Mike Masnick’s Techdirt Profile

mmasnick

About Mike MasnickTechdirt Insider

Mike is the founder and CEO of Floor64 and editor of the Techdirt blog.

He can be found on Twitter at http://www.twitter.com/mmasnick



Posted on Techdirt - 1 April 2015 @ 11:31am

President Obama Signs Executive Order Saying That Now He's Going To Be Really Mad If He Catches Someone Cyberattacking Us

from the oh-come-on dept

This, apparently, is not an April Fool's joke. This morning, President Obama signed an executive order [pdf] allowing the White House to issue sanctions on those "engaging in significant malicious cyber-enabled activities." I'm sure the Chinese state hackers behind the Github DDoS are shaking in their boots.

To make this work, the President officially declared foreign hacking to be a "national emergency" (no, really) and basically said that if the government decides that some foreign person is doing a bit too much hacking, the US government can basically do all sorts of bad stuff to them, like seize anything they have in the US and block them from coming to the US. Because that won't be abused at all.

Look, everyone agrees that there's a lot of online hacking and computer attacks going on. So much of what we do in the world has moved online, so of course that's going to be a target. But giving a general "ARRRRRGGH! HACKING BAD! WHITE HOUSE MAD!" executive order seems incredibly pointless and counterproductive. It seems like yet another example of politicians feeling the need to do something because there's a problem -- but not having any good ideas on what to actually do that will help solve the problem. So they just do something to say they did something, never mind how toothless it is -- or (more importantly) how the broad and vague definitions set forth in the "something" they do can (and will) be used in the future against perfectly reasonable actions and actors.

It's stories like these that make actual computer security folks shake their heads in confusion at politicians. You don't solve cybersecurity issues with vague executive orders. You do it with better security practices (and not undermining those practices with backdoors and stockpiling zero days).

Read More | 18 Comments | Leave a Comment..

Posted on Techdirt - 1 April 2015 @ 9:30am

Georgia Supreme Court: No, Writing Mean Things About Copyright Trolling By Linda Ellis Is Not 'Stalking'

from the moving-on... dept

A few years ago, we wrote about a terrible Georgia state court ruling against Matt Chan, the operator of Extortion Letter Info (ELI), a website/forum that has tracked copyright trolling for many years. There had been a number of discussions on the site about Linda Ellis, who is somewhat notorious for her trolling effort. Ellis wrote a poem called "The Dash" that gets reposted a lot online. Ellis and her lawyers then send threat letters, emphasizing the possible $150,000 in statutory damages (yet another example of how statutory damages aid in copyright trolling), before suggesting much lower (but still crazy high) dollar amounts to "settle." While some of the discussions on ELI were overly aggressive towards Ellis, it still seemed ridiculous that the court ordered Chan to remove all content relating to Ellis and to block any future mentions of her.

It seemed rather obvious that this was a pretty clear First Amendment violation, but the court felt that it was okay under Georgia's anti-stalking law. Georgia's Supreme Court has now unanimously reversed the lower court decision, saying that posting mean stuff about someone on a public website is not the same as stalking. The court focuses on the fact that the content posted to ELI wasn't sent directly to Ellis, but rather posted publicly in a place where she could (and, in fact, did) see it. It doesn't even get to the First Amendment issues, focusing just on whether or not this is stalking under Georgia's law:

The limited evidence in the record shows that Chan and others posted a lot of commentary to his website about Ellis, but it fails for the most part to show that the commentary was directed specifically to Ellis as opposed to the public. As written, most of the posts appear to speak to the public, not to Ellis in particular, even if they are about Ellis. And there is no evidence that Chan did anything to cause these posts to be delivered to Ellis or otherwise brought to her attention, notwithstanding that he may have reasonably anticipated that Ellis might come across the posts, just as any member of the Internet-using public might. The publication of commentary directed only to the public generally does not amount to “contact,” as that term is used in OCGA § 16-5-90 (a) (1), and most of the posts about Ellis quite clearly cannot form the basis for a finding that Chan contacted Ellis.

To the extent that a few of the posts may come closer to “contact” — including, for instance, the open letter to Ellis, which Chan may actually have intended as a communication to Ellis — their publication still does not amount to stalking. Even assuming for the sake of argument that Chan “contacted” Ellis by the publication of any posts, the evidence fails to show that such contact was “without [her] consent.” OCGA § 16-5-90 (a) (1). This is not a case in which Chan sent a message to Ellis by electronic mail, linked commentary to her social media account, or posted commentary on her website. To the contrary, the commentary about which Ellis complains was posted on Chan’s website, and Ellis learned of that commentary — that is, it arguably was communicated to her — only as a result of her choice to discover the content of the website. The evidence shows that Ellis visited the website herself — it appears, in fact, that she registered herself as an authorized commentator on the website — and that she had others visit the website and report back to her about the commentary published there. Generally speaking, our stalking law forbids speech only to the extent that it is directed to an unwilling listener, and even if Ellis did not like what she heard, she cannot be fairly characterized as an unwilling listener. Ellis failed to prove that Chan “contacted” her without her consent, and the trial court erred when it concluded that Chan had stalked Ellis.
The only mention of the First Amendment comes in a footnote, in response to the part of the paragraph above, where the court notes that Ellis was not an "unwilling listener" as required under the law, noting that even so, if the speech is protected by the First Amendment, the stalking law wouldn't apply:
Even then, if the speech is protected by the First Amendment, it is excluded from the scope of our stalking law. See OCGA § 16-5-92 (“The provisions of Code Sections 16-5-90 and 16-5-91 shall not apply to persons engaged in activities protected by the Constitution of the United States or of this state . . . .”).
But, by determining that the blog posts are not even stalking, the court avoided that question altogether. Either way, another important victory for free speech online, overturning a bad ruling that would have resulted in serious chilling effects for online speech.

Read More | 10 Comments | Leave a Comment..

Posted on Techdirt - 1 April 2015 @ 6:20am

Was It The Same Corrupt Team That Investigated/Stole From Silk Road That Now Subpoenaed Reddit?

from the questions,-questions dept

On Monday, Andy Greenberg over at Wired published a story about how a Homeland Security ICE agent, based in Baltimore, had sent a subpoena to Reddit, demanding info on five users who had been posting to the subreddit r/darkmarkets, which (you guessed it!) is where lots of people discuss dark markets like Silk Road and the recently shut down (and all money taken) Evolution. It appears that the subpoenas were trying to track down more information about who was behind Evolution:

Earlier this month, a Baltimore Department of Homeland Security (DHS) Immigration and Customs Enforcement agent sent a subpoena to Reddit demanding that the site turn over a collection of personal data about five users of the r/darknetmarkets forum. The subpoena appears to be the first hint of a federal investigation of the recently defunct massive online market known as Evolution, which sold drugs, weapons, and stolen financial details. All five targets of the subpoena were involved, to varying degrees, in the Reddit discussion of that black market’s abrupt disappearance two weeks ago, in which two top administrators apparently absconded with millions of dollars worth of bitcoin belonging to Evolution’s buyers and sellers.

According to a copy of the subpoena shared with WIRED by one of the forum’s moderators who was named in the document, the DHS seeks information that includes the names, IP addresses, dates and times of site visits as well as other data that Reddit likely doesn’t possess, including the users’ phone numbers and financial data. (Reddit doesn’t even require an email address to sign up.)
For what it's worth, Reddit's privacy policy notes that it does collect IP addresses and holds them and other info for 90 days -- meaning that if any of the users weren't careful, they may have revealed some information about themselves. Though, seriously, if you're deeply involved in a dark market doing illegal things, and then posting publicly to a subreddit without covering your tracks, you're basically asking to be caught.

That said, what struck me most was the fact that this request came from Baltimore. Because right about the same time that Greenberg's story came out, the Justice Department was revealing its criminal complaint against two of the key federal agents involved in the investigation of Silk Road, who (according to the complaint) stole a bunch of money from Silk Road, extorted Silk Road's administrator and also engaged in a bunch of other nefarious actions, including issuing a fake subpoena to Venmo, engaging in civil asset forfeiture against Mt. Gox accounts and discussing other similar activities.

And both of those guys were... based in Baltimore. It's not entirely clear if the two allegedly corrupt federal agents -- Carl Force of the DEA and Shaun Bridges of the Secret Service -- were part of this same Homeland Security investigations team, but it wouldn't be entirely surprising to find out that it was the same team. One hopes that whoever is involved in that investigations team now, isn't doing similar corrupt activities as mentioned in the criminal complaint against Force and Bridges. However, given how those two appeared to abuse their position, and given that there's a high likelihood of the subpoena coming from the same team, it certainly raises some additional questions. And that's not even mentioning the concerns about other corrupt individuals in these investigations, including a Homeland Security agent who went by the name "mr. wonderful."

That's not to say that the subpoena to Reddit is problematic. It may be perfectly legit (though it does appear that at least one of the people that the subpoena was digging into is just Gwern Branwen, a well-known security researcher who insists he has never sold any illegal products on dark market sites). Still, the criminal complaint from earlier this week certainly raises serious questions about any of these fishing expeditions, especially by a team coming out of Baltimore.

7 Comments | Leave a Comment..

Posted on Techdirt - 31 March 2015 @ 9:09pm

Flickr Now Officially Supports Public Domain Dedications

from the very-nice-to-see dept

As we had noted in our story about Elon Musk declaring all SpaceX photos public domain, Flickr (where most of those photos were hosted) did not allow an official public domain dedication. And while it offered Creative Commons licenses, the CC0 public domain dedication was not among the options. Flickr is not the only site like that -- many sites that offer CC licensing don't include a CC0 option. Last week, there was an interesting piece by Jessamyn West exploring why it was that Flickr chose not to offer a public domain option. She found an old forum post by Flickr founder (and now Slack founder/CEO) Stewart Butterfield, where he explained the reasoning as such:

The reasons we don’t have a PD option: (i) Unlike CC licenses, you can’t take PD back — once it is done, it is done. I spec’d out a three stage confirmation (including typing out that you understand what it means) but this was seemed like too much and we didn’t want the support hassle. People are free to use the description field to specify their PD desires. (ii) There are liabilities that we don’t want to take on if we allow people to claim something is public domain without actual checking the chain of title — if they don’t own it in the first place, we can get in trouble. (This is also true of CC images, but at least that can be changed after the fact and there is less of a chance of the image just “escaping” in the wild.)
Of course, those reasons really don't make that much sense in reality. You can't really take back CC licenses either. The very first thing that Creative Commons tells potential licensors is that the licenses are not revocable. Once you grant a CC license, it stays that way.

Thankfully, the Yahoo folks who are currently running Flickr realized that this was an opportunity -- and have now announced that it has added both "public domain" listings and a CC0 dedication as options when uploading images:

We’ve been proud to support Creative Commons licenses since 2004, and we’ve become an important repository of U.S. Government works and historic images from galleries, libraries, archives, and museums around the world (check out The Flickr Commons for examples).

But we’ve heard from our community that we’re missing two important designations: Public Domain and Creative Commons 0 (CC0). Many members of our community want to be able to upload images that are no longer protected by copyright and correctly tag them as being in the Public Domain, or they want to release their copyright entirely under CC0.

