Mike Masnick’s Techdirt Profile


About Mike MasnickTechdirt Insider

Mike is the founder and CEO of Floor64 and editor of the Techdirt blog.

He can be found on Twitter at http://www.twitter.com/mmasnick

Posted on Techdirt - 27 July 2016 @ 11:50am

Russian Copyright Law Allows Entire News Site To Be Shut Down Over A Single Copied Article

from the funny-how-that-works dept

We've noted for a long time now that copyright laws are regularly used as a tool for censorship. In Russia, abusing copyright law for censorship and to harass political opponents has become standard. Remember how the Russian government teamed up with Microsoft to use questionable copyright claims to intimidate government critics? And then how the MPAA gleefully got into bed with Russia's media censor to celebrate copyright? Of course, Russia also expanded its ability to use copyright to censor the internet, following pressure from short-sighted US diplomats, demanding that Russia better "respect" copyright laws.

And now it's resulting in the taking down of an entire news site. As TorrentFreak reports, news site Story-media.ru does appear to have copied a full article from a popular Russian news site Gazeta. That's certainly an issue, but because of that single copied article, combined with the use of anonymizing the WHOIS record, a Moscow court has ordered the entire site blocked. Think about that for a second and recognize how copyright can be used to shut down an entire publication. Now some will argue that they wouldn't have any problem if they hadn't copied that article, but copyright is one of those things that basically everyone infringes on eventually. If you don't expect this process to be abused to shut down press that powerful individuals in Russia don't like, then you haven't been paying much attention.

3 Comments | Leave a Comment..

Posted on Techdirt - 27 July 2016 @ 10:43am

Clinton Friend Admits What Everyone Knows Is True: Clinton Still Supports TPP & Will Back It

from the but-of-course dept

If you've followed the whole TPP (Trans Pacific Partnership) thing at all, and/or the Presidential election this year, you probably already know that Hillary Clinton famously flip-flopped on TPP. She was for it, before she was against it (and tried to rewrite history to hide her support of it). Of course, basically everyone recognized that her newfound concerns about TPP were made up, as a response to (at the time) surging support for Bernie Sanders, who was vocally against the agreement. But, of course, as tons of people have been saying all along, everyone expects that after the election she'll magically flip flop back to supporting TPP.

But, of course, because we're doing this big elaborate stage play called an election, no one's supposed to admit that's what's happening. Someone apparently forgot to tell that to Terry McAuliffe, current Virginia governor and long term best buddies with the Clintons. On Tuesday, he said what everyone already knows: Clinton will absolutely support the TPP after the election:

“I worry that if we don’t do TPP, at some point China’s going to break the rules -- but Hillary understands this,” he said in an interview after his speech on the main stage at the Democratic National Convention. “Once the election’s over, and we sit down on trade, people understand a couple things we want to fix on it but going forward we got to build a global economy.”

Pressed on whether Clinton would turn around and support the trade deal she opposed during the heat of the primary fight against Bernie Sanders, McAuliffe said: “Yes. Listen, she was in support of it. There were specific things in it she wants fixed.”
And, of course, her Vice Presidential pick Tim Kaine did an even faster flip flop. Last Thursday, before he was announced as the running mate, he spoke out in support of TPP.
"I am having discussions with a lot of groups around Virginia about the treaty itself. I see much in it to like,” Kaine said Thursday during a series of roundtable events in suburban northern Virginia. “I think it's an upgrade of labor standards, I think it's an upgrade of environmental standards. I think it's an upgrade of intellectual property protections."
The very next day he was named the VP pick, and suddenly he's against TPP:
Sen. Tim Kaine, Hillary Clinton's running mate, has gone on record saying he cannot support the Trans-Pacific Partnership in its current form— a stance calculated to make him more appealing to supporters of Bernie Sanders who revile the deal.

Kaine spokeswoman Amy Dudley said Saturday that the Virginia Democrat shared his negative views on the trade deal with Clinton this week, confirming a report by The Washington Post. “He agreed with her judgment that it fell short” when it came to protecting wages and national security, a Clinton aide reportedly told the newspaper.
Of course, now that McAuliffe blabbed the not-very-secret strategy of the Democratic Presidential and Vice Presidential candidates flat out lying... the Clinton campaign went into damage control mode and insisted "nuh-uh, she really is against TPP." They trotted out an "adviser," Gene Sperling to insist there's no flip flop planned:
“What she has said is she is against it now, she is against in the lame duck and she’s against it afterwards, and I do believe that when she starts her administration, she is going to want to be focused on unifying Democrats,” he said.
Then, Clinton campaign chair John Podesta also stepped up to insist that Clinton would not flip flop after the election:
Keep those links handy, folks, because after the election they may be useful. I'm posting that Podesta tweet as a screenshot, in case it magically disappears from Twitter...

Of course, the truly amazing thing here? For the longest time, it's been the Republicans who were the driving force on agreements like the TPP, and there was only pressure on getting enough Democrats to support those agreements. Now we have a Republican Presidential candidate who seems to be vehemently against the TPP (though for thoroughly clueless reasons) and a Democratic Presidential candidate who is secretly supporting it. This election season is topsy turvy.

31 Comments | Leave a Comment..

Posted on Techdirt - 26 July 2016 @ 11:59pm

EU Data Protection Official Says Revised Privacy Laws Should Ban Backdooring Encryption

from the sounds-like-a-plan dept

The EU's "Cookie Law" is a complete joke and waste of time. An attempt to regulate privacy in the EU, all it's really served to do is annoy millions of internet users with little pop up notices about cookie practices that everyone just clicks through to get to the content they want to read. The EU at least recognizes some of the problems with the law and is working on a rewrite... and apparently there's an interesting element that may be included in it: banning encryption backdoors. That's via a new report from European Data Protection Supervisor (EDPS) Giovanni Buttarelli, who was put in charge of reviewing the EU's ePrivacy Directive to make it comply with the new General Data Protection Regulation (GDPR) that is set to go into effect in May of 2018. The key bit:

The new rules should also clearly allow users to use end-to-end encryption (without 'backdoors') to protect their electronic communications.

Decryption, reverse engineering or monitoring of communications protected by encryption should be prohibited.

In addition, the use of end-to-end encryption should also be encouraged and when necessary, mandated, in accordance with the principle of data protection by design.
To be clear, this actually seems like it may go too far. There are plenty of situations where it seems completely reasonable for law enforcement to use other means to figure out ways to decrypt encrypted communications. Arguing that it should be completely outlawed seems a bit extreme. But blocking backdoors does seem like a good idea. The report also says that the use of end-to-end encryption should be encouraged to the point of being mandated in some cases:
In addition, the use of end-to-end encryption should also be encouraged and when necessary, mandated, in accordance with the principle of data protection by design. In this context the EDPS also recommends that the Commission consider measures to encourage development of technical standards on encryption, also in support of the revised security requirements in the GDPR.

The EDPS further recommends that the new legal instrument for ePrivacy specifically prohibit encryption providers, communications service providers and all other organisations (at all levels of the supply chain) from allowing or facilitating 'back-doors'.
Conceptually, this sounds good, but the implementation matters. Mandating encryption seems to be going a bit far. While I tend to think it makes sense for much more widespread use of encryption, it's not clear why the government needs to get involved here at all. And that includes in the development of such standards. In fact, as we've seen in the past, when the government gets involved in creating encryption standards, that seems to be where the intelligence community can slip in their backdoors.

