and the Wealth of Nations: A Story of Economic Discovery by David Warsh was for me. It almost made me giddy, because I had just been working through my own mental model for the economics of abundance, and then I discovered that some pretty well known economists had been sorting the same things out themselves. It was exciting.

The book is really well written too. Most of the first half is a fun look at historical economists (going beyond just the economics of information and growth, but using that as a sort of central theme). And then the rest focuses on the work of the economist Paul Romer, who basically brought things around in a very useful way when it comes to the economics of information. Actually, one of the things that bothered/stunned me a little was that this work had been done so recently. As I had been sorting through it, I kept thinking back to applying work from much earlier economists, without realizing that it was still considered such a challenging issue. A key point in the book is understanding how information is the key to economic growth, and in particular, the fact that information itself is abundant, rather than scarce. It's that abundance, and the ability to spread it, that creates new ideas, better efficiency, more growth and a better overall world. Before all that, many economists had actually been confused as to why some economies grew, and others didn't -- and they were equally confused about the role of technology in enabling economic growth. This book lays out a lot of points around this in a really useful manner. I reread it every few years and recommend it highly.

Leave a Comment..

Posted on Techdirt - 25 August 2016 @ 12:00pm

Apple Updates iOS To Close Three Separate 0days That Were Being Exploited

from the throw-away-your-phone dept

As you may have heard, if you have an iOS device (iPhone, iPad, even iPod Touch) you should be updating your devices, like a few hours ago. Seriously, if you haven't done it yet, stop reading and go update. The story behind this update is quite incredible, and is detailed in a great article over at Motherboard by Lorenzo Franceschi-Bicchierai. Basically after someone (most likely a gov't) targeted Ahmed Mansoor, a human rights activist in the United Arab Emirates with a slightly questionable text (urging him to click on a link to get info about prison torture), a team of folks from Citizen Lab (who have exposed lots of questionable malware) and Lookout (anti-malware company) got to work on the text and figured out what it did. And, basically the short version is that the single click exploits three separate 0days vulnerabilities to effectively take over your phone in secret. All of it. It secretly jailbreaks the phone without you knowing it and then accesses basically everything.

“It basically steals all the information on your phone, it intercepts every call, it intercepts every text message, it steals all the emails, the contacts, the FaceTime calls. It also basically backdoors every communications mechanism you have on the phone,” Murray explained. “It steals all the information in the Gmail app, all the Facebook messages, all the Facebook information, your Facebook contacts, everything from Skype, WhatsApp, Viber, WeChat, Telegram—you name it.”
So that's great.

The researches believe they've tracked back the exploit to a secretive hacking company called NSO Group. The full Citizen Lab writeup on all of this is quite fascinating as well. They estimate that this exploit from NSO probably costs in the range of a million dollars on the market, though obviously it's closed now. That doesn't mean that NSO or others don't have other exploits up their sleeves.

The report also notes that this kind of exploit is probably just used by nation states right now, but there's nothing to say that it couldn't move down the stack before too long, letting all sorts of mischievous characters look to basically completely pwn your phone. Pretty scary stuff, and yet another reminder of why it's so dangerous that folks like the NSA are hoarding 0days, rather than revealing them, and that the FBI is trying to force tech companies to break encryption and other tools that are necessary to block these kinds of attacks.

18 Comments | Leave a Comment..

Posted on Techdirt - 25 August 2016 @ 9:44am

If You're Angry About Twitter Banning Someone 'Permanently' For Sharing Olympics GIFs, Blame Copyright Law

from the bad-law-creates-bad-ideas dept

Over on LinkedIn a guy named Jim Weber wrote about how he was banned permanently from Twitter because he shared a few GIFs from the Olympics.

It all started when I saw a GIF of her sublime first pass on the floor routine two weeks ago on the front page of Reddit. Wanting to share what an awesome moment this was, I downloaded the GIF and uploaded it to Twitter with these four words: "Aly Raisman: She's good."

[To be fully transparent, I also tweeted GIFs of this awesome Japanese wrestler celebrating with her coach and this incredible Perfect 10 by a Chinese diver during the games.]

I had read that the IOC was banning the press from using GIFs but I didn't see how that applied to me. Sure, I didn't have the rights to any footage at the Olympics — just like countless blogs and users don't have rights to the NFL, NBA, MLB, NHL and NCAA footage that they create GIFs out of and profit from every day.

Weber notes that he figured the worst that would happen is that those tweets would get taken down. Instead, his account was banned. Permanently (though, as it turned out later, not really).
The story has gone pretty viral (on Twitter, naturally), with lots of people expressing anger at Twitter. It also appears that soon after the story started spreading, Twitter actually changed its mind and put back his account.

Here's the thing, though: if you want to get upset about this, don't get upset at Twitter. Get furious at parts of the DMCA and how some courts have interpreted it lately (and the International Olympic Committee -- it almost always deserves the anger that is pointed in its direction for its extreme protectionist/copyright policies). But remember, not too long ago, the ISP Cox lost big time in an important DMCA case, at the key issue that swayed the judge was the lack of a competent "repeat infringer policy." And what was one of the key things in that case? The fact that Cox didn't permanently ban people.

