Tim Alloysius Cushing’s Techdirt Profile


About Tim Alloysius Cushing Techdirt Insider

Posted on Techdirt - 13 September 2019 @ 1:39pm

Ninth Circuit Reverses Course While Quoting Its Own Precedent Saying Otherwise; Says Section 230 Doesn't Cover Anti-Competitive Moderation

from the our-earlier-finding,-while-good,-is-now-not-good,-so... dept

The Ninth Circuit Appeals Court has resuscitated a lawsuit against Malwarebytes filed by litigious software company Enigma. Enigma Software tends to sue people who say bad things about its antivirus offerings and since there's a lot of people doing that, the company seems to spend a fair amount of time in court.

Enigma ran into the Section 230 wall in the lower court by claiming Malwarebytes' designation of its software as a threat was an unfair business practice. It said Malwarebytes scans were locating its offerings on people's computers, informing them the software was shady, and quarantining it. Enigma alleged this was anti-competitive. And if it wasn't that, it was probably some sort of trademark thing, blah blah blah Lanham Act. (This claim sneaks into a lot of lawsuits involving Section 230 protections and Enigma tried this tactic in a defamation lawsuit it filed against BleepingComputer. It's a dodge, not a cognizable legal argument.)

Malwarebytes prevailed at the district court level by citing a Ninth Circuit Appeals Court ruling finding that filtering software or services is also protected by Section 230 of the CDA. In the cited case, antivirus software company Kaspersky secured a dismissal from a lawsuit brought by an aggrieved adware purveyor. That decision said any material a provider feels is objectionable (in this case, adware) can be removed by the provider.

That's what the court said then. What it's saying now is something different, and that appears to be only because the Ninth Circuit feels Malwarebytes and Enigma Software are actually competitors, even if Enigma has yet to earn the same amount of respect Malwarebytes has. From the decision [PDF]:

This case differs from Zango in that here the parties are competitors. In this appeal Enigma contends that the “otherwise objectionable” catchall is not broad enough to encompass a provider’s objection to a rival’s software in order to suppress competition. Enigma points to Judge Fisher’s concurrence in Zango warning against an overly expansive interpretation of the provision that could lead to anticompetitive results. We heed that warning and reverse the district court’s decision that read Zango to require such an interpretation. We hold that the phrase “otherwise objectionable” does not include software that the provider finds objectionable for anticompetitive reasons.

That's a pretty broad interpretation of a decision the Ninth Circuit says it's not going to interpret broadly. Malwarebytes has plenty of legitimate reasons to protect its users from Enigma's offerings that go beyond neutering a competitor. Enigma's reputation seems to have improved over the last couple of years, but its history is littered with rogue software designations, questionable customer service tactics, and, of course, the tendency to sue anyone who doesn't view Enigma as positively as Enigma views itself.

So, designating this competitor's software as questionable isn't necessarily about keeping a competitor off users' computers. That subtlety is lost in this reversal by the Ninth Circuit, which feels Enigma has plausibly alleged anti-competitive practices.

It also (perhaps more correctly) finds that Enigma can continue pursuing its Lanham Act claims about trademark infringement. The court (correctly) notes Section 230 does not provide immunity against intellectual property claims. Not that the false advertising claim raised here has any merit. It doesn't. But being right on this point doesn't make the decision any better. Litigants hoping to dodge Section 230 immunity tend to throw in trademark-related claims as filler, hoping this bogus deployment of their intellectual property protections will allow them to survive a motion to dismiss. It works here. So that means litigants will keep cramming these bullshit claims into their bullshit lawsuits.

Not only does this make things worse for defendants in the circuit (and there will be a lot of them considering how many tech companies are located in California) but it ignores one crucial aspect of Malwarebytes' designation of Enigma software as dangerous: Malwarebytes flagged Enigma's software in response to users' preferences.

Malwarebytes and Enigma have been direct competitors since 2008, the year of Malwarebytes’s inception. In their first eight years as competitors, neither Enigma nor Malwarebytes flagged the other’s software as threatening or unwanted. In late 2016, however, Malwarebytes revised its PUP-detection criteria to include any program that, according to Malwarebytes, users did not seem to like.

After the revision, Malwarebytes’s software immediately began flagging Enigma’s most popular programs— RegHunter and SpyHunter—as PUPs. Thereafter, anytime a user with Malwarebytes’s software tried to download those Enigma programs, the user was alerted of a security risk and, according to Enigma’s complaint, the download was prohibited, i.e. Malwarebytes “quarantined” the programs.

This move was predicated on users' preferences, which puts it about as close to user-generated content as possible, without allowing users to directly control Malwarebytes' threat database.

The end result is what matters, at least in the Appeals Court's limited analysis. Section 230 was supposed to increase competitiveness, not limit it, so…

We cannot accept Malwarebytes’s position, as it appears contrary to CDA’s history and purpose. Congress expressly provided that the CDA aims “to preserve the vibrant and competitive free market that presently exists for the Internet and other interactive computer services” and to “remove disincentives for the development and utilization of blocking and filtering technologies.” § 230(b)(2)–(3). Congress said it gave providers discretion to identify objectionable content in large part to protect competition, not suppress it. Id. In other words, Congress wanted to encourage the development of filtration technologies, not to enable software developers to drive each other out of business.

On the plus side, it also doesn't buy Enigma's argument that Section 230 immunity only involves the policing of material that is sexual and/or violent in nature. It covers more than that, but does not -- at least in this opinion -- protect the blocking of competitors' software offerings.

The dissent says this is the wrong decision to make. Section 230's language does cover Malwarebytes' flagging of Enigma software. If the law needs to be fixed, legislators need to fix it. The court shouldn't litter the circuit with bad precedent in lieu of Congressional action.

The majority opinion seeks to limit the statute based on the fact that the parties are competitors. See Majority Opinion, p. 4. However, nothing in the statutory provisions or our majority opinion in Zango supports such a distinction. Rather the “broad language” of the Act specifically encompasses “any action voluntarily taken [by a provider] to restrict access to . . . material that the provider . . . considers to be . . . otherwise objectionable.” 47 U.S.C. § 230(c)(2)(A) (emphasis added). Under the language of the Act, so long as the provider’s action is taken to remove “otherwise objectionable” material, the restriction of access is immunized. See id. The majority’s real complaint is not that the district court construed the statute too broadly, but that the statute is written too broadly. However, that defect, if it is a defect, is one beyond our authority to correct.

But that's not what happened here. Enigma will get to drag this litigation out even longer. It may not even win it. But it will serve as a warning to others tempted to flag Enigma's offerings as less-than-desirable. And that's probably the only win it really needs.

Read More | 46 Comments | Leave a Comment..

Posted on Free Speech - 13 September 2019 @ 12:01pm

After Being Sued, Mississippi Rewrites Its Unconstitutional Ban On The Use Of Meat Words By Vegan Food Producers

from the try-it-again,-but-without-all-the-favoritism dept

Mississippi legislators -- apparently guided by "threatened" cattle farmers -- decided to rewrite its product-labeling laws. It enacted a statute forbidding producers of non-meat products from using meat-associated terms to describe their products. This unconstitutional requirement was put in place to supposedly reduce customer confusion, but the labels targeted made it clear their products -- hamburgers, hot dogs, etc. -- contained zero meat.

"Vegan hot dogs" was no longer acceptable. Neither was the ubiquitous term "veggie burger." The law required plant-based products to disassociate themselves completely from the meat products they were emulating. Very few people have been tricked into buying veggie products when they meant to purchase beef. But consumers looking to replace meat products with veggie alternatives might find it a bit more difficult to figure out what products they're replacing when the descriptive terms aren't all that descriptive.

The state was sued by Upton's Naturals Co. and the Plant Based Food Association. Represented by the Institute for Justice, the plaintiffs sought an injunction blocking the law's enforcement and a declaration that the law itself was unconstitutional.

It appears the state has decided to craft a new statute -- one that doesn't violate the First Amendment -- rather than continue to fight this in court. Scott Shackford has the details at Reason.

Today the Institute of Justice announced what appears to be a successful end to the fight. The Mississippi Department of Agriculture has withdrawn the regulations it proposed to enforce the law and introduced a new set of regulations. Under the new proposal, it's still wrong for a plant-based food product to be labeled as "meat" or a "meat food product," but there will be exceptions for products that include an appropriate qualifying term on the label, such as "plant-based," "meatless," "vegetarian," or "vegan."

The proposed change [PDF] still needs to be adopted and put into force, but this will allow Upton's and others to continue selling their plant-based products without having to alter their packaging or labeling. What the new law would require is something these companies already do:

112.01 Labeling Requirements

1. A plant-based food product label shall not be false or misleading.

2. A plant-based food product shall not be labeled as a “meat” or “meat food product” as defined by Miss. Code Ann. §§75-33-3(1)(b) and 75-35-3(g). For purposes of this section, a plant-based food product will not be considered to be labeled as a “meat” or “meat food product” if one or more of the following terms, or a comparable qualifier, is prominently displayed on the front of the package: “meat free,” “meatless,” “plant-based,” “veggie-based,” “made from plants,” “vegetarian,” or “vegan.”

