Mike Masnick’s Techdirt Profile


About Mike MasnickTechdirt Insider

Mike is the founder and CEO of Floor64 and editor of the Techdirt blog.

He can be found on Twitter at http://www.twitter.com/mmasnick

Posted on Techdirt - 28 September 2016 @ 10:41am

Oracle's 'Gamechanger' Evidence Really Just Evidence Of Oracle Lawyers Failing To Read

from the are-we-done-yet? dept

It's the case that will never die. As you may recall, over the summer, Oracle asked Judge William Alsup for yet another trial over Google's copying of some Java APIs in Android, claiming that Google had failed to disclose that Android apps would work on Chromebooks. At a hearing last month it seemed very possible that Alsup would order another trial, but (thankfully!) he has now denied Oracle's request for the same exact reason he denied their first request for another trial at the beginning of the summer. He literally says:

Oracle’s new Rule 50 motion is denied for the same reasons as its old one.
First, Alsup defends his earlier decision to limit the trial to Android's use in smartphones and tablets. It's a long explanation, but a sensible one. In short, because of the (ridiculous) Federal Circuit ruling rejecting Alsup's (much earlier) determination that APIs were not subject to copyright (which was the correct ruling, but was overturned because the Federal Circuit is clueless), the case was sent back to the lower court, years after the original verdict that said Google's use was infringing. This trial was over just the fair use question, but was built off of that earlier verdict. Google argued that adding in a bunch of new devices that used Android (as Oracle wanted) that didn't exist when the first trial happened wouldn't make sense, as they introduced new questions and issues that weren't raised in the first trial -- and Alsup agreed. Alsup also notes that Oracle is "free to pursue its claims for infringement arising from Google’s implementations of Android in devices other than smartphones and tablets in a separate proceeding and trial." In other words, no matter the outcome of this case, Oracle may still file another lawsuit over Android in the future. So, in the end, Alsup notes that Oracle wanted to have the court accept the first jury verdict, but then expand it way beyond its scope:
In its new trial motion, Oracle now argues that it was error to limit the device uses in play to smartphones and tablets. We should have had one mega-trial on all uses, it urges. This, however, ignores the fact that Oracle’s earlier win on infringement in 2010 — the same win it wished to take as a given without relitigation — concerned only smartphones and tablets. And, it ignores the obvious — one use might be a fair use but another use might not, and the four statutory factors are to be applied on a use-by-use basis. Significantly, the language of Section 107(4) of Title 17 of the United States Code directs us to consider “the effect of the use upon the potential market for or value of the copyrighted work.” Oracle cites no authority whatsoever for the proposition that all uses must stand or fall together under the fair use test of Section 107.
Alsup also scolds Oracle, in noting that while it wanted to lump in all sorts of post-2010 actions by Google, it successfully blocked the introduction of post-2010 evidence that would have helped Google:
Oracle itself, it must be said, successfully excluded at least one post-2010 development that would have helped Google. Specifically, a pretrial ruling obtained by Oracle excluded evidence tendered by Google with respect to Android Nougat. Significantly, this evidence would have shown that (back in 2008) all of the accused APIs could simply have been taken from OpenJDK, Sun’s own open-source version of Java, apparently in full compliance with the open-source license. Put differently, Sun itself had given away Java (including all of the lines of code in suit) in 2008 via its open-source OpenJDK. In 2015, Google used OpenJDK to reimplement the Java APIs for the latest release of Android, which it called Nougat. Google wished to use this evidence under the fourth fair use factor to show that its infringement did no more market harm than Sun itself had already invited via its own OpenJDK release. Despite its importance, the Court excluded this development because it had not been presented by Google in time for effective rebuttal by Oracle. This exclusion was a major win for Oracle in the weeks leading up to trial.
Then on to the main show: Oracle's claim that Google hid the plans to make Android apps work on Chrome OS. Google had revealed to Oracle its "App Runtime for Chrome" (ARC) setup, and it was discussed by Oracle's experts, but at Google I/O, Google revealed new plans for apps to run in Chrome OS that were not using ARC, but rather a brand new setup, which Google internally referred to as ARC++. Oracle argued that Google only revealed to them ARC, but not ARC++ and that was super relevant to the fair use argument, because it showed that Android was replacing more than just the mobile device market for Java. But, here's Oracle's big problem: Google had actually revealed to Oracle the plans for ARC++. It appears that Oracle's lawyers just missed that fact. Ouch.
Throughout the briefing and argument on this motion, Oracle left the distinct impression — more accurately distinct misimpression — that Google had stonewalled and had completely concealed the ARC++ project. This was an unfair argument.

In fact, Google timely produced at least nine documents discussing the goals and technical details of ARC++ and did so back in 2015, at least five months before trial. Counsel for Oracle now acknowledges their legal team never reviewed those documents until the supplemental briefing on this motion. The Court is disappointed that Oracle fostered this impression that no discovery had been timely provided on the ARC++ project eventually announced on May 19.

Rule 26(e) requires a party to supplement discovery responses in a timely manner only “if the additional or corrective information has not otherwise been made known to the other parties during the discovery process or in writing” (or if otherwise ordered by the Court). This creates a “‘duty to supplement,’ not a right.” Luke v. Fam. Care and Urgent Med. Clinics, 323 Fed. Appx. 496, 500 (9th Cir. 2009). Nevertheless, Google had no duty to supplement responses with new information that had already been disclosed in the ARC++ documents already produced.

Oracle should have known that items produced in response to its own document requests potentially contained information that supplemented Google’s earlier written discovery responses. Oracle’s failure to review the ARC++ documents is its own fault.
That's a pretty big error on the part of Oracle's lawyers. For all the bombast that they went after Google with in court last month, to then have to admit that they were the ones who had failed to actually read the material that Google supplied them is... really, really bad. If I'm Oracle, I'm really pissed off, because these lawyers from Orrick are not cheap and they just wasted a ton of Oracle money because of their own mistakes.

Judge Alsup also notes that none of this really matters anyway because (once again) this trial was limited to the situation back in 2010, when Android was just in use on phones and tablets, and the desktop/laptop issue was left out of the case (in part because of Oracle's own desire not to relitigate the first part of the trial).
Oracle’s purported “game changer” would not have changed anything at all, because the scope of the “game” was smartphones and tablets, postponing new and later uses to a later contest. ARC++ was not yet on trial. Thus, any failure to produce such evidence could not have substantially interfered with Oracle’s preparation for our trial. On the contrary, it clearly and convincingly would have been inconsequential.
There are a few other attempts from Oracle that Alsup rejects as well -- including some stuff about one particular witness having a single line of an email redacted. There was also an attempt to present some evidence suggesting that Sun wasn't as happy about Google's actions as Google had implied during its testimony, but it involved (yet again) some bizarre behavior by Oracle's lawyers, withholding documents from Google until the very last minute. And, again, Judge Alsup notes that the documents don't really support Oracle's contention anyway. There were a few more arguments in there as well, which aren't as important, but you can read them all in the full ruling from Alsup if you are a glutton for such punishment.

Either way, it's almost certain that Oracle will appeal certain aspects of all of this, and in some sense, this is all just procedural posturing anyway. And, on top of that, Oracle may file a new case against Google for non-tablet/phone uses anyway. In short: this case is nowhere near over, but if you get anything out of these documents, it's that Oracle, the company, should be pretty upset at the lawyers it hired for making a big deal out of something that only served to show that they didn't do their job.

Read More | 15 Comments | Leave a Comment..

Posted on Techdirt - 28 September 2016 @ 9:34am

Photographer Successfully DMCAs Trump Jr.'s Skittles Image

from the copyright-and-politics dept

So, just last week, we wrote about how David Kittos, a refugee from Cyprus now living in the UK, had taken the photograph of a bowl of Skittles that Donald Trump Jr. had used in a tweet about banning refugees. Kittos said he was thinking about taking legal action, but said he wasn't sure he had the patience for it. But, of course, thanks to US copyright law, if you want something to disappear, you don't have to go through a whole litigation process, you can just use the DMCA. And that's exactly what David Kittos did (first noticed by The Washington Post, which may have a paywall).


== Description of original work: Photography of a bowl of Skittles from my flickr library which was copied WITHOUT my permssion

== Links to original work: https://www.flickr.com/photos/david_kittos/[REDACTED]/


== Reported Tweet URL: https://twitter.com/DonaldJTrumpJr/status/[REDACTED][REDACTED]

== Description of infringement: The image of a bowl of skittles is mine and has always been set as "ALL RIGHTS RESERVED" in my flickr library It was copied and is being used WITHOUT my permission. I have never been contacted by Donald Trump Jr or any representative about the image, before of after it was used in the Tweet.

