Mike Masnick’s Techdirt Profile

mmasnick

About Mike MasnickTechdirt Insider

Mike is the founder and CEO of Floor64 and editor of the Techdirt blog.

He can be found on Twitter at http://www.twitter.com/mmasnick



Posted on Techdirt - 16 November 2018 @ 7:39pm

Blockchain Voting: Solves None Of The Actual Problems Of Online Voting; Leverages None Of The Benefits Of Blockchain

from the oh-come-on-now dept

Just recently we wrote about why blockchain-based DRM was a terrible idea, and it could be summed up by the simple fact that a blockchain solves none of the "problems" of DRM today, and leverages none of the actual benefits of a blockchain. And... now I feel like writing basically the same exact post around blockchain voting. Like blockchain DRM, blockchain voting is one of those ideas that gets tossed around a lot. For decades, lots of people who actually understand computer security have explained why online voting is a horrifically bad idea in that it involves effectively unsolvable problems. It's not that it's a "hard" problem, it means that online voting is effectively impossible without massive changes to almost everything we do in ways that we can't really comprehend right now. There are some serious researchers who are thinking about this, but to date, there is nothing even remotely close to to being acceptable, and there may never be.

And yet, the "simplest" way that some people understand the risks of online voting is basically "it would be bad if someone could change your vote and no one would know." That's an easy to understand point to make, but the problems with online voting go way, way beyond that. Do a simple Google search on why online voting is a terrible idea and you'll get dozens of on-point results, but if you want a nice, simple explanation of just the first pass of potential risks with online voting, check out this video from a couple years ago by Princeton professor Andrew Appel, who has been studying voting security for many, many years:

It's 21 minutes, and if you're unsure of why internet voting is dangerous or think there's a simple solution, I'd urge you to watch it. But for those who don't, I'll just toss up one single slide from the presentation, which is not even remotely comprehensive in the list of potential problems with online voting:

That doesn't even get at a number of other potential issues (some of which are discussed in the video). And yet -- as with blockchain-for-DRM -- there's always someone who thinks that the only real problem is the double spend problem. Enter Alex Tapscott and the NY Times. Alex Tapscott is the son of Don Tapscott, who has written a number of fairly influential books related to technology and innovation, including "Growing up Digital" and "Wikinomics." In 2016, he teamed up with his son, Alex, and wrote a book called "The Blockchain Revolution," which is a fun read (they sent me a copy), if a bit overly excited in its analysis of potential implementations of the blockchain. As I've said in the past, I'm a believer that blockchain/tokens can completely revolutionize a few areas of the internet, but people have yet to really figure out which areas can take advantage of what is unique about the blockchain (beyond highly volatile currencies).

My favorite review of the book on its Amazon page includes this lovely sentence: "After the opening chapter, it turns into a rambling acid trip of delusional fantasies about exactly how blockchain will inevitably fix all the things wrong with society and the world."

Anyway, along comes Alex Tapscott and on election day, the NY Times gave him precious space to spew utter nonsense about how it's time for online voting... via the blockchain.

The key weakness of early online voting systems was the inability to solve what cryptographers called the “double spend problem.” When we send a file on the internet, we’re actually sending a copy of that file; the original remains in our possession. This is acceptable for sharing information but unacceptable for recording votes in elections. The possibility that individuals could cast their ballots multiple times for a candidate made these systems useless — just as vulnerable as paper ballot systems. Points of failure included susceptibility to hackers, coding bugs, and human error. With enough resources, any rogue could “stuff” a digital ballot box with illegitimate votes.

Except... that's not the key weakness in early online voting systems. It is one problem, but kinda far down the list. Look at that still from Appel's video above. Double spending isn't even there, really. Yet, Tapscott's piece acts as if it's the biggest problem, and easily solved with blockchain.

Since the NY Times published that article, plenty of folks with actual computer security expertise have stepped up to debunk it. Ben Adida, the Executive Director of a new organization called Voting Works, attempting to build secure, open source voting machines, actually debunked it a year ago (that's how good he is):

In a typical election setting with secret ballots, we need:

  1. enforced secrecy: a way for each voter to cast a ballot secretly and no way to prove how they voted (lest they be unduly influenced)
  2. individual verifiability: a way for each voter to gain confidence that their own vote was correctly recorded and counted.
  3. global verifiability: a way for everyone to gain confidence that all votes were correctly counted and that only eligible voters cast a ballot.

Let’s say we have a Blockchain-style distributed database. How far does that get us to meeting these needs?

A distributed database of all cast votes, where everyone sees the same state of the world, would certainly be useful for (3) global verifiability and to some degree for (2) personal verifiability. That said, it won’t get us all the way there on those, and it won’t get us anywhere on (1) enforced secrecy.

Specifically, to combine personal verifiability with enforced secrecy, we need some mechanism that gives each voter enough confidence that their vote made it all the way to the tally, but not so much that they can sell their vote to a buyer/coercer. A public ledger of plain votes is a terrible idea, since that makes vote selling trivial. A public ledger of vote tracking numbers of sorts is better for privacy, though it doesn’t really provide actual verifiability that the contents of the ballot weren’t tampered with. Clearly, we need something more, and that something simply isn’t provided by a distributed ledger.

In a typical election setting with secret ballots, we need:

  1. enforced secrecy: a way for each voter to cast a ballot secretly and no way to prove how they voted (lest they be unduly influenced)
  2. individual verifiability: a way for each voter to gain confidence that their own vote was correctly recorded and counted.
  3. global verifiability: a way for everyone to gain confidence that all votes were correctly counted and that only eligible voters cast a ballot.

Let’s say we have a Blockchain-style distributed database. How far does that get us to meeting these needs?

A distributed database of all cast votes, where everyone sees the same state of the world, would certainly be useful for (3) global verifiability and to some degree for (2) personal verifiability. That said, it won’t get us all the way there on those, and it won’t get us anywhere on (1) enforced secrecy.

Specifically, to combine personal verifiability with enforced secrecy, we need some mechanism that gives each voter enough confidence that their vote made it all the way to the tally, but not so much that they can sell their vote to a buyer/coercer. A public ledger of plain votes is a terrible idea, since that makes vote selling trivial. A public ledger of vote tracking numbers of sorts is better for privacy, though it doesn’t really provide actual verifiability that the contents of the ballot weren’t tampered with. Clearly, we need something more, and that something simply isn’t provided by a distributed ledger.

That's only part of Adida's thorough takedown of the concept.

Tim Lee at Ars Technica highlighted another batch of problems:

Tapscott focuses on the idea that blockchain technology would allow people to vote anonymously while still being able to verify that their vote was included in the final total. Even assuming this is mathematically possible—and I think it probably is—this idea ignores the many, many ways that foreign governments could compromise an online vote without breaking the core cryptographic algorithms.

For example, foreign governments could hack into the computer systems that governments use to generate and distribute cryptographic credentials to voters. They could bribe election officials to supply them with copies of voters' credentials. They could hack into the PCs or smartphones voters use to cast their votes. They could send voters phishing emails to trick them into revealing their voting credentials—or simply trick them into thinking they've cast a vote when they haven't.

[...]

But let's think about how this would play out in practice. Suppose it's mid-November 2020 and Donald Trump has narrowly won reelection. A few thousand voters in key swing states come forward to say that they intended to vote for Trump's opponent but their vote was recorded for Trump instead. Thousands of others say they tried to vote for Trump—or against him—but their votes weren't counted.

Was that due to hackers meddling with the vote, technical snafus, or user error? Were some of them just misremembering how they had cast their ballots? There would be no way to know for sure.

An important property for an election is finality: you want a well-understood process that makes people confident in the result. The paper-based process used in most states today isn't perfect, but it's pretty good on this score. Each vote is recorded on a paper ballot that's available for anyone to look at. Everyone understands how paper ballots work. People can observe the vote-counting process to verify that no ballots were altered. So not only does the process usually lead to an accurate count of peoples' votes, it also builds public confidence in the integrity of the result.

Blockchain voting would be much, much worse. Hardly anyone understands how a blockchain works, and even experts don't have a good way to observe the online voting process for irregularities the way an election observer does in a traditional paper election. A voter might be able to use her private key to verify how her vote was recorded after the fact. But if her vote wasn't counted the way she expected (or wasn't counted at all) she'd have no good way to prove that she tried to vote a different way.

Just a few months back, we also wrote about the terrible idea that West Virginia was experimenting with, via a company called Voatz (which is mentioned in Tapscott's article) that was building a "blockchain-based" system to allow military personnel overseas to vote via their mobile phones. And of course, as we noted at the time, it had all the same problems of all these systems. What it adds in "convenience" (if anything) is completely outdone by the security nightmare it creates.

Again, I still think blockchains have some potential to do some pretty useful things, but the idea that they can solve any old basically impossible under current realities technology problem by sprinkling magic "crypto" and "distributed" pixie dust on the problem is not a good look. Which should lead people to asking why the NY Times is publishing it without any fact checking at all?

15 Comments | Leave a Comment..

Posted on Techdirt - 16 November 2018 @ 3:28am

Not Even Hiding It Any More: EU Council Explicitly Pushing For Mandatory Upload Filters

from the filter-this dept

One of the key talking points for supporters of Article 13 in the EU Copyright Directive is to absolutely deny that it requires mandatory upload filters. Of course, as soon as you ask them how an internet platform could possibly abide by the rules of Article 13 without implementing mandatory upload filters, they suddenly change the conversation. Usually to something about how YouTube is ripping off all musicians. This is... weird. First of all, YouTube already has its giant upload filter in the form of ContentID. Second, if they can't tell you how it doesn't require upload filters, then... it requires upload filters.

As the trilogue negotiations continue between the EU Council, the EU Commission and the EU Parliament, the Council has apparently decided to drop the pretense and is now explicitly demanding mandatory upload filters. The newly proposed language says that any site is liable for all infringement committed by their users unless they block any infringing works they've been informed about from ever appearing on their sites again. It's a "notice and stay down" requirement -- which has all sorts of problems. First of all, this assumes that every use of the same work is equally infringing. It does not take into account that one use may be infringing, while another may be fair use or fair dealing. Second, it requires incredibly expensive technology. ContentID already cost Google over $100 million... and it's not very good. Tons of stuff still gets through. So now, basically, any successful smaller platform would have to spend ridiculous sums of money to implement a useless filter that won't work... and when things slip through, they're still liable for massive damages.

And, notice what's missing? What happens if these filters take down content they should not? This happens all the time. But here, of course, there is no punishment for false notifications or for mistakes. While the Council tries to get around this by saying the rules "shall not affect legitimate uses, such as uses under exceptions and limitations," that's entirely meaningless. How the hell do you train a filter to understand parody? Or fair use? Or any other limitation or exception? Google has spent $100 million on its system and it has no clue how to determine fair use.

