Mike Masnick’s Techdirt Profile

mmasnick

About Mike MasnickTechdirt Insider

Mike is the founder and CEO of Floor64 and editor of the Techdirt blog.

He can be found on Twitter at http://www.twitter.com/mmasnick



Posted on Techdirt - 17 April 2015 @ 7:39pm

SEC Boss Can't Keep Her Story Straight On Whether Or Not SEC Snoops Through Your Emails Without A Warrant

from the let's-get-this-straight-now... dept

For many years now, we've been writing about the need for ECPA reform. ECPA is the Electronic Communications Privacy Act, written in the mid-1980s, which has some frankly bizarre definitions and rules concerning the privacy of electronic information. There are a lot of weird ones but the one we talk about most is that ECPA defines electronic communications that have been on a server for 180 days or more as "abandoned," allowing them to be examined without a warrant and without probable cause as required under the 4th Amendment. That may have made sense in the 1980s when electronic communications tended to be downloaded to local machines (and deleted), but make little sense in an era of cloud computing when the majority of people store their email forever on servers. For the past few years, Congress has proposed reforming ECPA to require an actual warrant for such emails, and there's tremendous Congressional support for this.

And yet... it never seems to pass. The story that we keep hearing is that two government agencies in particular really like ECPA's outdated system: the IRS and the SEC. Since both only have administrative subpoena power, and not the ability to issue warrants like law enforcement, the lower standards of ECPA make it much easier for them to snoop through your emails without having to show probable cause. Last year, in a Congressional hearing, the SEC's boss, Mary Jo White, was questioned about this by Congressman Kevin Yoder, who has been leading the charge on ECPA reform. As we reported at the time, in the conversation, White clearly said that the SEC needed this ability or it would lose "critical" information in its investigations. You can see the conversation from 2014 below, where White (starting around 2:30) explains how vital this process is to the SEC:

Here's the key line:
"What concerns me, as the head of a... law enforcement agency, is that we not put out of reach of lawful process... what is often, sometimes the only, but critical evidence of a serious securities fraud.... And we use that authority quite judiciously, but it's extremely important to law enforcement."
What struck us as interesting last year was White admitting that the SEC appeared to regularly use this process, since she noted that it was "extremely important" and provided "critical evidence."

Fast forward to this week, and the same two players were involved in yet another Congressional hearing. You can see that conversation here as well, with the critical point being made after about four and a half minutes, where White says some of the same stuff, about the privacy protections, and how even if the SEC used this process it still notifies the subscribers to give them a due process right to protest the subpoena... but also, oddly, seems to claim that the SEC never actually makes use of this process:
Here's the key line this time (the full response is a jumble of half sentences and unfinished thoughts, so it's a bit of a mess):
"While these discussions have been going on, to try to sufficiently balance the privacy and the law enforcement interests, we've not to date to my knowledge proceeded to subpoena the ISPs. But that, I think, is critical authority to be able to maintain -- done in the right way and with sufficient solicitousness and it's very important to the privacy interests which I do think can be balanced.
As I said, if you watch her entire response, it's a complete mess of half-finished thoughts, which seems rather typical of someone trying to sound like they're answering a question but not actually doing so. Later in the same answer, she insists that taking away this authority might take away an important tool.

So, we know that the SEC really wants to keep this tool. But last year it said it was "extremely important" and provided "critical evidence." This year, she's saying that the SEC isn't even using the tool. So, uh, which is it? Is this tool absolutely necessary for critical evidence, or is it not even being used by the SEC?

And, through all of this, the SEC still has not answered the most basic question: why can't it treat email the same way it has to treat paper documents under the 4th Amendment? That is, if it wants the document it can subpoena the end user for those documents. It does not get to route around the end user and subpoena a third party for those documents. So why can't it treat email in the same way?

17 Comments | Leave a Comment..

Posted on Techdirt - 17 April 2015 @ 6:24pm

Bill Introduced To Fix Broken DMCA Anti-Circumvention Rules

from the but-will-it-get-anywhere dept

It's no secret that the DMCA's section 1201 is extremely problematic. It's the "anti-circumvention" part of the law, that makes it illegal to circumvent "technological protection measures" even if it's for non-infringing purposes. This is a mess -- especially in an age of DRM trying to lock up everything. Try to get around it, and it's a violation of the law -- even if you're not trying to infringe on the underlying material. This is why Cory Doctorow is running a new effort to eradicate DRM with a target placed firmly on Section 1201.

So it's great to see Senator Ron Wyden and Rep. Jared Polis team up to introduce a bill to try to reform Section 1201. The full text of the bill (called the "Breaking Down Barriers to Innovation Act of 2015") has a lot of good things in it. It says that circumventing DRM or other technology protection measures for non-infringing reasons should no longer be considered against the law. It also expands other exemptions for things like security research and testing and reverse engineering. It also would automatically renew the exemptions the Librarian of Congress issues every few years so we don't have a repeat of the mess from a few years ago where the Librarian of Congress used the "triennial review" process to first grant an exemption to 1201 for unlocking mobile phones... and then to take that exemption away six years later.

Overall it's a good bill -- and I'm curious to understand how anyone could possibly push back on it, though Hollywood absolutely refuses to consider any changes to Section 1201. Unfortunately, it also seems unlikely that the bill has enough support to actually go anywhere. It seems a bit telling that Wyden released this bill the same day as the fast track bill, suggesting that it's a signal of some sort to people that he's not giving up on fixing copyright law. It's unlikely, however, that this gesture will mollify the folks who are upset that Wyden allowed the fast track bill to move forward in its current form.

Read More | 18 Comments | Leave a Comment..

Posted on Techdirt - 17 April 2015 @ 3:30pm

Nevada May Be About To Lose Its Great Anti-SLAPP Law

from the so-much-for-that dept

We've mentioned many times the importance of anti-SLAPP laws in protecting people who are being sued solely to try to shut them up. It's still a travesty that we don't have a federal anti-SLAPP law but are reliant on various state anti-SLAPP laws. In case you're not familiar with them, SLAPP stands for "Strategic Lawsuit Against Public Participation." Anti-SLAPP laws basically allow people who are sued to quickly get lawsuits dismissed when it's obvious that the entire point of the lawsuit is to silence whoever is being sued, rather than for any legitimate legal purpose. For years, California was seen as having one of the best anti-SLAPP laws, but in recent years both Texas and Nevada upped the ante in anti-SLAPP laws, making them even stronger. Nevada's had a particularly useful feature: it would award "reasonable costs, attorney's fees and monetary relief" for defendants who were wrongfully hit with SLAPP suits. Basically, it provided a real deterrent against SLAPP suits.

However, just two years after unanimously passing that bill, the Nevada Senate has just unanimously repealed that important provision, in the form of SB 444. If you take a look at the bill, you'll see it explicitly repeals the fee shifting section. Apparently, some people didn't like the fact that they might have to pay up for filing bogus lawsuits trying to stifle speech. If that were all it did it, it would be tragic enough, but as Popehat clearly describes, the bill also undermines the rest of the anti-SLAPP law in pretty nefarious ways, making the existing rules toothless.

The bill still needs to go through the state assembly and be signed by the governor, but it's really disappointing to see Nevada move backward on anti-SLAPP laws just as much of the rest of the country is moving forward. Nevada provided a useful anti-SLAPP model, but apparently someone wasn't happy about that.

Read More | 7 Comments | Leave a Comment..

Posted on Techdirt - 17 April 2015 @ 11:44am

Guy Who Took Walter Scott Shooting Video Now Demanding To Be Paid; Everyone Gets Confused About Fair Use

from the let's-take-this-slowly... dept

As you probably heard, last week there was a big story involving North South Carolina police officer Michael Slager being charged with murder for the shooting death of Walter Scott. Slager had told a story about how Scott had taken his taser. But, a few days later, a bystander's video of the incident was released and told a very different story. If you didn't see it, here is the video, which is rather graphic, seeing as someone is shot to death in the video.

We didn't cover this story, which surprised some -- since we frequently cover police brutality stories, with a special focus on stories involving cellphone videos being used to dispute the "official line" from police. However, this was one case where the issue had received so much press coverage that we felt we had little to add to the story.

Well... that is until a copyright angle was added to the story. You see, the guy who actually shot the video, Feidin Santana, has apparently hired a publicist who is demanding news stations pay up for showing the video. And yes, news stations are playing the video so often that it's become a Jon Stewart punchline. Sanata had initially been anonymous, and claimed that he was worried about retribution, but since coming forward has apparently decided that he might as well cash in.

The publicist who is apparently going around trying to charge for this (one assumes after being retained by Santana) has some interesting views on how this all works:
“It’s been allowed to be used for free for over a week now,” Max Markson, CEO of the Sydney-based Markson Sparks group, told the Daily News.