Still, this is certainly an interesting development. Of course, it would also conflict with the UK's Snooper's Charter ("Investigatory Powers Act") which mandates backdoors for encryption. Though, to be fair, by the time the new rules go into practice, perhaps the UK will no longer be a part of the EU.

13 Comments | Leave a Comment..

Posted on Techdirt - 26 July 2016 @ 4:14pm

MIT Media Lab Launched Disobedience Award, Funded By Reid Hoffman

from the this-is-cool dept

Last week, Joi Ito, director of the MIT Media Lab (and a very sharp thinker on a variety of topics related to innovation) announced a really cool new award that the lab was putting together: a Rewarding Disobedience award, for $250,000, funded by LinkedIn founder Reid Hoffman:

This prize is a one-time experiment that, if successful, we will consider repeating in the future. It will go to a person or group engaged in what we believe is excellent disobedience for the benefit of society. The disobedience that we would like to call out is the kind that seeks to change society in a positive way, and is consistent with a set of key principles. The principles include non-violence, creativity, courage, and taking responsibility for one’s actions. The disobedience can be in — but is not limited to — the fields of scientific research, civil rights, freedom of speech, human rights, and the freedom to innovate.
That's a pretty cool idea for a prize. And I particularly like Michael Petricone's suggestion that the award should be named after Aaron Swartz, who of course was engaged in a great number of civil disobedience projects. And, unfortunately, one of them involved MIT turning on him, leading him to getting arrested and charged with a variety of ridiculous charges. Since then, there has been a struggle among many at MIT to figure out how that happened and what the university should do to prevent similar things in the future. Naming this kind of award after him would be a great start.

We recently wrote about the book The Idealist, about Swartz and the world of free culture (and had the author, Justin Peters, appear on our podcast for an excellent two-part discussion about the book). One things that becomes clear from the book was the absolute disbelief by Swartz and his family of the fact that MIT refused to support Swartz after his arrest. The university basically turned its back on him completely. It's something that the university still ought to do something about, and naming this award after Swartz would be a step in the right direction.

12 Comments | Leave a Comment..

Posted on Techdirt - 26 July 2016 @ 11:53am

Those Viral Trump Supporting Singing, Dancing 'Freedom Kids' Now Plan To Sue Trump Campaign

from the how-these-things-always-end dept

Remember the little girls singing a song for Trump called the USA Freedom Kids? We wrote about it earlier this year after the performance was taken down due to a copyright dispute (of course). The video of the song went viral for a week or two and then died out:

Now, the Washington Post is reporting that the group is preparing to sue the Trump campaign and are no longer sure they support him as a Presidential candidate. The details are a little confusing and no actual lawsuit has been filed, so perhaps take this with a large grain of salt. Jeff Popick, who wrote the song, and is the father of the little girl in front, is claiming that the campaign violated the agreement it had with the group. Except, it wasn't a written agreement, just a verbal one:
"This is not a billion-dollar lawsuit," Popick said. "I'm doing this because I think they have to do the right thing. And if this means having to go through the court system to enforce them doing the right thing, then that's what I have to do. I'm not looking to do battle with the Trump campaign, but I have to show my girls that this is the right thing."
Now, to be clear, a verbal agreement is just as binding under the law as a written down contract, but it's still a lot harder to enforce, because you can't point back to the actual wording of the agreement and people can obviously dispute what was actually agreed upon. In this case, the handshake agreement itself seems fairly fuzzy -- and seems to involve Popick arguing that because the campaign changed its mind on a Freedom Kids performance, it now owes them... something, including a potential performance at the RNC convention (which obviously did not happen):
When Popick first reached out to the Trump campaign about performing, he spoke with various people including former campaign manager Corey Lewandowski. His understanding from the campaign was that the Kids would make two appearances in Florida, where Popick lives. The first event didn't come to fruition, and Popick says he asked for $2,500 in payment for the second performance, in Pensacola. The campaign made a counter-offer: How about a table where the group could presell albums? Popick took the deal.

When they arrived at the venue, though, there was no table, Popick says. The result was "complete chaos," he said. "They clearly had made no provisions for that."
The campaign offered another performance, and Popick and the girls flew to that event, but upon landing were told that plans had changed.
It wasn't to be. When the plane landed, Popick had a message from the campaign staffer indicating that there was a change of plan. The campaign invited the performers to attend the rally, which they did, in their outfits. The campaign asked Popick not to talk to the media, he says, but then gave them seats within arm's length of the press. "They just were constantly coming over, wanting pictures," Popick said of the news media. "They wanted to take pictures, they wanted to ask questions — and I had to be a real jerk." The cost of the flights, rental car and hotel were all absorbed by Popick.

After that, he kept reaching out "again and again and again and again," without luck. He was passed around between staffers; calls went unreturned even after calls were promised. Emails Popick sent to the campaign (which he shared with The Post) detail the interaction between himself and the campaign and his ultimate request. "We are now asking and DEMANDING for what has been promised to us and is now long-overdue (and has been rightly earned by us); that is, a performance at the convention," an email dated July 9 reads. "Or, be made whole."
The fact that no lawsuit has yet been filed suggests that going public first is the latest method by which Popick is hoping to get paid by the campaign. Unless there are more details here, I'm not sure how much success Popick is likely to have with a lawsuit. It seems like a stretch from a legal angle. Without a written agreement, and with any verbal agreement sounding fuzzy at best, with Popick adding his own after-the-fact requirements for alternative compensation, I doubt any legal dispute stands much of a chance. Of course, it still doesn't look good for the Trump campaign, which had a (somewhat ridiculous) viral sensation in their camp and appears to have squandered it:
"At this point, my position is that I have no position, really," Popick said. "What he's done to my group or what he's not done for my group doesn't necessarily make him the best candidate, it doesn't make him the worst candidate. I still have to mull that over. He might still be the best candidate as president of the United States — or not."

"What I think I've learned," Popick added, "is that I'm not qualified to be a political commentator."
Of course, as the Washington Post article notes, Trump has a fairly long history of screwing over small businesses that he hires and then refuses to pay. So perhaps this is just the latest in a long line.

11 Comments | Leave a Comment..

Posted on Techdirt - 26 July 2016 @ 10:46am

But Wait: Copyright Law Is So Screwed Up, Perhaps The Rolling Stones Are Right That Donald Trump Needed Their Permission

from the stupid-pre-1972-sound-recordings dept

So for years and years and years, every time a musician or a group whined about politicians using their music at an event, we'd point out that they have no legal basis to complain. Assuming either the venue or the campaign (or both) had the proper blanket licenses from ASCAP/BMI/SESAC no other permission was needed. That's actually part of the point of the structure of those blanket performance licenses. Everyone recognizes that it would be virtually impossible to play music publicly without such a blanket license structure. And so, every time a musician complains that the use was "unauthorized," they're almost certainly wrong. In fact, we pointed that out (again) for the nth time earlier this week. Now, as we've said all along, we still think smart politicians and smart campaigns should first seek out musicians who don't mind (or, better yet, who endorse the candidate), because otherwise they're just giving someone famous an easy platform to slam them. But, from a legal standpoint, we've always pointed out that there's basically no legitimate argument here, and people who toss around non-copyright theories like publicity rights and Lanham Act arguments are generally wrong.