The link above to Julia Reda's site has more info on the current state of the negotiations, but suffice it to say that this still appears to be an utter disaster for the internet, as you have people who have no understanding at all how the internet works, passing sweeping regulations that will have massive consequences for speech online.

44 Comments | Leave a Comment..

Posted on Techdirt - 15 November 2018 @ 10:39am

Rights Groups Demand Facebook Set Up Real Due Process Around Content Moderation

from the seems-like-a-good-idea dept

For quite some time now, when discussing how the various giant platforms should manage the nearly impossible challenges of content moderation, one argument I've fallen back on again and again is that they need to provide real due process. This is because, while there are all sorts of concerns about content moderation, the number of false positives that lead to "good" content being taken down is staggering. Lots of people like to point and laugh at these, but any serious understanding of content moderation at scale has to recognize that when you need to process many many thousands of requests per day, often involving complex or nuanced issues, many, many mistakes are going to be made. And thus, you need a clear and transparent process that enables review.

A bunch of public interest groups (including EFF) have now sent an open letter to Mark Zuckerberg, requesting that Facebook significantly change its content removal appeal process, to be much clearer and much more accountable. The request first covers how clear the notice should be concerning what content caused the restriction and why:

Notice: Clearly explain to users why their content has been restricted.

  • Notifications should include the specific clause from the Community Standards that the content was found to violate.

  • Notice should be sufficiently detailed to allow the user to identify the specific content that was restricted, and should include information about how the content was detected, evaluated, and removed.

  • Individuals must have clear information about how to appeal the decision.

And then it goes into many more details on how an appeal should work, involving actual transparency, more detailed explanations, and knowledge that an appeal actually goes to someone who didn't make the initial decision:

Appeals: Provide users with a chance to appeal content moderation decisions.

  • The appeals mechanism should be easily accessible and easy to use.

  • Appeals should be subject to review by a person or panel of persons not involved in the initial decision.

  • Users must have the right to propose new evidence or material to be considered in the review.

  • Appeals should result in a prompt determination and reply to the user.

  • Any exceptions to the principle of universal appeals should be clearly disclosed and compatible with international human rights principles.

  • Facebook should collaborate with other stakeholders to develop new independent self-regulatory mechanisms for social media that will provide greater accountability.

Frankly, I think this is a great list, and am dismayed that the large platforms haven't implemented something like this alread. For example, we recently wrote about Google deeming our blog post on the difficulty of content moderation to be "dangerous or derogatory." In that case, we initially got no further information other than that claim. And the appeals process was totally opaque. The first time we appealed, the ruling was overturned (again with no explanation) and a month later when that article got dinged again, the appeal was rejected.

After we published that article, we had an employee from the Adsense team eventually reach out to us to explain that it was "likely" that some of the comments on that article were what triggered the problems. After pointing out that there were well over 300 comments on the article, we were eventually pointed to one particular comment that used some slurs, though the comment used them to demonstrate the ridiculousness of automated filters, rather than as derogatory epithets.

However, as I noted in my response, my main complaint was not Google's silly setup, but the fact that it provided no actual guidance. We were not told that it was a comment that was to blame until after our published article resulted in someone higher up on the AdSense team reaching out. I pointed out that it seemed only reasonable that Google should share with us specifically what term it felt we had violated and which content was the problem so that we could then make an informed decision. Similarly, the appeals process was entirely opaque.

While the reasons that Google and Facebook have not yet created this kind of due process are obvious (it would be kinda costly, for one), it does seem like such a system will be increasingly important, and it's good to see these groups pushing Facebook on this in particular.

Of course, earlier this year, Zuckerberg had floated an idea of an independent (i.e. outside of Facebook) third party board that could handle these kinds of content moderation appeals, and... a bunch of people freaked out, falsely claiming that Zuckerberg wanted to create a special Facebook Supreme Court (even as he was actually advocating for having a body outside of Facebook reviewing Facebook's decisions).

No matter what, it would be good for the large platforms to start taking these issues seriously, not only for reasons of basic fairness and transparency, but because it would also serve to better make the public comfortable with how this process works. When it is, as currently construed, a giant black box, that leads to a lot more anger and conspiracy thinking over how content moderation actually works.

Update: It appears that shortly after this post went out, Zuckerberg told reporters that Facebook is now going ahead with creating an independent body to handle appeals. We'll have more on this once some details are available.

34 Comments | Leave a Comment..

Posted on Techdirt - 15 November 2018 @ 9:31am

The Wonky Donkey: How Infringement Helped Create A Best Seller... Which Would Be Impossible Under Article 13

from the wonky-infringing-donkey dept

I had missed this story from a couple months back, but reader Kris kindly alerted me to it. It's the story of how a video of a grandmother in Scotland reading a mostly out-of-print children's book to her grandson, and laughing uncontrollably about the book, went viral and turned the book into a total best seller around the world. First, you need to watch the video:

It has over a million and a half views on YouTube, and apparently a huge number on Facebook as well. The book's author, Craig Smith from New Zealand appears to be ecstatic about all of this (as he should be!):

Smith told the Guardian that demand had “gone through the roof” for the picture book since the video of Clark took off: in New Zealand, his publisher is “rushing to print another 50,000 copies, with a view for more”, while The Wonky Donkey is now also being reprinted in the UK. Amazon in the US and the UK has sold out, while used bookseller AbeBooks said that it has sold “hundreds of copies” of The Wonky Donkey in the last week, amid “massive demand” around the world.

[....]

“The video is gold. Watching Janice read and laugh was just delightful, and like many, her infectious laugh had me laughing too,” said Smith. “I’ve always wondered why sales had not taken off so much in the UK and US, but that looks like that’s about to change.”

According to the Associated Press, the book had sold about 75,000 copies prior to all of this (which isn't bad), though it was mostly in New Zealand and Australia, but had since gone out of print. But now, the publisher, Scholastic, was rushing to print another 600,000 copies.

According to Scholastic, the book had sold about 75,000 copies and was out of print before the video caught on last month.

"Before this fall, if you had said 'Wonky Donkey' in my store, no one would have known what you were talking about," said Linda Devlin, owner of Linda's Story Time in Monroe, Connecticut. "Now, it just sells and sells. People see it and say, 'Oh, I have to get that for my grandchildren.'"

Scholastic announced Friday that it had ordered another 600,000 copies. Meanwhile, Clark is coming to New York in November for an event at Barnes & Noble.

And, last month the book went to the top of the charts. From out of print to topping the book sale charts in just a couple of weeks is pretty incredible:

The 2009 picture book about a three-legged, one-eyed donkey has sold more than 100,000 copies in the United States this fall, much of that in the past week. According to NPD BookScan, which tracks around 85 percent of the print market, "Wonky Donkey" topped all releases with more than 90,000 copies sold last week, beating out Bob Woodward's "Fear" and Rachel Hollis' "Girl, Wash Your Face," among others.

But... here's the thing. That video is almost certainly copyright infringement. It's a derivative work with the grandmother reading the entire book out loud. Obviously, neither the author nor the publisher mind that this happened. Indeed, they're pretty happy about it. And so this could just be yet another example of where copyright infringement actually ends up helping the copyright holder significantly.

But this is also an excellent example of the massive harm that the EU is about to do with Article 13 and the EU Copyright Directive. Under Article 13, platforms like YouTube and Facebook would be required to block this kind of video or face massive liability. Of course, how these platforms might detect such a video is unclear. There is no form of ContentID that would see that video and know that it was infringing, but it pretty clearly is. But, once the video got so popular, with over a million views and news stories about it, sooner or later the companies would recognize that it was infringing and would be forced to take it down or face crippling liability.

All weekend long, various supporters of Article 13 have been screaming at me on Twitter about how Article 13 won't harm the internet or creators at all, and that's it's really just about "making YouTube pay its fair share." I'm curious how they could possibly explain what to do in this particular case. Under the law they want, a content creator (and tons of happy parents) would be at a loss. This book likely wouldn't be such a massive success. The companies would be forced to take that content down and to block anyone else from ever uploading it.

And what do you do if you're a smaller platform? The risk of letting just one such video through would almost certainly bankrupt you. But how is a smaller platform going to police for this kind of video that none of the copyright holders want policed? But, as a platform, Article 13 leaves them no choice.

This is one of the many problems with the approach of Article 13. It assumes, incorrectly, that all infringement is black and white obvious, and that all infringement is necessarily bad and must be stopped. It cannot take into account that those assumptions are frequently not at all accurate. It cannot take into account that this will not only cut off much of what makes the internet wonderful, but will also completely keep new entrants at bay. Google and Facebook can afford to deal with this. The next Google and Facebook won't even bother. And that would make for a pretty sad, spunky, hanky-panky, cranky, stinky, dinky, lanky, honky-tonky, winky, wonky donkey.

18 Comments | Leave a Comment..

Posted on Techdirt - 14 November 2018 @ 8:00pm

Dear EU Politicians: You Really Don't Have To Wreck The Internet

from the don't-wreck-the-internet dept

Visit DontWreckThe.Net to learn about the EU Copyright Directive »

As you'll recall, back in September, the EU Parliament voted to approve a draft of the EU Copyright Directive, despite it including a bunch of very problematic pieces -- mainly Article 13's mandatory filters and Article 11's snippet tax. What the EU Parliament approved was not the same as what the EU Council of member states had approved, nor what the EU Commission had approved, so now those three bodies have been working on a "trilogue" process to sync up the various versions and come up with a master version that will have to be approved again by all three institutions. There has been a lot of activity in the past few weeks -- and Italy's change of government has made things a bit interesting.

As the Trilogue discussions have continued, we've teamed up with a bunch of platforms and startup organizations both in the EU and the US to make some suggestions. It would probably be best for the internet to drop both Article 11 and Article 13 altogether, but barring that, we have a pretty detailed list of suggestions over at DontWreckThe.Net. As you hopefully see, just by looking at the long list of fixes we're requesting, there are still huge problems with the proposals. Furthermore, given that many of the platforms we've partnered with in developing this list are the ones who will be hardest hit, we're hopeful that the various officials debating this will take notice. Even more important: this is not just about those platforms, but everyone who uses them. If you use Reddit or Patreon or Vimeo, these rules are going to have a massive impact on how you'll be able to interact with the internet going forward. Also, we're asking other organizations to join this project, so if you run an organization that is worried about the impact of Articles 11 or 13, please reach out to us through the site.

And please, EU officials, don't wreck the net.