“Now it’s going to be licensed and now you have to pay for it.”
But there's a big problem with this plan, and that is known as "fair use." News reporting is one of the fundamental parts of fair use. Unfortunately, the reporter from the NY Times, Frances Robles, seems to have very little knowledge about fair use and relied on a ridiculously biased expert to argue otherwise. She spoke with Frederic Haber of the Copyright Clearance Center, an organization that goes around trying to license everything and is fundamentally against fair use. And yet, Robles insisted that "copyright experts agree" that fair use somehow no longer applies:
Copyright experts agreed that although news agencies are allowed to use even copyrighted material under what is called “fair use” clauses in the law that time period has passed.
Many actual copyright experts challenged Robles about this issue on Twitter, and she insists she spoke to two others besides Haber and they all agreed, though when questioned, she refused to name who those copyright experts were. And that's a problem, because all three of those copyright experts -- assuming Robles actually found three -- are wrong. There is no "time limit" element to fair use. At best someone might try to argue that after a certain period of time the piece was no longer newsworthy and thus fair use no longer applied, but that seems like a huge stretch.

There is no fair use in Australia, so perhaps that's why Markson is so confused. Take, for example, the nonsensical statement he gave Buzzfeed:
“Fair usage for video exists and networks can still use it for a certain amount of time,” Markson further explained, “like with footage from the Olympics, but the fair usage fee is for people who want to use it again. And in the lead-up to the trial we expect there will be more requests for licensing.”
This makes no sense. There is no such thing as a "fair usage fee." Markson doesn't seem to have any idea how fair use works, and it's unfortunate that the NY Times report that many people are basing their own reporting on isn't any better.

There is plenty of case law that I'm sure any real "copyright expert" would have passed along to Robles had she asked them. Hell, just last year there was a good fair use ruling saying that Bloomberg was allowed to distribute a recording of Swatch's investor calls. The idea that time does away with fair use doesn't make much sense. There's a 1968 case in which Time Life sued Random House and others claiming that using stills from the famed Zapruder film of President Kennedy's assassination was infringing, but the court found it to be fair use, despite it happening years after the film was made (rather than weeks in the case of the Walter Scott video). Then there's the case involving video footage of the beating of Reginald Denny, in which the videographers sued CBS over their use and distribution of the footage (including that it was briefly broadcast on Court TV). Here again, courts found the use to be fair use noting:
We conclude that each factor, particularly the nature of the copyrighted work, weighs in favor of fair use except the substantiality of the use, which we treat as neutral.   Accordingly, we agree with the district court that Court TV's use was protected, and we affirm the grant of summary judgment in its favor.
So it seems rather difficult to see how fair use magically disappeared, no matter what Frederic Haber or the mysterious other two "copyright experts" told Robles.
“At some point it’s not newsworthy anymore and you are using it for commercial benefit,” said Frederic Haber, a vice president and general counsel of the Copyright Clearance Center, a collective licensing organization that works on behalf of copyright holders such as The New York Times. The issue could change once the video is played in court during a trial, he said.
Robles later also seems more confused about how copyright works in suggesting that because Walter Scott's family gave the NY Times the video, it wouldn't be subject to these demands for payment:
The Times has used the video with the family’s permission and not received a cease and desist letter.
That sounds good but is meaningless. The Scott family doesn't have the copyright on the video. Santana does. They have no right to license it and the NY Times is clearly relying on fair use in its presentation as well.

Unfortunately, because most reporters don't really want to bother to understand the issue, many took the NY Times report and ran with it, insisting that, yes, media outlets now have to pay to continue using the video. Even the Poynter Institute, which should know better, ran with a headline saying that the "media must pay" to continue using the video. The article itself at least discusses the fair use issue, but the headline seems to ignore that.

I'm guessing that many big news organizations will just pay up, because it's cheaper than fighting, but they have every right to fight this attempt to undermine fair use. The video is newsworthy and its use in reporting is the kind of quintessential example of fair use that is often used to show how fair use works.

42 Comments | Leave a Comment..

Posted on Techdirt - 17 April 2015 @ 10:40am

MPAA's Chris Dodd Tells Each Movie Studio To Donate $40k To Rep. Goodlatte's Election Campaign

from the look-at-that... dept

As you may recall, at the height of the SOPA fight fallout, MPAA boss Chris Dodd went on television and threatened to stop funding the politicians who didn't support the MPAA's copyright agenda:

"Those who count on quote 'Hollywood' for support need to understand that this industry is watching very carefully who's going to stand up for them when their job is at stake. Don't ask me to write a check for you when you think your job is at risk and then don't pay any attention to me when my job is at stake."
Given that statement, this little tidbit from the Sony email archives is interesting. It's Chris Dodd more or less demanding that all of the member studios donate $40,000 to Rep. Bob Goodlatte's re-election campaign. As you may know, Goodlatte is the head of the Judiciary Committee in the House of Representatives, and copyright falls under that committee. Even more to the point, despite the fact that there's an "Intellectual Property Subcommittee" (headed by Rep. Darrell Issa), Goodlatte has made it clear that copyright reform remains under his own personal mandate. In this email, Dodd notes that Goodlatte is coming to LA and there's a fundraiser -- and he asks each of the member studios to see if they can put together $40,000 for Goodlatte's campaign:
Subject: Goodlatte Victory Committee

As you know, for a number of months we have been discussing the political event that Chairman Goodlatte has asked our industry to host in Los Angeles. The event has now been scheduled for November 22. A copy of the invitation is attached. The Goodlatte staff is currently securing a location and I will send that information as soon as it is confirmed.

The event will be in support of the Joint Committee established by the Congressman called the “Goodlatte Victory Committee.” This event is important and in the best interests of our industry.

A number of you have had an opportunity to speak directly with the Chairman in the past few months, and I know you share my view that he is a good man and we are fortunate to have him at the helm of the House Judiciary Committee for the foreseeable future.

TIME IS OF THE ESSENCE and it is now incumbent upon us to work together to make this event a success. I need each of you to commit to attending the event and I would request that each studio raise $40,000 for the Victory Committee at this event.

So, please confirm that you plan to attend on the 22nd in Los Angeles, and that you will meet the per studio target of $40,000. It is incredibly important, in my view, that this event be a success and that we have a broad representation of studio executives in attendance. I will reach out to you later this week, but look forward to hearing from you in the meantime.

Best,

Chris
Now, to be clear, this sort of thing happens all the time. It's more a function of how money in politics works today. It wouldn't surprise me to find out that plenty of other companies in other industries do the same sort of thing -- though, generally speaking, it would be done by the companies themselves, not at the direction of a trade organization. Still, it's a bit of insight into how the process works that I figured some of you might find rather revealing.

43 Comments | Leave a Comment..

Posted on Techdirt - 17 April 2015 @ 9:38am

Wall Street Journal Suggests Snowden Gave China Its 'Great Cannon' Software... Based On Pure Random Speculation

from the journalism! dept

There's been lots of talk lately about China's "Great Cannon" -- the DDoS tool that China used to launch a massive attack on GitHub a few weeks ago. Much of the research on this tool was provided by Citizen Lab. That report is great and interesting. And then, the Wall Street Journal -- still a respected news source -- jumps in to speculate wildly based on nothing in particular, that Ed Snowden gave China NSA source code to build the Great Cannon.

Edward Snowden sabotaged the intelligence capabilities of the U.S. and its allies, and now we learn he may have given the Chinese regime a weapon to spread Internet censorship across the planet. The Great Firewall, the unofficial name for a suite of blocking tools, stops Chinese citizens from accessing outside information. In the past few weeks Beijing has deployed a new offensive capability, dubbed the Great Cannon.
First of all, Snowden didn't "sabotage" any intelligence capabilities at all. He revealed to journalists how the NSA and its partners were abusing certain powers, likely breaking the law. That's not "sabotage." Second, the "we learn" is not based on anything the WSJ's nameless author of the opinion piece actually "learned." It's based on wild speculation by stringing some misleading and unrelated ideas together. So we're already off to an inauspicious start to the piece.
According to a report from the University of Toronto’s Citizen Lab, the Great Cannon is similar to Quantum, a tool developed by the U.S. to track potential terrorists and criminals abroad. Snowden, a former system administrator for the U.S. National Security Agency, revealed the existence of Quantum for the first time in 2013 when he fled to Hong Kong and then Moscow.
Loose connection #1.
Did Snowden give the Chinese the code for the Great Cannon? He denies sharing anything with foreign governments. But then he’s an admitted liar, and we don’t know what the Chinese and Russian spy services have been able to copy from what he stole. In any event he alerted them to a weakness that could be exploited.
Wait, what? How is he "an admitted liar?" That seems like a stretch already, and seems like the kind of line you'd find in a conspiracy website, not the pages of the Wall Street Journal. Second, the idea that the Chinese didn't already recognize how to do online attacks via such methods until Snowden revealed it seems especially questionable. Among the other things that Snowden revealed: the NSA knows that the Chinese are among the most sophisticated in building tools for mounting online attacks. The idea that they would be totally ignorant of methods like these until Snowden's revelations came out seems difficult to believe.
A South China Morning Post report that the Great Cannon has been under development for about a year is suggestive. This means China’s hacking bureaucracy geared up to produce this new product soon after the Snowden leaks.
Loose connection #2. Also, notice that the WSJ doesn't actually link to the SCMP story, so we'll do that for you. It actually doesn't say it was in development for a year. It says that it's "been in operation for about one year." I guess the timing still sorta works if you're making loose connections, but it seems like a pretty big leap to argue that's somehow evidence that Snowden gave the info to the Chinese during his brief stay in Hong Kong.
It also means that in the name of “transparency,” Snowden and his media accomplices may have empowered one of the world’s worst censors.
Uh, no, it doesn't. If the WSJ's editorial board knew the first thing about technology, they'd know that it didn't require Ed Snowden to teach the Chinese how to build a giant DDoS machine.
This is another example of how the Western left fails to distinguish between the secrecy and surveillance required by democracies to preserve freedom and that used by dictators to quash it.
Huh? That sentence doesn't even make sense.

