Mike Masnick’s Techdirt Profile

mmasnick

About Mike MasnickTechdirt Insider

Mike is the founder and CEO of Floor64 and editor of the Techdirt blog.

He can be found on Twitter at http://www.twitter.com/mmasnick



Posted on Techdirt - 2 May 2016 @ 11:40am

Once Again All Of Whatsapp Is Being Blocked In Brazil Because A Judge Is Upset It Won't Turn Over Data

from the whats-up-brazil? dept

Brazilian judges are apparently not very big fans of the popular messaging app Whatsapp, which is owned by Facebook (but run independently). Judge Marcel Montalvao has ordered the app blocked entirely across Brazil, because Whatsapp has refused to provide data (which it likely does not have) to help out with a drug investigation. Any phone companies that don't block Whatsapp will be fined about $143,000 per day.

If this sounds familiar, it's because we went through this back in December in another case with another judge. And, of course, in March a Facebook (not Whatsapp) exec was arrested over a similar issue in a different case. When Whatsapp again refused to turn over information, because it could not, the judge had the exec arrested (another judge freed the exec pretty quickly).

Once again, Whatsapp points out that it's cooperated as much as possible:

“After cooperating to the full extent of our ability with the local courts, we are disappointed a judge in Sergipe decided yet again to order the block of WhatsApp in Brazil,” WhatsApp said in a statement. “This decision punishes more than 100 million Brazilians who rely on our service to communicate, run their businesses, and more, in order to force us to turn over information we repeatedly said we don’t have.”
The order is shutting down Whatsapp for 72 hours, but considering just how widely the app is used there (it is basically the way many Brazilians communicate) the impact is pretty massive. As Glenn Greenwald and Andrew Fishman over at the Intercept note, this is a ridiculous move that harms many people, but is also a sign of what's to come as governments continue to freak out over encrypted communications:
It is stunning to watch a single judge instantly shut down a primary means of online communication for the world’s fifth-largest country. The two Brazilian communication experts in the NYT wrote of the first WhatsApp shutdown: “the judge’s action was reckless and represents a potentially longer-term threat to the freedoms of Brazilians.” But there is no question that is just a sign of what is to come for countries far from Brazil: there will undoubtedly be similar battles in numerous countries around the world over what rights companies have to offer privacy protections to their users.

8 Comments | Leave a Comment..

Posted on Techdirt - 2 May 2016 @ 10:38am

Australian Gov't Commission Also Wants To Fix Patent Laws Down Under

from the another-wow dept

So we already wrote about the Australian government's Productivity Commission's Draft Report on Intellectual Property Arrangements, talking about what was said about copyright law, but the report also goes into other areas of intellectual property as well, with some pretty good ideas on patent law as well (on this one I think they could go even further, but most of the recommendations in the report are a good start).

Once again, they offer up a nice infographic demonstrating the key points, which focuses on the serious problems of allowing patents on obvious ideas:

The Productivity Commission clearly recognizes that too many patents stifle innovation. In fact, they note that the only time patents really should be issued are in cases where those inventions would not occur without that incentive. And thus, since so much public policy around innovation always seems to focus on figuring out ways to increase patent numbers, the authors of the report recognize that patent policy is probably harming, not helping innovation:
Indeed, it appears to have become accepted wisdom that because patenting plays some role in promoting innovation, more and stronger patents are always better. But research reveals that greater patenting activity is not always associated with more innovation and that a non-trivial number of patented inventions have low social value, or would have occurred anyway.

Low-value patents impede innovation by frustrating the efforts of follow-on innovators and researchers. In some cases, low-value patents can be used as a strategic tool for stalling or excluding market entry, and can contribute to ‘patent thickets’, which potential market entrants must ‘hack’ their way through in order to compete in a particular technology space.
And thus, they suggest that Australia's entire patent system should be rethought and refocused towards trying to encourage things that are socially beneficial. That is, the system should be set up not with the inventors as the sole focus, but rather what will lead to the greatest possible public benefit. And the failure to do so is creating "substantial costs" on the public.
While the incidence of some low–value patents does not come as a surprise, a multitude of such patents imposes substantial costs on the community. Low-value patents impede innovation by frustrating the efforts of follow–on innovators and researchers.
To fix this, they have a few suggestions -- all of which seem worthwhile. First, they say the bar is way too low for granting patents, so Australia should raise the bar for what's considered "inventive." They suggest the standard should be changed to if the invention or solution "would have been obvious for a person skilled in the art to try with a reasonable expectation of success." They even consider going beyond that, but recognize that some patent holders outside of Australia may freak out at such a suggestion and avoid the Australian market.

The second suggestion is giving an "overarching objective" to patent law, which examiners can use as a sort of guiding light or touchstone. Basically, allow Australia to reject patents by arguing that granting such patents would go against the public interest.
The objects clause should describe the purposes of the legislation as being to enhance the wellbeing of Australians by providing patent protection to socially valuable innovations that would not have otherwise occurred and by promoting the dissemination of technology. In doing so, the patent system should balance the interests of patent applicants and patent owners, the users of technology — including follow–on innovators and researchers — and Australian society as a whole.

The Australian Government should amend the Patents Act such that, when making a decision in relation to a patent application or an existing patent, the Commissioner of Patents and the Courts must have regard to the objects of the Patents Act.
That would be a big and wonderful change to the patent system.

Next up, they suggest increasing the fees associated with patents (both for applying and for renewals -- which would escalate), which acts as a mechanism to better ensure that a patent is valuable (i.e., making it less worthwhile if the patent holder isn't actually going to do something with it). It also encourages patent holders to stop renewing the patent and push the info into the public domain sooner if the patent itself is no longer making an economic return.

The report doesn't spend much time on patent trolls, noting that they're not a big problem down under, and suggests that the existing "loser pays" litigation structure probably helps keep patent trolling at a lower level there. At the very least, that seems like an important data point for folks here in the US looking to add a "loser pays" provision in patent reform.

How about business method and software (BM&S) patents -- which make up many of the most abused patents in the US? The Commission is not impressed by the arguments in favor of such patents and suggests making those things unpatentable. They point out that there's little evidence that such patents encourage innovation, and that most innovation associated with them almost certainly would have happened without the patents, because the focus was on building products (and that there would be first mover advantages for those who got there first, so the copycat issue isn't that big a deal). Furthermore, they point out that BM&S patents can often hold back important follow-on innovations. Quoting Nobel prize winning economist Eric Maskin, the report notes:
Specifically, in the software industry, progress is highly sequential: progress is typically made through a large number of small steps, each building on the previous ones. If one of those steps is patentable, then the patent holder can effectively block (or at least slow down) subsequent progress by setting high license fees. … Thus, in an industry with highly sequential innovation, it may be better for society to scrap patents altogether than try to tighten them.
And they conclude:
On balance, the Commission considers it unlikely that granting patents in the area of BM&S increases the welfare of the community. BM&S patents likely compensate activity that would have occurred in any event (are nonadditional) and reward low– (or even no–) value innovations. BM&S patents can also frustrate would–be competitors and follow–on innovators. While broader changes to patents, particularly around the inventive step and dispensing with innovation patents (chapters 6 and 7), may ‘knock out’ a large share of BM&S patents, the Commission still considers that there is value in making clear that BM&S should not be considered patentable subject matter.
There's a separate section on pharmaceutical patents, recognizing that the market factors there are somewhat different. Obviously, the pharma industry relies more heavily on patents. But they also note that Australia has a public policy need to "improve the health of all Australians." They suggest that the government shouldn't be as willing to hand over "extensions of terms" on phama patents, and should only do so in specific cases.

On the related question around data protection and biologics (a key sticking point in the TPP negotiations), the report finds that the policy should be designed to encourage much more openness and information sharing, rather than locking up information and biologics for too long.
There should be no extension of the period of data protection, including that applicable to biologics.

Further, in the context of international negotiations, the Australian Government should work with other nations towards a system of eventual publication of clinical trial data in exchange for statutory data protection.
These all seem like decent suggestions, though I still think they could go further. For years I've pushed for an independent inventor defense and for independent invention being a sign of obviousness (such that it might invalidate a related patent from someone else). That concept doesn't seem to make it into the report.

Still, as with copyright, the report's authors do seem to understand the key problems of the patent system in working against innovation.

And, once again, this is fairly amazing. The stunning thing about this report is that it pushes back on a lot of the accepted -- but bogus -- wisdom around copyright and patents that just gets repeated without question in most government reports. Kudos to the authors of the report.

Read More | 2 Comments | Leave a Comment..

Posted on Techdirt - 2 May 2016 @ 9:26am

Australian Gov't Commission: Copyright Is Copywrong; Hurting The Public And Needs To Be Fixed

from the wow dept

Three years ago, down in Australia, the Australian Law Reform Commission started examining various copyright reform proposals, and eventually made a rather mild suggestion: bring fair use to Australia. Frankly, we felt that the Commission could have gone much further, but it basically said to copy the American approach to fair use. Not surprisingly, Hollywood flipped out, claiming that it would "lead to an increase in piracy." And, soon after that, the new government, led by Attorney General George Brandis flat out ignored the report and pushed for expanding copyright against the public interest, and very much towards exactly what Hollywood wanted. This wasn't all that surprising, given that it was revealed that Hollywood representatives spent a lot of time with Brandis, while he deliberately avoided meeting with representatives of the public.

But, in a bit of a surprise, last week, a different Australian government commission, the Productivity Commission, released one of the most amazing reports on copyright that you'll see out of a government body. The Productivity Commission is a government agency designed to give independent advice to the government -- and had been tasked with exploring how well Australia's intellectual property laws were working.

In short, the answer provided by the commission is: not well.

Just take a look at the infographic the Commission pushed out along with the report, which is titled "Copy(not)right."

The whole section on the problems of copyright as currently in place in Australia is worth reading. They don't pull many punches:
Australia’s copyright arrangements are weighed too heavily in favour of copyright owners, to the detriment of the long-term interests of both consumers and intermediate users. Unlike other IP rights, copyright makes no attempt to target those works where ‘free riding’ by users would undermine the incentives to create. Instead, copyright is overly broad; provides the same levels of protection to commercial and non-commercial works; and protects works with very low levels of creative input, works that are no longer being supplied to the market, and works where ownership can no longer be identified.
Like the report from three years ago, this report strongly supports fair use (citing that report in part), and their proposal in that area is really strong too. For years now, here at Techdirt, we've argued against calling fair use a "limitation and exception" to copyright, because that's misleading. Fair use is about the public's rights. And it appears that the Commission agrees, titling its section on fair use: "A new system of user rights."