20 Comments | Leave a Comment..

Posted on Techdirt - 14 November 2018 @ 12:03pm

Facebook Allowing French Censors To Embed With The Company, And Maybe That's A Good Thing?

from the this-should-be-interesting dept

While much of the attention around French President Emmanuel Macron's speech at the Internet Governance Forum (IGF) on Monday was focused on the so-called "Paris Call" agreement on cybersecurity, it was also an occasion for the French President to announce a plan to effectively embed regulators with Facebook to learn how to better censor the platform:

The French president announced on Monday a six-month partnership with Facebook aimed at figuring out how the European country should police hate speech on the social network.

As part of the cooperation — the first time that Facebook has teamed up with national politicians to hammer out such a contentious issue — both sides plan to meet regularly between now and May, when the European election is due to be held. They will focus on how the French government and Facebook can work together to remove harmful content from across the digital platform, without specifying the outcome of their work or if it would result in binding regulation.

Facebook's press people have pushed back on the claim that this is a program to "embed" government censors within Facebook, saying it's more just about showing them how Facebook manages content moderation:

It's a pilot program of a more structured engagement with the French government so that both sides can better understand the other's challenges in dealing with the issue of hate speech online. The program will allow a team of regulators, chosen by the Elysee, to familiarize [itself] with the tools and processes set up by Facebook to fight against hate speech. The working group will not be based in one location but will travel to different Facebook facilities around the world, with likely visits to Dublin and California. The purpose of this program is to enable regulators to better understand Facebook's tools and policies to combat hate speech and, for Facebook, to better understand the needs of regulators.

While many people may have the instinctual reaction that having government regulators coming in to see how to "better" censor speech on your platform is inherently a problem, one hopes that the end result of this is influencing things in the other direction. A bad outcome would be French regulators deciding that this experience gives them enough info to craft impossible regulations to wave digital magic wands and "make the bad stuff disappear." But a more optimistic argument would be that it gives these French regulators a chance to get some first hand knowledge of (1) how seriously Facebook takes this issue (don't laugh, because the company absolutely does take this issue seriously now, even if it didn't in the past) and (2) just how impossible it is to do a particularly good job at it (even as Facebook has gotten much better in the past year).

So while I'm always a little concerned about the idea of having government regulators come into a company when the upfront stated objective is about more content moderation demands, it certainly would be beneficial for French officials not to be so incredibly ignorant about how content moderation at scale truly works, and why the easy solutions they always seem to propose won't help (and could make problems significantly worse).

33 Comments | Leave a Comment..

Posted on Free Speech - 14 November 2018 @ 9:35am

Judge Lets NRA's 1st Amendment Lawsuit Against Andrew Cuomo Move Forward

from the when-the-2nd-meets-the-1st dept

Let's put some cards on the table to start off this post: I think Andrew Cuomo is a terrible governor of NY (and he was a terrible Attorney General before that), and doesn't deserve to be in office. I also think the NRA is a joke of an organization, that stirs up bullshit fear and racial divisions, and frequently shits on the 1st Amendment plenty of times when people try to challenge the 2nd Amendment. I recognize that some percentage of you probably feel differently about Cuomo and (chances are...) a non-overlapping venn diagram of you probably feel differently about the NRA. I think they're both terrible and should disappear from public life. And I say that upfront because my position on this particular lawsuit has nothing to do with which side I "like." I don't like either one.

But on the law in this particular case, clearly the NRA is in the right, while Cuomo is wrong. And thankfully, so far a judge agrees.

Let's take a step back, though, to look at what's happening. Cuomo is no fan of the NRA. And he decided to use his position as governor to punish the NRA for its advocacy. Back in April, he put pressure on banks and other financial institutions to cut all ties with the NRA. It's kind of incredible that he would think this would fly. Indeed, the situation is pretty damn close to that time that Cook County (Illinois) Sheriff Thomas Dart pressured credit card companies to stop doing business with Backpage, leading to a pretty massive judicial smackdown from Judge Richard Posner.

A public-official defendant who threatens to employ coercive state power to stifle protected speech violates a plaintiff’s First Amendment rights, regardless of whether the threatened punishment comes in the form of the use (or, misuse) of the defendant’s direct regulatory or decisionmaking authority over the plaintiff, or in some less-direct form.

Posner, in the Dart/Backpage case, recognized that allowing government officials to pressure third parties into avoiding businesses they disliked over speech was a real problem:

For where would such official bullying end, were it permitted to begin? Some public officials doubtless disapprove of bars, or pets and therefore pet supplies, or yard sales, or lawyers, or “plug the band” (a listing of music performances that includes such dubious offerings as “SUPERCELL Rocks Halloween at The Matchbox Bar & Grill”), or men dating men or women dating women...

Or, you could add to that list, and say "the 2nd Amendment." And it would fit right in with what Cuomo did regarding the NRA:

"I am directing the Department of Financial Services to urge insurers and bankers statewide to determine whether any relationship they may have with the NRA or similar organizations sends the wrong message to their clients and their communities who often look to them for guidance and support. This is not just a matter of reputation, it is a matter of public safety, and working together, we can put an end to gun violence in New York once and for all."

Even if you think that the NRA is a horrible organization, and that various private entities should rethink any association they have with the NRA, that's entirely different than a powerful government official making such a statement.

But, of course, what many in the press writing about this have ignored is that this kind of bullying has been Cuomo's playbook for years. When he was Attorney General, we had a ton of articles about the same grandstanding move, in which Cuomo would pick some high profile issue, then publicly threaten to sue organizations if they didn't go along with his "voluntary" plan, which would be announced at a giant press conference with a smiling Andrew Cuomo. He did this in forcing broadband providers to set up porn filters. He did it in forcing social media sites to block access to porn sites again. He also did it in trying to force broadband providers to kick users off their networks over copyright infringement. And no one calls him on this abuse of power.

Except, now the NRA has. And a federal judge is letting the case move forward after denying a motion to dismiss from Cuomo's team. The order makes it clear that Cuomo might finally face some constitutional push-back on his intimidation techniques. It's still early in the case, so things could change, but Judge Thomas McAvoy is not impressed by Cuomo so far.

Viewing the allegations in the light most favorable to the NRA, and drawing reasonable inferences in its favor, the temporal proximity between the Cuomo Press Release, the Guidance Letters, and the Consent Orders plausibly suggests that the timing was intended to reinforce the message that insurers and financial institutions that do not sever ties with the NRA will be subject to retaliatory action by the state.

The judge finds, as in other cases, that there's a clear implied threat in the message coming from the Governor of the state of New York:

While neither the Guidance Letters nor the Cuomo Press Release specifically directs or even requests that insurance companies and financial institutions sever ties with the NRA, a plausible inference exists that a veiled threat is being conveyed.

There's still much more to go in the case, and as the case moves into discovery, perhaps there will be other revelations, but right now it certainly looks like a government official abusing his position to try to retaliate against an organization he doesn't like for their expressive speech.

And, yes, there's something potentially ironic in the NRA now being protected by the very same 1st Amendment that it so frequently complains about in blaming video games, TV, and movies for gun violence, but it turns out that you don't actually have to believe in the Constitution to be protected by it, and that's kind of a good thing.

Read More | 89 Comments | Leave a Comment..

Posted on Free Speech - 14 November 2018 @ 3:10am

CNN Lawsuit Seeks To Show That Trump Can't Kick Reporters Out For Asking Tough Questions

from the but-what-about-the-flip-side? dept

As you've probably heard by now, last week there was a bit of a scuff up in which the President in his standard manner got irritable and annoyed when CNN's Jim Acosta kept asking questions the President didn't feel like answering. This has resulted in a bunch of nonsense involving everyone trying to justify their own side's talking points -- but the simple fact of the matter is that it's a journalist's job to ask tough questions of politicians. There was a made up controversy involving claims that Acosta "assaulted" an intern who sought to take away his microphone, and the White House supported it with video evidence that some have claimed was doctored, while others have noted just happened (coincidentally) to have been re-encoded in a way that made Acosta's hand motions look more menacing than they really were. Either way, the end result was that the White House removed Acosta's press pass, claiming it was because of what happened with the intern, when literally everyone knows it was because of his questioning (if you want to honestly argue that it was because of the intern, go away).

On Tuesday, CNN announced that it had filed a lawsuit against the White House over the removal of the press pass, arguing that it violated both 1st Amendment and 5th Amendment rights. CNN and Acosta are represented by Ted Boutrous and Ted Olson (along with some other Gibson, Dunn lawyers) which is some serious firepower as they're two of the most high profile lawyers out there. Olson, a former Solicitor General during the George W. Bush administration, was rumored earlier this year to be considering joining Trump's legal team, before declining. And now he's suing Trump's White House.

The filing is only 18 pages and makes for fairly quick reading. The 1st Amendment claims are basically this:

Defendants initially claimed that they revoked Acosta’s press pass because he “plac[ed] his hands” on an intern. That contention is not accurate. The President himself has stated that the Acosta’s conduct was not “overly horrible” and that Acosta’s credentials were actually suspended because he failed to “treat the White House with respect.”

Defendants’ justifications for impeding Plaintiffs’ First Amendment rights are hollow and hardly sufficiently compelling to justify the indefinite revocation of Acosta’s White House credentials. Consequently, the only reasonable inference from Defendants’ conduct is that they have revoked Acosta’s credentials as a form of content- and viewpoint-based discrimination and in retaliation for Plaintiffs’ exercise of protected First Amendment activity.

The sole justification for Defendants’ conduct is their dislike for Plaintiffs’ coverage of the administration and critique of the President. But that is insufficient to justify such a substantial restriction on Plaintiffs’ First Amendment rights.

The 5th Amendment claims are basically a "due process" claim:

Plaintiffs have protected liberty and property interests in Acosta’s press credentials and the access it affords to the White House. The credentials allow Acosta access to his office in the White House and allow him to do his job effectively. Absent his credentials, he cannot serve as a White House correspondent.

Acosta received no direct notice from the White House that his credentials had been revoked, let alone any notice prior to the revocation. Instead, the White House announced the revocation itself via Twitter after Defendants already decided to effectively ban Acosta from the White House grounds.

Defendants did not provide Plaintiffs a written explanation, nor any explanation at all, before revoking Acosta’s press credentials. The only written explanation was a short statement posted on Twitter that Acosta was suspended because he “plac[ed] his hands” on a White House staffer. Even if this tweet were accurate—and it is not, as the reportedly doctored video Defendant Sanders posted would later show—it would not suffice to demonstrate prior notice of the revocation.

Defendants did not provide Plaintiffs an opportunity to be heard before revoking Acosta’s press credentials. Nor have they provided him any avenue to challenge or appeal the revocation of his credentials. Rather, Defendants have stated that they do not plan to ever rescind the revocation of Acosta’s credentials.