And it worked:
Now, of course, there's a question of whether or not Trump Jr. will file a counternotice, and then if Kittos would actually follow through with a lawsuit. I'm guessing neither will happen, but who really knows? There's a possible, but not really that strong, argument that Trump Jr.'s usage was fair use. And it does seem like Kittos' takedown is much more about his objection to the speech, rather than the possible infringement -- and, once again, that suggests it's another example of using copyright to censor speech someone doesn't like. As I made clear, I think the Skittles analogy is incredibly stupid (and racist), but that doesn't mean I'm comfortable with using copyright to silence it.

62 Comments | Leave a Comment..

Posted on Techdirt - 28 September 2016 @ 8:31am

Can Someone Explain To The RIAA That SOPA Didn't Actually Pass?

from the let's-try-this-again dept

Earlier this week, basically all of the major record labels filed a lawsuit against YouTube-mp3.org, which as you may have guessed from the URL, helps people get audio downloads from YouTube videos. There have been a number of similar sites over the years, and they tend to disappear relatively quickly. Apparently this one lasted long enough that the major labels decided to sue.

There are many, many, many problems with the lawsuit which we'll be discussing, but let's start with the big one. The RIAA and the labels seem to believe that SOPA became law back in 2012, rather than being soundly rejected. That's because, as the EFF notes in a blog post, the real target of the lawsuit does not appear to be Youtube-mp3.org, but a bunch of third party service providers. Specifically, the lawsuit asks for two highly questionable remedies targeting non-parties to the lawsuit:

enjoining Defendants and all third parties with notice of the Order, including any Web hosts, domain-name registrars, domain name registries, and proxy or reverse proxy services, and their administrators, from facilitating access to any or all domain names, URLs and websites (including, without limitation, www.youtube-mp3.org) through which Defendants infringe Plaintiffs’ copyrights;
enjoining all third parties with notice of the Order from maintaining, operating, or providing advertising, financial, technical, or other support to YTMP3 and any other domain names, URLs, or websites through which Defendants infringe Plaintiffs’ copyrights, including without limitation www.youtubemp3.org; and enjoining all third-party distributors of applications, toolbars or similar software with notice of the Order from distributing any applications, toolbars, or similar software applications that interoperate with any domain names, URLs, or websites through which Defendants infringe Plaintiffs’ copyrights, including without limitation www.youtube-mp3.org.
Again, this was the kind of remedy SOPA was designed to enable. But SOPA did not become law. As the EFF points out:

As we’ve explained before in other cases, this request is a gross overreach. Federal court rules have a narrow provision that lets successful plaintiffs request a court order against a defendant and people in “active concert and participation” with them, meaning a close associate or co-conspirator. That provision doesn’t allow for orders that bind every vendor providing services to a defendant, especially those with no direct business relationship. So the litany of intermediaries listed in the labels’ complaint are not within the court’s power to bind.

What the complaint asks for is also far broader than the law allows. By asking all of those intermediaries to block all “websites through which Defendants infringe Plaintiffs’ copyrights,” without specifying the URLs, the labels are seeking to conscript all of these companies as investigators who must chase down the defendants and block every website they use, under any name. Neither copyright nor trademark law allows courts to put this burden on Internet intermediaries, and for good reason: it’s prohibitively expensive for many, it inevitably leads to blocking of lawful speech, and it gives a big advantage to established players.

Finally, and perhaps worst of all, the record labels want to ban “any applications” that might “interoperate” with with youtube-mp3.org and any other websites owned by the defendants. That would seem to require every Web browser, mobile app, and Internet-connected device to block an ever-changing list of websites. Left unchecked, these kinds of orders could become a mechanism whereby the content industry gets veto power over online innovation.

Also, according to the lawsuit, which was filed in California, the site is owned by a guy in Germany, Philip Matesanz. An RIAA press release notes that the IFPI has also indicated it's going to file a similar case in the UK. Considering that there's a decently high chance that the guy in Germany won't bother responding to a lawsuit halfway around the world, the RIAA and its labels may simply be hoping for a default judgment, which they can then use to force all those third parties into blocking a website, despite a lack of a full trial over the issues with the case.

And, oh boy, does this lawsuit have serious issues. On a conceptual level, how is what this site is doing really all that different from a VCR in recording a TV show? In this case, it's just recording an audio file from a video file. And such recordings for personal time shifting uses are considered fair use and not infringing. It's also quite a useful tool for other fair use activities too — we've used a similar site to grab audio quotes from videos for discussion in our podcast. The "stream ripping" site is just a tool for making such fair use recordings, meaning it has substantial non-infringing uses. So why do the RIAA and these labels insist that it's infringing?

The lawsuit notes that this service likely violates YouTube's terms of service, but YouTube/Google are not the plaintiff. They're not the ones arguing over the terms of service being violated (in fact, you could argue that Google is a target of the lawsuit via the third party injunction attempts discussed above).

Part of the lawsuit alleges that YTMP3 violates the DMCA by "circumventing" YouTube's "technological measures" designed to block access to the actual video file, but it's not clear how this kind of thing is really a technological protection measure under the DMCA. All it does is obscure the full URL, but still make it accessible. Is it really circumvention to figure out how to get to a publicly accessible URL? That seems like a big leap by the RIAA:
Plaintiffs are informed and believe, and on that basis allege as follows: YouTube has adopted and implemented technological measures to control access to content maintained on its site and to prevent or inhibit downloading, copying, or illicit distribution of that content. YouTube maintains two separate URLs for any given video file: one URL, which is visible to the user, is for the webpage where the video playback occurs, and one URL, which is not visible to the user, is for the video file itself. The second URL is generated using a complex (and periodically changing) algorithm – known as a “rolling cipher” – that is intended to inhibit direct access to the underlying YouTube video files, thereby preventing or inhibiting the downloading, copying, or distribution of the video files.
That second URL is not "protected" in any real way. It's a publicly accessible URL -- it's just that YouTube doesn't make it easy to find. So does that really count as circumvention? That seems like a big question here as well.

Either way, as noted above, these important questions may not get answered if YTMP3 simply decides to ignore the lawsuit -- and the RIAA may very well be counting on that. It really does seem like the labels deliberately picked a site that is likely not interested in defending this lawsuit, no matter how questionable, allowing it to really go after a ton of 3rd party sites and services, as if SOPA were the law.

Read More | 38 Comments | Leave a Comment..

Posted on Techdirt - 27 September 2016 @ 2:37pm

Immigration Board Says You Can Be Deported For Copyright Infringement

from the moral-turpitude dept

While we still wait to see if Kim Dotcom can be taken against his will from another country into the US for "copyright infringement" claims, apparently the DOJ has also decided that it can work the other way. The Justice Department's Board of Immigration Appeals has said that people can be deported for copyright infringement. Apparently the law (the Immigration and Nationality Act) says that non-citizens can be deported if they commit crimes "involving moral turpitude" but had never weighed in on whether or not copyright infringement counted. But now they have:

On Friday, leaning heavily on precedent that previously declared criminal trademark infringement a CMT, the board said criminal copyright violations “must also be a crime involving moral turpitude.”

“Like the use of a spurious trademark ... respondent’s copyright infringement also involves significant societal harm,” BIA member Hugh Mullane wrote in Friday’s ruling. “Congress has made clear that copyright infringement enforcement is an important priority and that the risks and costs associated with intellectual property crime are significant.”
To be fair, this was a case of criminal copyright infringement, and not civil copyright infringement -- and the board noted that because criminal copyright infringement requires the showing of "willfulness," it suffices for the "moral turpitude" question. The person in question, Raul Zaragoza-Vaquero, had been arrested for selling 800 copied CDs to an RIAA investigator. He received 33 months in prison and had to pay $36,000... and was then told he had to leave the country.

The fact that it's only for criminal copyright infringement is certainly better than it being for any copyright infringement, but we've seen some bizarre attempts to turn what clearly should be civil copyright infringement cases into criminal ones (the Kim Dotcom case being but one example).

30 Comments | Leave a Comment..

Posted on Techdirt - 26 September 2016 @ 11:43am

Movie Theater Security Guards Assault Women, Claim They Were Pirating Movie

from the has-it-really-come-to-this? dept

It's well-known that the big studios and the MPAA like to indoctrinate movie theater employees into believing that there's a horrible menace of people trying to pirate movies in the theaters, and that in some cases, they even hand out money to employees who "catch" pirates in the act. In general, all this really does is make it less enjoyable to go to the movies -- and sometimes leads to elderly patrons being ejected from theaters because some kid is totally sure she's pirating the film she's watching.