So, starting today we’re happy to support these two new options. One of the first accounts on Flickr to change its designation was SpaceX, which has uploaded more than a hundred gorgeous images of its launches. These extraordinary photos are now available for others to freely use, enhance, and promulgate without restriction under copyright law.

This is a great move -- and we're thrilled to see Flickr take such a stand (even if it should have happened years ago). Hopefully other platforms will follow suit.

6 Comments | Leave a Comment..

Posted on Techdirt - 31 March 2015 @ 1:33pm

Ross Ulbricht's Lawyers Were Told About Corrupt Investigators, But Barred From Using That During His Trial

from the hello-due-process-problems dept

We already wrote about Monday's unsealed criminal complaint against two government agents who were key players in investigating Silk Road -- but who used that position to steal Bitcoins and a lot of other questionable behavior. Now it comes out that the Justice Department revealed the existence of this investigation to Ross Ulbricht's lawyers five weeks before Ulbricht's trial -- but then blocked Ulbricht's legal team from using that information, even as the Justice Department continued to rely on evidence from both of the apparently corrupt federal agents. Ulbricht's lawyer, Joshua Dratel, has put out a statement pointing out some of the problems here:

In addition to keeping any information about the investigation from the defense for nearly nine months, then revealing it only five weeks prior to trial, and then moving to keep sealed and secret the general underlying information so that Mr. Ulbricht could not use it in his defense at trial, and then stymying the defense at every turn during trial when the defense tried to introduce favorable evidence, the government had also refused to agree to the defense’s request to adjourn the trial until after the indictment was returned and made public – a modest adjournment of a couple of months, since it was apparent that the investigation was nearing a conclusion.

Throughout Mr. Ulbricht’s trial the government repeatedly used the secret nature of the grand jury investigation as an excuse to preclude valuable defense evidence that was not only produced in discovery, independent of the investigation of Mr. Force, but also which was only at best tenuously related to that investigation. In that manner the government deprived the jury of essential facts, and Mr. Ulbricht of due process. In addition, the government failed to disclose previously much of what is in the Complaint, including that two federal law enforcement agents involved in the Silk Road investigation were corrupt. It is clear from this Complaint that fundamentally the government’s investigation of Mr. Ulbricht lacked any integrity, and was wholly and fatally compromised from the inside.
Dratel suggests that the corrupt behavior of Force and Bridges raises questions about nearly all aspects of the Ulbricht case, especially since they have already showed that they abused their access to the Silk Road platform in a way that could change the site and account information.

Additional information shows that Force not only acted as "Chief Compliance Officer" for CoinMKT while still employed as a DEA agent (and abusing his ability to use government databases for the job), but as a report from Sarah Jeong at Forbes shows, he also reached out to Mt. Gox CEO Mark Karpeles:
And then even asked about working with Mt. Gox as well, with this bizarre "American government and economy will crash in the next five years" statement:
Just about a month later, when Bridges was the affiant on helping the government seize millions of dollars from Mt. Gox (just days after withdrawing the money he himself allegedly stole from Silk Road), Force emailed Karpeles again, saying "told you should have partnered with me!"
And that doesn't even get into the fact that the whole "murder plot" that was such a headline grabber in the original criminal complaint only happened after Bridges apparently took the money and Ulbricht reached out to Force to get him to put out a hit on the guy he thought had stolen the money (who had actually been cooperating with the government, which allowed Bridges to get the info to steal the money in the first place).

As we noted in our earlier piece, the criminal complaint shows that Force himself abused his power as a DEA agent to fake a subpoena against Venmo trying to get his own account unfrozen -- and it appears that when that didn't work, Force tried to further abuse his power to seize Venmo's bank account in response. A snippet from an email he sent to a colleague:
Venmo has since registered with FinCEN, but I want to know if they have state money license remitting licenses in California and New York. Can you check? If not, I want to seize their bank accounts (need to identify them) a la BRIDGES and [M.M.’s] seizure warrants for Mt. Gox.
And here's the big question: were Bridges and Force really just two "bad apples" in the investigation? Or could it have gone much deeper? As Jeong notes in her report:
During the trial, the defense kept trying to introduce the character of “mr. wonderful,” a Baltimore DHS agent who coerced a Silk Road moderator into giving her account over to law enforcement. Although many of Force’s aliases are listed in the criminal complaint against him, none of them are “mr. wonderful.” (In any case, Force is a DEA agent, and “mr. wonderful” is DHS). Who is mr. wonderful? What exactly did he do?
In other words, whether or not you believe that Ulbricht was DPR, the investigation and trial against him was a complete and utter mess, and these new charges raise an awful lot of questions about the fairness of that trial.

36 Comments | Leave a Comment..

Posted on Techdirt - 31 March 2015 @ 11:36am

China's Great Firewall Turned Around: Why China Wants To Censor Global Internet

from the pay-attention----this-matters-a-lot dept

If you pay attention to Github (and you should), you know that late last week the site started experiencing some problems staying online, thanks to a massive and frequently changing DDoS attack. Over the past few days a lot more details have come out, making it pretty clear that the attack is coming via China with what is likely direct support from the Chinese government. While it's messing with all of Github, it's sending traffic to two specific Github pages: https://github.com/greatfire and https://github.com/cn-nytimes. Those both provide tools to help people in China access Greatfire and the NY Times. Notably, Greatfire itself notes that prior to the DDoS on Github, its own site was hit with a very similar DDoS attack.

If you want the technical details, Netresec explains how the DDoS works, noting that it's a "man-on-the-side" attack, injecting certain packets alongside code loaded by Chinese search engine Baidu (including both its ad platform and analytics platform), but is unlikely to be coming directly from Baidu itself.

But the much more interesting part is why China is using a DDoS attack, rather than its standard approach of just blocking access in China, as it has historically done. The key is that, two years ago, China tried to block Github entirely... and Chinese programmers flipped out, pointing out that they couldn't do their jobs without Github. The Chinese censors were forced to back down, leading to a sort of loophole in the Great Firewall. That leads to the next question of why China doesn't just block access to the URLs of the two repositories it doesn't like? And the answer there: HTTPS. Because all Github traffic is encrypted via HTTPS, China can't just block access to those URLs, because it doesn't know specifically what's being accessed.

And thus, we get the decision to turn its firewall around, launching a rather obvious DDoS attack on the two sites it doesn't like, with the rather clear message being sent to Github: if you stop hosting these projects, the DDoS will stop. Of course, so far Github is taking a stand and refusing to take down those projects (which is great and exactly what it should be doing).

However, this does suggest an interesting escalation in questions about the increasing attempts to fragment the internet. You see various countries demanding (or forcing) certain websites get blocked. But those solutions are truly only temporary. Because the overall internet is too important to block, and because some sites are necessary (like Github) there are always holes in the system. Add in a useful dose of encryption (yay!) and the ability to control everything that's read in one particular country becomes increasingly difficult. You might hope the response would be to give up attempts to censor, but China isn't likely to give up just like that. So, instead, it's basically trying to censor the global internet, by launching a high powered attack on the site that is the problem, while basically saying "get rid of these projects and we'll stop the attack."

It seems likely that this sort of escalation is only going to continue -- but in some ways it's actually a good sign. It shows that there are real cracks in China's attempts to censor the internet. We're basically realizing the limits of the Great Firewall of China, and useful services like Github have allowed a way to tunnel through. China is responding by trying to make life difficult for Github, but as long as Github and others can figure out ways to resist, censorship attempts like the Great Firewall will increasingly be useless.

In the early days of the internet, people talked about how it was resistant to censorship. Over the past decade or so, China has challenged that idea, showing that it could basically wall off large parts of the internet, and actually keep things semi-functional. Yes, there were always cracks in the wall, but for the most part, China showed that you could censor large parts of the internet. This latest move suggests that we may be moving back towards a world where the internet really is resistant to censorship -- and China is freaking out about it and responding by trying to increase the censorship globally. It's a battle that is going to be important to follow if you believe in supporting free expression online.

30 Comments | Leave a Comment..

Posted on Techdirt - 31 March 2015 @ 9:34am

Competition In The Music Space Is Great: Fragmentation In The Music Space Is Dangerous

from the don't-screw-this-up dept

As you may have heard, Jay-Z bought himself a music streaming service, called Tidal, which is now being relaunched with lots of high profile musicians onboard -- in fact as partial equity owners:

The plan was unveiled on Monday at a brief but highly choreographed news conference in Manhattan, where Jay Z stood alongside more than a dozen musicians identified as Tidal’s owners. They included Rihanna, Kanye West, Madonna, Nicki Minaj, Jack White, Alicia Keys, the country singer Jason Aldean, the French dance duo Daft Punk (in signature robot costumes), members of Arcade Fire, and Beyonce, Jay Z’s wife.
So, we have all of these artists, taking on Dr. Dre and Trent Reznor who were the keys to Beats Music, which Apple is getting set to relaunch. Jay-Z is positioning Tidal as more friendly to artists -- though that was also the marketing claim behind Beats, and then it failed to attract too many users, in large part because there was no free, ad-supported tier. Of course, it's one thing if you're one of those megastars listed above, who get some equity stake in Tidal, but what about every other musician? Is it really going to be that good of a deal for them? Jay-Z and crew insist they'll be paying better rates than competitors, but considering competitors still can't get anywhere near profitability, it seems reasonable to question if Tidal can actually make any money at all. It's one thing to say you're going to pay artists more. It's another to defy basic economics.

Tidal also has no free, ad-supported tier, but does have a more expensive $20 tier for higher quality sound, which may attract random audiophiles, but not much more than that. Indeed, the recording industry (and many artists) have been pushing back against the free tiers that already exist. Universal Music has been demanding Spotify cut back on its free tier. And Universal's CEO Lucian Grange has been using every opportunity to complain about "freemium" music plans. Now owned by Apple, Beats wanted to offer service cheaper than the standard $10/month and the record labels said no.

And, of course, now Jay-Z is bashing free music tiers as well:
“The challenge is to get everyone to respect music again, to recognize its value,” said Jay Z, whose real name is Shawn Carter. “Water is free. Music is $6 but no one wants to pay for music. You should drink free water from the tap — it’s a beautiful thing. And if you want to hear the most beautiful song, then support the artist.”
That's kind of nonsensical in a variety of ways. Every time we've heard people talking about getting people to "respect music again" or "recognize its value," the projects have failed (often miserably), because they're not at all focused on what music fans actually want. Rather they're focused on trying to change the behavior of music fans and that's really, really, really difficult -- especially when you're not really offering that much that's different.

But Jay-Z has a plan to get around that: exclusive deals.
Over the weekend, the Swedish blog Breakit reported — citing sources close to the deal — that Tidal’s plan of attack will be to ink first-window deals with the artists, where Tidal would get first releases of tracks from big-name artists ahead of any other digital streaming services. This would be exclusive, but only for a period: Spotify, Deezer and others would eventually also get these tracks, but only later.
At least they'll go up on other services later, but this seems like a dangerous path to go down. Again, rather than focusing on providing more value the focus seems to be on taking away value from other services: ending free streaming deals and doing exclusives to fragment the market and make it harder for fans to actually listen to what they want, when they want it and how they want it.

That's the wrong lesson to get at this stage of the game. We've gone through nearly two decades of the recording industry fighting the internet at every turn, and now that we're finally starting to see some services that actually cater to what people want, the old industry players are jumping in and trying to kill the golden goose yet again. Any time any service shows that it can attract a lot of users, the recording industry tries to figure out a way to bleed it dry as quickly as possible, rather than helping it grow and building out more value for users.