There are good reasons to think that CNN/Acosta may have a decent chance of prevailing. The key case, as many are pointing out, is the DC Circuit's ruling in Sherrill v. Knight, which more or less says that if the government opens up a briefing to the press, it can't arbitrarily deny a member of the press entrance. That ruling makes it clear that the President doesn't need to grant interviews to anyone who comes asking, but he can't arbitrarily bar a member of the press from an open press briefing. And the court also includes a due process requirement.

On the 1st Amendment claim in that case, the court noted that the White House needs to have a compelling interest in keeping a reporter out, and the details of the standards used by the White House need to be clear:

Given these important first amendment rights implicated by refusal to grant White House press passes to bona fide Washington journalists, such refusal must be based on a compelling governmental interest. Clearly, protection of the President is a compelling, "even an overwhelming," interest, Watts v. United States, 394 U.S. 705, 707, 89 S.Ct. 1399, 22 L.Ed.2d 664 (1969), and we have no basis for rejecting the explicit finding of the District Court that the record in this case demonstrates that denial of a press pass to appellee proceeded solely from concern for "the physical security of the President." 416 F.Supp. at 1036 n.10. However, this standard for denial of a press pass has never been formally articulated or published. Merely informing individual rejected applicants that rejection was for "reasons of security" does not inform the public or other potential applicants of the basis for exclusion of journalists from White House press facilities. Moreover, we think that the phrase "reasons of security" is unnecessarily vague and subject to ambiguous interpretation.

Therefore, we are of the opinion that appellants must publish or otherwise make publicly known the actual standard employed in determining whether an otherwise eligible journalist will obtain a White House press pass. We do agree with appellants that the governmental interest here does not lend itself to detailed articulation of narrow and specific standards or precise identification of all the factors which may be taken into account in applying this standard. It is enough that the Secret Service be guided solely by the principle of whether the applicant presents a potential source of physical danger to the President and/or his immediate family so serious as to justify his exclusion. See A Quaker Action Group v. Morton, 170 U.S.App.D.C. 124, 516 F.2d 717 (1975). This standard is sufficiently circumspect so as to allow the Secret Service, exercising expert judgment which frequently must be subjective in nature, considerable leeway in denying press passes for security reasons. At the same time, the standard does specify in a meaningful way the basis upon which persons will be deemed security risks, and therefore will allow meaningful judicial review of decisions to deny press passes. We anticipate that reviewing courts will be appropriately deferential to the Secret Service's determination of what justifies the inference that an individual constitutes a potential risk to the physical security of the President or his family.

And it also notes a 5th Amendment issue:

In our view, the procedural requirements of notice of the factual bases for denial, an opportunity for the applicant to respond to these, and a final written statement of the reasons for denial are compelled by the foregoing determination that the interest of a bona fide Washington correspondent in obtaining a White House press pass is protected by the first amendment. This first amendment interest undoubtedly qualifies as liberty which may not be denied without due process of law under the fifth amendment. The only further determination which this court must make is "what process is due," Morrissey v. Brewer, 408 U.S. 471, 481, 92 S.Ct. 2593, 33 L.Ed.2d 484 (1972).[23] We think that notice to the unsuccessful applicant of the factual bases for denial with an opportunity to rebut is a minimum prerequisite for ensuring that the denial is indeed in furtherance of Presidential protection, rather than based on arbitrary or less than compelling reasons. See Greene v. McElroy, 360 U.S. 474, 496-97, 79 S.Ct. 1400, 3 L.Ed.2d 1377 (1959); Mullane v. Central Hanover Bank & Trust Co., 339 U.S. 306, 314, 70 S.Ct. 652, 94 L.Ed. 865 (1950); Grannis v. Ordean, 234 U.S. 385, 394, 34 S.Ct. 779, 58 L.Ed. 1363 (1914). The requirement of a final statement of denial and the reasons therefor is necessary in order to assure that the agency has neither taken additional, undisclosed information into account, nor responded irrationally to matters put forward by way of rebuttal or explanation.

That ruling is likely to make this a tough case for the Trump White House. For what it's worth, many are highlighting that the case in the district court has been assigned to Judge Timothy Kelly, who is a Trump appointee, though I wouldn't read very much into that. Kelly has already ordered the White House to file a response this morning, and there will be a hearing held this afternoon, so things are moving quickly.

I've seen some people, perhaps reasonably, arguing that CNN filing this lawsuit is a distraction -- and one that plays into Trump's claims that the press is out to get him. I'm not sure I buy that, as Trump's supporters already believe that, and this isn't likely to change anyone's mind. But more clearly establishing rules for the press to be declined press passes is an interesting question. Of course, it's also one where I wonder if many of the people cheering this on would be freaking out if things were in reverse. Imagine a Democratic President denying a press pass to Infowars and/or Breitbart -- and imagine how a CNN victory in this case might be used in such a scenario.

Frankly, I think the issue here should be rather straightforward: if the government is holding a press conference, it should have clearly defined content-neutral rules for who qualifies for a press pass. If the press pass is in any way contingent upon the type of coverage, that would be unconstitutional. But other rules that are more objective and apply across the board seem perfectly reasonable. Over the years we've had many stories on journalists from more alternative outlets being denied press passes for dubious reasons, and on the whole I think governments should be much more inclusive of media. But, at the very least, if the decisions are based on the content of their reporting, it would appear to be entirely unconstitutional. And here it is abundantly obvious that Acosta was removed for reasons related to his content, with the claims about contact with the intern being purely pretextual.

Read More | 168 Comments | Leave a Comment..

Posted on Techdirt - 13 November 2018 @ 3:46pm

The US Refusing To Sign 'The Paris Call' Is Not As Big A Deal As Everyone Is Making It Out To Be

from the this-is-a-pointless-document dept

On Monday, a bunch of countries and companies officially announced and signed "The Paris Call," or more officially, "the Paris Call for Trust and Security in Cyberspace." It's getting a fair bit of press coverage, with a lot of that coverage playing up the decision of the US not to sign the agreement, even as all of the EU countries and most of the major tech companies, including Google, Facebook, Microsoft, Cisco and many many more signed on.

But, most of those news stories don't actually explain what's in the agreement, beyond vague hand-waving around "creating international norms" concerning "cyberspace." And the reports have been all over the place. Some talk about preventing election hacking while others talk about fighting both "online censorship and hate speech." Of course, that's fascinating, because most of the ways that countries (especially in the EU) have gone about fighting "hate speech" is through outright censorship. So I'm not quite sure how they propose to fight both of those at the same time...

Indeed, if the Paris Call really did require such silly contradictory things it would be good not to sign it. But, the reality is that it's good not to sign it because it appears to be a mostly meaningless document of fluff. You can read the whole thing here, where it seems to just include a bunch of silly platitudes that most people already agree with and mean next to nothing. For example:

We reaffirm our support to an open, secure, stable, accessible and peaceful cyberspace, which has become an integral component of life in all its social, economic, cultural and political aspects.

We also reaffirm that international law, including the United Nations Charter in its entirety, international humanitarian law and customary international law is applicable to the use of information and communication technologies (ICT) by States.

I mean, great. But so what? The "measures" the agreement seeks to implement are almost equally as meaningless. Here's the entire list:

  • Prevent and recover from malicious cyber activities that threaten or cause significant, indiscriminate or systemic harm to individuals and critical infrastructure;
  • Prevent activity that intentionally and substantially damages the general availability or integrity of the public core of the Internet;
  • Strengthen our capacity to prevent malign interference by foreign actors aimed at undermining electoral processes through malicious cyber activities;
  • Prevent ICT-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sector;
  • Develop ways to prevent the proliferation of malicious ICT tools and practices intended to cause harm;
  • Strengthen the security of digital processes, products and services, throughout their lifecycle and supply chain;
  • Support efforts to strengthen an advanced cyber hygiene for all actors;
  • Take steps to prevent non-State actors, including the private sector, from hacking-back, for their own purposes or those of other non-State actors;
  • Promote the widespread acceptance and implementation of international norms of responsible behavior as well as confidence-building measures in cyberspace.

I mean, sure? Some of that is meaningless. Some of that is silly. Some of it is obvious. But none of it actually matters because it's not binding. Could this lead to something that matters? Perhaps. But it seems silly to condemn the US for failing to sign onto a meaningless document of platitudes and meaningless fluff, rather than anything substantial. There's no problem with those who did choose to sign on, but it's hard to see how this is a meaningful document, rather than just an agreement among signatories to make them all feel like they've done something.

Read More | 27 Comments | Leave a Comment..

Posted on Net Neutrality Special Edition - 13 November 2018 @ 12:05pm

Nice Work EU: You've Given Google An Excuse To Offer A Censored Search Engine In China

from the handing-authoritarian-states-easy-victories dept

We've already explained why we think Google is making exactly the wrong move in experimenting with a government-approved censored search engine in China, called Dragonfly. However, the company continues to move forward with this idea. CEO Sundar Pichai gave an interview with the NY Times, in which he defends this move by... arguing it's the equivalent of the "Right to Be Forgotten" in the EU, with which Google is required to comply:

One of the things that’s not well understood, I think, is that we operate in many countries where there is censorship. When we follow “right to be forgotten” laws, we are censoring search results because we’re complying with the law. I’m committed to serving users in China. Whatever form it takes, I actually don’t know the answer. It’s not even clear to me that search in China is the product we need to do today.

A few people, who I respect, have tried to argue that this analogy is unfair. Mathew Ingram has a story at the Columbia Journalism Review that rightly points out the differences between deleting content because the subject of that content complains vs. when the government wants things disappeared. Former Facebook Chief Information Security Officer Alex Stamos argued that the comparison is "amoral and mendacious." He too agrees that there are problems with the RTBF in the EU, but China's censorship is to a different degree:

The "right to be forgotten" is a form of censorship that has been abused by many individuals and it's application extra-territorially should be resisted. However, China's censorship regime is a tool to maintain the absolute control of the party-state and is in no way comparable.

I both agree and disagree with this statement. What China is doing is to a different degree. But the mechanisms and the concepts behind them are the same. Indeed, we've pointed out for years that any move towards internet censorship in the Western World is almost immediately seized upon by China to justify that country's much more aggressive and egregious political censorship. Remember, back when the US was considering SOPA/PIPA, which would have censored whole websites on the basis of claims of copyright infringement, the Chinese government gleefully pointed out that the US was copying China's approach to the internet, and pushing for a "Great Firewall" for "harmful" information. It's just that, in the US's case, that "harmful information" was infringing information that hurt the bottom line of a few entertainment companies, while in China, they saw it as anything that might lead to political unrest. But, as they made clear, it was the same thing: you guys want to keep "harmful" information offline, and so do we.

