Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Feed Techdirt: Not Just In The US: TPP Meeting More Resistance In Australia And Japan, Too (google.com)

It's remarkable how TPP, a previously obscure trade deal known only to a few specialists -- and to enlightened Techdirt readers, of course -- has suddenly become one of the hottest issues in the US Presidential contest. But it's important to remember that TPP is still a live issue in many of the other participating countries too. Malaysia seems to be the furthest along in the ratification process, and Peru is also moving forward. But there are signs that resistance could be growing, rather than diminishing, in some key nations. For example, the Australian Government's Productivity Commission has just released its Trade Assistance Review 2014-15 (pdf), in which it says:

There are provisions in the TPP that the Commission has previously flagged as of questionable benefit. These include term of copyright and the investor state dispute settlement elements.
On the former, the report says:

The Australian Government should seek to avoid the inclusion of Investors-State Dispute Settlement (ISDS) provisions in bilateral and regional trade agreements that grant foreign investors in Australia substantive or procedural rights greater than those enjoyed by Australian investors.
On copyright, the Productivity Commission warns:

The history of Intellectual Property (IP) being addressed in preferential trade deals has resulted in more stringent arrangements than contained in the multilateral agreed Trade-Related Aspects of Intellectual Property (TRIPS). Australia's participation in international negotiations in relation to IP laws should focus on plurilateral or multilateral settings. Support for any measures to alter the extent and enforcement of IP rights should be informed by a robust economic analysis of the resultant benefits and costs.
It's not just Australia's Productivity Commission that is concerned. As the Guardian reports, Australia's opposition party, Labor, has also taken a firmer stance against corporate sovereignty chapters in TPP and elsewhere:

The opposition recently promised to review three of the major free-trade agreements signed by the Abbott and Turnbull governments -- the Korean FTA, the China FTA and the TPP -- in the hope of removing their ISDS clauses.

Labor says it will not accept ISDS clauses in new trade pacts. If existing ISDS clauses can't be removed, then Labor's position is stronger safeguards should be imposed on existing agreements to make it harder for corporations to sue the government.
Finally, there's some trouble brewing in Japan, as The Japan Times notes:

Although the Diet [Japan's parliament] is expected to resume discussions on the TPP and accompanying bills this autumn, the government is facing headwinds after a number of ruling bloc candidates from the Tohoku region were defeated in the July 10 Upper House election.

Observers say the losses in Tohoku, where farmers wield considerable influence, highlights lingering opposition to the pact.
That's not to say that TPP is doomed in either Japan or Australia. But coupled with the very real problems in ratifying the deal in the US, these latest developments emphasize that it is by no means certain that TPP will ever come into force.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Permalink | Comments | Email This Story

Feed Techdirt: How The EU Might Keep Internet Access Open To The Public (google.com)

Earlier this summer, the Body of European Regulators of Electronic Communications (BEREC) took in around a half million public comments on its draft guidelines for member states on implementing end user protections for fixed and mobile Internet connections. The largest telecoms in Europe are lobbying hard for weakened interpretations of the so-called “net neutrality” Regulation passed late last year, which also covers data roaming and the EU Digital Single Market.

A few weeks ago, the largest telecom ISPs issued a 5G Manifesto in which they threatened not to invest in 5G wireless networks unless BEREC waters down its guidelines for enforcement of open Internet access.

Fortunately for American consumers, startup entrepreneurs and small businesses, the FCC was not swayed by similar ISP threats about how common carrier law would kill network investment here. And so even with U.S. open Internet law now firmly in place after a recent court decision, Verizon has announced significant continued investment in 5G networks and field testing in multiple locations.

But carriers in Europe, that don’t face competition from cable broadband providers like American phone company ISPs do, enjoy even stronger market dominance that allows them to intimidate regulators attempting to defend end user rights. The current generation of online startups needs to be able to count on the same open Internet connectivity that the most popular global platforms enjoyed in their infancy a decade or two ago. Only now it’s a battle against corporate lobbyists to get it.

In recognition of this opposition, over one hundred founders of European tech companies and startups along with their international investors and trade groups signed an open letter to underscore the critical importance of BEREC’s upcoming action to innovation and job-creating growth in the digital economy. They made it clear that if telecom ISPs are able to manipulate and subsidize data plan costs for users of established big name platforms, they will put up new barriers to online market entry. Earlier up front capital will be required in a “pay to play” environment, and those entrepreneurs who can’t pay up will find it much harder to be discovered online, scale up and compete for business. No such price of admission ever held back American tech startups, although many of their investors had grown very uneasy prior to the FCC’s decisive action in early 2015.