In that section, the Commission notes that fair use is important in making sure that copyright law only is used to "target those works where 'free riding' by users would undermine the economic incentives to create and disseminate works." This should make intuitive sense to basically everyone. Copyright is much more defensible if it's only used in cases where infringement is undermining the incentives to create. But where that's not happening, then claiming infringement seems inappropriate.

The report then supports the basic four-factor test as used in the US. It also points out that the main complaint against this approach by legacy copyright industry players -- that because there's no case law, it would lead to a big litigation mess -- was unfounded and suggests a workaround to make the transition easier:
In the Commission’s view, legal uncertainty is not a compelling reason to eschew a fair use exception in Australia, nor is legal certainty desirable in and of itself. Courts interpret the application of legislative principles to new cases all the time, updating case law when the circumstances warrant doing so.

To reduce uncertainty, the Commission is recommending Australia’s fair use exception contain a non-exhaustive list of illustrative uses, which provides strong guidance to rights holders and users. Existing Australian and foreign case law, particularly from the United States where fair use has operated for some time, will provide further guidance on what constitutes fair use.
Later in the more detailed part of the report, the Commission is even more direct in refuting (in great detail) each and every objection by the legacy copyright industries. In fact, they have a whole callout box that picks apart the ridiculous claims by various legacy copyright players on the "costs" of fair use:
It also notes that the fair use recommendation from three years ago should be the starting point for reform, representing the "minimum level of change" and suggesting Australia go much further, specifically in exempting orphan works and "out-of-commerce" works.

Yes, you read that right, the Commission is suggesting a "use it or lose it" feature for copyright:
The lack of any requirement for rights holders to actively supply the Australian market reduces the efficiency of Australia’s copyright regime. Demand for works that have been created, but are not being supplied, reduces consumer welfare and the profits of intermediaries and original rights holders. Where a rights holder has made a choice not to supply their works to the market (or refuses to supply a market), granting consumers access to that work, such as through a fair use exception, improves consumer wellbeing without reducing incentives to create copyright works. By definition, if a work is not being supplied to the market, concerns about copying and ‘free riding’ are moot.
While this will undoubtedly be shocking to many in the copyright space -- the report points out that such features are common in other areas of intellectual property law.

From there, the report points out how ridiculous geoblocking is, and says that getting around those blocks should not be seen as infringement:
The use of geoblocking technology is pervasive, and frequently results in Australian consumers being offered a lower level of digital service (such as a more limited music or TV streaming catalogue) at a higher price than in overseas markets. Studies show Australian consumers systematically pay higher prices for professional software, music, games and e-books than consumers in comparable overseas markets. While some digital savvy consumers are able to avoid these costs (such as through the use of proxy servers and virtual private networks), many are relegated to paying inflated prices for lower standard services.

The Australian Government should make clear that it is not an infringement of Australia’s copyright system for consumers to circumvent geoblocking technology and should seek to avoid international obligations that would preclude such practices.
Also, not surprisingly, the report finds that copyright terms are ridiculously long and that harms the public massively:
The evidence (and indeed logic) suggests that the duration of copyright protection is far more than is needed. Few, if any, creators are motivated by the promise of financial returns long after death, particularly when the commercial life of most works is less than 5 years.

Overly long copyright terms impose costs on the community. Empirical work focussing on Australia’s extension of copyright protection from life plus 50 years to life plus 70 years (a requirement introduced as part of the Australia–United States Free Trade Agreement) estimated that an additional 20 years protection would result in net transfers from Australian consumers to foreign rights holders of around $88 million per year. But these are likely to be a fraction of the full costs of excessive copyright protection. The retrospective application of term extension exacerbates the cost to the community, providing windfall gains to copyright holders with no corresponding benefit.
The report even suggests that a copyright term of maybe 25 years seems a lot more appropriate, based on actual empirical studies (what a concept: not basic copyright policy entirely on faith).

The report also states what many of us have argued for years, but which seems like something that rarely comes up in "respectable" conversations around copyright: if the copyright is being used outside the "incentive to create," then it makes no sense:
Unlike other IP rights, copyright makes no attempt to target those works where ‘free riding’ by users would undermine the incentives to create. Instead, copyright is expansive and ‘all encompassing’, providing the same levels of protection to commercial and non-commercial works, to works with essentially no degree of creativity, to works that are no longer being supplied to the market, and to works where ownership can no longer be identified. This leads to copyright covering works that require no incentive for creation, and works that have exhausted their commercial life and are no longer available. Beneficial uses of such material are unrealised. Accordingly, the current Copyright Act is weighted too heavily in favour of copyright owners, to the detriment of the long-term interests of users.
Finally, the report notes that international trade agreements are doing a terrible job constraining Australia and blocking its ability to fix the many problems of copyright and to implement the sensible recommendations in the document. This is quite telling, since Australia was actually one of the voices in the TPP negotiations pushing for expanded copyright. This report is basically slapping those negotiators and pointing out that what they're doing runs directly counter to the public interest. After pointing out the state of these agreements, the report notes:
a consequence of embodying so much of our IP provisions in international agreements is that Australia is significantly constrained in reforming its IP arrangements
The report also notes that greater enforcement against individuals for file sharing or intermediaries for providing tools has "only had a modest impact," and that the real way to decrease piracy is not to ratchet up the law, but to make more legal content available:
Changes to the law to encourage Internet service providers to cooperate with rights holders, as well as litigation, have only had a modest impact in reducing infringement. Further legislative change is unlikely to improve compliance with the law.

Instead, evidence suggests infringement declines with better content availability and most consumers prefer paid, legal consumption. As such, an effective approach to reducing infringement is the timely release of content to Australian consumers. This requires action by rights holders and their intermediaries.
Honestly, this is the most thorough and amazing document on copyright I've ever seen come out of a government body (we'll address its coverage of patents in another post...). It's level headed and reasonable and actually hits on most of the key "big issues." I'm guessing that it's so right on and so detailed... that it will be (1) attacked viciously by legacy players and (2) ignored by lawmakers when it comes time to actually reform the system. Oh, and while the report is technically under copyright (Australia has crown copyright, which allows government works to be under copyright), the authors wisely have slapped a CC-BY license on it, meaning that we can share it here as well.

Read More | 16 Comments | Leave a Comment..

Posted on Techdirt - 29 April 2016 @ 11:43am

EU Regulators Can Barely Contain Their Desire To Attack Google And Facebook, Believing It Will Help Local Competitors

from the not-how-it-works dept

Look, we warned everyone. Back in December of last year, we told you that the EU Commission was looking to put in place new regulations that were clearly designed to hamper Google and Facebook with needless regulations. It was pretty obvious from the way it phrased its broken survey form, that this was the intent. We, along with a bunch of internet startups told the EU that this was a mistake. We explained that Google and Facebook are big and they'll be able to handle whatever regulations the EU throws at them, because they can just throw money at the problem.

But... everyone else? They're going to get screwed over. The folks over at Euractiv have got their hands on a leaked draft of the plan to regulate online platforms, and it's more or less what we expected, and what was hinted at a few weeks ago.

The EU Commission is trying to pretend it's not going to do what it's obviously going to do. On the one hand, it talks about not creating a one-size-fits-all solution. In the conclusion, it states:

Overall, at this stage, there is no compelling case for general ex-ante regulation of online platforms across the board.
However, elsewhere throughout the document, you can see that the EU is chomping at the bit to put some shackles on Google and Facebook and basically any American company, in the belief that it will magically open things up for EU competitors to take over the market. The document whines about the lack of EU companies:
However so far Europe is not driving the online platform revolution: at present the EU represents only 4% of the total market capitalization of the largest online platforms, with the vast majority of platform enterprises originating in the US and Asia. As online platforms increasingly capture new digital value chains, this particularly limits the competitiveness and growth of the EU. Given the growing importance of online platforms in the economy and the disruptive role they play in business, including acting as gateways to customers, the EU must ensure favourable conditions for the creation and growth of online platforms.
It really takes a bureaucrat's mind to look at the market and say that the problem here has to be not enough regulation on internet platforms, and not recognize that the overall conditions in the EU are not conducive to the kinds of internet innovations that create successful internet companies. Hell, one of the few truly successful European platforms, Spotify, is threatening to move the company headquarters from Sweden to New York, because the regulatory environment is so hostile. And yet, rather than setting things up to encourage more innovation, the focus is constantly on how can regulations be put onto the big companies to keep them hindered in the EU market.

Yes, there is some talk of things, but it's the usual misguided bureucrat's idea of how to encourage innovation: (1) throw money at it and (2) beef up intellectual property protections. On the first one, they talk about increasing funding for innovation. That's not a bad thing, per se, but it almost never works when the government is the one behind such a project. Governments rarely know how to truly invest for innovation. On the second one, it's no surprise that the legacy copyright industries are using this effort as yet another vector to attack internet players, and the EU Commission has bought it hook, line and sinker. It calls for "sectorial legislation" for "ensuring a fair allocation of revenues for the use of copyright-protected content." We keep hearing this line over and over again about "fair allocation." How does that work exactly? Will it mean that record labels no longer are allowed to take musicians' copyrights, and then charge them expenses against their advance so that they never make another dime beyond the advance (which they'll have to use to record)? Seems unlikely.

In fact, nearly all of the report uses bureaucratic speak for "we just need to stop these successful companies, and our own companies will grow." That's not how it works. You get a lot of "level playing field" claims throughout:
Online platforms have disrupted traditional business models and are increasingly regarded by users as equivalent or as substitutes of traditional services in various sectors. Current examples range from the media and entertainment sectors to the retail and communications sectors. As a general regulatory principle, the same activities must be subject to the same rules in the Digital Single Market. This principle is usually referred to as a "level playing field."
Yes, but too often the "leveling" of the playing field seems to be to push it back towards the way legacy businesses ran. The reason startups are disruptive is because they're innovative in ways that tilt the playing field towards them. Having government put its thumb back on the other end of the field doesn't help innovation. It doesn't help the public. It just helps legacy businesses remain static and feel less of a need to innovate themselves.

And yes, the report makes a brief nod to that potentially, noting:
Competition from online platforms can provide incentives for traditional market players to innovate and improve their performance, as well as point to a need to simplify and modernise existing regulation. This modernisation should seek to avoid imposing a disproportionate burden on online platforms business models. At the same time, in areas where competitive pressures have been increased, deregulation of traditional sectors may offer the most beneficial response to achieve a level playing field.
But none of the rest of the report seems to follow up on that. Instead it's just more ways to push the innovation back down.

The report also says "we know our intermediary liability protections are important, so we'll keep them... but... we really won't."
The public consultation showed strong support for the existing principles of the e-Commerce Directive, but also for the need to clarify certain concepts, including the scope of the safe harbour for intermediary liability, including for online platforms. Given this background, the Commission intends to preserve the existing liability regime.