But... we forgot about one thing. Copyright law is so screwed up that there actually may be a case where the law does require permission. And it has to do with pre-1972 sound recordings. If you've been reading Techdirt for any length of time, you know that we've discussed this issue many times in the past. Historically, while compositions were covered by copyright, under the 1909 Copyright Act sound recordings were not. This resulted in a patchwork of state laws (and state commonlaw) that created special forms of copyright at the state level. Eventually, sound recordings were put under federal copyright law, but it only applied to works recorded after February 14, 1972. Works recorded before that are not under federal copyright law, but remain basically the only things under those state copyright laws (the 1976 Copyright Act basically wiped out state copyright laws for everything but that one tiny thing).

In the last few years, this has created a bit of a mess and a whole bunch of lawsuits. Why did these lawsuits just start recently? In large part because the recording industry is desperate for new revenue streams, having failed to adapt to a changing market. So they've focused an exorbitant amount of attention on using pre-1972 sound recordings as a wedge against internet platforms. We've covered various stories on this, with many siding with the labels, but a few going the other way.

Needless to say, the law around pre-1972 sound recordings is still a bit of a mess, and arguably a work in progress, and the courts struggle to sort it all out. And that brings us back to the issue of blanket licenses. The always excellent reporter Eriq Gardner has a fantastic story noting that thanks to this mess with pre-1972 sound recordings and what copyright regime they fall under, it's possible that the Rolling Stones may have a legitimate legal gripe against Donald Trump and the Republican convention, while Queen... would not. Under modern copyright law, songs recorded on or after February 15th, 1972 require an ASCAP/BMI/SESAC license for the performance rights. But performance rights for sound recordings was basically a new concept at the time, and it's unclear how they apply to pre-1972 sound recordings.

The issue is not that simple, because nothing around this particular issue is simple. However, based on at least some of the rulings in pre-1972 sound recording copyright cases, federal copyright law doesn't apply at all to those songs (other court opinions have come out otherwise). And thus, there's an argument that the requirements involving blanket licenses for pre-1972 sound recordings may not apply, because the use of the sound recording may require a special public performance license from the copyright holder:

To sum up where we're at: An ASCAP license covers the public performance of songwriting, but not the sound recording. A sound recording authored before 1972 like "You Can't Always Get What You Want" might require special permission to be performed in public. Whomever owns that song — whether it's the Rolling Stones or their record label — could bring a lawsuit asserting misappropriation.
But... it depends. In this case, it depends on the specific state copyright laws in Ohio and how a judge interpreted it. Of course, it's still tremendously unclear because, (as we noted at the time), the big ruling on pre-1972 sound recording copyrights for Flo & Eddie basically upset decades of settled law on whether or not "public performance" rights applied under state copyright law. For decades, it was strongly believed that those state copyright laws applied to things like reproduction and distribution but not public performance rights. It's only through rewriting history (and confusing some judges) that suddenly public performance rights have been shoehorned back into those mostly obsolete state copyright laws.

As Gardner points out, one of the most famous cases involving performance rights actually involves Ohio state law. It's the somewhat infamous Zacchini v. Scripps-Howard involving a question around a TV station broadcasting an "entire" human cannonball act. In a ruling that is still troubling, the Supreme Court turned performance rights into a quasi-copyright. But that ruling could be used if the Rolling Stones tried to argue that the performance violated Ohio state copyright laws on public performances. It would be a nutty case, and a risky one, but it's possible that it might work. I'm guessing the Rolling Stones aren't actually interested in following through on any actual legal threat, but this is yet one more example of just how screwed up copyright law is today.

38 Comments | Leave a Comment..

Posted on Techdirt - 26 July 2016 @ 9:32am

Declaring Cyberwar On Russia Because Of The DNC Hack Is A Bad Idea

from the calm-the-fuck-down dept

There's been plenty of talk, of course, about whether or not Russia did the hack that exposed various Democratic National Committee emails and other documents. While we've already pointed out that this shouldn't impact the newsworthy nature of the material leaked, it's still an interesting story. We've highlighted some reasons to be skeptical of the claims attributing the hack to Russia, but it does appear that more and more evidence is pointing in that direction. Thomas Rid, over at Vice, has a pretty good analysis of why much of the evidence points to Russia as being behind the attack, and the FBI is now apparently on board with that as well. While I'd still prefer more evidence, at least at this point, it should be admitted that there's quite a lot of evidence pointing in Russia's direction making it, at the very least, the most likely suspect.

But, then, of course, there's the question about what it means and what should be done about it. And we're seeing some hysterical responses. Over at Ars Technica, they have a "guest editorial" from a cybersecurity firm CEO, Dave Aitel, (who also is, of course, ex-NSA), more or less arguing that we should declare cyberwar on Russia over this:

What occurred with the recently disclosed breach of the Democratic National Committee servers, and the dumping of stolen data on a WordPress site, is more than an act of cyber espionage or harmless mischief. It meets the definition of an act of cyberwar, and the US government should respond as such.
This is insane for a variety of reasons, and hopefully no one is seriously listening to this. First of all, hacking happens all the time. In fact, as Ed Snowden points out, revealed documents show that the US itself has authorized the hacking of foreign political parties. So if Russian hackers possibly doing that to us is a "cyberwar attack" and it's the kind of thing we need to hit back on, then, uh, haven't we been committing "cyberwar" on tons of other parties via the NSA -- for which we, too, deserve retaliation?

Second, the idea that hacking into a political party's servers is "cyberwar" is a ludicrous exaggeration -- especially when their own security practices were suspect. As the ACLU's Chris Soghoian reminds us, it wasn't that long ago that our very own CIA director John Brennan found his personal email hacked by a 16-year-old. Was that a "cyberwar attack" as well? People are going to get hacked. It happens. Sometimes because they have weak security, and sometimes because the hackers are persistent and determined (no system is completely secure). That, alone, should never make it something that escalates to the level of "war."

Finally, beware of so-called "cybersecurity" firms continuing to beat this drum. Their entire business relies on keeping people freaked out about this stuff, including the idea that "nation state" hackers are trying to break into everything. They have lots of incentive to play up attacks and get people worked up about "war." "Cyberwar" (whatever the hell that means) is good for business for cybersecurity companies. In fact, some of those companies admit that the lessening of "cyber" tensions between the US and other countries is bad for their business:
None of this is to deny that nation state-level hacks may very well be happening. But let's keep things in perspective. Even if something like a "cyberwar" (again, whatever that means) happens, it's likely to be a lot less bloody than an actual war, and so much of the talk about this seems to be driven entirely by people who have a vested interest in promoting greater fear -- with little reason to suggest that, perhaps, this isn't a huge deal. In fact, perhaps a lot of this could be helped by simply employing better security practices and more encryption. But, you know, those kinds of solutions don't make headlines. "Cyberwar" does.

34 Comments | Leave a Comment..

Posted on Techdirt - 26 July 2016 @ 7:04am

Russian Censor Bans Comodo... Doesn't Realize Its Own Security Certificate Is From Comodo

from the ow!-my-foot!-shot-it-right-off! dept

The Russian government's state censorship organization, Roskomnadzor (technically its telecom regulator) has been especially busy lately as the government has continued to crack down on websites it doesn't like. However, as pointed out by Fight Copyright Trolls, it appears that Roskomnadzor may have gone a bit overboard recently, in response to a court ruling that had a massive list of sites to be banned (over a thousand pages). Apparently, as part of that, various sites associated with Comodo were all banned. That's pretty bad for a variety of reasons, starting with the fact that Comodo remains one of the most popular issuers of secure certificates for HTTPS.

In fact, as many quickly noted, Roskomnadzor's own website happens to be secured with a certificate from... Comodo:

It's not entirely clear the impact of this, but the Rublacklist site appears to be implying (via my attempt at understanding Google translate's translation...) that this also means that sites that rely on Roskomnadzor's registry of sites to block... may be blocked from accessing the list. Because its own site is effectively blocked by the list. Oops.