While BEREC has displayed a comprehensive understanding of real new threats to open Internet access, several loopholes in the draft guidelines must be closed if Europeans expect effective safeguards to protect their Internet access service from commercial interference. Specifically ISPs should not be allowed to use the “specialized services” exception to circumvent the ban on charging online content and application providers for priority transmission on the public Internet.

Secondly, given provisions in the Regulation prohibiting discriminatory commercial practices, BEREC should ban zero rating schemes that favor certain online platforms by exempting them from data caps. Zero rating is as harmful to startups and other competing platforms as technical network discrimination. Zero rating of an ISP’s own content is particularly anticompetitive. Finally network traffic management should be application-agnostic whenever possible. ISPs should not favor some classes of traffic and delay others, such as encrypted content, except under unusual circumstances.

Open Internet access law supports a digital innovation economy in which all online content is equally accessible regardless of the identity of one’s ISP or its business deals with online platforms. In the US, all zero rating is not banned, but the FCC is actively investigating sponsored data and zero rating plans for compliance with its open Internet order. In response to the EU Regulation, the Netherlands already has banned zero rating.

All ISPs have a natural economic incentive to partner with or acquire popular content providers in order to maximize monetization of their network facilities. As a practical matter, only the big ones like Comcast (NBC, Netflix) and Verizon (Aol, Yahoo!) can pull it off, but they can really change the game for others.

Sweden uniquely is less concerned about commercial interference with Internet access because the Swedish government itself built and owns the enviable universal fiber optic Internet access network there. Use of that infrastructure is licensed to dozens of competing IT providers, and Stockholm is beginning to resemble a Scandinavian Silicon Valley.

Elsewhere in Europe though, ISPs are in business to provide sufficient capacity to transmit the data traffic of all their customers without “fast lanes” for some and interruptions and buffering for everybody else. Startups in Amsterdam, Berlin, Barcelona, Bratislava, Cyprus, Dublin, Lisbon, Ljubljana, Paris, Riga and Vienna are among their customers. So far the Dutch are in the lead in terms of proactively implementing the Regulation’s open Internet access provisions, which took effect this past spring.

While BEREC properly focuses on shielding consumers from the downsides of ISP commercial discrimination, it should also tailor its guidelines for the sake of Europe’s tech startups looking to attract investment funding and access global markets online. Other policymakers around the world will be watching whatever the EU decides at the end of August about enforcement of Internet access rights.

Cathy Sloan is a telecom and Internet industry lawyer and consultant

Permalink | Comments | Email This Story

Feed Techdirt: 'Wish I Had The Power' To Hack Enemies' Emails, Says Man Very Close To Having Such Power (google.com)

This weird presidential election continues to get weirder. Donald Trump, perhaps upset about being overshadowed this week by the Democratic Convention, held a press conference on Wednesday morning where he said a whole bunch of completely nutty stuff. A lot of the attention is being placed on his weird possibly half-joking request that Russia hack into Hillary Clinton's emails and reveal the 33,000 that were deleted (or maybe just give them to the FBI, as he later said in a tweet). That was bizarre on a number of levels, including coming right after denying he had any connection to Russia and the possibility that they had hacked the Democratic National Committee's computer system.

But it was his follow up comment that should be a hell of a lot more terrifying. He claimed that he "wished" he had the power to hack her emails:

"Honestly, I wish I had that power," Trump responded. "I’d love to have that power."
Now, again, there's an argument that this comment was sarcastic in the same manner as the "please, Russia" comment that everyone's been focusing on.

But here's the thing: in just a few months he very well might have that power. The NSA certainly has the ability to hack into just about anyone's emails should they want to. And no matter what we feel about whether or not the NSA has or is currently abusing that power, at the very least the level of abuses aren't nearly as bad as they could be in the hands of someone who just doesn't seem to give a fuck about the Constitution or the law.

As we noted a few months ago, surveillance powers should be designed as if the person you least trust in the world had control over the systems. Whether -- to you -- that's Donald Trump, Hillary Clinton or someone else entirely doesn't really matter. It's a pretty clear reason that we should be massively curtailing the surveillance powers granted by the US government to both the intelligence community and the law enforcement community.

Here we have the nominated presidential candidate joking that he'd make use of the power -- which he'd have -- to hack into the communications of political enemies. And while some will argue this is yet another on the long checklist of reasons why Trump is not fit for the job, it's even more a condemnation of our surveillance powers today. Whatever people think of the candidates, it seems like the one thing we should agree on is vastly limiting the surveillance powers.