And the latest example is even more extreme, where private security forces apparently decided to assault a couple of Toronto women they falsely accused of pirating a showing of The Magnificent 7. One of the women, Jean Telfer, says she actually decided to leave the film early because she found it too violent. Apparently the idea that a pirate probably wouldn't be leaving in the middle of a film didn't occur to the geniuses Sony Pictures had specifically hired to "guard" the showing. So they tackled Telfer. Really.

Halfway through the film, Telfer decided to leave because she found the movie to be too violent.

“When I left the theatre I heard someone yelling behind me, ‘Sir! Sir!’ I didn’t think much of it,” said Telfer.

“Out of nowhere I felt someone grab me from behind. My reaction [was] to get this person off of me. Unfortunately it did escalate and he did somehow get on top of me.”
Bizarrely, despite all of that, the guy who tackled her never told her why and then just let her go. But when her friend, Elaine Wong, also went to leave, the experience was a bit different.
Wong, unaware of what had happened to her friend, left the theatre shortly after to find Telfer.

Wong said a guard approached her and little explanation was given except that the security guards had been watching them all night and that something on the guards’ heat sensor guns had gone off. She added that they attempted to search her bag.
Wong noted that they left right before the action really started, and if they were trying to pirate a movie, you'd think they'd "wait until a lot of people start dying." Eventually both Telfer and Wong were told to remain with security until the police arrived -- though after a while when no police arrived, they were apparently let go. The two did decide to file a police report of their own, arguing that they had been illegally assaulted by security at the theater.

In some tweets, Wong notes that they demanded to search her bag, and also demanded to know why they were leaving early -- as if that were some sort of "sign" of piracy in action (though she refers to the guy as being from Disney, the news reports say he was hired by Sony).
Once again, I fail to see how treating regular customers as criminals helps Hollywood convince more people to pay to see movies. It likely has the reverse effect.

69 Comments | Leave a Comment..

Posted on Techdirt - 26 September 2016 @ 8:34am

The Weird Psychology Of People Fighting Those Who Resell Their Products

from the why-do-this? dept

Every so often, we hear a story about actions taken by someone who is just so upset about someone else doing something that it seems to border on obsessive. For example, when we hear about copyright holders who spend all their time sending DMCA takedowns -- while whining about how they're unable to produce new content and aren't making any money from sending all those takedowns. The obvious response is: maybe stop sending all those takedowns and focus on something that's actually productive, like creating new works and building a fan base willing to support you.

Recently, the Planet Money podcast had an episode with a similar story but in a different realm -- but it was just as stupid and wasteful. It was about this entrepreneurial couple who had created a cat toy product, which was becoming fairly successful through selling it on Amazon. And yet, they were completely freaked out by arbitrageurs. These weren't pirates or counterfeiters. Rather, they discovered that people were posting their cat toy to eBay (for a lot more money), and if someone bought, they'd just order it from Amazon, and have it ship directly to the buyer. I've heard of people having this happen to them -- where they'd order from one place and receive a shipment from Amazon instead (sometimes with the actual invoice price included...).

This is all perfectly legal. There's no law against reselling products. It's just arbitrage. But the couple, Fred and Natasha Ruckel, freaked out about this and spent a ton of time every day sending cease-and-desist letters to these eBay sellers.

First thing in the morning, check for arbitrageurs. Last thing at night, check for arbitrageurs, send out any cease and desists before or after. It was taking up an inordinate amount of time, and it was super stressful.
Ruckel does make a few valid points: the eBay arbitrageurs provide a less satisfying experience -- their sales pages don't look great and Ruckel wishes to have a better experience for the customers to boost brand loyalty. On top of that, the even more valid concern is that when people order via eBay for $60 and receive a box from Amazon showing the price was $40... they get pissed off. And often they return the product, and that leads to restocking fees that Ruckel has to pay -- plus just general hassle. That part is a valid concern, but from all indications this was still making them money.

And if it was really taking up so much time to send out these cease and desist letters -- and it was "super stressful" why not just drop it altogether? Why bother? Just focus on selling your products. Or, hell, just put your own product up on eBay. To be fair, while this is not mentioned in the podcast, in an article in Entrepreneur Magazine about this same story, it does note that he tried, briefly, to put the product up on eBay too, but whines that people still copied him:
This summer, Ruckel tried a new approach: He put his own product on eBay and titled it “All other eBay sellers are fake.” A few weeks later, he stumbled upon an eBay listing with a familiar title. “All other eBay sellers are fake,” it said. It wasn’t his, of course.

Someone had copied that, too.
But, uh, so what? Assuming that he posted them to eBay with the same price as his Amazon sales, then there shouldn't be a problem. All the arbitrageurs should be driven out of business, since his would be priced lower than the arbitrageurs. So who cares if they claim to be the legit provider, when people would likely flock to the cheapest one anyway? Nothing in this story makes sense.

Especially this last part. Ruckel apparently got so frustrated with the "stress" of dealing with arbitrageurs, that he yanked his stuff off of Amazon entirely... and saw his sales drop drastically.
We pulled out of the whole Prime shipping thing in May. And at that point, we were over 60,000 a month in sales. And in a blink, 60,000 went down to 25,000.
Planet Money asks them if it was worth it -- and they said that it was. Because "integrity."
F RUCKEL: Integrity is important to us.

N RUCKEL: And the stress factor...

F RUCKEL: And the stress...

N RUCKEL: ...Was completely removed.

F RUCKEL: So we removed all the stress.
Yeah, and you also removed more than half your business. Again, this reminds me of the person who claimed they were "wasting" half of their royalties sending DMCA takedown notices that weren't effective. Why do that? Why kill your sales just because someone else figured out a way to resell your product better than you have?

There's some weird psychology going on here. It reminds me of the classic economics class game, whereby two students (Student A and Student B) are selected by the professor, and Student A is given $10 and told to share some of it with Student B -- but if Student B rejects Student A's offer, then no one gets any money. Under such conditions, even if Student A offers Student B just $1 (keeping $9), Student B should take it. Both of them are better off than getting nothing. And yet, time and time again, Student B rejects offers that are seen as "too small." Basically, they feel insulted, cheated or ripped off -- even though that's ridiculous. It's a weird attempt to insert a "fairness standard" where it doesn't make any sense, and where "punishing" Student A is more "valuable" to Student B than the small payout.

It feels like something similar must be happening here. People like the Ruckels would prefer to punish others, making their own product harder to find and more difficult to buy, than to allow anyone else to possibly benefit from it. I get that it happens, but it still confuses me to no end why anyone could possibly think it's a good result.

47 Comments | Leave a Comment..

Posted on Techdirt - 26 September 2016 @ 6:33am

Congressional Rep Mike Honda Sues Challenger Ro Khanna For CFAA Violation Over Access To His Donor List

from the oh-boy dept

So, the CFAA strikes again, and this time right in the heart of a Silicon Valley political fight. If you live in or around the Silicon Valley tech industry, you probably know who Ro Khanna is. He's often been described as the "candidate for Congress that Silicon Valley prefers." It feels like he's been running for Congress against incumbent Rep. Mike Honda forever, but it's really just in the past two elections. Here's a big Bloomberg profile of him from 2013 when he first challenged Honda, losing narrowly to him in the 2014 election, despite having support from many Silicon Valley tech industry stars. This year, he's running again, and in the primary, Khanna narrowly beat Honda, suggesting good things in the general election in November (the top two candidates in the open primary move on to the general election, regardless of party).

Khanna is known for his pro-internet views, while Honda has a reputation for not really understanding or caring very much about the internet.

And now... Honda has sued Khanna under one of the most hated laws on the internet, the CFAA (Computer Fraud & Abuse Act). As we've discussed for many years, the CFAA was supposed to be an "anti-hacking law" that was created by politicians who were (literally, no joke) scared by the fictional movie War Games into writing an anti-hacking law in the 1980s. The law has many, many, many problems, but the biggest one, which comes up again and again in cases, is that it has a vague standard of "unauthorized access" or "exceeding authorized access."

Not surprisingly, that's the issue in this case as well. In short, Brian Parvizshahi was (until Thursday night) Khanna's campaign manager. Way back in 2012, Parvizshahi had briefly (as in, for just a few weeks) worked at Arum Group, an organization that helped Mike Honda with fundraising. After he left Arum Group, apparently no one at the company thought to turn off his access to the Dropbox where they stored all their info about donors. Now, to most people, you'd think that the issue here would be Arum Group's bad policies. But, under the CFAA some can argue that continuing to access that file is a form of "unauthorized access."