More competition in the online music space is a great thing. But the trend towards locking stuff up, and taking away the value to music fans, while similarly jacking up the prices, doesn't seem like a productive path. It seems like one that is just going to annoy fans and push them back towards unauthorized alternatives.

45 Comments | Leave a Comment..

Posted on Techdirt - 31 March 2015 @ 4:08am

Feds Investigating Silk Road Accused Of Stealing Bitcoin, Abusing Gov't Power, Issuing Fake Subpoenas

from the the-movie-plot-just-got-a-sequel dept

Many people have noted that the story of Ross Ulbricht, supposed darkmarket underlord of the original Silk Road marketplace, felt like a made-for-Hollywood movie script. It appears that script just got another real world sequel, as the government has charged two members of the federal investigative team with Bitcoin money laundering and wire fraud. It appears that the DEA's Carl Force and the Secret Service's Shaun Bridges became experts in Bitcoin, that they used the investigation as an opportunity to enrich themselves. While it probably won't have much of an impact on Ulbricht's eventual court results on appeal, it still is going to raise some more significant questions about some of the investigations (though, it appears that both Force and Bridges were part of the Maryland investigations team, which was separate from the NY one that was the first to bring Ulbricht down).

And, no, this wasn't just these guys stashing a few extra Bitcoins into personal accounts because of easy temptation. Force, in particular, seems to have gone out of his way to abuse his position in multiple ways. Force -- while still employed by the DEA -- apparently acted as the "Chief Compliance Officer" of the fairly well known Bitcoin exchange site Coinmkt, and used his position and power to abuse the system and steal money from customers. Here's from the criminal complaint:

Force used his official position as a DEA agent to illegally run criminal history checks on individuals for the benefit of a third-party digital currency exchange company, CoinMKT, in which Force had personally invested approximately $110,000 worth of bitcoin.

Force functioned as the de facto Chief Compliance Officer for CoinMKT all the while employed as a DEA agent, even allowing himself to be featured in CoinMKT's "pitch decks" to venture capital investors and allowing himself to be listed as CoinMKT's anti-money laundering and/or compliance officer in order to benefit CoinMKT (a company in which Force had invested).

Force improperly directed CoinMKT to freeze one of its individual customer's accounts containing a large amount of digital currency, worth approximately $297,000, even though he lacked a sufficient legal basis on which to do so, and Force then illegally seized those funds and transferred them into his personal account.

Force used his supervisor's signature stamp, without authorization, on an official U.S. Department of Justice subpoena and sent the subpoena to a payments company, Venmo, directing the company to unfreeze his own personal account, which had been previously frozen due to certain suspicious activity. Force then sought to conceal evidence of his improper use of an official subpoena by directing the company not to contact the DEA and attempting to destroy copies of the subpoena. When the company did not comply, Force asked another agent on the Baltimore Silk Road Task Force, an IRS agent, to collaborate with him on seizing that company's bank accounts.
This is someone abusing all sorts of power to steal a ton of money and then continuing to abuse that power to try to cover it all up. The full details of the affidavit throw up all sorts of red flags. Force communicated directly with Ulbricht using PGP encrypted emails, but didn't tell anyone else on the Silk Road task force about it -- nor share with anyone his PGP key and record what the emails said. That's what he would have done if the communications were for the investigation, not for his own personal gain:
I have conferred with other law enforcement agents who conduct online undercover operations and believe the failure to preserve the private PGP keys while simultaneously directing a target to use PGP to encrypt messages makes little sense in the context of a law enforcement investigation, particularly taking into account that this task force involved multiple law enforcement officers, all of whom might require access to the evidence Force gathered in his dealings with DPR. In the event Force were to lose the PGP private keys, or that something were to happen to Force, any evidence contained in the encrypted PGP format would effectively be lost and unusable without the private keys. Force's apparent failure to document the private PGP keys for his communications with DPR anywhere in his case file, or to provide them to others at the DEA or to the prosecutor, leads me to believe he did not want anyone other than himself (Force) to be able to decrypt certain of those communications, and that, as a result, he sought to deliberately undermine the integrity of the ongoing Baltimore Silk Road Task Force investigation.
From there, the affidavit details how Force stole Bitcoin, convincing Ulbricht to pay him for information, and then pretending that Ulbricht did not actually pay. The report also details evidence strongly suggesting that Force revealed to Ulbricht (in exchange for $100,000) that Mt. Gox's Mark Karpeles gave up his name to DHS officials. Amazingly, the first note sent in that thread involves the person signing off as "Carl" and then later pretending to be named "Carla Sophia" (nice one, Carl).

Now, remember all the hubbub in the Baltimore indictment of Ulbricht about how he had communicated with an undercover agent to murder an employee who Ulbricht believed had stolen some money? Some people noticed that all the details of that hit seemed to disappear from the actual trial of Ulbricht. Perhaps it's because the details of this complaint reveal that it was actually the Federal agents who stole the money in the first place -- and then got Ulbricht to give $100,000 to "kill" the employee... who the federal agents had already arrested (which is how they stole the money in the first place!). The twists and turns here are amazing. The employee goes by the initials C.G., and he was grabbed by the Maryland task force (where these two guys served), and gave up his login to his Silk Road identity, known as "Flush." Soon after that it appears that Flush robbed Silk Road, but it was actually people from the task force. From there we pick up the complaint:
January 25, 2013, C.G. debriefed with FORCE, BRIDGES, and other members of the Baltimore Silk Road Task Force. According to report of the interview, C.G. showed them how to log into Silk Road vendor accounts and reset passwords, how to change the status of a seller to a vendor, how to reset pins, and information about how the Silk Road administrative functions worked. BRIDGES' text messages indicate that he left the proffer session after one day, and a Silk Road Task Force member stated that BRIDGES told him that he left the latter part of the January 25, 2013, proffer.

On January 25, 2013, during the afternoon and into the night, the Silk Road website suffered a series of sizeable thefts. These thefts affected certain Silk Road vendors and overlapped with the time of the C.G. proffer session. The thefts were accomplished through a series of vendor password and pin resets, something that could be accomplished with the administrator access that C.G. had given to the Baltimore Silk Road Task Force.

On January 26, 2013, the proffer of C.G. continued. BRIDGES left early and did not participate on this day. At some point during that day, DPR communicated to Nob (FORCE) that Silk Road had suffered thefts and that those thefts were associated with C.G.'s account. Law enforcement questioned C.G. about this, and C.G. denied that he had committed the thefts. According to chats I have reviewed from the Silk Road servers and from Ulbricht's laptop (as well as communications between DPR and one of his employees at the time of the January 25, 2013 thefts) it appears that DPR and the employee believed C.G. was responsible for the thefts, because they managed to associate account, "Flush," with the theft. As a result of belief that C.G. was responsible for the thefts, DPR communicated with Nob (FORCE) -- whom he believed to be a major drug dealer with the ability to procure hit men and hired Nob to have his associates kill C.G. DPR also communicated with another individual and commissioned a hit on C.G. For the hit that Nob's associates were to perform, DPR paid Nob a total of approximately $80,000 through a bank wire transfer for the murder. FORCE and CG, together with assistance from others on the Baltimore Silk Road Task Force, then faked death to make it look as if Nob's associates had killed C.G. BRIDGES was to assist with perpetrating this supposed murder-for-hire by working on "proof of death" photographs of C.G. that Nob (FORCE) was to send to DPR.
Got that? It's a bit confusing, but really crazy. The feds collared this guy, C.G., who gave them his administrative login. From there, it appears that someone on the task force, likely Bridges, proceeded to slip out of the room and go rob Silk Road. In response to this, Ulbricht reasonably flipped out, blaming C.G., and just happened to reach out to another guy on the same task force, Carl Force, to help him kill C.G. So then Force, Bridges and C.G. staged the fake hit on C.G. while it was (allegedly, according to this complaint) Bridges who had swiped the Bitcoin. Holy crap.

Bridges appears to have also been fairly naive about this whole thing. Days after allegedly swiping all that Bitcoin from Ulbricht, Bridges asked Force to ask Ulbricht how to best exchange Bitcoin for cash. Because that's not suspicious at all. Soon after that, the complaint claims, Bridges set up a new company called Quantum International Investments LLC. A few months later, Quantum got $820,000 from a Mt. Gox account. Apparently, right after transferring that money out of Mt. Gox and into his personal Fidelity account, Bridges was a key player in the affidavit to seize Mt. Gox's bank accounts. What a shock that he got his money out "just in time."
The final wire from Mt. Gox to Quantum account was on May 7, 2013. Just two days later, BRIDGES served as the affiant on a seizure warrant for $2.1 million in Mt. Gox accounts. I know from my training and experience as a law enforcement officer that the process of putting together an affidavit in support of a warrant is time consuming and often takes several days, if not longer, to prepare. In serving as an affiant for Mt. Gox bank accounts a mere two days after he had personally received a wire from Mt. Gox (the latest in a series of wires), BRIDGES had a conflict of interest.
A conflict of interest? You don't say...

Even more ridiculous, after the FBI interviewed him over all of this, he apparently ran to his computer to transfer $250,000 out to another account, because that wouldn't look suspicious at all. Bridges also reached out directly to Coinbase, the very popular online Bitcoin site, who he was talking to for another investigation, and apparently quizzed them about whether or not the money from Mt. Gox could be traced. As the affidavit notes: "Coinbase found this odd, given that the stated purpose of BRIDGES' calls concerned an unrelated investigation." Oh and just a couple weeks ago, after being told he was being suspended and to leave his government laptops in the "evidence vault," Bridges decided to try something else:
On March 18, 2015, BRIDGES resigned after being told he was being suspended. USSS personnel advised BRIDGES to leave behind his two government-issued computers in the evidence vault. Although he properly tendered one computer where directed, he placed a second Apple brand laptop computer in a cabinet directly above an area that Baltimore personnel use as a "wipe" station. I do not believe BRIDGES would have any reason to store the laptop in this area, other than for it to be in close proximity to computers to be wiped, as personnel has advised this is not a storage area for laptops. Moreover, after BRIDGES was advised of his suspension, he asked his supervisor if he could access his Dell laptop computer to copy electronic receipts of personal items he had purchased from internet merchants. However, instead of copying receipts, BRIDGES began copying a folder entitled "Bitstamp." Upon noticing what BRIDGES was copying, his supervisor secured the laptop and did not allow BRIDGES further access.
I'm sure there are more details yet to come (and, as always, you're only hearing one side from a federal indictment, that may leave out some pertinent details). However, this does raise a lot of questions about who the Feds use in investigating cases that involve Bitcoin and how they find trustworthy participants.

Read More | 17 Comments | Leave a Comment..

Posted on Techdirt - 30 March 2015 @ 12:35pm

Maybe The Best Way To Stop All This Swatting Is To Have Fewer SWAT Teams?

from the just-a-suggestion dept

As you may have heard, last week, a 13-year-old boy admitted to calling in three separate swattings. This came about a month and a half after another person accused of a swatting incident was arrested in Las Vegas. Swatting -- the act of calling in a bogus "hostage situation" (or something similar) to a 911 line -- has been around for a while, but has really taken off recently, especially in connection to online gamers who live stream their games. Some gamers seem to think that it's somehow a fun thing to see a SWAT team raid someone via a livestream video. The excellent podcast "Reply All" recently had a really great episode all about swatting.