Permalink | Comments | Email This Story

Feed Techdirt: Court Says Bugs The FBI Planted Around California Courthouses Did Not Violate Anyone's Expectation Of Privacy (google.com)

The FBI's surreptitious recording devices -- scattered around three California courthouses -- raised a few eyebrows when the recordings were submitted as evidence. The defense lawyers wondered whether the devices violated the conversants' expectation of privacy, admittedly a high bar to reach considering their location near the courthouse steps -- by every definition a public area.

The defense team cited a Supreme Court decision involving phone booths, hoping to equate their clients' "hushed tones" with closing a phone booth door. Small steps like these -- used by everyone -- are attempts to create privacy in public areas, but courts are very hesitant to join defendants in erecting privacy expectations in public places.

A judge presiding over one the cases (involving alleged bid rigging for auctioned property) thought there might be something a bit off about the location of the FBI's devices.

Although Breyer held off on ruling, he expressed at least gut-level discomfort with the notion of government agents listening at the courthouse door.

"Let's say I was out of that courthouse that day, I used the staff entrance and I turned my law clerk," the judge said. "I wouldn't know [about that recording], would I, unless the government turned it over?"

Judge Phyllis Hamilton, in her denial [PDF] of a motion to suppress the recordings, is similarly hesitant to condone the FBI's eavesdropping, but can't find enough of a reasonable expectation of privacy to prevent the recordings from being admitted as evidence. (via FourthAmendment.com)

First off, the conversations captured during these particular recordings showed the defendants made very little effort to speak in the "hushed tones" suggested by their defense team.

The recordings at issue intercepted defendants’ communications that were made at a normal conversational volume level, not in hushed or whispering tones. Many conversations were conducted by participants in loud voices, sometimes laughing out loud. In particular, the audio recording of a conversation among a group of about eight to ten men on August 17, 2010, at the Fallon Street bus stop, which was played for the grand jury during the indictment presentation in United States v. Florida, et al., CR 14- 582 PJH, reflects that the participants had to project their voices and yell to be heard over the sound of a nearby jackhammer

In the video footage accompanying many of the audio recordings, including the video clip that was played for Witness 1 and the grand jury, the participants are not seen appearing to whisper or covering their mouths when having audible conversations that can be heard on the recording.

The judge goes on to point out that these conversations could be overheard by many passersby, including the steady traffic of law enforcement personnel to and from the building. And when efforts were made to speak in quieter tones, the FBI's microphones were apparently unable to obtain audible recordings of these discussions.

However, the judge agrees that the location of the devices is somewhat questionable.

While the court agrees with defendants that it is at the very least unsettling that the government would plant listening devices on the courthouse steps given the personal nature of many of the conversations in which people exiting the courthouse might be engaged, it is equally unrealistic for anyone to believe that open public behavior including conversations can be private given that there are video cameras on many street corners, storefronts and front porches, and in the hand of nearly every person who owns a smart phone.

Given the facts of this case -- that the defendants apparently made little to no effort to prevent their conversations from being overhead -- this conclusion is likely the right one. But it goes on to suggest that no private conversation held in a public place can be considered to have an expectation of privacy, no matter what steps conversants might take to prevent being overheard. If even a slim possibility exists that someone other than those engaged in the conversation might be able to hear it, then there is no expectation of privacy.

Permalink | Comments | Email This Story

Feed Techdirt: Federal Prosecutors Use All Writs Order To Compel Suspect To Unlock Phone With His Fingerprint (google.com)

Law enforcement is still trying to break into iPhones and still using the All Writs Act to do so. A sex trafficking prosecution involving the ATF has resulted in a suspect being ordered to cough up his, um, fingerprint, in order to allow investigators to access the contents of his phone. Matt Drange of Forbes has more details [caution: here there be ad-blocker blocking]:

Prosecutors hoped that the search, conducted on an iPhone 5s by special agent Jennifer McCarty of the Federal Bureau of Alcohol, Tobacco, Firearms and Explosives, would help them piece together evidence in an alleged sex trafficking case involving a man named Martavious Keys. Keys had the iPhone with him when he was arrested on May 19, according to recently unsealed court filings. A week later, on May 26, prosecutors asked the judge in the case to force Keys to open the device with his fingerprint, unlocking a potential trove of information including emails, text messages, contacts and photos stored on the device that could be used as evidence.

While courts generally agree that a fingerprint is non-testimonial -- despite its ability to unlock all sorts of testimonial stuff -- there aren't too many courts willing to extend that coverage to passwords. There are exceptions, of course, but items held in someone's mind are given a bit more deference than those at their literal fingertips.