Either way, as one commenter noted, you'd think that the WSJ might realize that even if China modeled the Great Cannon on the NSA's Quantum, it really says something that we're building tools that can be used to censor the internet. And they should realize that's a problem. Instead, they try to blame the whole thing on Snowden, because... well, actually not for any actual reason that I can see -- just pure speculation. That's the kind of thing we'd expect to see on conspiracy theory websites. Not the Wall Street Journal.

69 Comments | Leave a Comment..

Posted on Techdirt - 17 April 2015 @ 8:32am

Chris Dodd's Email Reveals What MPAA Really Thinks Of Fair Use: 'Extremely Controversial'

from the oh-really-now? dept

Two years ago, we were among those who noted how odd it was to see the MPAA in court arguing in favor of fair use, since the MPAA tends to argue against fair use quite frequently. The legal geniuses at the MPAA felt hurt by our post and some of the other news coverage on the issue, and put out a blog post claiming that the MPAA and its members actually love fair use. According to that post, the MPAA's members "rely on the fair use doctrine every day" and the idea that it "opposes" fair use is "simply false, a notion that doesn't survive even a casual encounter with the facts."

Now, as you may have heard, Wikileaks has put the leaked Sony emails online for everyone to search through for themselves. I imagine that there will be a variety of new stories coming out of this trove of information, now that it's widely available, rather than limited to the small group who got the initial email dumps. In digging through the emails, one interesting one popped up. It's Chris Dodd revealing the MPAA's true view on "fair use" in an email to Michael Froman, the US Trade Rep in charge of negotiating agreements like the Trans Pacific Partnership (TPP) agreement and the Transatlantic Trade & Investment Partnership (TTIP).

You see, about a year ago, Froman gave a speech where he made a very brief mention of the importance of fair use, and how, for the first time, the USTR would be including fair use in agreements. Here's what Froman said:

And, for the first time in any trade agreement, we are asking our trading partners to secure robust balance in their copyright systems – an unprecedented move that draws directly on U.S. copyright exceptions and limitations, including fair use for important purposes such as scholarship, criticism, news commentary, teaching, and research.
Nothing major. Nothing controversial. In fact, as we've pointed out, the actual text in the various leaks of the TPP show that while it is true that the USTR has, for the first time, mentioned concepts related to fair use, it has only done so in a manner that would limit how fair use could be implemented.

And that brings us to Dodd's email to Froman, in which he reveals that, contrary to the MPAA's "we love fair use" claim in its public blog post, the MPAA is actually quite fearful of fair use and the idea that it might spread outside of the US to other countries:
Dear Ambassador Froman:

I am writing to you today regarding your Wednesday remarks at the Center for American Progress. I am concerned about your suggestion that previous free trade agreements’ copyright provisions were unbalanced and that USTR has addressed this lack of balance by including “fair use” in the TPP. Quite to the contrary, the recently ratified US-Korea FTA was supported by a broad cross-section of US industry, from tech and the internet community to the copyright community, and furthermore has been held up as a model agreement.

As I know you are aware, the inclusion of “fair use” in free trade agreements is extremely controversial and divisive. The creative community has been, and remains, a strong and consistent supporter of free trade, but the potential export of fair use via these agreements raises serious concerns within the community I represent. Over the last 24 hours, I have received calls from my member companies questioning what they perceive as a significant shift in US trade policy and, as a consequence, the value of the TPP to their industry.

It may be that people are reacting to the subsequent press releases by private groups following your remarks. I am certain these concerns have been elevated by indications from the US government that the ISP liability provisions in the TPP are going to be weakened. Nonetheless, this issue is of enough significance that I felt I must reach out to you directly prior to your departure for Singapore to register our deep concerns.

I am hopeful that I can report back to my members that that US trade policy has not changed, that USTR is committed to securing strong copyright provisions in the TPP. But, there is no question Wednesday’s speech is reverberating in the content community, and I would be remiss if I failed to raise these concerns to you personally. I would be very grateful if you would respond to these concerns at your earliest convenience. I realize you will be traveling, but this is a sense of urgency surrounding our concerns.

Regards,

Christopher J. Dodd
Motion Picture Association of America
So, the MPAA loves fair use... but the very idea that the USTR might include fair use in a trade agreement (as it had announced years earlier, and which it is doing in very limited -- and limiting -- ways) is "controversial and divisive"? All the way to the point that the MPAA is concerned about whether it can still support the effort? That does not sound like an organization that really does support fair use at all. In fact, it sounds like an organization that actively does "oppose" fair use, contrary to the claims in its blog post. Funny how the MPAA's public statements appear to completely disagree with what it says directly to politicians, huh?

59 Comments | Leave a Comment..

Posted on Net Neutrality Special Edition - 17 April 2015 @ 6:30am

Presidential Hopeful Carly Fiorina Displays Astounding Ignorance In Slamming Net Neutrality

from the that's-not-going-to-win-the-tech-vote dept

Carly Fiorina, whose claim to fame was basically presiding over HP while the company's value dropped in half, has made it clear that she's planning to run for President, despite her sole political experience being losing a Senate race in California against Barbara Boxer. To get ready, Fiorina has been ramping up her public opinion-spewing. She's gotten plenty of attention for blaming environmentalists for California's current water problems and accusing Apple's CEO Tim Cook of hypocrisy in his response to Indiana's controversial Religious Freedom Restoration Act. Feel free to debate those claims all you want. The one that interests me is Fiorina's confused and ignorant take on net neutrality -- which seems to involve making a bunch of claims that are flat out false. I recognize that, as a Republican candidate, she apparently is duty-bound to hate on net neutrality (despite the fact that Republican and Democratic voters alike both overwhelmingly support net neutrality -- and Republicans who actually understand technology support it as well). It still remains a mystery to me why this is even a partisan issue, but it is. Still, if you're going to attack net neutrality, you should at least do so on a factual basis. Fiorina can't even muster up the effort to do that.

Crony capitalism is alive and well. If you need proof, look no further than the Federal Communication Commission's new Title II regulations imposed in the name of "net neutrality" under pressure from President Barack Obama, and the big businesses that benefit.
Um, no. The crony capitalism was on the other side, as nearly all of the pressure against net neutrality came from the giant broadband players, Comcast, AT&T, Time Warner Cable and Verizon. There was almost no actual public support. Meanwhile, the push for Title II was driven heavily by public interest groups and the public itself. While there were some companies that got involved, most of the "big" businesses seemed to sit things out until late in the process and it was clear which way the wind was blowing. The companies that actually made a big difference were the startups (mainly in New York and San Francisco) that mobilized to talk about the harm that the FCC would do to the open internet if it didn't stop the broadband companies from messing things up. Kickstarter, Etsy, Tumblr and others played a really big role. Those companies are growing, but they're nothing like the big broadband companies.
Net neutrality proponents did a masterful job of marketing it with the help of late-night hosts and political spin, arguing that it would level the Internet playing field. The truth, however, is that it will insert Washington bureaucracy and control into the 21st century's greatest success story. The Internet, which has empowered hundreds of millions of Americans in so many aspects of life, will now be subject to the same types of regulations that governed telephone service in the 20th century.
This is a massive exaggeration and is incredibly misleading. First of all, the rules are not the "same regulations," but rather they're just built off the same authority (Title II), but with clear forbearance on the parts of Title II that everyone agrees are problematic. The rules are not about treating the internet as a utility, but in preventing duopolists and monopolists from abusing their position. On top of that, if you talk to a lot of people, they actually remember when telephone service was super reliable, unlike broadband service today.
As someone who led a $87 billion company for six years, I know this: Only big companies can deal with vast, sweeping regulation like the 313 pages imposed by the FCC. This administration has had a habit of identifying a particular problem and then convincing the voters that we require enormous new swaths of government control to fix it.
Almost everything in this paragraph is misleading. First of all, "leading" an "$87 billion company" -- well, here's the chart of HP's stock price during Fiorina's tenure:
As you can see, the valuation fluctuated a bit during Fiorina's "leadership," but it seemed to go mostly downward...