19 Comments | Leave a Comment..

Posted on Techdirt - 26 July 2016 @ 4:06am

Will The FTC Investigate People & Companies Paid By Facebook To Use Facebook Live?

from the seems-to-violate-their-standards dept

In the last few months, Facebook Live has certainly become "a thing." Launched just recently, it was suddenly everywhere -- from the pure (but very viral) joy of Candace Payne and her Chewbacca mask to the live streaming of the tragic aftermath of Philando Castile being shot by a police officer in Minnesota. Of course, it appears that part of the reason why Facebook Live is getting so much usage isn't necessarily that it's a better product than its competitors, but rather that Facebook has been generously throwing around cash to all sorts of people and companies to get them to use the platform. Last month, it was reported that Facebook was paying many millions of dollars to big media players in exchange for them promising to broadcast via Facebook Live:

According to a document recently obtained by the Wall Street Journal, the social networking giant has signed as many as 140 contracts worth a total of $50 million.

The list of media outlets being paid by Facebook includes traditional players such as CNN and the New York Times, the Journal says, as well as digital-only publishers like Vox, Mashable, and BuzzFeed. The celebrities who are being compensated for creating live video include comedian Kevin Hart and chef Gordon Ramsay.

Some contracts are worth smaller amounts, while 17 of the deals Facebook has signed are worth more than $1 million, according to the document obtained by the Journal. Two media outlets are getting paid more than $3 million to create live video—BuzzFeed and the New York Times, and CNN is not far behind, with a reported payment of $2.5 million.
Later in that article, it notes that BuzzFeed is getting $250,000 per month, for 20 Facebook Live videos each month. Good money if you can get it!

Then, a few weeks later, another report came out, noting that Facebook was trying to buy successful YouTubers and Vine users away from those platforms by giving them cash to use the platform as well:

For example, the Journal says it has seen documents that show Facebook is paying Vine star John Paul Piques $119,000 to post at least five videos on its live-streaming service over the next two months. That’s the equivalent of $24,000 per video. And he is just one of about two dozen other Internet celebrities and video stars who have signed similar deals.

The newspaper says the highest-paid independent video performer appears to be Ray William Johnson, who developed a following for a YouTube show called “The Equals Three Show,” in which he makes fun of viral videos. He could make as much as $224,000 over the next six months.

This kind of thing doesn't always work well, for a variety of reasons, but it appears that maybe it's actually succeeding this time. It'll be worth watching to see how well things go after the money runs out.

Still, there's another question that is raised by these stories: are Facebook and all of these other companies and individuals running afoul of the FTC's social media guidelines? And might the FTC crack down? Now, to be clear, I'm skeptical about the FTC's rules because they create free speech questions. So far, the FTC's enforcement over its own guidelines has been, well, haphazard and seemingly arbitrary at best. However, the FTC did update its guidelines last year, and it seems like not disclosing these payments could create some problems, if the FTC decided to step in.

The guidelines themselves seem more focused on "endorsements," but the question here is whether or not merely using the platform to post new videos is considered an "endorsement." Under the current guidelines, the FTC has a fairly loose standard of how the situation impacts the credibility given to the person or company by their audience:
The question you need to ask is whether knowing about that gift or incentive would affect the weight or credibility your readers give to your recommendation. If it could, then it should be disclosed.
They also note that merely using a product could be seen as an endorsement:
Simply posting a picture of a product in social media, such as on Pinterest, or a video of you using it could convey that you like and approve of the product. If it does, it’s an endorsement.

You don’t necessarily have to use words to convey a positive message. If your audience thinks that what you say or otherwise communicate about a product reflects your opinions or beliefs about the product, and you have a relationship with the company marketing the product, it’s an endorsement subject to the FTC Act.
While it's not a direct parallel, you could see how this is pretty close to the situation at hand. People viewing these videos are getting the message that these media companies and individuals approve of Facebook Live -- and yet many have not disclosed that they have a strong financial incentive to use the product. It seems like they may be in trouble if the FTC ever decides to take a look.

The question, then, is whether or not the FTC will bother?

17 Comments | Leave a Comment..

Posted on Techdirt - 26 July 2016 @ 12:02am

How A Supreme Court Case On Cheerleader Costumes & Copyright Could Impact Prosthetic Hands And Much, Much More

from the stay-tuned dept

Every time this case has come up (and it's been bouncing around the courts for a while now), I've been meaning to write about it, but am only just getting around to it now that organizations are filing amici briefs with the Supreme Court. The case is Star Athletica v. Varsity Brands, and it sounds kind of stupid: the issue is that both companies make cheerleading uniforms, and Varsity Brands accused Star of copying its uniform designs. Star argued that as a "useful article" a cheerleading uniform is not subject to copyright protection, and it won at the district court level. The 6th Circuit, however, reversed that ruling about a year ago, saying that while the uniform design may not be copyrightable, elements within the design (stripes, zigzags, chevrons, etc.) could be.

This is problematic for a variety of reasons. Clothing and fashion have never been considered covered by copyright for many good reasons, and it's actually helped create a more innovative, more competitive, thriving market for fashion. There's a reason why copyright is not allowed on "useful articles," and it's worked. We shouldn't suddenly be changing those rules now.

The Supreme Court has agreed to hear the case, and various amici have begun filing their briefs. You can also see Star Athletica's own filing as well, which focuses (as it should) on the narrow technical question regarding "separability" and whether or not you can "separate" the design that's being claimed for copyright from the article itself. That is, you could argue that a square painting done on a T-shirt could be "separable" from the T-shirt and thus get a copyright, while the T-shirt itself could not. Here, however, we're talking about basic elements of a cheerleading uniform such as stripes and color patterns that help identify it as a cheerleading uniform.

There's also a good amicus brief from a group of law professors (Mark McKenna, Mark Lemley, Chris Sprigman and Rebecca Tushnet) which gets deeper into the question of separability and the public policy reasons why the design here should not be seen as separable from the uniform, and thus why copyright is inappropriate. But another brief totally worth reading is the one from Public Knowledge and a bunch of other organizations (including 3D printing startup Shapeways) highlighting how this case could have much wider impacts if the court begins allowing copyright on useful articles. It starts with the story of Colin Consavage who, with help from his mother, 3D-printed out a prosthetic hand:

What does this have to do with copyright law on cheerleading uniforms? Well, the 3D printing space involves plenty of sharing of designs and people building on the work of others. And this includes decorative elements. Allowing those to be carved out and covered by copyright separately could have a massive chilling effect on the community creating useful 3D printed objects.
The depth of creativity of consumers is revealed in the range of 3D printed products: jewelry, shower heads, and lawnmowers, to name a few. Colin Consavage, the boy who 3D-printed a plastic hand, exemplifies this creativity.... Seeking “payback time” for his naturally smaller left hand, he designed his mechanical prosthetic extra large. He now hopes to add features like a screwdriver finger, a laser pointer, and plastic that changes color with temperature.