However, with the rise of online platforms monetising users' content and data, and with the need for online platforms to contribute to making the Internet a safer place, the EU needs to further define its approach to their broader responsibility. As they occupy a special role in the economy and society with unmatched influence, online platforms should behave responsibly and have frameworks in place to take reasonable and effective action to protect their users from illegal and harmful activities.
Got that? The second paragraph totally undermines the first.

Basically it appears that, as we suspected from the way the report was set up, the plan here is to put some sort of "duty of care" or some such on internet platforms. This will mean that Google and Facebook will be fine -- they can staff up giant warehouses of people reviewing content. But it will become extremely expensive and risky for anyone else to enter the space, since they won't have the resources to satisfy the EU's regulators.

Read More | 18 Comments | Leave a Comment..

Posted on Techdirt - 29 April 2016 @ 10:38am

Senators Burr & Feinstein Write Ridiculous Ignorant Op-Ed To Go With Their Ridiculous Ignorant Bill

from the learn-something-people dept

Senators Richard Burr and Dianne Feinstein are not giving up that quickly on their ridiculous and technically ignorant plan to outlaw real encryption. The two have now penned an op-ed in the WSJ that lays out all the same talking points they've laid out before, without adding anything new. Instead, it just continues to make statements that show how incredibly ignorant they are. The piece is called Encryption Without Tears (and may be paywalled, though by now everyone knows how to get around that), which already doesn't make any sense. What they're pushing for is ending basic encryption, which will lead to many, many tears.

It starts out with their standard ridiculous line, pretending that because a company builds end-to-end encryption, it's acting "above the law."

In an increasingly digital world, strong encryption of devices is needed to prevent criminal misuse of data. But technological innovation must not mean placing individuals or companies above the law.
People have gone over this time and time again: this is not about anyone being "above the law." It's about whether or not companies can be forced to directly undermine the safety and security of their products (and the public). A paper shredder can destroy evidence. A paper shredder maker is not "above the law" when it decides not to build a system for piecing back together the shreds.

And speaking of "above the law" I still don't see Feinstein or Burr commenting on the FBI/DOJ announcing that it will ignore a court order to reveal how it hacked into computers over Tor. That is being above the law. That involves a situation where a court has asked for information that the FBI absolutely has. The FBI is just saying "nope." If Burr and Feinstein are really worried about being "above the law," shouldn't they worry about this situation?
Over the past year the two of us have explored the challenges associated with criminal and terrorist use of encrypted communications. Two examples illustrate why the status quo is unacceptable.
I love this. They give two examples that have been rolled out a bunch in the last few weeks. The attack in Garland, Texas, where the attackers supposedly exchanged some messages with potential ISIS people, and the case of Brittney Mills, who was tragically murdered, and whose case hasn't been solved. Mills had her smartphone, but no one can get into it. Of course, it took nearly two years of fretting before law enforcement could dig up these two cases, and neither make a very strong argument for why we need to undermine all encryption.

It's a simple fact that law enforcement never gets to have all of the evidence. In many, many, many criminal scenarios, that's just the reality. People destroy evidence, or law enforcement doesn't find it or law enforcement just doesn't understand it. That's not the end of the world. This is why we have police detectives, who are supposed to piece together whatever evidence they do have and build a picture for a case. Burr and Feinstein are acting like in the past, law enforcement immediately was handed all evidence. That's never been the way it works. Yes, law enforcement doesn't get access to some information. That's how it works.

You don't go and undermine the very basis of computer security just because law enforcement can't find a few pieces of evidence.
Our draft bill wouldn’t impose a one-size-fits-all solution on all covered entities, which include device manufacturers, software developers and electronic-communications services. The proposal doesn’t define the technological solutions or tell businesses how to solve the problem.
This is also misleading. The bill requires an end to real encryption. That's it. Real encryption means that only one person has the key. This is what Burr and Feinstein don't seem to get. They seem to think it's trivial to leave a key with Apple or whoever. But as basically every crypto expert has explained, it is not. Doing so creates a vulnerability... and worse, it's a vulnerability that cannot be patched. That's hellishly dangerous. Sure, the bill doesn't tell them exactly how to do this, but it does make it clear: you cannot offer real encryption, you can only offer something that can be hacked. That's a problem.
We want to provide businesses with full discretion to decide how best to design and build systems that maintain data security while at the same time complying with court orders.
We want to provide businesses with full discretion to decide how best to travel back in time, in order to prevent crimes.

Seriously: this is basically the same thing that Burr and Feinstein are saying here. They're asking for something that's impossible, and acting like it's a routine suggestion. If they need to comply with these All Writs Act style orders, they cannot build systems that maintain data security. That's a fact. It's mind-boggling that Burr and Feinstein still can't understand this.
Critics in the industry suggest that providing access to encrypted data will weaken their systems. But these same companies, for business purposes, already maintain and have access to vast amounts of encrypted personal information, such as credit-card numbers, bank-account information and purchase histories.
Argh. This paragraph shows that whatever poor staffer Burr and Feinstein assigned to write this drivel doesn't understand even the first thing about what he or she is talking about. Storing encrypted passwords, credit card info, bank account info, etc. is a totally different thing. Those are encrypted to keep them safe, and part of the reason they're encrypted is so that even those companies cannot reveal them. This point is making the opposite point of what Burr and Feinstein think. Companies encrypt passwords and credit card info and the like so that they're not storing the plaintext info, and there's no easy way for anyone to get that info. This protects user data, and the companies cannot actually provide the plaintext. They're comparing hashes. That's what keeps it safe.

If we received a court order demanding our users' passwords, we couldn't provide them. Because they're encrypted. We don't know our users' passwords and can't give them to you. When someone logs in to our website, we can compare a hash of their password to our hashed version and then if they match, we let them in. But we don't know what their password is. So this is a terrible example that actually goes against what Burr and Feinstein are saying. Those encrypted stores of information would be illegal under this bill!
We are not asking companies to provide law enforcement with unfettered access to encrypted data. We aren’t even asking companies to tell the government how they gain access to this encrypted data. All we are doing is asking companies to find a way to keep their data secure while also cooperating with law enforcement in terrorism and criminal investigations.
Again, that last line is impossible. They're asking the impossible -- and in the process, making everyone less safe. The only way to provide such info to law enforcement is to no longer keep the data truly secure. And the big concern is not unfettered access for law enforcement, but rather whatever this backdoor means for those with malicious intent, who will be very, very, very focused on finding these vulnerabilities and exploiting them.
President Obama said earlier this year, “You cannot take an absolutist view on this.” We agree—and believe that strong data security and compliance with the justice system don’t have to be mutually exclusive.
Because you don't know what you're talking about.
American technology companies have done some amazing things that are the envy of the world. We think that finding a way to achieve both goals simultaneously is not beyond their capabilities.
So, in the end, despite basically every cryptography expert telling them this is impossible, Burr and Feinstein come back with "NERD HARDER, NERDS!"

64 Comments | Leave a Comment..

Posted on Techdirt - 29 April 2016 @ 9:29am

FBI Spent $1.3 Million To Not Even Learn The Details Of The iPhone Hack... So Now It Says It Can't Tell Apple

from the wtf dept

Once the DOJ told the court in San Bernardino that it had succeeded in hacking into the iPhone of Syed Farook, the big question people asked is whether or not the FBI would then tell Apple about the vulnerability. After all, the administration set up the so-called "Vulnerabilities Equities Policy" (VEP) with the idea of sharing most vulnerabilities it discovers with companies. The White House directly stated:

One thing is clear: This administration takes seriously its commitment to an open and interoperable, secure and reliable Internet, and in the majority of cases, responsibly disclosing a newly discovered vulnerability is clearly in the national interest. This has been and continues to be the case.

This spring, we re-invigorated our efforts to implement existing policy with respect to disclosing vulnerabilities – so that everyone can have confidence in the integrity of the process we use to make these decisions. We rely on the Internet and connected systems for much of our daily lives. Our economy would not function without them. Our ability to project power abroad would be crippled if we could not depend on them. For these reasons, disclosing vulnerabilities usually makes sense. We need these systems to be secure as much as, if not more so, than everyone else.
Of course, there's a big "but" there -- and it's that there's an "exception" for law enforcement. Last fall, after (yet another) big legal fight, the good folks over at the EFF finally got access to the VEP details and you can now read a (heavily redacted) version.

Still, one could make a strong case that this vulnerability should be disclosed... even if almost no one expected it to be. Amusingly, just a few days ago, Apple revealed that the FBI used the VEP to disclose a vulnerability for the very first time, on April 14th, just as everyone was arguing about this. Of course, the flaw it revealed was not about hacking into the iPhone, and was actually about a flaw that Apple had discovered and fixed... nine months ago. But, again, if this is the very first time the FBI has disclosed something to Apple, it certainly suggests that the VEP process generally means nothing gets disclosed. In fact, the timing of this really suggests that someone in the DOJ recently flipped out and realized that there's now going to be scrutiny on the VEP, so they might as well disclose something. Thus, they found an old bug that had already been patched and "revealed" it.

Either way, things got stranger a couple of days later, when the FBI -- which had already admitted to paying over $1 million to access Farook's iPhone, said that, for all that money, the people it hired never explained the vulnerability. They just opened the phone. Really.
“The F.B.I. purchased the method from an outside party so that we could unlock the San Bernardino device,” Amy S. Hess, executive assistant director for science and technology, said in a statement.

“We did not, however, purchase the rights to technical details about how the method functions, or the nature and extent of any vulnerability upon which the method may rely in order to operate. As a result, currently we do not have enough technical information about any vulnerability that would permit any meaningful review” by the White House examiners, she said.
Now, some are arguing that this suggests absolutely terrible bargaining on the side of the DOJ/FBI. But, another interpretation is that it's how the DOJ knew that it wouldn't have to reveal the flaw to Apple. Of course, this might also explain why the DOJ at one point appeared to claim that the hack in question only worked for Farook's phone. They later claimed that was a misstatement, and it really meant that it only applied to that iPhone configuration. But, if the FBI never actually got the details, then in some sense they'd be right that for the FBI the crack only worked for that one phone. And if they wanted to do it on another phone, they'd have to shell out another ~$1 million or so...

31 Comments | Leave a Comment..

Posted on Techdirt - 28 April 2016 @ 12:39pm

Techdirt Reading List: How To Fix Copyright

from the copyright-reform-time dept

We're back again with another in our weekly reading list posts of books we think our community will find interesting and thought provoking. Once again, buying the book via the Amazon links in this story also helps support Techdirt.



