TKnarr’s Techdirt Profile

tknarr

About TKnarr




TKnarr’s Comments comment rss

  • Oct 21st, 2016 @ 1:56pm

    (untitled comment)

    Odds on the NSA knew about it just like they knew about every employee or contractor taking work material home to work on off-hours. That's been SOP for every place I've worked for, I can't see that changing just because the company's working on government projects. The DOJ's in panic mode and looking for anything that'll make it look like they're doing something, common sense is completely out the window at this point.

  • Oct 21st, 2016 @ 11:25am

    Re:

    It requires a number of things on the infrastructure side. Standard practice with IoT needs to be to have the devices on a separate non-Internet-connected network which requires the cooperation of router makers and users. Consumer routers need to implement RFC 3704 egress filtering by default. ISPs need to implement 3704 filtering on the customer side (the head-ends and/or CPE depending on physical configuration) and on the upstream side. Upstream networks need to implement 3704 filtering even if it means reconfiguring their topology to separate the non-transit parts of their network from the transit network. All parties involved need to stop depending on other parties to do the work and configure their own networks as if their measures are the only thing standing in the way of a massive DDoS attack. And finally, targeted parties need to be able to hold the originating and intermediate networks financially liable for all the costs involved, not just the small fraction of the access bill for the downtime, when those networks failed to enforce 3704 compliance.

    That won't stop all of it, but it'll stop a huge portion of it. The rest can only really be dealt with by forcing end users (consumer or business) to clean up infected/compromised systems on their networks. Given the intransigence of the average end-user (whether a consumer or a company's IT management) I don't see anything short of big sticks wielded effectively having any effect.

  • Oct 18th, 2016 @ 5:45pm

    Configure to prevent exploitation at the source

    IoT devices should by default live on a separate subnet within the home network, ideally on a separate port on the router from the rest of the home LAN (VLAN tagging makes this easy, it's already used to isolate the WAN port from the LAN ports and WiFi network). WiFi devices should work on a separate WiFi network (the same way guest networks work). Restrict the IoT network so it doesn't have access to the Internet and in large part you cut off the ability to exploit IoT devices even if they're vulnerable.

  • Oct 12th, 2016 @ 10:32am

    (untitled comment)

    I think what we need is enforcement of the Iqbal standards requiring a pleading to contain actual evidence supporting the claims being made, not just a bare recitation of the allegations, and the addition of a rule that at the pleading/response stage discovery is limited strictly to those things the opposing side has brought up (ie. defendant can only ask for discovery on the evidence plaintiff stated in the pleading, plaintiff can only ask for discovery on material defendant used in it's response to the pleading). That'd put an end to a lot of lawsuits before they got expensive.

    Yes, it'd discourage a lot of lawsuits where plaintiffs had a suspicion but no evidence. That's the point. You aren't supposed to be able to use the courts to go on fishing expeditions, you're supposed to already have something to back up your belief about what the defendant's supposed to have done.

  • Oct 11th, 2016 @ 11:57pm

    (untitled comment)

    Might've been fun to see MasterCard win, only to have the Master's Tournament sue them on the exact same grounds citing the previous decision in support of their claim. MasterCard: absolute earliest trademark registration 1966. Master's Tournament: been around under that name since 1934. Priority much?

  • Oct 11th, 2016 @ 7:21pm

    Re: Re: not to exclude competing transportation services.

    The SEC doesn't protect against dilution of securities. Companies are mostly free to issue more stock any time they want, despite the fact that doing so will dilute the value of existing shares. It's one of those risks that come with investing in stocks.

    If the medallion owners had a claim for damages due to dilution, their claim would be against the city government that sold them the medallions. Uber and Lyft and their drivers were never party to any agreement to preserve the market value of those medallions, so there's no basis for a claim. At best the medallion owners can try to claim that Uber and Lyft drivers are operating taxis without medallions, and the judge clearly outlined the reasons that that claim fails.

  • Oct 11th, 2016 @ 7:14pm

    Re:

    If you're a taxi driver, you almost certainly don't own the medallion. You probably don't own the cab you drive either. The taxi company owns both, and you just lease the cab from the company. And as the judge noted, Uber and Lyft aren't offering the same service, they're offering a different service that's competing in the same market as taxi cabs. The medallion doesn't grant a right to a particular share of that market, just the right to operate a taxi cab, nor does it grant a right to be free from competition from other services. Everybody in every industry/business that's gradually being replaced by another has voiced the same whinge, to which I know of only one reply: "Change happens. Deal.".

