Mike Masnick’s Techdirt Profile


About Mike MasnickTechdirt Insider

Mike is the founder and CEO of Floor64 and editor of the Techdirt blog.

He can be found on Twitter at http://www.twitter.com/mmasnick

Posted on Techdirt - 2 September 2015 @ 2:03pm

China Forces Developers Of Great Wall Circumvention Tools To Delete Their Software

from the no-programming-for-you dept

Danny O'Brien, over at the EFF's Deeplinks blog, has the story of how it appears China is pressuring the developers of tools for circumventing the Great Firewall of China to shut down their repositories and no longer offer the code. Two separate, non-commercial, developers of circumvention tools have quietly gone dark recently:

The maintainer of GoAgent, one of China's more popular censorship circumvention tools emptied out the project's main source code repositories on Tuesday. Phus Lu, the developer, renamed the repository’s description to “Everything that has a beginning has an end”. Phus Lu’s Twitter account's historywas also deleted, except for a single tweet that linked to a Chinese translation of Alexander Solzhenitsyn’s “Live Not By Lies”. That essay was originally published in 1974 on the day of the Russian dissident’s arrest for treason.

We can guess what caused Phus Lu to erase over four years’ work on an extremely popular program from the brief comments of another Chinese anti-censorship programmer, Clowwindy. Clowwindy was the chief developer of ShadowSocks, another tool that circumvented the Great Firewall of China by creating an encrypted tunnel between a simple server and a portable client. Clowwindy also deleted his or her Github repositories last week. In a comment on the now empty Github archive Clowwindy wrote in English:

Two days ago the police came to me and wanted me to stop working on this. Today they asked me to delete all the code from Github. I have no choice but to obey.

The author deleted that comment too shortly afterwards.

As you may recall, back in March, China launched a massive DDoS attack on Github, targeting another tool for getting around the Great Firewall, called Greatfire. It seems equally notable that in the last week, there was another big DDoS attempt on Github.

While it may not be surprising at all that China is looking to stop tools that allow people to get past the censorship wall that the Chinese government itself has created, it still is worrisome:

Chinese law has long forbidden the selling of telecommunication services that bypass the Great Firewall of China, as well as the creation or distribution of “harmful information”. Until recently, however, the authorities have not targeted the authors of non-commercial circumvention software, nor its users. Human Rights in China, a Chinese rights advocacy and research organization, told EFF that, based on its preliminary review, VPNs and circumvention software is not specifically prohibited under Chinese law. While the state interferes with people's ability to use such software, it has not outlawed the software itself.

In November, Phus Lu wrote a public declaration to clarify this point. In the statement, he stated that he has received no money to develop GoAgent, provided no circumvention service, nor asserted any political view.

As O'Brien notes, this is a reminder that code is speech -- and government intimidation to shut down code is a form of repressing speech. Though, as with many attempts to censor, it seems like this is more for show than actual impact:
It’s also as ultimately futile: while the Chinese authorities have chosen to target and disrupt two centralised stores of code, thousand of forked copies of the same software exist—both on other accounts on Github and in private copies around the Net. ShadowSocks and GoAgent represent hours of creative work for their authors, but the principle behind them is reproducible by many other coders. The Great Firewall may be growing more sophisticated in detecting and blocking new circumvention systems, but even as it does so, so new code blossoms.

Meanwhile the intimidation of programmers remains a violation of the human rights of the coder—and a blow to the rights of everyone who relies on their creativity to exercise their own rights.

8 Comments | Leave a Comment..

Posted on Case Studies - 2 September 2015 @ 12:47pm

Content Creator Of The Month: Realm Pictures Explores New Ways To Tell Stories Online

from the amazingly-amazing dept

Content Creator of the Month is a new project from the Copia Institute that we'll also be highlighting here. Each month, we'll profile a new content creator who is doing interesting and compelling things, often using the internet in innovative and powerful ways. Here is the very first installment...

A few weeks ago, a couple of friends friends were tweeting about an incredible new YouTube video in which some people created a "real life first-person shooter" and hooked it up to Chatroulette, Skype and Omegle. Random people on the services were transported into this game, which they controlled with their voice. If you haven't watched it, find ten minutes to check it out (or just 5 if you speed up YouTube to 2x speed). It is incredibly detailed, and awesome beyond words:

My first reaction was to marvel at how much effort must have gone into setting all of this up. I had initially assumed the "game" couldn't go very far beyond the tiny room where it started — but it goes much, much further. My second thought was about how hard it must have been to coordinate all the sounds, effects and movements (even while recognizing that the final version is cut together from the takes that "worked"). Thankfully, the people behind it — Realm Picturesalso put together a behind the scenes video that reveals the inner workings (and doesn't make the original any less magical):
I started looking into the team, and realized I actually knew a bit about them, as this is hardly the first time that Realm Pictures has done cool stuff online. Years back, while based out of their home in Devon in the UK, these guys filmed their very own zombie flick called Zomblies, which they posted for free on YouTube. For a bunch of "amateurs" (at the time), the production value is amazing -- they even got someone to donate time in a helicopter, allowing them to film aerial shots. But there's another important piece of the story: while they were making the film, Realm Pictures was also using the internet to build up a community of people who were interested in the process, with their daily blog about the work acquiring a big following.

David Reynolds, the founder and creative director of Realm Pictures (and the voice in the first person shooter above), told me that "building a community has always been instrumental to both our process and our success with projects thus far." The community has followed them from project to project, such as the team's next giant undertaking The Underwater Realm, a series of five short films with large segments taking place underwater — an incredible challenge for any filmmaker, let alone relatively inexperienced independents. The team originally tried to use wires and a green screen, but realized it just wasn't realistic enough. Eventually someone donated a special casing for a camera, allowing them to actually film underwater (mostly in a local public swimming pool). Here's the first of those films (and they also have a behind the scenes video):
In order to make that movie, they also embraced another useful online tool, Kickstarter, to cover some of the production costs, eventually raising over $100,000 (they had sought $60,000). While Reynolds is supportive of crowdfunding, he does worry that it may be peaking, and that "the bubble is beginning to burst, as now it seems that everybody and his dog has a Kickstarter campaign."

One of the things that struck me personally about Realm Pictures is their ability to create visually amazing narrative film projects on relatively small budgets. For many years we've been debating the question of "the $200 million movie," in which traditional Hollywood studios keep asking how they can continue to make movies that require such huge budgets if people are unwilling to pay to watch them. And yet, as we've seen over and over again, technology and basic creativity are enabling the creation of incredible movies for a lot less. Much of Realm Pictures' work shows how that's possible. Still, Reynolds has talked in the past (notably in an interview with Kevin Smith) about being interested in doing a much bigger, Hollywood studio-funded version of Underwater Realm, which he estimates will cost somewhere in that $200 million range. So far, studios haven't been willing to pony up — but Reynolds insists there are lots of fun projects the company will be working on, even as they hope they'll one day be able to create that underwater epic.

Throughout these projects there's a strong thread: building a community and bringing it along for the ride. Reynolds tells me this is very important to how they've been able to succeed and, at the same time, give back to those who have supported them:
It is a practice we hope will always continue through our career, and at the same time give back to the community which has supported us by giving back in the form of a transparent insight into our work and things like the free tutorials we have released on our YouTube channel.
Reynolds points out that, in the end, none of this matters if the content isn't great, and that's always been the key: create great content for your community. Without that, the community won't last either. This is the combination that we've seen work for so many successful creators today. Creating great content is always at the core, and building up a loyal community around it helps spread that content and open new doors.

In terms of this latest video, which went viral super fast (I first saw it when it had about 3,000 views, but now it has over 7 million), Reynolds says it was just a fun project that they did in a weekend, with "one practice run, with a member of our team on a Skype call... to check that the system was working, and then straight into finding strangers on the internet." They ended up doing about 50 runs, with the few players who completed the whole "level" taking about 20 minutes. This is one of the first really "interactive" film experiences I've seen where the interactivity fits right in and doesn't feel forced (though of course now everyone is just watching instead of playing — but watching how others interact still feels kind of interactive). Reynolds points out that they're really just taking what makes video games so engaging, and moving it to video.

Oh, and Reynolds also notes that they're now working on level two of the game, so stay tuned (and maybe start using Chatroulette, if you want to play!)

You can read below for my whole interview with Dave Reynolds of Realm Pictures, our very first Content Creator of the Month.

Read More | 8 Comments | Leave a Comment..

Posted on Techdirt - 2 September 2015 @ 11:45am

Secret Service Agent Who Pleaded Guilty To Stealing Bitcoin From Silk Road Trying To Change His Name

from the flight-risk-or-concerned-about-opm-hack dept

Back in March, an absolutely crazy story came out about two members of the Baltimore-based law enforcement team that were trying to track down Dread Pirate Roberts who was behind the original Silk Road. An FBI team out of NY beat the Baltimore DEA/Secret Service team to finding Ross Ulbricht, leading to a weird situation in which, hours later, the Baltimore folks filed their own indictment with somewhat different charges, including a trumped up fake murder of a former Silk Road employee, that was supposedly "carried out" by an undercover agent, later revealed to be DEA agent Carl Force, who Ulbricht contacted for help. The story was crazy and cinematic, but apparently that wasn't even half of it, because the story in March revealed that two members of the Baltimore team, including Force, had stolen hundreds of thousands of dollars from Silk Road. It also revealed that the "murder for hire" plot against the ex-employee only happened after the Secret Service agent, Sean Bridges, stole Bitcoin from Silk Road, leading Ulbricht to think that it was the former employee, Curtis Green.

