Mike Masnick’s Techdirt Profile


About Mike MasnickTechdirt Insider

Mike is the founder and CEO of Floor64 and editor of the Techdirt blog.

He can be found on Twitter at http://www.twitter.com/mmasnick

Posted on Techdirt - 8 October 2015 @ 2:17pm

Once More: The TPP Agreement Is Not A Free Trade Agreement, It's A Protectionist Anti-Free Trade Agreement

from the get-your-story-straight dept

We've pointed out a few times in the past that while everyone refers to the Trans Pacific Partnership (TPP) agreement as a "free trade" agreement, the reality is that there's very little in there that's actually about free trade. If it were truly a free trade agreement, then there would be plenty of reasons to support it. But the details show it's not, and yet, time and time again, we see people supporting the TPP because "well, free trade is good." The Washington Post, for example, pushed out a ridiculous editorial arguing that the TPP is cause for celebration because it will "slash tariffs and harmonize regulatory regimes."

But it's that "harmonizing regulatory regimes" thing where the real nastiness lies, and where you quickly discover that most of the key factors in the TPP are not at all about free trade, but the opposite. It's about as protectionist as can be. That's mainly because of the really nasty corprorate sovereignty clauses in the agreement (which are officially called "investor state dispute settlement" or ISDS in an attempt to make it sound so boring you'll stop paying attention). Those clauses basically allow large incumbents to force the laws of countries to change to their will. Companies who feel that some country's regulation somehow takes away "expected profits" can convene a tribunal, and force a country to change its laws. Yes, technically a tribunal can only issue monetary sanctions against a country, but countries who wish to avoid such monetary payments will change their laws.

Remember how Eli Lilly is demanding $500 million from Canada after Canada rejected some Eli Lilly patents, noting that the new compound didn't actually do anything new and useful? Eli Lilly claims that using such a standard to reject patents unfairly attacks its expected future profits, and thus it can demand $500 million from Canadian taxpayers. Now, imagine that on all sorts of other systems.

And, add in a bunch of other rules that have absolutely nothing to do with free trade -- like granting more exclusivity on pharmaceuticals or extending copyright terms. As Tim Lee writes in a detailed report on the TPP, what's really happening here is empowering the elite incumbents:

As the opportunities for trade liberalization have dwindled, the nature of trade agreements has shifted. They're no longer just about removing barriers to trade. They've become a mechanism for setting global economic rules more generally.

This trend is alarming to Simon Lester, a free trader at the Cato Institute. "We've added in these new issues that I'm skeptical of," he says. "It's not clear what the benefits are, and they cause a lot of controversy."

And this system for setting global rules has some serious defects. We expect the laws that govern our economic lives will be made in a transparent, representative, and accountable fashion. The TPP negotiation process was none of these — it was secretive, it was dominated by powerful insiders, and it provided little opportunity for public input.

The Obama administration argues that it's important for TPP to succeed so that the United States — not China — gets to shape the rules that govern trade across the Pacific. But this argument only makes sense if you believe US negotiators have been taking positions that are in the broad interests of the American public. If, as critics contend, USTR's agenda is heavily tilted toward the interests of a few well-connected interest groups, then the deal may not be good for America at all.
Again, it's hard to see how this has anything to do with free trade. While it may have begun as a free trade process, the entire "trade agenda" has long since been almost entirely co-opted by special interests who realized that the easy way to pass legislation globally is to sneak it into a "trade agreement" behind closed doors with no public discussion or debate -- and then get it approved because it's under the banner of "free trade," even if the policies actually are protectionist for large industries.

It would almost be a clever move if it wasn't so destructive for competition and innovation.

So, remember, any time you see someone saying they support the TPP because they support "free trade," they're either lying or totally uninformed. The TPP is not about free trade. It's about the opposite. It's about locking in protectionist rules for incumbent providers, which is exactly the kind of thing free trade is supposed to take away.

32 Comments | Leave a Comment..

Posted on Techdirt - 8 October 2015 @ 1:00pm

Techdirt Reading List: Learning By Doing

from the don't-fear-innovation dept

We're back again with another in our weekly reading list posts of books we think our community will find interesting and thought provoking. Once again, buying the book via the Amazon links in this story also help support Techdirt.

If you pay attention, there's been a lot of talk lately about the pace of innovation today, the incentives for innovation and (perhaps most importantly), who benefits from innovation today (and correspondingly, who loses out). Some of this is driven by fear and worry -- concerns about the impact of innovation not being nearly as strong as people expected, or that innovation will reduce jobs, or maybe just benefit the ultra-rich. It's reasonable to be concerned about this, because, if true, that would be a real problem. James Bessen's most recent book, Learning by Doing: The Real Connection between Innovation, Wages, and Wealth, is an important entrant into that debate, presenting a ton of useful evidence and history to think about.

We've mentioned Bessen many times in the past here on Techdirt, as he's been one of the leading economists studying patents, innovation and the impact of patent trolls. This book just touches on patent stuff, and, rather, focuses on the nature of innovation, how people learn to adapt and properly use new technologies over time, so that the benefit to them often lags their initial introduction, and that leads people to overreact about the supposed "negative" impacts of technology. For years I used to talk about how in the late 90s people always whined that even though corporate America had finally embraced putting computers on everyone's desks, there was no clear productivity growth associated with it. A similar thing was seen in education. In both cases, however, the problem was that people didn't really know how to use those tools properly -- and it took a "generation" to figure it out. These days, it would be crazy to suggest that computers in the workplace haven't resulted in greater productivity.

Bessen's book is a great read and it takes this idea further -- suggesting that we shouldn't be so worried about new technologies destroying jobs, but rather how it's creating a skills gap that needs to be dealt with, so that more people can make better use of the technology that we have and the technology that is on the way. Check it out.

1 Comments | Leave a Comment..

Posted on Techdirt - 8 October 2015 @ 11:56am

Appeals Court: No You Can't Copyright Yoga

from the what's-that-got-to-do-with-software dept

We first wrote about this issue more than a decade ago, but there's been a ridiculous attempt by some yoga instructors to use intellectual property to lock up certain yoga poses. While most of the focus has been on copyright, other attempts have used other forms of intellectual property as well. But the most watched legal dispute was the one brought by Bikram Yoga and Bikram Choudhury against Evolution Yoga... and the 9th Circuit appeals court has now made it abundantly clear: you can't copyright yoga.

Though Choudhury emphasizes the aesthetic attributes of the Sequence’s “graceful flow,” at bottom, the Sequence is an idea, process, or system designed to improve health. Copyright protects only the expression of this idea—the words and pictures used to describe the Sequence—and not the idea of the Sequence itself. Because the Sequence is an unprotectible idea, it is also ineligible for copyright protection as a “compilation” or “choreographic work.”
In other words, the idea/expression dichotomy actually matters. And it matters in important ways:
Following Baker, and recognizing this vital distinction between ideas and expression, courts have routinely held that the copyright for a work describing how to perform a process does not extend to the process itself.
Um... that seems rather important in that question over the question on whether or not APIs are covered by copyright. Since an API is just describing how to perform a process, it does not mean the process itself is covered by copyright.

Bikram tried to argue that copyright should be allowed for his poses because they are beautiful, but as the court points out, that's got nothing to do with anything:
Choudhury contends that the Sequence’s arrangement of postures is “particularly beautiful and graceful.” But beauty is not a basis for copyright protection. The performance of many ideas, systems, or processes may be beautiful: a surgeon’s intricate movements, a book-keeper’s careful notations, or a baker’s kneading might each possess a certain grace for at least some viewers. Indeed, from Vermeer’s milkmaid to Lewis Hine’s power house mechanic, the individual engrossed in a process has long attracted artistic attention. But the beauty of the process does not permit one who describes it to gain, through copyright, the monopolistic power to exclude all others from practicing it. This is true even where, as here, the process was conceived with at least some aesthetic considerations in mind. Just as some steps in a recipe may reflect no more than the author’s belief that a particular ingredient is beautiful or that a particular cooking technique is impressive to watch and empowering to practice, some elements in Choudhury’s Sequence may reflect his aesthetic preferences. Yet just like the recipe, the Sequence remains unprotectible as a process the design of which primarily reflects function, not expression.
Again, this seems to suggest (yet again) how wrong the CAFC got the decision over APIs.