So if you're the legal team at Twitter, and you're keeping up on the caselaw, you better believe that you're going to make sure that you have a serious "repeat infringer policy" that kicks people off permanently for sharing a few pieces of copyright-covered material. Because even as basically everyone is saying "what? you shouldn't lose your account permanently for sharing a few happy gifs from the Olympics," in court it would be spun as "Twitter has a history of failing to reasonably implement a repeat infringer policy, as required by the DMCA in Section 512(i)(1)(A)." And if the Olympics or whoever gets a judge like the one in the Cox case, who doesn't seem to care much about whether people use the internet or not, Twitter might just lose.

Yes, Twitter probably could have handled this a lot better, but if you want to get angry, get angry that copyright law is so fucked up these days.

Oh, also, this is a decent reminder to be at least somewhat careful about relying too much on anyone's platform. Weber claims to recognize that...
Not only do I not plan to start a new Twitter account, I'm hesitant to post anything to social media platforms such as Facebook, Instagram or Snapchat with the knowledge that they can and will permanently shut down your account with the snap of their fingers.
... except his post about all of this is published on LinkedIn, which is really no different than any of the other social media platforms he listed above. So there's a bit of irony in declaring that he's hesitant to post on social media platforms... on a social media platform.

18 Comments | Leave a Comment..

Posted on Techdirt - 25 August 2016 @ 8:41am

Lawyer Sues Basically All Mainstream Media For RICO Violations For How They Report On Donald Trump

from the yeah,-that's-not-going-to-work dept

If you do a Google search on Roy Den Hollander, as I just did, you may discover that basically every result is a story about some absolutely ridiculous lawsuit he has filed. There was the time he sued a nightclub claiming that requiring him to buy a $350 bottle of vodka was a human rights violation. Or the time he sued a bunch of night clubs for violating the 14th Amendment by having "Ladies' Nights." Or the time he sued Columbia University for offering women's studies courses. Or the time he wanted to file a lawsuit to force women to register for the draft. And these are all stories from just the first page of Google results (or following links from those stories). But, you get the idea.

And now he's back with a new lawsuit. He's basically suing the entire mainstream media claiming that how they report on Donald Trump is a RICO violation. No, really.

This is an action against the above named defendant news reporters and commentators (“Reporters”) for violating the civil Racketeer Influenced and Corrupt Organizations Act, 18 U.S.C. § 1961 et al., (“RICO”) by repeatedly committing the racketeering activity of wire fraud, 18 U.S.C. § 1343, when they (1) create and cause to be broadcast and disseminated false and misleading news reports concerning the Donald J. Trump candidacy for President of the United States (“Trump Candidacy”); (2) provide commentary based on a false set of facts or fail to reveal the alleged factual basis for the assertion of their judgments; and (3) lobby on various news-talk shows in furtherance of their opposition to the Trump Candidacy.
And to think, I'd been looking for an opportunity to point people to Ken "Popehat" White's Lawsplainer entitled IT'S NOT RICO, DAMMIT:
Would it be RICO if . . .



. . . .


But how do you know? I haven't even described the case yet.

It's never RICO!

I mean, not literally never. But I can say with a very high level of confidence that if you're asking me, it's not RICO.

But it's an important case! And the facts are terrible! This defendant did really bad things.

That's not what RICO means. RICO is not a fucking frown emoji. It's not an exclamation point. It's not a rhetorical tool to convey you are upset about something. It's not a petulant foot-stomp.

RICO is a really complicated racketeering law that has elaborate requirements that are difficult to meet. It's overused by idiot plaintiff lawyers, and it's ludicrously overused by a hundred million jackasses on the internet with an opinion and a mood disorder.
There's more at that link. You should read it if you ever wonder if a case is a RICO case.

The lawsuit prattles on and on, but it's not RICO. And, of course, it's not going anywhere, because of the First Amendment. And, honestly, the court might as well just say "No, go away" and point to the First Amendment, but instead will be forced to waste it's time in writing up a more comprehensive explanation for why the media reporting, no matter how much you disagree with it, is not breaking the law.

Read More | 41 Comments | Leave a Comment..