So, yes, you had a DEA agent, Carl Force, who was already moonlighting for a Bitcoin company, and who used his position as a DEA agent to steal a bunch of money from a customer of that Bitcoin company, befriending Ross Ulbricht of Silk Road while supposedly "investigating" him. Then, you had a colleague of Force's, the Secret Service agent Bridges, go and steal a bunch of Bitcoin from Silk Road immediately following the arrest of Curtis Green, one of Ulbricht's top lieutenants. Green revealed his admin login, and Bridges just went in and took a ton of money. Ulbricht then contacted Force, to help him kill Green, because Ulbricht believed that Green had stolen the money that Bridges had actually stolen. It's so complicated it feels like it needs a graphic to explain it all, but even that might be too confusing.

Either way, earlier this summer, Force pleaded guilty, and earlier this week Bridges also pleaded guilty. In both cases, some interesting additional information came out. With Force, it was that, prior to his own arrest, he'd apparently sold the rights to his story of tracking down Ulbricht to Fox for $240,000. As the government pointed out, this was a conflict of interest (you think?).

With Bridges, it's that he had been attempting to change his name and social security number, leading the judge to wonder if he was a flight risk. According to Joe Mullin at Ars Technica:

Before the proceeding ended, prosecutor Katherine Haun mentioned that the government had just received information that gave them concerns that Bridges could be a flight risk.

"The defendant had been actively trying to change his name and social security number in the state of Maryland," she told the judge. "That's very concerning."

According to Hahn, Bridges had tried to change his last name to be the same as his wife's last name and change his first name to "a very odd name." She also noted that Bridges had handed over four firearms after he was charged, and if he changed his name he could again be able to acquire weapons.
Bridges' lawyer came up with an excuse that is so ridiculous that it literally made me laugh out loud. Bridges wasn't trying to change his first name, last name and social security in order to disappear from the law, or to avoid the reputational harm of being known as a former Secret Service agent who stole hundreds of thousands of dollars from an operation he was investigating... but because he was so, so worried about the recent OPM hack of government employee files. Bridges, of course, was a government employee:
Bridges' lawyer said his client's name change attempts had been a response to concerns about identity theft following the widely reported hacking into US federal government personnel files.

"Those of who work in the federal government have to deal with that," said Seeborg. "When you're concerned with flight risk, activity of this kind sends up a lot of red flags. I’m not surprised they’re bringing this to my attention."
Somehow, among the millions of others concerned about the OPM hack, you don't hear too many stories about them trying to change their first and last names along with their social security number...

11 Comments | Leave a Comment..

Posted on Techdirt - 2 September 2015 @ 9:28am

Movie Studio & Copyright Troll Claim 'Mere Possession' Of Popcorn Time Is Illegal And Could Result In A Year In Jail

from the nutty-copyright-trolling-theories dept

Meet Carl Crowell. Willamette Week recently ran a profile on his copyright trolling practice, based out of Oregon. Unlike copyright trolls like Malibu Media and Prenda Law, who focused on porn, Crowell has tried to cultivate a copyright trolling client list straight out of Hollywood -- which is how he ended up as the copyright trolling lawyer working for Voltage Pictures on the Dallas Buyers Club trolling efforts in Oregon. You may remember those, because he was the apparent mastermind behind the attempt to abuse trademark law to go after people in Oregon. As we noted at the time, the trademark claims were ridiculous, and clearly seemed to be an attempt to look for a more friendly state court, rather than having to go into federal court with the copyright claims.

Crowell, it appears, has other bizarre legal theories in his copyright trolling bag of tricks -- and now he's testing them out on Popcorn Time users. As you may have heard, a few weeks ago, the makers of the total flop movie, The Cobbler, with Adam Sandler (9% fresh rating on Rotten Tomatoes -- sample reviews include "grindingly dull" and "ill-conceived curio"), decided to sue a bunch of Popcorn Time users for watching the film. And, you may have heard that a very similar lawsuit was filed this week, targeting Popcorn Time users for watching another flop of a film, Survivor, starring Pierce Brosnan (8% fresh rating on Rotten Tomatoes -- with one review stating "there's a reason you probably never heard of it.").

Crowell is the lawyer behind both lawsuits, and while everyone is pretty much focused on the "ooh, they're suing Popcorn Time users" aspect of it, the lawsuits have some absolutely insanely ridiculous claims, beyond just copyright infringement -- including trying to argue that mere possession of Popcorn Time is a criminal act under an Oregon state law barring the possession of "burglary tools." From the lawsuit:

The mere possession of a software program like Popcorn Time is the type of conduct that the State of Oregon has criminalized in ORS 164.235, which reads in part:
164.235 Possession of a burglary tool or theft device. (1) A person commits the crime of possession of a burglary tool or theft device if the person possesses a burglary tool or theft device and the person:
(a) Intends to use the tool or device to commit or facilitate … a theft by a physical taking; or
(b) Knows that another person intends to use the tool or device to commit or facilitate a … theft by a physical taking.
(2) For purposes of this section, “burglary tool or theft device” means … [any] instrument or other article adapted or designed for committing or facilitating a … theft by a physical taking.
(3) Possession of a burglary tool or theft device is a Class A misdemeanor.
It is acknowledged that the transfer of data, storing of the physical data locally on a hard drive and facilitation and redistribution of the stolen data to others may or may not be a “physical taking” under Oregon law.

Whether or not the mere possession and use of Popcorn Time is a Class A misdemeanor under Oregon Law and punishable by up to one year in jail (ORS 161.615(1)) and a fine of $6,250.00 (ORS 161.635(1)(a)) may be argued.
It's one thing to bury this deep within your legal filing (even though the actual claim for relief is only on copyright infringement). It's another to scream this bit of simply wrong legal theory in a press release. But, that's apparently what Dimiter Nikolov of the studio behind the total flop of a movie, Survivor, is announcing in the press release, reiterating the wacky legal theory Crowell shoved into the end of both of the Popcorn Time lawsuits filed so far:
"The mere possession of a software program like Popcorn Time is akin to the type of conduct that the State of Oregon has criminalized in ORS 164.235, which deems the possession and/or use of a burglary tool or theft device as a Class A misdemeanor," says Dimiter Nikolov, Vice President of Business & Legal Affairs at Nu Image, Inc. "It is our belief that the transfer of data, storing of physical data locally on a hard drive and facilitation and redistribution of stolen data to others should be considered a 'physical taking' under Oregon law and we felt compelled to take this opportunity to fight back and ensure that those who choose to engage in this type of behavior face real repercussions, just as a person would if they shoplifted a DVD or other physical consumer product from a retailer."
In case you're wondering, this "legal theory" is completely bullshit. First of all, copyright infringement is not theft (even if the lawsuits pretend the two are interchangeable). So the Oregon law doesn't even come close to applying. Second, even if, in some twisted way a judge considered copyright infringement to be theft, it still wouldn't matter, because 17 USC 301, which defines copyright preemption, makes it clear that federal copyright law "preempts" any state law attempts to create state level copyright laws.

Given that, and the fact that the actual claims in the lawsuit focus solely on the federal copyright claims, it makes you wonder what game Crowell and Nu Image are playing with this completely laughable legal theory. Do they really think that lying about the law will magically get people to pay for their crappy movies? Maybe, instead of inventing bogus legal theories, they should invest in making better movies.

Read More | 65 Comments | Leave a Comment..

Posted on Techdirt - 2 September 2015 @ 8:12am

Vice News Employees Charged With Terrorism In Turkey... Because They Used Encryption

from the insanity-rules dept

If you thought US law enforcement's freakout about "going dark" due to encryption was insane, leave it to Turkey to take the insanity to new levels. Two journalists and a "fixer" working for Vice News in Turkey were arrested and charged with "engaging in terrorist activity" because they used the same encryption tools that ISIS uses. Really.

Three staff members from Vice News were charged with "engaging in terrorist activity" because one of the men was using an encryption system on his personal computer which is often used by the Islamic State of Iraq and the Levant (ISIL), a senior press official in the Turkish government has told Al Jazeera.


The Turkish official, who spoke on condition of anonymity, told Al Jazeera: "The main issue seems to be that the fixer uses a complex encryption system on his personal computer that a lot of ISIL militants also utilise for strategic communications."
In the article, some point out that this may really just be about scaring journalists away from the area, though it may also serve a double purpose of scaring more people away from using encryption. Just the idea that using encryption is seen as "suspicious" is already ridiculous, but to be charged with terrorism solely because you encrypt your messages is utter insanity.

19 Comments | Leave a Comment..

Posted on Techdirt - 1 September 2015 @ 3:34pm

Facebook Announces Its ContentID Attempt... Using Audible Magic

from the because-of-course dept

A few weeks ago we noted that it appeared that Facebook was building its own ContentID system to try to takedown videos copied from elsewhere... and voila, here it is. Facebook has now announced its new system, which is powered by AudibleMagic -- the same company that powers every other such system that is not Google's ContentID. Audible Magic is the "default." It's basically the "buying IBM" of content/copyright filtering. And it tends to be pretty bad. Facebook notes that its videos are already run through Audible Magic and that has basically done nothing. So they're "working with Audible Magic to enhance the way the system works."