Consumer-driven 3D printing is creative, innovative, and greatly dependent on copying and derivation to which copyright may be the gatekeeper. Many 3Dprinted products, like Colin’s plastic hand, are primarily utilitarian but involve aesthetic elements. Sharing of useful 3D designs, and the productive consumer output that results from that sharing and innovation, could be thwarted by an overbroad rule of copyright.
The filing notes that this is only going to become a bigger and bigger issue as the tools for production are getting distributed worldwide now, and more and more people are creating stuff themselves.
Consumers who engage in creative activities matter to the economy and to the public weal. One study estimated that there are 11.7 million “consumer-innovators” in the United States alone, expending $20.2 billion a year on their creative activities. Eric von Hippel et al., The Age of the Consumer-Innovator, MIT Sloan Mgmt.... Succinctly summarized: “It is by no means only companies that, as a well-known General Electric slogan put it, ‘bring good things to life.’ ”


Should articles such as clothing, costumes, and 3Dprinted prosthetics become more subject to copyright in their appearances, that would not only increase the risk of liability for home-grown creators; it would send a message to those creators that they are less welcome at the table of creativity than those who can ante up the price and transaction costs of copyright licenses. That message contravenes the purpose of copyright law, namely “to promote the progress of science and useful arts.” U.S. Const. art. I, § 8, cl. 8. To better serve that constitutional purpose, the role of copyright in useful articles ought to remain limited.
There's a lot of other good stuff in that brief, and it does an excellent job detailing just how important this case can be beyond just something as simple as "cheerleading uniforms."

Read More | 27 Comments | Leave a Comment..

Posted on Techdirt - 25 July 2016 @ 4:10pm

Appeals Court Rejects Silly Case Against Google Over Search Results Summary

from the its-own-form-of-self-help dept

The Sixth Circuit appeals court easily upheld a lower court ruling dismissing a ridiculous lawsuit against Google and others last week. The lawsuit was filed by a guy named Colin O'Kroley, and the summary in the ruling explains the situation pretty well:

Colin O’Kroley googled himself and did not like the results. “Texas Advance Sheet,” an entry read, followed by the words “indecency with a child in Trial Court Cause N . . . Colin O’Kroley v Pringle.” ... Truth be told, O’Kroley was never involved in a case about indecency with a child. What had happened was that his case, O’Kroley v. Pringle, was listed immediately after another case, a child-indecency case, on the Texas Advance Sheet, a service that summarizes Texas judicial opinions. If users clicked the Google link they would have seen how the Texas Advance Sheet works and would have seen that the two cases had no relation. But if they did not click the link and stayed on Google, they would see only the name of his case and the description of the other case separated by an ellipsis.

Claiming “severe mental anguish” from the listing, O’Kroley sued Google (and a number of other entities) for $19,200,000,000,000 (that’s trillion), on causes of action ranging from “libel” to “invasion of privacy,” from “failure to provide due process” to “cruel and unusual punishment,” from “cyber-bullying” to “psychological torture.”
The court is not impressed. The case against Google is rejected in large part because Section 230 of the CDA clearly protects Google. And this was true even though O'Kroley also asked the court to throw out CDA 230 "as a simple matter of logic." That's not how all this works. The other defendants got out even easier, seeing as O'Kroley apparently never served them. In fact, the court finds most of O'Kroley's legal arguments to be a waste of time, including trying to add Georgetown University as a defendant after a law school class said it planned to teach this case.
O’Kroley raises several other points on appeal, ranging from the meritless to the frivolous. On the meritless side: He “requests a court appointed attorney,” ..., but he has not shown the “exceptional circumstances” needed to appoint one.... On the frivolous side: He asks us to strike down the Communications Decency Act (“as a simple matter of logic”); he claims violations of the Eighteenth Amendment (the former prohibition on alcohol repealed long before the Internet came into being); he asks us to add Georgetown University as a defendant (because it might be using this case in its “Robots and Law” class); and he contends the judges below were “biased” against him (because “[t]hey may be ignorant about the English language”).... To restate some claims is to reject them.
But, as Judge Jeffrey Sutton wryly notes at the end of the opinion, all is not lost for O'Kroley. Thanks to this lawsuit, the search result that caused him so much anguish has been pushed down the listings in favor of stories about this stupid lawsuit.
In most respects, O’Kroley didn’t accomplish much in suing Google and the other defendants. He didn’t win. He didn’t collect a dime. And the search result about “indecency with a child” remains publicly available. All is not lost, however. Since filing the case, Google users searching for “Colin O’Kroley” no longer see the objectionable search result at the top of the list. Now the top hits all involve this case (there is even a Wikipedia entry on it). So: Even assuming two premises of this lawsuit are true—that there are Internet users other than Colin O’Kroley searching “Colin O’Kroley” and that they look only at the Google previews rather than clicking on and exploring the links—it’s not likely that anyone will ever see the offending listing at the root of this lawsuit. Each age has its own form of self-help.
Each age has its own form of self-help, indeed.

Read More | 21 Comments | Leave a Comment..

Posted on Techdirt - 25 July 2016 @ 2:42pm

[Updated] Wikileaks Leak Of Turkish Emails Reveals Private Details; Raises Ethical Questions; Or Not...

from the whoo-boy dept

Important Update: Michael Best has now come out and said that it was actually he who uploaded the files in question, which he got from the somewhat infamous (i.e., hacked the Hacking Team) hacker Phineas Fisher. Through a somewhat convoluted set of circumstances, it appeared the files were associated with the Wikileaks leak when they were not -- and then basically everyone just started calling each other names:

The files were obtained by Phineas Fisher, who was the source. As far as I can tell, Fisher did not intend to dump all of the files publicly, and Fisher has not indicated that he meant to give any of the files to WikiLeaks to publish. However, they received a partial set of the documents and decided to publish them.

Following the WikiLeaks release of the partial set, Fisher decided to release his set. Since the files came from a known source (Fisher has been responsible for many high profile hacks, including the hack on the Hacking Team), I used the torrent file that the files were released through to create a bittorrent instance on the Internet Archive’s server. The server proceeded to download the torrent and create the item that was linked to by WikiLeaks.

After the personal information was discovered, the AKP files were removed from the Internet Archive’s server.

Although I wasn’t aware that it was included in the release at the time, I accept my responsibility in distributing the personal information. The explanation as to how it happened is not an excuse for the fact that it did happen.
Of course, in the meantime, there's been a lot of nastiness, with Wikileaks and its supporters unfairly claiming that Zeynep Tufekci was an agent for the Erdogan government -- which is insane if you know her at all. As Best notes in his piece, it's entirely reasonable that Tufekci assumed Wikileaks was responsible for the files (even though she only accused them, accurately, of promoting the files, not uploading or hosting them -- and they did, in fact, tweet a link to the files as well as post it to Facebook), and while Wikileaks may be on the defensive about other claims about its leaks, it didn't need to attack her credibility in the process. And it is true that Wikileaks tweeted a link to the files.

Update 2: In response to our update, Zeynep Tufekci has sent over the following quote, noting that she still has concerns about how Wikileaks handled this:
"Wikileaks has never clarified that the emails it hosts are almost entirely mundane emails of ordinary citizens and revealed nothing of public interest after days of intense combing (though there were privacy violations there as well), and it has never apologized for the fact that the databases that it repeatedly, and via multiple channels, pointed to its millions of followers as full data of "our AKP emails" (they weren't) and "more" actually contained private and sensitive information of tens of millions of people in Turkey, including more than 20 million women. I never claimed that they hosted; I was agnostic on that point so none of the substantive discussions revolves around who hosted them. However, I'm glad the person who uploaded them has come forward to apologize, and learn from this. I hope the broader hacker community also reflects on this, and realizes that rushing, jumping on news cycles, dumping data indiscriminately, uploading stuff you do not know, working in a language you do not understand with no local contacts, and then accusing your critics of being government shills without the slightest attempt at research is not okay."
And... original article below.