In last week's Reading List post, we highlighted William Patry's Moral Panics and the Copyright Wars, in which he laid out a strong case for just how badly the debate on copyright has been warped by legacy industry forces creating bogus analogies. One of the complaints some leveled at that book was that it only discussed the problems, rather than offering any solutions. Of course, that wasn't the point of the book.

Nevertheless, Patry was then convinced to write a follow up book How to Fix Copyright, in order to respond to those critics (most of whom will never be satisfied). Once again, the book is an excellent read. It is not -- as some believed -- an entire book dedicated to discussing possible solutions. Instead, it again spends a lot of time making sure people really understand how messed up copyright law has become, and then towards the end proposes a few, relatively simple, solutions (which, frankly, may not go far enough). It talks about things like bringing back formalities (i.e., make copyright opt-in again) and shortening copyright terms.

Since it appears that Congress is really moving forward with copyright reform, it's definitely worth reading Patry's book again, and seeing if Congress goes anywhere near implementing his suggestions. My guess: not a chance.

8 Comments | Leave a Comment..

Posted on Techdirt - 28 April 2016 @ 9:30am

Even The Surveillance-Loving Wall Street Journal Is Bashing The FBI For Its War With Apple

from the didn't-see-that-one-coming dept

The Wall Street Journal has been a reliably pro-surveillance voice over the years, calling Snowden a "sociopath" while calling for even less NSA oversight, making up bizarre conspiracy theories, and fighting back against any surveillance reform. It even once argued that the tech industry should put backdoors into its encryption to better help the surveillance state.

That's what makes its recent editorial, The Encryption Farce (possibly behind a paywall, though the version I just opened showed up fine), so remarkable. It completely bashes the FBI over its attempts to force Apple to build a backdoor into its encryption -- though mainly because of the ridiculous fact that in the two most high profile cases, the DOJ magically got into the phones just as the cases got serious. The WSJ editorial doesn't pull any punches, asking what the hell is going on at the Justice Department:

If history repeats itself first as tragedy and then as farce, what does the FBI have in store next for its encryption war with Apple? After withdrawing its demands in San Bernardino and then reopening hostilities with a drug prosecution in Brooklyn, the G-men abruptly dumped the second case over the weekend too. Is anyone in charge at the Justice Department, or are junior prosecutors running the joint?
The editorial goes on to mock the FBI's claim that these cases are all about getting into just that phone, and notes that constantly finding ways in at the last minute are destroying the FBI's credibility.
This second immaculate conception in as many months further undermines the FBI’s credibility about its technological capabilities. Judges ought to exercise far more scrutiny in future decryption cases even as Mr. Comey continues to pose as helpless.
It goes on to suggest that the FBI stop bringing these cases, and that the President and the DOJ should put an end to this ridiculous attack on encryption:
Yet forgive us if this “conversation” now seems more like a Jim Comey monologue. The debate might start to be productive if the FBI Director would stop trying to use the courts as an ad hoc policy tool and promised not to bring any more cases like the one in Brooklyn.

Meanwhile, the White House has taken the profile-in-courage stand of refusing to endorse or oppose any encryption bill that Congress may propose. If the Obama team won’t start adjusting to the technological realities of strong and legal encryption, they could at least exercise some adult supervision at Main Justice.
On its own, such an editorial might not seem like a huge deal, but coming from the Wall Street Journal -- a source that has previously championed much greater surveillance and even supported backdoors -- it's a surprising shift. And it shows just how badly the DOJ and FBI miscalculated in their attempts to use the courts to get their desired results in breaking encryption.

13 Comments | Leave a Comment..

Posted on Techdirt - 28 April 2016 @ 8:31am

Mississippi Attorney General Jim Hood Withdraws Google Subpoena As Google Appeals Court Ruling

from the not-over-yet dept

Earlier this month, the Fifth Circuit appeals court tossed out the lawsuit that Google had filed against Mississippi Attorney General Jim Hood, following Hood's decision to send a subpoena that was written by the MPAA's lawyers, as part of a plan by the MPAA to pay money to get state Attorneys General to attack Google.

While some in the legacy copyright world painted the ruling in the Fifth Circuit as a "victory" for Jim Hood, and a loss for Google, anyone reading the details would recognize it was anything but that. The court made it pretty clear that Hood's subpoena was ridiculous and had no chance of surviving a judicial review... but dumped the case on a procedural issue, arguing that since Jim Hood had not yet taken any action concerning Google's unwillingness to respond to parts of the subpoena, there was nothing to dispute. Basically, the court said "wait until Hood actually tries to force you to do something... and then we'll tell him his subpoena is bogus."

Google has now asked the appeals court to reconsider throwing out the case, but also reveals an interesting tidbit in the footnotes: it appears that after the ruling, Hood withdrew the entire subpoena:

If you can't read that, it says:
By letter of April 22, 2016, Hood withdrew the subpoena that Google had challenged.
That should be a pretty clear indication that this wasn't the victory some of the MPAA/Hood supporters have been claiming. Of course, Google does think it's entirely possible that Hood will issue an updated subpoena, which is part of the reason that it's asking the court to review the ruling. In a later footnote it points out that along with the withdrawal letter, Hood did warn them that the letter requiring Google to retain documents for possible litigation "remains in effect."

As for the meat of Google's petition, the company argues that the court was wrong to dump the entire lawsuit, pointing out that there were two claims in the original filing -- one for injunctive relief (i.e., blocking Hood from doing anything with the subpoena) and one for declaratory judgment (basically saying that the company was doing nothing wrong). The company says that the ruling tossing the lawsuit just referred to the injunctive relief question, not the declaratory judgment -- and further makes the argument that there was a real risk of Hood pursuing unconstitutional measures, meaning that a lawsuit for declaratory judgment is perfectly reasonable.
The panel directed the district court to dismiss the entire case as unripe because Google had not shown an “imminent threat of irreparable injury.” ... But that standard does not apply to Google’s claims for declaratory relief regarding threatened enforcement action. Under settled law, such claims “need cross only a low threshold; the Supreme Court requires no more than a ‘credible threat of prosecution,’ one that is not ‘chimerical,’ or ‘imaginary or speculative.’” .... Google met that standard. Accordingly, Google requests that the panel amend its decision to permit Google’s claims for declaratory relief regarding threatened enforcement action to proceed.
Of course, it's also possible that the court may argue that even if that's true, the whole thing is moot now that Hood has withdrawn the subpoena.

Google tries to address that as well, but I'm not convinced the court will buy it.
In addition to identifying specific conduct he deemed unlawful, Hood took concrete steps that reinforced the peril Google faces. He wrote the company’s outside counsel requesting that Google “preserve potentially relevant information that may be used as evidence in pending or reasonably foreseeable litigation.”... Hood gave a presentation to fellow attorneys general that detailed Google’s alleged wrongdoing, explained the elements of “Possible Causes of Action,” and offered theories to overcome Google’s anticipated defenses.
It's in this section that Google includes the footnote noting that Hood told the company that the preservation letter was still in effect, suggesting that he may still intend to go after Google.

Still, it looks like all the MPAA got for the hundreds of thousands of dollars it threw at this was making Mississippi's Attorney General look foolish, and showing just how far the MPAA will go to try to attack Google, rather than adapt to the internet.

Read More | 24 Comments | Leave a Comment..

Posted on Techdirt - 27 April 2016 @ 3:33pm

House Votes Unanimously In Favor Of Requiring A Warrant To Search Emails

from the yay! dept

The push to reform ECPA -- the Electronic Communications Privacy Act -- have been going on basically as long as this site has been in existence (i.e. nearly 20 years). There are lots of problems with ECPA, but the big one that everyone points to is that it considers any communication that's on a server more than 180 days to be "abandoned" and accessible without a warrant. That perhaps made some amount of sense back in 1986 when the law was written, because everything was client-server and you downloaded your email off the server. But in an age of cloud computing and webmail it makes no sense at all. Still, the IRS and the SEC really, really liked the ability to use ECPA to snoop on people's emails.

In the past few years, Congress has kept supporting reform, but it always dies when some part of the administration complains and tries to block it. And yet, each time it enters Congress, it gets more and more sponsors. And, finally, the full House has voted to pass the Email Privacy Act. It was no surprise that it passed. The bill had an astounding 315 cosponsors. Seriously:

Still, it's impressive that the bill ended up passing unanimously, 419 votes to 0 (and 14 missing votes). On an issue like this, that's surprising. You figured there would be some Congressional rep from somewhere arguing that this would let terrorists and child predators off the hook or something.

The bill is certainly not perfect, and could be improved, but it's nice to see the House get the basics right. Now, we wait and see what happens in the Senate... Will the Senate ignore a unanimous House and let this bill just die, or will it finally do the right thing and protect email privacy?

24 Comments | Leave a Comment..

Posted on Techdirt - 27 April 2016 @ 11:38am

And Out Come The Wolves: Now Getty Images Files EU Antitrust Complaint Against Google About Image Piracy

from the uh,-why-not-a-copyright-complaint? dept

With the EU making the first big antitrust move against Google in the EU over Android bundling practices (and more still expected over search), it seems that lots of other companies that have had trouble adapting to the internet are coming out of the woodwork to file complaints of their own (well, everyone except Microsoft, which has agreed to drop its complaints -- despite kicking off much of the EU antitrust focus on Google). Last week, we wrote about News Corp. confusingly arguing that Google News was an antitrust violation, because it both linked to its content and because it wouldn't link to its content (don't ask me, I don't understand it either).

Next up? Getty Images complaining about Google Images. According to Time, Getty has filed an antitrust complaint against Google in the EU, apparently arguing that Google's image search is undermining Getty's licensing business and "encouraging piracy."

Photography company Getty Images is accusing Google of scraping images from third party websites and encouraging piracy, adding a new wrinkle to the Mountain View, Calif.’s ongoing legal battles in Europe.

In its complaint to the European Union’s antitrust commission, Getty says Google Images, which displays full-screen slideshows of high-resolution copyrighted images, has hurt the stock agency’s licensing business as well as content creators worldwide. Google first introduced the feature in Jan. 2013. Previously, the search engine only displayed tiny thumbnails of images.
Getty has not actually released the complaint but put out a press release with a few more details and had its General Counsel Yoko Miyashita, post an open letter. The big issue, it seems, for Getty is that three years ago Google made its Images search act a little different, in that you can display full resolution images, rather than just purely thumbnails. Getty claims that this is decreasing the rate of clickthroughs to its site, where it might be able to extract some licensing fees.

Getty, of course, has a troubled history with the internet. It has a pretty long history of fairly idiotic bouts of pure copyright trolling, demanding cash as a bully, often in cases where there was no legitimate infringement at all. We were cautiously optimistic a couple of years ago, when the company finally started experimenting with offering up images for free, via a system that would let you embed many images (though there were some concerns about the setup and conditions).