We'll see what that means in practice, but I expect there will be plenty of false positives and complaints about people's perfectly legitimate videos getting taken down. But, that's what happens when you live in a world where people censor first and ask questions later. Even worse, it appears that some of the new tools will only be available to a special class of Facebook users:

To this end, we have been building new video matching technology that will be available to a subset of creators. This technology is tailored to our platform, and will allow these creators to identify matches of their videos on Facebook across Pages, profiles, groups, and geographies. Our matching tool will evaluate millions of video uploads quickly and accurately, and when matches are surfaced, publishers will be able to report them to us for removal.

We will soon begin testing the beta version of this matching technology with a small group of partners, including media companies, multi-channel networks and individual video creators.
It's clear why Facebook is doing this, but it seems that following Google down this path is a pretty weak solution, rather than building something better, that doesn't take a "censor first" approach to things.

41 Comments | Leave a Comment..

Posted on Techdirt - 1 September 2015 @ 2:00pm

West Point Prof Who Called For Killing Of Academics Opposed To US Terror War Resigns

from the poe's-law,-the-dissertation dept

Over the weekend, Spencer Ackerman published a fairly incredible story about a newly appointed West Point professor, William Bradford, who had written a paper, published in the National Security Law Journal, entitled Trahison Des Professeurs, in which he argues (among other things) that US academics who oppose current US anti-terror policy should themselves be targets for killing as a "fifth column."

In a lengthy academic paper, the professor, William C Bradford, proposes to threaten “Islamic holy sites” as part of a war against undifferentiated Islamic radicalism. That war ought to be prosecuted vigorously, he wrote, “even if it means great destruction, innumerable enemy casualties, and civilian collateral damage”.

Other “lawful targets” for the US military in its war on terrorism, Bradford argues, include “law school facilities, scholars’ home offices and media outlets where they give interviews” – all civilian areas, but places where a “causal connection between the content disseminated and Islamist crimes incited” exist.

“Shocking and extreme as this option might seem, [dissenting] scholars, and the law schools that employ them, are – at least in theory – targetable so long as attacks are proportional, distinguish noncombatants from combatants, employ nonprohibited weapons, and contribute to the defeat of Islamism,” Bradford wrote.
The full text in that section is even worse than it sounds above. This is the rare case where putting things back into context makes it even crazier. It flat out argues that legal scholars who disagree with official US policy should be classified as "unlawful combatants." He first describes scholars who disagree with US policy as "CLOACA" standing for "critical law of armed conflict academy" and then this:
Treat CLOACA Scholars as Unlawful Combatants

CLOACA scholarship and advocacy that attenuates U.S. arms and undermines American will are PSYOPs, which are combatant acts. Consequently, if these acts are colorable as propaganda inciting others to war crimes, such acts are prosecutable. CLOACA members are thus combatants who, like all other combatants, can be targeted at any time and place and captured and detained until termination of hostilities. As unlawful combatants for failure to wear the distinctive insignia of a party, CLOACA propagandists are subject to coercive interrogation, trial, and imprisonment. Further, the infrastructure used to create and disseminate CLOACA propaganda—law school facilities, scholars’ home offices, and media outlets where they give interviews—are also lawful targets given the causal connection between the content disseminated and Islamist crimes incited. Shocking and extreme as this option might seem, CLOACA scholars, and the law schools that employ them, are—at least in theory—targetable so long as attacks are proportional, distinguish noncombatants from combatants, employ nonprohibited weapons, and contribute to the defeat of Islamism.
Later in the piece he hits back on the expected criticism that this would be seen as an attack on academic freedom. Not at all, he insists:
This critique profoundly misrepresents academic freedom, which is not a sacrosanct right but a social contract in which the academic agrees to search diligently for and weigh all relevant information, specify assumptions, examine competing theories, and acknowledge epistemological and methodological limitations mitigating the strength of conclusions. In exchange, the people repose trust in, and grant continued employment to, the scholar, regardless of the destination(s) to which his search for truth leads. Academic freedom carries with it a “moral obligation to seek the facts without prejudice and to spread knowledge without malicious intent;” it is not a blanket grant of immunity from the consequences of politicized “scholarship” but a contractual license conferring the “freedom to say that two plus two make four.” Scholars who insist, in thrall to a hostile ideology, that two plus two make five are precluded from searching for truth. Just as Cold War Communist Party membership entailed uncritical repetition of Party dogma, calling into doubt whether professor-members were fit for their positions, so, too, does scholarship in which two plus two make five, and five benefits Islamists, suggests CLOACA should be evicted from the bunker of academic freedom.
In short: academic freedom means you are free to explore any topic, so long as the end result agrees with US policy, which is the undeniable "truth" like 2 plus 2. Anything else is heresy, aiding the enemy and punishable by death from above.

Basically "anything goes" so long as it's in the service of going after people Bradford doesn't like. It's "Poe's Law -- the dissertation."

Ackerman's story pointed out that Bradford, who only just started working at West Point, has a bit of a troubled history of exaggerating his own accomplishments.

In the paper, Bradford identifies himself as an “associate professor of law, national security and strategy, National Defense University”, seemingly his previous job before West Point. But a representative of the National Defense University said Bradford was a contractor at the prestigious Defense Department-run institution, “never an NDU employee nor an NDU professor”.

It appears not to be the first time Bradford misrepresented his credentials. He resigned from Indiana University’s law school in 2005 after his military record showed he had exaggerated his service. (Among his paper’s criticisms of supposedly treasonous lawyers is “intellectual dishonesty”.)

This all came out when the National Security Law Journal itself, a publication of George Mason University, put out a public apology for publishing the article in the first place:
As the incoming Editorial Board, we want to address concerns regarding Mr. Bradford’s contention that some scholars in legal academia could be considered as constituting a fifth column in the war against terror; his interpretation is that those scholars could be targeted as unlawful combatants. The substance of Mr. Bradford’s article cannot fairly be considered apart from the egregious breach of professional decorum that it exhibits. We cannot “unpublish” it, of course, but we can and do acknowledge that the article was not presentable for publication when we published it, and that we therefore repudiate it with sincere apologies to our readers.
The Journal also published a response from Jeremy Rabkin, the well known law professor at George Mason, who lit into those who decided to publish the paper in the first place:
In the Foreword to this issue of the journal, last year’s Editor-in-Chief does acknowledge that this new issue “will not be without controversy” and may be “discomforting at times.” The editor then offers the “hope” that “the diverse ideas you read here – even if you disagree – will prompt you to think and respond.” That doesn’t remotely address the problem.

When an article proposes to arrest law professors and bomb law schools and nearby TV studios, it’s not engaging in “controversy,” but slipping into an alternate universe. It’s not “discomforting.” It is bonkers. The journal could not reasonably have expected readers to “respond” – unless to ask, “Are you out of your minds?”
Given all this, it's not surprising that within a day of press attention being called to this whole thing, Bradford resigned from West Point, though it still calls into question why he was hired in the first place, seeing as the article itself was published long before he started at West Point. The article further notes that Bradford had previously lost academic positions for exaggerating his credentials (though he blamed it on those darn "liberal professors" trying to oust him), and also claims that he had some odd classroom behavior choices:
A former student who wished to remain anonymous said Bradford’s behavior included “doing push-ups in class [and] making students stand and give answers in a military-like manner”.

Bradford, the former student said, ended up leaving his class – and ultimately the college – without grading the final exam.
I imagine this latest shaming will also be spun into a story about how a "fifth column" of people who hate the US are really out to get Bradford. Frankly, I can't wait to see him try to spin this as an attack on his academic freedom, though someone could just quote his own words right back to him: "Academic freedom carries with it a “moral obligation to seek the facts without prejudice and to spread knowledge without malicious intent." Arguing for killing those who disagree with you seems, to me, to be a form of "malicious intent."

84 Comments | Leave a Comment..

Posted on Techdirt - 1 September 2015 @ 7:06am

FTC CTO: Full Disk Encryption Is Important In Preventing Crime

from the taking-a-stand dept

While the FBI and NSA continue their campaign to fight against allowing encryption for devices, it's clear that not everyone in the government agrees. It does appear that there's a bit of a fight going on within the administration over where to come down (as President Obama himself admitted), and in a recent blog post, it seems pretty clear where the FTC comes down in this debate. The FTC's CTO, Ashkan Soltani, who has long been a strong user-privacy advocate (and before joining the FTC helped in some of the reporting on the Snowden documents), wrote the blog post celebrating the virtues of full disk encryption and other "end user device controls." It starts out by noting that when he recently lost his own laptop, he wasn't that worried, thanks to the fact that it was encrypted.

Strong end-user privacy and security controls, such as device encryption and firmware passwords, not only protect personal information from unwanted access – they can also make it easier to recover lost or stolen devices as well.

Last month, I had the misfortune of having a personal laptop stolen.

Fortunately for me, while I was a bit bummed about losing my two-year-old laptop, I backup regularly and always enable disk encryption which is an important step to protect the information stored on the hard-disk from unwanted access by criminals, employers, or other actors (with the exception of very sophisticated adversaries).
He notes that this actually allowed him to help track down the device, because whoever ended up with the "useless" laptop tried to bring it to an Apple Genius Bar, which resulted in Soltani receiving an email.
Fast forward to a few weeks later, when I received an email to my personal account notifying me of an upcoming Apple Genius Bar visit. I was initially confused by the email but soon realized that it's probably the thief (or the undiscerning buyer) of my laptop trying to take it into Apple for repair – likely because they’re unable to use it without knowing the firmware password I set.