Governments can regulate speech to a limited extent. But the exceptions must be very narrowly-crafted and serve a "compelling" government interest. Pushing one set of competitors out of the market with ridiculous, unconstitutional speech restrictions isn't the sort of things a government should do, especially if it has to violate the Constitution to do it.

Read More | 35 Comments | Leave a Comment..

Posted on Techdirt - 13 September 2019 @ 9:38am

High-Level DOJ Official Latest Gov't Employee To Be Caught Watching Porn While On The Clock

from the it's-always-those-wankers-up-top,-he-said-literally dept

It's good to know government employees are hard at work. (This statement mainly applies to male employees.)

Throughout the past several years, internal investigations have rooted out a bunch of government employees who are wasting tax dollars by visiting websites and viewing content no doubt strictly prohibited by workplace policies. We're talking porn. Lots of porn. Just incredible amounts of porn consumption.

These apparently non-essential personnel have racked up some amazing porn stats. Some SEC employees were reprimanded (but not fired) for spending up to 98% of their workdays watching porn. An employee at the US Geological Survey's [cough] EROS Center visited 9,000 porn webpages en route to infecting the agency's computer system with malware. An EPA employee spent their work hours compiling a comprehensive library of over 9,000 pornographic images.

It's not just the federal government either. The City of Baltimore's Department of Public Works discovered an employee was spending about half the work week (~20 hours) watching porn on the clock. Over in the UK -- home of the always-impending porn filters -- government employees accessed porn 300,000 times over a 14-month period.

Porn consumption is apparently a government tradition -- one that spans the world and is celebrated by all levels of governing bodies.

Here's yet another data point, emanating from the US Department of Justice. (via NextGov)

The DOJ's Inspector General was tipped to some in-office porn viewing by a high-ranking official. This was no office drone. This was a Deputy Assistant Attorney General. Its investigation confirmed what was suspected: more porn consumption on a government computer.

From the one-page summary [PDF] released by the OIG:

The OIG investigation substantiated the allegation that the then DAAG viewed sexually explicit images on the DAAG’s government computers, in violation of DOJ policy. An OIG forensic examination of two DOJ computers issued to the DAAG determined that the computers contained data regarding numerous sexually explicit website searches, visits to websites hosting sexually explicit videos, sexually explicit search engine terms, and sexually explicit images.

The DAAG then lied about their porn habits. This is a bold move, considering lying to investigators is a criminal offense. Of course, it's only the rarest of government officials who are ever charged with lying to investigators. This one was no exception. The DAAG resigned before the investigation was concluded and no criminal charges were brought.

That's the quality of help we're paying for. They're people who should be held to a higher standard than private sector employees. But they never are. Fireable offenses rarely result in firing. Massive amounts of wasted time result in reprimands, rather than demotions or termination. And yet, we're supposed to act like the government has our best interests in mind when it engages in a tiny bit of oversight. These employees and their enablers are jerking far more than themselves around.

26 Comments | Leave a Comment..

Posted on Techdirt - 12 September 2019 @ 1:29pm

Houston Police Officer Who Led Botched Raid That Killed Two People Now Facing Felony Murder Charges

from the some-of-the-best-criminals-are-cops dept

The increasingly-awful story of the Houston Police Department's botched drug raid continues to develop. Earlier this year, the Houston PD raided the house of Dennis Tuttle and Rhogena Nicholas. By the time the bullets stopped flying, the couple of 21 years was dead.

The raid was predicated on a tip from a confidential informant who said he saw lots of heroin and some guns in the residence while performing a controlled buy. No heroin was found. The gun described by the informant was never found. What was found was personal use amounts of marijuana and cocaine, neither of which were mentioned by the informant.

The informant never existed. The heroin supposedly purchased from the residence actually came from the console of an officer's police car. The affidavit obtained by Officer Gerald Goines was apparently filled with lies about a controlled drug buy that never happened and statements from an informant who had never visited the Tuttle residence. The actual tip the officers acted on was one phoned in by Rhogena Nicholas' mother, who complained about the couple using drugs in their house.

Goines wasn't the only liar. Other officers on the scene lied as well. The narrative officers presented was one of being greeted by weapon-wielding residents during the no-knock raid. An independent forensic examination of the home contradicted many of the claims made by officers in their reports.

The police chief finally distanced himself from the officers' actions, but only after enough information had come to light to show everything about the raid was a lie. Investigations have been opened on the PD and the officers involved. The two officers who led the raid are having their past investigations examined by the PD and the DA's office says this could affect as many as 14,000 cases. Not that the Houston PD is exactly being cooperative. The DA's office has had to threaten legal action to get the department to turn over paperwork linked to Officer Gerald Goines and Officer Steven Bryant.

These officers are no longer facing multiple investigations into the drug task force work. They're now facing criminal charges as well.

Gerald Goines, the ex-Houston police officer who led the controversial no-knock raid on Harding Street, has been charged with two counts of felony murder, as KHOU 11 Investigates reporter Jeremy Rogalski first reported.

His attorney, Nicole DeBorde, said Goines was surprised by the charges.  

Goines surrendered Friday afternoon and his bond was set at $150,000 on each charge. Goines made bond Friday evening.

He is required to wear a GPS monitor and won't be allowed to have weapons or leave Harris County.

His partner in cop crime isn't facing murder charges, but is on just as short a leash as Goines.

Former Officer Steven Bryant, who was involved with the Harding Street warrant, is charged with second-degree tampering with a government document. His bond was set at $50,000. He will also wear a GPS monitor and can't leave Harris or Fort Bend counties.

Meanwhile, the HPD chief continues to reassure himself this isn't the tip of a corroded iceberg, but rather just an anomaly he can go back to ignoring when the press finds something else to occupy itself with.

However, Houston Police Chief Art Acevedo believes it's not a department wide problem.

"We've been looking at a lot of cases and we have yet to see it again, any evidence of any systemic issues," Acevedo said.

Maybe no cop on the force is as awful as these two. But cops don't just go straight from the academy to falsifying affidavits and engaging in deadly raids over drugs that came from a cop car, rather than a crime scene. They start small. And if no one stops them, it eventually grows to something that can't be contained. Chief Acevedo needs to dig a little deeper. If he's not seeing anything, it's not because it's not there. It's because he's not really looking for it.

33 Comments | Leave a Comment..

Posted on Free Speech - 12 September 2019 @ 3:23am

Student Sues College After Being Told Not To Exercise His First Amendment Rights Without The School's Permission

from the students-shouldn't-be-seen-or-heard dept

Another public university is getting sued over its unconstitutional speech policies. While schools can place some restrictions on students' speech, they can't just carve out blanket exceptions that allow them to treat the First Amendment as a privilege it might extend to students if they've filled out all the proper paperwork.

Jones County Junior College student Mike Brown managed to First Amendment his way right into a conversation with the campus police chief. At this school, you have to ask permission before you can speak to other students, apparently. Here's the write-up from FIRE (Foundation for Individual Rights in Education), which is representing Brown in his lawsuit against the college.

In April, Brown and two other individuals held up a sign designed to poll students on the legalization of recreational marijuana. But Jones College administrators quickly summoned campus police because the group hadn’t filled out the proper paperwork — which requires administrative approval and a minimum three-day waiting period before “gathering for any purpose” anywhere on campus.

Brown and another student were taken to the police chief’s office while their friend, a non-student, was escorted to his car and told to leave immediately and not return, or he’d face arrest. Back in the chief’s office, the police chief told Brown he should have known better than to blatantly exercise his free speech rights on campus without administrative approval.

Ah, to be young and living in the Land of the Free, being told by law enforcement that your protected speech needs to be approved ahead of time by a public institution's administrators. Here's the policy that Jones JC has written -- the one being challenged in court. According to this, on-campus speech has a three-day waiting period.

Any student parade, serenade, demonstration, rally, and/or other meeting or gathering for any purpose, conducted on the campus of the institution must be scheduled with the President or Vice President of Student Affairs at least 72 hours in advance of the event. (Forms available in Student Affairs) Names of the responsible leaders of the groups must be submitted to the institution at the time of scheduling.

While schools can place a few restrictions on speech to ensure classes aren't interrupted and campus traffic isn't impeded, they cannot simply create blanket prohibitions that require student speech to be pre-approved. As the lawsuit points out, the campus is large and contains many areas where students could gather without disrupting the school day.

JCJC’s property is made up of several hundred acres and its Ellisville campus has many open, publicly accessible areas, outdoor green spaces, sidewalks, and pedestrian plazas and thoroughfares where student speech and expressive activity would not interfere with or disturb access to college buildings or sidewalks, impede vehicular or pedestrian traffic, or disrupt campus operations or the college’s educational functions. Yet, the entire campus is off-limits to any student expression without the prior approval of JCJC administrators at least three to five days ahead of time through an undefined scheduling process that grants JCJC unfettered and arbitrary discretion to prohibit student expression on the basis of content or viewpoint.

As an added bonus, the student handbook also prohibits "public profanity" on campus, which is about as ridiculous an imposition on free speech as requiring students to ask the school's permission to speak freely. That restriction comes into play in this complaint because a prior run-in with the campus' speech police (who were also literally police officers) involved a "free speech ball" being thrown around by a bunch of adults that administrators claimed was "covered with profanities" during its earlier foray into First Amendment violations.