And that's likely why the All Writs-compelled fingerprint access hasn't allowed the ATF inside Keys' phone. The feds can force Keys to place his finger on the iPhone screen all they want, but it likely won't unlock the device. Apple's security requires a passcode as well as a fingerprint if it's been more than 48 hours since the phone was last unlocked. The time elapsed between when the phone was seized and the order obtained for Keys' fingerprint added another layer of security to the phone -- one not so easily defeated with All Writs orders.

Keys is no one's idea of a sympathetic party. He allegedly forced two teen girls, aged 14 and 15, to have sex with men for several hours a day by drugging them into submission. Whether or not his phone contained more evidence is unknown. It's unclear from the recently unsealed documents whether federal investigators found another way into the device after the application of Keys' fingerprint failed to unlock the phone.

And that's sort of a problem. The government is using All Writs orders for a great many things these days, often during sealed cases and with little to no transparency. The fact that Congress apparently authorized this as a fill-in for things warrants couldn't necessarily reach has made the use of All Writs requests both indispensable and easily-abused. The fact that Congress authorized this in 1789 -- with no conceivable idea of the form "papers" would take over the next 200+ years -- usually seems to work in the government's favor.

A bit more transparency would go a long way to assuage concerns about abuse, but overuse/abuse of the 1789 Act is likely the reason there isn't more transparency. If the court decides it's going to compel Keys to turn over his passcode as well (assuming the phone hasn't already been cracked), at least it won't have to toss him in jail if he doesn't. Keys is already behind bars awaiting trial for his sex trafficking indictment. On one hand, that lowers the coercive value of imprisonment. On the other hand -- if he refuses and is hit with a contempt order -- he'll remain in jail indefinitely, even without having been found guilty of anything more than contempt of court.

Permalink | Comments | Email This Story

Feed Techdirt: Russian Copyright Law Allows Entire News Site To Be Shut Down Over A Single Copied Article (google.com)

We've noted for a long time now that copyright laws are regularly used as a tool for censorship. In Russia, abusing copyright law for censorship and to harass political opponents has become standard. Remember how the Russian government teamed up with Microsoft to use questionable copyright claims to intimidate government critics? And then how the MPAA gleefully got into bed with Russia's media censor to celebrate copyright? Of course, Russia also expanded its ability to use copyright to censor the internet, following pressure from short-sighted US diplomats, demanding that Russia better "respect" copyright laws.

And now it's resulting in the taking down of an entire news site. As TorrentFreak reports, news site Story-media.ru does appear to have copied a full article from a popular Russian news site Gazeta. That's certainly an issue, but because of that single copied article, combined with the use of anonymizing the WHOIS record, a Moscow court has ordered the entire site blocked. Think about that for a second and recognize how copyright can be used to shut down an entire publication. Now some will argue that they wouldn't have any problem if they hadn't copied that article, but copyright is one of those things that basically everyone infringes on eventually. If you don't expect this process to be abused to shut down press that powerful individuals in Russia don't like, then you haven't been paying much attention.

Permalink | Comments | Email This Story

Feed Techdirt: Clinton Friend Admits What Everyone Knows Is True: Clinton Still Supports TPP & Will Back It (google.com)

If you've followed the whole TPP (Trans Pacific Partnership) thing at all, and/or the Presidential election this year, you probably already know that Hillary Clinton famously flip-flopped on TPP. She was for it, before she was against it (and tried to rewrite history to hide her support of it). Of course, basically everyone recognized that her newfound concerns about TPP were made up, as a response to (at the time) surging support for Bernie Sanders, who was vocally against the agreement. But, of course, as tons of people have been saying all along, everyone expects that after the election she'll magically flip flop back to supporting TPP.

But, of course, because we're doing this big elaborate stage play called an election, no one's supposed to admit that's what's happening. Someone apparently forgot to tell that to Terry McAuliffe, current Virginia governor and long term best buddies with the Clintons. On Tuesday, he said what everyone already knows: Clinton will absolutely support the TPP after the election:

“I worry that if we don’t do TPP, at some point China’s going to break the rules -- but Hillary understands this,” he said in an interview after his speech on the main stage at the Democratic National Convention. “Once the election’s over, and we sit down on trade, people understand a couple things we want to fix on it but going forward we got to build a global economy.”

Pressed on whether Clinton would turn around and support the trade deal she opposed during the heat of the primary fight against Bernie Sanders, McAuliffe said: “Yes. Listen, she was in support of it. There were specific things in it she wants fixed.”
And, of course, her Vice Presidential pick Tim Kaine did an even faster flip flop. Last Thursday, before he was announced as the running mate, he spoke out in support of TPP.