And that's the central claim here in the lawsuit. Honda claims that Parvizshahi continued to access that Dropbox folder that he was given access to four years ago and which Arum Group never shut down -- and thus he, and the whole Khanna campaign -- violated the CFAA. You can see the full filing here.

Now, we can say that Parvizshahi continually accessing this info -- especially after starting to work for Khanna -- was really, really dumb. Especially since his actions were clearly viewable in Dropbox -- including cases where he supposedly "edited" the files. From the lawsuit, here's just one of many, many images:

It is worth noting, though, that some of the screenshots merely show Parvizshahi "adding" the document to his desktop, which might have happened automatically if he was syncing his Dropbox account to his computer, which is the way many people set things up.

One other sketchy thing here is that someone sent a copy of Honda's donor list to San Jose Inside magazine in late 2015 -- and apparently the file they got matched a file in the Dropbox folder that Parvizshahi had accessed.

So while it may have been dumb for him to do so, the real fault here would seem to lie with Arum Group for (1) giving Parvizshahi access on what appears to be his personal Dropbox account, rather than adding a professional account that it controlled and (2) failing to revoke his access after Parvizshahi left, and not even noticing it for years. That seems to be the really negligent move here.

But, with the way courts have been interpreting the CFAA, it does seem entirely possible (if ridiculous) that a California court could interpret this to be a CFAA violation for Parvizshahi at the very least. If that also applies to Khanna, that would seem doubly ridiculous. Either way, as far as I can tell, while Khanna has taken a position on a number of issues related to tech policy, I don't see anything about the CFAA. Perhaps this particular episode will change that.

Read More | 18 Comments | Leave a Comment..

Posted on Techdirt - 23 September 2016 @ 7:39pm

Arguments Over Internet Governance Transition Get Even More Stupid

from the make-it-stop dept

So, yesterday, we noted that the Senate at least seemed to come (at least somewhat) to its senses in choosing not to include the ridiculous and dangerous proposal from Ted Cruz (and supported by Donald Trump) to block the transition of the IANA functions of internet governance away from the Commerce Department. I won't go into (once again) why this is important and not a problem, or even why Cruz's objections to it are so backwards that his plan will actually make it more likely that the "bad" result he keeps warning about will actually come to pass. You can reread the older articles on that.

However, with Democrats complaining about the Senate's Continuing Resolution and a vote on it being pushed off, the debate over the possibility of blocking the transition is still going on. Hell, Ted Cruz even pointed to Donald Trump's support of his plan as a reason to finally endorse Trump:

Internet freedom. Clinton supports Obama’s plan to hand over control of the Internet to an international community of stakeholders, including Russia, China, and Iran. Just this week, Trump came out strongly against that plan, and in support of free speech online.
Except, none of that is true. First, the plan does not hand over control to Russia, China and Iran -- and keeping IANA under the Commerce Dept. makes it A LOT MORE LIKELY that that coalition of countries is able to grab control of the IANA functions from ICANN and the US. But, uh, even more importantly, claiming that Trump is in favor of "free speech online" is laughable. This is the candidate who has repeatedly talked about "opening up our libel laws" to go after speech he doesn't like, has threatened to sue many publications for protected speech, and has flat out declared that we should turn off parts of the internet and anyone who responded with "freedom of speech" was "foolish."
But, that's still not the craziest argument I've heard recently concerning the transition. The award there goes to Theresa Payton, who was a top IT staffer at the White House under George W. Bush and now runs a "cybersecurity" firm. She wrote a bizarre opinion piece in The Hill that, frankly, calls into question whether she understands what ICANN even does. She tries to argue that the transition will somehow make it easier for Russia to hack our election... because [reasons].
Changing who controls the Internet Corporation for Assigned Names and Numbers (ICANN) so close to our presidential election will jeopardize the results of how you vote on Nov. 8 unless Congress stops this changeover. When the calendar hits Sept. 30, a mere 6 weeks before our election, the United States cannot be assured that if any web site is hacked, the responsible party will be held accountable. We cannot be sure if a web site is a valid. We cannot be sure if one country is being favored over another. These are all the things ICANN is responsible for and has worked perfectly since the Internet was created. Why change it now and so close to the election? Why does that matter to you as a voter?

Take a look at recent cyber activity as it relates to the election. The Democratic National Convention was breached comprising the entire party’s strategy, donor base, and indeed, national convention. Everything the DNC had done to prepare for a moment four years in the making (if not longer) was undermined by a hacker who had been in their system for some time but waited for the optimal moment to spring it on the DNC – opening day of the convention. The FBI and other U.S. agencies, as the headlines blare, suspect Russia is responsible for the hack. Recently, Vladimir Putin went so far as to say, "Does it matter who broke in? Surely what's important is the content of what was released to the public.”
Except, uh, ICANN has nothing to do with figuring out who hacks who. Nor is it the party that's figuring out if one country "is being favored over another" or if a "website is valid." That's not ICANN's job, and has nothing to do whatsoever with the IANA transition -- which will leave the internet working exactly as it has before. Honestly, this opinion piece does nothing to call the transition into question, but does a tremendous job in calling Theresa Payton's knowledge of technology and cybersecurity into question.
ICANN does more than just assign and/or approve your website’s domain. ICANN has its own Security and Stability Advisory Committee, which “engages in ongoing threat assessment and risk analysis of the Internet naming and address allocation services to assess where the principal threats to stability and security lie, and advises the ICANN community accordingly.” They are equivalent to your security guard at the bank. Why change the security guard now when voter data is more vulnerable – and prized - than ever?

If ICANN changes hands, so do the security measures taken to protect the rightful owner of your web site. If a site was hijacked today – not an uncommon crime in the cyber world - to reassert yourself as the rightful owner, you would go through law enforcement channels, your domain provider, and yes, ICANN.
First of all, the "transition" in question isn't about transitioning all of ICANN. Just its IANA functions, which only have a symbolic connection to the US government. Second, Payton seems to not understand what ICANN does, what the ICANN SSAC does, or how internet security works. They are not the equivalent of the "security guard at the bank." You'd think the CEO and founder of a "cybersecurity" company would know that. And, after the IANA transition takes place, ICANN itself doesn't "change hands" nor does it change what the SSAC does, which isn't anything even remotely close to what Payton seems to think it does.

Don't trust me? How about Stephen Crocker, who heads ICANN's Board of Directors -- and also helped create the damn internet. You know how much of the internet was designed through "RFCs" -- "Requests for Comments" -- well, Crocker invented the RFC and wrote the very first one. I think he knows what he's talking about. And he and the head of ICANN's SSAC, Patrik Fallstrom, have responded to Payton with a nicer version of "you have no idea what you're talking about."
The SSAC is not a “security guard” for the Internet. The SSAC has no enforcement power, and the value of its advice is based on the strength of the facts underlying such advice.

The Security and Stability Advisory Committee advises the ICANN community and Board on matters relating to the security and integrity of the Internet's naming and address allocation systems. Our recent work include advisories on a wide range of topics such as internationalized domain names, protecting domain name owners and operators, best practices for domain name registrars, analysis on the changing nature of IPv4 address semantics, and advice on matters pertaining to the correct and reliable operation of the root name system and other issues (see https://ssac.icann.org/ for more details). The SSAC neither operates as a security guard for the Internet, nor does it aspire to.

The IANA transition has no practical effect on the work and activities of the SSAC. Nor does the transition have any effect on the security and stability of website owners worldwide. The risk of compromise of a website owner does not increase as a result of the IANA transition, since ICANN and IANA do not control either the ownership of websites or the content on websites. Leading technical experts, industry associations, and civil society groups agree that allowing the IANA contract to expire is the best possible way to protect and promote the continued integrity of the Internet.

There is simply no relationship between ICANN and the current U.S. election process. Assertions of this sort are misleading and irresponsible. On the other hand, attempt to connect ICANN to the U.S. political process play directly into the hands of the enemies of an open Internet who would like to see ICANN and other Internet bodies put under the control of the United Nations or, worse yet, broken up into separate, government-controlled networks that do not interoperate smoothly around the world.
So, yeah. It seems that as we get closer to the transition, and since this issue has become "political," we're seeing stupider and ever more clueless attacks -- but they seem to only serve to make the people behind them look worse and worse. This shouldn't be a partisan issue. It shouldn't be a political issue. It shouldn't be an issue. Severing the minor link connection between IANA and the Commerce Department changes nothing practical in how the internet is governed, but takes a big weapon away from Russia and China in their quest to take control over those functions.