Separately, the court rejects Bikram's attempt to claim that his yoga sequence is a form of choreography which is (somewhat ridiculously) copyrightable.
The Sequence is not copyrightable as a choreographic work for the same reason that it is not copyrightable as a compilation: it is an idea, process, or system to which copyright protection may “[i]n no case” extend.
This also offers the court an opportunity to explain how important the idea/expression dichotomy is, and the problems that arise when courts (like CAFC) get it totally wrong.
Our day-to-day lives consist of many routinized physical movements, from brushing one’s teeth to pushing a lawnmower to shaking a Polaroid picture, that could be (and, in two of the preceding examples, have been) characterized as forms of dance. Without a proper understanding of the idea/expression dichotomy, one might obtain monopoly rights over these functional physical sequences by describing them in a tangible medium of expression and labeling them choreographic works. The idea/expression dichotomy thus ensures that expansive interpretations of the categories enumerated as proper subjects of copyright will, “[i]n no case,” extend copyright protection beyond its constitutional limits.
It's good to see the court get this right and to make it clear that there is no copyright in yoga poses. But it also highlights just how bad (and wrong) the decision in the Oracle v. Google case was by CAFC.

Read More | 15 Comments | Leave a Comment..

Posted on Techdirt - 8 October 2015 @ 9:46am

The Coming Collision Between EU Privacy Regulation And American Free Speech

from the this-won't-be-fun dept

Earlier this week, we wrote about the EU Court of Justice's decision that the NSA's surveillance of the internet meant that the EU-US data protection safe harbor was invalid. As we noted, there's a lot of mess in all of this, but losing that safe harbor would be tremendously problematic for the internet. And the impact could be that the NSA basically screwed things up royally for American internet companies by spying on European users. But, the issue actually goes much deeper. As that ruling recognized, the crux of the matter was dependent on the EU's Data Protection Directive. And that Data Protection Directive is about to be updated.

And the end result may be very, very bad for the internet.

That's the conclusion of Daphne Keller at Stanford's Center for Internet and Society, who is writing a series of blog posts detailing the problems with the current drafts. At the core of the issue, as Keller notes, the worlds of "privacy protection" and "free speech/intermediary liability protection" are two separate worlds -- and people on both sides don't seem to realize just how much the two can and do overlap.

Historically, many lawyers have not drawn a connection between data protection and the law of intermediary liability. The two fields use very different vocabularies, and are for the most part interpreted, enforced and litigated by different practitioners. A lawyer who views an issue through the lens of intermediary liability and one who views the same issue through the lens of data protection may have trouble even understanding each other's concerns.
Another way to look at it, though, is basically a European approach vs. an American approach. And this is something of a generalization, but the European approach values privacy above most other factors, while the American approach values free speech above most other factors. Both approaches have pros and cons, frankly. But when you don't realize where they conflict, problems can arise. There is no doubt that Europeans, generally speaking, are much more concerned about protecting the privacy of individuals, and are quite reasonably concerned about excesses done by either governments or companies that intrude on individual privacy. The US, by comparison, has very little in the way of regulations concerning privacy, but does have very strong protections for free expression.

But sometimes "free expression" and "privacy" can clash in big, big ways.

A perfect example of the conflict would be the right to be forgotten. The big ruling out of the EU Court of Justice last year was entirely about privacy. It felt that if there was old, out-dated, irrelevant information it should be "de-linked" from databases, in order to protect the "privacy" of those individuals. The "free speech" concerns didn't even really come into play at all. It was all about "data protection."

And that's where the new General Data Protection Regulation (GDPR) can present serious problems. First, it would expand what internet companies are likely covered by the regulations. Lots of American companies, which barely have any operations in Europe, have the potential of being impacted by these rules -- which would more or less lock in the right to be forgotten in a way that might even allow it to expand.
The GDPR asserts jurisdiction over entities that offer services to or “monitor” EU users. “Monitoring” seems to be defined broadly enough to include fairly standard web and app customization features, so the law reaches many online companies outside of the EU. In practice regulators presumably will not prioritize or dedicate limited resources to policing small and distant companies. But the GDPR will be an issue for companies with growing EU user bases and presence in Europe; and regulators can choose to enforce the law against many more entities around the world.
It could also wipe out further intermediary liability protections that have been so important to the internet and its success. While the US has strong intermediary protections in the form of CDA 230, Europe already had a much weaker form of intermediary liability based on the EU's E-commerce directive. The fear is that the new GDPR could more or less eat away at the existing protections, making more companies "liable" for content posted by users, if it's somehow deemed to violate some sort of privacy right.

And, as we've pointed out for years, when you don't have strong intermediary liability protections you tend to end up with widespread censorship and gatekeepers over expression. That's because no internet company wants to face a lawsuit just because some of its users are jerks. And the new rules are not at all clear -- and vagueness will create incentives for massive censorship:
For intermediaries processing third-party data, free expression is also relevant, though in ways that can be hard to pin down in practice. The legal basis for intermediaries’ processing in the first place is often that the processing serves “legitimate purposes.” ... When an intermediary declines to honor a removal request on free expression grounds, the GDPR provision invoked is one that references only “legitimate interests.”... While undefined, such legitimate purposes and interests clearly include expression and information rights. But the GDPR and existing law provide scant detail on how to assess these interests – this was one common critique of the Costeja ruling. And important questions about whose interests may be considered – which come up in litigation about content removal – are not always addressed well in GDPR drafts. For example, one draft provision allows controllers to decline to remove content based on “legitimate interests pursued by the controller, or by the third party or parties to whom the data are disclosed[.]” ... Under this formulation, the interests of the speaker – the user whose content is indexed, transmitted, or hosted – fall out of the analysis. Data protection law’s lack of detailed provisions for free expression made more sense in an era when regulated entities were assumed to be banks, employers, medical offices, and the like. Today, inattention to the unique role of Internet intermediaries in GDPR drafting will likely lead to more removals of lawful expression – and more litigation.
On top of this it would appear to expand the right to be forgotten even further, noting a general right to "erasure" as part of the data protection regulation -- which is a pretty damn Orwellian term in this context. Erasure is a tool that we should be very wary of, because as we've seen time and time again, when you give people the power to take content down, it gets abused massively by people trying to censor all kinds of content they don't want. Protecting privacy is one thing. "Erasing" public content people just don't like is another.

As someone who has strong beliefs about protecting both privacy and freedom of expression, it seems to me like it's fairly important to make sure that everyone's on the same page about what is private and what is not. This often seems to be where much confusion lies. In the EU's right to be forgotten case, it was basically decided that old but accurate information that was publicly released in newspapers, should be considered private when linked to a person's identity. Frankly, this approach seems nonsensical to me. If we're talking about actual private information -- i.e., information that was never publicly available in a perfectly legitimate form -- then perhaps there's a point. I can understand the arguments for potentially removing truly private information. But when "private information" is so broadly defined, and then internet platforms are suddenly liable for policing such content, you have a recipe for mass censorship, or even companies moving out of offering service in Europe altogether.

On top of that, as we've discussed at length, the idea of holding intermediaries liable for the actions/statements of their users is a really dangerous idea. It creates massive uncertainty that is only going to lead to greater censorship as internet companies start blocking content just to avoid any possibility of liability.

As Keller notes in this post, if this is to not create a massive mess for the internet around the globe, those who are concerned about privacy and those who are concerned about free speech (along with those who are concerned about the internet itself) need to get on the same page or in the same room to discuss these issues. Because, so far the discussions have been separate, and the end result may be a "data protection" regulation, put in place with truly good intentions by those who believe they're looking out for important privacy interests, but the end result is to whittle away at freedom of expression and at the keys to maintaining a free and healthy internet. Pretending that you can just focus on "privacy" without considering free expression or how the internet itself works is not only foolish and naive, but potentially dangerous for the internet.

39 Comments | Leave a Comment..

Posted on Techdirt - 8 October 2015 @ 7:00am

The Right Way To Stop Piracy

from the look-at-the-evidence dept

Read the new report from The Copia Institute,
The Carrot Or The Stick: Innovation vs. Anti-Piracy Enforcement »

Ever since the internet became a place where copyright infringement was rampant, we've seen the same basic playbook from the legacy entertainment industry: pass stricter anti-piracy laws. In the 30 years predating the big fight over SOPA in 2011-2012, the US had passed 15 separate anti-piracy laws. Countries around the globe (often under pressure from the US) have passed increasingly more draconian copyright laws designed to "stop piracy." And, when they can't pass laws directly, they resort to international trade agreements, like the TPP, whereby trade negotiators (who are directly influenced by the legacy entertainment industry) negotiate deals in back rooms that require stricter anti-piracy laws. And none of it works. Sure, when a new law first goes into effect there may be an initial, short-term decrease in piracy rates, but it doesn't last for more than a few months, as people quickly go back to finding ways to access the content they want.

So how about a different approach? One that actually does work. One that has been shown, time and time again, to actually reduce piracy rates? Enabling more innovation and allowing more services to legally deliver what consumers want.