Reading between the lines, it sounds like that effort has not taken off to the level Getty had hoped... and rather than recognizing that people just aren't comfortable with embedding images from Getty (or that they don't really know about the program), the company appears to be blaming Google Image search. And that's doubly weird since an actual analysis of why Getty's internet efforts haven't taken off shows that it's got nothing to do with Google's Image search and everything to do with cheap stock photo sites and Getty's inability to understand basic search engine marketing practices. Rather than take that to heart and adapt, the company joins many others in just whining about another company that is more successful.

The whole complaint is confusing. Most people searching Google Images aren't going to be licensing a photo in the first place. People who are looking to license a photo go elsewhere. So it's not like Google Images is likely to have a real impact on Getty. But that's not how Getty sees it:
Because image consumption is immediate, unlike other mediums searchable through Google, such as news or music, once an image is displayed in high-resolution, large format, there is little impetus to view the image on the original source site. These changes have allowed Google to reinforce its role as the internet’s dominant search engine, maintaining monopoly over site traffic, engagement data and advertising spend. This has also promoted piracy, resulting in widespread copyright infringement, turning users into accidental pirates.
Of course, this is interesting, because you'll note that Getty isn't filing a copyright case here, it's filing an antitrust case. If this were really about "piracy" why not file a copyright case? It's because Getty knows damn well it would lose any such copyright case. And it would lose badly. So it's filing this antitrust case as a sort of backdoor copyright case, hoping that in the EU's current hatred towards Google, regulators won't pay attention to the nuances.
Getty Images’ General Counsel, Yoko Miyashita says: “Getty Images represents over 200,000 photojournalists, content creators and artists around the world who rely on us to protect their ability to be compensated for their work. Google’s behavior is adversely affecting not only our contributors, but the lives and livelihoods of artists around the word – present and future. By standing in the way of a fair marketplace for images, Google is threatening innovation, and jeopardizing artists’ ability to fund the creation of important future works. Artists need to earn a living in order to sustain creativity and licensing is paramount to this; however, this cannot happen if Google is siphoning traffic and creating an environment where it can claim the profits from individuals’ creations as its own.”
I've read this four times now and none of it makes sense. Again, people searching Google Images aren't looking to license images. Getty is breezily mixing up very different markets because of just how weak its overall argument is here. Also, the whole "artists need to earn a living" bit is similarly misleading. It's a favorite line that comes up over and over again but is bullshit. Most artists don't earn a living doing artwork. That's just a fact. That's true with copyright and without. It's not the copyright that pays people. It's having a good business model that people find worth supporting. That's it.

And, really, if Getty were really in this to help photographers get paid, then why is it so easy to find photographers online bitching about the ridiculously low royalties that Getty Images pays? This isn't about helping photographers get paid. This is about Getty Images and the fact that it hasn't figured out how to make a compelling product on the internet.

And, going back to the way in which Google displays images, it does so because it knows that it's providing a better consumer experience. When people are looking for images online, they want to see the images, and thus Google is delivering what people want. Getty may not like that, because it hoped that Google would fail to deliver what people want, thereby forcing them over to the also terrible Getty Images experience, but it's difficult to see how that's an antitrust issue. If Getty wants to compete, why doesn't it compete? Build a better image search engine and layer its business model on top of it.

But, no, instead, it whines to the EU about "antitrust" and pretends that it's helping photographers, all while making sure they get only a tiny percentage of any money that Getty actually makes from selling their photos.

60 Comments | Leave a Comment..

Posted on Techdirt - 27 April 2016 @ 10:38am

Brazilian Media Giant Realizes It Can Use The DMCA To Censor Criticism Of Its Coverage

from the what-a-wonderful-censorship-tool dept

As we've explained over and over again, copyright and censorship go hand in hand. People who want to censor seem to love the power that copyright conveys on them. Take, for example, the Brazilian media giant Globo. As you may have heard, there's a big political fight down in Brazil, as the Congress there looks to impeach the President, Dilma Rousseff. It's a big political mess, made even more ridiculous by the fact that many of the leading voices looking to impeach Rousseff have themselves been indicted for corruption or are being investigated for corruption. Last week, David Miranda wrote an article for the Guardian, arguing that the whole thing is political, and that the corruption claim against Rousseff is just a pretext for an opposing party to gain power. In that article, he blames the major media properties in Brazil for supporting the fiction in pushing an anti-Rousseff story.

The story of Brazil’s political crisis, and the rapidly changing global perception of it, begins with its national media. The country’s dominant broadcast and print outlets are owned by a tiny handful of Brazil’s richest families, and are steadfastly conservative. For decades, those media outlets have been used to agitate for the Brazilian rich, ensuring that severe wealth inequality (and the political inequality that results) remains firmly in place.

Indeed, most of today’s largest media outlets – that appear respectable to outsiders – supported the 1964 military coup that ushered in two decades of rightwing dictatorship and further enriched the nation’s oligarchs. This key historical event still casts a shadow over the country’s identity and politics. Those corporations – led by the multiple media arms of the Globo organisation – heralded that coup as a noble blow against a corrupt, democratically elected liberal government. Sound familiar?
Globo TV was apparently not happy with that and asked the Guardian to post its response, written by the company's Chair of the Editiorial Board, Joao Roberto Marinho, who apparently is the heir to the Globo empire.

Miranda then responded to Marinho over at the Intercept, to show why Globo has been extremely biased in pushing one side of the story in Brazil. Miranda goes through Globo's somewhat sordid history as a propaganda arm, and then goes point for point debunking Marinho's claims. Towards the end he tries to show just how one-sided Globo's coverage has been:
For more than a year, one Globo-owned Epoca magazine cover after the next used manipulative, demonizing art to incite the public in favor of impeachment. The Twitter feeds of Globo’s stars — both news and entertainment — are filled every day with pro-impeachment propaganda. Even when Jornal Nacional tries to deny that it is placing its heavy finger on the scale in favor of pro-impeachment protests, it cannot help itself: It glorifies those pro-impeachment protests and gives them far more airtime than their pro-democracy counterparts:
After this, he linked to a video demonstrating all of this... but soon after his article went up, that video became this:
Yup. Globo suddenly decided to make a copyright claim on the video that was being used in an article demonstrating how its coverage has been incredibly biased. That video had been up for months before that with no problem, but just a little while after it was included in Miranda's article it was gone. Poof.

And people still want to claim copyright isn't regularly used as a tool for censorship?

Yes, the content in the video is content from Globo. But it's not taking it down over any concern over licensing issues or "piracy." It issued the takedown to clearly hide the video from the public viewing Miranda's article. It is purely a censorship move, and copyright is just a convenient tool. Thankfully, others have been reuploading the videos elsewhere, but just think what will happen if the legacy entertainment industry is successful in pushing a "notice and staydown" regime? This kind of censorship will become much, much more effective.

7 Comments | Leave a Comment..

Posted on Techdirt - 27 April 2016 @ 9:32am

Thank Snowden, As NSA Estimates He Singlehandedly Sped Up Encryption Adoption By 7 Years

from the thank-you-ed dept

Post sponsored by

Golden Frog

As part of our funding campaign for our coverage of encryption, we reached out to some companies that care about these issues to ask them to show their support. This post is sponsored by Golden Frog, a company dedicated to online privacy, security and freedom.


James Clapper, Director of National Intelligence, is claiming that, according to NSA estimates the Snowden revelations sped up the adoption rate of encryption by 7 years. Apparently, that's based on NSA estimates of the adoption curve of encryption. As reported by Jenna McLaughlin at the Intercept:

“As a result of the Snowden revelations, the onset of commercial encryption has accelerated by seven years,” James Clapper said during a breakfast for journalists hosted by the Christian Science Monitor.

The shortened timeline has had “a profound effect on our ability to collect, particularly against terrorists,” he said.

When pressed by The Intercept to explain his figure, Clapper said it came from the National Security Agency. “The projected growth maturation and installation of commercially available encryption — what they had forecasted for seven years ahead, three years ago, was accelerated to now, because of the revelation of the leaks.”
Of course, it's worth noting that, in the past few months, it seemed as if the NSA and the intelligence community was moving away from its kneejerk hatred of encryption, pushing back against the FBI's argument that we need to backdoor encryption. But, apparently they're not willing to go quite this far. Basically, the NSA wants strong encryption out there, but it doesn't really want you to use it.
Asked if that was a good thing, leading to better protection for American consumers from the arms race of hackers constantly trying to penetrate software worldwide, Clapper answered no.

“From our standpoint, it’s not … it’s not a good thing,” he said.
Yup. James Clapper would prefer that the American public be less safe by not using encryption, rather than protecting their digital lives.

Of course, many other people do think it's a very, very good thing. Including Ed Snowden:
So, the guy in the US government is upset that the public is more safe, and the guy that people want to accuse of being a traitor is proud of helping Americans to better protect themselves. Maybe we ought to reverse their roles...

Privacy & Security on the Golden Frog Blog:

VyprVPN from Golden Frog is the world's fastest highly-secure VPN.
Get 25% off VyprVPN now »

26 Comments | Leave a Comment..

Posted on Techdirt - 27 April 2016 @ 8:32am

Yet Another Court Says FBI's Hacking Tool In Child Porn Case Was An Illegal Search

from the the-4th-amendment-matters dept

Just last week, we wrote about another ruling in one of the many cases kicked off when the FBI took control over a Tor-based child porn site, called Playpen, and ran it for two weeks. While the courts have said that it was okay for the FBI to run a child porn service for two weeks as part of a sting operation, they've been having a lot more trouble with the fact that the FBI then used its control over the service to infect any visitor with malware in order to figure out who they were. In the ruling last week, in the case against Alex Levin, in the Massachusetts District Court, the court said that the malware/hacking tool represented an illegal search under the 4th Amendment and suppressed the evidence. The key issue was that the warrant was issued for searches in the Eastern District of Virginia, but Levin clearly was not there.