19 Comments | Leave a Comment..

Posted on Techdirt - 23 September 2016 @ 8:40am

Journalists Blaming Facebook For Decline Is Just As Tiresome As When They Blamed Craigslist & Google

from the time-to-innovate dept

The Guardian's Roy Greenslade recently published a column about "why Facebook is public enemy number one for newspapers in journalism." It's a bunch of complete nonsense. I won't go through the whole thing, but here's just a snippet:

Facebook’s increasing dominance over advertising is causing the laying off of journalists, the people who produce the news that it transmits to its users.

The logical conclusion to that process is not only the destruction of old media, legacy media, mainstream media, whatever you want to call it, but the end of journalism as we know it.
Yeah. Okay. Let's be clear: this is bullshit. As Ben Thompson pointed out, the decline of newspaper revenue predates Facebook, by a lot:
Indeed, it seems that as newspaper revenue has declined, screaming newspaper reporters have been looking for a "dot com" to blame, every step of the way, rather than looking inwardly at their own failures to adapt to a changing marketplace. I remember, not too long ago, when it wasn't Facebook that was killing the news business, but Craigslist. I mean, everyone said it was true: And, of course, after it was all Craigslist's fault, it was, undoubtedly, the fault of Google and its Google News product. That's why Europe is so busy trying to force Google to pay for newspapers that it links to. And, of course, once again, lots of media folks jumped on the blame Google bandwagon: A few notes on some of the above links. The "study" that is cited in some of the first batch about how Craigslist is "killing" newspapers was from the Pew Research Center -- the very same research shop that Greenslade points to in the link up at the top of this article blaming Facebook. Second, that first article in the second list, about Bob Woodward blaming Google... is also by Greenslade. Yet, in that case, Greenslade mocks Woodward for blaming Google (and very kindly provides a link to me mocking Woodward's silly claims.

So let's get a few things out of the way here: Newspapers are struggling. They absolutely are. But it's not "because" of Facebook (or Craigslist or Google). Newspapers were going to struggle with the rise of the internet no matter what, because it laid bare the basic coincidence that made newspapers profitable despite themselves. For many, many years, we've been pointing out that the true business of newspapers was a community business, rather than a news business. It's just that in the pre-internet days, newspapers had a bit of a monopoly on being able to build communities -- often local communities -- around the news. But they had very little competition in that business, other than maybe a few other local newspapers (though consolidation took care of that in most markets). The business, then, of newspapers was taking the attention they received from that community, and selling it to advertisers.

The internet structurally changed all of this, by creating all sorts of other areas where people could congregate and build communities. That's kind of what the internet is good at. And suddenly there's a ton of competition in the community space. But newspapers, incorrectly thinking they were in the "news" business, often made decisions that actively harmed the community aspect. They put up paywalls. They took away the ability to comment. They made it harder for local communities of interest to form.

So what happened? The communities and their (valuable) attention went elsewhere. And, these days, much of that "elsewhere" when it comes to communities is Facebook.

And, just like Google before it, Facebook has actually created a pretty valuable channel for sending people to your news website. Many publishers haven't figured this out yet -- or how to harness it. Hell, just a month or so ago, I was talking about how we here at Techdirt haven't figured this out at all (we get depressingly little traffic from Facebook compared to many of our peers). But you won't see us blaming Facebook for this. It's on us. Have our ad rates dropped off a cliff? Yes. Is that Facebook's fault? Hell no. Even if all the advertising money that used to go to newspapers and news sites magically shifted to Facebook (which it hasn't), then it would be because of a failure on the part of those news companies to offer a better overall product for advertisers.

It's time for publications to stop blaming every new technology site that comes along, and to focus on actually adapting, changing and finding new business models that work. It may not be easy. And many will crash and burn completely. But that's not the "fault" of these new companies at all.

48 Comments | Leave a Comment..

Posted on Techdirt - 22 September 2016 @ 1:01pm

Reminder: Sign Up For Private Internet Access, Support Techdirt & Get Sneak Peeks At Our Upcoming Articles

from the don't-miss-out dept

Sign up for VPN service now and get a free year's subscription to the Crystal Ball »

Hey folks -- as a reminder, we've partnered up with Private Internet Access, one of the best VPNs out there (I use it), to offer a special deal to Techdirt readers who are looking for a VPN. If you sign up via this special link, you'll (1) get a great VPN service, (2) support Techdirt, and (3) get a free one-year subscription (normally $15) to the Techdirt Crystal Ball, which gives you early access to posts before they're officially live on the site. When you sign up, you'll get a coupon sent to you that you can then use in our Insider Shop for a free Crystal Ball subscription (along with some First Word/Last Word credits that you can use to promote certain comments). And, you'll get a Techdirt Insider badge on your profile to let folks know that you support Techdirt (which we really, really appreciate). Check it out now.

10 Comments | Leave a Comment..

Posted on Techdirt - 22 September 2016 @ 11:41am

Senate Comes To Its Senses: Does NOT Support Ted Cruz's Plan To Block Internet Governance Transition

from the crisis-averted dept

So, just a few hours ago, the reports were still spreading that the Senate would absolutely include Ted Cruz's preferred language that would block the (largely symbolic, but really important) transfer of control over the IANA functions of ICANN away from the Commerce Department. We've explained over and over and over again why this is important -- including once this morning in response to Donald Trump suddenly taking a stand (an incredibly ignorant one, but a stand) on the issue.

And then... poof. The Senate Appropriations Committee released its "short term continuing resolution" (CR for short) and it does not include any language on blocking the IANA transition. So... all the talk and (misleading) hype was apparently a bunch of grandstanding and hot air over nothing. It may have just been posturing and used to negotiate something else. Or, maybe (just maybe) people who actually understood what was happening with the IANA transition were actually able to explain to those in charge how stupid all this rhetoric was. That would certainly be a nice explanation for this -- though it seems tragically unlikely.

But, for the short term, this means a very dangerous thing for the internet, pushed for by Ted Cruz (and, as of yesterday, Donald Trump) has been avoided. It's possible that the House could try to somehow move to block the transition, but that seems unlikely. So, we may have actually won one here and narrowly avoided political grandstanding mucking up a piece of the internet. Phew.

Read More | 28 Comments | Leave a Comment..

Posted on Techdirt - 22 September 2016 @ 9:38am

Law Professor Mark Lemley: Hollywood Is Simply Wrong About FCC's Set Top Box Plan

from the not-a-copyright-issue dept

We've been discussing for a while now about how the MPAA, with the help of the Copyright Office, has been propping up the complete myth that the FCC's plan to create more competition in the cable set top box space involves violating the copyrights of studios. It's a complete myth. The cable industry has been leading the charge here, mainly because it makes billions of dollars by charging people to "rent" its crappy boxes. But it found a strong ally in copyright maximalists who have repeatedly misrepresented the proposal. As we noted, the Copyright Office put out a report that flat out lied about what the FCC's proposal entailed and about how copyright itself works (arguing that contracts between two third parties could somehow eliminate the fair use rights of private citizens). And, incredibly, the basic argument being put forth by copyright maximalists, if taken to its logical conclusion, would mean that VCRs and DVRs are illegal too.

That's not how copyright law actually works -- but the message has caught on, and the FCC has already been forced to weaken its proposal -- and the industry is still bitching about it.

Thankfully, we're finally starting to see some copyright experts speak up about just how wrong Hollywood and the Copyright Office are on this. Mark Lemley, by far the most cited intellectual property professor (who is also a practicing lawyer), has written up a piece for the Hill that rips to shreds the idea that the FCC's plan somehow would implicate Hollywood's copyrights. As he notes, they're totally overstating what copyright allows:

The MPAA’s argument that studios have the right to control the device on which you view your content reflects a fundamental misunderstanding of copyright law. Copyright gives its owner the right to control the making of copies and public performances of a work. But it does not give them control over any use of a work. That’s no accident. Once the copyright owner has been paid once for a particular copy, its control over that copy ends. That’s why I can lend a book to friends, or sell my used record collection outright.

True, there are some things I can ‘t do even with a copy of a movie or song I own. I can’t upload it on a file-sharing site, for instance, and I can’t play it on the radio. But that’s because doing those things either makes a new copy or makes a new, public performance of the work.

The studios have already been paid for the movies shown on a cable or satellite service. Indeed, they’ve been paid specifically for the right to publicly perform the work by transmitting it to my (and everyone else’s) home.