That push for SOPA/PIPA gave the Chinese cover to continue to censor the internet -- and now the EU and its silly Right to be Forgotten is doing the same thing. So, yes, the style and degree of the censorship is not the same -- but the nature of what it is and how it's done continues to give massive cover to China in dismissing any complaints about its widespread censorship regime.

That said, it is reasonable to point out that Sundar Pichai should not be helping out the Chinese in furthering this argument on the pages of the NY Times... and I'd agree with you. But at least some of the blame must fall on the EU and other governments which have increasingly moved towards internet censorship regimes. Even if they're done for a different purpose, authoritarian regimes will always seize on them to excuse their own such behavior.

31 Comments | Leave a Comment..

Posted on Techdirt - 13 November 2018 @ 9:33am

RIAA Court Filing In Stairway To Heaven Case Warns Against *OVERPROTECTION* By Copyright

from the pigs-are-flying-over-hell's-frozen-tundra dept

Here's one you don't see everyday. The RIAA is telling a court that it needs to be careful about too much copyright protection. Really. This is in the lawsuit over "Stairway to Heaven" that we've been covering for a while now. As we noted, the 9th Circuit brought the case back to life after what had appeared to be a good result, saying that Led Zeppelin's "Stairway" did not infringe on the copyright in the Spirit song "Taurus." While we were a bit nervous about the case being reopened after a good result, as copyright lawyer Rick Sanders explained in a pair of excellent guest posts, there were good reasons to revisit the case -- in part to fix the 9th Circuit's weird framework for determining if a song has infringed, and in part to fix some bad jury instructions.

As with the Blurred Lines case, I've been curious how the RIAA and various musicians would come down on these cases. After all, I can imagine how they could easily end up on either side of such a case. Lots of musicians take inspiration from other musicians (it's actually kind of an important way for most musicians to develop), and if that's seen as infringing, that seems like it should be a huge problem. But, of course, to make that argument would require the RIAA to actually admit that copyright can go too far.

And... that's actually what it's done. The RIAA and the NMPA (National Music Publisher's Association, which historically is just as bad as the RIAA on many of these issues) actually had famed law professor Eugene Volokh write an interesting amicus curiae brief in support of the 9th Circuit rehearing the case en banc (with a full panel of 11 judges, rather than just the usual 3). Hat tip to Law360's Bill Donahue, who first spotted this.

Anyway, who among you ever expected the following in an RIAA brief:

Copyright law thus needs to carefully calibrate and balance its rules to prevent both over- and underprotection. Composers’ intellectual property must be protected, but new songs incorporating new artistic expression influenced by unprotected, pre-existing thematic ideas must also be allowed. The panel opinion badly overprotects, and in doing so is inconsistent with other federal appeals court decisions that have addressed the same issues.

Who are you and what have you done with the real RIAA?

Other parts of the RIAA brief (and I can't believe I'm saying this) make the same argument I've been making about this case (and the Blurred Lines) case for years:

This Court should also correct the precedent set by the panel allowing findings of infringement based on the use of uncopyrightable elements. Most compositions share some elements with past compositions—sequences of three notes, motifs, standard rhythmic passages, arpeggios, chromatic scales, and the like. Likewise, all compositions share some elements of “selection and arrangement” defined in a broad sense. The universe of notes and scales is sharply limited. Nearly every time a composer chooses to include a sequence of a few notes, an arpeggio, or a chromatic scale in a composition, some other composer will have most likely “selected” the same elements at some level of generality.

To keep every work from infringing—and to keep authors from being able to claim ownership of otherwise unprotected elements— this Court has stressed that selection and arrangement is infringed only when there is virtual identity between two works, not loose resemblance. The same principle should be recognized for music.

The brief goes into more detail -- again more or less repeating what I said in my original post, but with a bit less swearing (okay, 100% less swearing) -- on why it's crazy to argue that non-protectable works should be analyzed in determining if there's infringement:

The panel opinion concluded that the instruction nonetheless erred, on the theory that such common elements could still be protected if “used in combination with other elements in an original manner,” slip op. at 20, as a form of creative “selection and arrangement,” id. But all compositions will share some elements of “selection and arrangement,” defined in a broad sense, with some earlier compositions. To prevent nearly every new composition being at risk for liability, copyright claims based on “original contributions to ideas already in the public domain,” Satava v. Lowry, 323 F.3d 805 (9th Cir. 2003), are seen as involving a “thin copyright that protects against only virtually identical copying.” Id. at 812; see also Ets-Hokin v. Skyy Spirits, Inc., 323 F.3d 763, 766 (9th Cir. 2003) (“When we apply the limiting doctrines, subtracting the unoriginal elements, Ets-Hokin is left with . . . a ‘thin’ copyright, which protects against only virtually identical copying.”); Rentmeester v. Nike, Inc., 883 F.3d 1111, 1128-29 (9th Cir. 2018). This Court has long recognized this principle in claims involving visual art that allegedly creatively combines public domain elements, as with the sculptures in Satava or the photographs in Ets-Hokin and Rentmeester. The same should apply to music.

I also agree with the RIAA in saying that the "inverse ratio" rule is incredibly stupid. This is the rule adopted by some courts that the amount of "substantial similarity" necessary to show infringement decreases with the amount of "access" the accused infringer had to the original work. But, as the RIAA notes, that makes no sense (especially these days):

Indeed, while as a practical matter few composers create works that are strikingly similar to older ones, nearly all composers enjoy a striking level of access to a vast range of works: They hear them online, on the radio, at concerts, at home, and elsewhere. Indeed, they may hear them without ever seeking them out—played as mood music in elevators, supermarkets, and restaurants, or as incidental music in a film or in a television or radio commercial. Yet even if hearing the songs this way counts as a “high degree of access” (itself a vague concept that juries would have a difficult time applying), that should not allow the creators of new works to be sued under a “lower standard of proof of substantial similarity,”

And, finally, I agree with the RIAA that it would be a mistake to let a jury hear the recordings to compare the two songs. The case is not about the copyright in the sound recordings, but in the composition (which are not the same). And the problem with the sound recording is that it includes the unprotectable/public domain content, and that can be hard for a non-professional jury to separate out. The RIAA agrees:

Here, for instance, the panel agreed with Judge Klausner that the jury should not be allowed to determine substantial similarity by comparing Stairway to Heaven to Spirit’s sound recording of Taurus. Slip op. at 25, 31, 34. Unsurprisingly, Judge Klausner concluded that, because of this, it was better for the jury not to hear the sound recording at all, especially since hearing the sound recording would do vanishingly little to help the jury determine anything else (such as access).

Finally, the RIAA (correctly!) calls out the very weird part of the 9th Circuit ruling that suggested that as an alternative to allowing the jury to hear the sound recordings, they should be allowed to observe Led Zeppelin's Jimmy Page listening to the recordings "to evaluate his demeanor." As the RIAA points out, this is utter nonsense.

The panel rejected this judgment call on the grounds that “allowing the jury to observe Page listening to the recordings would have enabled them to evaluate his demeanor while listening to the recordings.” Slip op. at 34. But is this really so?

Imagine Page sitting there, relistening to the recording of Taurus (which he had already recently heard when preparing for the trial, III ER 502). The jurors are watching his demeanor, an unusual thing for people to do when they are listening to a song together with someone. What would they be looking for on his face that would in any way bear on the question whether he had heard the song nearly 50 years before, in 1967 to 1971? Is there some supposedly tell-tale facial expression that captures the reaction, “Yes, I had heard that song back then”?

Anyway, thanks to Led Zeppelin and Professor Volokh for actually creating a scenario where the RIAA and I are mostly on the same page -- and that page is warning about the negative consequences of overprotection of copyright in harming artists and limiting cultural output.

Read More | 36 Comments | Leave a Comment..

Posted on Free Speech - 13 November 2018 @ 3:29am

Philippines Continues To Spit On Free Speech; Plans To Charge Key Media Critic With Bogus Claims Of Tax Evasion

from the enemy-of-the-people? dept

At the beginning of this year, we had a fairly long post about a dangerous situation brewing in the Philippines, where President Duterte was clearly trying to retaliate against one of his chief media critics, The Rappler, run by Maria Ressa. As I mentioned, I got to see Ressa speak at a conference last year, and the former CNN bureau chief is a force of nature who seems completely devoted to accurately reporting on President Duterte, no matter how much he dislikes it.

When we wrote about Ressa and Rappler in January, it was over some trumped up charges concerning claims of "foreign ownership." That story is a bit complex, but in order to get a grant from the philanthropic Omidyar Network, Rappler sold what are known as Philippine Depository Receipts (or PDRs). PDRs do have value, which are tied to the value of shares in the company, but which don't grant any of the related ownership rights. And yet, Duterte and the Filipino SEC have been arguing that Rappler committed tax evasion by somehow "not reporting" the PDR's.

Rappler notes that's a complete fabrication:

Tiglao argues that Rappler’s PDR sale “is not reported in its financial statements submitted to the Securities and Exchange Commission.” (SEC)

This does not seem right.

Rappler’s financial statements and SEC general information statements have been posted on the internet. You can compare these financial statements to those in the prospectuses of ABS-CBN and GMA in the years these media companies sold PDRs, which show how PDRs are recorded by top audit firms.

Furthermore, Rappler notes that the law is pretty clear that if you sell PDRs to fewer than 20 people, you are exempt from registration requirements.

But, of course, none of this is actually about taxes and financial statements. It's about intimidating and silencing a free (and critical) press. And that's what's happening. The government has announced that it is going to charge Rappler and Ressa with tax evasion charges that basically everyone can see is completely bogus. Here's the UN's free speech guru (and recent Techdirt podcast guest) David Kaye calling out what a travesty this is:

At a time when authoritarian leaders around the world are increasingly targeting and threatening the press, we should be extra vigilant over how these attacks are expanding in both scope and in brazenness.

Here is a case where it seems quite clear that the charges are being trumped up based on Rappler's reporting, rather than based on anything even remotely legitimate. And whether or not Ressa and Rappler continue is beyond the point. The message to anyone else who wants to follow in their shoes is "don't bother, we'll make your life a living hell." Obviously that won't (and shouldn't) stop many reporters, but it can have an enormous chilling effect on many, many people.

17 Comments | Leave a Comment..

Posted on Techdirt - 9 November 2018 @ 1:37pm

Qualcomm's Patent Nuclear War Turning Into Nuclear Winter

from the none-of-this-is-good dept

We haven't written much about Qualcomm and Apple's all out nuclear war over patents, but a few recent developments suggest it's worth digging in and discussing. In some ways it sweeps in other companies (mainly Intel) and also involves the FTC and the ITC. I won't go through the entire history here because I'd still be writing this post into next year. Qualcomm is a pretty massive company and while it does produce some actual stuff, it has long acted quite similar to a patent troll. It has also vigorously opposed basically all patent reform efforts, while at the same time quietly funding a bunch of "think tanks" that go after anyone advocating for patent reform (I expect some fun comments to show up below).