Posted on Techdirt - 24 August 2016 @ 11:45am

Nice Officials Say They'll Sue Internet Users Who Share Photos Of French Fashion Police Fining Women In Burkinis

from the liberte! dept

Over the last few weeks there's been plenty of controversy over plans on the Côte d’Azur in the south of France to ban burkinis -- a kind of full body bathing suit favored by some Muslim women. As the Guardian pointed out recently, the whole thing seems like a "bizarre inversion" of Muslim countries where making sure women are covered is enforced:

The burkini row may seem banal, and to some a surreal inversion of laws in Islamic countries, but it has become yet another flame in the murderous tinderbox of Islamism in France, invoking issues of control over the body, religious freedom, racism, provocation, terrorism, Islam and Islamophobia, republicanism and what the French call laïcité. Lïïcité is the hardest for people outside France to understand: our words “laity” and “secularism” fail to express the depth of allergy to all things theocratic, which is endemic to French societal fabric since the revolution.
Others are pointing out the absurdities when compared to what's allowed. I've seen several versions of this, but this one is my favorite:
Either way, the story blew up again last night as the Daily Mail reported on actual instances of women on a beach in Nice being forced to remove clothing and pay fines. While the Daily Mail is not particularly trustworthy on news, a number of other publications have now confirmed the story as well, and pictures are floating around on social media of police forcing women to remove clothing, including one where it's pretty clearly not a burkini at all, but just a large shirt or muumuu of some sort.
This seems pretty ridiculous on all sorts of levels, but never think things are so ridiculous that some politicians can't make them worse. Guillaume Champeau from the excellent French site Numerama alerts me to the news that the deputy mayor of Nice, Christian Estrosi is threatening to sue those who share these images over social media. Yup, France, a country that claims to pride itself on freedom is not just telling women that they can't cover themselves up too much on the beach, but that it's also illegal to report on the police following through on that. Here's is the awkward Google translation of the French report:
Christian Estrosi ... has published a press release by the city of Nice, to announce that he would file a complaint against those who would broadcast pictures of municipal police verbalize women guilty of exercising what they believed to be their freedom to dress from head to feet on the beaches.

" Photos showing municipal police of Nice in the exercise of their functions have been circulating this morning on social networks and raise defamation and threats against these agents ," the statement said.
Wait. Showing accurate photos creates defamation against the police? How's that work? Estrosi apparently says that legal actions have already been filed, though Numerama was unable to confirm any legal actions as yet. The article also notes that despite Estrosi implying otherwise, police do not have any sort of special protections that say they cannot be photographed while in public.

Either way, it's not clear what this kind of move will accomplish other than making France appear intolerant and petty towards all sorts of freedoms, including religious freedoms and freedom of speech.

130 Comments | Leave a Comment..

Posted on Techdirt - 24 August 2016 @ 9:30am

Copyright Group, In Arguing Against FCC's Set Top Box Proposal, Appears To Argue That VCRs & DVRs Are Also Illegal

from the that's-not-how-it-works dept

Earlier this month, we wrote about how the Copyright Officer had filed a really bizarre and legally dubious comment with the FCC concerning the FCC's plan to open up competition in TV set top boxes, ending cable company's monopoly on those boxes (for which they bring in $21 billion in revenue per year). The FCC's plan was pretty straightforward -- and the cable companies have attacked it on all sides, with the one argument that seems to be sticking is that this plan is somehow an affront to copyright, and would result in piracy. This is blatantly, factually incorrect. The FCC's plan makes it clear that any system would retain existing technology protection measures against piracy (for better or for worse). If this new system resulted in infringement, it would because there's infringement on the internet already, not because of these new rules.

The Copyright Office's comment was ridiculous on multiple levels, but the worst was the basic argument that private agreements between cable providers and content providers could somehow limit or erase the fair use rights of the public. Yet that's exactly what the Copyright Office argued:

"The Office's principal reservation is that, as currently proposed, the rule could interfere with copyright owners' rights to license their works as provided by copyright law, and restrict their ability to impose reasonable conditions on the use of these works through the private negotiations that are the hallmark of the vibrant and dynamic MPVD marketplace."
This simply incorrect interpretation of the law raised some pretty serious questions, with Public Knowledge going so far as to note a somewhat disturbing pattern of the Copyright Office acting like a lobbying arm for Hollywood, rather than an impartial organization bound by what's in the actual law.

Following up on all of this, one of the many legacy entertainment industry lobbying groups, the Copyright Alliance has released its own letter to the FCC basically repeating what the Copyright Office claimed. It also put out a blog post about the letter... but really the blog post seemed to be an attempt to attack Public Knowledge for its comments about the Copyright Office.