The lawsuit asks for the court to give the students of JCJC back their First Amendment rights by declaring the school's speech policy unconstitutional. This step was taken because the college decided to ignore FIRE's earlier offering to help it write a more constitutional policy. Now, it gets to defend it in court and explain to judges why it feels it doesn't need to respect students' rights. That should be fun.

Read More | 76 Comments | Leave a Comment..

Posted on Techdirt - 11 September 2019 @ 10:44am

DOJ Wants Apple, Google To Hand Over Names And Phone Numbers Of 10,000 App Users

from the government-still-in-the-pointless-acquisition-business dept

Let's hope this isn't the only scope discussed by the court handling this case, detailed here by Thomas Brewster of Forbes.

[T]he government wants Apple and Google to hand over names, phone numbers and other identifying data of at least 10,000 users of a single gun scope app, Forbes has discovered. It’s an unprecedented move: Never before has a case been disclosed in which American investigators demanded personal data of users of a single app from Apple and Google. And never has an order been made public where the feds have asked the Silicon Valley giants for info on so many thousands of people in one go.

Well, "made public" might be overstating things. The DOJ did not want this made public but the document it wanted sealed made it to the public docket briefly before being disappeared by the court system. It targets users of the Obsidian 4 app, which controls rifle scopes made by American Technologies Network Corp.

What the government claims this is about barely seems connected to what it's asking for.

The Immigration and Customs Enforcement (ICE) department is seeking information as part of a broad investigation into possible breaches of weapons export regulations. It’s looking into illegal exports of ATN’s scope, though the company itself isn’t under investigation, according to the order. As part of that, investigators are looking for a quick way to find out where the app is in use, as that will likely indicate where the hardware has been shipped.

Acquiring the data of thousands of innocent app users isn't going to benefit government investigators in any great way. Sifting through tons of garbage data doesn't make anyone's job any easier. What it will do is give the government a lot of information on people not suspected of engaging in criminal acts -- data it can hold onto indefinitely if no one's paying attention.

And it's a lot of information. The DOJ is seeking phone numbers and names linked to accounts that have downloaded the app. It also wants data on when users used the app. All this in furtherance of an investigation that doesn't seem to contain much investigating at this point.

It’s unclear just whom ICE is investigating. No public charges have been filed related to the company or resellers of its weapons tools.

With this data grab, the government will have a chance to explore its options. If investigating weapon manufacturers isn't proving fruitful, maybe someone else in the 10,000+ pool of "suspects" will prove to be a more interesting target. The government isn't above fishing for criminal activity when performing supposedly-targeted searches. And if it wanders too far afield from its original aim, it can always argue the "fish" at the end of its 10,000 lines would have been "inevitably discovered" during the course of its fishing expedition.

Unfortunately, we don't know (yet) whether this ridiculous data request was granted. If a judge somehow managed to sign off on this, there's a good chance it will be rethought once Google or Apple tell the government they're not going to be handing over massive amounts of data the government hasn't shown it needs, much less has earned access to.

27 Comments | Leave a Comment..

Posted on Free Speech - 11 September 2019 @ 3:22am

Months After Christchurch Shooting, The Australian Government Is Issuing Site-Blocking Orders Targeting Footage Of The Incident

from the oh-right-we-were-supposed-to-be-doing-something dept

Following the Christchurch shooting in New Zealand, governments sprang into action to declare the internet to be the real villain. It wasn't. And isn't. But that didn't stop a strange series of policies from being enacted.

The New Zealand censorship board declared footage of the shooting -- captured by the shooter himself -- illegal. Once it had made it illegal to share or possess, it went after those who did, resulting in at least one person being sent to prison for making the footage available online.

The Australian government followed suit. It declared the footage illegal, putting pressure on social media companies and service providers to take down uploaded copies "expeditiously." This term wasn't defined in the rushed legislation. Nor were companies given any guidance on what amount of time was considered "reasonable" to react to reports of uploaded footage in order to avoid $168,000 (per incident) fines. Presumably the Australian government would know reasonableness when it saw it and fine accordingly.

Companies did what they were vaguely instructed to do. So did Australian internet service providers. The Guardian reports blocking efforts began immediately, with ISPs targeting any site where the footage was hosted. To date, these efforts have resulted in the blocking of 43 websites. It appears ISPs are maintaining their own blocklists, since the government hadn't bothered to hand down any guidance on its recently-passed "abhorrent content" law.

Months after the fact, the Australian government is finally codifying the block orders it's issuing.

To avoid legal complications the prime minister, Scott Morrison, asked the e-safety commissioner and the internet providers to develop a protocol for the e-safety commissioner to order the websites to block access to the offending sites.

The order issued on Sunday covers just eight websites, after several stopped hosting the material, or ceased operating, such as 8chan.

To have these blocks lifted, sites have to take down the material. But the review process lags behind the takedowns. Block orders are only reviewed every six months by the e-safety commissioner's office.

There are obviously speech concerns that aren't being addressed by this process or the legislation that prompted these site-blocking efforts. The footage and the shooter's manifesto are undeniably newsworthy. They are also of interest to researchers and any number of law enforcement agencies. Unilaterally declaring these illegal turns these parties into criminals. The law doesn't appear to contain any exceptions for journalists, researchers, or anyone else who may have a legitimate reason to possess or share this content.

The Australian government is fine with this because the e-safety commissioner has unilaterally declared this content to be so bad there can be no legitimate reason for anyone to have it in their possession.

“The slippery slope argument I keep seeing [is] this is not obscene content or objectionable content [but] it’s clearly illegal. I don’t see any public interest in making this kind of material that is designed to humiliate and to incite further terrorist acts and hatred.”

Well, okay. I guess as long as a government official can't see any public interest, there must be no public interest concerns. These blocking orders may be targeting specific content that's fairly distinctive, but the e-safety commissioner's statement ignores the breadth of the law, which targets far more than these two pieces of content.

The Sharing of Abhorrent Violent Material bill creates new offences for content service providers and hosting services that fail to notify the Australian federal police about or fail to expeditiously remove videos depicting “abhorrent violent conduct”. That conduct is defined as videos depicting terrorist acts, murders, attempted murders, torture, rape or kidnap.

There goes a whole lot of newsworthy content, including content that may have investigative or evidentiary value. The vagueness of the law encourages proactive efforts from social media companies, which is going to result in a lot of false positives, as well as the memory-holing of content that's arguably of public interest, no matter how "abhorrent" that content may be.

28 Comments | Leave a Comment..

Posted on Techdirt - 10 September 2019 @ 9:31am

White House Pushing Proposal That Would Subject Mentally Ill People To Increased Surveillance

from the people-with-mental-problems-will-definitely-respond-positively-to-this dept

The White House has decided we're going to power through our mass shooting crisis by aiming our surveillance apparatus in the direction of the mentally ill. In addition to claiming we might be able to find the next mass shooter by tracking fitness trackers, the administration is pushing for a mental health-based "solution" that would increase the stigma of not being "normal."

The White House is considering a controversial proposal to study whether mass shootings could be prevented by monitoring mentally ill people for small changes that might foretell violence.

Former NBC Chairman Bob Wright, a longtime friend and associate of President Trump’s, has briefed top officials, including the president, the vice president and Ivanka Trump, on a proposal to create a new research agency called HARPA to come up with out-of-the-box ways to tackle health problems, much like DARPA does for the military, say several people who have briefed.

HARPA (a takeoff of the military's DARPA project) stands for Health Advanced Research Projects Agency. HARPA's webpage says things about uncured diseases and promises to "put patients first," but the administration's commandeering of its resources pretty much guarantees more law enforcement officers lacking the training to address mental health issues will be put in contact with people with mental health issues more frequently. Perhaps the Trump administration thinks we can avoid a mass shooting by increasing the number of people shot by cops one at a time.

A three-page proposal from HARPA contains a clunky acronym and some very scary ideas. The route to a mass shooting-free America runs through millions of devices owned by millions of US citizens.

Advisers to Wright quickly pulled together a three-page proposal — called SAFEHOME for Stopping Aberrant Fatal Events by Helping Overcome Mental Extremes — which calls for exploring whether technology like phones and smartwatches can be used to detect when mentally ill people are about to turn violent.

No one has any idea how this is supposed to work. No one seems to know whether it can even be done. Administration officials, however, aren't asking the only question that matters: should this be done?

In addition to generating a massive amount of false positives for law enforcement and HARPA analysts to sort through, there's the very real concern that such a program would put tons of people under surveillance and still not do anything to solve the problem it's supposed to be addressing.

Most concerning, [Marisa Randazzo] said, is that the proposal is based on the flawed premise that mental illness is directly linked to mass shootings. “Everything we know from research tells us it’s a weak link at best,” said Randazzo, who spent a decade conducting such research for the Secret Service and is now CEO of a threat assessment company called Sigma.

There is violence associated with mental illness, but not the violence this administration is targeting. Suicide is the problem going unaddressed. But since Trump believes mass shooters are all mentally ill, that's what HARPA will likely focus on. Unfortunately, it will be working against available data.

[S]tudies of mass shooters have found that only a quarter or less have diagnosed mental illness. Researchers have noted a host of other factors that are more significant commonalities in mass shooters: a strong sense of grievance, desire for infamy, copycat study of other shooters, past domestic violence, narcissism and access to firearms.