And here, copyright law says something very important to copyright owners: that’s all you get. Once the cable companies have paid the MPAA for the right to deliver their movie into my home, the MPAA loses control over how I choose to watch their movie in the privacy of my own home. I can record it on a DVR and watch it whenever I want. I can watch it on a big-screen TV or a small one, with the sound on or off, in one sitting or many, while fast-forwarding through parts I don’t like or rewinding to rewatch parts I do. I can watch it again and again. Most important, I can watch it on any device I want, including my computer, my iPad, or my phone.
And, while the MPAA and its supporters keep calling the FCC proposal a "compulsory license," Lemley points out that it's not a compulsory license that lets you record a TV program to your VCR or DVR, and neither is this:
That isn’t a “compulsory license” of copyrights; it’s a limit on the scope of those rights. That limit exists even if copyright owners try to declare that it doesn’t. This is the law. It has always been the law. Every effort by copyright owners to control how I watch a show in my own home has ended in failure.
Unfortunately, this blatantly false attack by Hollywood and the Copyright Office on the FCC's plan has been effective. It seems unlikely that the plan will go through, and what's troubling about it is that it's all based on flat-out falsehoods by Hollywood, the Copyright Office and its supporters.

9 Comments | Leave a Comment..

Posted on Techdirt - 22 September 2016 @ 8:25am

Donald Trump Doubles Down On Ted Cruz's Blatantly Confused And Backwards Argument Over Internet Governance

from the let-that-transition-go dept

We've been explaining this since it was first proposed two years ago: but the IANA transfer away from the Commerce Dept. is a good thing on a variety of important levels. Earlier this year, we did a more thorough explaination on why it was a good thing, and then a further post earlier this month explained why Ted Cruz, who was leading the charge in blocking the transition, was basically wrong on every point about it. And not just wrong, dangerously so. Cruz keeps claiming that the transition makes it easier for Russia, China and the UN to "take control" over internet governance. The exact opposite is true. But we'll get there.

I was working on another post about some of the issues related to this... and while I was working on it Donald Trump decided to turn this into a Presidential campaign issue by releasing a statement more or less echoing Cruz's factually incoherent position:

"Donald J. Trump is committed to preserving Internet freedom for the American people and citizens all over the world. The U.S. should not turn control of the Internet over to the United Nations and the international community. President Obama intends to do so on his own authority – just 10 days from now, on October 1st, unless Congress acts quickly to stop him. The Republicans in Congress are admirably leading a fight to save the Internet this week, and need all the help the American people can give them to be successful. Hillary Clinton’s Democrats are refusing to protect the American people by not protecting the Internet.

The U.S. created, developed and expanded the Internet across the globe. U.S. oversight has kept the Internet free and open without government censorship – a fundamental American value rooted in our Constitution’s Free Speech clause. Internet freedom is now at risk with the President’s intent to cede control to international interests, including countries like China and Russia, which have a long track record of trying to impose online censorship. Congress needs to act, or Internet freedom will be lost for good, since there will be no way to make it great again once it is lost." - Stephen Miller, National Policy Director
First of all, here's Trump going on and on about "internet freedom" and "free speech." And yet... this is the very same candidate just a few months ago who talked about "shutting down parts of the internet" and mocking those who would say "oh freedom of speech" claiming anyone who fell back on that claim were "foolish people."
So, apparently it's okay to shut down parts of the internet, and those talking about free speech are "foolish people," but a symbolic effort over who controls the domain name system must be stopped because internet freedom and free speech are too important.

More importantly, almost everything the Trump campaign says in those two short paragraphs about the transition is wrong. And it's a really, really stupid and dangerous position to take for the internet. First off, as we've explained, the current link between the Commerce Department and ICANN and its IANA functions is more theoretical than real anyway. The US government really doesn't have any official control here. It's symbolic and that symbolism is doing a hell of a lot more to hurt the internet than to help it. Yes, Russia and China have, in the past, tried to take more control over internet governance via the UN/ITU, but that was stopped. But -- and this is the important part -- a big part of their rationale for trying to do so was the US's "control" over IANA via the Commerce Dept. That is, keeping this small bit of internet governance loosely connected to the US government adds fuel to the fire for authoritarian governments to seek more control over the internet. And that doesn't even get into the backlash that it will create if we go back on our word and refuse to complete the transfer of IANA away from the Commerce Dept (again, a largely symbolic move anyway).

But, don't trust me. Trust basically anyone and everyone with any actual knowledge on the situation. Here's Tim Berners-Lee, the guy who invented the web itself, explaining why the transition must go forward and why Cruz (and, by extension now, Trump) are totally wrong:
The global consensus at the heart of the Internet exists by virtue of trust built up over decades with people from all over the world collaborating on the technical design and operation of the network and the web. ICANN is a critical part of this global consensus. But if the United States were to reverse plans to allow the global Internet community to operate ICANN independently, as Sen. Cruz is now proposing, we risk undermining the global consensus that has enabled the Internet to function and flourish over the last 25 years.

Contrary to the senator’s view, ICANN is no “mini-United Nations.” ICANN is a vital part of the voluntary, global network of private organizations that provides Internet stability and the ability to innovate free from government interventions around the world.
Berners-Lee makes it clear that going back on the transfer will put the US gov't in the same kind of dangerous category that Cruz (and Trump) put Russia and China in:
But by forcibly undermining the global Internet community’s ability to make decisions about ICANN, the United States would stoop to the level of Russia, China and other authoritarian regimes that believe in the use of force to limit freedom online.
Tim Berners-Lee not good enough for you? How about Vint Cerf, recognized as one of the creators of the internet itself. He's in favor of the transition too and has explained why people should stop freaking out about it.

If not them, how about Kathryn Brown, who runs the Internet Society. She also argues that delaying the transition is what helps the case for Russia and China, rather than the other way around:
Some warn that if the plan to transition authority on Oct. 1 is delayed, countries like Russia and China could try to shift domain name responsibilities to the United Nations, giving those nations more influence over global internet policy.

"Any delay would add a degree of instability and make the prospect of government control of the internet more likely, not less," said Kathryn Brown, president of the Internet Society, a nonprofit organization that advocates open internet policies.
Or, how about Milton Mueller? The guy who literally wrote the book on internet governance. He's now being quite vocal about how ridiculous the latest plan to block the transition via Congress is:
It vaguely suggests that the transition might create “an opportunity for an enhanced role for authoritarian nation-states in Internet governance,” but provides no evidence as to how or why it does. In fact, if the U.S. is forced to abort the transition now it would play right into the hands of authoritarian states. Killing ICANN’s reforms through impulsive and arbitrary American action would fatally undermine the global Internet governance model rooted in nonstate actors. It would strengthen the case for national sovereignty-based Internet models favored by authoritarian states. “Look,” they will say, “the U.S. wants to control the Internet, why can’t we?” ICANN’s independence from unilateral U.S. government control is a logically and politically necessary consequence of its independence from all governments. By getting in the way of that, it is the Congressmen, not the Commerce Department, who are creating an opportunity for authoritarian states to enhance their influence in Internet governance.

The Congressmen suggest that “this irreversible decision could result in a less transparent and accountable Internet governance regime.” But how? No reference is made to the actual reform plans. In fact, the transition brings with it major corporate governance changes that would significantly improve ICANN’s accountability and transparency. The transition brings with it a new set of bylaws that gives the public enhanced rights to inspect ICANN’s books, the right to remove board members, and the power to prevent the board from unilaterally modifying its bylaws. Under U.S. government supervision for the past 18 years, ICANN has been almost completely unaccountable – yet this is the status quo they want to retain. By opposing the transition, the Congressmen are getting in the way of reforms that address the very things ICANN critics have been complaining about.

The congressmen claim that “Questions have been raised about ICANN’s antitrust status.” Well, what questions, and what are their implications for the future of Internet governance? No answer. This is a phony issue. ICANN is not, and never has been, exempt from antitrust liability.
And so forth and so on. Part of the attempt to throw a wrench into the transition was Cruz claiming that Congress needs to approve the transition, as it has the power to determine if the government can "dispose of... property." But the Government Accountability Office (GAO) just released a report basically saying that doesn't apply here and the Commerce Dept is free to move ahead with the transition. Specifically, the GAO finds it to be ridiculous that the entire domain name system should be considered "property of the US government" because it's not.
It is unlikely that either the authoritative root zone file—the public “address book” for the top level of the Internet domain name system—or the Internet domain name system as a whole, is U.S. Government property under Article IV. We did not identify any Government-held copyrights, patents, licenses, or other traditional intellectual property interests in either the root zone file or the domain name system. It also is doubtful that either would be considered property under common law principles, because no entity appears to have a right to their exclusive possession or use.
In short, there's a legitimate concern that Russia and China would like more control over the internet. But that's the only point that Trump and Cruz get right. What's astounding is that their preferred course of action -- delaying or even blocking the IANA transition away from the Commerce Dept actually supports Russia and China in their efforts to gain control over the internet. So if you care about the future of the internet and how it is governed, could someone please educate Cruz and Trump that they're doing exactly the kind of damage they claim to be trying to stop?