I immediately began calling local law enforcement and the nearby Apple stores notifying them of the theft and this development. After a few phone calls and the help of a fantastic Sergeant in the Local Crimes Unit of the Sacramento Police department, I was able to coordinate an agreement whereby Apple would notify law enforcement if the new user brought the machine in for repair. After an initial disappointment on account of the suspect skipping his Genius Bar reservation, a representative from Apple Customer Relations notified me that the device was brought into another store and they were coordinating with Sacramento Police Department to return it to me. I’m unclear as to whether they were able to track down the original thief.
And thus, the FTC's CTO makes it clear that full disk encryption has benefits beyond even just keeping your own data safe:
In the end, strong end-user controls like device encryption and firmware passwords not only protect sensitive info stored on the device, they also prevent criminals from utilizing stolen property. The more devices feature strong end-user controls, the less likely thieves can profit from their theft on the open market.
Given that the FBI is supposed to be interested in preventing crime, you'd think James Comey would support that kind of thing...

36 Comments | Leave a Comment..

Posted on Techdirt - 31 August 2015 @ 1:55pm

As India Goes After Google, A Simple Question: Do You Really Want Governments Deciding Search Results?

from the just-asking dept

Earlier this year, European antitrust authorities went after Google (hours after EU officials announced plans to harm American internet companies to "help" local internet companies). Google just last week responded to the initial claims, saying that "improving quality isn't anti-competitive." Of course, the more detailed response is still private, so we don't know the full extent of what's being discussed. And, now, it appears that India is going after Google based on similar charges, claiming that it somehow leverages its own position in rigging either search results or putting its own services ahead of competitors above the search results.

Based on the responses from 30 businesses spanning search, social networks, ecommerce, travel and content sites, the CCI director-general last week filed a report that accuses Google of abusing its dominant position to rig search outcomes, both the actual search result as well as sponsored links. This marks the first case globally where an antitrust body is formally raising such charges against Google.
It's a bit surprising to see Facebook apparently take part in this effort, because it can't be long until it's receiving similar scrutiny around the globe for its position in the social networking space. The article is a bit confusing, but from it, there seems to be a mishmash of different accusations, some of which are more nutty than others. The key one -- which is at the heart of the claims in the US and in Europe -- is that for certain searchers, Google puts its own services first, before the "organic" search results. So, for example, if you do a search on something local, it would show you Google's local information (built on top of Zagat's info) rather than a competing rating service. Or, it may highlight Google Maps over some competitor.

At least one company, Flipkart, appears to claim that its own "organic" search results depend on how much the company spends on buying ads on the site. Companies make this claim all the time and there has never been the slightest bit of evidence to support those claims. If any such evidence comes out, then that would be a serious issue, and Google should have to answer for it. However, given how frequently it's been shown to be baseless, it seems unlikely that Google is actually polluting its organic search results based on a company's advertising plans (in fact, Google has made it pretty clear that the folks who handle the search algorithm have absolutely no insight into the advertising side of the business).

The claims about Google promoting its own services (maps, local, flights, finance, etc.) over competitors still seems like a weird one. Promoting those so-called "one box" results, is (as the company has claimed) providing more useful services. You can see why other companies may get upset about it, but is there any actual consumer harm? That seems a lot harder to find.

The only argument I've seen that makes any sense at all in all of these accusations is that Google could present better results in its onebox area if it made use of its own internal algorithm (which conceivably could determine that another company's services rank better than Google's). But as we've said in the past about that exact suggestion: even if Google should make that change, it is really the government's job to determine what is "the best" way to present search results?

I have a lot of difficulty believing that bureaucrats in either Brussels or Mumbai are somehow going to have a better idea how to provide the best possible search results for consumers, than the folks at Google who spend all their time working on these issues. Instead, this seems like companies who are upset that they don't rank well enough in Google complaining, because Google is big. If Google is actually shown to be doing something that actively harms consumers, that's one thing. But all of these complaints still seem to rest on companies (not consumers) bitching that they don't like how high they rank in Google. Well guess what? I don't like how Techdirt ranks in Google either, but I don't go running to the government to complain about it.

37 Comments | Leave a Comment..

Posted on Techdirt - 31 August 2015 @ 12:45pm

Moral Panics And How 'The Kids These Days' Adapt: From Facebook 'Permanence' To Snapchat's 'Impermanence'

from the things-change,-people-adapt dept

It is funny to see how some people react to technology changes, almost always assuming that "new" is somehow bad, because it's different. Looking back through historical examples, they often look pretty funny. Last year, we wrote about an old moral panic in the NY Times from 1878 about two Thomas Edison inventions, the phonograph and the aerophone (basically a broadcasting system for the phonograph). It's somewhat hilarious to read these days:

Recently he invented the phone- graph, a machine that catches the lightest whisper of conversation and stores it up, so that at any future time it can be brought out, to the confusion of the original speaker. This machine will eventually destroy all confidence between man and man, and render more dangerous than ever woman's want of confidence in woman. No man can feel sure that wherever he may be there is not a concealed phonograph remorseless gathering up his remarks and ready to reproduce them at some future date. Who will be willing, even in the bosom of his family, to express any but most innocuous and colorless views and what woman when calling on a female friend, and waiting for the latter to make her appearance in the drawing-room, will dare to express her opinion of the wretched taste displayed in the furniture, or the hideous appearance of the family photographs ? In the days of persecution and it was said, though with poetical exaggeration, that the walls had ears.

Thanks to Mr. Edison's perverted ingenuity, this has not only become a literal truth, but every shelf, closet, or floor may now have its concealed phonographic ears. No young man will venture to carry on a private conversation with a young lady, lest he should be filling a secret phonograph with evidence that, in a breach of promise suit, would secure an immediate verdict against him, and our very small-boys will fear to express themselves with childish freedom, lest the phonograph should report them as having used the name of "gosh," or as having to "bust the snoot" of the long-suffering governess.
Beware! And, just a few days ago, someone on Twitter (I fear I can't find the tweet now) pointed me to this story from last year in the Atlantic, highlighting a similar moral panic in the NY Times, twenty years earlier, about this horrible device known as the telegraph. You see, it spreads information so quickly, we'll barely have time to think:
"Superficial, sudden, unsifted, too fast for the truth, must be all telegraphic intelligence. Does it not render the popular mind too fast for the truth? Ten days bring us the mails from Europe. What need is there for the scraps of news in ten minutes? How trivial and paltry is the telegraphic column?"
And, of course, things are little different today when it comes to new technologies. In fact, you could take the quotes above from the 19th Century NY Times and with very few changes, likely have them apply to modern internet services and social media -- and they would be little different from some of the stories that you do see in the press today.

And, just as was true of those two stories above, it turns out that the fearmongering is way off base, and the ability of people to adapt and change grows. Take the fears over Facebook, for example. Just five years ago, in 2010, the NY Times Magazine warned us all about the perils of the internet remembering everything we've ever done, and how you'll never be able to rid yourself of such a "permanent record." It discusses previous moral panics about the privacy impacts of certain technologies, but then pulls out the "but this time, it's different" card.
Technological advances, of course, have often presented new threats to privacy. In 1890, in perhaps the most famous article on privacy ever written, Samuel Warren and Louis Brandeis complained that because of new technology — like the Kodak camera and the tabloid press — “gossip is no longer the resource of the idle and of the vicious but has become a trade.” But the mild society gossip of the Gilded Age pales before the volume of revelations contained in the photos, video and chatter on social-media sites and elsewhere across the Internet. Facebook, which surpassed MySpace in 2008 as the largest social-networking site, now has nearly 500 million members, or 22 percent of all Internet users, who spend more than 500 billion minutes a month on the site. Facebook users share more than 25 billion pieces of content each month (including news stories, blog posts and photos), and the average user creates 70 pieces of content a month. There are more than 100 million registered Twitter users, and the Library of Congress recently announced that it will be acquiring — and permanently storing — the entire archive of public Twitter posts since 2006.
The author, Jeffrey Rosen, declares this a "collective identity crisis":
As social-networking sites expanded, it was no longer quite so easy to have segmented identities: now that so many people use a single platform to post constant status updates and photos about their private and public activities, the idea of a home self, a work self, a family self and a high-school-friends self has become increasingly untenable. In fact, the attempt to maintain different selves often arouses suspicion. Moreover, far from giving us a new sense of control over the face we present to the world, the Internet is shackling us to everything that we have ever said, or that anyone has said about us, making the possibility of digital self-reinvention seem like an ideal from a distant era.

Concern about these developments has intensified this year, as Facebook took steps to make the digital profiles of its users generally more public than private. Last December, the company announced that parts of user profiles that had previously been private — including every user’s friends, relationship status and family relations — would become public and accessible to other users. Then in April, Facebook introduced an interactive system called Open Graph that can share your profile information and friends with the Facebook partner sites you visit.
There are plenty more stories like this. Stories about how difficult it will be for the "Facebook generation" to run for office, given that all their childish antics will be online. Or stories about how people are living too much through their Facebook feeds, rather than just experiencing life.