Second, the rules are not "313 pages." They are 8 pages. You can see just those 8 pages right here. The rest of the document (which is actually 400 pages) consists of legally required supplemental material and the dissents.

Next, remember, that it was mostly small companies pushing for these rules and big companies fighting against them. As small ISP Sonic made clear, the rules are only a problem if you're trying to do something bad. So if the small companies are clamoring for this, and the big companies are against it, it defies basic common sense to argue that the new rules are good for big companies and bad for small companies. You either have to be woefully misinformed, or blatantly lying. I'm not sure which is the situation here, but neither looks for for Fiorina.
Title II regulation gives the Federal Communications Commission nearly unlimited authority to micromanage how, when and where Internet companies innovate.
This isn't even close to true. It only gives limited authority in how it makes sure that internet access providers handle their traffic. That's it. Not "internet companies." It's a cheap trick to conflate internet access providers and the internet companies that rely on an open internet, but that's the best Fiorina can do. And then she takes it to another level of ridiculousness:
Whereas the old Internet was "permissionless," the new Internet will require bureaucratic approval for the most mind-numbing minutiae and create huge areas of uncertainty . Major companies such as Google, Facebook, Amazon, eBay and Netflix now have a government-conferred advantage over start-ups because they can afford the lobbyists and lawyers necessary to navigate the new Title II landscape. When influence trumps innovation, big entrenched companies benefit.
This isn't true. The new rules do not require anything of internet companies. They don't need lobbyists or lawyers to navigate anything. The rules are directed at internet access providers, and startups offering services on the internet do not have to deal with the rules -- only those offering internet access.

And, really, let's just repeat this line for its sheer insanity:
When influence trumps innovation, big entrenched companies benefit.
Yes, that line is true, but if you look at the past two decades, you'd see that the companies with the most powerful influence have been AT&T, Comcast and Verizon which have some of the most powerful lobbying operations in the world, and have driven broadband policy almost entirely on their own whims for the past two decades. This has resulted in less competition, terrible service and a variety of bad policies.

Who does Fiorina think she's fooling?
One, the Internet economy will no longer benefit from the competition that has steadily driven prices down over the past two decades.
What? Has Fiorina looked at internet bills lately? They have not been going down. It's true that the prices of other things on the internet have gone down, but she is once again conflating internet services with internet access. And, in fact, under the new rules it looks like there may be more competition because it will make it easier to get pole attachments. Furthermore, because of the FCC's other big ruling we may finally see some real municipal competition. And, as AT&T has made clear, when there is real competition, then its prices go down. But it has spent years actively blocking competition, using its political influence.
Two, companies will devote more of their resources to lobbying and regulatory compliance, passing the costs of these activities directly on to consumers.
Again, the rules only impact internet access providers and only if they're doing bad stuff to consumers. If they treat traffic neutrally, there are no compliance issues to worry about.

Ah, wait. It appears we left out a bit of Fiorina's bio. Before she took the helm at HP... she spent her career at AT&T and AT&T spinoff Lucent. Perhaps that has more to do with her position than anything. But if she thinks she's going to court the tech vote, directly misleading the public about an important issue like net neutrality isn't going to do her any favors.

49 Comments | Leave a Comment..

Posted on Techdirt - 17 April 2015 @ 4:14am

If Virginia Elections Weren't Hacked, It's Only Because No One Tried

from the hey-that's-my-password dept

It's actually been a pretty long time since we last wrote about electronic voting machines and how insecure they are. Back in the 2005 to 2010 time frame, it was a regular topic of discussion around here, but there really hasn't been that much new information on that front in a while. However, earlier this week, Virginia decided to decertify a bunch of electronic voting machines after noting that the security on them was abysmal. As Jeremy Epstein notes in a detailed blog post about this issue:

If an election was held using the AVS WinVote, and it wasn’t hacked, it was only because no one tried. The vulnerabilities were so severe, and so trivial to exploit, that anyone with even a modicum of training could have succeeded. They didn’t need to be in the polling place – within a few hundred feet (e.g., in the parking lot) is easy, and within a half mile with a rudimentary antenna built using a Pringles can. Further, there are no logs or other records that would indicate if such a thing ever happened, so if an election was hacked any time in the past, we will never know.
It's that bad. The headline grabbing line that many news sites have run with is the unchangeable WEP encryption key used on the machines was "abcde." Meaning it was crazy easy for people to hack into (even if you didn't know the password originally, it would not be difficult to figure that out just by monitoring the system). But that's just the start. Other massive problems, explained by Epstein:
  • The system hasn’t been patched since 2004 (which we knew). What we didn’t know is that the system is running a whole bunch of open ports with active services. The report specifically notes that ports 135/tcp, 139/tcp, 445/tcp, 3389/tcp, 6000/tcp and 16001/tcp are all running unpatched services. (Layman’s explanation: the voting machines aren’t just voting machines, they’re also servers happy to give you whatever files you ask for, and various other things, if only you ask. Think of them as an extra disk drive on the network, that just happens to hold all of the votes.) (Obdisclosure: In retrospect, I *probably* could have figured this out a few years ago when I had supervised access to a WinVote with a shell prompt, but I didn’t think of checking.)
  • The system has a weak set of controls – it’s easy to get to a DOS prompt (which we knew). What we didn’t know is that the administrator password seems to be hardwired to “admin”.
  • The database is a very obsolete version of Microsoft Access, and uses a very weak encryption key (which I knew a couple years ago, but didn’t want to disclose – the key is “shoup”, as also disclosed in the VITA report). What we didn’t know is that there are no controls on changing the database – if you copy the database to a separate machine, which is easy to do given the file services described above, edit the votes, and put it back, it’s happy as can be, and there are no controls to detect that the tampering occurred.
  • The USB ports and other physical connections are only marginally physically protected from tampering. What we didn’t know is that there’s no protections once you plug something into one of these ports. What this means is that someone with even a few minutes unsupervised with one of the machines could doubtless replace the software, modify results, etc. This is by far the hardest of the attacks that VITA identified, so it’s almost irrelevant given how severe the other problems are.
And, as Epstein notes, the Virginia Information Technology Agency figured all of this out on its own -- in other words, it wasn't given the source code for these machines. That means, pretty much anyone probably could have figured out the same things. Epstein makes it clear just how easy this process is:
  1. Take your laptop to a polling place, and sit outside in the parking lot.
  2. Use a free sniffer to capture the traffic, and use that to figure out the WEP password (which VITA did for us).
  3. Connect to the voting machine over WiFi.
  4. If asked for a password, the administrator password is “admin” (VITA provided that).
  5. Download the Microsoft Access database using Windows Explorer.
  6. Use a free tool to extract the hardwired key (“shoup”), which VITA also did for us.
  7. Use Microsoft Access to add, delete, or change any of the votes in the database.
  8. Upload the modified copy of the Microsoft Access database back to the voting machine.
  9. Wait for the election results to be published.
As he points out, the only bits that might take some sort of technical expertise is extracting the passwords, but that's not that hard, and the kind of thing that lots of script kiddies have figured out how to do with free online tools for ages. Epstein points out that the Diebold machines that everyone mocked a decade ago were "100 times more secure" than these WinVote machines.

Because there's an election coming up, apparently some election officials were against decertifying these machines:
Richard Herrington, secretary of the Fairfax City Electoral Board, said he was unconvinced that WINVote machines were risky enough to warrant decertification.

“No matter how much time, money and effort we could put into a device or a system to make it as secure as possible, there is always the possibility that someone else would put in the time, money and effort to exploit that system,” he said.
Richard Herrington is both right and wrong. Yes, it's true that almost any system will have security vulnerabilities, but he's ridiculously, laughably wrong, in suggesting that these machines are likely secure enough. These machines don't require a sophisticated hacker (especially now that the VITA revealed all the necessary passwords). Basically anyone can change the votes however they want based on the information that has been revealed.

For years, whenever we'd point to concerns and problems with e-voting machines, people would argue that it was just conspiracy theories and that these machines were mostly "secure enough." Yet, time and time again, we've discovered that the machines weren't even the tiniest bit secure -- and this is just the most egregious example so far.