The Copyright Alliance's letter is basically exactly what you'd expect, rehashing the already debunked claims about how the FCC's plans will cause copyright problems, but the Copyright Alliance seems to take it one step further, arguing, ridiculously, that anything that copyright holders don't like is obviously against the law. Read the following quite carefully:
As noted by the Copyright Office, copyright law is predicated on the theory that creators are incentivized to create new works by the prospect of reaping the economic fruits of their creative labor, which in turn benefits the public by increasing the number of creative works available for their enjoyment. This economic rationale behind copyright protection has been repeatedly confirmed by the Supreme Court. The Copyright Act creates these incentives by granting copyright owners a bundle of exclusive rights in their works, which they can assign and/or license to third parties in their discretion. The detailed contractual arrangements governing the release of copyrighted works into the commercial marketplace are what enable copyright owners to realize the full value of their works. The FCC’s Proposal undermines this licensing structure by forcing MVPDs to deliver copyrighted content—including all content the MVPDs license from programmers and other content creators—to unlicensed third parties, without the authorization of those copyright holders, while offering no mechanism to ensure that the detailed license arrangements between MVPDs and programmers/copyright owners are respected. Therefore, the Register is correct in her observation that the Proposal threatens to harm copyright owners by encroaching on their exclusive prerogatives to both exercise and license their rights to reproduce, distribute, display, and perform their creative works, as well as by undermining their ability to earn a return on their investment in those works.
Except, if what I've bolded above is actually copyright law, then the VCR, the DVR, the MP3 player, photocopiers and much of the very internet itself are inherently against copyright law. But that's not what courts have found. If you look at the classic Betamax lawsuit, it made it abundantly clear that even when there were license agreements between content providers and TV stations that end users could absolutely record and watch content via an "unlicensed" device, known as the VCR. This just takes the Copyright Office's ridiculous assertion that copyright holders and ISPs can somehow write fair use out of their agreements for end users, and takes it even further to effectively write the Betamax ruling out of existence and set up a framework that says there can be no fair use in new consumer electronics.

That's both wrong and crazy. And, yes, I know that the former Copyright Office boss Ralph Oman has argued that all technology should be considered infringing until Congress says it's okay, but that's not the actual law, and it's incredibly dishonest to suggest it's the case.

Here's the important thing that the Copyright Office and the Copyright Alliance don't seem to understand (or are willfully ignoring). This content is already licensed. The only people who will get access to it are those who have a legitimate right to access the content from their cable providers. In other words, everything is licensed. There is no "harm" at all. The only issue is that the content can be accessed (by the paying subscribers!) via alternative hardware (which might add some more features, but which will still have the same copy protection). But nothing in this creates any problems for the content creators, because the overall setup is the same. They have licensed the work. The hardware alternatives that may arise may include some additional features, such as recording and such, but that's well within their legal rights under fair use. The complaint here seems to just be that the Copyright Alliance and the Copyright Office don't like fair use and don't want the Betamax standard to exist any more.

The Copyright Alliance and its funders in the entertainment industry may wish that the VCR were never made legal (even though it was a device that basically saved Hollywood by bringing in massive new markets and revenue streams), but they don't get to rewrite history and pretend it doesn't exist.

It's this kind of crap that is so annoying about these groups like the Copyright Alliance. They are flat out misrepresenting reality.

Read More | 55 Comments | Leave a Comment..

Posted on Techdirt - 24 August 2016 @ 8:31am

Tempting Fate: Pittsburgh Election Officials Insist Their E-Voting Machines Can't Be Hacked

from the fire-everyone dept

Let's face facts: if you have an electronic voting machine it can be hacked. Anyone who claims any piece of technology or computer equipment is "unhackable" is a fool and should not be in a position to determine the security of such equipment. Electronic voting machines have a very long tradition of having absolutely horrible security and being easily hacked. It's why it's so important that people understand just how vulnerable these things are, not just because they can be hacked, but the poor security practices around them will lead many people to distrust the results of any election, even if all the votes were actually counted.

You know what doesn't help? Having election officials declare their e-voting machines unhackable. And yet that's exactly what officials in Pennsylvania's Allegheny County (think: Pittsburgh) have done.

Starting in the next few weeks and running past Election Day, the machines will undergo tests to ensure they are recording votes properly, that they have not been hacked and that they cannot be tampered with, said Mark Wolosik, longtime manager of the Allegheny County Elections Division. Each test is designed to check a potential breach in the system.

“The voting public can feel confident,” Wolosik said. “Everything is tested extensively before the election, after election and on Election Day.”

Election officials in Allegheny and Westmoreland counties said they are confident their electronic voting systems are immune from hackers or malware that could alter election results.

“In my experience, there is no way to compromise these election systems,” said Dave Ridilla, head of Westmoreland County's computer information department.
That doesn't make me feel more confident. It makes me question the competence of those officials. Any such hardware can be hacked. Saying it can't means that you're just not understanding the threats you face, and that's more problematic. There are things that people can do to minimize the risks, and hopefully that's what's happening here, but giving a flat out "there is no way" statement is ridiculous on its face and is almost screaming out to have that statement mocked when the equipment is actually hacked.

The machines being used do not appear to have open source software that people can examine, and they don't have a paper backup, so if votes are tampered with there's really no clear way to know for sure. That's especially problematic. Yes, people may have done a good job securing the machines, but saying they can't be hacked is not just wrong, but it calls into question the competence of the people securing the machines.

42 Comments | Leave a Comment..

Posted on Techdirt - 23 August 2016 @ 10:30pm

Little Tree Air Freshener Company Sues Non-Profit For Making Tree Shaped Ornaments

from the who-owns-the-trees dept

You know those stupid and annoying "tree shaped" car air fresheners you see every damn where? Of course you do. The company behind those "Little Trees" is called Car-Freshner Corporation, and it's notoriously overprotective of whatever trademark it thinks it has. Way back in 2009, we wrote about the company and an absolutely ridiculous ad it had taken out in Photoshop User Magazine:

At the time, we noted how odd it was to take out a full page ad warning people against supposed trademark infringement, and over-claiming its own rights at the same time (e.g., "no matter how you use it."). So it comes as little surprise that Car-Freshener corporation is a bit of a trademark bully in court. Though, perhaps it's met its match -- and it may result in it losing some trademarks.