It also runs contrary to the government's own research work. A Pentagon study on mass shootings said simply that prediction-oriented programs don't work. Threat assessment is far more productive than amassing a bunch of biometric data and hoping to find a pattern that indicates someone's going to engage in mass murder.

But this is what the administration wants to pursue: widespread surveillance based on the faulty assumption that this will produce anything other than negative results.

119 Comments | Leave a Comment..

Posted on Techdirt - 10 September 2019 @ 3:11am

Ring Has A 'Head Of Face Recognition Tech,' Says It's Not Using Facial Recognition Tech. Yet.

from the currently-not-doing-this-thing-we're-considering-doing dept

Amazon has developed facial recognition tech it's inordinately proud of. Known as "Rekognition," it's not nearly as accurate as its deliberately misspelled moniker suggests it is. It drew Congressional heat last year when it misidentified a number of Congress members as criminals.

There has been no interplay between Amazon's Rekognition software and the Ring doorbell cameras its subsidiary is pushing to cops (who then push them to citizens). Yet. Maybe there will never be. But it's pretty much an inevitability that Ring cameras will, at some point, employ facial recognition tech.

There's probably no hurry at the moment. The doorbell camera company doesn't seem all that concerned about optics -- not after partnering with 400 law enforcement agencies en route to securing 97% of the doorbell camera market. When not writing press releases and social media posts for cop shops, Ring is waging a low-effort charm offensive with vapid blog posts meant to boost its reputation as a crime-fighting device while burying all the questionable aspects of its efforts -- like encouraging "sharing" of footage with law enforcement so they don't have to go through the hassle of obtaining a warrant.

Ring is toughening up a bit in the face of all this bad press. It's engaging directly with critics on Twitter to rebut points they haven't made and answer questions they didn't actually ask. It responded to the ACLU's post that theorized about Amazon's forays into surveillance tech, positing that the company's Rekognition software and Ring doorbell cameras make for a dynamic surveillance duo -- one that faces outwards from millions of private homes around the nation.

Ring says it does not use facial recognition tech in its doorbells. It has made this statement multiple times in the past couple of weeks. That's good news. But it's not the end of the story. Nicole Nguyen and Ryan Mac of BuzzFeed are countering Ring's PR push by pointing out that it's a little weird for a company that says it does not use facial recognition tech to employ someone directly tasked with exploring facial recognition opportunities. (via Boing Boing)

While Ring devices don’t currently use facial recognition technology, the company’s Ukraine arm appears to be working on it. “We develop semi-automated crime prevention and monitoring systems which are based on, but not limited to, face recognition,” reads Ring Ukraine’s website. BuzzFeed News also found a 2018 presentation from Ring Ukraine's "head of face recognition research" online and direct references to the technology on its website.

Maybe the stateside version isn't ready to mix in the tech, but its Ukraine arm seems poised to explore this option. The presentation BuzzFeed located was created by Oleksandr Obiednikov, who listed himself as Ring's "Head of Face Recognition Tech" in his presentation about "alignment-free face recognition."

Ring's US operations also indicate Ring is looking into this, even if it hasn't added the tech yet.

In November 2018, Ring filed two patent applications that describe technology with the ability to identify “suspicious people” and create a “database of suspicious persons.”

So, the company's assertions about facial recognition tech appear to be true, but only because it has added the qualifier "currently" to its statements. The pairing of doorbell cameras to unproven, often-inaccurate facial recognition tech is all but assured. Ring's denials would be a whole lot more palatable if it wasn't exploring this option elsewhere in the world.

We may only be on the outskirts of a corporation-enabled dystopia at the moment, but a future full of unblinking eyes containing biometric scanning capabilities is swiftly approaching. And this surveillance state won't be the product of the show of force by the government but the result of private companies using law enforcement to expand their user base with a series of "would you kindly?" requests.

9 Comments | Leave a Comment..

Posted on Techdirt - 9 September 2019 @ 8:03pm

Investigation Uncovers Mass Purging Of Phoenix Police Department Misconduct Records

from the clean-slates-for-all! dept

There's nothing about American policing that police unions can't make worse. A powerful obstacle standing in the way of accountability and transparency, police unions ensure Americans remain underserved by their public servants.

Police unions have defended such things as tossing flashbang grenades into rooms containing infants and the elimination of drug testing for officers. They've repeatedly tried to thwart legislation that would provide more public access to police misconduct records and have often verbally attacked anyone who questions the actions of law enforcement.

What they're best at doing is tipping the scale in favor of bad cops. Apparently laboring under the pretense that even a bad cop is a better person than anyone not wearing the blue, unions effectively neutralize oversight by ensuring city and state agencies cannot easily access discipline records. Then they go further, preventing even the police from policing themselves.

Justin Price's report on the whitewashing powers of the Phoenix (AZ) PD's union contract is a jaw-dropping read. But it's not an anomaly. There are contracts like this in place all over the nation. But AZ Central's investigation shows just how much has been swept under the rug to "protect" cops from the people they serve.

Phoenix Police Sgt. Philip Roberts was suspended from the force for 30 days after an internal investigation concluded he failed to properly manage a 2015 incident where officers shot and killed a mentally ill man.

Lt. Dalin Webb received a written reprimand for his 2013 arrest on domestic violence charges in which he reportedly shoved his wife and choked his teenage son.

Officer Joshua Wayne Beeks was suspended for 15 days when the Department discovered he was involved in three unauthorized high-speed pursuits in a single year that killed two people.

But there's little indication in Phoenix Police Department personnel and internal investigations records that those officers were ever disciplined.

That's because Roberts, Webb and Beeks, like hundreds of other Phoenix police officers in recent years, were allowed to erase records of their misconduct from files kept by the Police Department.

The practice, which the Department refers to as "purging," has been standard for more than two decades under the police union's contract, but the public has been unaware of it.

The contract also prohibits misconduct detailed in the purged records from being considered in future disciplinary investigations or performance evaluations.

If the goal is to keep bad cops employed indefinitely, it's been super-effective. Over 500 of the city's 3,000 officers have had their pasts memory-holed by the union contract, covering over 600 misconduct incidents ranging from failure to complete reports to deployments of excessive force.

The purging prevents even internal investigators from discovering patterns of misconduct that should result in harsher discipline or termination. It also prevents plaintiffs suing officers over violated rights from obtaining key background info that could indicate an officer is a longtime abuser of citizens. In one case cited in Price's report, the PD began purging an officer's records as soon as the officer had been served.

The lack of a paper trail results in things like this happening:

Purged records don't appear in a file review.

Those records also don't show up during annual performance evaluations.

Officer Kevin McGowan, for example, earned top marks in his 2015 evaluation despite being disciplined for serious misconduct during the previous year.

An internal investigation concluded McGowan used excessive force when he stomped on an 18-year-old man’s neck, driving his face into the tile floor of a convenience store and knocking out three of the man's teeth.

The incident was captured in surveillance footage taken from the store.

McGowan was initially fired, but the union interceded and he ended up with only a 30-day suspension. A few years later, the disciplinary files were purged, resulting in this cop being commended for being such a great cop. Phrases like "positive attitude" and "community contributor" were tossed around by supervisors unaware of McGowan's recent past.

AZ Central's investigation involved comparing the list of disciplinary files sent to the city's Human Resources Department by the Fiscal Management Bureau with the list of misconduct records maintained by the PD's Professional Standards Bureau. What's considered to be an officer's "permanent record" is maintained by the city's HR department. "Maintained" is definitely overstating things.

By cross-referencing the two sets of records, The Republic identified hundreds of disciplinary cases that had been hidden from internal affairs and the Department's leadership.

Over five years, records of 90% of all sustained misconduct investigations had been erased.

Some of these records are supposed to be maintained for at least five years, according to the contract language. But AZ Central found multiple cases where files had been memory-holed ahead of schedule. Files detailing incidents that resulted in suspensions of over 80 days are never supposed to be purged, but the investigation discovered many of those were missing as well.

The PD explains away all this opacity by saying it increases officer morale. And of course it would. Many employees in many different fields would feel better about themselves and their jobs if they knew their misconduct would never be used against them. But the PD doesn't serve itself. Or at least, it shouldn't. It serves the public. And nothing about this union contract shows any concern about the public or its morale.

20 Comments | Leave a Comment..

Posted on Techdirt - 9 September 2019 @ 1:33pm

Appeals Court Says An IP Address Is 'Tantamount To A Computer's Name' While Handing The FBI Another NIT Win

from the [extremely-superintendent-chalmers-voice]-good-lord dept

Fortunately, this profoundly-wrong conclusion is buried inside a decision that's merely off-base. If it was the crux of the case, we might have witnessed a rush of copyright trolls to the Eleventh Circuit to take advantage of the panel's wrongness.

But this decision is not about IP addresses… not entirely. They do play a part. The Eleventh Circuit Court of Appeals is the latest federal appellate court to deny suppression motions filed over the FBI's use of an invalid warrant to round up suspected child porn consumers. The "Playpen" investigation involved the FBI seizing a dark web child porn site and running it for a few weeks while it sent out malware to anyone who visited the site. The FBI's "Network Investigative Technique" (NIT) sent identifying info back to the FBI, including IP addresses and an assortment of hardware data.