Read More | 43 Comments | Leave a Comment..

Posted on Techdirt - 16 April 2015 @ 2:00pm

Congress Finally Releases Fast Track Trade Bill, And It's A Mess

from the why-do-republicans-want-to-do-this? dept

For the past few months there have been rumors every few weeks that Congress was finally going to push out a "fast track" or "trade promotion authority" bill. As we've explained, these bills are Congress giving up their Constitutional right to regulate international trade, and handing the power over the USTR, a part of the executive branch. While some supporters of this argue that it actually gives Congress more power, by laying out the conditions of a trade deal it will approve, that's ridiculous. That might be true if fast track authority were granted prior to a deal being done, but with the TPP and TTIP pretty far along, it's clearly not true. Either way, despite massive opposition from the President's own party, an agreement has been reached between Senator Hatch and Senator Wyden and a trade promotion bill has been released.

Back in February, we presented a simple litmus test concerning whether or not any such effort would actually be reasonable on intellectual property issues: would the text of the bill concerning intellectual property be any different than the last fast track authority bill from 2002 (or an attempt to update it in 2014). Both of those bills had nearly verbatim text. And... as we feared, so does this new bill. Given just how much the internet has changed since 2002, it is simply inconceivable to suggest that the same intellectual property rules that made sense then would continue to make sense now. In other words, despite the involvement of Senator Wyden, it appears that little has been done here to make it clear to the USTR that bad IP rules in the TPP or TTIP agreement are unacceptable. That's a disappointment. Here are the key provisions on intellectual property. Note that they are basically all about enforcement (i.e., protectionism) rather than the free flow of information (which is what you'd expect a trade deal to be about).

providing strong protection for new and emerging technologies and new methods of transmitting and distributing products embodying intellectual property, including in a manner that facilitates legitimate digital trade;

preventing or eliminating discrimination with respect to matters affecting the availability, acquisition, scope, maintenance, use, and enforcement of intellectual property rights;

ensuring that standards of protection and enforcement keep pace with technological developments, and in particular ensuring that rightholders have the legal and technological means to control the use of their works through the Internet and other global communication media, and to prevent the unauthorized use of their works;

providing strong enforcement of intellectual property rights, including through accessible, expeditious, and effective civil, administrative, and criminal enforcement mechanisms; and

preventing or eliminating government involvement in the violation of intellectual property rights, including cyber theft and piracy;
These are basically word for word the same from 2002. In other words, despite over a decade of seeing how the USTR has used trade deals to browbeat other countries into bad intellectual property laws, this new trade promotion authority is saying "go ahead and continue doing just that, no matter what harm it may do to the internet and all of the economic growth it creates."

Unlike some who are totally against any trade deals, I believe there are ways in which increasing actual free trade can be helpful. I had held out hope that the new trade promotion agreement would be more reasonable than what we'd seen in the past. But just looking at the intellectual property section alone, and the fact that it has remained unchanged since the 2002 version -- despite over a decade of seeing how bad IP policy can hurt internet innovation and economic growth -- suggests that this TPA agreement continues the mistakes of the past, rather than fixes them. That's unfortunate.

And so, now comes a very, very weird fight in Congress. With nearly all Democrats opposed to this bill even including the surprise change in position by Senator Chuck Schumer, we'll have a situation where Congressional Republicans try and convince their colleagues to give President Obama more power, by removing the Constitutional authority from Congress, while Congressional Democrats push back against giving their own President that power. It's a really weird fight in oh so many ways.

Read More | 29 Comments | Leave a Comment..

Posted on Techdirt - 16 April 2015 @ 1:00pm

Silicon Valley Needs To Be More Willing To Talk Openly About Failures

from the needs-more-openness dept

There's a story in Business Insider that's been getting a lot of attention thanks to the click-baity headline of: The founder of a $50 million startup just sold his company — and he didn't make a dime by reporter Alyson Shontell. Almost everything about the headline is misleading. The company, Get Satisfaction, was once valued at $50 million, at its peak back in 2011. But from what I've heard, the final sale, to Sprinklr, that went down recently was for $8 million (and it's possible that not all of it was cash, making the valuation even more questionable). So, the whole $50 million bit is meaningless, because that's not what the company was worth. And, considering the company had raised at least $21 million (and possibly more), the fact that it eventually sold for less than half the money raised means that it shouldn't even be remotely surprising that the company's founder, who had been pushed out years earlier, got nothing out of the deal. This is how it works. The early shareholders/founders were diluted and pushed out, the company basically tanked and sold off in a firesale. It's no surprise that the early players got basically nothing -- it's how things are done.

What struck me as more interesting about this, however, was the fact that the founder who kicked off the story, Lane Becker, was actually willing to come out and say the truth: that it was a firesale designed to make people look good, rather than actually make anyone any real money. This is Silicon Valley's stupid secret that really should be discussed more openly. Lots of startups fail. It happens all the time. And Silicon Valley prides itself on supposedly being a lot more accepting of failure. You hear it all the time. But the reality is that we often try to hide failures behind fake success stories. High profile startups rarely just disappear -- they find someone to buy them for next to nothing so they can pretend to have successfully exited. The truth is, many of those companies were out of money and the "acquisition" was nothing more than an attempt to "create good optics" and pretend to the outside world that there was a successful conclusion to the startup.

If Silicon Valley were truly accepting of failure, it would be much more willing to openly discuss its failures. It happens, but it's rare. The one I remember most clearly is Chris "moot" Poole from about a year ago writing about the failure of his startup Canvas/DrawQuest:

I’m disappointed that I couldn’t produce a better outcome for those who supported me the most—my investors and employees. Few in business will know the pain of what it means to fail as a venture-backed CEO. Not only do you fail your employees, your customers, and yourself, but you also fail your investors—partners who helped you bring your idea to life.

In my case, I am extremely lucky and grateful to be partners with people who are simply the best. What separates the best investors is not how they help you when you’re a rocketship, but when your ship is on fire and you’re venting atmosphere. In this case, our investors have demonstrated what sets them apart from the rest—they’ve supported me throughout the ups and downs, and especially the downs.
There's a lot more to that post and it's well worth the read. It talks about the kind of things that lots of Silicon Valley entrepreneurs talk about privately, but almost never publicly. Yes, Silicon Valley is relatively accepting of failure. Compared to other industries and other areas, Silicon Valley is much more open to second (and third and fourth) chances for those who have failed -- but we're terrible about exploring why things fail and the impact of those failures. Being a part of a failing startup is no fun at all -- but the end of the story tends to be pretty typical: if it's not high profile, it just disappears. If it is high profile, it does what Get Satisfaction did here and finds a firesale option where people can pretend it was a success, thereby hiding the reality and keeping the important lessons from being learned more widely.

The interesting thing about Becker's statement was not -- as Business Insider assumed -- that a founder didn't get to cash out on a firesale of his former company. It was that Becker wasn't willing to play the usual game and pretend a failure was a success. Rather he was direct about how the company had flopped and how. And that's something that we need more of, rather than silly stories that try to make it look like something "unfair" or "wrong" happened. What happened is totally normal in Silicon Valley. It happens every week around here, and we should be more open to talking about companies that fail and why they fail -- not to revel in the schadenfreude, but to learn the lessons from those who ran into trouble along the way.

8 Comments | Leave a Comment..

Posted on Techdirt - 16 April 2015 @ 10:44am

Hollywood Collectively Loses Its Mind About Latest Set Of Livestreaming Apps

from the get-a-grip dept

If you (lucky you!) don't pay attention to the latest craze among the internet media, you may have missed the mid-to-late-March hype cycle around two livestreaming apps that are available via Twitter. The initial darling was Meerkat, which became this year's annual darling-for-a-week at SXSW. Soon after, it was eclipsed by Periscope, a startup that Twitter bought, just about the same time it pulled Meerkat's ability to push notifications out to users. Both offer the same basic idea: enabling Twitter users to easily livestream video to their followers. Of course, livestreaming is not a new concept. It's been around for ages, and things like Ustream and JustinTV are well-known. Even BitTorrent has tried to get into the livestreaming game. Not surprisingly, livestreaming technology has been particularly useful for newsworthy situations -- and have been used extensively in violent clashes around the globe or at protests like in Ferguson, Missouri last summer.