The story in Sweden is somewhat famous. Sweden was home to the Pirate Bay and had sky high piracy rates. And then Spotify -- a company also born in Sweden -- launched at home. And piracy rates fell off a cliff. But only for music. Piracy for other products such as TV and movies remained high. Under pressure from the US, Sweden passed a strict anti-piracy law, IPRED. And, when it went into effect, there was a notable decline in piracy rates... but, within months, those rates rebounded to where they had been before, as people quickly figured out new ways to do what they were doing before. And then Netflix launched in Sweden. And piracy rates for TV and movies dropped.

This story made us wonder. So, over at the Copia Institute, we've been digging into similar situations around the globe, and this morning we're releasing our latest report: The Carrot or the Stick, in which we compare attempts to ratchet up anti-piracy enforcement against simply enabling more innovation, and the impact both have had on piracy rates in a bunch of different countries. Over and over again, we find the same basic story: anti-piracy laws have little to no long-term impact on piracy. Any impact is, at best, short term. However, when innovative services are allowed to thrive, and when there's real innovation, the public is more than willing to sign up in droves, often leaving their pirating ways behind.

Thus, if the entertainment industry is truly serious about decreasing piracy, why are they so resistant to the facts? Why do they fight tooth and nail against these services, demanding rates that are sure to bankrupt them, or putting ridiculous restrictions on them that limit their value to users? Why do they demand DRM or limit selection? It's difficult to make sense of this strategy.

And, yes, I know that some will claim that the two things (anti-piracy laws and innovation) go hand-in-hand -- and that the anti-piracy laws are necessary in order to make it possible for authorized services to thrive. Once again, however, our research showed that does not appear to be the case at all. In most countries we studied, the number of authorized services tended to rapidly expand before the introduction of new anti-piracy laws. And, in fact, sometimes we saw the number of services decline after these laws were in place, and after the "winners" in the market had already been established. In other words, entrepreneurs and users of these services saw no reason to wait for these laws, and the laws themselves don't appear to have done much to encourage more innovation in the field.

You can check out the full report over at the Copia site. Oh, and as a reminder, the White House's Intellectual Property Enforcement Coordinator is still asking for feedback on how to best use the federal government's resources on this issue. One would hope that learning what's in this new report would be helpful to him in crafting his new plan.

Read More | 53 Comments | Leave a Comment..

Posted on Techdirt - 8 October 2015 @ 5:09am

Purdue University Completely Freaks Out Because Bart Gellman's Speech Shows Classified Snowden Docs Already Seen By Millions

from the academia! dept

When Ed Snowden first gave his cache of documents to reporters, there were two sets handed out. Most famously, one set went to Glenn Greenwald, Laura Poitras and Ewan MacAskill, who went to Hong Kong on behalf of the Guardian. And the other set went to Bart Gellman, who wrote up reports on them (technically as a freelancer) for the Washington Post. Yesterday, Gellman wrote about a crazy story in which Purdue University absolutely freaked out, after it realized that Gellman gave a keynote speech -- for an event organized by the University President, and which Gellman had been specifically asked to give -- that showed some of the previously released Snowden documents during his presentation. Despite promising Gellman that the talk had been recorded and a link and a copy of the video would be sent to him, instead, Purdue ended up deleting the whole thing and basically stopped responding to him.

The reason? Apparently Purdue has a deal with the US government, in order to perform classified research on behalf of the government. To do this, the university had to get "facility security clearance." And, in order to keep that status, it has to abide by certain rules on "classified information spillage." Apparently, some at Purdue decided to overreact entirely, which Gellman discovered as soon as the Q&A section opened up:

If I had the spider sense that we journalists like to claim, I might have seen trouble coming. One of the first questions in the Q & A that followed my talk was:
"In the presentation you just gave, you were showing documents that were TS/SCI [top secret, sensitive compartmented information] and things like that. Since documents started to become published, has the NSA issued a declass order for that?"
I took the opportunity to explain the government’s dilemmas when classified information becomes available to anyone with an internet connection. I replied:
"These documents, by and large, are still classified. And in many cases, if you work for the government and you have clearance, you’re not allowed to go look at them…"

"Now, it’s perfectly rational for them to say, we’re not going to declassify everything that gets leaked because otherwise we’re letting someone else decide what’s classified and what’s not. But it gets them wound up in pretty bad knots."
By way of example, I mentioned that the NSA, CIA, and Office of the Director of National Intelligence “have steadfastly refused to give me a secure channel to communicate with them” about the Snowden leaks. Bound by rules against mingling classified and unclassified communications networks, they will not accept, for example, encrypted emails from me that discuss Top Secret material. In service of secrecy rules, they resort to elliptical conversation on open telephone lines.

My remarks did not answer the question precisely enough for one post-doctoral research engineer. He stood, politely, to nail the matter down.
“Were the documents you showed tonight unclassified?” he asked.

“No. They’re classified still,” I replied.

“Thank you,” he said, and resumed his seat.
And all of that apparently set off a chain reaction where some people freaked out and alerted Purdue's "Information Assurance Officer" who then told Purdue's representative at the Defense Security Service, leading to an escalation that resulted in a DELETE EVERYTHING FREAKOUT. Of course, once Gellman published his blog post making Purdue look silly, it quickly backtracked:
In an overreaction while attempting to comply with regulations, the video was ordered to be deleted instead of just blocking the piece of information in question. Just FYI: The conference organizers were not even aware that any of this had happened until well after the video was already gone.

I’m told we are attempting to recover the video, but I have not heard yet whether that is going to be possible. When I find out, I will let you know and we will, of course, provide a copy to you.
We've talked about this a few times before, and the head in sand approach the government takes to pretending that publicly available leaked classified information is still secret. Government employees are regularly told they cannot look at such documents even if those documents are splashed across the pages of the Washington Post, the NY Times or other news sources. The rationale for this is that it takes away at least some incentive for people to force declassification by leaking documents. But it doesn't really. It just makes everyone look foolish. In the business world, most standard non-disclosure agreements include a clause that says that if the material becomes public through other means, the agreement no longer applies. It's ridiculous that the same is not true for classified information as well.

Perhaps even more ridiculous is how the University responded to Gellman's questions prior to him posting the blog post about Purdue's overreaction:
I left word for Mitch Daniels, the former Indiana governor who became Purdue’s president two years ago. Daniels had introduced my talk and asked me to speak again for guests at a dinner he held that night. He was a delightful, well-read and open-minded host, but he has not returned my messages either. I sent one last note, detailing my main points here, to Purdue’s assistant vice president for strategic communications. I’ll update with her reply if she sends one.

The irony is that the Dawn or Doom colloquium was Daniels’s own personal project. Two of the organizers told me he is fascinated by the contradictory responses – from celebration to alarm – that tend to accompany big technological advances. He proposed to convene Purdue faculty members and leading national experts to explore the risks and promises of artificial intelligence, robotics, and Big Data surveillance, among other developments.

In his own view, Dawn or Doom is not a hard question. Daniels and I chatted about that theme as we stood in the wings off stage, shortly before my talk.

“The answer always turns out to be, it’s dawn,” he said.
Except when his own university overreacts. Gellman also notes that this suggests that this whole situation speaks ill of Purdue as an institute of higher learning:
Purdue has compromised its own independence and that of its students and faculty. It set an unhappy precedent, even if the people responsible thought they were merely following routine procedures.

Think of it as a classic case of mission creep. Purdue invited the secret-keepers of the Defense Security Service into one cloistered corner of campus (“a small but significant fraction” of research in certain fields, as the university counsel put it). The trustees accepted what may have seemed a limited burden, confined to the precincts of classified research.

Now the security apparatus claims jurisdiction over the campus (“facility”) at large. The university finds itself “sanitizing” a conference that has nothing to do with any government contract. Where does it stop? Suppose a professor wants to teach a network security course, or a student wants to write a foreign policy paper, that draws on the rich public record made available by Snowden and Chelsea Manning? Those cases will be hard to distinguish from mine.
The backtracking now that the university is embarrassed is better than ignoring the issue, but it's ridiculous that it got this far in the first place.

27 Comments | Leave a Comment..

Posted on Techdirt - 8 October 2015 @ 3:06am

Matthew Keys Found Guilty Of Criminal 'Hacking' For Sharing News Company Login

from the seems-extreme dept

Two and a half years ago, we wrote about former Reuters editor Matthew Keys being indicted based on charges that he'd shared the login information for the content management system to his former employer, the Tribune Company, in an online forum and then encouraged members of Anonymous in that forum to mess things up. Some people used that access to change a story on the LA Times website. Keys insists that he didn't do this and the feds have no direct evidence linking him to whoever leaked the login (he also claims at the time of the leak he no longer had access to the Tribune Company's systems).