For years, there have been different questions raised about how to stop such things. Educating police about the practice of swatting is a big one -- so that, at the very least, they have some basic realization that not every such call is a real situation. But, of course, people are always looking for a "complete" solution to the problem, not recognizing that sometimes there are no perfect solutions. Swatting is a monumentally stupid practice. It puts completely innocent people (often including small children) in very serious danger of being killed. And it's happening enough that rather than being some totally rare occurrence there are semi-regular news stories on it happening. It has all the ingredients of a moral panic, in which people will freak out and demand that "something must be done" and that "something" will likely be some sort of regulation that will have all sorts of unintended consequences.

But there does seem to be one solution that isn't even on the table: maybe have fewer SWAT teams and stop arming police like they're in a war zone.

Radley Balko has been talking about this stuff for ages, including in his excellent book, Rise of the Warrior Cop. But this idea that arming police ever more heavily as a way to deter or prevent crime doesn't have much support at all. There are very rare instances where the level of militarization of police would ever be necessary (if ever). Yet, when police have such equipment, they inevitably use it whenever an opportunity presents itself.

And now, all too often, that "opportunity" is when some teenager makes a prank phone call for laughs, and succeeds in putting real lives in danger. So rather than trying to pass stringent new laws that won't do a damn thing in stopping teenagers from being teenagers, how about we take a step back and perhaps pull back on the idea that we need to arm police to this level in the first place?

62 Comments | Leave a Comment..

Posted on Techdirt - 30 March 2015 @ 11:25am

How The TPP Agreement Could Be Used To Undermine Free Speech And Fair Use In The US

from the dangerous-stuff dept

We've been writing a lot about the Trans Pacific Partnership (TPP) agreement over the past few years. There are many, many problems with it, but the two key ones are the intellectual property chapter and the investment chapter. Unlike some who are protesting TPP, we actually think that free trade is generally a good thing and important for the economy -- but neither the intellectual property section nor the investment chapter are really about free trade. In many ways, they're about the opposite: trying to put in place protectionist/mercantilist policies that benefit the interests of a few large legacy industries over the public and actual competition and trade. We've already discussed many of the problems of the intellectual property chapter -- which is still being fought over -- including that it would block the US from reforming copyright to lower copyright term lengths (as even the head of the Copyright Office, Maria Pallante has argued for).

And, last week, Wikileaks leaked the investment chapter, which is focused on corporate sovereignty provisions, officially known as "investor state dispute settlement" or "ISDS" (named as such, in part, because the negotiators know it sounds boring, so they hope the public won't pay attention). As people go through the details and the fine print, they're finding some serious problems with it. Sean Flynn has a very in-depth look at how the combination of these two chapters -- the IP chapter and the investment chapter -- could very likely threaten fair use (and, with it, undermine the First Amendment).

The full details as to how are a bit tricky to understand, because it involves digging through the leaked versions of both chapters, and understanding some of the subtle language choices, but it's a serious concern. Flynn's article also goes through the history of how such corporate sovereignty provisions have been expanded and increasingly used over the past decade or so. But the key part is this: the investment chapter certainly can (and will) be read to cover intellectual property as well, including the idea that a company can invoke the ISDS process if it feels its "intellectual property" has been "expropriated" in some manner. The word "investment" in the investment chapter is defined incredibly broadly and explicitly includes "intellectual property" as well as "other tangible or intangible, movable or immovable property." It also, importantly, notes that an investment, for the purpose of ISDS, covers:

every asset that an investor owns or controls, directly or indirectly, that has the characteristics of an investment, including such characteristics as the commitment of capital or other resources, the expectation of gain or profit, or the assumption of risk.
Now, it's no secret that the legacy entertainment industry is no fan of fair use (even if they often rely on it themselves). While fair use is officially part of the law in the US, the entertainment industry just recently fought very hard to block it in the UK and Australia, arguing (ridiculously) that fair use would harm innovation.

Even where there are very strong arguments for fair use -- such as in helping the blind access works -- the entertainment industry has twisted the so-called "three step" test from the Berne Agreement to argue that that is the most that is allowed for fair use. The three step test is actually really about limiting fair use, rather than enabling it. It is in the Berne agreement (as a relatively recent addition) as one possible "exception" to copyright, but not the only one. However, the haters of fair use like to pretend that it is the only one allowed under that agreement.

Under the three step test, "exceptions" to copyright occur when there are:
limitations and exceptions to exclusive rights to (Step 1) certain special cases (Step 2) which do not conflict with a normal exploitation of the work and (Step 3) do not unreasonably prejudice the legitimate interests of the rights holder
And, of course, in the US, fair use goes way beyond that already. And, as Flynn points out, it appears from the leaked text of TPP, the US would now be opening itself up to an ISDS challenge from a foreign owned company (remember: Universal Music is owned by a French company, Sony Music is owned by a Japanese company and Warner Music is owned by Russians...) that the fair use doctrine itself "expropriates" its "intellectual property" rights by going beyond the three steps test. Here's Flynn:
And here is a major one lurking in the shadows. Many copyright intensive industries are hostile to the U.S. fair use doctrine and many of the decisions of courts emanating from it. There have been arguments raised from time to time that the doctrine or its applications are contrary to the so-called Berne 3-step test requiring that limitations and exceptions to rights be limited to certain special cases, not conflict with a normal exploitation of the work and not unreasonably prejudice the legitimate interests of the author (see this rebuttal from Gervais et al.). No other country has attempted to sue the U.S. or the nearly dozen other countries around the world that have fair use. But will the content industry be so reticent with such challenges in the future? With the TPP ISDS chapter, they will not have to in 40% of the global economy.
And this isn't so far fetched. As we've been discussing, under existing ISDS/corporate sovereignty provisions in NAFTA, Eli Lilly is currently suing Canada for $500 million because Canada refused to grant it some patents. Eli Lilly is arguing that this "expropriated" Eli Lilly's "intellectual property" and took away its "expected profits."

Is it that difficult to believe that a recording studio or movie studio might make a similar argument on a fair use determination on one of its copyright-covered works?

And, if fair use is undermined, so is free speech. As we've noted, the Supreme Court itself has long argued that current fair use doctrine is a necessary "safety valve" in making sure that copyright does not violate the First Amendment. In other words, fair use is a key part of your First Amendment rights.

And yet... the USTR is basically putting in place a plan and system to undermine this, because the big copyright players are among the very few people who are allowed to see the negotiating text and to "advise" the USTR on what should be in it. Once again, it would seem like the most obvious way to deal with this would be for the USTR to release the negotiating documents, so that the public would be aware of what's being negotiated, and could discuss the possible consequences -- like how the current rules have the potential to undermine fair use and free speech. But, for reasons that the USTR still will not explain (perhaps because they reveal the USTR's true reasoning for such provisions), it refuses to do so.

17 Comments | Leave a Comment..

Posted on Techdirt - 30 March 2015 @ 10:25am

Ridiculous Ruling In Ireland Requires ISP To Kick Those Accused (Not Convicted) Of File Sharing Off The Internet

from the because-piracy! dept

There just seems to be something about the way that some people's brains function (or not) when the word "piracy" is introduced. Over in Ireland, there's been an incredibly long running battle over whether or not internet access providers need to kick people off the internet if they've been accused (not convicted) of file sharing three times. Such "three strikes" rules have been put in place in a few countries, and the evidence shows that they don't work at all. Not even in the slightest. They don't slow down the rates of piracy for any extended period of time (sometimes they show a very brief drop before people figure out other ways). They certainly don't lead more people to buy content. France, famously, led the way with the very first three strikes law, which the country has already dropped.

Over in Ireland, the fight over three strikes has been going on for nearly a decade. Back in 2008, the recording industry sued Eircom, the large Irish ISP, claiming that the company was required by law to implement a three strikes regime. Eventually, in an effort to avoid legal costs, Eircom caved and agreed to implement a three strikes plan, but with a condition: the recording industry also had to pressure competing ISPs to implement a similar plan so that Eircom customers didn't go fleeing. The recording industry did just that. The ISPs pushed back and seemed to be vindicated when the Irish Data Protection Commission ruled that a three strikes plan violated consumer privacy, and Irish judges found no legal basis for such rules.

Of course, the recording industry fought back, and a court flat out rejected the Data Protection Commission's findings, and insisted there wasn't any privacy issue at all with three strikes.

And, thus, we get back to the lawsuits against ISPs with a judge now ruling against ISP UPC and making some rather astounding statements in the process. The judge, Brian Cregan, appears to have become a true believer in the myths that the recording industry is spreading, and to him "piracy" seems to justify any and all punishment, without any clear concern as to whether or not anyone's actually broken the law, or whether or not three strikes plans even work. These quotes are fairly astounding:

Mr Justice Cregan said that there was "wholesale theft" taking place on the UPC network. He said that the constitutional rights of "a whole class of persons are not just being infringed but are being destroyed". The downloading of music for free is destroying the intellectual property rights of creative artists and should be a matter of great concern in any civilised society, he said.
Except, that's not true. Copyright infringement and "theft" are two separate (and very different) things. And, no constitutional rights are "being destroyed" at all. If someone's rights are being harmed via copyright infringement, those individuals or companies have every right to bring legal cases against those who are the ones actually engaging in infringement. Arguing that ISPs should automatically cut people off of the entire internet based merely on accusations (that have a long history of not being accurate) would seem to be "destroying" the due process rights of many more people than any copyright infringement. Besides, I would also think that "a matter of great concern to any civilized society" would be things like "due process" and better enabling communications and access to information for all -- like the internet does. But, no. If you happen to download a song you like without paying for it, apparently you should be barred from the internet.
"The current generation of writers, performers and interpreters of music cannot have their livelihoods destroyed by advances in technology which allow persons to breach their constitutional rights with impunity.”
Two points on this. Any realistic look at "the current generation of writers, performers and interpreters of music" would recognize that it is an amazing time to be a creative person because of the internet. Thanks to the internet, artists no longer are solely reliant on giant gatekeepers to pick them out of everyone else. Instead, they can use these platforms to create, to connect with fans, to promote, to distribute and to monetize their works. More words are being written, more videos are being filmed and more music is being recorded today than any time in history. It's difficult to see how one can possibly square that reality with this fantasy world of Judge Cregan's in which he believes that writers, performers and musicians are in trouble.

The reality is that it's merely the business models of the old gatekeepers that have been challenged. But that is the nature of the free market. If you cannot keep up with the changing times, you go out of business. But Cregan has apparently decided that the world should always look like it did briefly in the 1980s, and the internet upsets all of that, so clearly, it's the internet that should go.

Not only did Judge Cregan decide that UPC needs to put in place a three strikes plan, but that it should have to cover most of the costs itself, apparently blaming the technology itself for the struggles of the legacy recording industry:
Mr Justice Cregan said the cost of setting up this system had been put at between €800,000 and €940,000, three-quarters of which UPC had argued should be paid for by the music companies.