Trademark lawyer Marty Schwimmer, who runs the excellent Trademark Blog, is representing a non-profit organization, Sun Cedar, that has been sued by Car-Freshener for daring to create tree-shaped blocks of wood (cedar!) that smell good. The answers and counterclaims from Sun Cedar is worth the read in full, but we'll hit a few high points here. Sun Cedar is not just a non-profit, but an organization that tries to train and to employ "at risk" individuals, including those who are homeless, ex-felons and substance abusers to help them get back on their feet. The organization creates objects out of wood, including tree shaped ornaments. It even ran a very successful Kickstarter project last year.

So, yeah, both organizations make tree shaped objects that smell nice. But that's about the extent of it. To argue that only the Little Trees trademark extends that far is a huge reach. In comparing the two, Sun Cedar's response points out that the only real similarities are the idea of a pine tree -- and that's not protectable.
Sun Cedar does not use any distinctive element that Plaintiffs could arguably claim as a mark (such as the saturated green field or block base in its Tree Design). It is questionable whether Plaintiffs can assert rights in either a blank silhouette of a tree or a blank configuration of a pine tree, because Plaintiffs (1) chose the pine tree outline for functional reasons (to the point of patenting the shape); and (2) have abandoned the blank silhouette registrations, as they do not use blank silhouettes as trademarks in commerce. Finally, Sun Cedar’s $10, thick, wooden ornaments are sold on its website, through Kickstarter, and in “green” retail stores, as opposed to in the gas stations and car washes that sell Plaintiffs’ approximately $1.00 cardboard-thin cellulose car fresheners. The two products never have and never will be offered for sale side by side in any retail setting.
Now, if you follow the law around trademarks and patents there are a couple of eyebrow raising statements in that paragraph above, beyond just the "hey, our trees are nothing like your trees and there's no chance of confusion." That's the standard "no likelihood of confusion" defense to trademark claims. And it's a good one here, because, really, those are pretty different. And it's ridiculous to argue that any tree shaped thing that smells nice infringes -- especially since there are lots of other such products:

So, yeah.

But, as mentioned above, there are other serious problems here called out in the response and counterclaims that could mean that Car-Freshener is going to lose some of the trademark protections it likes to claim it has. First up: the patent issue. What's that got to do with anything? Well, you see Car-Freshener apparently also got itself a patent on its design, patent 3,065,915, granted back in November of 1962. As you're probably aware, that patent is now long expired. But what does that have to do with the trademark? Well, the patent -- which is technically on the system for removing the car freshener from the packaging over a period of time to release the smell, claims that the tree-shaped design is actually functional to make all this work:
Upon information and belief, this diagram illustrates the system claimed by the ’915 Patent. Specifically, the diagram consists of seven images, each showing the body of the air freshener in different stages of removal from the cellophane package over a seven week period. A notch is cut in the center of the cellophane. The first week, the packaging is pulled down to the first branch and only the top of the tree is exposed. The second week, the packaging is pulled down to the second branch, exposing more of the tree, and the cellophane is tucked under the corresponding branches. This continues until the seventh week, when the tree is removed completely from the packaging.
This matters to trademark law because you can't trademark functional design. That's what patent law is for. So Sun Cedar is arguing that the entire trademark here is invalid because it tried to trademark a functional design, and the fact that it's functional is proven by Car-Freshener's own patent. That's a neat legal judo move.
In short, upon information and belief, the shape of the Tree Design is essential to the use or purpose of the article for which it is registered, namely air fresheners. As such, the Tree Design is functional and is not entitled to registration, pursuant to Section 14(3) of the Lanham Act, 15 U.S.C. § 1064(3).
The filing also argues that the rectangular block base of Little Trees fresheners is also functional since it's used to display names or the type of scent or other information.

The other interesting argument is that Car-Freshener actually abandoned the actual design in the trademarks that it holds on Little Trees. It gives a few examples of this, but we'll show one here to demonstrate. In arguing that Car-Freshener has abandoned trademarks like US Reg. No 1,781,016, the filing points out that the actual trademark is for a silhouette of the tree shape:
But that the products it's offering, which it claims show the use in commerce, are not of the silhouette, but quite different:
I will admit that this part -- claiming abandonment -- feels like more of a stretch to me. Frankly, it seems the case should be won solely on the lack of any likelihood of confusion. But the patent argument saying that the tree-shaped design is functional and therefore cannot be covered by trademark sure is a fun one. It will be interesting to see how this goes in court -- and whether or not Car-Freshener's trademark bullying over its Little Trees products results in the company actually losing some or all of its trademarks...