35 Comments | Leave a Comment..

Posted on Techdirt - 22 September 2016 @ 3:24am

Chelsea Manning Facing Indefinite Solitary Confinement For Attempting Suicide, Possessing A Book On Hackers

from the wtf dept

As you may have heard, Chelsea Manning, who leaked a ton of State Department cables to Wikileaks and is now in jail for decades, attempted suicide earlier this year. And the Army's response is to threaten her with indefinite solitary confinement to punish her for the attempt. Really. Of course, Manning has been held in solitary confinement in the past -- under conditions that the UN itself declared to be torture. And just last year, Manning was also threatened with indefinite solitary confinement for "disrespecting" corrections officers and for having a toothbrush and certain books and magazines that she wasn't supposed to have.

What about this time? Well, Fight for the Future has posted the details including the charge sheet and it's ridiculous. She's charged with "resisting" when the "force cell team" went to her cell to respond to her suicide attempt. "Resisting" in this case being that she was unconcious. Really.

This charge stems from the “force cell team” being activated. They were called to respond to her suicide attempt, though there were no obstructions to the door and Chelsea was unconscious and unable to resist when they arrived. The charge sheet itself specifies on page 5 that “Inmate Manning did not resist the force cell move team.”
And yet, she's still charged with resisting. Next up "conduct which threatens." That's a pretty broad term -- especially for someone who is unconscious from a suicide attempt. And yet... conduct which threatens. It seems the only thing being "threatened" here is basic human dignity. And then we've got another "prohibited property" claim, just like last year:
On July 6th, Gabriella Coleman’s book “Hacker, Hoaxer, Whistleblower, Spy” was found in Chelsea’s cell, allegedly not properly marked with Chelsea’s name and inmate number on the inside cover. (A new regulation, that appears to have been crafted in response to Chelsea’s confiscated books/expired toothpaste incident from last summer.) In fact, this book was one of the books confiscated from Chelsea’s cell last summer.
Huh? First of all, this is a great book -- one that we've recommended and whose author, Gabriella Coleman, we've had on our podcast. But the fact that this was one of the books that was confiscated last year and then was still in her cell suggests the kind of messed up rules that are used to always have to charge someone with if they don't like you. What a fucked up system.

And people wonder why Ed Snowden doesn't think he'd get a fair trial.

It appears that Manning is resigned to the fact that she's being railroaded and there's little she can do to stop it.
Manning, who is serving a 35-year sentence at the US Army's Fort Leavenworth prison in Kansas, will have to defend herself at the hearing, and told VICE News she's not feeling optimistic. "It doesn't matter what I say or do," she said, through an intermediary, as she's not allowed to speak directly to the press. "The outcome is going to be the same."

Feelings of "hopelessness and helplessness" are hard to shake, she says.
Yup, great way to "punish" a suicide attempt: to take away people's hope even more. I'm sure that'll work. Manning's hearing will be held later today and, hopefully someone with some level of common sense is involved in the decision making process.

Read More | 45 Comments | Leave a Comment..

Posted on Techdirt - 21 September 2016 @ 11:39am

Math Is Not A Crime

from the 2+2 dept

Support Techdirt and get Math Is Not A Crime gear! Order by Oct. 3rd »

Our latest Techdirt t-shirt is the Math Is Not A Crime shirt (also available as women's tees, hoodies, v-necks, mugs and stickers), which was initially inspired by some of the debates around outlawing strong encryption -- but also refers to much, much more. One of the key points that defenders of strong encryption have been making in response to attempts to outlaw strong encryption or to demand backdoors is that encryption is just math, and it should never be a crime to do math. But the message actually goes beyond that. It's pointing out that since it is just math, someone else can do the math too and create their own encryption. One of the key legal fights around encryption, Bernstein v. United States, basically centered around the question of whether or not the government could declare a mathematical encryption algorithm a "munition" in order to block its export. Eventually it was determined that source code (and with it, math) are protected by the First Amendment.

But it's not just about encryption. The issue of outlawing math has come up in other contexts that we talk about as well. For example, the patenting of software is one example that has raised concerns about outlawing math. Algorithms are basically just mathematical formulas and not being able to write an algorithm because someone has patented some of it seems particularly stupid. Over a decade ago, Ben Klemens wrote a great book called Math You Can't Use.

And, of course, this enters the copyright realm as well. We're constantly talking about DRM, and a key bit of law that props up bogus DRM systems is Section 1201 of the DMCA, which outlaws any circumvention of DRM. But, many of those circumventions are little more than math as well.

This should be concerning to all of us. Attempting to hold back innovation, privacy and progress by outlawing math is a problem, and that's the reason behind our shirt. Oh, and it's also cool for math teachers and students too. Get yours today, and don't forget to check out the other gear in our super-early holiday sale.

68 Comments | Leave a Comment..

Posted on Techdirt - 21 September 2016 @ 9:35am

Lenovo Accused Of Locking Linux Out Of Certain Laptops At Microsoft's Request

from the that-would-be-dumb dept

A thread on Reddit is getting a fair bit of attention today, claiming that Lenovo has set up some of its Yoga laptops to block anyone from installing Linux -- and a Lenovo representative then pointed the finger at Microsoft, saying that it's part of what Lenovo was required to do as part of the Microsoft "Signature Edition" Windows 10 program, though there are reasons to doubt this is true. What is clearly true is that there's a problem installing Linux on a bunch of Lenovo machines. Here's a giant thread on the problems (which apparently disappeared for a while, but is back as I write this). And here's another. And here's another. Some of these threads go back many months. But the issue that has suddenly made it big news is a comment supposedly from a Lenovo "product expert" that the company is forced to block it as a part of the Signature Edition program:

If you haven't heard of the Windows "Signature Edition," it's a program from Microsoft to offer a "clean" (read: no annoying bloatware) version of Windows. Think of it like a Google Nexus phone with a clean Android install, as compared to one from a carrier or handset maker stuffed with annoying bloatware you'll never use. The Signature Edition PCs have received some fairly glowing reviews -- and many (ironically given this story today) of the news stories about the Signature Edition program use the Lenovo Superfish malware fiasco as a reason for why people should look at a Signature Edition computer if they want to run Windows.

So, yeah, based on this storyline so far, you have Microsoft making a clean install of its operating system without bloatware (good idea!), but then being accused of making Lenovo design its BIOS to block the installation of Linux (bad idea!). There is at least some reasonable skepticism that the problem here is really because of the Microsoft Signature Edition program. First of all, Signature Edition computers are supposed to only be available directly via Microsoft's stores -- and the laptop that kicked this off was purchased at Best Buy. Also it wasn't labeled as a Signature Edition PC. And it's certainly not unheard of for low level employees in forums to post incorrect information -- and there is even some question as to whether or not the "Lenovo Product Expert" in the forum post above is even a Lenovo employee or a third-party contractor anyway.

So whether Microsoft is truly to blame here is still an open question. At the very least, it does seem like Lenovo has some questions to answer -- and one hopes that the company will be more forthright and honest than it was back during the Superfish episode when it basically lied through its teeth until it couldn't lie any more.

69 Comments | Leave a Comment..

Posted on Techdirt - 21 September 2016 @ 8:38am

Hillary Clinton To Silicon Valley: To Silence Terrorists, Nerd Harder, Nerds!

from the that's-not-how-this-works dept

With the explosive devices in NY and NJ from this past weekend, Hillary Clinton has decided, once again, that it's time to blame Silicon Valley for not doing more to magically stop terrorists from terroristing.

“The recruitment and radicalization that goes on online has to be much more vigorously intercepted and prevented. I have been saying this for quite some time,” the Democratic presidential candidate said at a news conference Monday during which she responded to the bombings in New York and New Jersey over the weekend.