But, of course, Hollywood absolutely hates such things. For years, they've argued that Ustream and JustinTV were destroying their businesses because some people would turn on a television and set up their phone or computer to livestream whatever they were seeing. So it should come as little shock that right after the media hype cycle around Periscope and Meerkat, a whole series of silly articles started appearing about the copyright consequences of livestreaming. The Guardian warned that these new livestreaming apps "could cost unwary brands dear." Billboard warned that these two new apps created a "legal minefield" because a song playing in the background might (*gasp*) infringe on someone's copyrights. The Atlantic warned that these apps were enabling "a new kind of internet pirate." And, CBS really went the distance with a fearmongering headline about how Periscope and Meerkat "threatened" the "multi-billion dollar sports broadcast copyrights," even though they do no such thing (and, in fact, that article speaks to no actual sports officials, whereas when Major League baseball was asked, it noted that it sees no real threat).

And, rather than admit that (1) livestreaming has been around for ages and hasn't really been a serious drag on revenue, and (2) it's not a particularly good user experience for watching broadcast content anyway, various folks in Hollywood lost their minds about these two new services. The main culprit? HBO. After there were a few scattered reports of various Game of Thrones fans using Periscope to broadcast the latest episode of the popular show, HBO decided that it's all Twitter's fault, and who cares about DMCA safe harbors, something must be done, and Twitter has to do it:

"We are aware of Periscope and have sent takedown notices," an HBO spokeswoman said in a statement. "In general, we feel developers should have tools which proactively prevent mass copyright infringement from occurring on their apps and not be solely reliant upon notifications."
There are two issues there. First are the takedowns -- which is a part of the DMCA. But the second part is asking for Twitter to go Beyond the DMCA and to start proactively reviewing and policing the content that is streaming over Periscope. This is a bad idea for a whole variety of reasons that both Twitter and HBO should already understand. First, such efforts inevitably lead to takedowns that block important, legitimate, non-infringing speech. Considering how Periscope and Meerkat are designed for livestreaming events right now, blocking those could lead to important content never seeing the light of day at all. The chilling effects could be massive.

On top of that, there is little to no evidence that unauthorized streams of Game of Thrones are doing any harm whatsoever. In fact, Game of Thrones is often the prime example of how unauthorized streams have helped certain content get more attention and more long-term committed fans. Both a director on the show and Time Warner's CEO (who owns HBO) have admitted as much. So why the collective freakout about these new apps?

It seems, as is the tradition among some in Hollywood, any new technology that might possibly be used for some amount of infringement must be loudly condemned and shamed. Despite the fact that this policy never works, and tends to just lead to widespread ridicule, it is the only gameplan that the old guard in Hollywood have. They could embrace these things. HBO execs -- especially with the launch of HBO's new streaming services -- could be highlighting how much better the official streaming experience is than the crappy Periscope/Meerkat experience. But, what fun is that? That, apparently, takes work.

39 Comments | Leave a Comment..

Posted on Techdirt - 16 April 2015 @ 4:08am

TSA's Investigation Into Groping Agents Ensured They Wouldn't Be Prosecuted

from the because-of-course dept

By now, you may have heard the story about how two TSA agents at Denver International Airport were fired recently after it was revealed that they had worked out a scam by which one agent was able to grope and fondle the genitals of male passengers he found attractive. The plan involved him signalling to a colleague who was working the scanning computer. That agent would tell the computer that the individual being scanned was female, which apparently would set off an "anomaly" alert for the groin area, allowing the male TSA agent to conduct a "pat down" of that area. Leaving aside the fact that these computers even have "male" and "female" settings and it can determine an "anomaly in the genital area" if they don't match -- this kind of thing was exactly what many insisted was going to happen when the TSA put in place these advanced screening procedures. And if you think that this is the only case of it happening, well, then, you probably think the TSA doesn't rifle through and steal stuff from your luggage as well.

Now here's the thing: this only came out because the TSA agent blabbed about it to a colleague, who then reported it, leading to an investigation. Many people find it odd that the two TSA agents (who are still unnamed) merely lost their jobs, rather than got arrested for this activity. Chris Bray, over at TSA News (found via Amy Alkon -- herself no stranger to intrusive TSA searches), went and grabbed the actual Denver police report on the incident, revealing that it appears that the TSA set up its "investigation" in a manner to almost guarantee no criminal charges and that the names of the TSA agents would remain secret.

Specifically, the TSA was first told about this scheme on November 18th of 2014. First, it took nearly two months for the TSA to do anything about it, and it did not contact the police during this time. Instead, on Feburary 9th, TSA investigator Chris Higgins observed the screening area and saw the signal/button push/grope of the genitals. Higgins made no attempt to speak with or identify the victim of this assault (this is important). Instead, he just spoke with the two TSA agents who were terminated at some later time (exact date not clearly indicated). The Denver police were not told about any of this until over a month later, on March 19th, 2015, at which point they noted that without a named "victim" there wasn't much they could do.

On that same day, the inspector, Higgins, told the Denver police that he had also spoken with a deputy district attorney who had told him that without a victim, it was unlikely they could prosecute a case. It's unclear when that conversation took place, but it appears that the TSA had plenty of time to fire the TSA agents and make it basically impossible for the police to file a case before then telling the police what happened. As Bray notes, this all seems rather suspicious, as if the TSA's "investigation" was much more about covering up the TSA's misdeeds, rather than holding the agents responsible:

So in November of 2014, the TSA was warned that two of its officers were currently, actively conspiring to commit sexual assault. But the TSA did not notify the police about that anonymous tip. The Denver Police Department is the agency that regularly polices Denver International Airport; the DIA Bureau is listed on this directory.

If the TSA had notified the police about the tip in November, the police could have been watching the checkpoint to observe the groping incident that was instead witnessed by a TSA employee. But the police didn’t know about an allegation of active, current, ongoing sexual assault, because the TSA didn’t tell them.

And so an act of sexual assault occurred right in front of a TSA investigator — and the investigator let the victim walk away without approaching him and identifying him.

Then, in March 2015, the TSA informed the police of the allegation, and of the evidence of the event that a TSA investigator had personally witnessed more than a month before. But the TSA didn’t notify the police until both employees had been fired — in other words, until both participants in a scheme to commit sexual assault had been removed from the place in which they allegedly committed it.

It’s as if someone called the fire department to report a pile of cold ashes. The TSA waited to call the police until the passengers were long gone, the TSA officers alleged to have committed the crime were long gone, and the crime witnessed by a TSA investigator was more than a month old.

Isn't that convenient?

Bray asked the TSA why it didn't contact the police earlier, and received a boiler plate response about how "intolerable" the actions were, but no substantive response to Bray's actual questions.

Yes, the groping scheme is a scandal, but it seems like a much bigger scandal is how the TSA handled the case -- first allowing the criminal activities to go on for two months without notifying police, and then making sure that no one could be actually charged with a crime.

Read More | 92 Comments | Leave a Comment..

Posted on Techdirt - 15 April 2015 @ 9:02pm

Netflix Moving To Encrypted Streams, As Mozilla Moves To Deprecate Unencrypted Web Pages As Insecure

from the yay-encryption dept

We've been pretty vocal about supporting the encryption of more and more web traffic. It's important for a variety of reasons, not the least of which is your privacy and security. A few months back, we were excited to see the Chrome security team suggest that it should start marking unencrypted web pages as non-secure. It appears that Mozilla is now joining in on the fun, proposing deprecating unencrypted HTTP web pages to encourage more web developers to go full on in support for encrypted HTTPS:

In order to encourage web developers to move from HTTP to HTTPS, I would like to propose establishing a deprecation plan for HTTP without security. Broadly speaking, this plan would entail limiting new features to secure contexts, followed by gradually removing legacy features from insecure contexts. Having an overall program for HTTP deprecation makes a clear statement to the web community that the time for plaintext is over -- it tells the world that the new web uses HTTPS, so if you want to use new things, you need to provide security.
It's a clever setup. Basically, if you want to take advantage of new features on the web, you'll have to encrypt.

Meanwhile, it appears that Netflix has separately announced that it is moving forward with plans to encrypt all of its infrastructure with HTTPS to better protect your privacy as well:
with our existing server infrastructure and the up to 50% capacity hit we had observed, driven by our traffic mix.

At that time, we were uncertain of the gains we could achieve with software and hardware optimization and of the timescale for those. I'm pleased to report we have made good progress on that and we presented our FreeBSD work at the Asia BSD conference. We now believe we can deploy HTTPS at a cost that, whilst significant, is well justified by the privacy returns for our users.

So, as we mention today in our investor letter, we intend to roll out HTTPS support over the coming year - for both our site and the content itself - starting with desktop browser tests at scale this quarter.
In short, yes, deploying HTTPS at that scale is expensive, but the benefit to users is tremendous and worth it.

It's still going to take a while, but we're getting closer to reaching that tipping point where an unencrypted web is a historical anomaly and that's a very good thing.