As we noted at the time, if we accept the DOJ's version of what happened, what Keys did definitely was the wrong thing to do. But the result was little more than annoying vandalism -- and nothing Keys did should qualify as "criminal hacking." The changes to the LA Times were up for less than an hour and quickly reverted. There was little evidence that it created any real damage, and certainly no lasting damage. And yet, because this is a "computer crime," the feds came down on Keys as if he was part of some massive criminal conspiracy. In order to use the already problematic CFAA, it needed to show more than $5,000 worth of damage, which is crazy. Even crazier... is that the feds argued $929,977 worth of damage, based on some ridiculously exaggerated estimates of the amount of time people had to work on this issue.

And now a jury has convicted Keys on all three counts. Sentencing will be in January, and while lots of people are throwing around the statutory maximum of 25 years in jail, prosecutors have said they'll likely ask for "less than 5 years" according to Motherboard's Sarah Jeong, who was at the courthouse.

I think it's clear that Keys was in the wrong in handing out the login to the Tribune's systems, if he actually did it. But should that equate to criminal hacking charges and jailtime, because it resulted in a bit of online vandalism and some annoyance for a sys admin somewhere? That seems doubtful. As Keys himself points out in a pinned tweet in his Twitter feed, if sharing logins is a criminal act, all of you who share your HBO Go or Netflix logins may want to be careful.

The problem, once again, comes back to the ridiculous CFAA and the bogeyman of "computer hackers." It was wrong to give out the login, but the idea that it did even $5,000 in damage (as required by the CFAA), let alone nearly a million in damages, is ludicrous. It's even more ludicrous that this should be a criminal offense with any jailtime at stake. Go after him in a civil case for actual damages (of which there would be very little) and move on. Keys, for his part, has said the verdict is "bullshit" and he's planning to appeal.

It's way past time that we fixed the CFAA, and the Matthew Keys verdict is just yet another reminder that Congress needs to do something.

31 Comments | Leave a Comment..

Posted on Techdirt - 7 October 2015 @ 12:53pm

Australia Finally Rejects Gene Patents

from the big-win dept

Back in 2013, in a hugely important decision, the US Supreme Court rejected the idea of gene patents, in particular the patents held by Myriad Genetics for the BRCA1 and BRCA2 genes (that are genetic warning signs for breast cancer). A parallel case was happening down in Australia, where an Australian court went the other way last year, ruling that genes could be patented. As we noted, the case could still be appealed to the Australian High Court. And now... the High Court has finally rejected gene patents.

The High Court held that an isolated nucleic acid, coding for a BRCA1 protein, with specific variations from the norm that are indicative of susceptibility to breast cancer and ovarian cancer, was not a "patentable invention"...
Specifically, the court rejected the argument that isolating the gene represented a "manner of manufacture" as required by the law to be patentable.
The Court unanimously allowed the appeal, holding that the invention claimed did not fall within the concept of a manner of manufacture. The Court held that, having regard to the relevant factors, an isolated nucleic acid, coding for the BRCA1 protein, with specified variations, is not a manner of manufacture. While the invention claimed might be, in a formal sense, a product of human action, it was the existence of the information stored in the relevant sequences that was an essential element of the invention as claimed. A plurality of the Court considered that to attribute patentability to the invention as claimed would involve an extension of the concept of a manner of manufacture which was not appropriate for judicial determination.
That's a fairly complex way of saying you can't patent genes. It's always nice to see a little more common sense enter the patent system.

Read More | 5 Comments | Leave a Comment..

Posted on Techdirt - 7 October 2015 @ 11:46am

TPP Also Locks In Broken Anti-Circumvention Rules That Destroy Your Freedoms

from the sad-to-see dept

We already wrote about how New Zealand has released some of the details about the finalized TPP agreement before the official text is released. The one we discussed is forcing participants into a "life plus 70 years" copyright term, even as the US had been exploring going back towards a life plus 50 regime like much of the rest of the world. That won't be possible any more.

Another issue revealed in the New Zealand announcement is that the TPP will similarly lock in an anti-circumvention clause. In the US, we have a really problematic anti-circumvention law in Section 1201 of the DMCA, which says it's against the law to circumvent "technological protection measures" even if for reasons that are perfectly legal and non-infringing. This has created a huge mess that threatens innovation in all sorts of problematic ways. It takes away our freedom to tinker with devices that we own. It also makes it illegal to do things that pretty much everyone agrees should be perfectly legal.

Earlier this year, some in Congress introduced a bill to fix Section 1201. However, that may not be possible after the TPP is agreed to. Again, the details matter, but here's what New Zealand has to say about this issue:

New Zealand has, however, agreed to extend its existing laws on technological protection measures (TPMs), which control access to digital content like music, TV programmes, films and software. Circumventing TPMs will be prohibited but exceptions will apply to ensure that people can still circumvent them where there is no copyright issue (for example, playing region-coded DVDs purchased from overseas) or where there is an existing copyright exception (for example, converting a book to braille).
So, yes, it appears there will be certain exceptions allowed, but again that gets the equation entirely backwards. At best, circumvention should be considered legal as the default, and the problem should only come in if the circumvention was done for the purpose of actual infringement. Starting from the position of "no circumvention" and then backdooring in "exceptions" massively hinders innovation by requiring permission before certain innovations are allowed.

Given how important this kind of innovation has been for the tech sector, it's disappointing in the extreme that the USTR has decided to lock this in and block all kinds of important innovations from moving forward. Once again, the USTR seems focused on protecting legacy industries while hamstringing innovative industries.

Read More | 44 Comments | Leave a Comment..

Posted on Techdirt - 7 October 2015 @ 10:46am

Former NSA Directors Coming Out Strongly *Against* Backdooring Encryption

from the didn't-see-that-coming dept

Earlier this summer, we were taken a bit by surprise when both former NSA/CIA boss Michael Hayden, along with former DHS boss Michael Chertoff, came out fairly strongly against backdooring encryption at a time when their counterparts still in the government seemed to be leaning in the other direction and have been pushing proposals to mandate backdoors. And it appears they're not backing down. Hayden has now doubled down with further statements against backdooring encryption, according to Lorenzo Franceschi-Bicchierai at Vice's Motherboard.

Michael Hayden, the former head of the US top spy agencies, the CIA, and the NSA, thinks the US government should stop railing against encryption and should support strong crypto rather than asking for backdoors.

The US is “better served by stronger encryption, rather than baking in weaker encryption,” he said during a panel on Tuesday.
Later, he told Lorenzo that part of his thinking is that the intelligence community doesn't need such backdoors since it has other ways of getting that info:
“In retrospect, we mastered the problem we created by the lack of the Clipper Chip,” he said. “We were able to do a whole bunch of other things. Some of the other things were metadata, and bulk collection and so on.”
Hayden is being a bit snarky there. He knows that privacy advocates will take his words about backdooring encryption and celebrate them, so he's using it at the same time to argue in favor of the other problematic programs -- programs that Hayden is most closely associated with involving mass surveillance. He's also being disingenuous. The metadata and mass surveillance efforts generally give you access to a different kind of information. What Hayden leaves out, of course, is the real reason why backdoors usually aren't that important: because there are almost always ways to hack into encrypted data, though that also raises serious questions.

Meanwhile, another former NSA director, Mike McConnell, has joined with the other two Michaels in arguing against backdoors. This according to Kaveh Waddell at the National Journal:
“Don’t get in the way of pro­gress,” Mc­Con­nell said Thursday at a pan­el dur­ing an en­cryp­tion sum­mit hos­ted by The Wash­ing­ton Post. “Don’t get in the way of in­nov­a­tion and cre­ativ­ity, be­cause this is go­ing to hap­pen. Some­body’s go­ing to provide this en­cryp­tion.”

Mc­Con­nell’s po­s­i­tion is a com­plete de­par­ture from the per­spect­ive he rep­res­en­ted in gov­ern­ment, a shift he has pub­licly ac­know­ledged. When he ran the Na­tion­al Se­cur­ity Agency in the 1990s, Mc­Con­nell was a vo­cal sup­port­er of the Clip­per Chip, a device de­veloped by the NSA that al­lowed the gov­ern­ment to de­crypt elec­tron­ic com­mu­nic­a­tions.
Of course, what's mostly left out of this discussion is that both McConnell and Hayden are now in the private sector -- Hayden at the Chertoff Group with Michael Chertoff, and McConnell at defense contracting giant (and former Ed Snowden employer) Booz Allen Hamilton -- where both have economic reasons for supporting actual stronger security, rather than undermining such security. Either way, in this debate, it seems that those pushing for backdooring encryption are increasingly being marginalized entirely. Even their normally faithful supporters have moved on into the world of reality, where backdooring encryption only leads to trouble.