As the court notes in its decision [PDF], pretty much every other appeals court has already gotten in on this action. (Spoiler alert: every other appeals court has granted the FBI "good faith" even though the DOJ was actively pursuing a law change that would make the actions it took in this case legal. The violation of jurisdiction limitations by the FBI's NIT was very much not legal when it occurred.)

By our count, we become today the eleventh (!) court of appeals to assess the constitutionality of the so-called “NIT warrant.” Although the ten others haven’t all employed the same analysis, they’ve all reached the same conclusion—namely, that evidence discovered under the NIT warrant need not be suppressed. We find no good reason to diverge from that consensus here…

That being said, there are some interesting issues discussed in the opinion, but here's where it kind of falls apart. The Eleventh Circuit may be joining ten (!) other circuits in upholding the FBI's illegal search, but it's the first to make this preposterous claim while doing so. (h/t Orin Kerr)

In the normal world of web browsing, an internet service provider—Comcast or AT&T, for example—assigns an IP address to every computer that it provides with internet access. An IP address is a unique numerical identifier, tantamount to a computer’s name.

That's… just completely wrong. An IP address doesn't identify a device any more than it identifies a person or location. It is very definitely not "tantamount to a computer's name." The court uses this erroneous conclusion for pretty benign ends -- to veto the DOJ's belated attempt to rebrand its NIT malware as a "tracking device" in order to salvage its invalid search warrant. Even so, this slip-up is embarrassing, especially in a decision that contains a great deal of technical discussion.

But I suppose all's well that ends unsurprisingly. The Eleventh Circuit agrees with the other circuits: the warrant obtained was invalid from the moment it was obtained as it allowed the FBI to perform searches outside of the jurisdiction in which it was issued. But there's no remedy for the two alleged child porn consumers. As the court states here, the error was the magistrate judge's, who should never have signed a warrant granting extra-jurisdictional searches. According to the Eleventh Circuit, the FBI agent had every reason to believe the granted warrant was valid and that the searches could be executed. No one's evidence is getting suppressed and no one's convictions are being overturned.

The problem with this assumption is that it glosses over the issue of the DOJ's Rule 41 politicking, which was well underway when this FBI agent approached a judge with a warrant that asked permission to violate a rule that hadn't been rewritten yet. To call this "good faith" presumes a lot about the FBI and its investigators. It concludes they were unaware of the DOJ's petitioning of the US court system to rewrite Rule 41 when everything about this case points to the fact that these investigators knew about the proposed rule change and knew this NIT deployment wasn't legal at the point they handed the affidavit to the magistrate.

In the end, it's another unearned win for the FBI. And it's one that comes paired with a tech gaffe that's going to sound very appealing (!) to IP trolls.

Read More | 45 Comments | Leave a Comment..

Posted on Free Speech - 9 September 2019 @ 9:10am

YouTube Lets Indonesian Government Block Satirical Video That Criticizes The Indonesian Government

from the you're-not-helping dept

Recent protests in West Papua have made things uncomfortable for the Indonesian government. The protests were triggered by recordings of Indonesian military personnel taunting Papuans and calling them racial slurs. The Indonesian government responded to the protests by shutting down internet access and seeking to arrest a prominent West Papua civil rights lawyer for allegedly spreading "fake news."

West Papua was formerly its own nation but it was handed over to the Indonesian government in 1969 following a "free choice" voting process that saw about 1,000 "delegates" chosen by the Indonesian military override the will of the country's residents, making it officially a province under the Indonesian government's control. That's obviously not working out well for Papuans.

If you're wondering how West Papua has arrived at this flash point, this hilarious/disturbing video produced by The Juice Media explains the whole thing. And it explains the Australian government's complicity in the Indonesian government's subjugation of the West Papuan people. (NSFW language throughout. Here's an annotated script if you'd rather read about it.)

That explains where the nation is at now, and why its people want to be free of their Indonesian overlords. It also explains why no one nearby is riding to their rescue, since it's clear the Australian government would rather maintain its ties with the regime presiding over West Papua than try to help clear a path to independence.

That also explains why The Juice Media was recently informed this video can no longer be viewed in Indonesia. It appears the government has filed a legal complaint targeting the video embedded above, resulting in it being blocked in Indonesia.

For whatever reason, The Juice Media is completely unable to challenge this decision by YouTube. A screenshot of the account's dashboard doesn't even show the complaint, nor does anything sent to the account by YouTube explain what law was broken or which government entity filed the complaint.

The problem with YouTube complying with local laws is that many local laws are written solely for the purpose of making censorship easier. Allowing the Indonesian government to target content it doesn't like to keep its citizens from learning more about its abuses just ensures more abuses will occur. The cycle will continue until someone decides the spread of information is more important than staying in the good graces of authoritarians.

28 Comments | Leave a Comment..

Posted on Techdirt - 6 September 2019 @ 3:33pm

Cops Digitally Erase Suspect's Facial Tattoos To Make Him Look More Like The Robbery Suspect Caught On Camera

from the police-officers-dig-deep,-find-new-lows dept

When the police have already decided who they like for some unsolved crime, almost nothing will stop them from getting their man. Investigations are supposed to involve investigating. But when a handful of tipsters said a black man robbed a bank, the Portland PD went to work trying to pin four bank robberies on one man. (via Simple Justice)

The problem with this man was his list of distinguishing features. He had several -- all as plain as the tattoos on his face. (All photos via court documents.)

That's Tyrone Lamont Allen's booking photo. This is an image of the suspect captured by a bank's security system.

The first thing that jumps out of this photo is the lack of things that jump out. No tattoos on the face capture by bank cameras. Plenty of tattoos on the "suspect" the Portland police decided to arrest. But at least investigators did a little footwork first. And a little Photoshop work as well.

Here's the photo they used of Allen in lineups shown to bank tellers at robbed banks.

Yeah, that's Tyron Allen -- minus everything that makes him distinctively Tyrone Allen. This is what the Portland PD did to steer witnesses into handing them the suspect they wanted to arrest.

[W]hen Portland police suspected Allen was involved in four bank and credit union heists, and none of the tellers reported seeing tattoos on the face of the man who robbed them, police digitally altered Allen’s mugshot.

They covered up every one of his tattoos using Photoshop.

“I basically painted over the tattoos,’’ police forensic criminalist Mark Weber testified. “Almost like applying electronic makeup.’’

Police then presented the altered image of Allen with photos of five similar-looking men to the tellers for identification. They didn’t tell anyone that they’d changed Allen’s photo.

Some of the tellers picked out Allen.

All of this came out in court, leading to a large number of lawyers and laypersons alike to say WTF. Allen's lawyer said the police basically "rigged the outcome" of the photo lineup. He's not wrong. But his client is not the first person this has happened to. Rigging lineups is a cop tradition. The only distinctive feature of this one is the use of Photoshop to remove distinctive features.

Now, as Scott Greenfield points out, someone with a lot of facial tattoos and a predilection for bank robberies might realize those two qualities aren't a good mix. Allen could have altered his appearance so no teller would tell cops "look for the guy with all the face tattoos." (Reminder: none of the tellers told the cops to look for a guy with a lot of face tattoos.) But that would only have made Allen memorable for other reasons.

If a guy wanted to rob a bank, knowing he had rather unique facial characteristics that would make him very easy to ID, he could “sanitize” his appearance with makeup. But upon closer scrutiny, the theory has a flaw: the amount of makeup necessary to cover up Allen’s facial tats would itself have become an identifying characteristic. Even assuming he was highly skilled in the application of makeup, it would require so much makeup to accomplish a complete cover-up that the description would have been “guy in baseball cap, glasses and face covered in makeup.”

Having been caught implying all black guys look alike if you remove the stuff that makes them individuals, the government is now actually arguing that this is no different than digitally removing the hat and glasses the suspect in the camera footage is wearing. Altering photos is apparently "standard practice among investigators," according to Detective Brett Hawkinson, an 18-year veteran of altering lineup photos and the lead investigator on this case. He's the one who gave the orders to digitally delete Allen's tattoos before putting his face in the PD's photo lineup.

Yes, this is standard practice. The lead investigator could name no official policy instructing cops to remove distinctive facial features from lineup photos, but of course there wouldn't be. It's an unofficial "standard practice" -- things cops do because of the gaping void where honesty and accountability should be. No one says this is how things should be done. But this is how things are done.

This incident was particularly egregious. And it came out in court. Now more people are finding out exactly what law enforcement agencies mean when they use the word "investigation." It's rarely a search for unknown criminal suspects. More often, it's cops working backwards from foregone conclusions. This is ugly and cheap and the antithesis of the image law enforcement likes to present to the public: the good guys fighting the good fight. They're fighting dirty and they like easy wins and easy days as much as anyone in the private sector. If the corner you have to cut is the distinguishing features that would rule out your favorite suspect, so be it.

61 Comments | Leave a Comment..

Posted on Techdirt - 6 September 2019 @ 12:07pm

Third Circuit Says TSA Officers Can Be Sued Directly For Abuses And Rights Violations

from the trimming-the-edges-of-sovereign-immunity dept

Good news has arrived for the long, long, oh so very long list of travelers who've had their rights abused by TSA agents. Reversing its own decision, the full panel of Third Circuit Appeals Court judges has removed TSA agents from "can't be sued" list.