And yet... people have a way of adapting. Venture capitalist Adam Besvinick, recently noticed that, in talking to recent college grads, they actually were having the opposite experience of what everyone was fretting about just a few years ago. And that's because they all started using Snapchat rather than Facebook for such things:
He later notes that some of those grads are now regretting that they don't have much tangible to hold onto about those memories. And, yes, as I'm sure someone is rushing to point out in the comments, Snapchat's "disappearing" images and videos don't really disappear, and they can (and often are) saved. But many are not. And they go away. And, yes, that's kind of like things were in the past, when people just experienced things, rather than share them all.

But it's important to note that everything adapts. Kids adapt. New services adapt. Societal norms and culture adapt. And things don't turn into some dystopian nightmare that some worry about.

So many people look at these new services and react with outrage because they're different, and because they're different and will create different kinds of experiences, they must be bad. But history has shown that people are pretty damn resilient, and are pretty good at figuring out how to do things in a way that best suits them. And some will fail. And some will make mistakes. But it's hardly a crisis deserving of a moral panic. These things seem to take care of themselves pretty well -- and then people start worrying about the opposite (e.g. not enough permanence) as compared to the original moral panic (e.g. too much permanence).

49 Comments | Leave a Comment..

Posted on Techdirt - 31 August 2015 @ 9:32am

Sony Pictures, Which Hyped Up 'Harm' Of Hack, Now Tells Court No Harm Done To Employees

from the thread-that-needle,-sony... dept

In the wake of the Sony Pictures hack, the company went somewhat ballistic in trying to describe just how "harmful" the hack was. It brought on famed lawyer David Boies to threaten anyone who published any information from the hack, claiming that it was a violation of the First Amendment (yes, it told the media that publishing news was a violation of the First Amendment). The company also (ridiculously) threatened to sue Twitter, claiming that Twitter would be held "responsible for any damage or loss arising from such use or dissemination by Twitter." Thoughout it all, Sony kept arguing that this hack was a complete disaster and incredibly harmful.

However, now, in court, Sony is suddenly forced to tap dance around those claims and argue that there has been no harm at all done to the employees of the company, who have filed a class action lawsuit against Sony Pictures for failing to protect their data. In a filing first highlighted by Eriq Gardner at The Hollywood Reporter, Sony Pictures insists that basically there has been no harm whatsoever and mocks the employees who say otherwise, noting that their "PII" (Personally Identifiable Information) disclosed was not particularly private in the first place.

Plaintiffs’ experiences in the wake of the cyberattack are entirely consistent with the empirical consensus just discussed. To start, the PII disclosed for each Plaintiff varies widely.... For example, Mathis asserts only that her name, SSN, and former (not current) home address were disclosed.... (Even on that score, she appears to be wrong. Plaintiffs cite no evidence that her SSN was disclosed. The sole document they cite... has the SSN of a different Mathis.) For his part, Forster believes an array of his PII was disclosed, including his SSN and birthday, as well as outdated bank information, an invalid driver’s license, and former medical insurance information (which he admits are “useless” or “worthless”)....

What is more, some Plaintiffs maintain active online presences, which means that much of the PII they claim was disclosed in the cyberattack already had voluntarily been made available online. For example, while Forster complains that his title, place of work, and dates on which he joined and left SPE were disclosed, he acknowledges that he had posted that information to LinkedIn and thus could not be harmed by its disclosure.... Levine likewise admits that he has “put a lot of [his] life online.” ... For him and others, a wide range of PII was available online prior to the attack.
The other line of defense? If there is any harm, who can really say that it actually came from the Sony hack, rather than any other recent hack?
Plaintiffs (and, undoubtedly, unnamed classmembers) have been exposed to multiple breaches and incidents of identity theft involving various permutations of their PII.... To prove that any injury—or even risk of future injury—is attributable to the cyberattack, each classmember would have to show that this cyberattack, and not another event, caused any incident of identity fraud.
The other problem is that the only actual loss that any of the plaintiffs show right now was an unauthorized purchase on a credit card, but the filing points out, this employee was fully reimbursed (i.e., no loss) and it's also not at all clear that it happened because of the Sony hack.
Similarly, while Corona claims that somebody made an unauthorized purchase using his credit card after the cyberattack on SPE (for which he was fully reimbursed), he acknowledges that he also had unauthorized purchases on his credit card before the cyberattack, and that he could only “guess” at the connection, if any, between the more recent unauthorized purchase and the cyberattack.
To be honest, Sony's argument here is pretty strong. Courts have pretty consistently rejected class action lawsuits over data breaches when there are no actual losses, or where the losses are purely theoretical. It seems very likely that the former Sony employees here are going to lose.

But... it does seem rather amusing to see Sony -- which went on and on and on about all the "damage" the leak was going to cause -- now have to argue that its own employees experienced no harm at all...

Read More | 21 Comments | Leave a Comment..

Posted on Techdirt - 31 August 2015 @ 8:13am

Official Portrait For Pope's US Visit... Being Investigated For Copyright Infringement

from the the-holy-copyright-infringement dept

The previous pope, Benedict XVI a few years ago made some waves by suggesting that intellectual property had gone too far, saying:

On the part of rich countries there is excessive zeal for protecting knowledge through an unduly rigid assertion of the right to intellectual property...
The current Pope may now be at the center of a copyright dispute as well. Apparently, Pope Francis is heading to the US in a few weeks. And, as a part of this, apparently someone asked Philadelphia pop artist Perry Milou to create an "official" portrait of the Pope for his tour. And he did:
As a story at Buzzfeed notes, that portrait is on nearly everything related to the Pope's official visit to Philadelphia. It's on the website of the group organizing the visit:
And it's being sold on all sorts of merchandise:
You can even buy the original painting, if you have $1 million to spare:
There's... uh... just one problem. Getty Images claims that the portrait is based on a photo that it holds the rights to, taken by Italian photographer Franco Origlia. You can see that photo here:
And the two images side by side:
And, yup, it seems pretty clear that Milou found that image and made his painting based on that.

And most normal people would agree that this should be perfectly fine. Creating the painting is absolutely transformative. It doesn't take away from the rights of the original photograph and certainly is not a replacement for the original photograph and might even make the original photograph more recognizable and more in demand.

But, we live in the real world where copyright extremists freak out about just about anything. And Getty, for one, has a reputation as quite the copyright troll.

And, tragically, Getty is probably remembering what happened the last time a well known "pop artist" created a big recognizable portrait of someone based on a photograph held by a news agency: the infamous Sheppard Fairey/Obama Hope poster, that was based on a photo by photographer Manny Garcia, but where the Associated Press held the copyright:
In that case, even though many believe that Fairey had a really strong fair use claim, Fairey himself fucked it up by destroying evidence and lying, pretending that he had used a different photograph as the base. This was a really bad decision, because it poisoned the waters for a nice fair use defense, and got Fairey in deeper hot water. And, eventually that case was just settled.

One hopes that, should Getty go legal, that Milou doesn't follow Fairey's lead, and actually mounts a strong fair use defense. One would think that, at the very least, he'd have the Pope on his side, and that can't hurt.

Of course, given the ridiculous freakouts about these people daring to paint portraits based on news photographs, we're still wondering why no one ever threatened to sue former President George W. Bush for his paintings of famous world leaders that were also based on Google Image search results. Remember this masterpiece by the former President painting Russian leader Vladimir Putin based on the first result in Google Images at the time?
Somehow, no one decided to sue President Bush...

50 Comments | Leave a Comment..

Posted on Techdirt - 28 August 2015 @ 7:39pm

Popehat v. James Woods SLAPP-down Match; Coming Soon To A Court Near You

from the can-i-get-front-row-seats? dept

A month ago, we wrote about actor James Woods bizarrely suing a trollish Twitter user who had been mocking Woods on the site. The whole lawsuit seemed ridiculous. The specific tweet that sent Woods over the edge was this anonymous user (who went by the name "Abe List") saying "cocaine addict James Woods still sniffing and spouting." Soon after our post on the subject, Ken "Popehat" White posted an even better takedown entitled James Woods Punches the Muppet. That post has now been updated with a brief note that White has now been retained to defend the anonymous Twitter user. And, if that gets you excited for what to expect in the legal filings, well, you don't have wait. As first reported by Eriq Gardner at the Hollywood Reporter, White has filed the John Doe's opposition to Woods' attempt to unmask the guy. And it's worth reading.

Problem number one with Woods' suit is laid out right at the beginning of the filing, which is that Woods himself has a habit of accusing others of using illegal drugs as well, just as Abe List did:

The filing shows other tweets from Woods that have similar words that Woods complained about Abe List using, such as "clown" and "scum." As the filing notes, it appears Woods thinks that he can use those insults towards others, but if anyone uses them towards him, it's somehow defamatory.
Plaintiff, an internationally known actor, is active on Twitter, a social media platform. There he is known for engaging in rough-and-tumble political debate. Plaintiff routinely employs insults like “clown” and “scum,” and even accuses others of drug use as a rhetorical trope....
But Plaintiff apparently believes that while he can say that sort of thing to others, others cannot say it to him. He has sued Mr. Doe for a derisive tweet referring to him as “cocaine addict James Woods still sniffing and spouting” in the course of political back-andforth.... He also complains, at length, that Mr. Doe has called him things like a “clown” and “scum.” Naturally, Plaintiff has himself called others “clown” or “scum” on Twitter.
The filing, quite reasonably, notes that these kinds of hyperbolic claims cannot be seen as defamatory, and since there's no legitimate claim here, there is no reason to do expedited discovery or to unmask Abe List, who is entitled to have his identity protected under the First Amendment.