“The government cannot do this without the close participation of tech companies and experts online who can give us the tools and lead us to those who are attempting to promote attacks like we’ve seen.”
Let's leave aside, first of all, the fact that (as of this writing) there hasn't been any evidence that the individual arrested and charged with this was recruited and radicalized online. Instead, let's focus on what's being asked here: to "intercept and prevent" certain forms of speech online. Not only does this seem... to go completely against American values around freedom of expression, it's also impossible. Sure, you can kick people off of services, but anyone with an ounce of understanding of how the internet works will recognize how ineffective that is.

Not only would such a system fail to stop people who wish to plan attacks from communicating, such a plan would, inevitably, also block perfectly normal and protected speech. Even worse, it would likely block important counterspeech in which people are able to respond to calls for violence and terrorism with arguments as to why that approach is a bad idea.

It remains amazingly troubling that both of the major party candidates for President seem to think that a good response to attacks in this country is to silence people online. Putting the onus on Silicon Valley to magically "fix" this by "preventing" bad people from talking to one another online is not a credible, reasonable or workable strategy for dealing with those who wish to attack the US.

52 Comments | Leave a Comment..

Posted on Techdirt - 21 September 2016 @ 6:44am

Former Refugee Who Took Skittles Photograph Donald Trump Jr. Used In A Stupid Meme Threatens Copyright Lawsuit

from the 2016-is-quite-a-year dept

As you may have heard, earlier this week, Donald Trump Jr. tweeted out a ridiculous image comparing Syrian refugess to poisoned Skittles. No, really.

FWIW, this is an old and a dumb and meaningless meme. It's not always Skittles, though. Last year failed Presidential contender Mike Huckabee used the same concept, but with Peanuts -- and John Oliver mocked him for it, noting that "peanuts themselves have killed far more people than terrorist refugees." Another version involved M&Ms, and it was used by a variety of groups -- including a feminist "Yes All Women" campaign. Some are arguing that the switch from M&Ms to Skittles is even more racist, because it's based on the fact that when Trayvon Martin was shot dead by George Zimmerman, Martin had a pack of Skittles in his pocket. And, of course, the Intercept argues that this meme goes all the way back to a top Nazi propagandist making sure that the meme is sufficiently Godwined.

But... of course, most of that has little to do with what we normally cover around these parts. But what we do often cover is copyright related issues -- so it's interesting to find out that the image used in that Skittles graphic that Trump Jr. posted was copied from Flickr, where it pretty clearly has an "all rights reserved" copyright notice on it. Oh, and the guy who took the photo, David Kittos, happens to be a former refugee himself, who is not at all pleased that his image is being used in this manner.
"This was not done with my permission, I don't support his politics and I would never take his money to use it," Mr Kittos told the BBC.

"In 1974, when I was six-years old, I was a refugee from the Turkish occupation of Cyprus so I would never approve the use of this image against refugees."
So, yeah. But what can he do? Well, apparently he's considering taking legal action, though he (rightly) notes that that may be a hassle:
"I would like the Trump campaign to delete the image, but they are probably not interested in what I have to say," he said.

"I was thinking about getting lawyers involved but I don't know if I have the patience.

"This isn't about the money for me. They could have just bought a cheap image from a micro stock library. This is pure greed from them. I don't think they care about my feelings. They should not be stealing an image full stop."
While I might disagree on the use of the term "stealing an image" there, it certainly could create an interesting copyright legal battle -- raising serious questions about fair use in political discussions. Thankfully, though, it seems unlikely that any lawsuit will actually happen. Instead, we can just sit back and think about the number of meetings and conversations that must have happened before Mars Inc., makers of Skittles, decided to put out this statement:
Skittles are candy; refugees are people. It's an inappropriate analogy.
Indeed. But is it copyright infringement...?

154 Comments | Leave a Comment..

Posted on Techdirt - 21 September 2016 @ 3:38am

Yet Another Report Says More Innovation, Rather Than More Enforcement, Reduces Piracy

from the the-data-keeps-flowing dept

It's not like many of us haven't been saying this for years: but fighting piracy through greater copyright enforcement doesn't work. It's never worked and it's unlikely to ever work. A year ago, we released our big report, The Carrot or the Stick? that explored at a macro level what appeared to lead to reduced levels of piracy -- enforcement or legal alternatives -- and found overwhelming evidence that enforcement had little long-term impact (and a small short-term impact), but that enabling legal alternatives had a massive impact in reducing piracy. This should sound obvious, but it was important to look at the actual data, which backed it up.

Now, there's a new and different study that further supports this idea. Researchers at the University of East Anglia, Lancaster University and Newcastle University have a new report saying that promoting legal alternatives is much more effective in stopping piracy than the threat of legal consequences.

The researchers say that in order to compete with unlawful file sharing (UFS), easy access to information about the benefits of legal purchases or services should be given in a way that meets the specific benefits UFS offers in terms of quality, flexibility of use and cost.

The team looked at the extent to which the unlawful sharing of music and eBooks is motivated by the perceived benefits as opposed to the legal risks. Involving almost 1400 consumers, the research explored people's ability to remain anonymous online, their trust in the industries and UK legal regulators such as Ofcom, and their downloading behaviour.
It's a very different approach to our own research, but the conclusions remain almost identical. In short, the researchers found that for people who really "trust" regulators, then the threat of punishment was effective. The problem, however, is that not that many people actually trust regulators. That leaves officials with two choices: increase trust in regulators, or... figure out ways to incentivize more legal, innovative alternatives. And, of course, one way to destroy trust in regulators is to support policies like expanding copyright enforcement.
Co-author Dr Piers Fleming, from UEA's School of Psychology, said: "It is perhaps no surprise that legal interventions regarding UFS have a limited and possibly short-term effect, while legal services that compete with UFS have attracted significant numbers of consumers.

"Our findings suggest that it may be possible to diminish the perceived benefit of UFS by increasing risk perception, but only to the extent that UFS is considered emotionally, and users trust industry and regulators. Increasing trust in industry and regulators may be one route toward encouraging UFS to be considered in emotional rather than rational terms. However, given the limited impact of risk perception upon behaviour, a better strategy would be to provide a desirable legal alternative."
So, that's common sense and two very different studies with very different approaches -- all suggesting the same thing. And yet, politicians, regulators and legacy industry folks still insist that ratcheting up enforcement is the way to go. What will it take for them to actually follow what the evidence says, rather than continuing with faith-based copyright policies?

26 Comments | Leave a Comment..

Posted on Techdirt - 20 September 2016 @ 10:43am

Italy Proposes Law To Make Mocking People Online Illegal

from the what-a-stupid-fucking-law dept

Every so often, we see (probably) well-intentioned, but incredibly stupid, attempts to "fight" online harassment and bullying through laws that make saying things that are "offensive" against the law. In the US, such laws (if they actually get passed) are usually thrown out once someone makes a First Amendment challenge over them, but elsewhere in the world there's no First Amendment to fall back on. Over in Italy, some officials have proposed what may be one of the dumbest such laws in history, written so broadly that it will outlaw a lot more than the kind of "cyberbullying" it's supposedly intended to combat:

Under the proposed law, the "site manager" of Italian media, including bloggers, newspapers and social networks would be obliged to censor "mockery" based on "the personal and social condition" of the victim -- that is, anything the recipient felt was personally insulting. The penalty for failing to take action is a fine of €100,000. Truthfulness is not a defense in suits under this law -- the standard is personal insult, not falsehood.
Yes, mockery on the internet could get you a €100,000 fine. Mockery. The internet. The internet is made for mockery. And now is the time that everyone should be mocking this idiotic law -- and the politicians who proposed it without having the slightest idea of how such a thing would be abused all the time. As Cory Doctorow at BoingBoing notes:

... what it will do is create a tool for easy censorship without due process or penalty for misuse. The standard proposed in the bill is merely that the person on the receiving end of the argument feel aggrieved. Think of the abuse of copyright takedowns: online hosts already receive millions of these, more than they could possibly evaluate, and so we have a robo-takedown regime that lets the rich and powerful routinely remove material that puts them in an unflattering light.

As bad as that is, at least it makes censorship contingent on something specific and objective: copyright infringement, which has a wealth of caselaw defining its contours. Indeed, so much that you need to be a trained expert to adjudicate a claim of infringement. But at least you can objectively assess whether a copyright infringement has taken place.

The standard set by the proposed Italian law allows for purely subjective claims to be made, and for enormous penalties to be imposed on those who question them before undertaking sweeping acts of censorship.

There are some efforts under way to "improve" the law by making it not quite so draconian, but maybe, just maybe, the "improvement" should be to recognize that you're never going to successfully outlaw mockery on the internet.

33 Comments | Leave a Comment..

More posts from Mike Masnick >>