Now a court in the Northern District of Oklahoma, in a case against Scott Arterbury, has more or less reached the same conclusion. Specifically, Artebury's lawyers pointed out that his computer was "seized" by the malware (called the Network Investigative Technique or NIT), and that was clearly in Oklahoma, beyond the bounds of the warrant. The government tried to play some games, arguing that it was the data that was seized in Virginia when it accessed the FBI-hosted site. The court doesn't buy it. The NIT acted in Oklahoma, not Virginia:

The Court is not persuaded by this argument. The property seized in this instance was Arterbury’s computer, which at all relevant times remained in Oklahoma. The NIT warrant allowed the Government to send computer code or data extraction instructions to Arterbury’s computer, wherever it was located. The Government “seized” that computer and directed it to send certain information to the Government – all without Arterbury’s knowledge or permission. Arterbury’s computer was never in the Eastern District of Virginia and subsection (b)(2), therefore, does not apply. Furthermore, even if the property seized was electronic information, that property was not located in the Eastern District of Virginia at the time the warrant was signed. This information only appeared in Virginia after the Warrant was signed and executed and the Government seized control of Defendant’s computer in Oklahoma.
None of this, of course, is to absolve those who were actively engaged in activities around child pornography. But, as the judge notes, the FBI could have easily gotten an appropriate warrant:
Furthermore, the drafters of Rule 41 knew how to avoid the territorial limit on issuance of warrants when they wished to do so. Rule 41(b)((3) removes the territorial limitation in cases involving domestic or international terrorism. In such cases, a magistrate judge “with authority in any district in which activities related to the terrorism may have occurred has authority to issue a warrant for a person or property within or outside that district.” Rule 41(b)(3). The drafters of Rule 41 could easily have included child pornography in Rule 41(b)(3) and, thereby, avoided the territorial limitation of Rule 41(b)(1) & (2). They did not do so. The Court can only conclude that they did not intend to remove the territorial limit in cases such as the one before the Court.
The court then delves a bit deeper to determine if it should order the evidence suppressed. Even in some of the other cases where the court found the NIT to be an illegal search, it still allowed the evidence to be used, often because of the "good faith exception." But not here. After a long discussion about the good faith exception... the court explains it just doesn't apply here, because this wasn't just a technical error, but an error that destroys the entire warrant.
I conclude that where the Rule 41 violation goes directly to the magistrate judge’s fundamental authority to issue the warrant, as in the violation presented here, it is not a “technical violation” of the Rule. The warrant is void ab initio, suppression is warranted and the good-faith exception is inapplicable.
Once again, it's looking like the FBI and DOJ's failure to respect the 4th Amendment means that evidence will be suppressed.

Read More | 18 Comments | Leave a Comment..

Posted on Techdirt - 27 April 2016 @ 3:21am

Rep. Goodlatte Promises 'Consensus' Copyright Reform Proposals Soon

from the this-should-be-interesting dept

Congress has mostly stayed away from any attempt at copyright reform since the great SOPA blackout of 2012, afraid that anything will set off the public again. However, in 2013, Copyright Register Maria Pallante called on Congress to create the "next great copyright act" designed to update copyright for the 21st century. The House Judiciary Committee has been holding hearings and roundtables every few months since then, some of which have been more encouraging than others.

Copyright law is clearly broken and a true fix for the 21st century would be welcome. But what are the chances that Congress would actually do a good job, rather than make it worse? Well, we may soon find out. Yesterday, Rep. Bob Goodlatte put out a statement and a video claiming that they're finally ready to start releasing some proposals:

Goodlatte lists out a bunch of things that have been discussed, and then notes that he'll be focused initially on releasing proposals where he believes there is some "consensus":
In the weeks ahead, we will identify areas where there is a likelihood of potential consensus and circulate outlines of potential reforms in those areas. Then we will convene stakeholders for further work on these potential reforms.

And you have my personal commitment that as the review shifts to more focused work on potential reforms, the process will be transparent and the Committee will continue to ensure that all interested parties have the opportunity to weigh in on issues of concern to them. Our copyright system deserves no less.
The way that's put obviously sounds better than the way things have been done in the past, where the legacy industry basically wrote the bills for Congress, and our elected officials just put their names on it. But I'm still concerned with the framing of this whole thing. Goodlatte's talk continues to falsely suggest that copyright policy is about copyright holders vs. the public:
...it is critical that Congress understand the overall impact of any changes in copyright law before proceeding with formally introduced legislation. It is also clear that neither a solely copyright owner focused bill, nor a copyright user focused bill, could be enacted by Congress today, nor should they be.
But, again, as we've been explaining for years, thinking of copyright in such zero sum terms is the wrong way to go about it. A proper copyright system, focused on "promoting the progress of science" shouldn't put the best interests of either party at risk. These interests should be aligned. The public benefit of copyright should be to encourage creators to create and for that content to spread and be experienced. We should be looking at what kinds of policies best lead to that outcome. Instead, because of past history and the mental framework that the Judiciary Committee has had since the beginning, it seems that they want to set this up as a fight between Hollywood (representing "copyright holders") and the tech industry (which they're using as a weak and misleading proxy for "the public.") The actual public is not involved. Nor are many actual creators.

There are, of course, cynical political reasons for doing this. Congress learned years ago that if you want to get a big pile of donations, the best thing to do is to hint at a bill that would put two large industry in conflict with one another. Then both feel compelled to fund politicians campaign warchests.

But that leads to bad policy. It leads to policy based on the interests of funders and industry, rather than the public. Again, the purpose of copyright law is to benefit the public by creating incentives for content creators. The interests of content creators and the public should (and absolutely could) be aligned in all of this. Let's create systems that encourage the creation and distribution of content, without treating the public as criminals.

Let's hope that's actually what Goodlatte and the Judiciary Committee have in mind, but from the framing he has used so far, I'm concerned that what comes out of this is likely to be something else.

35 Comments | Leave a Comment..

Posted on Techdirt - 26 April 2016 @ 11:44am

IFPI Files DMCA Takedown... On A Creative Commons Song... Posted 12 Years Ago.

from the really,-ifpi? dept

Let's take a trip in the wayback machine a bit.

It's late October 2004, and Wired Magazine has just released its November issue, which has a cover story about how sampling is the future, in which the magazine was able to get a bunch of well-known artists to contribute Creative Commons licensed songs, which shipped with a physical CD (remember, this is back in the day) and were also posted online and free for people to share and to reuse and remix. The article about it is worth reading. It talks about the nature of creative artwork:

Building on what other musicians have done – with or without their blessing or collaboration – is what it takes to make new music, music that will delight and sustain people. That, after all, is why it's called making music (playing music is something else altogether). Elvis Presley, that pioneer of appropriation, put it best: "Fair exchange bears no robbery, and the whole world will know that it's true. If you wanna be hugged, well, you gotta hug me too."
It also talks a lot about Creative Commons and the efforts it took to get all these well-known artists to contribute their songs. Hell, the very same issue even (shockingly) included an article by former RIAA boss Hilary Rosen, talking about how much she now loved Creative Commons, after Larry Lessig convinced her to change her views.

Lots of people wrote about all of this in one way or another. We, somewhat sarcastically (hey, what do you expect?) covered Rosen's conversion to being a CC supporter. Most of the coverage, however, focused (rightly) on the music. This included a young copyfighter named Derek Slater, who back in the olden days when blogs were blogs, wrote one on Harvard's website called A Copyfighter's Musings. He was so excited about the Wired issue and Creative Commons music CD that he wrote about it and posted the mp3s.

This was, of course, all perfectly legal. These tracks were released under one of two Creative Commons licenses, but both allowed the basic tracks to be shared online. As the Wired article noted:
The licenses come from Creative Commons, the innovative nonprofit founded by Wired columnist and Stanford Law School professor Lawrence Lessig. The songs on this CD use one of two Creative Commons licenses.The Noncommercial Sampling Plus license permits noncommercial file-sharing and noncommercial sampling. That means, first, that you can swap the songs on a peer-to-peer network (just don't sell them). And second, that you can sample from them, mash them up, use them to make something fresh – and then share that work, too (though again, you can't sell it). The Beastie Boys, Chuck D, and My Morning Jacket opted for the Noncommercial Sampling Plus license.

The other 13 artists on the CD went a step further and released their songs under the more expansive Sampling Plus license. Like the noncommercial version, it allows file-sharing. But it also allows commercial use of samples – meaning you can insert a slice of these songs into your own composition and then try to sell the new track. The only restrictions: Use in advertisements is not permitted, and the new work must be "highly transformative" of the original (translation: A flagrant rip-off like "Ice Ice Baby" doesn't cut it). More details on the licenses and their permissions are available at creativecommons.org/wired.
Okay... enough reminiscing in the wayback machine. Fast forward to today, where record labels and their trade associations -- rather than helping the industry adapt -- are spending all their time whac'ing moles by sending pointless takedowns via automated systems that never bother to check the details. The IFPI -- basically the international version of the RIAA -- is particularly crappy at this, regularly caught sending totally bogus takedowns.

As you've probably figured out, that historical world and today's world have clashed. IFPI, in its infinite (and most likely automated) cluelessness, has sent Harvard a DMCA takedown notice over one of the songs in the Wired Creative Commons collection -- the song "One Big Holiday" by the band My Morning Jacket. You can get it here because it's freely available thanks to Creative Commons.

You would think (wouldn't you?) that before sending out takedown notices, folks like IFPI are supposed to check on the licensing situation around those songs and whether or not IFPI even has the right to send such a takedown. In this case, even if they control the copyright, they most certainly do not have the authority to send a takedown, because doing so violates the terms of the license which the copyright holder agreed to when the song was released.

Thankfully, Harvard passed the notice along to Slater, who had lawyer Lila Bailey (occasional Techdirt guest poster) respond on Derek's behalf, basically saying, "IFPI, WTF?"
By sending this notice, you have knowingly materially misrepresented that this content is infringing in violation of 17 U.S.C. § 512(f), resulting in personal harm and financial expense to my client. As a courtesy to you and without prejudice to any further action we may take, I am writing to inquire whether you wish to withdraw your takedown notice....

[....]

Even the most basic investigation would have indicated that Mr. Slater's use is lawful and consistent with the Creative Commons license granted by the copyright owner. Under the United States Copyright Act, rightsholders are required to consider whether a use is lawful before issuing a takedown notice, and that requirement was plainly not followed here. This notice reflects an unfortunate pattern by IFPI, sending bogus takedown notices without any investigation into the rights status of the claimed works.
Of course, as we've discussed in the past, 512(f) of the DMCA has been rendered mostly toothless by the courts, but a good case could potentially change that. And issuing a DMCA over Creative Commons released music seems like a good test case, yes? I'm guessing that IFPI will take back its bogus takedown notice, but one wonders if it will actually change how it sends these things...

Read More | 41 Comments | Leave a Comment..

Posted on Techdirt - 26 April 2016 @ 10:39am

The Erdogan Insult Mess: Dutch Reporter, German Politician Arrested For Mocking Erdogan; Swiss Art Exhibit Targeted Too

from the if-you-can't-take-criticism,-get-out-of-politics dept

The insanity around Turkish president Recep Tayyip Erdogan and his insanely thin skin is getting worse. As we've discussed, Erdogan has been going crazy suing anyone in Turkey who he claims insults him (over 1800 cases in just 18 months). And he's tried to take things internationally as well. Even when visiting the US, his team tried to silence the press. And then he whined about a song on a German TV station mocking him. That resulted in a German comic writing some more direct insults, and Erdogan somehow discovering a nearly forgotten German law that allows for criminal cases against anyone who insults a foreign leader.