The judge said however given the music companies' constitutional rights "are being destroyed" by UPC's customers, he believed UPC should pay 80 per cent and the music companies the rest.
Cregan is apparently so sure of himself on this issue -- despite what appears to be an astounding confusion over what's actually happening in the world, that he further rejected UPC's argument that this is a matter for the legislature, not the courts. Instead, Cregan seems to believe that the courts can magically will into place a new regulation kicking people off the internet. He further rejected requests to refer this matter to the European Court of Justice, insisting that his interpretation of the law is plenty.

It is one thing to argue that a three strikes rule makes sense (despite all of the real world evidence to the contrary). But it is quite bizarre to then justify it based on additional claims about the state of creators today that are simply false. Is this how the Irish judicial system really works? Based on fairy tales and what the judge believes, rather than facts?

59 Comments | Leave a Comment..

Posted on Techdirt - 30 March 2015 @ 7:58am

Judge Suggests Attorney General Jim Hood Is Unconstitutionally Threatening Google 'In Bad Faith'

from the ya-think? dept

About a month ago, we noted that a federal court had granted a temporary injunction blocking a subpoena issued by Mississippi Attorney General Jim Hood, demanding all sorts of information from Google. At the time, the judge only said that Google's argument was "stronger" than Hood's, but said a full ruling would come out in time. That full ruling [pdf] is now out, and boy, does it make Jim Hood's anti-Google vendetta look questionable -- specifically saying that there is "significant evidence of bad faith" on the part of Hood to try to use his government position to unconstitutionally coerce Google into making changes to its service that it has no legal obligation to make.

If you don't recall, Hood has a long-standing obsession with Google, despite having an astounding level of ignorance about how the search engine actually operates. In his anti-Google rants, Hood makes statements that are blatantly false and repeatedly argues that Google is to blame merely because its search engine finds websites that Hood's office doesn't like and doesn't think should exist at all. And that doesn't even touch on the now known fact that the MPAA secretly funded Hood's investigation and wrote nearly every word of the threatening letters sent to Google.

While Hood and various MPAA supporters have insisted that he's clearly in the right, at least federal judge Henry Wingate doesn't see much to support that. Hood tried desperately to keep this issue out of federal court, using a variety of claims, including the so-called "Younger Abstention" which argues that federal courts should stay out of certain issues. However, as Wingate notes, that only applies in three specific cases, none of which apply to Hood's campaign against Google -- and, even if any of them did apply, there's a further exception for "bad faith" -- and Wingate is pretty convinced that Hood is acting in bad faith:

Moreover, even if the Younger elements were satisfied here, the court would not be required to abstain here because an exception to the application of the doctrine applies. Indeed, federal courts may disregard the Younger doctrine when a state court proceeding was brought in bad faith or with the purpose of harassing the federal plaintiff... Google has presented significant evidence of bad faith, allegedly showing that Attorney General Hood’s investigation and issuance of the subpoena represented an effort to coerce Google to comply with his requests regarding content removal. As previously discussed, the Attorney General made statements, on multiple occasions, which purport to show his intent to take legal action against Google for Google’s perceived violations. When Google declined to fulfill certain requests, the Attorney General issued a 79-page subpoena shortly thereafter. The court is persuaded that this conduct may evidence bad faith on the part of the Attorney General.
The court also notes that Hood clearly recognizes that many of his attacks on Google are blocked by Section 230 of the CDA (which, again, say you can't blame a service provider for actions of its users), because Hood himself signed a letter to Congress asking for Section 230 to be amended to exempt investigations by state attorneys general (we wrote about that dangerous effort at the time as well).

From there, Judge Wingate notes that it seems clear that Hood is likely violating Google's First Amendment rights too, even noting that the subpoena itself appears to be retaliation for protected free expression:
Furthermore, the court also is persuaded that Google has demonstrated a substantial likelihood that it will prevail on its claim that Attorney General Hood has violated Google’s First Amendment rights by: regulating Google’s speech based on its content; by retaliating against Google for its protected speech (i.e., issuing the subpoena); and by seeking to place unconstitutional limits on the public’s access to information. First, the relevant, developing jurisprudence teaches that Google’s publishing of lawful content and editorial judgment as to its search results is constitutionally protected.... The Attorney General’s interference with Google’s judgment, particularly in the form of threats of legal action and an unduly burdensome subpoena, then, would likely produce a chilling effect on Google’s protected speech, thereby violating Google’s First Amendment rights.

Additionally, it is well-settled that the Attorney General may not retaliate against Google for exercising its right to freedom of speech by prosecuting, threatening prosecution, and conducting bad-faith investigations against Google.... As explained supra, Google has submitted competent evidence showing that the Attorney General issued the subpoena in retaliation for Google’s likely protected speech, namely its publication of content created by third-parties. Given the gravity of the rights asserted herein, the court finds it appropriate to enjoin further action on behalf of the Attorney General until a determination on the merits of Google’s claims is made.
Judge Wingate also sides with Google on the 4th Amendment, noting that the broad subpoena appears to be a "burdensome fishing expedition" that goes well beyond what the Attorney General is allowed to request.

Google also wins on the key issue that the MPAA was using Hood to press: how it handles searches for copyright-covered material. As Google points out, copyright is a federal law issue, not a state law issue, so the requests regarding copyright are preempted by federal law. Hood (and, apparently, his MPAA-paid lawyers who helped draw up the subpoena) tried, weakly, to get around this preemption by arguing that by finding unauthorized material, Google was "misleading customers." That doesn't fly:
The Attorney General admits that certain requests contained in the subpoena “could arguably be used to show copyright infringement” (AG Response, p. 30), but argues that the same information could also be used to expose Google’s various practices of misleading customers. The court is not persuaded that the Attorney General’s posited theoretical basis for making these requests is sufficient for the purpose of rebutting Google’s preemption allegation.
Basically, the judge clearly recognizes Hood's effort for what it was: a broad fishing expedition that was partly "retaliation" against Google for daring to stand up for its right to run an online search engine. The case is far from over, but Hood (and his MPAA-assisted team) are going to have to move on to some other plan of attack. Maybe (just maybe), they can focus on (1) going after actual criminals, rather than made up ones and (2) telling the MPAA to learn how to innovate, rather than blame Google for its own failures.

Read More | 34 Comments | Leave a Comment..

Posted on Techdirt - 27 March 2015 @ 11:35am

Congressional Rep. John Carter Discovers Encryption; Worries It May One Day Be Used On Computers To Protect Your Data

from the i-don't-know-anything-about-this-stuff dept

Here's a suggestion: if you're a Congressional Representative whose job it is to regulate all sorts of important things, and you state in a hearing "I don't know anything about this stuff" before spouting off on your crazy opinions about how something must be done... maybe, just maybe educate yourself before confirming to the world that you're ignorant of the very thing you're regulating. We famously saw this during the SOPA debate, where Representatives seemed proud of their own ignorance. As we noted at the time, it's simply not okay for Congress to be proud of their own ignorance of technology, especially when they're in charge of regulating it. But things have not changed all that much apparently.

We already wrote about FBI Director James Comey's bizarre Congressional hearing earlier this week, in which he warned those in attendance about the horrible world that faced us when the FBI couldn't spy on absolutely everything. But the folks holding the hearing were suckers for this, and none more so than Rep. John Carter. The ACLU's Chris Soghoian alerts us to the following clip of Carter at that hearing, which he says "is going to be the new 'The Internet is a Series of Tubes'" video. I would embed the video, but for reasons that are beyond me, C-SPAN doesn't use HTTPS so an embed wouldn't work here (randomly: Soghoian should offer CSPAN a bottle of whiskey to fix that...).

Here's the basic transcript though:

Rep. John Carter: I'm chairman of Homeland Security Appropriations. I serve on Defense and Defense subcommittees. We have all the national defense issues with cyber. And now, sir, on this wonderful committee. So cyber is just pounding me from every direction. And every time I hear something, or something just pops in my head -- because I don't know anything about this stuff. If they can do that to a cell phone why can't they do that to every computer in the country, and nobody can get into it? If that's the case, then that's the solution to the invaders from around the world who are trying to get in here. [Smug grin]

FBI Director Comey: [Chuckle and gives smug, knowing grin]

Carter: Then if that gets to be the wall, the stone wall, and even the law can't penetrate it, then aren't we creating an instrument [that] is the perfect tool for lawlessness. This is a very interesting conundrum that's developing in the law. If they, at their own will at Microsoft can put something in a computer -- or at Apple -- can put something in that computer [points on a smartphone], which it is, to where nobody but that owner can open it, then why can't they put it in the big giant super computers, that nobody but that owner can open it. And everything gets locked away secretly. And that sounds like a solution to this great cyber attack problem, but in turn it allows those who would do us harm [chuckles] to have a tool to do a great deal of harm where law enforcement can't reach them. This is a problem that's gotta be solved.
Holy crap! Rep. John Carter just learned about encryption! And he thinks it's only on mobile phones but (ooooh, scary) might one day be used on "big super computers" to keep stuff safe. But he doesn't realize that it's been widely used for many, many, many years to keep his very own data safe and many of ours as well.

The conversation continues with Carter again demonstrating confusion over some rather basic concepts:
Carter: If you're following the Bill of Rights, you have every right to be able to go before a judge, present your probable cause, and if he sees it, that's a right, get a warrant and get into that machine. And I don't think there's a right of privacy issue in the world that prevents you following the law.
Uh, right. There isn't a right of privacy issue that prevents the FBI from going and getting a warrant, but the larger argument is whether or not individuals can protect other things privately -- and they've always been able to do so. If you and I have a conversation just between the two of us, there is no way for the government to then find out what that conversation was about. Because there's no way to "decrypt" a verbal conversation that is now stored entirely in our minds. That's been true forever. Yet we don't see Rep. Carter or Director Comey demanding recording devices to record every conversation. But, to Carter, the fact that you might be able to do the same thing with your email, is a "monster."
Carter: So if that's what they've created, they've created a monster, that will harm law enforcement, national security and everything else in this country. And this really needs to be addressed. And I wasn't even going to talk about that, but that upsets the heck out of me. 'Cause, you know, I don't think that's right.
Yeah, Rep. Carter, you're kind of decades too late. And you're totally wrong, too. It didn't create a monster. It didn't harm "everything else in this country." It protected millions of law abiding people -- including Carter by keeping their data safe. That's the whole point of encryption. Saying that "it needs to be addressed" is ridiculous. However, it does make it clear that Rep. Carter was being honest at the beginning when he admitted "didn't know anything about this stuff." Perhaps he should have stopped there.

At the end there's this bizarre dialogue about how law enforcement and judges handle information in a locked safe, but it seems like Carter still doesn't understand the question, finally saying that it's "bad policy" to have a safe that can't be opened by the manufacturer and "a crisis." So is Rep. Carter arguing that all safe's need to have backdoors that the manufacturers can open?

Doesn't Rep. Carter have staffers who can point out to him that computer encryption has been around for decades, and it's what keeps all sorts of stuff safe, including his banking details, his credit card purchases, the confidential memos he receives in Congress and much, much more? And yet, he's suddenly discovered encryption and he's decided it's bad because it might, someday, end up on computers?

And he's in charge of these issues? Yikes!