The reason Qualcomm acts this way is that it has long abused the patent system to jack up prices to ridiculous rates. And it's finally facing something of a reckoning on that. In early 2017, the FTC went after Qualcomm for abusing its patents -- notably: "using anticompetitive tactics to maintain its monopoly in the supply of a key semiconductor device used in cell phones and other consumer products." Specifically, the FTC alleged that Qualcomm, despite promises to the contrary to get its patents into important standards, was not following the FRAND (Fair, Reasonable and Non-Discriminatory) licensing of its patents, as required to have its inventions be a part of the standard. Just days later, Apple sued Qualcomm, also regarding Qualcomm's patent shakedown, claiming that Qualcomm had been massively overcharging Apple for the use of its patents, rather than licensing them on a FRAND basis.

A few months later, Qualcomm sued Apple, claiming that it had been sharing Qualcomm's proprietary code with Intel. Apple had been using chips from both Qualcomm and Intel, but was in the process of dropping Qualcomm entirely. Qualcomm also launched multiple parallel proceedings at the ITC. As we've discussed for over a decade now, patent holders ridiculously get two shots at anyone they accuse of patent infringement (so long as the accused manufacturers its goods outside the US). The International Trade Commission (for reasons that make no sense) feels that it can judge on its own if patents have been infringed, and if so, it can block the further importation of the "infringing" good. That's the only remedy at the ITC, but it can have quite an impact, obviously, in blocking a product out of the US market. Incredibly, the ITC need not follow the same rules as a regular court and it can do its own analysis while a case is in federal court (which might rule entirely differently).

So that's the history. Basically, Apple and Qualcomm are in an all out patent nuclear war, with the FTC and ITC involved around the edges. In the last few weeks, however, pretty much everything has been looking pretty bad for Qualcomm. While an administrative law judge at the ITC did find some infringement, he (somewhat surprisingly) announced that he would not recommend an import ban (again, this is the only remedy the ITC can offer). The full ITC needs to review this recommendation and make a final call. Tons of patent maximalists are screaming their heads off about how the ITC must start blocking iPhones, but as Judge Thomas Pender recognized, banning an entire product because it may have infringed on a single patent is ridiculous. In the language of the judge "the statutory public interest factors weigh against issuing a limited exclusion order as to products found to infringe patents asserted in this investigation." In other words, "grow up Qualcomm, this isn't such a big deal that you get to completely ban the product."

And, now, the latest is that the FTC's case against Qualcomm went in the FTC's direction, with Judge Lucy Koh granting the FTC's motion for partial summary judgment and saying that Qualcomm was violating its FRAND promises. This isn't everything to do with the case, but does involve questions around whether or not Qualcomm can limit its licensing to just device makers, or if it also has to license its patents to other chipmakers, like Intel. And Koh points out that basically everyone recognizes that the FRAND agreement it made applies to everyone -- not just a limited subset of companies. Koh repeatedly highlights Qualcomm's own previous statements that support this.

Furthermore, Koh points out that allowing Qualcomm to discriminate against chipmakers would hand the company a total monopoly, and that clearly goes against the concept behind the FRAND agreement to put the technology into the standard:

If a SEP holder could discriminate against modem chip suppliers, a SEP holder could embed its technology into a cellular standard and then prevent other modem chip suppliers from selling modem chips to cellular handset producers. See Lemley, Intellectual Property Rights, 90 Calif. L. Rev. at 1902 (stating that a company with a SEP “will effectively control the standard; its patent gives it the right to enjoin anyone else from using the standard”). Such discrimination would enable the SEP holder to achieve a monopoly in the modem chip market and limit competing implementations of those components, which directly contradicts the TIA IPR policy’s stated purpose to “enable competing implementations that benefit manufacturers and ultimately consumers.” TIA IPR at 6. See Borg v. Transamerica Ins. Co., 47 Cal. App. 4th 448, 456 (1996) (holding that a court may not interpret a contract in a way that contradicts the contract’s plain meaning). Qualcomm never attempts to explain how discrimination against modem chip suppliers is consistent with the stated purposes of the IPR policies.

I know there's a lot of jargon in there, but it's basically saying that the whole point of the standardization process, as everyone agreed, was to create standardization across multiple competitors (while still allowing a reasonable license for patent holders). But if Qualcomm can reinterpret this agreement to say that FRAND only applies to downstream users, then that completely overturns the entire intention of the standards making process and just gives Qualcomm a total monopoly on the chips (going well beyond its patents). Qualcomm will undoubtedly appeal, but it's not a good start for the company.

Oh, and speaking of not a good start, the post-Apple world for Qualcomm isn't looking great either. Its latest earnings projections going forward were below what Wall St. was expecting and some are noticing a $5-billion-ish Apple-shaped hole in the books.

While I've been equally critical of Apple in the past when it's abused the patent system, in this situation it seems pretty clear that Qualcomm completely overplayed its hand with its patents in ways that were abusive, and that drove up costs in an unfair manner, against its own agreements. And so far, the various courts and administrative bodies are not buying into Qualcomm's desperate attempts to keep up its monopolizing.

It all goes back to the point we've been making for decades: if you have a good product, compete in the marketplace. Don't abuse the patent system to try to block competitors or to artificially inflate the price. That just telegraphs that you're bad at innovating and you know that competitors can do a better job than you. Qualcomm is now learning how that plays out in the long run.

Read More | 7 Comments | Leave a Comment..

Posted on Techdirt - 9 November 2018 @ 11:58am

Georgia's Brian Kemp Decides To Dox Absentee Voters, Revealing Why They All Voted Absentee

from the voting-irregularities dept

Kind of a key part of the American election setup is the concept of a secret ballot for hopefully obvious reasons. We haven't gone quite so far as eliminating that, but down in Georgia, Secretary of State Brian Kemp (who was running for governor at the same time as he was overseeing the integrity of the election and also putting in place a bunch of attempts at voter suppression) has doxxed hundreds of thousands (291,164 to be exact) of absentee voters by posting an Excel file on the state's website listing out the names, addresses and reasons why they voted absentee.

In typical spokesperson Candice Broce fashion (see her previous nonsensical quotes defending her boss), Broce/Kemp denied that there's anything wrong with this at all. The systems, they are all working perfectly:

When reached, Georgia secretary of state’s press secretary Candice Broce told TechCrunch that all of the data “is clearly designated as public information under state law,” and denied that the data was “confidential or sensitive.”

“State law requires the public availability of voter lists, including names and address of registered voters,” she said in an email.

While it is true that voter name and address info is required to be made available, it is usually not made available in aggregate for anyone to just download without restrictions. And, it's especially concerning that they released the reasons for voting absentee just a day or so after the election -- as people pointed out that this could be quite useful info for criminals looking for who might be away from their homes.

More concerning, of course, is the idea that this could scare off future voters as well who don't want such info being released in such a manner.

Either way, the idea that the Secretary of State, who kept insisting how wonderful his electronic voting systems were, would then release a giant Excel spreadsheet should again raise questions about the technological skills of whoever set up the system, let alone Kemp for overseeing such a system.

64 Comments | Leave a Comment..

Posted on Techdirt - 9 November 2018 @ 9:38am

The Satanic Temple Apparently Believes In Copyright And Is Suing Netflix For $50 Million It Will Not Get

from the satanic-copyrights dept

So... the Satanic Temple is suing Netflix for $50 million for copyright infringement. Please insert your own joke here.

To be honest, you would kind of hope that the Satanic Temple would, you know, maybe have a bit more excitement when filing federal cases, but this case is just... dumb. I'm almost wondering if it's just a sort of publicity stunt for both the Satanic Temple and the Netflix series Chilling Adventures of Sabrina. The crux of the complaint is that the show features a Baphomet statue that they feel is too similar to their own Baphomet statue (which the Temple tries to get erected in front of courthouses who want to post the 10 Commandments). If you're thinking but isn't Baphomet "a historical deity which has a complex history, having been associated with accusations of devil worship against the Knight Templar," I'd agree with you and perhaps copy and paste that statement straight from the Satanic Temple's complaint. But... wouldn't that also likely mean that it had been around in a design form for many, many years, meaning most depictions are probably public domain? Yes, again. Hell, even the complaint itself explains this:

The classic visual representation of idea of Baphomet is an image created in or about 1856 by an occult historian Eliphas Levi (the “1856 Baphomet”), which is notable for its use of a seated figure, with exposed large voluptuous female breasts, androgynous arms, a seeming male lower body and a Sabbatic Goat’s head. A copy of the historic Levi drawing of Baphomet is annexed as Exhibit E.

Yes, yes, I know you want to see Exhibit E, so here it is:

So, does the Temple's Baphomet resemble that? Sure does. Here it is in another exhibit:

And let's say it's pretty clear that whoever designed the Baphomet statue in the Sabrina show was pretty clearly copying the Satanic Temple's Baphomet. It's the same thing:

But is it infringing? First off, how much of the Temple's Baphomet is actually protectable? Not very much. The Temple notes that it made Baphomet's chest to be a male chest, rather than a female chest (to prevent courthouses from blocking their requests on the grounds that an exposed female breast -- on a mythical winged beast -- might be deemed "obscene"). The Temple also notes it added the children to the sculpture, which at least is something different.

The lawsuit, filed by lawyer Bruce Lederman, is full of useful nuggets -- many pointed out by Sarah Burstein. It opens up by saying that:

This case presents, among other things, a textbook example of the hornbook explanation of copyright protection that copyright law protects unique expressions, but not the ideas themselves.

Hornbook in legal terminology does tend to mean a settled legal principle, but it's difficult to believe that the lawyers weren't going for a bit of a pun here.

There's a copyright claim, but beyond the question of what is even protectable here, Burstein highlights that the Satanic Temple doesn't even really show that it has a valid copyright at all, since the sculpture was done on commission, and it's not clear that the copyrights were properly transferred:

There's also the fair use issue. This is a statue that happens to be seen in a TV show. While there do tend to be insurance companies and entertainment lawyers who demand that every possible thing seen on a screen must first be licensed, that's not how copyright law actually works (or it would be impossible to film a ton of stuff).

On the trademark side, Burstein also questions whether or not there's a valid trademark, while I'd question (if there even is a trademark) whether or not these are even competing in the same marketplace.

Also, on the trademark claim, the lawyers repeatedly talk about "forbidden dilution" (which feels vaguely Satanic, now that I think about it...), but that appears to be a weird misreading of &sect 115, which notes that false designations of origin, false descriptions and dilution ARE forbidden. Admittedly, the law does not have that "are" but it's clearly implied by the title of the law which puts forbidden after the dilution, rather than before it in the lawsuit.