Originally, the court had held that Transportation Security Officers (TSOs) were immune from civil lawsuits under the Federal Tort Claims Act. For the most part, federal government employees can't be sued directly. Previously, this covered TSA employees, whom the Third Circuit claimed were not "investigative or law enforcement officers" -- one of the few exemptions from this blanket immunity.

That ended Nadine Pellegrino's lawsuit against the TSA agents who behaved abusively during her "extended screening." Here's a description of those events from the Third Circuit's reversal:

As Pellegrino passed through the security checkpoint, she was randomly selected for additional screening. A TSO began examining her bags, but she stopped him and requested a more discreet screening. In a private room, several TSOs combed through Pellegrino’s luggage, papers, and other effects. One allegedly counted her coins and currency, examined her cell phone data, read the front and back of her membership and credit cards, and opened and smelled her cosmetics, mints, and hand sanitizer. Per Pellegrino, the TSO also spilled the contents of several containers and was so rough with her belongings that her jewelry and eyeglasses were damaged. Frustrated, she told the TSOs that she would report their conduct to a supervisor.

The screening ended, but the TSOs’ alleged torment did not. Pellegrino was left to clean up the mess created by the search, a task that took several trips to and from the screening room. As she was repacking her first bag, one of the TSOs claimed that Pellegrino struck her with it. On a trip to retrieve another bag, another TSO allegedly blocked Pellegrino’s access to it, forcing her to crawl under a table to reach it. When she did so, the table tipped over, and the TSO claimed Pellegrino struck her in the leg while she was collecting the bag. Pellegrino denies striking either TSO and alleges she heard both say to one another, “[Y]ou saw her hit me, didn’t you?”

It got worse from there. The TSOs decided to respond with a complaint of their own. They took a bunch of bullshit allegations to local prosecutors, which resulted in Pellegrino being charged with ten (!) criminal acts, including assault, making terroristic threats (!!), and "possession of an instrument of crime" (her luggage) (!!!).

All of those charges eventually vanished when the TSA failed to produce a recording of the extending screening and a TSO gave contradictory testimony in court.

This decision [PDF] revives Pellegrino's lawsuit. The court says TSOs are authorized to search people and their belongings. This moves them into "investigative/law enforcement" territory and out from underneath the immunity blanket.

The court finds that TSOs meet every requirement needed to become the sort of federal employee that can be sued directly. No more sovereign immunity for these agents, who are officers "empowered by law to execute searches."

To repeat, the complete proviso definition for an “investigative or law enforcement officer” is “any officer of the United States who is empowered by law to execute searches, to seize evidence, or to make arrests for violations of Federal law.” 28 U.S.C. § 2680(h). By its plain terms, the phrase “empowered by law” narrows the scope of “officer[s]” covered from the set of all “officer[s] of the United States” to the subset of those with the authority to, among other things, “execute searches.”

Turning, then, to the statutory authority of TSOs, they are empowered by law to conduct “the screening of all passengers and property.” 49 U.S.C. § 44901(a). Screening, in turn, is defined in part as a “physical examination,” including a “physical search.” Id. § 44901(g)(4) (regarding screening of luggage). Hence TSOs are “empowered by law” within the meaning of the proviso.

As to the "searches" part of the provision:

TSO screenings are “searches” (i) as a matter of ordinary meaning, (ii) under the Fourth Amendment, and (iii) under the definition provided in Terry v. Ohio, 392 U.S. 1 (1968). Attempts to distinguish (iv) between administrative and criminal “searches” are divorced from the plain text, and any distinction, if one must be made, should account for (v) the fact that TSA searches extend to the general public and involve examinations of an individual’s physical person and her property.

The government tried to argue that passengers cannot sue over alleged Fourth Amendment violations because they trade their rights for the privilege of boarding airplanes. The court says this isn't correct and it certainly isn't a voluntary exchange.

The Government does not dispute that holding. Instead, it contends that consent by passengers cancels the Fourth Amendment’s effect. But the presence or absence of consent does not determine whether a search has occurred for purposes of the Fourth Amendment. [...] In any event, TSO screenings are not consensual. As noted, per TSA regulations any individual who does not consent to a “search or inspection” may not board a flight.

The government also tried to save TSOs from lawsuits by claiming these highly-intrusive airport searches were merely "administrative," the groin-grabbing equivalent of grabbing regulatory files from a local business. The court not only disagrees, but dunks on the government's terrible argument.

To begin, TSO screenings often involve invasive examinations of the physical person. As even the panel majority in this case acknowledged, TSA searches are “rigorous and intimate for individuals.” Pellegrino, 896 F.3d at 230. This sets them apart from other administrative searches that involve only inspections of property or the environment.


Next, the risk of abuse is greater for TSO screenings than for most other administrative searches. Because TSA searches affect the public directly, the potential for widespread harm is elevated. This potential for abuse in borne out by Pellegrino’s own experience. There is a reason that FDA meat inspectors do not generate headlines about sexual assault and other intimate violations.

The final word on TSOs and their immunity? They no longer have any.

Words matter. This core tenet of statutory interpretation channels our conclusion today: TSOs are “investigative or law enforcement officers” as defined in the Tort Claims Act at 28 U.S.C. § 2680(h). They are “officer[s] of the United States” by dint of their title, badge, and authority. They are “empowered by law to execute searches” because, by statutory command and implementing regulation, they may physically examine passengers and the property they bring with them to airports. And the TSOs’ searches are “for violations of Federal law” given that their inspections are for items that federal law bans on aircraft (often with criminal consequences).

If security officers violate rights (they do) and damage people's property (they do), then they should be held accountable for their actions. The TSA certainly doesn't seem interested in doing this, so it's left up to the courts to handle it. In this circuit, TSOs can be sued, but this doesn't change anything for those residing outside of this jurisdiction. If the government decides to challenge this decision, it may open itself up to a Supreme Court declaration that gives the entire nation the ability to directly sue TSA security officers. It will be interesting to see what it chooses to do, given the potential downside for its employees.

Read More | 16 Comments | Leave a Comment..

Posted on Techdirt - 6 September 2019 @ 9:17am

Federal Gov't Gives Customs Officers Permission To Break Social Media Platform Rules Forbidding Fake Accounts

from the all-in-service-of-the-greater-good dept

The scanning of visa and green card applicants' social media accounts during the application process continues to escalate. Even though the program hasn't shown itself to be effective in keeping the country free of terrorists or criminals, the DHS and its components continue to believe this is an essential part of our national security infrastructure.

If the ultimate goal is to create a worldwide chilling effect on speech, then this program is coming along nicely. Knowing immigration and customs officers are going to be taking a deep dive into your social media accounts results in a lot of self-censorship, since it's not entirely clear what screeners are looking for. Presumably, this has been left to officers' discretion, which means it's a "we'll know it when we see it" situation.

Performing a deep dive means having access to as much of an account as possible. Limits placed on site visitors without an account appears to be frustrating customs officers. So, they've officially been given permission to create fake accounts to better access the content they're screening.

U.S. Citizenship and Immigration Services officers can now create fictitious social media accounts to monitor social media information on foreigners seeking visas, green cards and citizenship.

An updated Homeland Security Department review of potential privacy issues dated July 2019 that was posted online on Friday essentially reversed a prior ban on officers creating fake profiles.

A USCIS statement explaining the change says fake accounts and identities will make it easier for investigators to search for potential evidence of fraud or security concerns as they decide whether to allow someone entry into the U.S.

The federal government may say it's okay for personnel to do this. But it's not okay with the platforms they'll be using. Twitter immediately offered a statement pointing out the creation of fake accounts (and the use of Twitter data for "persistent surveillance") violates its terms of use.

Facebook -- which has already pointed this out to local law enforcement agencies -- said the same thing in the statement it released the day after the USCIS gave customs officers the fake account green light.

“Law enforcement authorities, like everyone else, are required to use their real names on Facebook and we make this policy clear,” Facebook spokeswoman Sarah Pollack told The Associated Press in a statement Tuesday. “Operating fake accounts is not allowed, and we will act on any violating accounts.”

I guess maintaining law and order means breaking the rules. I imagine the DHS and its components will proceed with their fake account creation despite these statements because without an account, passive surveillance of foreigners will be much more limited.

For whatever it's worth, the USCIS has placed some limits on the use of fake social media accounts. They can only be used to passively view targeted accounts and aren't allowed to "follow" or "friend" any targeted accounts. Officers must also undergo annual training, although what that entails hasn't been described in detail.

Foreigners planning to visit the United States are at the mercy of an ultra-vague policy that encourages federal officers to violate the policies of privately-owned social media platforms. No doubt this will turn out well for everyone involved and not result in a ton of abuse.

19 Comments | Leave a Comment..

Posted on Techdirt - 6 September 2019 @ 3:12am

Ring Let Cops Know How Often Their Requests For Camera Footage Were Ignored

from the customer-service-still-matters dept

I have seen the future and it's hundreds of law enforcement agencies morphing into Amazon subsidiaries. Amazon's Ring doorbell camera currently commands 97% of the doorbell camera market. It's easy to see why. Amazon has the marketing power and cash flow to hand out discounted cameras to police departments, using them as loss leaders to ensure buy-in by end users, many of whom get these cameras for free from local cops.