85 Comments | Leave a Comment..

Posted on Techdirt - 27 March 2015 @ 10:36am

How The US Government Legally Stole Millions From Kim Dotcom

from the the-fun-of-asset-forfeiture dept

About a month ago we covered the basics of the lawsuit by which the US government was seeking to keep pretty much all of Kim Dotcom's assets, despite the fact that Dotcom himself hasn't been tried -- and, in fact, it hasn't even been determined if he can be extradited to the United States (a country he's never visited). This week, that case took another step, with the judge, Liam O'Grady, who had already ruled that Kim Dotcom could be considered a "fugitive," more or less finalizing the theft of Dotcom's assets by declaring a default judgment in favor of the US. This isn't the end of the process (not by a longshot), but it highlights just how the US government can use some ridiculous procedures to steal millions in assets from someone who hasn't been shown to be guilty of anything.

As we discussed last time, the story of the raid on Kim Dotcom's rented home in New Zealand, the seizure of all of his cars, money, bank accounts, computers, servers, etc. is well known. That was part of a case for which Kim Dotcom was indicted (under what appears to be questionable legal reasoning -- but that's a separate issue). As has been widely reported, that case is still on hold while Dotcom fights extradition from New Zealand. The extradition fight will finally go to a New Zealand court later this summer. Once that's done, if Dotcom loses, he'll be sent to the US, where he'll face a criminal trial based on the indictment.

But this is actually separate from all of that. You see, when the US government grabbed or froze all of Dotcom's assets, they did so using an asset seizure procedure. Asset seizure is allowed in such cases, but the government then has to give that property back. What the government really wanted to do is keep all of Dotcom's tens of millions of dollars worth of assets -- and in order to do that it has to go through a separate process, known as civil asset forfeiture. It's technically a civil (not criminal) case, but (and here's the part that people find most confusing), it's not actually filed against Kim Dotcom at all, but rather against his stuff that the government already seized. Yes, it's technically an entirely separate lawsuit, that was only filed last summer (two and a half years after the government seized all of his stuff and shut down his company), entitled United States Of America v. All Assets Listed In Attachment A, And All Interest, Benefits, And Assets Traceable Thereto. And, as we noted last time, Attachment A is basically all of Kim Dotcom's stuff.

This whole process is known as an "in rem" proceeding -- meaning a lawsuit "against a thing" rather than against a person. And the "case" basically says all this stuff should be "forfeited" to the US government because it's the proceeds of some criminal activity. You would think that in order for such civil asset forfeiture to go forward, you'd then have to show something like a criminal conviction proving that the assets in question were, in fact, tied to criminal activity. You'd be wrong -- as is clear from what happened in this very case. Once the Justice Department effectively filed a lawsuit against "all of Kim Dotcom's money and stuff," Dotcom did what you're supposed to do in that situation and filed a challenge to such a ridiculous situation. And here the DOJ used the fact that Dotcom was fighting extradition to argue that he was a "fugitive." Judge O'Grady agreed with that last month, and that resulted in the decision earlier this week to then declare a "default judgment" in favor of the DOJ, and giving the US government all of Kim Dotcom's stuff.

A "default judgment?" As you know if you regularly read Techdirt, that's usually what happens when a defendant simply ignores a court case filed against him. As the court notes in this ruling, for that to happen in a civil asset forfeiture case, it means no one tried to block the claim:

Federal Rule of Civil Procedure 55 permits the court to grant a motion for default judgment when the well-pled allegations of the complaint establish plaintiff's entitlement to relief, and where a defendant has failed to plead or defend as provided by the rules.... In the civil forfeiture context, default judgment is permitted where no potential claimant has filed a response to the complaint...

A defendant in default, and a claimant who fails to assert a claim in rem, is deemed to have admitted all of the plaintiff's well-pled allegations of fact, which then form the basis for the judgment in the plaintiff's favor.
But, wait, you say: Kim Dotcom did file a complaint about the asset forfeiture, so how could a default judgment happen here? That's where the whole "fugitive" bit comes in. Because Dotcom won't come to the US, he's been deemed a fugitive, and thus the Judge simply hands over all of his stuff to the US government. And thus, without any sort of criminal conviction at all, the US gets to steal millions of dollars from Dotcom.

If that sounds insane, you're absolutely right. And, again, it is entirely possible that when all of this is over, Kim Dotcom will be found guilty of "criminal conspiracy." If that's the case, then at that point it's reasonable to discuss whether the government should get to keep all of his stuff. But it seems an absolute travesty of concepts like due process for the government to be able to take all of his money and stuff based on purely procedural reasons having to do with a separate criminal case that hasn't even been tried yet.

The process isn't over yet. Dotcom can still appeal this ruling, though the real problem is with the civil asset forfeiture process, rather than how it was applied in this particular case. Dotcom also has other options for the assets that are in New Zealand and Hong Kong, in using the local courts in those places to try to block the transfer of those assets to the US government. Not knowing enough about the law in either place, it's difficult to say what the chances of success of such a strategy would be. Either way, this seems like a classic case demonstrating how the civil asset forfeiture process appears to be little more than legalized theft by the US government.

Read More | 144 Comments | Leave a Comment..

Posted on Techdirt - 27 March 2015 @ 1:09am

Good News: Internet Ad Industry Realizes It Needs To Embrace HTTPS

from the about-time... dept

About a year ago, when we switched to default HTTPS, we pointed out that one of the major reasons why other news sites refused to do the same was that most ad networks would not support HTTPS. In fact, we had to end a number of relationships with ad partners in order to make the move (but we felt it was worth it). In fact, the really crazy part was that many of the ad network partners we spoke to clearly had absolutely no clue about HTTPS, what it was and why it's important. But, over the past year, more and more attention has been placed on the value and importance of encrypting web traffic, so it's great to see that the internet ad industry is starting to wake up to this, even if it's pretty late in the process.

The Internet Advertising Bureau -- the IAB -- the main standards-setting board for the internet ad industry has released a statement saying that it's time for the internet advertising world to embrace HTTPS:

It’s time to talk about security.

In fact, last year was the time to talk about security. From The New York Times to Google, the call went out for websites to encrypt communications with their users, protecting the integrity and privacy of information exchanged in both directions. Even the U.S. government heard this call, and is working to require HTTPS delivery of all publicly accessible Federal websites and web services.

This year, the advertising industry needs to finish catching up. Many ad systems are already supporting HTTPS - a survey of our membership late last year showed nearly 80% of member ad delivery systems supported HTTPS. That’s a good start, but doesn’t reflect the interconnectedness of the industry. A publisher moving to HTTPS delivery needs every tag on page, whether included directly or indirectly, to support HTTPS. That means that in addition to their ad server, the agency ad server, beacons from any data partners, scripts from verification and brand safety tools, and any other system required by the supply chain also needs to support HTTPS.

Let’s break that down a bit more - once a website decides to support HTTPS, they need to make sure that their primary ad server supports encryption. That ad server will sometimes need to include tags from brand safety, audience and viewability measurement, and other tools - all of which also need to support encryption. The publisher’s ad server will often direct to one of several agency ad servers, each of which will also need to serve over HTTPS. Each agency ad server also may include a variety of beacons or tags, depending on how the deal was set up, all of which similarly need to have encrypted versions available. That’s a lot of dependencies - and when one fails to support HTTPS, the website visitor’s experience is impacted, initiating a costly search for the failure point by the publisher.
While I question that 80% number -- given that we had difficulty finding many ad providers who supported HTTPS a year ago -- it's good to see the industry finally recognizing how important this is.

9 Comments | Leave a Comment..

Posted on Techdirt - 26 March 2015 @ 1:39pm

Free Speech, Censorship, Moderation And Community: The Copia Discussion

from the not-an-easy-issue dept

As I noted earlier this week, at the launch of the Copia Institute a couple of weeks ago, we had a bunch of really fascinating discussions. I've already posted the opening video and explained some of the philosophy behind this effort, and today I wanted to share with you the discussion that we had about free expression and the internet, led by three of the best people to talk about this issue: Michelle Paulson from Wikimedia; Sarah Jeong, a well-known lawyer and writer; and Dave Willner who heads up "Safety, Privacy & Support" at Secret after holding a similar role at Facebook. I strongly recommend watching the full discussion before just jumping into the comments with your assumptions about what was said, because for the most part it's probably not what you think:

Internet platforms and free expression have a strongly symbiotic relationship -- many platforms have helped expand and enable free expression around the globe in many ways. And, at the same time, that expression has fed back into those online platforms making them more valuable and contributing to the innovation that those platforms have enabled. And while it's easy to talk about government attacks on freedom of expression and why that's problematic, things get really tricky and really nuanced when it comes to technology platforms and how they should handle things. At one point in the conversation, Dave Willner made a point that I think is really important to acknowledge:
I think we would be better served as a tech community in acknowledging that we do moderate and control. Everyone moderates and controls user behavior. And even the platforms that are famously held up as examples... Twitter: "the free speech wing of the free speech party." Twitter moderates spam. And it's very easy to say "oh, some spam is malware and that's obviously harmful" but two things: One, you've allowed that "harm" is a legitimate reason to moderate speech and two, there's plenty of spam that's actually just advertising that people find irritating. And once we're in that place, it is the sort of reflexive "no restrictions based on the content of speech" sort of defense that people go to? It fails. And while still believing in free speech ideals, I think we need to acknowledge that that Rubicon has been crossed and that it was crossed in the 90s, if not earlier. And the defense of not overly moderating content for political reasons needs to be articulated in a more sophisticated way that takes into account the fact that these technologies need good moderation to be functional. But that doesn't mean that all moderation is good.
This is an extremely important, but nuanced point that you don't often hear in these discussions. Just today, over at Index on Censorship, there's an interesting article by Padraig Reidy that makes a somewhat similar point, noting that there are many free speech issues where it is silly to deny that they're free speech issues, but plenty of people do. The argument then, is that we'd be able to have a much more useful conversation if people admit:
Don't say "this isn't a free speech issue", rather "this is a free speech issue, and I’m OK with this amount of censorship, for this reason.” Then we can talk."
Soon after this, Sarah Jeong makes another, equally important, if equally nuanced, point about the reflexive response by some to behavior that they don't like to automatically call for blocking of speech, when they are often confusing speech with behavior. She discusses how harassment, for example, is an obvious and very real problem with serious and damaging real-world consequences (for everyone, beyond just those being harassed), but that it's wrong to think that we should just immediately look to find ways to shut people up:
Harassment actually exists and is actually a problem -- and actually skews heavily along gender lines and race lines. People are targeted for their sexuality. And it's not just words online. It ends up being a seemingly innocuous, or rather "non-real" manifestation, when in fact it's linked to real world stalking or other kinds of abuse, even amounting to physical assault, death threats, so and so forth. And there's a real cost. You get less participation from people of marginalized communities -- and when you get less participation from marginalized communities, you lead to a serious loss in culture and value for society. For instance, Wikipedia just has fewer articles about women -- and also its editors just happen to skew overwhelmingly male. When you have great equality on online platforms, you have better social value for the entire world.

That said, there's a huge problem... and it's entering the same policy stage that was prepped and primed by the DMCA, essentially. We're thinking about harassment as content when harassment is behavior. And we're jumping from "there's a problem, we have to solve it" and the only solution we can think of is the one that we've been doling out for copyright infringement since the aughties, and that's just take it down, take it down, take it down. And that means people on the other end take a look at it and take it down. Some people are proposing ContentID, which is not a good solution. And I hope I don't have to spell out why to this room in particular, but essentially people have looked at the regime of copyright enforcement online and said "why can't we do that for harassment" without looking at all the problems that copyright enforcement has run into.