Oh, and, not surprisingly, White will be filing an anti-SLAPP motion shortly, which may mean that Woods is going to have to pay for this mess that he caused.

The filing also notes that while Woods sent a subpoena to Twitter to try to seek Abe List's identity, the company turned it down as deficient. The full two page letter is in the filing below as Exhibit B, but a quick snippet on the First Amendment concerns:
Meanwhile, Woods has already filed a response in which he is still seeking to uncover the name of Abe List, and which repeats more ridiculous claims about the whole thing, starting off with the simply false claim that the original "cocaine addict" tweet was likely seen by "hundreds of thousands" of Woods' followers. That's wrong. They would only see if they followed both Woods and the Abe List account, which very few did.

The filing, somewhat hilariously, claims that calling someone "a joke," "ridiculous," "scum" and "clown-boy" are not protected by the First Amendment. Which makes me wonder what law school Woods' lawyers went to. Because that's just wrong:
AL's outrageous claim appears to be the culmination of a mlaicious on-line campaign by AL to discredit and damage Woods' reputation, a campaign which began as early as December 2014. In the past, AL has referred to Woods with such derogatory terms as a "joke," "ridiculous," "scum" and "clown-boy." ... Although AL's rantings against Woods began with childish name calling, it has escalated beyond the protections of free speech, i.e., the First Amendment does not permit anyone to falsely represent to the public that another person is addicted to an illegal narcotic.
Um... but Woods himself did exactly that (see above). It's standard hyperbolic speech, which is clearly not defamatory especially when mocking a public figure like Woods who has a history of using the same sort of hyperbolic insults on Twitter. Even more ridiculously, Woods' lawyers claim that by saying that the statement was a joke, that's Abe List admitting that he knew it was a false statement. I can't see that argument flying. I can see it backfiring big time once the anti-SLAPP motion is made.

So, what about those similar tweets made by Woods himself? His lawyers tell the court to ignore those piddly things.
... to the extent AL or TG attempt to argue that the Court should consider other statements on their Twitter accounts, or any previous tweets by Mr. Woods, the argument is a red herring. First, there is no reason any of Mr. Woods' followers, all of whom were exposed to the defamatory statements, would even bother to investigate the speakers and/or their Twitter sites to determine if they were reliable sources. As to Mr. Woods, we are not aware of any false statements of fact made by Mr. Woods and his sometimes sharp commentary on political matters is irrelevant to the allegations here.
Except, uh, again, Woods suggested someone smoked crack, just like Abe List joked that Woods was a cocaine addict. And, again, Woods and his lawyers are just wrong that all of Woods' followers would have seen Abe Lists' tweets. They're just factually wrong.

You never know how courts will rule in any particular case, no matter how ridiculous, but I have a hard time seeing how Woods gets out of this without having to pay two sets of lawyers -- his own and Ken White -- for filing a clearly bogus defamation case designed to shut up (and identify) an anonymous Twitter critic. No matter what, James Woods may not be a cocaine addict, but he has made it clear that he can dish it out but can't take it back when people make fun of him. What a clown.

Read More | 34 Comments | Leave a Comment..

Posted on Techdirt - 28 August 2015 @ 3:23pm

Universal Music Has No Sense Of Humor, Takes Down Hilarious Twitter Profile Pun Parody Of Nirvana Song

from the get-over-yourself-UMG dept

Earlier today Techdirt writer Tim Geigner pointed me to a YouTube video that used Twitter user names to create a punnish version of the 80s hit "Tainted Love" retitled Tweeted Love. It's pretty amusing:

In checking out the YouTube account of the guy who created it, Jim Mortleman, a more recent video posted just a few days ago popped up, entitled Nerdpunna - Smells Like Tweet Spirit. This was the same style video, using Twitter usernames to create an absolutely hilarious version of the famous Nirvana song. It was so well done (perhaps because Kurt Cobain's lyrics are so unintelligible) that I couldn't believe it had only around 2,000 views. So I tweeted it, joking that people should check it out before it got taken down.
A bunch of people started retweeting and linking to it, with many of them commenting on how great the video was or how funny it was. Even people who aren't Nirvana fans were talking about it. A few examples:
And there were many more like that. In short: the damn thing is really funny and super well done. After realizing that his video was suddenly getting an influx of traffic, the creator of it, Jim Mortleman (who says that the videos are actually a group project in finding the profiles, which he then puts together in the video) tweeted me that he was pretty sure he was safe because he'd been alerted that UMG was "monetizing" his video -- which is one of the options in YouTube for copyright holders if they want to make money on someone using their work, rather than taking it down.
From his YouTube screen, it actually showed that Universal Music had blocked the video in one country while monetizing it elsewhere:
However, just a few hours later, as the video started getting more and more attention, views and tweets... apparently Universal changed its mind -- and if you now visit the page, this is what you see:
Mortleman says that within YouTube it's now officially blocked in all countries. This is a ContentID match, rather than a direct takedown, though the company clearly made the decision to switch it from monetizing it to taking it down -- so someone made a decision.

And it's a hellishly stupid decision. The video was fantastic and didn't take anything away from the song. It certainly wasn't a replacement for the song and, if anything, was likely to draw a lot more interest to the song and remind people of its existence. I'm not a huge fan of the song, but have been humming it to myself all afternoon because of that video (which I ended up watching a few times).

Also, this seems like a pretty clear case of fair use -- though I imagine some will disagree. The hilarious use of twitter user names to create alternative lyrics to the song is quite transformative. No one was watching this video as a replacement for the original song, but because the video itself sort of celebrated the song with alternative lyrics made up entirely of Twitter profile names where "Here we are now, entertain us" because "Huey Long Gnarl Emma Talus" (if you haven't seen the actual video... it's much funnier in the way it was presented). And now it's all gone and you can't see it.

All because of copyright law and UMG's total lack of a sense of humor.

Even if you think the fair use case is bunk and that the video is infringing and UMG is totally, 100% in the right to do what it did, I'm curious how this helps UMG in any way, shape or form. It doesn't help them get any more money, and it just makes people pissed off. How is that a smart business decision?

Update: Jim has now posted a silent version of the video so you can see what it looks like, though it's really not the same effect (though you can try to line up the audio with it to try to replicate the effect):

47 Comments | Leave a Comment..

Posted on Techdirt - 28 August 2015 @ 2:32pm

American Teen Gets 11 Year Sentence For Pro-ISIS Tweets That Taught People How To Use Bitcoin

from the really,-now? dept

Earlier this summer, the DOJ proudly announced that a Virginia teenager, Ali Shukri Amin, had taken a plea deal for "providing material support to ISIL" (the terrorist organization that everyone outside of the US government calls ISIS). This is back in the news now that Amin has been sentenced to 11 years in prison. Let's get this out of the way: ISIS is clearly a horrific and dangerous organization. But does what Amin did really deserve 11 years in prison? The details of the case against him also seem to raise some serious First Amendment questions about what counts as "material support."

First: the one area where Amin's actions do seem fairly questionable are when he helped another Virginia teen travel to Syria, apparently to join ISIS. That part definitely seems like it stepped over the legal line. But, the rest of the charges against him seem... like a teenager using Twitter and other social media to discuss stuff he's interested in. Amin ran a Twitter account called @AmreekiWitness, which had about 4,000 followers. He tweeted pro-ISIS propaganda, but that still seems to be a form of protected speech, last I checked. And, his big "crime" appears to be linking to an article about why ISIS supporters should use Bitcoin.

The following are examples of the defendant's use of Twitter in furtherance of his conspiracy to provide material support to ISIL:
On or about July 7, 2014, using the @AmreekiWitness account, the defendant tweeted a link to an article he authored entitled "Bitcoin wa' Sadaqat al-Jihad" (Bitcoin and the Charity of Jihad). The link transferred the user to the defendant's blog, where the article was posted. The article discussed how to use bitcoins and how jihadists could utilize this currency to fund their efforts. The article explained what bitcoins were, how the bitcoin system worked and suggested using Dark Wallet, a new bitcoin wallet, which keeps the user of bitcoins anonymous. The article included statements on how to set up an anonymous donations system to send money, using bitcoin, to the mujahedeen.

On approximately August 1, 2014, the defendant showed support for ISIL and his desire to help garner financial support for those wanting to commit jihad. Through @AmreekiWitness the defendant discussed methods to provide financial support for those wanting to commit jihad and for those individuals trying to travel overseas.

On approximately August 19, 2014, the defendant showed support for ISIL and desire to support ISIL. The defendant tweeted that the khilafah needed an official website "ASAP," and that ISIL could not continue to release media "in the wild" or use "JustPaste." Through various tweets, the defendant provided information on how to prevent the website from being taken down, by adding security and defenses, and he solicited others via Twitter to assist on the development of the website.
The defendant also operated an Amreeki Witness page on the website ask.fm. The defendant used these accounts extensively as a platform to proselytize his radical Islamic ideology, justify and defend ISIL's violent practices, and to provide advice on topics such as jihadists travel to fight with ISIL, online security measures, and about how to use Bitcoin to finance themselves without creating evidence of crime, among other matters.