People are completely up in arms over the fact that German Chancellor Angela Merkel made the political choice and gave in to Erdogan's request, allowing the comedian, Jan Bohmermann, to face charges that could land him in jail. Merkel, the pundits claimed, "needed" to do this because she needs Erdogan's support in dealing with the refugee crisis going on right now. The one bone she threw to critics was that the law in question should be changed -- a process that is moving forward rapidly.

Of course, all this has really done is increase attention to all of this (gee... doesn't that sound familiar?) and create more people mocking Erdogan and his thin skin. Bruno Kramm, the head of the German Pirate Party, went to the Turkish Embassy in Berlin and conducted a "literary analysis" of Bohmermann's satirical (if over the top) poem -- leading to Kramm being taken into custody by the police.

Meanwhile Erdogan's assault on free speech in Europe is spreading. The Turkish consulate in Rotterdam has apparently been urging Turkish nationals to send in reports of any insults directed at Erdogan. That comes right after the Netherlands realized that it has a similar law to Germany's and decided that it should probably get rid of it too:

The Turkish consulate in Rotterdam has urged Turkish nationals to report examples of president Recep Tayyip Erdogan being insulted and denigrating comments made about Turks in general, Dutch media say on Thursday afternoon.

Various Turkish organisations in the Netherlands have been emailed by the consulate, urging them to make a note of the insults. The call comes a day after the Dutch government said it would scrap legislation which makes insulting a friendly head of state a criminal offence.
And, it appears, the Turkish authorities are not messing around. Just as all of this was happening, Turkish police arrested a Dutch journalist, Ebru Umar, who was vacationing in Turkey, but who had just written a column critical of Erdogan (and had criticized Erdogan's supporters on Twitter). If Erdogan thinks this will actually suppress criticism, it appears he may have miscalculated. The biggest newspaper in the Netherlands released Monday's paper with a giant caricature of Erdogan as an ape crushing free speech:
And, that's not all. The Turkish consulate in Switzerland has filed an official complaint about an art exhibit in Geneva because, it turns out, Switzerland has a law like Germany and the Netherlands. It's quite amazing how Erdogan became such an expert on these laws in Europe so quickly...
The Genevan authorities have confirmed that they have received a complaint from the Turkish consulate to Switzerland. Just like Germany, Swiss law contains a clause prohibiting insults towards foreign leaders.

The offending photograph is part of an exhibition from photographer Demir Sonmez. The photo in question shows a protest in Istanbul in which a banner proclaims that Erdogan was responsible for the death of a teenager.
Thankfully, it does not appear Erdogan has discovered a similar such law over in the UK, where The Spectator has launched a contest asking for the most offensive and insulting poetry about Erdogan. The prize is £1,000 (and, I assume, a lifetime ban from visiting Turkey).

Meanwhile, back in Turkey, a court in Istanbul has told the editor-in-chief of a local publication, Cumhuriyet, that he must pay approximately $10,000 for "insulting public figures" because the publications released some details on a probe into corruption. But the guy, Can Dundar, is still facing other charges around "espionage, attempting to overthrow the government, and revealing state secrets." He may be sentenced to life in prison for that. So, yeah, as amusing as this is from miles away, actual people doing basic things like reporting on facts are facing their entire lives being destroyed.

In the end, a quote from a Turkish expat, Orhan Selim Bayraktar, living in the Netherlands and working for the main opposition party to Erdogan's made the most sense -- asking why someone so thin-skinned is in politics at all. As Bayraktar told Sputnik News:
"If the president does not want to be criticized and insulted, he should leave the political arena. Because for me, as a politician, it's obvious that if you choose to enter politics, you will have enemies who will insult you, and friends who praise you. If you cannot get used to this, you have no business being in politics. The Turkish president should abandon the persecution of his own citizens. He must serve as the guarantor of our freedoms, instead of assisting in their limitation."
Seems like common sense. But there's apparently no room for that in Turkey.

49 Comments | Leave a Comment..

Posted on Techdirt - 26 April 2016 @ 9:29am

Copyright Maximalists And Lobbyists Celebrate Vancouver Aquarium Censoring Critical Documentary With Copyright

from the copyright-is-censorship dept

We've written many times about how copyright is frequently used for censorship, and just recently we wrote about law professor John Tehranian's excellent article detailing how copyright has a free speech problem, in that people using copyright to censor has become more common and more brazen. Whenever we write this kind of thing, however, I get pushback from copyright maximalist lobbyists and lawyers, who insist that no one really wants to use copyright for censorship purposes, but merely to "protect" their works.

I'm finding those claims difficult to square with the following story, which I only found out about because the Copyright Alliance -- a front group for the big legacy entertainment companies, and put together by some well known lobbyists -- tweeted out a link to a story on a blog by Hugh Stephens, entitled A Whale of a (Copyright) Tale. Stephens is a former copyright policy guy for Time Warner as well as a former diplomat, who blogs about copyright issues in Canada.

He happily tells the tale of how the Vancouver Aquarium has successfully blocked filmmaker Gary Charbonneau, who made a documentary critical of the Aquarium's treatment of dolphins and whales, from using clips from the Aquarium's website. In the original version of the documentary, approximately five minutes of the hour-long film came from clips he pulled from the Aquarium's own website. The Aquarium wanted to get the entire film blocked by the court, giving you a pretty clear vision of how they were looking to censor the film. While the courts have not gone that far, they did order Charbonneau to make a new edit and remove all of those clips.

Stephens not only thinks this is a perfectly grand solution, he mocks Charbonneau for not having thought more carefully about the copyright issues here (really):

Charbonneau may be facing substantial damages if he is found to have violated the Aquarium’s copyright. You would think that Charbonneau, as a film-maker and creator himself, would have given this greater thought. It would have been so much simpler and straightforward to have taken a little more care to consider the implications of using copyrighted content without permission, and accessing clearly-legal alternate sources if necessary. That is the true moral of this story.
Wow. It's as if Stephens has no idea that filmmakers regularly rely on fair use -- and that's especially true of documentary filmmakers. It's why, here in the US, there's been a big movement to build best practices concerning fair use to help better protect documentary filmmakers in making use of the works of others. Yes, this case is in Canada, rather than the US, and they have a somewhat different set of rules involving fair dealing, but let's cut through the semantics and get to the basics:
  1. The Vancouver Aquarium did not need copyright to produce videos to put on its website. It made those videos to help market the aquarium.
  2. The Vancouver Aquarium did not sue Charbonneau because they were concerned about copyright.
  3. The Vancouver Aquarium did not sue Charbonneau because they were protecting the vast licensing market for the marketing videos they put on their website.
  4. The Vancouver Aquarium sued Charbonneau because they don't like his film, wanted to make life difficult for him and wanted to censor the film.
And copyright maximalist lawyers and lobbyists are cheering this on. I guess it's good that they're making their true colors known, but it is rather sickening.

The details of the case just make this look more and more ridiculous. The Aquarium claimed -- and the judge accepted -- that leaving the clips up in the movie while a full trial happened would create "irreparable harm." What possible irreparable harm would happen here? Yes, the Vancouver Aquarium's reputation may be harmed, but that's not a copyright issue. Again, it's difficult to see what copyright related harm could possibly come from this. Would it harm the Aquarium's ability to license those clips? It's hard to believe there's a very big market for that. And, even if there were, that's the kind of thing where a monetary remedy would fix any such harm. The only conceivable harm comes from what would normally be protected speech if one actually supported freedom of expression.

Hell, even the Aquarium more or less admits that it brought this lawsuit not because of any copyright issue, but because they don't like Charbonneau's message:
The Vancouver Aquarium Marine Science Centre said in a statement it's pleased with the decision. The centre said it's seeking to protect copyrighted materials developed to raise awareness about ocean conservation.

"We feel strongly that the conservation, research and education programs we lead need to be fairly represented and protected from those who choose to deliberately make false claims," said the statement.
So sue him for defamation, not copyright infringement.

Stephens, in his blog, also suggests that it's no big deal for Charbonneau to re-edit the film without those clips, because Charbonneau was quoted elsewhere saying many of those clips "were filler." I must admit, I always find it quite comical how those who claim to represent the interests of artists then think that it's fine for lawyers and judges to make artistic choices for the content creators. Charbonneau had creative reasons for using those clips. We should be quite worried when lawyers, lobbyists, judges and diplomats suddenly think that they're in the business of deciding which creative choices are allowed and which are not.

So, remember this story the next time you see these people claiming that (1) they stand up for the artist or (2) that copyright is not used for censorship. They're lying.

17 Comments | Leave a Comment..

Posted on Techdirt - 26 April 2016 @ 8:29am

FBI Says It Will Ignore Court Order If Told To Reveal Its Tor Browser Exploit, Because It Feels It's Above The Law...

from the above-the-law? dept

There are a bunch of different cases going on right now concerning the FBI secretly running a hidden Tor-based child porn site called Playpen for two weeks, and then hacking the users of the site with malware in order to identify them. The courts, so far, have been fine with the FBI's overall actions of running the site, but there are increasing questions about how it hacked the users. In FBI lingo, they used a "network investigative technique" or a NIT to hack into those computers, but the FBI really doesn't want to talk about the details.

In one case, it was revealed that the warrant used by the FBI never mentions either hacking or malware, suggesting that the FBI actively misled the judge. In another one of the cases, a judge has declared the use of the NIT to be illegal searches, mainly based on jurisdictional questions (the warrants were for Virginia, but the individuals were far away from there).

In yet another case, the one involving Jay Michaud -- his lawyers have now told the court that the DOJ has made it clear that despite the court ruling earlier this year that the FBI must reveal the details of the NIT/hacking tool, it will not do so (first revealed by Brad Heath). The redacted filing is in response to a (sealed) motion for reconsideration by the DOJ, but reveals more or less what the DOJ said in that filing:

If you can't see that, the relevant portion reads:
The Government has now made plain that the FBI will not comply with the Court's discovery order... [REDACTED]... The Government further acknowledges that "there may be consequences for this refusal." [REDACTED] Pursuant to the law discussed below, the consequences are straightforward: the prosecution must now choose between complying with the Court's discovery order and dismissing the case.....