Last week, we (like many others) reported on the news that Turkey was blocking access to Wikileaks, after the site released approximately 300,000 emails, supposedly from the Turkish government. We've long been defenders of Wikileaks as a media organization, and its right to publish various leaks that it gets. However, Zeynep Tufekci, who has long been a vocal critic of the Turkish government (and deeply engaged in issues involving the internet as a platform for speech) is noting that the leak wasn't quite what Wikileaks claimed it was -- and, in fact appears to have revealed a ton of private info on Turkish citizens.
Yes -- this "leak" actually contains spreadsheets of private, sensitive information of what appears to be every female voter in 79 out of 81 provinces in Turkey, including their home addresses and other private information, sometimes including their cellphone numbers. If these women are members of Erdogan's ruling Justice and Development Party (known as the AKP), the dumped files also contain their Turkish citizenship ID, which increases the risk to them as the ID is used in practicing a range of basic rights and accessing services. I've gone through the files myself. The Istanbul file alone contains more than a million women's private information, and there are 79 files, with most including information of many hundreds of thousands of women.
What's not in the leak, apparently, is anything really about Erdogan's government:
According to the collective searching capacity of long-term activists and journalists in Turkey, none of the "Erdogan emails" appear to be emails actually from Erdogan or his inner circle. Nobody seems to be able to find a smoking gun exposing people in positions of power and responsibility. This doesn't rule out something eventually emerging, but there have been several days of extensive searching.
At the very least, this does raise some ethical questions. In the past, Wikileaks has (contrary to what some believe!) actually been pretty good about redacting and hiding truly sensitive information that isn't particularly newsworthy. It's possible that this is just a slip up. Or it's possible that Wikileaks got lazy. Or it's possible that the organization doesn't care that much to go through what it gets in some cases. [Update: Or, see the update above, where we discover it was a third party that uploaded this data, that then got associated with the Wikileaks data after Wikileaks tweeted].

I still think that the organization has every right to release what it gets, but it should also be open to criticism and people raising ethics questions about what it has chosen to release. The fact that it appears to have failed to consider some of the questions in this case, and then possibly overplayed the story of what was in this release is certainly concerning, and harms Wikileaks' credibility. [Update: so, this was a mistake, though it's unfortunate that Wikileaks then lashed out out Tufekci and others making additionally baseless claims. Yes, it was wrongly accused, but that's no reason to wrongly accuse others as well.]

19 Comments | Leave a Comment..

Posted on Techdirt - 25 July 2016 @ 1:09pm

IsoHunt Settles The Last Of Its Lawsuits, Laughably Agrees To 'Pay' Recording Industry $66 Million

from the i'm-sure-musicians-will-see-nothing dept

You may recall that almost three years ago, the BitTorrent search engine IsoHunt agreed to shut down and to "pay" Hollywood studios $110 million. The number was a joke, because IsoHunt and its creator didn't have $110 million. It's just that the legacy copyright players always like to end these lawsuits with a giant headline grabbing number, while they've quietly agreed to accept very little, if any, actual money (and whatever money they do receive is not then distributed to any artists). The Sony email hack a few years back revealed that the industry does this frequently in closing out its lawsuits against search engines. IsoHunt was more or less forced into that settlement after the MPAA misled the court about IsoHunt's actions. But the court bought it, and the IsoHunt court rulings have created some really unfortunate precedents. It's the case that the legacy players always point to, because it's the only case to find that a search engine platform has "red flag knowledge" of copyright infringement without having specific knowledge of infringing files.

The case against Hollywood, however, wasn't the only case IsoHunt was fighting. It also was fighting the recording industry up in Canada in a case that began with IsoHunt filing for declaratory judgment that it didn't infringe in Canada, all the way back in 2008. The Canadian Recording Industry Association (CRIA), then sued back -- but did everything it could to keep the case out of the news because it was also fighting for new copyright laws in Canada... and part of its argument was that the existing Canadian copyright laws were inadequate to go after IsoHunt and similar sites.

Either way, despite the site itself shutting down and "paying" (ha ha) $110 million to Hollywood, the combined cases in Canada kept inching forward. A few days ago, IsoHunt founder Gary Fung announced that those cases have now been settled as well (found via TorrentFreak) with Fung agreeing to "pay" another $66 million he doesn't have. The settlement agreement is a fun read.

Fung's post on the topic has a bit of sarcasm:

And I want to congratulate both Hollywood and CRIA on their victories, in letting me off with fines of $110m and $66m, respectively. Thank you! Here’s to progress, and me leaving my life of innovative hobby to… something else?
He also declares victory in that he was never forced to give up any info on any IsoHunt users throughout all of this.

Either way, as with any other of these "victories" I'm still curious if either the recording or movie industries thinks these shut downs have actually caused anyone to go back to buying more of their products, or if people have just moved on to other ways of getting this kind of content?

Fung, meanwhile, also announced that he's working on a new product, which sounds like an attempt at using AI to get better search results to answer questions. He's given it the code-name AAG, which stands for the "App to Automate Googling." That suggests that he may receive a cease and desist from Google over trademark before too long. Hopefully, he still has the contact info for his lawyers...

Read More | 10 Comments | Leave a Comment..

Posted on Techdirt - 25 July 2016 @ 11:47am

John Oliver's Story On Campaign Music And Copyright Is... Wrong

from the this-again? dept

Yes, let's start with the obvious: John Oliver's "Last Week Tonight" is a comedy program meant to entertain and is not meant to be journalism. It's a point that Oliver himself has made repeatedly. But others disagree with him, pointing out that his show regularly does actual journalism. The fact that he's hired a bunch of journalists on his team kind of says a lot. Also, according to multiple people I know who have been interviewed for stories on his show, while his focus is on making things funny, his team also spends a lot of time making sure they get the details right. It's why we so frequently end up posting his videos on stories that relate to Techdirt topics -- because they're not only entertaining, but are also generally dead on in accuracy. It's why we've posted his videos on net neutrality, corporate sovereignty, encryption, surveillance, civil asset forfeiture and patent trolls.

But this past weekend, he not only covered last week's Republican National Convention, but also, separately, the fact that representatives for both Queen and the Rolling Stones complained publicly about the RNC using their music in prominent parts of the convention. Oliver got together a bunch of famous musicians (many of whom have protested politicians using their music) to sing a song telling politicians not to use their songs, claiming that it's "stealing" and unauthorized because the politicians didn't reach out to get permission.

This is flat out wrong in most situations. As we've pointed out again and again and again and again, in nearly all cases, politicians using music at an event have the proper licenses. They don't need to get permission from the musicians so long as either the campaign or the venue have ASCAP or BMI blanket licenses, which they almost always do. The whole point of ASCAP/BMI licenses is that you don't need to get individual permission from the artists or their publishers.

There are instances, occasionally, where politicians ridiculously don't have such a license, but it's pretty rare. And there may be a few other narrow exceptions, such as if there's an implied endorsement by the musicians, but that's rarely the case.

Unfortunately, the song from John Oliver and friends ignores all of that, even stating directly at one point that for a politician to use music, you first have to call the publisher. That's wrong. ASCAP and BMI already have taken care of that.

Perhaps this isn't a huge deal, but one would hope that Oliver would actually get the basic facts right on this too, because every election season this issue comes up and spreading more misinformation about it doesn't help.