17 Comments | Leave a Comment..

Posted on Techdirt - 7 October 2015 @ 6:13am

New Zealand Confirms That TPP Would Extend Copyright Terms In Many Countries, Block US Plans To Reduce Terms

from the total-failure dept

Previously leaked reports and drafts of the TPP agreement had showed that the US and Australia were strongly pushing other countries to extend the minimum copyright terms to "life plus 70 years," up from the international norm of "life plus 50 years." Mexico was actually pushing for life plus 100 at one point. This seemed bizarre to us. It's hard to see how anyone could legitimately support extending copyright terms, but the USTR refused to back down. This made no sense, given that here in the US, as we undergo a major copyright reform effort, even the head of the US Copyright Office has admitted that perhaps it's time to start moving back towards life plus 50 years here in the US.

So, now with the TPP concluded and no one willing to release the actual text, New Zealand has at least admitted that it and Canada caved and agreed to put "life plus 70" into the TPP.

TPP requires New Zealand to move to 70 years as well, but allows for a transition to do this over time.

This change could benefit New Zealand artists in some cases, but the benefits are likely to be modest. Extending the copyright period also means New Zealand consumers and businesses will forego savings they otherwise would have made from books, music and films coming off copyright earlier. The net cost of extending New Zealand’s copyright term from 50 to 70 years will be small to begin with and increases gradually over 20 years, reaching a relatively constant level after that. Over the very long term, including the initial 20-year period, the average annual cost is estimated to be around $55 million.
This is hugely problematic and, once again, shows how even if the TPP doesn't directly require changes to current US law, at the very least it locks in a very dumb provision that the US has already expressed interest in changing. And now we won't be able to because an unelected bureaucrat, negotiating behind closed doors with help from the MPAA & RIAA, pushed through provisions like this one.

49 Comments | Leave a Comment..

Posted on Techdirt - 6 October 2015 @ 2:54pm

The TPP And The Tobacco Carve-out Bring Together Strange Bedfellows... While Highlighting The Problems Of The TPP

from the not-a-good-idea dept

It's been rumored for years, but reports out of Atlanta suggest that it's now confirmed that in order to finalize the Trans Pacific Partnership (TPP) agreement, everyone agreed to carve tobacco out of the corporate sovereignty system, better known as ISDS (investor state dispute settlement). These systems allow companies to sue countries for passing regulations that the companies feel harm their ability to profit -- and tobacco companies have already filed ISDS complaints in a few countries that have pushed to put health warnings on cigarette packages.

While some health activists have cheered on this carve out -- it appears that almost everyone else is pissed off. Not because they think that Big Tobacco should be shaking down countries that pass anti-smoking laws (though, there may be some of that), but because they recognize the problems that occur when governments can start to set up trade deals that "carve out" certain industries. It's opening up a huge can of worms. Even some supporters of corporate sovereignty/ISDS are worried about what it means when one particular industry can just be excluded entirely from the process. Two of the biggest supporters of ISDS and TPP in Congress, Senators Mitch McConnell and Orrin Hatch, have both warned that the US should not carve out tobacco. Here's McConnell a few months ago, standing up for those poor, poor tobacco farmers:

“It is essential as you work to finalize the TPP, you allow Kentucky tobacco to realize the same economic benefits and export potential other U.S. agricultural commodities will enjoy with a successful agreement.”
And here's Hatch actually making a fairly salient point about the carve out:
“Although I don’t support tobacco at all, I still think it was essential,” Hatch said. “It’ll cost us some votes. And every vote is essential. And there are other things I am very concerned about. I’ve committed to read the bill, and I will read it, but right now I’m leaning against it.”
That doesn't bode well for the agreement, given that Hatch was a huge supporter of the TPP. Another Senator, Thom Tillis, has pointed out that carving out one industry opens up the possibility of carving out others:
“I’ll not only vote against it, I’ll work hard to have it defeated if it goes in the final agreement.... Once you carve out someone from dispute settlement agreements, then who’s next?”
And the tobacco carve-out, believe it or not, seems to be one thing that both big business and big labor agree on, though for entirely different reasons. The US Chamber of Commerce and the National Association of Manufacturers are totally against it:
we ask all of the TPP governments to reject the exclusion of products from the coverage of the TPP and its enforcement mechanism.... Such exclusions are unnecessary and would be highly damaging to the international rules based trading system and the prospects for the TPP.
And here was the AFL-CIO opposing the entire ISDS mechanism, and noting that the tobacco carve-out just highlights the problems of ISDS. Whereas Senator Tillis worried about "who's next" to get carved out, the AFL-CIO is pointing out that maybe there should be a lot more.
Any industry-specific carve-out will not address the serious structural problems inherent in the system itself. Issues of broad public interest should not be viewed through the narrow lens of trade and investment at all, let alone decided by unaccountable private panels. Systems of justice should be transparent and accessible on an equal basis. ISDS is anything but: Only foreign investors can use it and there are no requirements that affected communities be allowed to participate or even have their view considered. In many cases, there often are not even requirements that hearings or decisions be made available to the public at all! Even in the case of clear legal error, it is almost impossible to reverse a decision.
Indeed, as Sean Flynn pointed out just last week, carving out tobacco really just enforces how dangerous corporate sovereignty really is:
The new exception validates, rather than assuages, the concerns of those who have been criticizing ISDS systems for many years. Without express carve outs, ISDS provisions do threaten common health and safety regulations.

The carve out does nothing to halt the disturbing recent trend of companies using ISDS provisions in trade agreements to enforce international intellectual property norms through ISDS tribunals. This is, indeed, the claim at the heart of the tobacco cases now being litigated in ISDS systems. The claim is that tobacco regulations requiring plain packaging violate the trademark rights of tobacco companies protected by the World Trade Organization agreement on Trade Related Aspects of Intellectual Property Rights (TRIPS). The pharmaceutical company Eli Lilly has also claimed that the denial of a new use patent on an old (off-patent) medicine violates rights granted by TRIPS and the North Atlantic Free Trade Agreement (NAFTA).
Meanwhile, US trade officials are, of course, trying to tap dance around the fact that basically everyone absolutely hates this. The USTR has tried to pretend this isn't a big deal because tobacco is "unique."
The U.S. Government seeks to include this language because tobacco is a unique product – it is highly addictive, always harmful to human health, and the single most preventable cause of death in the world. Recognizing these facts about tobacco through the TPP will represent an important step forward for public health in the international trade community.
It's true that tobacco can be a serious health concern, but shouldn't we be raising questions about why this procedure is no good for tobacco companies, but just dandy for every other industry -- including some that produce harmful products? Or those like pharmaceutical companies who are jacking up prices to keep necessary medicines out of the hands of the poor?

Oh, and then there are those who are in complete denial, who are insisting that there really isn't a carve-out for tobacco, even though there almost certainly is (we can't say for sure, of course, because the documents are secret):
“TPP will not discriminate against any agricultural commodity nor will it exclude tobacco. On the contrary, TPP will provide protections to ensure that governments can implement tobacco control measures, while guaranteeing that tobacco has the same legal status as any other product,” a U.S. official told CQ Roll Call last week.
In short, the whole tobacco carve-out situation is a microcosm of the problems with the TPP. You have a terrible idea (corporate sovereignty) mixed with a weak attempt to appease health activists (carve out tobacco), that basically fixes nothing and satisfies no one. And, now, the same Senators in Congress who demanded the fast track authority be granted, which ties their own arms behind their backs in terms of changing the agreement, are threatening to force this change, even though they've already given up the power to do so.

28 Comments | Leave a Comment..

Posted on Techdirt - 6 October 2015 @ 1:55pm

Happy Birthday And The Problem With The Copyright Office's 'Orphan Works' Plan

from the orphan-works-are-your-fault,-don't-blame-us dept

A few weeks ago, we wrote about the big ruling by Judge George King in a district court in California that Warner/Chappell does not hold a valid copyright in the song "Happy Birthday." The press ran with the story, with nearly all of the coverage falsely stating that the judge had declared Happy Birthday to be in the public domain. As we noted in our post, however, that was not the case. While the plaintiffs had urged just such a finding, Judge King noted that there were issues related to this that a jury would need to answer, and he would not go that far. Instead, he merely stated that Warner did not hold a valid copyright. Many people assume that this is good enough. The likelihood of some third party magically showing up after all of these years and not just claiming the copyright, but having enough evidence to prove it seems very slim. Glenn Fleishman has done a nice job writing up a detailed explanation of this copyright mess for Fast Company, in which he notes the "uncertainty is maddening."

It's worse than that. As we noted in our original post, technically, this makes "Happy Birthday" an orphan work -- i.e., a work where the exact copyright status or owner is "unknown." Orphan works have been a big problem that the Copyright Office has been studying for some time. However, the solution proposed by the Copyright Office is ridiculous, and the case of Happy Birthday should demonstrate pretty simply why the proposal is broken.