The dilemma is one entirely of the Government's own making, and nothing in its Motion for Reconsideration or renewed requests for secret proceedings changes the analysis.
The filing goes on to point out how the FBI has similarly been refusing to reveal details of its Stingray mobile phone surveillance tools (something we've discussed here quite a bit), leading to convictions being overturned. As Michaud's lawyers point out, the situation here is basically the same. If the FBI refuses to obey a court order, then the case should be dropped.
As the Maryland court observed, the FBI’s obstruction of disclosure “from special order and/or warrant application through appellate review – prevents the court from exercising its fundamental duties under the constitution.” ... “[I]t is self-evident that the court must understand why and how [a] search was conducted,” and “[t]he analytical framework requires analysis of the functionality of the surveillance device and the range of information potentially revealed by its use.” ... These conclusions mirror the conclusions reached by this Court at the February 17 hearing.
The filing also highlights how important it is to get the details, noting that the FBI has a history of incorrectly raiding homes because it doesn't understand how Tor works:
The Government’s refusal to comply with the discovery order is all the more untenable given the exceptional technical complexities that are involved with the Tor network and the FBI’s use of sophisticated hacking “techniques.” Just a few weeks ago, Seattle police raided the home of two people who use the Tor network, based on an allegation that their IP addresses had been linked to child pornography, when in fact illicit traffic had merely passed through their connection to the network.....
But perhaps even more amusing, the lawyers point out how the DOJ/FBI's claims here run exactly counter to the DOJ/FBI's arguments about Apple's obligation to respond to the DOJ's court order to help unlock encrypted phones:
Their complaint is that the DOJ said that Apple could use a secure location to keep the code safe, but rejects such a solution here -- but the comparison could go even deeper. After all, the DOJ kept saying that Apple was acting as if it was above the law in telling the FBI that it would not write special software to help break into a phone. Yet, here, the request is much more straightforward. The FBI doesn't have to write any new code at all... it just has to reveal what it has been told to reveal by a court: the software it used to hack into someone's computer.

Of course, there's also the fact that because of the whole Apple/DOJ fight, Senators Dianne Feinstein and Richard Burr started pushing a bill to ban encryption that opens with the following:
Somehow, I get the feeling that both Feinstein and Burr will feel differently when it's the FBI/DOJ refusing to comply with court orders, and will claim the government is correct here. I wonder if anyone else in the Senate will now release a companion bill to the Burr/Feinstein bill suggesting that the DOJ itself should start complying with court orders, as it is not "above the law."

Read More | 67 Comments | Leave a Comment..

Posted on Techdirt - 25 April 2016 @ 8:32am

House Reps To James Clapper: No, Really, Stop Ignoring The Question And Tell Us How Many Americans Are Spied On By NSA

from the get-to-it dept

Way back before Ed Snowden became a household name, Senator Ron Wyden kept pushing James Clapper, the Director of National Intelligence, to reveal more details on how the NSA was interpreting certain provisions in the PATRIOT Act to spy on Americans. You probably recall the infamous exchange in a 2013 Senate hearing in which Wyden asked Clapper "does the NSA collect any type of data at all on millions or hundreds of millions of Americans?" and Clapper said "No sir... not wittingly." Snowden himself later noted that this particular exchange was part of what inspired him to leak documents to reporters just a couple months later.

However, that question had some history. Two years earlier, in 2011, we wrote about James Clapper's ridiculous response to a letter from Wyden about this topic. Wyden had asked Clapper to answer some questions about NSA authorities to collect information on Americans and Clapper had refused to answer on the basis of he didn't really want to.

A year later, in the summer of 2012, Wyden got more explicit, saying that he would block the FISA Amendments Act until Clapper gave an estimate of how many Americans had their information sucked up by the NSA. This time, Clapper responded in December of 2012 by saying that it would be impossible to actually say how many Americans had their information scooped up by the NSA. We now know why -- because six months later, Ed Snowden revealed the answer to be "basically everyone." But in December, Clapper sent a letter saying to Wyden:

We cannot provide additional answers to your questions in an unclassified format. Rather than provide you with imprecise, unclassified information, I reiterate our offer to meet with you -- and any other Members of Congress -- in a classified setting to discuss these authorities and answer any questions you might have.
Wyden (along with a few other Senators) pointed out that their question shouldn't reveal anything classified:
First, we asked if any entities have made any estimates -- even imprecise estimates -- about how many US communications have been collected under section 702 of the FISA statute (which is the central provision of the FISA Amendments Act). You did not answer this question. Please provide an answer. We would expect this answer to be unclassified, but if you disagree please provide your reasons for keeping this answer secret.

Second, we asked if it was possible to estimate the order of magnitude of this number. (For example, is the number of US communications collected under section 702 closer to 100. or 100.000. or 100 million?) You did not answer this question directly, however the Director of the NSA has made public statements that appear to estimate this order of magnitude. Specifically, the NSA Director has said that "the story that [the NSA] has millions or hundreds of millions of dossiers on people is absolutely false." Please explain whether this statement should be understood to mean that the number of US communications collected under section 702 is less than "millions or hundreds of millions." Since the NSA Director made this statement publicly, we would expect this answer to be unclassified as well.

Third, we asked if any wholly domestic American communications had been collected under section 702 authorities. Your response was classified. We do not understand how simply stating whether any wholly domestic communications have been collected under section 702 authorities would have any impact at all on US national security interests. if you believe that it would, please explain why. And if you agree that it would not, please provide an unclassified answer to this question.

Fourth, we noted that the FISA Amendments Act does not prohibit searching through communications collected under section 702 to find the communications of particular Americans, and asked if the US government has ever attempted to search for the communications of a specific American in this way without a warrant or emergency authorization. Your response was classified. We do not understand how providing a 'yes' or 'no' answer to this question would impact US national security interests in any way, and we ask that you provide an unclassified response.
Eventually, after getting a lot of pressure from other Senators, Wyden agreed to lift his hold on the bill. At first he offered an Amendment saying he would lift the hold if only the NSA would release a number about how many Americans had their information collected by the NSA. However, with folks like Dianne Feinstein and Saxby Chambliss screaming about how terrorists would blow up everything if the spying didn't continue, the bill eventually passed.

And while some tried to bravely follow up on the questions raised by Wyden, once the bill passed there was no legislative leverage any more -- and nothing much happened. It was just a couple months later that Wyden asked his now famous question and Snowden released his documents.

But a bunch of Representatives on the other side of the Capitol, all members of the House Judiciary Committee, have realized that James Clapper has still never answered the question, and thus they've now sent him a letter, asking him to finally answer at least some sort of question concerning how many Americans have their data sucked up by the NSA:
In order that we may properly evaluate these programs, we write to ask that you provide us with a public estimate of the number of communications or transactions involving United States persons subject to Section 702 surveillance on an annual basis.

We note that we are not the first to ask you for this basic information. Since at least 2011, Senators Ron Wyden and Mark Udall have "sought repeatedly to gain an understanding of how many Americans have had their phone calls or emails collected and reviewed under this statute, but [they] have not been able to obtain even a rough estimate of this number."
They also note that the PCLOB -- the Privacy and Civil Liberties Oversight Board -- that looked into the big NSA surveillance programs suggested that the NSA should reveal this number -- and the NSA and Clapper have ignored this recommendation. As the Reps note, they recognize that Clapper is "reluctant" to provide such information, but...
First, we understand that an exact count of how many United States persons have been swept up into Section 702 surveillance efforts may not be feasible. The leadership of the intelligence community has long held this View, and the Inspector General for the National Security Agency--who is an administrative appointee, and not an independent inspector general--has deferred to your office on this issue. We understand that limited resources and technical barriers may prevent you from making an exact count.

We are not asking you for an exact count. Today, our request is simply for a rough estimate.

You have already demonstrated that such an estimate is feasible. An October 3, 2011 opinion of the Foreign Intelligence Surveillance Court reports that the NSA, in an effort to address the court's concerns about the collection of domestic communications under certain applications of Section 702, "conducted a manual review of a random sample consisting of 50,440 Internet transactions taken from the more than 13.25 million Internet transactions acquired through upstream collection during a six month period." In that case, the court found:
NSA knows with certainty that the upstream collection . . . results in the acquisition of wholly domestic communications.

By expanding its Section 702 acquisitions to include the acquisition of Internet transactions through its upstream collection, NSA has, as a practical matter, circumvented the spirit of [the statute] with regard to that collection.
That case looked at a particular problem with "upstream" collection. A similar but broader analysis may be necessary here. We are willing to work with your office to determine the exact methodology for such a survey. We acknowledge that this estimate will be an imperfect substitute for a more precise accounting--but surely the American public is entitled to some idea of how many of our communications are swept up by these programs.
The letter also addresses another argument that the NSA made previously in response to Wyden's questions: claiming that (get ready for this one) the process to figure out how many Americans' privacy had been violated would... violate their privacy. It's a dumb argument, but perhaps not quite as dumb as it sounds. In short, the NSA wants to argue that it's not doing anything wrong in collecting this information, so long as the searches on the data are within the bounds of the law and the Constitution. Yet, because of that, they want to argue that doing the search to count the records would potentially violate the restrictions on when they can search the data. See? They can't tell you if your privacy has been violated, because to do so would violate your privacy!

In some ways, this is kind of a middle finger to the civil liberties crowd. It's the NSA's smirking response of "see? we can't tell you how much data we have because you put these privacy restrictions on how we can use that data -- and we take your privacy seriously."

But this letter addresses that concern as well, saying that basically no one thinks a "one-time" search solely for the purpose of counting violates anyone's privacy:
Second, we understand that producing an estimate might require reviewing actual communications acquired under Section 702, which could itself raise privacy concerns. On this point, we refer you to the judgment of the many civil liberties organizations that support conducting "a one-time, limited sampling of these communications," if necessary. They believe it would be "a net gain for privacy if conducted under appropriate safeguards and conditions." We agree, and we are willing to work with your office to implement those safeguards if necessary. This, too, is a problem we can solve.
And, finally, they close with a stick, reminding Clapper that this entire program is scheduled to sunset at the end of December, 2017, and if he wants the FISA 702 program (which covers both PRISM and upstream collection) to continue, he might want to actually respond.

The letter is then signed by 14 members of the House Judiciary Committee. It's not everyone, but it's a pretty good list of folks, including some of the more powerful members, including ranking member John Conyers and the author of the PATRIOT Act and the USA Freedom Act, Jim Sensenbrenner. Other signatories include Reps. Zoe Lofgren, Darrell Issa, Blake Farenthold, Jason Chaffetz, Jim Jordan, Ted Deutch, Suzan Delbene, Ted Poe, Hank Johnson, Jerry Nadler and David Cicilline. This is not just a pointless letter dashed off by one or two Reps. It's a big chunk of the Judiciary Committee (less than half, but still a significant amount).

I'm sure that Clapper will do his best to avoid actually answering, but at the very least it sets up what appears to be the next big fight on the horizon: over the renewal of Section 702.

Read More | 50 Comments | Leave a Comment..

More posts from Mike Masnick >>