At the very least, Forbidden Dilution, is a fun band name for some trademark lawyers.

Anyway, let's dig in a little more here:

Defendants have used the TST Baphomet with Children in ways that falsely designate its origin and are misleading and false to the extent that the Sabrina Series indicates, impliedly and expressly, that the TST Baphomet with Children is a symbol of evil, associated with forced-devil worship, cannibalism, and murder.

Man. The Satanic Temple is getting soft. (More specifically, what is the actually likelihood of confusion here? Even more specifically: come on, really?).

Among other things, TST designed and commissioned the TST Baphomet with Children to be a central part of its efforts to promote First Amendment values of separation of church and state and equal protection. Defendants’ prominent use of this symbol as the central focal point of the school associated with evil, cannibalism and murder blurs and tarnishes the TST Baphomet with Children as a mark of TST.

I totally get and support the First Amendment principles behind the Satanic Temple's attempt to get the statue installed as a creative form of protest against using the 10 Commandments at government buildings. But, it's a funny way to say you support the 1st Amendment to use that as part of your argument against a TV show that has its own 1st Amendment protections.

Anyway, this case is unlikely to get very far and I'm not convinced it was intended to get very far. It's certainly not leading to the Satanic Temple getting $50 million. But... it might lead more people to watch the Netflix show. So, from that perspective, this does feel just a wee bit like a devilish PR stunt, even if that's not what it was intended to be.

Read More | 21 Comments | Leave a Comment..

Posted on Techdirt - 8 November 2018 @ 10:40am

New Acting Attorney General Part Of A Patent Scam Company Recently Shut Down By The FTC And Fined Millions

from the grifters-everywhere dept

As you've certainly heard by now, yesterday President Trump forced out Attorney General Jeff Sessions and, at least for now, installed Sessions' Chief of Staff Matthew Whitaker to be the acting Attorney General. So who the hell is Matthew Whitaker? Well, Eric Boehlert summed up his history succinctly on Twitter:

Fascinating. But, getting even closer to the usual stuff that we cover on Techdirt, it also appears that Whitaker played a key role in a patent promotion scam company that was recently fined millions of dollars by the FTC. And, Whitaker apparently used his former job as an Assistant US Attorney to try to intimidate an unhappy "customer" of this firm away from filing a Better Business Bureau complaint. In other words, not only is Whitaker associated with a scammy patent marketing company, he also abused his former title in an effort to create a chilling effect on someone's speech.

The Miami New Times had a big article last year about the scam that was World Patent Marketing, which (of course) was based in Florida (why are so many of these scams based in Florida?). There are a bunch of these kinds of firms out there, that prey on unsophisticated individuals who were able to patent something or (more frequently) think they have something worth patenting. In this case, the Miami New Times describes WPM's way of working:

Thousands of would-be inventors like Masti were ripped off in the scheme, the feds allege. Padded, posterior-enhancing jeans; fruit crossbred with marijuana; a urinal shield to catch splatter — each one was sure to be a best seller, the company promised inventors, if they just paid for the firm's expertise in bringing ideas to market.

In reality, the firm's illustrious board — which included big names such as time-travel scientist Ronald Mallett and Florida International University professor Aileen Marti— simply took cash without ever meeting or reviewing any pitches. Some of the supposed innovations the company green-lit already existed, so patent applications were regularly denied. And despite the many "success stories" featured on its website, virtually none of the firm's clients ever made money.

As millions poured in, the firm's tough-talking CEO, Scott J. Cooper, boasted about trips to remote islands on his yacht and lashed out in expletive-laden tirades at inventors who complained. In screeds posted online and emailed to customers, the company bragged about its security team composed of ex-Israeli special forces trained in Krav Maga and threatened critics with lawsuits — or worse.

As the article notes, the FTC has gone after a ton of similar companies over the past couple decades, but new ones keep popping up. And apparently World Patent Marketing dove in with gusto:

In the long history of invention scammers, though, experts say few exceeded Cooper at wringing so much money out of individual victims. With a unique combination of New York bluster and salesmanship — and a fighter's willingness to scrap with naysayers — Cooper charmed hopefuls into sending thousands of dollars before scaring away anyone who thought about blowing the whistle, burned inventors say.

Despite only starting in 2014, the company raked in millions. The Miami New Times article is incredibly detailed in how Cooper ran such a scam. But it also talks about how he would angrily go after dissatisfied "customers." And apparently some of that included using "advisory board member" Matthew Whitaker. The company revealed in the evidence in the case the FTC filed against the firm, including sending an email to an unhappy customer "A Rudsky" who had threatened to report WPM to the Better Business Bureau. It appears that Cooper passed on this threat to Whitaker, who sent the following email in August of 2015:

If you can't see that, it says the following ("Scott" is Scott Cooper, who was the CEO/founder of World Patent Marketing):

Mr. Rudsky:

Scott forwarded me your emails and I am concerned about what you are trying to communicate to Scott Cooper and WPM.

I am a former United States Attorney for the Southern District of Iowa and I also serve on World Patent Marketing's Advisory Board.

Your emails and messages from today seem to be an apparent attempt at possible blackmail or extortion. You also mentioned filing a complaint with the Better Business Bureau and to smear World Patent Marketing's reputation online. I am assuming you understand that there could be serious civil and criminal consequences for you if that is in fact what you and your "group" are doing.

I am familiar with your background and your history with Scott. Understand that we take threats like this seriously. Perhaps you can email me and specifically explain to me exactly what your intentions are with regards to World Patent Marketing so I can respond accordingly.
I can be reached at this email address.

Please conduct yourself accordingly.

Why is it that dubious threat letters from sketchy lawyers always seem to end with some variation on "govern yourself accordingly"?

Anyway, in March of 2017, the FTC filed a complaint concerning Cooper and World Patent Marketing. In May of this year, the case was closed out with the court granting a permanent injunction and monetary judgment against Cooper and World Patent Marketing. The court ordered a $26 million payment from the defendants, but also required Cooper specifically to hand over nearly $1 million from the sale of his $3.5 million home, and the rest of the judgment was suspended. There are a bunch of other stipulations in the order, requiring Cooper to accurately submit details of his business activities for many years into the future, and he is "permanently restrained and enjoined from advertising, marketing, promoting or offering for sale, or assisting in the advertising, marketing, promoting or offering for sale of any Invention Promotion Service."

Whitaker, it seems, was a bit player in this invention promotion scheme, but clearly was closely enough involved that he acted as a legal threat bully in at least that one case. That should certainly raise significant questions about how just a couple years later that same guy is suddenly the country's acting Attorney General.

47 Comments | Leave a Comment..

Posted on Techdirt - 8 November 2018 @ 9:22am

Don't Throw Out The First Amendment's Press Protections Just Because You Don't Like President Trump

from the not-how-it-works dept

Back in April, when the DNC first sued a whole bunch of people and organizations claiming a giant conspiracy between the Russians, Wikileaks and the Trump campaign, we warned that beyond the complaint including a ton of truly nutty claims, it was also an attack on the 1st Amendment. Much of what was described as violating the law by Wikileaks and others was classic journalism activity -- and a ruling in favor of the DNC would do massive harm to the 1st Amendment. Indeed, as the case has continued to move forward, more and more media organizations are warning about the possibility of a catastrophic outcome for news media should the DNC win this case.

Perhaps ironically, this puts Donald Trump on the same team, legally, as the people he repeatedly insists are "the enemy of the people." His lawyers, of course, don't mind the double standard and have been quick to correctly wrap themselves in the First Amendment to try to get the lawsuit dismissed. This is the proper result.

Unfortunately, Trump derangement syndrome means that otherwise competent people keep searching for a "but, Trump... " exception to the 1st Amendment. Over at Just Security, two former Obama White House lawyers -- Bob Bauer and Ryan Goodman -- try to argue the case for why the 1st Amendment doesn't protect the Trump campaign in this case. The crux of their argument is that the campaign was a lot more involved in seeking damaging information, rather than just passing it around once it had been leaked.

It is on fundamental factual distinctions between Bartnicki and the Trump case that the campaign’s First Amendment theory founders.  Unlike Bartnicki’s radio host, the campaign is not free of involvement in illegal activity. It did not merely comment on what the Russians and WikiLeaks conspired to make public. It willfully engaged with both the Russians and WikiLeaks in both the pursuit and the publication of the stolen emails—actions that bump up against clear prohibitions in federal campaign finance law. Foreign nationals may not contribute or spend funds to influence an American election, and, crucially, a U.S. political campaign cannot assist or act in coordination with foreign electoral intervention.

We know that the Russians were peddling assistance to a receptive campaign, that the campaign learned as early as April 2016 that Russians possessed stolen emails, th... Jr. advised the Russians on when to release derogatory information (“later in the summer”), that the Russian hacking operation continued long after the Russians first made contact with and were greeted receptively by the campaign, that the president himself publicly encouraged the Russian government to locate the so-called “missing“ Clinton emails, and that Russian spies quickly followed by trying to hack Clinton’s personal email. There are also reports that the Russians may have previewed the plan to disseminate the emails before ever doing so.  For the purposes of the ongoing civil suit, those allegations alone rob the campaign of its current defense.

But those paragraphs make a ton of assumptions, often without enough evidence to back it up. But much, much, much worse is the following paragraph that Bauer and Goodman put in, claiming that the media shouldn't be concerned about the 1st Amendment impact of this case:

There is misplaced concern that a defeat for this First Amendment defense puts media protections at risk. Federal campaign finance regulation supplies useful guidance here: It exempts standard journalistic activity, but denies those protections to conduct outside the “legitimate press function.” It is clear from disclosures by an internal WikiLeaks critic and other materials that Julian Assange targeted Hillary Clinton and sought to work with the Trump campaign and the Russians to secure her defeat. This is not a “legitimate press function.” And the conflation of Wikileaks’ plan of campaign attack with standard journalistic activity undermines important distinctions critical to the protection of the free press.

That paragraph is frightening and should worry anyone who believes in the 1st Amendment's protections for the press. These lawyers are basically arguing that they get to decide what is and what is not a "legitimate press function" and that working with a campaign automatically makes it not a legitimate press function. As Glenn Greenwald notes, there's a viable argument that under the description that Bauer and Goodman lay out here someone could just as easily argue that Vox or MSNBC aren't protected by the 1st Amendment either:

Some will argue that there are differences of degree and level of cooperation, but even if that's true (and it's not clear that it is), you've already wiped out the basic 1st Amendment protections because now every media outlet will need to argue, over and over again, whether or not any of its activity counts as "a legitimate press function." That would create massive chilling effects, and is a standard that could be easily abused.