The plan says that anyone who wants to make use of an orphaned work would have to meet six criteria to avoid possible liability:

Users must: (1) if sued for infringement, prove to the court by a preponderance of the evidence that they performed a good faith, qualifying search to locate and identify the owner of the infringed copyright before the use of the work began; (2) file a Notice of Use with the Copyright Office; (3) provide attribution to the legal owner of the copyright, if reasonable under the circumstances; (4) include a to-be-determined "orphan works" symbol with any public distribution, display, or performance of the work; (5) assert eligibility for such limitations in the initial pleading in any civil action involving the infringed work; and (6) state with particularity the basis for eligibility for the limitations during initial discovery disclosures.
Now, let's look at this in terms of Happy Birthday. If you want to sing Happy Birthday, you would first have to conduct and document a "good faith, qualifying search to locate and identify the owner" of Happy Birthday before you sang it. You would then have to file a "notice of use" with the Copyright Office, telling the Copyright Office about this use of an orphaned work. Now, obviously, for most folks singing "happy birthday" at a birthday party, they're not going to do that -- and that's fine. After all, they ignored the copyright when many believed Warner/Chappell held a valid copyright.

But -- and here's the important point -- all of the "professional" situations where the song was used would almost certainly have to go through this process. Films that used the song wouldn't be able to get "errors and omissions" (E&O) insurance without first proving they made it through this process (and you need E&O insurance to ever get a movie released). Restaurants that wanted to sing Happy Birthday rather than their made up song would need to do the same thing. And they'd all likely have to hire lawyers in order to properly document the "search" and to file the notice with the Copyright Office. And very few people are going to want to go through that process. It may be slightly better than paying thousands of dollars to Warner/Chappell, but not much.

How is this solution possibly a "good compromise" on the issue of orphan works? How does adding such a burden, just so someone can sing Happy Birthday, possibly make sense?

Once again, the "problem" of orphan works is a self-made problem, created by copyright laws that automatically grant copyright to all new fixed works, rather than requiring registration in the first place. If it required registration, there would be some sort of record and paper trail of who owned the copyright and when it was valid. But in a world where everything gets copyright protection, we get a world with millions upon millions of orphaned works -- and if anyone who ever wanted to do anything with it had to go through the convoluted mess just to do something like sing Happy Birthday, the "answer" is no answer at all. It's just making a bad problem worse.

The way to fix orphan works is not to increase the burden, it's to fix a broken copyright system, and to require registration in the first place.

Bonus content: This doesn't fit directly into this post about orphan works, but this video by Vi Hart about the copyright on Happy Birthday is totally worth watching, presenting the issue from the perspective of someone knowledgeable about music theory, rather than copyright law, and showing yet another way in which the idea that Happy Birthday ever deserved copyright is a ridiculous idea.

50 Comments | Leave a Comment..

Posted on Techdirt - 6 October 2015 @ 10:44am

Apple Punishes iFixit For Doing A Tear Down On Apple TV

from the really-now? dept

The past two Techdirt podcasts had special guest Kyle Wiens, the CEO of iFixit, discussing both the DMCA's anti-circumvention review process and the more general importance of the freedom to tinker. In those podcasts, Wiens talked a bit about some companies being more willing than others to support iFixit's efforts to help people repair or modify products they had purchased.

Apple, apparently, is not a fan.

The company, which is famous for its somewhat arbitrary decisions to reject certain apps from appearing in its iTunes store, has now pulled iFixit's app entirely. Though, this time it's not necessarily for "arbitrary" reasons, but because Apple is pissed that iFixit took the Apple TV device that Apple sent the company, and did a teardown on it.

Of course, that makes you wonder what the hell Apple expected iFixit to do, since teardowns are kind of its thing.

Not too long ago, we tore down the Apple TV and Siri Remote. The developer unit we disassembled was sent to us by Apple. Evidently, they didn’t intend for us to take it apart. But we’re a teardown and repair company; teardowns are in our DNA—and nothing makes us happier than figuring out what makes these gadgets tick. We weighed the risks, blithely tossed those risks over our shoulder, and tore down the Apple TV anyway.

A few days later, we got an email from Apple informing us that we violated their terms and conditions—and the offending developer account had been banned. Unfortunately, iFixit’s app was tied to that same account, so Apple pulled the app as well. Their justification was that we had taken “actions that may hinder the performance or intended use of the App Store, B2B Program, or the Program.”

Live and learn.
iFixit notes that it's not too concerned about this. Its Android app still works, and it's been improving its mobile site so you don't really need an app in the first place. And also, iFixit offers open APIs that would allow others to make their own apps that use iFixit data (though whether or not Apple would approve such an app is another question).

But, still, in this age where so much of what we buy is computerized and a complete black box, one of the key points of last week's podcast was the importance of learning what's really inside these boxes. Given that Apple's earliest roots come from Steve Wozniak hacking around devices and building something better, it seems like a real shame that Apple is not only not supporting such activities with its own equipment, but it's actively punishing those who do so.

72 Comments | Leave a Comment..

Posted on Techdirt - 6 October 2015 @ 8:21am

NSA Screws Up Another Thing: EU Court Of Justice Throws The Internet For A Loop In Ending Safe Harbor

from the well,-now-what? dept

A couple of weeks ago we wrote about the fact that it appeared that the EU Court of Justice was likely to throw out the EU-US data protection safe harbor as invalid, following a case brought over the NSA's snooping on US tech companies -- and now it has happened. The "the EU-US data protection safe harbor" may sound boring, but it's actually been fairly important in making sure that US internet companies can operate in Europe. It's been under attack for some time from those who feel that these American companies don't take European privacy interests seriously enough, but it's really the NSA and its idiotic "collect it all" mentality that has brought the whole structure crashing down. Many will celebrate this, but probably for the wrong reasons. As it stands right now, this result is undoubtedly bad for the internet. What happens next is key. If you want to blame anyone... blame the NSA. And if the US wants to fix this mess, it needs to stop mass surveillance.

The case was brought by Max Schrems, an Austrian privacy activist who argued that the NSA's PRISM surveillance program (a program that resulted from Section 702 of the FISA Amendments Act, and enables the NSA to request certain information from internet companies, once approved by the FISA Court) violates the safe harbor. The safe harbor itself was established back in 2000 in order to allow internet companies to transfer data from Europe back to the US, with a promise that the privacy of that data would be kept at a similar level as if it were in Europe. The process for getting such safe harbor protections is something of a joke (we've gone through it here at Techdirt), and mostly involves throwing money at an organization that takes money to make sure your policies comply with the safe harbor requirements. Like so many regulations, it really seems to only serve to shift money to those who make sure you comply.

Still, losing those safe harbors can really shake up the internet -- and not necessarily in a good way. While I'm sure some (probably short-sighted) privacy advocates will cheer on this result, it's going to make a mess of things for the time being. Europe has been working on a new data protection directive to update the old one (which the safe harbor is based on) and early indications are that it will be a mess, and potentially hazardous to free speech rights. In addition, the US and EU have been trying to negotiate a new data protection safe harbor anyway, and that hasn't been going smoothly, and this will continue to throw a wrench into things.

Big companies will likely be able to negotiate their way around this, but there will likely be some legal flareups in one or two countries, creating a mishmash of jurisdictional confusion over privacy rights. Smaller internet companies will now face much greater threats in doing business in Europe. Even worse, some are going to use this as an opportunity to try to fragment the internet, demanding companies keep data locally within country borders -- which actually will create more targets for mass surveillance, rather than fewer. Chances are that little will change in the immediate future -- as many companies will just keep right on doing what they're doing and hoping no one really cares. But the potential for people to bring lawsuits could shake things up.

In the specific case here, the Court of Justice found that the safe harbor was invalid, and thus it did not stop Irish officials from considering Schrems' complaint that Facebook violated his rights in making data available to the NSA. So that specific case still needs to move forward and should be interesting to watch.

In short, though, this is yet more damage directly done by the NSA and the US's ridiculous attitude towards mass surveillance, without any concern at all to the economic costs that such mass surveillance creates for US companies. As the EFF notes in its response to the news, the US brought this on itself with its idiotic mass surveillance efforts. This end result is a mess that could lead to greater fragmentation of the internet, which won't do anything to better protect people's privacy (and, actually, might make it more exposed). The only logical way forward is to move away from mass surveillance and towards a more comprehensive view of privacy that takes into account the public's rights -- including the right to free expression. Danny O'Brien at EFF sums it up nicely:

That would certainly force the companies to re-think and re-engineer how they manage the vast amount of data they collect. It will not, however, protect their customers from mass surveillance. The geographic siloing of data is of little practical help against mass surveillance if each and every country feels that ordinary customer data is a legitimate target for signals intelligence. If governments continue to permit intelligence agencies to indiscriminately scoop up data, then they will find a way to do that, wherever that data may be kept. Keep your data in Ireland, and GCHQ may well target it, and pass it onto the Americans. Keep your data in your own country, and you'll find the NSA—or other European states, or even your own government— breaking into those systems to extract it.