92 Comments | Leave a Comment..

Posted on Net Neutrality Special Edition - 15 April 2015 @ 3:42pm

Why Not? AT&T Adds Its Name To The Pile Of Lawsuits Against The FCC's Net Neutrality Rules

from the pile-on! dept

On Monday, the FCC's net neutrality rules officially went into the Federal Register, which was also known as the starters' gun for rushing to the courthouse to sue the FCC over those rules. Trade group USTelecom got there first with its filing, while a bunch of other trade groups, representing big cable companies (NCTAA), small cable companies (ACA) and big wireless companies (CTIA -- ignoring the claims of its members Sprint and T-Mobile) were right behind them. Not to be left out, AT&T has also formally sued the FCC using the same basic complaint ("arbitrary and capricious, yo!")

There had been some idle speculation that the big broadband companies might sit this one out directly, and rather let their lobbying trade groups handle the fun, but AT&T apparently couldn't take the risk of letting those other groups fight this fight, just in case they chickened out. Of course, there is some irony in the fact that AT&T was apparently among those who were most pissed off at Verizon for suing over the previous rules, since that's what led to these new rules. Either way, expect the various lawsuits to get consolidated before too long. And then expect years of fighting before we get a final ruling and lots of whining and complaining in between.

And, just think, instead of spending all that money on lawyers and press releases about future plans to deliver faster broadband, AT&T could actually be investing in building a better network for its subscribers. But what fun is that? According to Wall Street's view... it's no fun at all. They'd much rather AT&T fight against rules that say they have to treat consumers right, rather than actually working hard to treat consumers right.

Read More | 8 Comments | Leave a Comment..

Posted on Techdirt - 15 April 2015 @ 1:25pm

California Bill Would Require Libraries Post Scary Warning Signs Not To Do Infringy Stuff With 3D Printers

from the how-dare-you-build-useful-stuff dept

For a few years now, folks like Michael Weinberg have been pretty vocal about warning the world not to screw up 3D printing by falling for the same copyright/patenting mistakes that are now holding back other creative industries. Trying to lock up good ideas is not a good idea. Just recently we noted how 3D printing was challenging some long held beliefs about copyright, and we shouldn't simply fall into the old ways of doing things. At our inaugural Copia Institute summit, we had a really fascinating discussion about not letting intellectual property freakouts destroy the potential of 3D printing.

Well, here comes the start of the freakouts. Via Parker Higgins, we find out that there's a new bill in the California Assembly, AB-37*, which would require libraries that have 3D printers to post stupid signs warning people not to do nasty infringy things with those printers:

This bill would require every public library that provides public access to a 3D printer, as defined, to post a notice on or near the 3D printer that would alert users of the 3D printer of the potential liability of the user for misuse of the 3D printer, as specified. This bill would require the Department of Justice to draft and distribute this notice, as specified, and annually review and revise the notice for accuracy. By imposing additional duties upon local officials, this bill would create a state-mandated local program.
In the actual text of the law, they're explicit about how it's about not infringing intellectual property:
The Department of Justice shall prepare and distribute to a public library that provides public access to a 3D printer a notice that would alert users of the 3D printer of the potential liability of the user for misuse of the 3D printer. The notice shall do all of the following:

(A) Provide citations to the applicable state and federal laws that may impose civil liability or criminal penalties for misuse of a 3D printer, including laws regarding copyright infringement and trademark and patent protection.
Katy Perry's left shark is weeping at the ridiculousness of it all.

First of all, this shows the ridiculous ownership mentality of some, who automatically assume that creating something new must be infringing on someone's rights somewhere. Second, the idea that government mandated signs are somehow going to alleviate such uses is ridiculous. Beyond the fact that government "warnings" about infringement are routinely mocked (or just widely ignored), this has all the markings of the old red flag laws, in which the government mandated that there needed to be someone waving a red flag walking in front of every automobile. Trying to place restrictions on new technology based on some fantasy possible problems is no way to create a more innovative society and economy. It's only a way to hinder it.

What's really unfortunate, is it appears this bill was proposed by Assemblymember Nora Campos -- who represents San Jose. In other words, our Copia Inaugural Summit, in which we discussed these exact issues and why people shouldn't overreact was held in her district. And while Campos was invited to the event, and a number of her colleagues in the California Assembly attended, she did not. Perhaps it would have been helpful to have her come and learn about the actual issues related to intellectual property and 3D printing, rather than pushing out a ridiculous bill like this.

* For unclear reasons, the bill was originally about drones, and was then amended to remove everything drone related and add all the 3D printing stuff. It is unclear why.

35 Comments | Leave a Comment..

Posted on Techdirt - 15 April 2015 @ 11:04am

Google To EU: You Know, No One Really Uses Our Vertical Search Products

from the fine-lines dept

As was widely expected yesterday, the EU has officially come out with its "Statement of Objections" to Google practices that are at the heart of its antitrust complaint. They are almost entirely focused on the fact that Google promotes its own shopping search product at the expense of competitors. From the announcement:

  • Google systematically positions and prominently displays its comparison shopping service in its general search results pages, irrespective of its merits. This conduct started in 2008.
  • Google does not apply to its own comparison shopping service the system of penalties, which it applies to other comparison shopping services on the basis of defined parameters, and which can lead to the lowering of the rank in which they appear in Google's general search results pages.
  • Froogle, Google's first comparison shopping service, did not benefit from any favourable treatment, and performed poorly.
  • As a result of Google's systematic favouring of its subsequent comparison shopping services "Google Product Search" and "Google Shopping", both experienced higher rates of growth, to the detriment of rival comparison shopping services.
  • Google's conduct has a negative impact on consumers and innovation. It means that users do not necessarily see the most relevant comparison shopping results in response to their queries, and that incentives to innovate from rivals are lowered as they know that however good their product, they will not benefit from the same prominence as Google's product.
This somewhat echoes the FTC's analysis of Google's playing with shopping search -- but the FTC also noted that the end results actually seemed to be good for consumers (something the EU appears to be less concerned with). Here was the FTC's conclusion on the same issue:
Indeed, the evidence paints a complex portrait of a company working toward an overall goal of maintaining its market share by providing the best user experience, while simultaneously engaging in tactics that resulted in harm to many vertical competitors, and likely helped to entrench Google's monopoly power over search and search advertising. The determination that Google's conduct is anticompetitive, and deserving of condemnation, would require an extensive balancing of these factors, a task that courts have been unwilling- in similar circumstances - to perform under Section 2. Thus, although it is a close question, Staff does not recommend that the Commission move forward on this cause of action.
In short, it is clear that Google experimented with ways to improve its own shopping search performance, but it's hard to see how some of the EU's complaints make that much sense. What business is required to promote it competitors?

Either way, Google is now in the somewhat awkward position of pointing out that its own vertical search products both are good enough to deserve the treatment Google gave them, yet bad enough that no one actually uses them. Thus it has put out a somewhat hilarious blog post that talks about how little people actually use Google's vertical search products while also highlighting how many competitors there are. Here, for example, is the chart it shows for shopping sites in Germany:
It's pretty clear what point Google is trying to make there, though it seems likely that the EU Commission will quickly argue that this chart is actually unrelated to the point that it is making -- that Google may be somehow "unfairly" leveraging its dominant position in general search, to push its vertical shopping search on users. The real question, is whether or not that's harming end users in any way. That's the part that seems tough to support. There do appear to be many other options for searching. And, personally, as someone who regularly uses Google (and other search engines) for a variety of searching needs, I can say that I never use it for product/shopping search, whether or not it promotes it in its search results, because I automatically default to other specialized sites for those kinds of searches. I'm at a loss as to how Google promoting its own shopping search does any harm to me in those situations. It's just another competitor (and to me, not a very good one).

As we noted a few months ago, based on a tool that Yelp and TripAdvisor put together, there are arguments to be made that Google could do a better job with how it handles vertical search results, using its search algorithm to pull in results from others -- but it's difficult to see why anyone should want government bureaucrats determining how to build search engine results.

33 Comments | Leave a Comment..

Posted on Techdirt - 15 April 2015 @ 4:14am

Teen Blogger Arrested In Singapore For Being A Teenager And Posting A Video The Government Doesn't Like

from the free-expression-matters dept

In Wired Magazine's 4th issue ever, back in 1993, it sent famed author William Gibson to Singapore, leading him to write an amazing article entitled "Disneyland with the Death Penalty," talking about the strange contradictions of the city state. It starts out with this sentence:

"It's like an entire country run by Jeffrey Katzenberg," the producer had said, "under the motto 'Be happy or I'll kill you.'"
Singapore is famous for both its clean, modern and high tech city... and the fact that it is more or less a dictatorship in which no criticism of the government is allowed. Talk to Singaporeans who have made it to the US for more than a little bit and you'll discover somewhat horrific stories about living in that country -- the kind of stuff that almost no one wants to talk about publicly. And in the last few weeks, the actions of the Singaporean government have highlighted just why so many Singaporeans are fearful of speaking out about what the place is really like.