And I think what's really troubling is that copyright is a specific exception to CDA 230 and in order to expand a regime of copyright enforcement for harassment you're going to have to attack CDA 230 and blow a hole in it.
She then noted that this was a major concern because there's a big push among many people who aren't arguing for better free speech protections:
That's a huge viewpoint out right now: it's not that "free speech is great and we need to protect against repressive governments" but that "we need better content removal mechanisms in order to protect women and minorities."
From there the discussion went in a number of different important directions, looking at other alternatives and ways to deal with bad behavior online that get beyond just "take it down, take it down," and also discussed the importance of platforms being able to make decisions about how to handle these issues without facing legal liability. CDA 230, not surprisingly, was a big topic -- and one that people admitted was unlikely to spread to other countries, and the concepts behind which are actually under attack in many places.

That's why I also think this is a good time to point to a new project from the EFF and others, known as the Manila Principles -- highlighting the importance of protecting intermediaries from liability for the speech of their users. As that project explains:
All communication over the Internet is facilitated by intermediaries such as Internet access providers, social networks, and search engines. The policies governing the legal liability of intermediaries for the content of these communications have an impact on users’ rights, including freedom of expression, freedom of association and the right to privacy.

With the aim of protecting freedom of expression and creating an enabling environment for innovation, which balances the needs of governments and other stakeholders, civil society groups from around the world have come together to propose this framework of baseline safeguards and best practices. These are based on international human rights instruments and other international legal frameworks.
In short, it's important to recognize that these are difficult issues -- but that freedom of expression is extremely important. And we should recognize that while pretty much all platforms contain some form of moderation (even in how they are designed), we need to be wary of reflexive responses to just "take it down, take it down, take it down" in dealing with real problems. Instead, we should be looking for more reasonable approaches to many of these issues -- not in denying that there are issues to be dealt with. And not just saying "anything goes and shut up if you don't like it," but that there are real tradeoffs to the decisions that tech companies (and governments) make concerning how these platforms are run.

16 Comments | Leave a Comment..

Posted on Techdirt - 26 March 2015 @ 9:27am

Bad Copyright Laws Scaring Off Necessary Investment In New Digital Platforms

from the shooting-themselves-in-the-foot dept

For many years, we've noted that while some in the legacy entertainment industry seem to think that there's a "battle" between "Hollywood" and "Silicon Valley" it's a very weird sort of war in which one of those parties -- Silicon Valley -- keeps supplying more and more "weapons" to the other party to help it adapt and succeed in a changing world. There are many examples of this, but the clearest is with the VCR, which the MPAA fought hard to outlaw in the 1970s and 1980s. The MPAA's Jack Valenti famously said in 1982 that "the VCR is to the American film producer and the American public as the Boston strangler is to the woman home alone." It was just four years later that home video revenue surpassed box office revenue for Hollywood. It wasn't the Boston strangler, it was the savior. Similar stories can be told elsewhere. The legacy entertainment industry has sued over MP3 players and YouTube, yet has now (finally) embraced online music and video years later than it should have.

And yet, that same legacy industry keeps trying to do everything to hamstring innovation that will only help it. A few years ago, we wrote about a fantastic post (sadly now gone from the internet) by Tyler Crowley, talking about the entrepreneur's view of innovation options and how many areas are welcoming for innovation -- which he described using the analogy of islands:

For tech folks, from the 35,000' view, there are islands of opportunity. There's Apple Island, Facebook Island, Microsoft Island, among many others and yes there's Music Biz Island. Now, we as tech folks have many friends who have sailed to Apple Island and we know that it's $99/year to doc your boat and if you build anything Apple Island will tax you at 30%. Many of our friends are partying their asses off on Apple Island while making millions (and in some recent cases billions) and that sure sounds like a nice place to build a business.
But what about Music Biz Island? Not so much:
Now, we also know of Music Biz Island which is where the natives start firing cannons as you approach, and if not stuck at sea, one must negotiate with the chiefs for 9 months before given permission to dock. Those who do go ashore are slowly eaten alive by the native cannibals. As a result, all the tugboats and lighthouses (investors, advisors) warn to stay far away from Music Biz Island, as nobody has ever gotten off alive. If that wasn't bad enough, while Apple and Facebook Island are built with sea walls to protect from the rising oceans, Music Biz Island is already 5 ft under and the educated locals are fleeing for Topspin Island.
As we pointed out, this leads to the legacy entertainment companies poisoning the well that contains the innovation water it desperately needs.

There's a parallel to this in terms of copyright laws. As the legacy entertainment industry keeps pushing for more draconian copyright laws, it only serves to scare more investors away. When we get good results, like the ruling in the Cablevision case saying that cloud-based services were legal, it resulted in a huge growth in investment in cloud services -- in contrast to much less spending in Europe, where the laws were a lot more ambiguous.

A new study from Fifth Era and Engine takes this finding even further, highlighting how bad or vague copyright laws are seriously scaring off investment in necessary platforms and innovation. A big part of this appears to be worries about absolutely insane statutory damages awards. The study surveyed tons of investors around the globe and they found an obvious concern about investing in areas where lawsuits could so easily destroy platforms:
In all eight countries surveyed, early stage investors view the risk of uncertain and potentially large damages as of significant concern as they look to invest in [Digital Content Intermediaries]. 85% agree or strongly agree that this is a major factor in making them uncomfortable about investing in [Digital Content Intermediaries].
And they're very specific about how the direct concern involves music and videos and the threat of a lawsuit that could simply put those companies out of business:
88% of worldwide investors surveyed said they are uncomfortable investing in [Digital Content Intermediaries] that offer user generated music and video given an ambiguous regulatory framework.
This is really unfortunate on a number of different levels:
  1. First, it limits the necessary innovation in services and business models that are likely to create the success stories of tomorrow. We need more experiments and platforms that allow places for artists and creators to create, promote, connect with fans and make money for their efforts. Yet if the legacy industry is scaring away all the investors, that's not going to happen.
  2. Second, it locks in the few dominant players of today. Want to build the next YouTube? Good luck. You'll need lots of money to do so, but you're less likely to get it at this stage. The legacy players keep hating the big successful platforms, but don't realize that their own moves lock those players in the dominant positions.
  3. Third, without competition in these spaces and platforms, content creators are less likely to get the best deals. When the legacy industry basically allows one player to become dominant, then it can set terms that are more in its favor. This is what so many from the legacy content industry are complaining about today -- without recognizing that their own actions regarding copyright law have helped create that situation.
Of course, many in those legacy industries actually see this sort of thing as a feature not a bug of pushing for greater copyright protectionism. They think -- ridiculously -- that by hamstringing innovation and investment they get to hold onto their perch longer. This is just wrong. It's trying to hold back the tide, while driving fans to alternative and often unauthorized platforms instead. Rather than supporting the innovation they need, pushing for bad copyright laws only helps to alienate the innovators the industry needs the most and the biggest fans whose support the content industry needs to thrive.

22 Comments | Leave a Comment..

Posted on Techdirt - 26 March 2015 @ 8:13am

FBI Quietly Removes Recommendation To Encrypt Your Phone... As FBI Director Warns How Encryption Will Lead To Tears

from the keeping-you-safe...-or-keeping-you-vulnerable dept

Back in October, we highlighted the contradiction of FBI Director James Comey raging against encryption and demanding backdoors, while at the very same time the FBI's own website was suggesting mobile encryption as a way to stay safe. Sometime after that post went online, all of the information on that page about staying safe magically disappeared, though thankfully I screenshotted it at the time:

If you really want, you can still see that information over at the Internet Archive or in a separate press release the FBI apparently didn't track down and memory hole yet. Still, it's no surprise that the FBI quietly deleted that original page recommending that you encrypt your phones "to protect the user's personal data," because the big boss man is going around spreading a bunch of scare stories about how we're all going to be dead or crying if people actually encrypted their phones:
Calling the use of encrypted phones and computers a “huge problem” and an affront to the “rule of law,” Comey, painted an apocalyptic picture of the world if the communications technology isn’t banned.

“We’re drifting to a place where a whole lot of people are going to look at us with tears in their eyes,” he told the House Appropriations Committee, describing a hypothetical in which a kidnapped young girl’s phone is discovered but can’t be unlocked.
So, until recently, the FBI was actively recommending you encrypt your data to protect your safety -- and yet, today it's "an affront to the rule of law." Is this guy serious?

More directly, this should raise serious questions about what Comey thinks his role is at the FBI (or the FBI's role is for the country)? Is it to keep Americans safe -- or is it to undermine their privacy and security just so it can spy on everyone?

Not surprisingly, Comey pulls out the trifecta of FUD in trying to explain why it needs to spy on everyone: pedophiles, kidnappers and drug dealers:
“Tech execs say privacy should be the paramount virtue,” Comey continued, “When I hear that I close my eyes and say try to image what the world looks like where pedophiles can’t be seen, kidnapper can’t be seen, drug dealers can’t be seen.”
Except we know exactly what that looks like -- because that's the world we've basically always lived with. And yet, law enforcement folks like the FBI and various police departments were able to use basic detective work to track down criminals.

If you want to understand just how ridiculous Comey's arguments are, simply replace his desire for unencrypted devices with video cameras in every corner of your home that stream directly into the FBI. Same thing. Would that make it easier for the FBI to solve some crimes? Undoubtedly. Would it be a massive violation of privacy and put many more people at risk? Absolutely.

It's as if Comey has absolutely no concept of a cost-benefit analysis. All "bad people" must be stopped, even if it means destroying all of our freedoms, based on what he has to say. That's insane -- and raises serious questions about his competence to lead a government agency charged with protecting the Constitution.

71 Comments | Leave a Comment..

Posted on Techdirt - 26 March 2015 @ 4:09am

Corporate Sovereignty Provisions Of TPP Agreement Leaked Via Wikileaks: Would Massively Undermine Government Sovereignty

from the dangerous-games,-played-out-behind-closed-doors dept

For years now, we've been warning about the problematic "ISDS" -- "investor state dispute settlement" mechanisms that are a large part of the big trade agreements that countries have been negotiating. As we've noted, the ISDS name is designed to be boring, in an effort to hide the true impact -- but the reality is that these provisions provide corporate sovereignty, elevating the power of corporations to put them above the power of local governments. If you thought "corporate personhood" was a problem, corporate sovereignty takes things to a whole new level -- letting companies take foreign governments to special private "tribunals" if they think that regulations passed in those countries are somehow unfair. Existing corporate sovereignty provisions have led to things like Big Tobacco threatening to sue small countries for considering anti-smoking legislation and pharma giant Eli Lilly demanding $500 million from Canada, because Canada dared to reject some of its patents noting (correctly) that the drugs didn't appear to be any improvement over existing drugs.

The US has been vigorously defending these provisions lately, but with hilariously misleading arguments. The White House recently posted a blog post defending corporate sovereignty, with National Economic Council director Jeff Zients claiming the following:

ISDS has come under criticism because of some legitimate complaints about poorly written agreements. The U.S. shares some of those concerns, and agrees with the need for new, higher standards, stronger safeguards and better transparency provisions. Through TPP and other agreements, that is exactly what we are putting in place.
There's something rather hilarious about saying that there needs to be "greater transparency" and promising that the secret agreement you're negotiating behind closed doors and won't share with the public has those provisions in them somewhere.