Read More | 29 Comments | Leave a Comment..

Posted on Techdirt - 23 August 2016 @ 9:43am

Think Tank That First Proposed SOPA Now Claims 'Proof' That SOPA Would Have Been Great

from the yeah,-good-one,-guys dept

Oh boy. The Information Technology and Innovation Foundation (ITIF) is a DC-based think tank that, from it's name, you might think would promote things that are important for innovation. And yet, this misleadingly named think tank has been on the wrong side of almost every major tech issue over the last few years -- perhaps because a large segment of its funding comes from anti-technology industries, like the entertainment industry and the large telco/broadband providers. This is the same organization that argued that net neutrality was bad, that kicking people off the internet for piracy was a good idea, that the US gov't should encourage countries to censor the internet and, most recently, that broadband companies charging more to not track your every move is "pro-consumer."

But perhaps the pinnacle of bullshit policy proposals from ITIF was that it was the organization (again, funded by the entertainment industry) that first proposed the basic framework of site blocking as a response to copyright infringement, back in 2009. The basis of that proposal was then turned into SOPA, leading ITIF to take a victory lap for creating what it believed was such a good law.

Of course, you know how that all went down. After actual technologists pointed out how problematic the ITIF approach to site blocking would be, and the public spoke up, the bill went nowhere. And ITIF is basically the sorest of sore losers. Last fall, ITIF published a bogus snarky "report" insisting that it's original SOPA plan for DNS blocking "did not break the internet." This, of course, conveniently misstates what was meant by "breaking the internet" when tech experts like Paul Vixie explained the problems with SOPA. It wasn't that the overall internet would just stop working or that fewer people would use it, but rather than basic ways in which the internet is expected to function (I reach out to this DNS entry, I get back the proper response) would fail, and that would open up opportunities for serious mischief, from man in the middle attacks to breaking how certain security protocols work.

But ITIF just can't let it go. This week it published a new report, once again using snark to insist that the internet didn't break: How Website Blocking Is Curbing Digital Piracy Without "Breaking the Internet." But its "evidence" is pretty suspect. It relies heavily on a recent report from some Carnegie Mellon professors, but leaves out the fact that those professors run a research center that was launched with a massive grant... from the MPAA. It also quotes papers from NetNames (funded by NBC Universal) and the Digital Citizens Alliances (a secretive MPAA front group that was a core component to the MPAA's "Project Goliath" plan to attack Google).

The paper is full of misleading statements and half truths. Take this for example:

In the vitriolic debates over the Stop Online Piracy Act (SOPA) in the United States, many opponents of taking action to limit access to foreign websites dedicated to piracy argued that website blocking would “break the Internet,” although they never satisfactorily explained how this breakage would occur or why the Internet was not already broken, since some site blocking already existed before the SOPA debate. Nonetheless, no policymaker wanted to be accused of being responsible for breaking the Internet. Five years later, we have evidence to evaluate. Meanwhile, 25 nations have enacted policies and regulations regarding website blocking to find a better balance between preserving the benefits of a free and open Internet and efforts to stop crimes such as digital piracy. And the Internet still works just fine in these nations.
Actually lots of people pretty clearly explained how and why it would break things -- including tech superstars like Paul Vixie and, yes, even Comcast, the owner of NBC Universal, an MPAA member. This is from Comcast:
When we launched the Domain Helper service, we also set in motion its eventual shutdown due to our plans to launch DNSSEC. Domain Helper has been turned off since DNS response modification tactics, including DNS redirect services, are technically incompatible with DNSSEC and/or create conditions that can be indistinguishable from malicious modifications of DNS traffic (including DNS cache poisoning attacks). Since we want to ensure our customers have the most secure Internet experience, and that if they detect any DNSSEC breakage or error messages that they know to be concerned (rather than not knowing if the breakage/error was "official" and caused by our redirect service or "unofficial" and caused by an attacker), our priority has been placed on DNSSEC deployment -- now automatically protecting our customers...
The non-technical policy wonks at ITIF might not understand this "technical" speak, but what Comcast is saying here is that using DNS blocking is a massive security risk. It doesn't mean that the internet itself "stops working" altogether, but that a core way that the internet is expected to work no longer does, and that exposes lots of people to lots of mischief.

ITIF, of course, will then point to the fact that 25 countries have implemented DNS blocking, and since they haven't seen the internet "stop" working in those places, they assume it's fine. This is dubious on two accounts. First, much of the mischief that can be caused by DNS blocking won't be directly observable to the public. ITIF really is in no position to know what kind of mischief is now enabled thanks to DNS blocking in those countries, but it won't be surprising to see that it eventually leads to security nightmares. The second is more fundamental: many people in those countries now use VPNs to virtually transport themselves elsewhere to get around these blocks. Many, in fact, transport themselves to the US to access things here. But, put in place site blocking in the US, where a huge percentage of internet traffic happens, and the opportunities for massive mischief increase quite a lot. But ITIF is too clueless to understand this.