What's the catch? There isn't one* -- not if you disregard the implications of accepting a free surveillance camera from law enforcement. Ring wants more end users and for more of those end users to download its Neighbors app. Neighbors accelerates the sharing of doorbell cam footage. It also accelerates bigotry, which tends to turn virtual meetups on Neighbors into a discussion about shady people of color wandering the neighborhood.

*Sometimes there's a catch.

It's not enough for Ring to command nearly 100% of the market. It also spends its time vetting law enforcement statements and press releases to ensure cop shops stay on brand and push the Neighbors app. The more people cops can convince to use the app, the bigger the discount on the next order of Ring doorbells.

Sharing is what matters. Encouraging people to share footage of suspicious activity with their neighbors via the app breaks down reservations people might have about turning over footage to cops. Law enforcement requests are made through a portal provided by Ring, which includes a map that shows cops every residence that has a Ring doorbell installed.

The Guardian has obtained documents from two more of the 400+ law enforcement agencies currently partnering with Ring. These documents contain screenshots of Ring doorbell maps from the portal, as well as its template for warrantless footage requests.

The documents also contain a very heavily-edited press release from the Gwinnett County Police Department. Nearly the entire thing has been rewritten by Ring reps, excising mentions of Ring's donation of 80 cameras, as well as language that makes it clear law enforcement will have access to any footage uploaded to the Neighbors app. [Picture via The Guardian]

The end game is seamless access to recordings, with the wheels greased by social media interaction and the implicit suggestion that recipients of free doorbell cameras may want to repay the favor with a little footage.

But not everyone is willing to give cops warrantless access to footage. Well, Ring is on top of that as well, as Dell Cameron reports for Gizmodo. Upon request, it will hand over rejection stats to law enforcement, letting them know how often citizens (or "civilians" in Ring's PR language) aren't meeting their tacit obligations. Turns out it's most of them.

The request data acquired by Gizmodo, which covers a five-month period in 2018, showed that Ring customers in Fort Lauderdale, Florida, had largely ignored police requests for footage. Between May and September of 2018, the Fort Lauderdale Police Department issued 22 requests via Ring’s law enforcement portal. Those requests resulted in 319 emails being sent to residents asking them to hand over footage, a statistic that the company now says it keeps confidential.

Supposedly, Ring is no longer doing this. According to its spokesperson, it no longer makes this info available to law enforcement agencies. But this low hit rate has to be a concern. The requests come via the Neighbors app or via email. In some cases, people may not have seen the email. In many more cases, people probably just opted out by ignoring or deleting the request.

Police officers also do not know who they're sending requests to. A geofence of sorts narrows down what cameras might provide useful footage, but the portal does not identify the end users. This is a good way to handle this, ensuring there are no reprisals for refusals. But this siloing means nothing when cops are part of the installation team.

In Fort Lauderdale, police went to dozens of homes and helped residents install Ring cameras after holding raffles at neighborhood watch meetings and handing them out for free.

Given the amount of data that is available to law enforcement via the portal, it's pretty easy to narrow down who's been helpful and who should have their emergency call backburnered. Given enough rejections, officers may just decide these Ring owners don't care enough about the safety of their neighborhood to warrant a speedy response. But if these requests are headed to inboxes filled with other junk email, there's probably no malice intended. Hopefully, no one's treating these non-responses as antagonistic, but that's always a concern when the cop mindset tends to be "us vs. them" -- especially those who refer to work as engaging in a "war" against crime.

Every document obtained by journalists brings more bad Ring news to the discussion. The company has already decided it will back the blue. Those in blue seem to enjoy this partnership, even if it means they won't be obtaining much footage and all public-facing announcements must be run by the company before they can be released. Amazon is blurring the line between public and private to grow a private market. If cops want to get pissed off about anything, maybe it should be their demotion to Ring brand ambassadors.

12 Comments | Leave a Comment..

Posted on Techdirt - 5 September 2019 @ 1:32pm

Federal Court Says The DHS's Terrorist Watchlist Unconstitutionally Deprives Travelers Of Their Rights

from the fix-it-or-ditch-it dept

A federal court [PDF] has just declared the federal government's Terrorist Screening Database (TSDB) unconstitutional. It's not that the government can't maintain a database of travelers it feels are enough of a threat to hassle repeatedly, it's that it can't do this without providing more information to, and better redress options for, those it has placed on this list.

Unlike the "No Fly List," TSDB placement doesn't necessarily prevent those on the list from traveling. It just means they'll be subjected to enhanced screening processes and detentions that can last for hours. Travelers are not informed when they are put on this list. Nor are they told whether or not they are on this list if they ask the government why they're being searched and detained every time they attempt to board a plane or return from a foreign country.

The guidelines for placement on the TSDB are vague. They're also something the government isn't willing to discuss. A nomination can be performed by almost any federal agent for almost any reason. This is how the US government ends up presiding over a so-called terrorist watchlist that contains children as young as four years old.

The sole avenue of redress provided by the government does not work. The DHS's Traveler Redress Inquiry Program was revised after being declared unconstitutional by this same court in 2015. The new version was considered adequate for travelers placed on the more restrictive "No Fly" list. But it isn't adequate for those the government feels are benign enough to be allowed to board planes, but somehow still dangerous enough to be subjected to lengthy interrogations and highly-intrusive searches.

The entire redress process is a black box. The DHS takes the complaint, determines whether or not the person is on the TSDB, and then tells the complainant nothing. Unlike the revamped redress process for the "No Fly" list, possible watchlist members are never told whether or not they're on the watchlist, or whether they're still on it after the government has taken a second look at their nomination.

The government tried to dodge this lawsuit by claiming two things: first, that traveling around the country without being hassled is not a right. Second, it said the plaintiffs had failed to exhaust their non-litigation options, pointing to the very TRIPs process the court has declared unconstitutional. The court points out the plaintiffs are suffering real, ongoing harm due to their placement on this watchlist. That's enough to make the broken redress process the DHS offers unconstitutional.

Coupled with Plaintiffs' movement-related rights are their reputational interests and claims of reputational harm resulting from their placement on the TSDB. A person has certain rights with respect to governmental defamation that alters or extinguishes a right or status previously recognized by state law, known as a "stigma-plus."


Here, Plaintiffs' reputational interests implicated by their inclusion in the TSDB are substantial because of the extent to which TSDB information is disseminated, both in terms of the numbers of entities who have access to it and the wide range of purposes for which those entities use the information, including purposes far removed from border security or the screening of air travelers. For example, TSDB information is used in the screening of government employees and contractors, for which purpose access to the TSDB is provided to certain large private contractors to screen certain employees, as well as private sector employees with transportation and infrastructure functions.

Additionally, and significantly, the FBI shares an individual's TSDB status with over 18,000 state, local, county, city, university and college, tribal, and federal law enforcement agencies and approximately 533 private entities for law enforcement purposes. These private entities include the police and security forces of private railroads, colleges, universities, hospitals, and prisons, as well as animal welfare organizations; information technology, fingerprint databases, and forensic analysis providers; and private probation and pretrial services. The dissemination of an individual's TSDB status to these entities would reasonably be expected to affect any interaction an individual on the Watchlist has with law enforcement agencies and private entities that use TSDB information to screen individuals they encounter in traffic stops, field interviews, house visits, municipal permit processes, firearm purchases, certain licensing applications, and other scenarios. For example, Plaintiffs might experience in other interactions with law enforcement agencies or affiliated private entities the same kinds of encounters they complain about at the border being surrounded by police, handcuffed in front of their families, and detained for many hours. In short, placement on the TSDB triggers an understandable response by law enforcement in even the most routine encounters with someone on the Watchlist that substantially increases the risk faced by that individual from the encounter.

Given what placement on the list takes away from those on it, the process provided by the DHS to seek redress is not Constitutionally adequate.

DHS TRIP, in its current form, provides no notice concerning whether a person has been included or remains in the TSDB, what criteria was applied in making that determination, or the evidence used to determine a person's TSDB status. Nor does the DHS TRIP process provide the Plaintiffs with an opportunity to rebut the evidence relied upon to assign them TSDB status. Give the consequences that issue out of a person's inclusion on the TSDB, the Court concludes that DHS TRIP, as it currently applies to an inquiry or challenge concerning inclusion on the TSDB, does not provide to a United States citizen a constitutionally adequate remedy under the Due Process Clause.

The DHS will need to fix its redress process. Again. What may have sufficed for the more restrictive "No Fly" list does not come close to being constitutional when it comes to its other, far more expansive, watchlist.

Read More | 23 Comments | Leave a Comment..

Posted on Free Speech - 5 September 2019 @ 12:02pm

Court Tosses $100 Million Defamation Suit Brought By Former Trump Spokesman Over Reporting On Court Documents

from the that's-not-how-defamation-works dept

A federal court has dismissed a defamation lawsuit brought against the Splinter website by a former Trump staffer. Jason Miller, a Trump campaign spokesman, sued after Splinter published an article that included allegations made by another Trump staffer Miller had an affair with. The allegations being sued over weren't your normal allegations. These allegations were made in court by A.J. Delgado, Miller's affair partner who later had Miller's child.