Either way, thanks to Wikileaks, we now have the "Investment" Chapter (or at least what it was as of January 20th), and it shows that, as per usual, the US is being entirely misleading in its claims. As Public Citizen highlights:
The leaked text would empower foreign firms to directly “sue” signatory governments in extrajudicial investor-state dispute settlement (ISDS) tribunals over domestic policies that apply equally to domestic and foreign firms that foreign firms claim violate their new substantive investor rights. There they could demand taxpayer compensation for domestic financial, health, environmental, land use and other policies and government actions they claim undermine TPP foreign investor privileges, such as the “right” to a regulatory framework that conforms to their “expectations.”

The leaked text reveals the TPP would expand the parallel ISDS legal system by elevating tens of thousands of foreign-owned firms to the same status as sovereign governments, empowering them to privately enforce a public treaty by skirting domestic courts and laws to directly challenge TPP governments in foreign tribunals.

Existing ISDS-enforced agreements of the United States, and of other developed TPP countries, have been almost exclusively with developing countries whose firms have few investments in the developed nations. However, the enactment of the leaked chapter would dramatically expand each TPP government’s ISDS liability. The TPP would newly empower about 9,000 foreign-owned firms in the United States to launch ISDS cases against the U.S. government, while empowering more than 18,000 additional U.S.-owned firms to launch ISDS cases against other signatory governments. (These are firms not already covered by an ISDS-enforced pact between the United States and other TPP negotiating governments.)
As for all that "transparency" that the White House promised? Yeah, don't count on it:
As revealed in Section B of the leaked text, these tribunals would not meet standards of transparency, consistency or due process common to TPP countries’ domestic legal systems or provide fair, independent or balanced venues for resolving disputes. For instance, the tribunals would be staffed by private sector lawyers unaccountable to any electorate, system of precedent or substantive appeal. Many of those involved rotate between acting as “judges” and as advocates for the investors launching cases against governments. Such dual roles would be deemed unethical in most legal systems. The leaked text does not include new conflict of interest rules, despite growing concern about the bias inherent in the ISDS system.

Contrary to claims from the Obama administration that the TPP’s investment chapter would somehow limit the uses and abuses of the controversial ISDS regime, much of the leaked text would replicate, often word-for-word, the terms found in past U.S. ISDS-enforced agreements. However, some terms would widen the scope of domestic policies and government actions that could be challenged before extrajudicial tribunals, without offering meaningful new safeguards for those policies.
The basic concept behind early ISDS/corporate sovereignty provisions may have made sense -- in which companies that were afraid to invest in developing nations out of fear the government would come in and seize their factory or whatever -- but expanding it to cover basically all international trade, while the definitions are interpreted to mean companies can challenge any law they don't like in front of a set of private judges (who also work for those same companies in other cases) is ridiculously problematic.

And, once again, we see why the USTR absolutely refuses to be transparent about this by releasing this information publicly. It knows that such a deal would be bad for the American public, so it keeps them secret until nothing can be done. I guess if you're undermining democracy by giving corporations power over lawmakers, you might as well go all the way and hide your proposals from the voting public at the same time.

Read More | 67 Comments | Leave a Comment..

Posted on Techdirt - 25 March 2015 @ 1:48pm

Accidentally Revealed FTC Document Details Some Questionable Google Practices, But Not The Ones Most People Focused On

from the fascinating-stuff dept

Last week, the Wall Street Journal published an article detailing how one part of the FTC, the competition bureau, wanted to go after Google for antitrust violations, claiming it was eventually "overruled" by the FTC's commissioners who sided with the economic bureau that felt there was no real antitrust violations in Google's practices. The WSJ got its hands on part of the internal report by accident -- saying that the FTC inadvertently handed it over as a response to a different FOIA request, but that it was only part of the internal report. Late yesterday, the WSJ released the document it received (which you can see here in PDF form). Somewhat bizarrely, it's every other page of the report, suggesting some sort of weird screwup inside the FTC.

I recommend reading through the whole thing (the final third is all footnotes, but they're also super interesting). It details a variety of background tidbits about the search industry, some of which have never been revealed before. If you want an annotated version, I highly recommend reading Danny Sullivan's live tweets as he read through the report and the footnotes.

However, now that we get to read all the details, it seems like the Wall Street Journal oversold the story. It doesn't really show a huge conflict within the FTC at all. Basically, the competition bureau discussed three practices that it found problematic and potentially worthy of prosecution. And, yes, the FTC eventually decided not to prosecute. But -- and this is the important part that most of the coverage seems to ignore -- the final agreement between the FTC and Google involve Google agreeing to cease two of the three questionable practices (and, frankly, the third "questionable" practice doesn't seem that questionable).

And, on top of that, the one practice that got most of the attention (both early on in the antitrust complaints against Google and in the coverage about this leaked report) -- the demoting of vertical search engine results in Google's search -- was the part that even the competition bureau found likely did not violate any antitrust laws, and was actually for the benefit of Google's users.

Specifically, most of the focus on Google's potential "anti-trust" activists has been on its impact on "competing" search engines, specifically "vertical" search engines for things like "local," "travel," and "shopping." And the report disclosed pretty clear evidence that Google purposely pushed down some of those results to promote its own results -- but there were good reasons for this, and as such, it appears that pretty much everyone at the FTC -- including those who wanted to punish Google for other things, agreed that there was no antitrust violation here. That's mostly because those efforts actually benefited consumers. And it's not difficult to see how: when you do a search on Google you want to get to results. You don't want to be sent off to another vertical search engine with another set of results. While the FTC agrees that this may harm vertical search competitors, that doesn't mean it harmed consumers. The FTC recognizes that in an effort to provide a better experience to consumers, that might harm other search engines, but that's not an antitrust violation:

Indeed, the evidence paints a complex portrait of a company working toward an overall goal of maintaining its market share by providing the best user experience, while simultaneously engaging in tactics that resulted in harm to many vertical competitors, and likely helped to entrench Google's monopoly power over search and search advertising. The determination that Google's conduct is anticompetitive, and deserving of condemnation, would require an extensive balancing of these factors, a task that courts have been unwilling- in similar circumstances - to perform under Section 2. Thus, although it is a close question, Staff does not recommend that the Commission move forward on this cause of action.
However, the report does highlight those other areas where Google's actions were a bit more questionable. The key one is in scraping the sites of vertical competitors and using their data in its own vertical offerings -- and then threatening to remove those vertical offerings from the general search if they wanted to have that data not used for vertical search activities. As the report noted, this was an internal policy choice by Google, rather than one of technical necessity:
Indeed, Google almost simultaneously launched a new reviews-collection product -- Hotpot -- to (again) try to solicit original user reviews, this time seeding it with eviews from third-party websites with no attribution. Yelp, TripAdvisor, and CitySearch all complained to Google. All of these parties sought removal of their user review content from Google Placcs/Hotpot, as well as the removal of their reviews from Google's aggregated review count on the main SERP. This time, however, Google told each company that if Yelp, TripAdvisor, and CityScarch wanted to have their content removed from Google Places/Hotpot, they would have to exclude their websites from being crawled by Google altogether, which meant complete exclusion from Google's SERP. This was not technically necessary -- it was just a policy decision by Google.
As the competition bureau noted, this move -- threatening to remove those sites from overall search results if they didn't allow the use of the data to prop up its own (underperforming) vertical sites -- was clearly problematic:
Google's threat (and willingness) to degrade its own web search product- by banishing high-quality vertical websites from its web search results altogether- suggests that Google's motive in scraping high-quality content from its vertical competitors was not procompetitive.
Indeed, it seems like Google could have easily agreed to remove that content from its vertical products without removing it from the general search results -- and, in fact, that was one of the things Google agreed to stop doing in its agreement with the FTC:
Google also has promised to provide all websites the option to keep their content out of Google’s vertical search offerings, while still having them appear in Google’s general, or “organic,” web search results. The FTC investigated allegations that Google misappropriated content, such as user reviews and star ratings, from competing websites in order to improve its own vertical offerings, such as Google Local and Google Shopping.
The other sketchy behavior was the way Google's Adwords API proactively blocked companies from building tools that would work with competing search ad providers (mainly Microsoft's AdCenter). Here, it appears that there was actually support within Google to do away with such restrictions, as many realized that it would be better for the overall market to allow companies to create cross-platform tools. However, Larry Page himself stepped in and blocked this plan:
In December 2008, Holden, senior vice-president of ad products Susan Wojcicki, and others met to discuss the issue. Of the meeting, Holden wrote:
[O]ne debate we are having is whether we should eliminate our API T&Cs requirement that AW [AdWords] features not be co-mingled with competitor network features in SEM cross-network tools like DART Search. We are advocating that we eliminate this requirement and that we build a much more streamlined and efficient DART Search offering and let SEM tool provider competitors do the same. There was some debate about this, but we concluded that it is better for customers and the industry as a whole to make things more efficient and we will maximize our opportunity by moving quickly and providing the most robust offering.
In February 2009, Holden wrote the executive summary for a DART Search product review, in which he advocated that Google "alter the AdWords Ts&Cs to be less restrictive and produce the leading cross-network toolset that increases advertiser/agency efficiency." Such a move, he wrote, would "[r]educe friction in the search ads sales and management process and grow the industry faster." In April 2009, in light of evident disapproval from Larry Page about the idea of removing the co-mingling restriction, Holden wrote: "We've heard that and we will focus on building the product to be industry-leading and will evaluate it with him when it is done and then discuss co-mingling and enabling all to do it."
It's good to see that within Google they wanted to remove these restrictions, and recognized that a more open, less-restrictive API would have resulted in a better overall experience. It's unfortunate that Larry Page stepped in to block that, and actually this was a part of the final FTC settlement, where the FTC agreed not to prosecute the company. It didn't get much attention at the time, but Google "agreed to give online advertisers more flexibility to simultaneously manage ad campaigns on Google’s AdWords platform and on rival ad platforms."

Frankly, it seems like these two issues -- both of which it agreed to stop doing -- were clearly bad decisions on Google's part, and it's a good thing that the company is no longer doing either. Both appear to go against the basic principles that Google often sets out for itself publicly, in terms of promoting openness and improving the overall ecosystem.

As for the third "bad" practice -- that one seems a bit more bizarre and it's no wonder that the FTC eventually decided not to do anything. The competition bureau argued that Google used exclusive deals to prevent partners from also working with Microsoft, and this may have cost Microsoft some business. However, there wasn't much evidence to support this in reality, and the report notes that most of the various partners don't even seem particularly bothered by this setup. They could negotiate different deals and weren't too worried about negotiating exclusive deals. It's not all that surprising that the FTC eventually just let that issue drop.

In the end, the document is really interesting and worth reading (even if you're only reading every other page). It certainly highlights a few questionable activities on Google's part that we're glad it agreed to stop doing. It seems like if Google just continued to focus on providing the best overall offering and promoting a more open internet, it never would have gotten into that mess in the first place -- and hopefully that's a lesson that Google will remember going forward.

Either way, as some have been pointing out, it seems like the FTC made the right decision in not prosecuting, as the competitors that the FTC was worried about have been growing pretty rapidly since then, while Google's market position has been declining. Such is the nature of the rapidly changing internet...

Read More | 14 Comments | Leave a Comment..

More posts from Mike Masnick >>