What will change the equation is for states, including and especially the United States, to realize that dragnet surveillance undermines their national security and the global security of our data. It has economic consequences, as regulators, companies and individuals lose trust in Internet companies and services. It has political consequences as nations vie to keep data out of the hands of other countries, while seeking to keep it trackable by their own intelligence services.

There's only one way forward to end this battle in a way that keeps the Internet open and preserves everyone's privacy. Countries have to make clear that mass surveillance of innocent citizens is a violation of human rights law, whether it is conducted inside their borders or outside, upon foreigners or residents. They have to bring their surveillance programs, foreign and domestic, back under control.
The ruling today is not a win for privacy. It creates a bigger mess, but it's one that needs to be cleaned up at the source, and that's where governments (and not just the US government) are going with mass surveillance. Unfortunately, there doesn't seem to be any indication that this is what's going to happen. Instead, expect the US and EU to try to paper over this by coming up with a new safe harbor plan that won't change anything, but which may just be more expensive for companies. That's a mistake. There's a way to fix this mess and it's to stop mass surveillance.

Read More | 45 Comments | Leave a Comment..

Posted on Techdirt - 5 October 2015 @ 12:43pm

The Stagnation Of eBooks Due To Closed Platforms And DRM

from the open-it-all-up dept

Craig Mod has a fascinating article for Aeon, talking about the unfortunate stagnation in digital books. He spent years reading books almost exclusively in ebook form, but has gradually moved back to physical books, and the article is a long and detailed exploration into the limits of ebooks today -- nearly all of which are not due to actual limitations of the medium, but deliberate choices by the platform providers (mainly Amazon, obviously) to create closed, limited, DRM-laden platforms for ebooks.

When new platform innovations come along, the standard progression is that they take the old thing -- whatever it is they're "replacing" -- and create a new version of it in the new media. Early TV was just radio plays where you could see the people, for example. The true innovation starts to show up when people realize that you can do something new with the new media that simply wasn't possible before. But, with ebooks, it seems like we've never really reached that stage. It's just replicated books... and that's it. The innovations on top of that are fairly small. Yes, you can suddenly get any book you want, from just about anywhere and start reading it almost immediately. And, yes, you can take notes that are backed up. Those are nice. But it still just feels like a book moved from paper to digital. It takes almost no advantage of both the ability to expand and change the canvas, or the fact that you're now a part of a world-connected network where information can be shared.

While I don't think (as some have argued) that Amazon has some sort of dangerous "monopoly" on ebooks, Mod is correct that there's been very little pressure on Amazon to continue to innovate and improve the platform. And, he argues (quite reasonably), if Amazon were to open up its platform and let others innovate on top of it, the whole thing could become much more valuable:

It seems as though Amazon has been disincentivised to stake out bold explorations by effectively winning a monopoly (deservedly, in many ways) on the market. And worse still, the digital book ‘stack’ – the collection of technology upon which our digital book ecosystems are built – is mostly closed, keeping external innovators away.

To understand how the closed nature of digital book ecosystems hurts designers and readers, it’s useful to look at how the open nature of print ecosystems stimulates us. ‘Open’ means that publishers and designers are bound to no single option at most steps of the production process. Nobody owns any single piece of a ‘book’. For example, a basic physical book stack might include TextEdit for writing; InDesign for layout; OpenType for fonts; the printers; the paper‑makers; the distribution centres; and, finally, the bookstores that stock and sell the hardcopy books.
And, on top of this, people creating "ebooks" are limited to the options given to them by Amazon and Apple and Google. And then it all gets locked down:
Designers working within this closed ecosystem are, most critically, limited in typographic and layout options. Amazon and Apple are the paper‑makers, the typographers, the printers, the binders and the distributors: if they don’t make a style of paper you like, too bad. The boundaries of digital book design are beholden to their whim.
The fact that all of these platforms rely on DRM -- often at the demands of short-sighted publishers -- only makes the problem worse:
The potential power of digital is that it can take the ponderous and isolated nature of physical things and make them light and movable. Physical things are difficult to copy at scale, while digital things in open environments can replicate effortlessly. Physical is largely immutable, digital can be malleable. Physical is isolated, digital is networked. This is where digital rights management (DRM) – a closed, proprietary layer of many digital reading stacks – hurts books most and undermines almost all that latent value proposition in digital. It artificially imposes the heaviness and isolation of physical books on their digital counterparts, which should be loose, networked objects. DRM constraints over our rights as readers make it feel like we’re renting our digital books, not owning them.
If ebook platforms and technology were more open, it's quite conceivable that we'd be experiencing a different kind of ebook revolution right now. People could be much more creative in taking the best of what books provide and leveraging the best of what a giant, connected digital network provides -- creating wonderful new works of powerful art that go beyond the standard paper book. But we don't have that. We have a few different walled gardens, locked tight, and a weak recreation of the paper book in digital form.

It's difficult to mourn for lost culture that we never actually had, but it's not difficult to recognize that we've probably lost a tremendous amount of culture and creativity by not allowing such things to thrive.

88 Comments | Leave a Comment..

Posted on Techdirt - 5 October 2015 @ 11:42am

Stanford Professor Insists Consumers Are Helped By Patent Trolls

from the why-does-stanford-hire-these-people dept

Bloomberg has a weird story about Unwired Planet's patent trolling. As we've discussed, Unwired Planet is a company that's gone through many forms over the years, from Phone.com to Openwave and then Unwired Planet. It's true that the company was something of a pioneer in early WAP browsers, but WAP browsers were a joke that never caught on. The mobile internet didn't really catch on until the rise of smartphones and higher bandwidth wireless data connections -- which Unwired Planet had nothing to do with. So like many failed tech companies, it decided to go full on patent troll. A few years ago, we wrote about it buying more than 2,000 patents from Ericsson that it was then using to shake down companies that didn't fail in the same space that Unwired Planet did fail in.

The Bloomberg article is mostly unremarkable, other than calling the company the "inventor" of the mobile internet. That's misleading. It was one hyped up company that helped push a failed vision of a mobile internet, that eventually went nowhere. And now it's patent trolling. But the other bizarre part of the article is that it quotes Stanford professor Stephen Haber as claiming that consumers benefit from patent trolls:

“The losers from a world without patent litigation would, in the end, be consumers,” said Haber. Inventors won’t innovate unless they can ensure they are paid for their invention, he argued.
He may argue that, but he's wrong. Like, really wrong. Actual research shows that the leading reasons for innovating have absolutely nothing to do with patents. Rather, people and companies tend to innovate because (1) they need something themselves or (2) they see a need in the market. And the "ensure they are paid for their invention" makes no sense. If they have an invention people want, then they can sell that product and make money that way. You don't need patents for that. Yes, some others may enter the market as well, but that's called competition, and that's a good thing.

Amazingly, if you look at Stephen Haber's official bio, you'd think he'd know this. After all, it says:
Haber has spent his academic life investigating the political institutions and economic policies that delay innovation and improvements in living standards. Much of that work has focused on how regulatory and supervisory agencies are often used by incumbent firms to stifle competition, thereby curtailing economic opportunities and slowing technological progress.
Regulatory agencies used by incumbent firms to stifle competition is basically the definition of the patent system. Yet, instead, Haber has been spending the last few years preaching the wonders of patent trolling, insisting that lots of litigation is just fine and that there's no evidence that it's harming consumers. That's ridiculous. Tons of studies have shown the massive costs of patent trolling on innovation.

Having a Stanford professor spout such nonsense reflects incredibly poorly on Stanford.

42 Comments | Leave a Comment..

Posted on Techdirt - 5 October 2015 @ 9:29am

US Intelligence Community's Cavalier Attitude Towards OPM Hack

from the that-old-thing... dept

We've obviously written a few times now about the big OPM hack that was revealed a few months ago, in which it appears that hackers (everyone's blaming China for this) were able to get in and access tons of very, very private records of current and former government employees -- apparently including tons of SF-86 forms. Those forms are required to be filled out for anyone in a national security job in the government, and it basically requires you to 'fess up to anything you've ever done that might, at some point, reflect badly on you. The basic idea behind it is that if you've already admitted to everything, then it makes it much harder for anyone to somehow blackmail you into revealing US national security secrets. But, of course, that also makes those documents pretty damn sensitive. And, by now of course you've heard that the Office of Personnel Management was woefully unprepared to properly protect such sensitive data.