89 Comments | Leave a Comment..

Posted on Techdirt - 25 July 2016 @ 9:32am

MPAA Front Group, Pretending To Represent Consumer Interests, Slams CloudFlare For Not Censoring The Internet

from the that's-not-how-it-works dept

So you may have seen reports last week charging CloudFlare and some other tech companies with "aiding" internet malware pushers. The "report," called "Enabling Malware" was announced in a press release last week from the Digital Citizens Alliance -- a group that describes itself as representing consumer interests online:

Digital Citizens is a consumer-oriented coalition focused on educating the public and policy makers on the threats that consumers face on the internet and the importance for internet stakeholders – individuals, government and industry - to make the Web a safer place.
And while the story wasn't picked up that widely, a few news sources did pick it up and repeated the false claim that DCA is a consumer advocacy group. TorrentFreak, FedScoop and Can-India also picked up the story, and all simply repeated DCA's claim to represent the interests of "digital citizens."

But that leaves out the reality: DCA is a group mostly funded by Hollywood, but also with support from the pharmaceutical industry, to systematically attack the internet and internet companies, for failing to censor the internet and block the sites and services that Hollywood and Big Pharma dislike. DCA has been instrumental in pushing false narratives about all the "evil" things online -- "counterfeit fire detectors! fake drugs!" -- in order to push policy makers to institute new laws to censor the internet. DCA buries this basic fact in its own description, merely noting that it "counts among its supporters... the health, pharmaceutical and creative industries."

The organization was formed in late 2012, partly as a response to the MPAA's big loss around SOPA. Recognizing that it needed to change tactics, the MPAA basically helped get DCA off the ground to push scare stories about horrible internet companies enabling "bad things" online, and how new laws and policies had to be created to stop those evil internet companies. Much of this was merely speculation for a while, based on the fact that every DCA report seemed to wrongly blame internet companies for other people using those tools to do bad things online. However, it became explicit thanks to the Sony Hack, which revealed that a key part of the MPAA's anti-Google plan, dubbed Project Goliath, involved having the DCA pay Mississippi's former Attorney General Mike Moore (who mentored its current AG, Jim Hood), to lobby Jim Hood to attack Google.

That doesn't sound like a project of organizations just interested in "digital safety." It sounds like a project designed to attack internet companies. And, thus, it should be no surprise that every time DCA's name pops up, it's attacking internet companies. It was the organization that put out a report getting a variety of state Attorneys General (sense a pattern here?) to attack YouTube, because some criminals posted videos on YouTube. Rather than recognizing that this is a way to gather evidence and go after actual criminals, DCA decided that YouTube should be blamed for not taking those videos down fast enough. It was also the organization that put out a laughable report declaring the cloud storage site Mega a "haven" for piracy, where the methodology made no sense. Mega encrypts its content, but DCA and its researchers didn't seem to understand that, so they simply found a few links inbound to infringing works, and extrapolated out that a huge percentage of files on Mega were infringing.

DCA's boss, Tom Galvin, magically was chosen to present to the National Association of Attorneys General back in 2013, just months after the organization was founded, and in timing that (coincidentally, I'm sure) lines up almost exactly with the MPAA's decision (as revealed in the Sony emails) to focus on state Attorneys General to attack Google. DCA's Twitter feed regularly retweets the MPAA and various other front groups set up by the legacy copyright industries, such as the Copyright Alliance.

In short, the Digital Citizens Alliance is not an alliance of "digital citizens" at all. It's a front group set up by the MPAA and some big pharmaceutical companies to pressure policy makers into getting internet companies to censor the internet. Don't buy it.

20 Comments | Leave a Comment..

Posted on Techdirt - 25 July 2016 @ 8:34am

Whether Or Not Russians Hacked DNC Means Nothing Concerning How Newsworthy The Details Are

from the sony-hack-redux dept

As you almost certainly know by now, on Friday Wikileaks released a bunch of hacked DNC emails just before the Democratic Presidential convention kicked off. While Wikileaks hasn't quite said where it got the emails, speculation among many quickly pointed to Russian state sponsored hackers. That's because of the revelation last month of two sets of hackers breaching the DNC's computer system and swiping (at the very least) opposition research on Donald Trump. Various cybersecurity research firms, starting with CrowdStrike, which was hired by the DNC to investigate, pointed the finger at the Russians.

Of course, whether or not you believe that may depend on how credible you find the big cybersecurity firms like CrowdStrike, FireEye and Mandiant (the big names that always pop up in situations like this). For what it's worth, these guys have something of a vested interest in playing up the threat of big hacks from nation-state level hackers. For a good analysis of why this finger-pointing may be less than credible, I recommend two articles by Jeffrey Carr, one noting that these firms come from a history of "faith-based attribution" whereby they are never held accountable for being wrong -- and another highlighting serious questions about the designation of Russia as being responsible for this particular hack (he notes that some of the research appeared to come pre-arrived at that conclusion, and then ignored any evidence to the contrary).

Still, the claim that the data came from the Russians has become something of a story itself. And, of course, who did the hack and got the info is absolutely a news story. But it's an entirely separate one from whether or not the leaked emails contain anything useful or newsworthy. And yet, because this is the peak of political silly season, some are freaking out and claiming that anyone reporting on these emails "has been played" by Putin and Russia. Leaving aside the fact that people like to claim that Russia's behind all sorts of politicians that some don't like, that should be entirely unrelated to whether or not the story is worth covering.

And yet, we already have stories arguing that "Putin weaponized Wikileaks to influence" the US election. That's ridiculous on multiple levels. Wikileaks releases all kinds of stuff, whether you agree with them or not. And the idea that this will actually impact the election seems... unlikely. Is the (not at all surprising) fact that the DNC is fully of cronyism and favoritism really suddenly going to shift voters to Trump? Of course, Wikileaks implicitly threatening someone with legal action for saying there's a connection between Russia and Wikileaks is pretty ridiculous as well.

To some extent, this reminds me of some people who freaked out over the Sony Pictures hack, a while back. There the culprit blamed was North Korea, a claim that at least many people remained skeptical of. But, even so, there were some (including Sony) who tried to argue that no one should report on the contents of the emails because it would somehow support the North Korean regime's goals.

That's laughable.

Yes, whoever is behind such hacks is a story. But it does nothing to lessen or impact whether or not the leaked emails themselves are newsworthy. Arguing against anyone publishing stories about them just because they may have begun with Russian hackers is just a way of desperately trying to block embarrassing stories about the DNC from getting published.

62 Comments | Leave a Comment..

Posted on Techdirt - 25 July 2016 @ 6:26am

DNC Comms Guy Mocked Story Saying DNC Is Bad At Cybersecurity; Revealed Because DNC Is Bad At Cybersecurity

from the karma dept

Protip: maybe don't laugh off accusations that you're bad at cybersecurity in emails on a network that has already been infiltrated by hackers. That message did not make it through to one Eric Walker, deputy communications director for the Democratic National Committee. As you've heard by now, the DNC got hacked and all the emails were posted on Wikileaks. An anonymous user in our comments pointed us to a now revealed email from Walker brushing off a story in BuzzFeed, quoting cybersecurity professionals arguing that both the RNC and the DNC are bad at cybersecurity, mainly because they're handing out USB keys at their conventions.

Reporters who registered for the Republican and Democratic National Conventions were given tote bags by convention organizers filled with instructions and logistical information. Buried inside the totes were thumb drives, also known as USB flash drives, with information on the upcoming events.

“Who does that anymore? It’s just asking to get infected with any variety of malware,” said Ajay Arora, CEO of VERA, a cybersecurity firm. “Those thumb drives are the number one way to infect a computer… It is borderline stupidity to give them out to people, or for people to even think of using them.”