Hell, just to bring this all back around, it doesn't take a stable genius to figure out what President Trump would start doing if he could argue the 1st Amendment doesn't apply to publications engaged in things that are "not a legitimate press function." And, incredibly, the DNC seems to want to hand him this very power. It's mind-boggling.

Dan Froomkin has an excellent reply to the Bauer/Goodman piece. He agrees that there may be some violations of the law buried in everything, but lumping in Wikileaks (even as he calls Julian Assange's recent activities "despicable") here is an attack on the basic 1st Amendment protections for journalists. Even if you dislike Trump massively, supporting these arguments is an attack on the press that will come back to bite everyone by handing the government and others a tool to argue that certain press activities are somehow not protected for not being "a legitimate press function."

56 Comments | Leave a Comment..

Posted on Techdirt - 7 November 2018 @ 3:24am

After Being Sued To Block Sci-Hub; Swedish ISP Blocks Court's And Elsevier's Website In Protest

from the but-is-that-a-good-thing dept

Late last week, Torrentfreak had a fascinating story about Bahnhof's response to a court case demanding it block the site Sci-Hub due to demands from Elsevier that Sci-Hub was inducing infringement of academic papers. We've written in the past about Sci-Hub. Rather than an evil piracy site as Elsevier likes to imply, it is a very clever system to allow academics to share and access other academic works. Of course, Elsevier prefers to lock up academic research that it did not pay for, which is a travesty. And it has gone after Sci-Hub in multiple jurisdictions, and is constantly playing a form of Whac-a-Mole as Sci-Hub keeps on moving around (not to mention each attempt at taking it down only seems to add to Sci-Hub's popularity). In this case, Elsevier sought a blocking order in Sweden. The Swedish ISP, Bahnhof, which has spent years pushing back against copyright maximalist extremism, but without much luck.

In giving in to the block demand, however, Bahnhof went a step further. It also put up a "block" for any subscriber visiting Elsevier's sites or the court's sites:

These are not full "blocks" per se. After reading Bahnhof's protest message, you can then apparently click through to the original site.

I posted this on Twitter on Friday and it got a huge response, with many people cheering it on. I think many of them had an initial gut reaction that this was a clever (and somewhat amusing) way to protest what many people feel is an unjust blocking order by turning the tables on those who requested and approved the blocking order. Indeed, that was my instinctual reaction as well. But, I don't think we should be that celebratory about this.

For one thing, this is exactly the kind of thing that many of us warn about concerning a lack of net neutrality laws. In this case, many people support this because they all agree that Elsevier is being ridiculous and censorial here. But... it's not hard to imagine a different situation. How would people feel if an ISP were, say, putting up a similar block page for anyone trying to visit a union webpage of striking telco workers? Because that happened once in Canada. Then... it feels a bit more like a giant company using its market position to silence critics in its workforce. We shouldn't change our views on what is and what is not okay for an ISP to do based solely on whether or not we like who is put out by the decision.

Sweden doesn't currently have net neutrality rules as far as I can tell, though ironically it appears that Bahnhof sells a pro-net neutrality hoodie. But blocking sites -- even to make a good point in the ridiculousness of the site blocking order -- still goes against net neutrality and raises serious questions about whether anyone should want an ISP inspecting the sites that we go to and interjecting its own man in the middle attack to make a political message.

Suddenly... it doesn't look quite as clever in that light. I understand the value of protesting an unjust court ruling, and this certainly feels like just desserts for Elsevier and the court, but we should always see it as problematic when an ISP is getting between us and the sites we want to visit, even if it's for a good cause.

44 Comments | Leave a Comment..

Posted on Techdirt - 6 November 2018 @ 6:30am

Georgia Scrambles To Patch Massive Vulnerabilities In Its Voter Registration System After Insisting It Was Totally Secure

from the so-about-that-voting-system... dept

Yesterday we had a rather incredible story about Georgia's Secretary of State, Brian Kemp, who, despite the conflict of interest, is both running for Governor and in charge of making sure Georgia's elections are fair. Over the weekend, Kemp had made a highly questionable claim that his opponents in the Democratic Party of Georgia had attempted to hack the voter registration system, and he was opening an investigation. As we noted, what appears to have actually happened was that an independent security researcher had discovered massive, stunning, gaping security flaws in Georgia's voter registration system, that would potentially allow anyone to access anyone else's information and even modify it. That's an especially big deal in Georgia, where the very same Secretary of State Brian Kemp had pushed for laws that meant that if any of your ID information was different from what was in the voter system, you didn't get to vote.

Incredibly, despite multiple security experts pointing out some fairly basic flaws, Kemp's office insisted the site was secure. According to press secretary Candice Broce:

“We can also confirm that no personal data was breached and our system remains secure.”

Elsewhere the Secretary of State's Office insisted there were no problems with the site. However, as ProPublica is now reporting, late Sunday night, after it had insisted there was nothing wrong, it appeared that someone behind the scenes was scrambling to patch the vulnerabilities:

ProPublica’s review of the state’s voter system followed a detailed recipe created by the tipster, who was described as having IT experience and alerted Democrats to the possible security problems. Using the name of a valid Georgia voter who gave ProPublica permission to access his voter file, reporters attempted to trace the security lapses that were identified.

ProPublica found the website was returning information in such a way that it revealed hidden locations on the file system. Computer security experts had said that revelation could give an intruder access to a range of information, including personal data about other voters and sensitive operating system details.

ProPublica’s attempt to take the next step — to poke around the concealed files and the innards of the operating system — was blocked by software fixes made that evening.

The same Candice Broce who had insisted that there was absolutely nothing wrong with the site then told ProPublica two obviously bullshit claims. First, that the setup that allowed users to see exactly where files were stored was standard practice, and so was making last minute changes to a voter registration website two days before an election:

Broce said the ability to see where files were stored was “common” across many websites, and she said it was not an inherent vulnerability. She did not deny that the website’s code was rewritten and would not say whether changes were made as a result of the possible security holes.

“We make changes to our website all the time,” Broce said. “We always move our My Voter Page to a static page before Election Day to manage volume and capacity. It is standard practice.” By Monday afternoon, the page did not appear to be static in the way Broce described, and she did not respond to a request to provide evidence of the change.

Of course, as anyone who has done any serious website building in, let's say, the last 10 to 15 years, knows well, that is not at all standard practice. But, let's see the quote from an expert anyway:

Joseph Lorenzo Hall, the chief technologist at the Center for Democracy and Technology in Washington, D.C., disputed that visibility into file storage was common. “It’s definitely not best practice,” he said. He said it appeared the state had made the change in response to being notified of the problem and could see no reason why officials would otherwise make such a change ahead of Election Day.

Security experts frown on making such seemingly ad hoc changes close to major events, such as an election, because they can create unforeseen problems when made so quickly.

Basically, it appears that Kemp and the Secretary of State's office are betting on voters in Georgia being totally ignorant. Meanwhile, this is the same office that just a couple months ago made the following bold statement:

“There has never been a breach in the Secretary of State’s office. We have never been hacked, and according to President Trump and the Department Of Homeland Security, we have never been targeted. Georgia has secure, accessible, and fair elections because Kemp has leveraged private sector solutions for robust cyber security, well before any of those options were offered by the federal government.”

I don't care what side of the partisan divide you fall on, but Kemp's actions in failing to protect the system, overseeing the voting in his own election, then attacking the messenger for pointing out his own vulnerability, denying the vulnerability, and then scrambling to fix the vulnerability at the last minute without telling anyone, should disqualify him from running a Burger King, let alone being Governor of the state of Georgia.

39 Comments | Leave a Comment..

Posted on Techdirt - 5 November 2018 @ 2:33pm

A Decade After Realizing It Can't Threaten A Critic Online, UCLA Returns To Threaten A Critic Online

from the don't-they-teach-lawyers-the-1st-amendment-any-more? dept

Back in the early days of Techdirt, we used to talk about legal disputes involving so-called "sucks sites" -- i.e., web addresses that use a company or organizations' name along with a disparaging adjective, in order to setup a website criticizing the company. In the early 2000s there were a bunch of legal disputes in which overly aggressive lawyers would threaten and/or sue the operators of such sites, claiming they were trademark infringement. Spoiler alert: they were not trademark infringement. There was never any confusion over whether or not the sites were actually endorsed by the trademark-holder (because the sites were criticizing the trademark holder.) Nor, in most cases, was there any commercial activity, which is necessary for a trademark violation.

For the most part, lawyers have finally learned that going after sucks sites is a bad idea and we don't hear of as many cases these days. But they do sometimes pop up. The latest is particularly stupid, involving the University of California, Los Angeles (UCLA). The details are laid out for you nicely by Adam Steinbaugh of FIRE (the Foundation for Individual Rights in Education), an organization focused on protecting free speech on campus.

You see, UCLA had done this before. Way back in 2009 it had threatened a critical site run by a former student:

In 2009, the university sent a letter to former student Tom Wilde, alleging that his website’s domain names, ucla-weeding101.info and .com, infringed on the university’s trademarks and amounted to a criminal act under California Education Code Section 92000, which purports to authorize public universities to police virtually any use of their name or acronym. FIRE wrote to UCLA in 2009, explaining that the First Amendment protects “cybergriping” websites and noting that the university’s purported authority under the California Education Code was contrary to the university’s obligations under the First Amendment.

After some hesitance, UCLA backed down.

But, as you likely guessed, they've done it again. And, here's the real kicker: UCLA sent a letter to the same guy over the same website. As Steinbaugh notes, the latest letter is less threatening and more friendly, talking about giving Wilde a "friendly reminder" and asking as a "courtesy" for him to "remedy" his claimed misuses of UCLA's trademark and... building images (?!?). FIRE again took up the case, reminding UCLA of what happened a decade ago and asking it to retract the letter. Incredibly, UCLA refused to do so, saying that Wilde was creating confusion by using similar images and design. However, a quick comparison of the two sites suggests that no one is going to be confused that the one on the left is officially a part of the one on the right:

UCLA also had claimed in its new letter that it sent that in response to "an inquiry" about Wilde's site. FIRE filed a public records request to find out who the hell "inquired." Turns out: it was a UCLA staff member on the external affairs team who sent an email pointing to the site and saying:

Grumpy former student has created this FB page and website…was thinking that the Royce Hall image and use of UCLA in the domain name might both be no-nos.

This was under the subject "protecting the brand."

Right. So this wasn't someone confused about the site. It was someone who thought that they could go after a site that was critical of UCLA by abusing trademark law -- something that has long been a non-starter, and which is an insult to the First Amendment.

You know how you protect your brand? By not threatening critics with a potential legal attack over First Amendment protected speech. And, also, not doing that twice.

14 Comments | Leave a Comment..

More posts from Mike Masnick >>