  • Oct 5th, 2016 @ 9:37pm

    Re: Re:

    Since the law puts in a conviction requirement, it should be a lot easier and cheaper to challenge seizures because it no longer requires argument whether or not you're guilty of the offense in question. Whether you've been convicted or not's a unambiguous question answerable by the record and not requiring any interpretation, so that should leave almost no wiggle room for a judge to find that the cops can keep the money without being able to produce a record of a conviction. It should also make it easier to hold the agencies liable for damages for keeping money absent a conviction, the claim for return of the money's being evaluated at a higher level than the cop on the street and it should be easier to make the case that a DA can't possibly be able to read "only with a conviction" as meaning anything else.

  • Oct 1st, 2016 @ 1:18am

    Re:

    Who could wrest control away from the US Government if they failed to manage it in a neutral fashion? They've demonstrated they're quite willing to ignore the rest of the world when deciding questions related to domain names. The transition, OTOH, will render non-neutral management less of a possibility because, unlike under the current system, IANA will be run by all stakeholders and not just one government. ICANN won't have any say in it's management or decisions after the transition, and having to convince governments, companies, registries, ISPs and public representatives that a proposal is correct and fair is going to be enough of a problem even when the proposal is completely reasonable and it's going to be nigh-impossible when one or more of the governing stakeholder groups disagrees with it.

  • Sep 30th, 2016 @ 11:22am

    Re: I think the ICANN transition is bad, but for different reasons

    Funny thing is, ICANN currently controls IANA. They got control of it back in '98 when Jon Postel (the guy who literally was IANA) died. The transition here is from IANA as a part of ICANN to IANA as an independent entity with a defined charter and governance rules.

  • Sep 20th, 2016 @ 6:46pm

    Re: It's all results driven...

    I wouldn't make it a small fee, I'd make it a significant fee for completely bogus links (enough to cover legal review, so at least 1-2 hours at standard lawyer's rates). Plus I'd change the rules to require the notice to include the amount of damages claimed for the allegedly-infringing content. If the link happens to refer to real content whose owner isn't the entity represented in the notice, the sender of the notice owes a penalty equal to the claimed damages on top of the bogus-notice fee payable to the site. The sender can only avoid the penalty by showing that they have a sworn declaration from the entity they represent saying the content really does belong to that entity, in which case the entity owes that penalty to the site plus an equal penalty to the actual owner of the material for misuse of copyright (falsely claiming ownership for the purpose of interfering with the real owner's distribution of their copyrighted material).

  • Sep 19th, 2016 @ 12:04pm

    Market

    I think the judge gave the 4th factor little weight because in this case the "market" for the work was strictly the judge involved in the case. Nobody sells legal briefs. They may sell templates for formatting legal briefs and maybe handling the boilerplate text, but there isn't a market for complete specific briefs. That renders the 4th factor largely useless in this particular case. Then there's the purpose for which it was copied. It's one thing to copy Newegg's brief for the purpose of presenting Newegg's brief (eg. "The facts and arguments in our case are identical, and Newegg has argued them in their brief as eloquently as we could so we don't want to waste the court's time repeating what's already been said. We attach Newegg's brief in it's entirety for reference if necessary."), it's another to copy the text of their brief for the purpose of presenting it as your own brief. Especially when you copied it before it was filed and became part of the public record.

  • Sep 12th, 2016 @ 10:38am

    Re: Re:

    There's a principle in both tort and criminal law that the defendant has to take the victim as they are, not as the average person would be. It's often called the eggshell-skull principle. The prosecution should have to prove that Ravi's actions did cause the suicide, not just "may have" but "did, beyond a reasonable doubt", and that what Ravi himself actually did was illegal (you never face criminal liability for acts which aren't themselves criminal, but the outcome of criminal acts should never be irrelevant.