Whether or not the allegations made by Delgado were true is irrelevant. Miller may have been correct his reputation had been damaged by the publication of these court documents (but $100 million-worth?), but the fact remains they were court documents. Filing a defamation lawsuit over reporting on court documents is per se stupid.

The thing about allegations made in court is that, while they can be defamatory, they cannot be sued over. Miller understood at least this much, it appears, because he didn't sue the staffer he had an affair with. He instead sued Splinter, which published an article containing the court document with the allegations in it. Miller may have thought he had found a softer target. But he was wrong, as the federal court points out.

Reporting on court documents is protected under New York law. Splinter invoked this law to defend its reporting. The court agrees the law applies. Because it does, it has no reason to examine any other of Miller's claims. From the decision [PDF]:

Under New York’s fair report privilege, codified in section 74 of its Civil Rights Law, “A civil action cannot be maintained against any person, firm, or corporation, for the publication of a fair and true report of any judicial proceeding . . . .” N.Y. Civ. Rights Law § 74 (alteration and emphasis added). The purpose of the statutory privilege is to protect reports of judicial proceedings “made in the public interest.”

Because Splinter was honest about how it obtained this document and, crucially, included the document itself in its post so readers could draw their own conclusions about the contained allegations, the court finds it fulfilled the requirements of the state law on court document reporting.

With the summary judgment standard in mind, review of the record shows the Article: (a) states the allegations come from an “explosive new court filing” in the “ongoing custody battle” between Plaintiff and Delgado (Article 2); (b) describes the “acrimony” between Plaintiff and Delgado (id. 4); (c) describes how Delgado obtained the information (see id.); (d) quotes the victim’s alleged reaction to the journalist, exactly as it is quoted in the Supplement (see id. (quoting Jane Doe stating: “Yes, that happened to me — how did you know? Who told you?” (internal quotation marks omitted)), see also Supplement 9 (same)); and significantly (e) embeds a full copy of the Supplement, so readers can review the Supplement without leaving the webpage (see Defs.’ SOF ¶ 91). Considering these undisputed facts, the Article is a substantially accurate report on the Supplement under New York law.

Always post documents. It's amazing how many reporters treat court records as privileged information, limiting readers to the journalist's interpretation of a ruling or filing. More generally, suing over reporting on court documents is a bad idea. If you can't sue people for what they say about you in court, it would seem to follow that suing for reporting on what people said about you in court is a non-starter.

Read More | 5 Comments | Leave a Comment..

Posted on Techdirt - 5 September 2019 @ 3:41am

Feds Used A 'Reverse' Warrant To Try To Track Down Bank Robbers In Wisconsin

from the doesn't-appear-to-have-worked dept

Reverse warrants are the new tech-related toy law enforcement is experimenting with. Oddly, a lot of what's come to light so far originates in the Midwest, an area not exactly known for early adoption. Outside of the NYPD and feds confirming they use warrants to seek a list of possible suspects (rather than targeting any specific suspect), most reporting has covered deployments by law enforcement agencies in Minnesota.

We can add Wisconsin to the list of areas where cops are working backwards to suspects by using the copious amount of GPS data hoovered up by Google and others. Russell Brandom of The Verge has more details:

[P]olice and federal agents have struggled to track down the bank robbers. Local media sent out pictures from the bank’s security cameras, but it produced no leads. Finally, police hit on a more aggressive strategy: ask Google to track down the bank robbers’ phones.

In November, agents served Google with a search warrant, asking for data that would identify any Google user who had been within 100 feet of the bank during a half-hour block of time around the robbery. They were looking for the two men who had gone into the bank, as well as the driver who dropped off and picked up the crew, and would potentially be caught up in the same dragnet. It was an aggressive technique, scooping up every Android phone in the area and trusting police to find the right suspects in the mess of resulting data. But the court found it entirely legal, and it was returned as executed shortly after.

The warrant [PDF] was requested by a federal agent. This doesn't rule out the use of reverse warrants by local law enforcement, but this request originated at the federal level. The feds are involved in almost every bank robbery, so the appearance of federal officers here isn't a surprise.

Nor is the use of the reverse dragnet. In this case, the submitted geofence was far more constrained than some we've seen in other cases. But considering how many people go into (or near) banks for completely innocent reasons, the GPS data/phone info of hundreds of non-bank robbers ended up in the hands of the feds. It's up to investigators to sort through the data for possible suspects and they can make mistakes. The more data investigators get, the less likely it is they'll find who they're looking for and the more likely it is they'll mistake innocent people in heavily-trafficked areas for criminals.

Right now, it's just another tool for law enforcement to use. But it's one that inverts the normal expectations of warrant procurement. Instead of targeting an individual or place, the warrants allow cops to search Google's data stores for information about anyone who wandered into a targeted area during a certain time period. This shouldn't be acceptable but there's no record of any court rejecting these broad demands for data about thousands of people no one suspects of committing crimes. Until a court steps up to shut these down, their use will continue to escalate. The problems already seen in limited use will escalate right along with them. That's bad news for cell phone users, which at this point is pretty much everybody.

Read More | 29 Comments | Leave a Comment..

Posted on Techdirt - 4 September 2019 @ 10:45am

White House Now Thinks Harvesting Fitness Tracker Data Could Stop The Next Mass Shooting

from the no-conceivable-downsides-no-sir dept

In the wake of more mass shootings, everything coming from up top has been bat shit insane. The Trump Administration has a bunch of suggestions, and they're no better than those offered by a bunch of policy makers who think pulling the plug on certain areas of the internet will somehow reduce the frequency of mass shootings in the US.

Despite being able to do actually useful things at the federal level, Trump has decided preventing gun violence should be everyone else's job. First, he declared it's time for social media companies to engage in even greater vetting of users' posts, apparently in hopes of finding the next mass shooter before they start shooting.

We're headed to pre-crime territory, with the feds in tow. Working together, these entities can be expected to create a massive mess -- one that criminalizes words and will result in plenty of non-dangerous people spending more time interacting with federal agents. This isn't going to solve the problem. It's only going to create a new set of problems, waste limited law enforcement resources, and deprive people of their rights and liberties.

So, of course, the Trump administration is out there trying to make a bad situation even worse. Working backwards from a stillborn idea to come up with a catchy acronym, the White House brain trust is planning on inflicting this on America:

Last week, the Washington Post reported that the White House had been briefed on a plan to create an agency called HARPA, a healthcare counterpart to the Pentagon’s research and development arm DARPA. Among other initiatives, this new agency would reportedly collect volunteer data from a suite of smart devices, including Apple Watches, Fitbits, Amazon Echos, and Google Homes in order to identify “neurobehavioral signs” of “someone headed toward a violent explosive act.” The project would then use artificial intelligence to create a “sensor suite” to flag mental changes that make violence more likely.

According to the Post, the HARPA proposal was discussed with senior White House officials as early as June 2017, but has “gained momentum” after the mass shootings in El Paso, Texas, and Dayton, Ohio. The latest version of the plan, reportedly submitted to the Trump administration this month, outlined the biometric project called “SAFE HOME,” an acronym for “Stopping Aberrant Fatal Events by Helping Overcome Mental Extremes.”

Jesus Christ. Doesn't take long for dystopia to take hold. We already knew every fitness tracking device is, first and foremost, a TRACKING device. They generate the sort of data cops and terrorists alike like getting their hands on. Now, the administration is suggesting this data will be able to stop killers before they kill by looking for elevated pulse rates or, I don't know, heart conditions common to mass shooters. Or whatever.

Somehow, this patchwork of "volunteer data" will be Frankensteined into a "multi-modality solution" that can provide the government with "early diagnoses of neuropsychiatric violence." Ok, then. But can it even do this? Or will analysts pore over tons of garbage data looking for patterns that don't actually exist -- all while being pressured to prevent mass shootings? If so, the desire to show the program works might overwhelm the desire to proceed in a scientific manner, leading to garbage outputs more aligned with numerology enthusiasts and that Timecube guy.

Expecting anything "advanced" from a fitness tracker is asking for trouble. As Emily Gorecenski points out on Twitter, a FitBit can somehow detect the heartbeat in the breast from a chicken that's been killed, butchered, processed, packaged, sent to a grocery store, and purchased by a consumer.

These are the tools we're going to use to do pre-crime? This is the scientific wonder that's going to track down mass shooters before they can kill anybody? If we're lucky, we'll all live long enough to regret this.

Once you get past the HARPA buzzwords and the shininess of the tech toys, you're left with the unpleasant feeling this is going to result in people being hustled off the street by black-clad government agents and rushed to the nearest reeducation center.

“Creating a watchlist of citizens who most likely will never act violently based on their mental health is a very dangerous proposal with major ethical considerations,” Emma Fridel, a doctoral candidate at Northeastern University specializing in mass murder, told Gizmodo in an email. “Doing so to predict the unpredictable is utterly absurd.”

This system will be little more than an efficient generator of false positives. Adopting as much intrusive surveillance as possible as quickly as possible is bound to result in a few prevented crimes. So would random house searches and 24-hour police checkpoints. Backing into this with a catchy acronym, technobabble, and a bunch of junk science isn't acceptable. The government may feel obligated to do something about mass shootings, but everything it has come up with so far has been resolutely terrible, if not terrifying.

97 Comments | Leave a Comment..

More posts from Tim Alloysius Cushing >>