The defendant also created the pro-ISIL blog entitled, "Al-Khilafah Aridat." On this blog, the defendant authored a series of highly-technical articles targeted at aspiring jihadists and ISIL supporters detailing the use of security measures in online communications to include use of encryption and anonymity software, tools and techniques, as well as the use of the virtual currency Bitcoin as a means to anonymously fund ISIL.
Tweeting about Bitcoin and saying that ISIS needs a website is a crime? One that deserves over a decade in jail? Obviously, aiding ISIS in any way is incredibly stupid, but it seems like a pretty slippery slope to argue that teaching people how to use Bitcoin or saying that ISIS needs a website rises to the level of "material support for ISIS" by itself. It seems like such a definition could lead to many, many people at risk. If you disagree with US policy for dealing with ISIS and say so -- at what point does it cross over the line? It seems way too easy to twist this into criminalizing dissent, rather than actually supporting a designated terrorist organization.

I'm all for coming up with ways to stop the spread of ISIS, and to prevent further attacks by the group. But jailing an American teenager over his tweets seems... excessive.

Read More | 53 Comments | Leave a Comment..

Posted on Techdirt - 28 August 2015 @ 10:43am

Appeals Court Strikes Down Ruling Finding NSA Phone Records Collection Unconstitutional

from the well-that's-too-bad dept

Back in December of 2013, judge Richard Leon of the DC district court, ruled that the NSA's bulk metadata collection under Section 215 of the PATRIOT Act was unconstitutional and issued an injunction against it (though, recognizing the inevitable appeal, Judge Leon stayed the injunction). This was in the case brought by Larry Klayman and FreedomWorks.

Leon's ruling was detailed and thorough... but the DC circuit appeals court has overturned it and sent it back to the lower court, focusing mainly on the "standing" question that has been raised in basically every case against NSA surveillance. In short, the government says "if you can't prove that we spied on you directly, then you can't sue us over our spying on everyone generally." That seems sketchy for all sorts of reasons, and Judge Leon, in his original ruling pointed out how ridiculous it was, mocking the government's reliance on the Supreme Court ruling in "Clapper" (a case against James Clapper) where the Supreme Court basically agreed that you needed more evidence to show you had standing. Of course, that ruling only happened after the US Solicitor General lied to the Supreme Court about how defendants arrested using such data would be told how it was collected. Besides, here, Judge Leon noted, there was plenty of evidence that everyone's information was being collected.

Straining mightily to find a reason that plaintiffs nonetheless lack standing to challenge the metadata collection, the Government argues that Judge Vinson's order names only Verizon Business Network Services ("VBNS") as the recipient of the order, whereas plaintiffs claim to be Verizon Wireless subscribers. The Government obviously wants me to infer that the NSA may not have collected records from Verizon Wireless (or perhaps any other non-VBNS entity, such as AT&T and Sprint). Curiously, the Government makes this argument at the same time it is describing in its pleadings a bulk metadata collection program that can function only because it "creates an historical repository that permits retrospective analysis of terrorist-related communications across multiple telecommunications networks, and that can be immediately accessed as new terrorist-associated telephone identifiers come to light."

[....] Put simply, the Government wants it both ways. Virtually all of the Government's briefs and arguments to this Court explain how the Government has acted in good faith to create a comprehensive metadata database that serves as a potentially valuable tool in combating terrorism--in which case the NSA must have collected metadata from Verizon Wireless, the single largest wireless carrier in the United States, as well as AT&T and Sprint, the second and third-largest carriers.... Yet in one footnote, the Government asks me to find that plaintiffs lack standing based on the theoretical possibility that the NSA has collected a universe of metadata so incomplete that the program could not possibly serve its putative function. Candor of this type defies common sense and does not inspire confidence!
But, the appeals court just doesn't buy it. From the opinion by Judge Janice Brown:
The record, as it stands in the very early stages of this litigation, leaves some doubt about whether plaintiffs’ own metadata was ever collected. Plaintiffs’ central allegation is that defendants “violated the Fourth Amendment to the U.S. Constitution when they unreasonably searched and seized and continue to search Plaintiffs’ phone records . . . without reasonable suspicion or probable cause.” ... Plaintiffs have supported this claim with specific facts, notably: (1) The NSA operates a bulk telephony-metadata collection program; and (2) on April 25, 2013, the FISC issued an order requiring Verizon Business Network Services to produce its subscribers’ call detail records to the NSA on a daily basis from April 25, 2013 to July 19, 2013. However, plaintiffs are Verizon Wireless subscribers and not Verizon Business Network Services subscribers. Thus, the facts marshaled by plaintiffs do not fully establish that their own metadata was ever collected.
Judge Brown admits that Judge Leon explains why the government's own statements make it clear that its metadata collection goes beyond just Verizon Business Network Services, but doesn't think it's enough evidence. She also highlights how there is at least some more substantial evidence than in the Clapper/Amnesty International case that the Supreme Court ruled on, but still doesn't find it enough:
However, the burden on plaintiffs seeking a preliminary injunction is high. Plaintiffs must establish a “substantial likelihood of success on the merits.” ... Although one could reasonably infer from the evidence presented the government collected plaintiffs’ own metadata, one could also conclude the opposite. Having barely fulfilled the requirements for standing at this threshold stage, Plaintiffs fall short of meeting the higher burden of proof required for a preliminary injunction.
Instead, Judge Brown says that the lower court could try to determine if it's appropriate for Klayman/Freedomworks to be allowed to conduct discovery with the government to obtain more evidence that his phone record info was collected -- while admitting that's unlikely because "secret program" and all that.
On remand it is for the district court to determine whether limited discovery to explore jurisdictional facts is appropriate.... Of course, I recognize that, in order for additional discovery to be meaningful, one of the obstacles plaintiffs must surmount is the government’s unwillingness to make public a secret program.... It is entirely possible that, even if plaintiffs are granted discovery, the government may refuse to provide information (if any exists) that would further plaintiffs’ case. Plaintiffs’ claims may well founder in that event. But such is the nature of the government’s privileged control over certain classes of information. Plaintiffs must realize that secrecy is yet another form of regulation, prescribing not “what the citizen may do” but instead “what the citizen may know.”... Regulations of this sort may frustrate the inquisitive citizen but that does not make them illegal or illegitimate. Excessive secrecy limits needed criticism and debate. Effective secrecy ensures the perpetuation of our institutions. In any event, our opinions do not comment on the propriety of whatever privileges the government may have occasion to assert.
Got that? Excessive government secrecy sucks, but, hey, what can you do?

In a separate ruling, Judge Stephen Williams also says there's no standing, giving even more deference to the Supreme Court's ruling in the Clapper/Amnesty International case. While at least Judge Brown was willing to distinguish the two, Judge Williams sees no such distinction:
Here, the plaintiffs’ case for standing is similar to that rejected in Clapper. They offer nothing parallel to the Clapper plaintiffs’ evidence that the government had previously targeted them or someone they were communicating with (No. 3 above). And their assertion that NSA’s collection must be comprehensive in order for the program to be most effective is no stronger than the Clapper plaintiffs’ assertions regarding the government’s motive and capacity to target their communications
In fact, Judge Williams takes the odd position of adding in possible reasons why the NSA might not be collecting everyone's metadata to show why such an inference is unfounded:
The strength of plaintiffs’ inference from the government’s interest in having an effective program rests on an assumption that the NSA prioritizes effectiveness over all other values. In fact, there are various competing interests that may constrain the government’s pursuit of effective surveillance. Plaintiffs’ inference fails to account for the possibility that legal constraints, technical challenges, budget limitations, or other interests prevented NSA from collecting metadata from Verizon Wireless. Many government programs (even ones associated with national defense) seem to be calibrated or constrained by collateral concerns not directly related to the program’s stated objectives, such as funding deficiencies, bureaucratic inertia, poor leadership, and diversion to non-defense interests of resources nominally dedicated to defense. It is possible that such factors have operated to hamper the breadth of the NSA’s collection.
Basically, we can't assume that Verizon Wireless metadata was collected because, you know, maybe it wasn't. Maybe "bureaucratic inertia" meant the NSA really didn't care about Verizon Wireless. Who can really say?

The only "dissent" on the three judge panel comes from Judge David Sentelle, who says he basically agrees with absolutely everything Judge Williams says except for the idea that the case should be remanded to the district court for further discovery, saying the entire case should be dismissed outright.
Plaintiffs have not demonstrated that they suffer injury from the government’s collection of records. They have certainly not shown an “injury in fact” that is “actual or imminent, not conjectural or hypothetical.” ... I agree with the conclusion of my colleagues that plaintiffs have not shown themselves entitled to the preliminary injunction granted by the district court. However, we should not make that our judicial pronouncement, since we do not have jurisdiction to make any determination in the cause. I therefore would vacate the preliminary injunction as having been granted without jurisdiction by the district court, and I would remand the case, not for further proceedings, but for dismissal.


Without standing there is no jurisdiction. Without jurisdiction we cannot act.... Therefore, I agree with my colleagues that the issuance of the preliminary injunction was an ultra vires act by the district court and must be vacated. However, I believe we can do no more. I would remand the case for dismissal, not further proceedings.
So... that's not great. However, it also creates a pretty clear circuit split between the DC Circuit and the 2nd Circuit, which you may recall ruled that the ACLU and others had standing in a similar lawsuit. Given this clear circuit split, perhaps the Supreme Court can actually be persuaded to take up the case and fix the mistake it made in the Clapper case a couple years ago...

Read More | 21 Comments | Leave a Comment..