In fact, the only "problem" that ITIF says might come up with DNS blocking is that it might take down multiple servers behind the same DNS, but which ITIF insists is easy to fix. ITIF also insists that such a small percentage of people use VPNs, getting around DNS blocking won't be much of a problem. Though, hilariously, they then admit that the methods to get around DNS blocking could put users at risk. But ITIF never puts two and two together to recognize how DNS blocking puts more people at risk.
Critics claim that DNS blocking, like IP blocking, will cause “collateral damage” due to the risk of over-blocking, as a single domain can host many websites through website extensions.26 However, this risk can be addressed by implementing DNS blocking at the subdomain level (e.g. www.piracysite.maindomain.com instead of www.maindomain.com)....

[....] Many, if not most, consumers have low levels of computer literacy and certainly are not sophisticated enough to understand how to manipulate the DNS settings in the network configuration of their computers, mobile phones, and other Internet-connected devices. Furthermore, users who switch DNS servers can expose themselves to many security risks if they cannot trust the responses from these servers.
You know what else will mean you can't trust the results from a DNS server? DNS blockades! That's the "breaking" of the internet that Vixie and others were talking about. Which ITIF still doesn't comprehend.

Later in the report, ITIF also claims that people who worried about DNS blocking for copyright infringement were "fine" for it in blocking malware:
The irony is that just months before leading opponents stated their opposition to website blocking, a key opponent said it was okay to block domains that spread malware and that this could be done without harming the Internet itself.
I'll just note that basically every other sentence in that paragraph has a footnote as a source for the information... but that sentence conveniently has no footnote. I've looked at the other footnoted links in that paragraph and none of them involve "leading opponents" supporting DNS blocking for malware. So I'm curious how ITIF's sourcing on this key point seems to have magically disappeared.

There's more in the ITIF report, but it's basically fighting the same old war: it lost on SOPA, but ITIF can't let it go. And so it's not just fighting, but fighting dishonestly. It takes quotes out of context, makes misleading statements and doesn't seem to actually understand the core technological issues at play here. And it would be at least marginally more compelling if every study it cited (and ITIF itself) weren't funded by the MPAA, the main driver behind SOPA.

12 Comments | Leave a Comment..

Posted on Techdirt - 23 August 2016 @ 8:40am

Peter Thiel's Lawyer Now Sending Questionable Defamation Threat Letters To Media On Behalf Of Melania Trump

from the billionaires-censoring-the-press dept

Charles Harder is the California lawyer who likely will forever be known as "Peter Thiel's lawyer" after Thiel helped set up his own law firm with the "focal point" of hunting for any lawsuit that might destroy Gawker. It appears that Thiel is happy to share his pet lawyer with his new best buddy, Donald Trump, or Trump's wife, Melania. On Monday the UK's Daily Mail (not exactly known for its accuracy in reporting) received a threat letter from Harder, representing Melania Trump, claiming that its recent article on Melania was defamatory.

I'm not exactly sure where Mr. Harder is looking to sue but, if it's in the US, it's difficult to see how the article reaches the level of defamation by any stretch of the imagination. Melania Trump is, obviously, a public figure and, under US law, for a news report to be defamatory it needs to not only be incorrect and harmful but also published "with actual malice" -- meaning that the Daily Mail would have known that the published statements of fact were false, or they had a reckless disregard for the truth. Reading through the original Daily Mail article, I don't see how that could possibly be the case. The supposed "bombshell" claims in the piece are statements from a couple of different sources alleging that Melania was an escort when she first came to NY (and that may be how she met Donald in the first place). But the Mail is actually (somewhat surprisingly, given its reputation), quite careful with those statements, pointing out that they came from a book, but also noting that there's little evidence to back them up. It also points to a Slovenian magazine article claiming that the modelling agency Melania worked for was actually an escort service, but the Mail only notes that the magazine said this, and then gets a quote from the guy who ran the modelling agency saying (vehemently) that the story wasn't true.

Furthermore, the Daily Mail noted:

There is no evidence to back up these startling claims made in Suzy magazine.
The rest of the article is just kind of weird. Perhaps it's how the Mail normally reports, but much of the second half is stories from a guy who had a crush on Melania when they were both teens.

But, yeah, it's not at all clear how any of this rises to the level of defamation. The Daily Mail doesn't say anything defamatory about Melania at all. It just notes that certain sources (a book written by an anonymous author and a Slovenian magazine article) make these claims (both of which are accurate factual statements) and then notes that there's little actual evidence to back them up. And yes, this is a trashy tabloidy kind of thing to do ("some people say..." to say something mean, rather than making the case themselves), but it's difficult to see how it comes anywhere near the standard for actual defamation.

And it's not just the Daily Mail that Harder is going after. The Guardian reports that Harder has said that Melania may also sue Politico and the Week for reporting on her immigration status a few weeks back. You may remember the story. Politico noted some discrepancies in the timing of when Melania had claimed she had come to America, and the date of some nude photos that the NY Post dug up from a photo shoot in NY. That led Politico to raise questions about whether or not Melania was an illegal immigrant -- a bit of irony considering her husband's hardline stance against illegal immigration.