  • Sep 1st, 2016 @ 4:30pm

    Re: Re:

    Not entirely correct. In these cases it's not a public page that's being viewed, it's a page restricted by an account login which can't be viewed without providing the correct credentials. Authorization to access it can be revoked or not granted by revoking the account's credentials or not granting them in the first place. The twist here is that the credentials weren't issued to the entity viewing the page but to the account-holder who then gave the viewing entity the credentials in violation of the terms of service the account-holder agreed to.

    Facebook would be fine if they just revoked the credentials, and sharing those credentials with Power Ventures is according to the ToS more than enough grounds for doing just that. Facebook's trying to shut down Power Ventures without cutting the account-holder off though, and the CFAA arguably isn't something that can do that (especially since PV didn't alter any data or do anything else that would cause damage in the sense the CFAA defines it to Facebook's systems).

  • Sep 1st, 2016 @ 1:51pm

    Re:

    There's some differences though. The biggest one is that there's more than just the business involved. The equivalent would be a mall occupied by multiple businesses. What happens when it's the mall that's thrown someone out, but a particular business in the mall invited them in and authorized them to come into that business. In a case like that, speaking as someone who's been in the mall's position, the cops and/or the DA's going to take one look at the invitation from the business and drop the whole thing after telling the mall it's between them and the business.

  • Aug 31st, 2016 @ 10:52am

    Re: Re: Re: Sorry armchair lawyers.

    And, as I already noted, the journalist isn't claiming he got the chart from JPP or his representatives (ie. those having a form signed by JPP saying they're allowed to receive medical information and make decisions on his behalf). It'd be a slam-dunk defense and grounds for dismissal if he asserted that and it could survive refutation, that he hasn't asserted it suggests he and ESPN are pretty sure it'll get shot down in short order.

    Other health-care providers, even if they have a release authorizing them access to the records, are governed by HIPAA when it comes to their handling of the records after they receive them and the releases don't and can't relieve them of that responsibility.

  • Aug 31st, 2016 @ 12:52am

    Re: Re: HIPPA does come into play

    No, he isn't. And as such, he would not be permitted access to JPP's medical chart if he asked to see it. If he got it from a health care provider, he would know (at the very least because it's general public knowledge) that that HCP was violating HIPAA in giving out the medical chart. If he got it from someone who wasn't a health care provider, then he would know that that party had no more legal access to it than he himself would unless the other party were (as I noted) JPP himself or his authorized representative. And I don't recall where Schefter claimed to have gotten the medical chart directly from JPP.

  • Aug 31st, 2016 @ 12:48am

    Re: Sorry armchair lawyers.

    In this case they can, since the journalist doesn't dispute that it's a medical chart. The only people who have legal access to those are the patient and medical professionals who are bound by HIPAA not to disclose it. The journalist isn't claiming JPP gave it to him, which leaves no party with legal access to the medical chart who could give that chart to the journalist. Even if it went through several hands, the journalist still knows that whoever he got it from got it from someone who was breaking the law. As the Court noted in Bartnicki, when the material isn't of public concern the First Amendment issues are very different than they are for matters of public concern and discourse. The First Amendment protects your right to speak your mind, not your right to dig into any random private individual's life and broadcast all the details of it to everyone.

    It would also be a different matter if the journalist were claiming that JPP or his authorized representative had provided the medical chart, or at least that his source had claimed such. As far as I know the journalist hasn't, probably because that claim would be easily refuted and would put the journalist in an even worse spot than he's in now.

  • Aug 30th, 2016 @ 5:55pm

    Re: Re: HIPPA does come into play

    Firstly would be the "public concern" aspect. In this case the contents of the medical chart and the details of treatment wouldn't be a matter of public concern in the sense Bartnicki is speaking of. In fact, the decision you linked to specifically says the Court does not address the question when the information isn't of public concern. That alone's enough to distinguish the cases.

  • Aug 30th, 2016 @ 4:28pm

    HIPPA does come into play

    I think HIPPA does come into play because the journalist would know that his source couldn't legally be providing a copy of the medical chart. The journalist would certainly be aware of HIPPA and at least it's general parameters, and under no reasonable interpretation could anyone (other than maybe JPP himself) disclose the medical chart to the journalist without violating the law in the process. That puts things in a somewhat different light than if the journalist didn't know he was disclosing confidential information obtained illegally.

More comments from TKnarr >>