Posted on Techdirt - 28 August 2015 @ 9:33am

UK Music Collection Society PRS Sues SoundCloud

from the and-so-it-begins dept

There have been rumors for months that various elements of the legacy recording industry were gearing up to sue SoundCloud, the super popular and useful audio hosting site (we use it to host the Techdirt Podcast). In the last year or so, SoundCloud has been ramping up its efforts to appear super responsive to takedown requests, leading to ridiculous situations including the takedowns of public domain material, or of officially uploaded material. The company has also been completely ridiculous about fair use, telling users that it doesn't recognize it, since it's only a US concept.

As always, it appears that appeasing copyright extremists never gets you very far in the long run. The rumors for months are that, as with pretty much every other successful internet music-related service, the legacy players come asking for huge chunks of equity if you don't want to get sued. They basically demand companies bleed themselves dry, or be forced to be bled dry by a lawsuit. And now the lawsuits are starting. First up is not actually a record label, but PRS, the rather infamous UK music collection society that just recently told its members that it was keeping more of the money it collected, in order to funnel it into lawsuits. This is the same PRS that is so desperate to collect more money that it has gone after a woman who played music to her horses, a woman who sang to herself while stocking grocery store shelves and against a charity for daring to have children sing Christmas carols without paying up.

That lovely organization is now suing SoundCloud:

Our aim is always to license services when they use our members’ music. It has been a difficult decision to begin legal action against SoundCloud but one we firmly believe is in the best, long-term interests of our membership. This is because it is important we establish the principle that a licence is required when services make available music to users. We have asked SoundCloud numerous times to recognise their responsibilities to take a licence to stop the infringement of our members’ copyrights but so far our requests have not been met. Therefore we now have no choice but to pursue the issue through the courts.
PRS itself notes that SoundCloud is arguing that its service in the UK is protected by EU safe harbors as a host of content, rather than the publisher, but PRS isn't buying it. SoundCloud, in its response, notes that this follows a pattern of the recording industry to sue internet services as a negotiating tactic. As noted over at Music Ally:
“It is regrettable that PRS appears to be following this course of action in the midst of an active commercial negotiation with SoundCloud. We believe this approach does not serve the best interests of any of the parties involved, in particular the members of the PRS, many of whom are active users of our platform and who rely on it to share their work and communicate with their fanbase,” said a spokesperson.

“SoundCloud is a platform by creators, for creators. No one in the world is doing more to enable creators to build and connect with their audience while protecting the rights of creators, including PRS members. We are working hard to create a platform where all creators can be paid for their work, and already have deals in place with thousands of copyright owners, including record labels, publishers and independent artists.”
This is one of those fights where it's unlikely that there will be any winners, other than the lawyers. SoundCloud will eventually probably just pay up, and continue to make its platform less and less useful. And PRS may get a little bit more money in the short term at the expense of long term support of the platforms musicians need to embrace in this modern internet era.

39 Comments | Leave a Comment..

Posted on Techdirt - 28 August 2015 @ 8:18am

Bill That Was Supposed To Limit Police Drone Activity Changed By Lobbyist To Enable Weaponized Drones

from the this-won't-go-wrong-at-all... dept

North Dakota state representative Rick Becker had a good idea with his House Bill 1328, which would forbid the use of drones by law enforcement in the state without a warrant. A few other states have been looking at similar proposals, after there have been growing concerns about police using drones for surveillance activities. Virginia, for example, recently passed a law that requires a warrant for police drone use. So, good idea, Rep. Becker.

Except... in stepped Bruce Burkett, a lobbyist from the North Dakota Peace Officer's Association, who "was allowed by the state house committee to amend HB 1328" to now make it about legalizing weaponized drones for police. Yes, a "peace officer" representative just made it possible to weaponize drones. The trick? He amended the bill to make it only about "lethal weapons," which now opens the door to what police like to refer to as "less than lethal" weapons like "rubber bullets, pepper spray, tear gas, sound cannons, and Tasers" -- some of which have a history of leading to deaths, despite their "less than lethal" claims.

Even “less than lethal” weapons can kill though. At least 39 people have been killed by police Tasers in 2015 so far, according to The Guardian. Bean bags, rubber bullets, and flying tear gas canisters have also maimed, if not killed, in the U.S. and abroad.
Meanwhile, local police are still freaking out about the need to require a warrant. Check out this bit of police state nonsense:
Grand Forks County Sheriff Bob Rost said his department’s drones are only equipped with cameras and he doesn’t think he should need a warrant to go snooping.

“It was a bad bill to start with,” Rost told The Daily Beast. “We just thought the whole thing was ridiculous.”

Rost said he needs to use drones for surveillance in order to obtain a warrant in the first place.
Yes, we need to spy on your first, to then see if we should get a warrant to spy on you some more. That's not how this works.

And, now, while there will be warrant requirements for some uses -- though with broad exceptions including within 25 miles of the US/Canada border and for "exigent circumstances" -- the bill will (thanks to a lobbyist) allow the police to also experiment with weaponizing drones. If you thought the militarization of police wasn't screwed up enough, now you might need to worry about stun guns and rubber bullets hailing down from the sky...

Read More | 56 Comments | Leave a Comment..

Posted on Techdirt - 28 August 2015 @ 6:17am

Border Patrol Agent Forwarded All Emails To Someone Else's Gmail; Only Discovered When 'Civilian' Responded

from the oops dept

Intercept reporter Jenna McLaughlin alerts us to a rather stunning security mistake by a Customs and Border Patrol (CBP) agent, as outlined in some DHS released "incident reports" concerning "cloud data breaches." The very first one involves the CBP agent forwarding all of his email to a personal account, but messing up the configuration, so that it actually forwarded to someone else's Gmail account (someone with a similar name) -- and this mistake was only noticed when this "civilian" responded to an email he had received via this forwarding, and the response was sent to a wider mailing list of Homeland Security employees:

If you can't see that, here's what it says:
CBP reports that one (1) CBP user had an auto-forwarding rule setup to have emails sent externally to a civilian's personal Gmail account. There is a possibility that sensitive information to include Personally Identifiable Information (Pll) has been accidently sent out due to this rule. The incident was discovered when a civilian responded to a CBP user's email to a distribution list of other CBP/DHS users. The CBP user noticed the civilian's Gmail address and reported it to the FTO who then reported the incident to the CBP CSIRC. Upon investigation and confirmation from EaaS, one (1) CBP Border Patrol Agent who was on the email distribution list had an auto-forwarding rule setup within their Exchange account to a non-CBP/DHS user's personal Gmail account. The name of the Border Patrol Agent and the civilian are very similar, but it was determined that the Border Patrol Agent misconfigured the rule by using the civilian's personal Gmail address instead of his own. Technical remediation will include working with the EaaS team to implement a rule to disable the auto-forwarding rule and only allow it when requests are made to the Exchange team. The incident has been reported to the CBP Privacy Office and Joint Intake Center for action (assisting the user to have all government emails removed and confirmed).
It seems rather stunning that CBP/DHS didn't already have such a rule in place. Then again, this is Customs and Border Patrol, who has something of a history of not really giving a fuck because they can get away with doing whatever they want and no one ever does anything about it.

Later in the same report, it is revealed that this auto-forwarding from inside DHS to private accounts happened somewhat frequently. An investigation just a month after the incident above showed 771 such rules set in DHS staffers Exchange systems:
If you can't read that, it says:
DHS SOC reports that a total of 771 rules are configured in Exchange to auto-forward emails external to DHS. DHS SOC requested and received a list of 771 automated email forwarding rules created by DHS Email as a Service (EaaS) users. Auto-forwarding or redirecting of DHS email to address outside of the .gov or .mil domain is prohibited and shall not be used per DHS 4300A policy, section 5.4.6.i and poses a high risk of accidental disclosure of Pll, SBU, FOUO, LES, or classified data. The incident has been reported to the Joint Intake Center (JIC). Affected Components (CBP, FEMA, DHS HQ, and DC2) are asked to identify and remediate the rules.
Not sure about to you, but this doesn't make me feel much safer about DHS at all. And, remember, DHS is one of the government bodies currently looking to manage the government's cybersecurity efforts -- and they're considered the better option given just how little people trust the NSA or the FBI (the two other main contenders).

Read More | 34 Comments | Leave a Comment..

Posted on Techdirt - 28 August 2015 @ 3:20am

United In Flight WiFi Blocks Popular News Sites

from the because-we-said-so dept

So, just last month, we wrote about United Airlines idiotic inflight video system that forces you to install DRM on your own devices to watch a movie. And, now, it appears that the company is filtering out all sorts of news sites. The EFF's Nate Cardozo was on a flight yesterday when he started noticing that he couldn't get to certain tech websites, including Ars Technica and The Verge -- instead receiving messages they were blocked due to United's "access policy." The same was true for political news site Daily Kos. Eventually he even realized that United also blocks the NY Times (via his phone after the laptop battery ran out).

Both the terms of use that United has, as well as the company's FAQ about the service warn that "inappropriate or unsuitable for inflight viewing" websites may be blocked:
Of course, it's difficult to see what kind of content on any of those news sites would be considered inappropriate or unsuitable for inflight viewing. And, you know, it's letting through plenty of much sketchier sites like, uh, us at Techdirt. Basically, this makes no sense at all, and I'm sure that if United's PR people ever getting around to commenting on it, they'll say it was a "glitch" and that it won't happen again. But this is the kind of problem that you run into when you deem yourself able to control what people can and can't access online.

35 Comments | Leave a Comment..

More posts from Mike Masnick >>