Once again, going through the Politico story, it's basically ridiculous to argue that anything in there is defamatory. Again: the statements need to be statements of fact (not just questioning things) that were made with "actual malice." There's no way the Politico article reaches that level.

But, again, we're talking about Charles Harder and the Trumps here, and the legitimacy of the case may be secondary to just threatening people. Trump, of course, has a long history of SLAPP-like lawsuits designed to bury journalists he doesn't like. And that's not me just saying that, Trump has flat out admitted to doing this:
Trump said in an interview that he knew he couldn’t win the suit but brought it anyway to make a point. "I spent a couple of bucks on legal fees, and they spent a whole lot more. I did it to make his life miserable, which I’m happy about."
And, again, that's the basis of Thiel's campaign against Gawker, where no matter what you think of the Hogan case, the other cases that Harder has filed against Gawker appear to pretty clearly be basic SLAPP suits designed to burden the company with legal fees.

And, of course, some smaller publications have already been intimidated into silence. The NY Times notes that Harder has contacted other publications as well (mainly those that wrote about the Daily Mail's article) and at least two of them have retracted or apologized for their original stories. Here's the Inquisitr apologizing and retracting its story and here's Liberal America doing the same thing. Liberal America flat out explains:
This is being written under duress because I don’t have enough money to fight a legal battle against the Trump machine.
You can see the full threat letter that Charles Harder sent on behalf of Melania and judge for yourself. Harder claims that he can show "actual malice" in the reporting "by nature of the fact that my client has publicly denied the foregoing statements." That's not, actually, how one proves "actual malice."

Without being able to see the original stories at Inquisitr and Liberal America, I can't say definitively if either one said anything that would be considered defamatory, but it certainly sounds like they were just quoting what was in the Daily Mail article, which does not seem to be defamatory.

So what are we left with? A thin-skinned Presidential candidate who has admitted to happily filing bogus lawsuits to burden journalists whose reporting he doesn't like, whose wife has teamed up with a lawyer who was basically set up in business to "focus" on filing a bunch of lawsuits for the purpose of overburdening a publication another billionaire disliked. People have been disagreeing with me over whether or not the Gawker shutdown is a big deal, insisting that "if you just don't publish private sex tapes, there won't be a problem." Yet, here we have publications already being intimidated into not publishing stories and other larger publications being threatened for reporting which does not appear to be defamatory at all.

Doesn't that seem the least bit problematic to some people?

Read More | 24 Comments | Leave a Comment..

Posted on Techdirt - 22 August 2016 @ 4:02pm

With Both Presidential Candidates Claiming To Be Against The TPP, President Obama Kicks Off Campaign To Ratify It

from the so-that'll-be-interesting dept

Even as the candidate that President Obama is supporting, Hillary Clinton, has been increasingly insisting that she really (no, really) is against the TPP (despite being for it prior to this campaign) -- and even as Donald Trump has been vehemently against it, despite trade agreements usually getting strong support from the GOP -- President Obama is making a big push to get the TPP ratified by Congress. It needs a majority vote in both houses of Congress to be ratified in the US. Last week, we noted the weird situation where everyone's position on the agreement appeared to be wishy-washy, though mostly for all the wrong reasons.

But that's not stopping Obama from having his cabinet make a big push to get it approved by Congress:

Among those who will hit the road will be Secretary of State John F. Kerry; Secretary of Defense Ashton B. Carter; retired Admiral Michael G. Mullen, former chairman of the Joint Chiefs of Staff under Presidents George W. Bush and Obama; Admiral Harry B. Harris Jr., commander of the United States Pacific Command; and William Cohen, a former Republican senator and defense secretary under President Bill Clinton.
Of course, everyone knows that it won't be voted on until after the election.

Although the administration’s push will begin in September, no vote on the accord will occur before the election. Just as the White House and congressional Republican leaders mostly agree on the economic benefits of trade, they have parallel political interests in delaying debate.

Republicans do not want to provoke attacks from their presidential nominee, Donald J. Trump, who called the trade accord “a rape of our country,” or hurt other Republican candidates. Mr. Obama does not want to make trouble for the Democratic nominee, Hillary Clinton, who has struggled to persuade voters of her sincerity in switching from support of the pact to opposition. This month, during an economic address in Michigan, she declared, “I oppose it now, I’ll oppose it after the election and I’ll oppose it as president.”

But, of course, that seems like it could also make a so-called "lame duck" vote pretty damn awkward as well. Yes, after the charade of the election is over, perhaps politicians will revert to their previous positions supporting the deal, but even at their most cynical, it seems a bit crass to do so right after the election. It would just underscore how absolutely full of shit they were during the campaign season. Maybe that doesn't have political consequences... but it should.

30 Comments | Leave a Comment..

More posts from Mike Masnick >>