Thumb drives are known within the cybersecurity world for their fundamental security weaknesses, because when someone plugs a thumb drive into their computers they are opening up their system to anything on that drive — from the best hotels to stay in during the Republican National Convention to a virus that silently uploads itself onto the hard drive. Neither the Republican or Democratic National Committees replied to a BuzzFeed News inquiry about the thumb drives.
That's a reasonable assessment. It's dumb to hand out USB keys these days and anyone should be aware of that by now. But Walker's email sarcastically mocked this:
The thesis: we hand out thumb drives at events, which could infect the reporters/attendees' computers. So that means that we're bad at cybersecurity. Okay.
Well, truth be told, there are many reasons why you may be bad at cybersecurity, including the fact that you apparently let a group of hackers sit on your network for a year or more. But also, handing out USB keys is a super bad idea too.

45 Comments | Leave a Comment..

Posted on Techdirt - 22 July 2016 @ 7:39pm

Yes, The Democratic National Committee Flat Out Lied In Claiming No Donor Financial Info Leaked

from the it-leaked-like-a-seive dept

You may recall, from last month, that a hacker (who many have accused of working for the Russian government) got into the Democratic National Committee's computers and copied a ton of stuff. All of the emails that were obtained (a little over 19,000, from seven top DNC officials) are now searchable on Wikileaks, so there are tons of stories popping up covering what's been found. The Intercept, for example, appears to be having a field day exposing sketchy behavior by the DNC.

But one point that hasn't received as much attention: the DNC appears to have flat out lied right after the hack happened. In its statement on the hack, the DNC had insisted that no personal donor info got out:

The hackers had access to the information for approximately one year, but that access was wiped clean last weekend, The Washington Post reported, noting that the DNC said that no personal, financial or donor information had been accessed or taken.
Except, well, no. There had been reports, driven by the hacker, that the files absolutely did include personal donor info, and now you can see some of that for yourself. For example, it took me all of about 5 minutes to find a list of donors and their email addresses, which I won't be sharing here, but I'm sure others can find as well. And, then, of course, you can find things like this discussion about a potential donor, Niranjan Shah, with "ties" to disgraced and convicted former Illinois Governor Rod Blagojevich, noting that there were "pay to play" accusations associated with him. The DNC noted that they "could be ok" with Shah donating to the DNC, but that the administration might not want him to show up at their events. And, of course, there are emails detailing specific donations by specific people.

There are claims that some emails contain credit card data, though I haven't seen that myself. Either way, it certainly appears that in the rush to "nothing to see here" the leak of the info, the DNC simply lied about what was leaked.

39 Comments | Leave a Comment..

Posted on Techdirt - 21 July 2016 @ 2:35pm

Ed Snowden And Bunnie Huang Design Phone Case To Warn You If Your Phone Is Compromised

from the busy-day dept

Bunnie Huang is having quite a day -- and it's a day the US government perhaps isn't too happy about. Huang has worked on a number of interesting projects over the years from hacking the Xbox over a dozen years ago to highlighting innovation happening without patents in China. This morning we wrote about him suing the US government over Section 1201 of the DMCA. And now he's teamed up with Ed Snowden (you've heard of him) to design a device to warn you if your phone's radios are broadcasting without your consent. Basically, they're noting that your standard software based controls (i.e., turning on "airplane mode") can be circumvented by, say, spies or hackers. But their tool is designed to actually determine if the radios are broadcasting for real:

The aim of that add-on, Huang and Snowden say, is to offer a constant check on whether your phone’s radios are transmitting. They say it’s an infinitely more trustworthy method of knowing your phone’s radios are off than “airplane mode,” which people have shown can be hacked and spoofed. Snowden and Huang are hoping to offer strong privacy guarantees to smartphone owners who need to shield their phones from government-funded adversaries with advanced hacking and surveillance capabilities—particularly reporters trying to carry their devices into hostile foreign countries without constantly revealing their locations.
They've published a paper describing the product and it's a good read.
Front-line journalists risk their lives to report from conflict regions. Casting a spotlight on atrocities, their updates can alter the tides of war and outcomes of elections. As a result, front-line journalists are high-value targets, and their enemies will spare no expense to silence them. In the past decade, hundreds of journalists have been captured, tortured and killed. These journalists have been reporting in conflict zones, such as Iraq and Syria, or in regions of political instability, such as the Philippines, Mexico, and Somalia.

Unfortunately, journalists can be betrayed by their own tools. Their smartphones, an essential tool for communicating with sources and the outside world–as well as for taking photos and authoring articles–are also the perfect tracking device. Legal barriers barring the access to unwitting phone transmissions are failing because of the precedent set by the US’s “third-party doctrine,” which holds that metadata on such signals enjoys no legal protection. As a result, governments and powerful political institutions are gaining access to comprehensive records of phone emissions unwittingly broadcast by device owners. This leaves journalists, activists, and rights workers in a position of vulnerability. Reporter Marie Colvin’s 2012 death is a tragic reminder of how real this vulnerability can be. A lawsuit against the Syrian government filed in 2016 alleges she was deliberately targeted and killed by Syrian government artillery fire. The lawsuit describes how her location was discovered in part through the use of intercept devices that monitored satellite-dish and cellphone communications.
Of course, at this point, all that exists is the paper explaining how this will work. They haven't yet built the actual system. But given Huang's history of hardware hacking and his relationships in Shenzhen, it seems likely that he could get it made pretty quickly if there was demand.
Huang, who lives in Singapore but travels monthly to meet with hardware manufacturers in Shenzhen, says that the skills to create and install their hardware add-on are commonplace in mainland China’s thriving iPhone repair and modification markets. “This is definitely something where, if you’re the New York Times and you want to have a pool of four or five of these iPhones and you have a few hundred extra dollars to spent on them, we could do that.” says Huang. “The average [DIY enthusiast] in America would think this is pretty fucking crazy. The average guy who does iPhone modifications in China would see this and think it’s not a problem.”
Again, who knows if people will actually end up using this, but it's still good to see solutions like this being explored and tested.

Read More | 28 Comments | Leave a Comment..

Posted on Techdirt - 21 July 2016 @ 12:59pm

Techdirt Reading List: Don't Panic: A Legal Guide (in Plain English) For Small Businesses & Creative Professionals

from the don't-panic dept

We're back again with another in our weekly reading list posts of books we think our community will find interesting and thought provoking. Once again, buying the book via the Amazon links in this story also helps support Techdirt.

We've long argued that it's pretty ridiculous that creative artists and entrepreneurs sometimes find themselves at odds with one another, as there are a ton of similarities. It's why, a few years ago, we hosted an Artists & Entrepreneurs branstorming workshop, bringing together a bunch of content creators along with the entrepreneurs building platforms for those artists. A part of our thesis was that the two had a lot more similarities than differences. Both types were trying to be creative and innovative. Both were trying to run a business of sorts as well. There were some obvious areas where things were slightly different, but the similarities certainly outweighed the differences.

And that's just part of the reason it's nice to see the new book from New Media Rights' Art Neill and Teri Karobonik called Don't Panic: A Legal Guide (in plain english) for Small Businesses & Creative Professionals. New Media Rights does some really great work on the legal side helping content creators out, such as when big companies abuse copyright to censor creative works of artists.

This new book is a super useful (plain English!) legal guide to a variety of issues that face both creative artists and small businesses. Besides being super understandable for the non-lawyer artist or developer, it also reinforces that the issues both face are fairly similar.

Leave a Comment..

More posts from Mike Masnick >>