Two recent statements made by top intelligence community leaders again should raise questions about why these guys have been put in charge of "defending" against computer attacks. First up, we have the head of the NSA, Admiral Mike Rogers. Back in August, we noted that Senator Ron Wyden had asked the National Counterintelligence and Security Center (NCSC) if it had even considered the OPM databases "as a counterintelligence vulnerability" prior to these attacks. In short: did the national security community who was in charge of protecting computer systems even realize this was a target. As Marcy Wheeler pointed out last month, Admiral Rogers more or less admitted that the answer was no:

After the intrusion, “as we started more broadly to realize the implications of OPM, to be quite honest, we were starting to work with OPM about how could we apply DOD capability, if that is what you require,” Rogers said at an invitation-only Wilson Center event, referring to his role leading CYBERCOM.

NSA, meanwhile, provided “a significant amount of people and expertise to OPM to try to help them identify what had happened, how it happened and how we should structure the network for the future,” Rogers added.
In other words, the guy who is literally in charge of the "US Cybercommand" organization that is supposed to protect us from computer-based attacks didn't realize until after the hack that this might be a relevant target.

Then, fast forward to last week, where Rogers' boss, Director of National Intelligence James Clapper, testified at a Congressional hearing about the hack. After admitting that CIA employees had to be quickly evacuated from China after the hack, he more or less said that the US shouldn't retaliate, because this was "just espionage" and that the US has basically done the same thing back to them. At least that's the implication of his "wink wink, nod nod" statement to the Senators:
Director of National Intelligence James R. Clapper Jr., testifying before the Senate Armed Services Committee, sought to make a distinction between the OPM hacks and cybertheft of U.S. companies’ secrets to benefit another country’s industry. What happened in OPM case, “as egregious as it was,” Clapper said, was not an attack: “Rather, it would be a form of theft or espionage.”

And, he said, “We, too, practice cyberespionage and . . . we’re not bad at it.” He suggested that the United States would not be wise to seek to punish another country for something its own intelligence services do. “I think it’s a good idea to at least think about the old saw about people who live in glass houses shouldn’t throw rocks.”
Now, he's actually making a totally valid point concerning what the US's response should be. Escalating this issue by hitting back at China isn't going to help anything. Rather, of course, the US government should have done a much better job protecting the information in the first place.

But when you look at these statements together, it shows the somewhat cavalier attitude of the US intelligence community towards actually protecting key US assets. And that's because the US intelligence community is -- as Clapper basically admits -- much more focused on hacking into other countries' systems. For a while now, people have questioned why the NSA should be handling both the offensive and defensive "cybersecurity" programs. The theory has long been that because the NSA is so damn good at the offensive side, it's better positioned to understand the risks and challenges on the defensive side. Yet, given that the NSA's overall mission is so focused on breaking into other systems, it seems that whenever the two conflict, the offensive side wins out and less is done to protect us. The simple fact that the US intelligence community is basically admitting that we do exactly these kinds of attacks on China, yet never considered the same might be done to us, should raise pretty serious questions about why we let the intelligence community handle protecting us against such intrusions in the first place.

17 Comments | Leave a Comment..

Posted on Techdirt - 5 October 2015 @ 8:20am

After Pulling An All-Nighter, Negotiators Finish TPP; But Don't Expect To See The Text For A While

from the wait-and-wait-and-wait-and-wait dept

After negotiators failed to complete negotiations on the Trans Pacific Partnership (TPP) agreement a few months ago in Maui, there was some concern as to whether or not they'd ever be able to finish the agreement. They called a special negotiating session in Atlanta that began last week, and was supposed to last just a few days to "iron out the details." Except that got extended. And then extended again. And after promises of an announcement last night, they apparently brought in boxes of pizza and told reporters they were going to pull an all nighter to complete the agreement.

Because, of course, when trying to complete an agreement that could reshape global norms on investment, regulations, intellectual property and a little bit of trade... staying up all night sounds like a grand idea.

And just like you after staying up all night before your college finals, negotiators think that this all-nighter worked. This morning they announced a final deal.

But also that it won't be public for maybe a month or so. And then there will be some debate over it, but thanks to Congress caving in on fast track authority, Congress has almost no ability to point out flaws in the agreement. They can only give it a clean yes or no vote. In the announcement, negotiators (not surprisingly) played up all the tariffs that will be wiped out by this agreement. That's the one part that I'm fine with. Trade tariffs are a mostly bad idea, and getting rid of them is fine. But the TPP is not about trade. That's just a pretext.

The key parts are really about regulations and investment. Indeed, two of the big sticking points concerning patent-like exclusive rights on certain new pharmaceutical compounds ("biologics"), where the US was pushing for at least 12-year exclusivity periods to drive up the price of drugs around the globe, while Australia and other countries were pushing for five years. It sounds like there was a compromise that allows for a range from five to eight years, but, again, who the hell knows until we see the details. At the press conference, negotiators refused to give any details, other than suggesting they came up with text that pretends to satisfy everyone. That is, officially it's five years but there are "other regulations" that bring things closer to the US's demanded 12 years. Another point of contention was on the infamous corporate sovereignty provision, officially called "investor state dispute settlement" (ISDS), which is a boring sounding name for saying that foreign companies can take entire countries to special tribunals if they feel that new regulations in those countries negatively impact profits. These tribunals are a joke and put corporate interests over sovereign country interests.

The one real "compromise" here is that the agreement apparently excludes tobacco companies. As we've noted a few times in the past, tobacco companies have used these corporate sovereignty provisions in other trade agreements to sue countries that pass anti-smoking laws of any kind. Last year, the US floated this compromise idea, that if tobacco companies were excluded, the rest of ISDS would remain in place. And it sounds like that's what happened.

Either way, at some point the final text will be revealed and then there will be lots of shouting and screaming, but rest assured that the USTR and the Obama administration are going to fight like crazy to get this approved, because they (very stupidly) see this as part of Obama's "legacy." The compromises may make things a bit more difficult, because the compromises on pharmaceuticals and tobacco will piss off two of the biggest lobbyists in support of the agreement.

From the sound of things, the rest of the intellectual property chapter hasn't changed much since the May version leaked. It's unclear if the USTR ever did push for clearer fair use provisions as was rumored. Chances are they're not in there, but, again, we won't know for a bit, because... "secret trade deal."

And, really, the most sickening part in all of this, beyond the efforts to increase drug prices globally, beyond the efforts to extend copyright terms, beyond the efforts to limit fair use, beyond the efforts to give companies corporate sovereignty over nations... is the ridiculous willingness of the US government to look the other way on human trafficking/slave labor. As you may recall, part of the fast track authority was that this agreement could not include countries designated as human trafficking hot spots. Malaysia, one of the negotiating countries was included in that list. But, no problem, the State Department, for purely political purposes, upgraded Malaysia, even though the country has shown no improvement at all, and just two months earlier police had found 139 mass graves found along a path where migrant workers had been trafficked.

What a "legacy" for President Obama: "compromising" in a way that helps big companies sue countries that pass bad legislation, drive up the price of drugs, decrease access to culture... and look the other way on human trafficking. And now it's a "done" deal.

48 Comments | Leave a Comment..

Posted on Techdirt - 5 October 2015 @ 6:56am

Paramount Pictures Thinks A Discussion Of GhostVPN Is Really A Pirate Link To The Movie Ghost

from the dmca-all-the-things!! dept

As you may remember, Viacom once sued YouTube for $1 billion dollars over video clips on the site. Right before the case was set to start, Viacom had to scramble and remove some of the alleged infringements from the complaints, because the company realized that Viacom employees had uploaded the clips as part of their marketing campaign. Suing YouTube over clips that you yourself uploaded is not a good look, and it's a big part of the reason why Viacom's arguments fell flat in court. Viacom owns Paramount Pictures, and it would appear that the "level of care" that the company takes in sending DMCA notices has not improved much over the years.

Torrentfreak has the latest round of ridiculously bad DMCA takedown notices coming from a major Hollywood studio. Whereas in the old days, we'd see takedowns occur based on a single word, it appears that here, Paramount has upgraded its auto-censorbot to use two words. Here it appears that anything that is vaguely associated with a movie, plus the word "utorrent" must automatically be wiped from the internet. Take, for example, this conversation on the utorrent forums about how to configure Cyberghost VPN. It's all pretty innocuous, but Paramount Pictures apparently hired one of these fly-by-night censorship outfits by the name of IP-Echelon to take it down, because clearly any use of the word "Ghost" and "utorrent" must be infringing -- even when "ghost" isn't even written out as a separate word.

The Torrentfreak article has a number of similar situations, including one where someone said "imagine that" in a comment, and another where someone used the word "clueless" and Paramount/IP-Echelon insisted they were linking to infringing copies of the movies "Imagine That" and "Clueless." But that's clueless.

And, yes, it's certain that many of the other links in these notices were to actually infringing files. But just because you legitimately take down some links, it doesn't excuse trying to censor perfectly legitimate content.

41 Comments | Leave a Comment..

More posts from Mike Masnick >>