A 16-year-old precocious YouTuber named Amos Yee was arrested last month, basically for saying mean things about Lee Kwan Yew, the country's founder and long-time Prime Minister -- though many say that he was actually the country's dictator -- who died just a few weeks ago.

Amos Yee's "controversial" video is still up as I write this. You can view it here, though I imagine someone may eventually try to take it down.
The title is "Lee Kuan Yew is Finally Dead!" and in it Yee unloads his feelings on LKY and his infamous tendency in going after anyone who criticizes him, including the international press. Yee more or less tells the government to try to go after him... and it did.

Watching the video, though, you see a typical teenager mouthing off to authority. That's what teenagers are supposed to be doing -- and Yee has quite a following as a precocious teenaged commenter on culture, both Singaporean and around the globe. The New Yorker has a profile of Amos, detailing some of his other videos that show him as a pretty typical teenager with opinions -- and the ability to create some fairly entertaining videos, like How to Speak Singlish (the modified English that some Singaporeans use) or his somewhat overwrought review of the movie Boyhood.

As the New Yorker's Nathan Heller writes about Yee:
Yee has all the hallmarks of a green and thriving mind; he is exactly the kind of person you would one day want reviewing your books, making your movies, maybe even running your country. Americans, who enjoy the benefits of free media, have a responsibility to take him more seriously than they take the government that has tried to quiet him for thinking freely in the public sphere. And those of us in the Fourth Estate have a duty to spread word of his ridiculous charges. If people like Amos Yee end up the custodians of our profession, the future of countries like Singapore can be brighter than their past.
And yet, he's facing the potential of three years in prison and many thousands of dollars in fines, based on "Penal Code Section 298" which forbids "the uttering of words that might hurt the religious feelings of any person," as well as a recent anti-cyberbullying law that the country passed.

We talk a lot on Techdirt about the importance of freedom of expression, and have called out other examples where people are pushing for laws against cyberbullying, with an expressed interest in stopping people from "hurting feelings" by unkind speech online. But when you have laws that make people criminals for merely expressing their opinions, you are shutting down the very way in which people learn and grow. Expressing opinions, having debates about them is a key part of growth, intelligence and innovation. Singapore wants to be seen as a modern and innovative country -- and yet at the same time it allows no dissent and no freedom of expression. It is a travesty.

Even some in Singapore have been willing to point out that this is ridiculous, and only serves to show the world that Singapore's ego is fragile that it cannot stand up to a bit of criticism:
What Amos Yee did was crude, rude and insensitive. But he is, at the end of the day, a provocative child playing at being hardcore. He’s certainly not the first – it was only the lack of access to YouTube that saved many of us from eternal embarrassment in our teenage years – and he won’t be the last by any stretch of the imagination. Is Singapore really so fragile, so easily threatened by offensive comment, that there was a need to charge a kid in court?

What Amos and the two protesters did were against the law – but it’s also high time that we think about the laws we have, and whether the trade-offs made make sense in today’s context. Is the Singaporean situation really so precarious that freedom of speech and assembly needs to be curtailed to such an extent?
Of course, given the way in which general deference to authority is demanded in Singapore, plenty of others have come out in favor of throwing Yee in jail. The New Yorker piece describes how ridiculous some of this has become:
In the days after Yee’s arrest, a slew of local celebrities, including three Singaporean starlet types, were interviewed about his videos on national TV. In sequences depressing to watch, they all sided with the state. “If you say that, ‘Oh, people can say whatever they want, all the time,’ then what about those people who are listening?” Joshua Tan, a young actor, said. Well, what about them? The suggestion that citizens should withhold political criticism for fear of offense is preposterous—far more embarrassing to Singapore than any videos by Yee could be.
We see this same attack on free speech in other places (often college campuses) today, as well as in certain areas of social media, in which people immediately leap to the idea that we need "new laws" to punish those who say things that people don't like, because "what about those people who are listening." Those people can be offended. And they can have their feelings hurt. Because that's how a free society is supposed to be -- where not everyone agrees with one another, and sometimes people say things you don't like. And that's good for the community. It's good for ideas and intelligence in that it allows for people to be challenged and to improve their arguments.

Singapore, apparently, wants to put teenagers in jail for acting like teenagers. And thus, it appears that little has changed since that William Gibson article more than two decades ago -- and that's a real shame. In the age of the internet, Singapore has continued to try to position itself as a high tech mecca. But if it can't handle free expression, it's going to find that a difficult image to maintain.

21 Comments | Leave a Comment..

Posted on Techdirt - 14 April 2015 @ 3:53pm

New Mexico Passes Law Saying Law Enforcement Can't Steal Your Property Without A Criminal Conviction

from the good-news dept

We've been talking for a while about the ridiculousness of the civil asset forfeiture system in the US, whereby law enforcement can basically steal what they want (and some cops will even admit that, to them, it's shopping for stuff they want). If you don't remember, it basically just involves police taking stuff and then insisting that it was ill-gotten goods from some sort of law breaking activity -- which would be kept by filing a civil lawsuit against the stuff itself rather than the person. There didn't need to be any criminal conviction at all. Earlier this year, Eric Holder tried to limit the DOJ's assistance of such shopping sprees by law enforcement, but police were still open to using the process to take stuff.

And, now, some states are trying to take action. Virginia lawmakers started pushing for a requirement of a criminal conviction. A similar bill in Wyoming passed out of the legislature overwhelmingly, but was vetoed by the governor who seemed to argue that all civil asset forfeiture "is right" despite plenty of evidence of abuse.

However, in New Mexico, not only did the legislature agree on a bill requiring a conviction, but now Governor Susana Martinez has signed the bill:

House Bill 560 (HB 560) makes numerous changes to the asset forfeiture process used by law enforcement agencies in New Mexico. As an attorney and career prosecutor, I understand how important it is that we ensure safeguards are in place to protect our constitutional rights. On balance, the changes made by this legislation improve the transparency and accountability of the forfeiture process and provide further protections to innocent property owners.
This is great to see and hopefully other states will follow suit -- or we can get a federal law stating that police can't just take stuff without a criminal conviction.

39 Comments | Leave a Comment..

Posted on Net Neutrality Special Edition - 14 April 2015 @ 2:55pm

Despite Claiming To Want To Negotiate A Net Neutrality 'Compromise,' Many Republicans Rush In To Kill New Rules

from the because-of-course dept

It's getting rather ridiculous to have to keep repeating it at this point, but it's fairly ridiculous that net neutrality/open internet is a partisan issue at all. The public overwhelmingly supports net neutrality, no matter which party they're associated with. It's only the politicians who think this is a red team vs. blue team issue. But, for whatever reason (and much of it appears to do with campaign fundraising), net neutrality has become partisan, with Republicans "against" it and Democrats "for" it. So, with the rules now officially in the Federal Register, not only have the lawsuits begun, but so has the Republican wrangling in Congress to try to kill the laws.

Specifically, Rep. Doug Collins has teamed up with a bunch of his Republican colleagues to put forth a "Resolution of Disapproval" to block the FCC's new rules from taking effect. This is a totally pointless move, as it would need President Obama to sign it -- something he wouldn't do. As some are quickly pointing out, this seems to go against the earlier claims from House Republicans that they really do "support net neutrality" with a flimsy bill that pretends to do that, while really undermining the FCC.

But the real ridiculousness is in the claims made by Collins about this new bill, which don't make any sense at all:

Collins said his resolution would be the quickest way to stop heavy-handed agency regulations that would slow Internet speeds, increase consumer prices and hamper infrastructure development, especially in his Northeast Georgia district. “Resources that could go to broadband deployment will go to federal taxes and fees,” he said. “We’ll all be paying more for less.”
Except, none of that is true. Nothing in the FCC 's new rules will slow down speeds (quite the reverse from what we've seen, actually), and none of it will lead to new taxes.
Collins underscored that small Internet providers will be unable to compete in a shrunken marketplace, due to the FCC’s reclassification of broadband as a public utility. “The agency is stretching old definitions to fit its regulatory agenda,” he explained. “Only businesses with the greatest resources will survive Washington, D.C.’s latest bureaucratic expansion into a growing and dynamic industry, particularly mobile broadband.”
If that were true, then why are small ISPs like Sonic cheering on the rules, saying that they're only a burden if you're trying to do something bad? There are conversations to be had about the best way to encourage more internet access -- but unfortunately it's all been destroyed by ridiculous partisan politics. If Collins wants to get the support of big funders, rather than the American public (who, Republican or Democrat, have overwhelmingly spoken out in favor of net neutrality), I guess that's one strategy. But it seems like a risky long term bet.

Read More | 27 Comments | Leave a Comment..

More posts from Mike Masnick >>