"I am having discussions with a lot of groups around Virginia about the treaty itself. I see much in it to like,” Kaine said Thursday during a series of roundtable events in suburban northern Virginia. “I think it's an upgrade of labor standards, I think it's an upgrade of environmental standards. I think it's an upgrade of intellectual property protections."
The very next day he was named the VP pick, and suddenly he's against TPP:

Sen. Tim Kaine, Hillary Clinton's running mate, has gone on record saying he cannot support the Trans-Pacific Partnership in its current form— a stance calculated to make him more appealing to supporters of Bernie Sanders who revile the deal.

Kaine spokeswoman Amy Dudley said Saturday that the Virginia Democrat shared his negative views on the trade deal with Clinton this week, confirming a report by The Washington Post. “He agreed with her judgment that it fell short” when it came to protecting wages and national security, a Clinton aide reportedly told the newspaper.
Of course, now that McAuliffe blabbed the not-very-secret strategy of the Democratic Presidential and Vice Presidential candidates flat out lying... the Clinton campaign went into damage control mode and insisted "nuh-uh, she really is against TPP." They trotted out an "adviser," Gene Sperling to insist there's no flip flop planned:

“What she has said is she is against it now, she is against in the lame duck and she’s against it afterwards, and I do believe that when she starts her administration, she is going to want to be focused on unifying Democrats,” he said.
Then, Clinton campaign chair John Podesta also stepped up to insist that Clinton would not flip flop after the election: Keep those links handy, folks, because after the election they may be useful. I'm posting that Podesta tweet as a screenshot, in case it magically disappears from Twitter...

Of course, the truly amazing thing here? For the longest time, it's been the Republicans who were the driving force on agreements like the TPP, and there was only pressure on getting enough Democrats to support those agreements. Now we have a Republican Presidential candidate who seems to be vehemently against the TPP (though for thoroughly clueless reasons) and a Democratic Presidential candidate who is secretly supporting it. This election season is topsy turvy.

Permalink | Comments | Email This Story

Feed Techdirt: Daily Deal: Project Management Certification Training 2016 Bundle (google.com)

The $69 Project Management Certification Training 2016 Bundle will help you become an expert manager and prepare to get the certifications you need. The eight courses have over 170 hours of content and instructions covering critical thinking, analytical skills and effective decision-making techniques for working with teams. Exam preparations for PMP, CAPM, PRINCE2, CPI, Agile and more are covered.

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

Permalink | Comments | Email This Story

Feed Techdirt: Colorado Republican Committee Tries To Use CFAA To Get Even With A Bogus Tweeter, Fails Completely (google.com)

How do we know the CFAA is a terrible law? Because even "civilians" abuse it. Or at least try to.

Back in April, the Colorado Republican Committee's (CRC) Twitter account tweeted out something a bit concerning after Ted Cruz nailed down all 34 delegates at a committee assembly in Colorado Springs.

If you can't see the tweet, it says:

We did it. #NeverTrump

The tweet was taken down minutes later and the official Twitter account explained that someone with "unauthorized access" had posted the tweet and it was not a reflection of the Colorado GOP's official stance.

This led to a brief internet wildfire, where CRC reps were interviewed by reporters about the tweet and enraged Trump supporters [also: 4chan] -- believing the fix was in -- began posting threatening messages to and about Colorado GOP leaders. So far, so internet.

The CRC took this a step further though, attempting to sue the "Doe" with allegedly "unauthorized access" for breaching the "threat to public health or safety" clause of the CFAA. The original complaint [PDF] shows the CRC is perhaps far better at electioneering than investigating.

Over the next three weeks, the CRC conducted an investigation into the origin of the tweet. CRC was able to confirm that the fraudulent tweet was sent using the Twitter for iPhone app, but was not able to determine the identity of the responsible individual.

Um. (Source.)

Armed with info that anyone else could have obtained in seconds rather than weeks, the CRC decided it could mass email the perp into turning themselves in:

On April 19, 2016, the CRC sent an e-mail to all individuals who had at one point been authorized to access to the @cologop account asking that they identify themselves by 5:00pm on Wednesday, April 20, 2016 if they were responsible for the fraudulent tweet.

Unsurprisingly, this failed to uncover the perpetrator. It also made it clear that, until this point, the keepers of the official Twitter account never considered that telling formerly authorized users not to use the account is way less effective than actually revoking their access by changing the password.

The court was unimpressed with the original complaint and ordered the plaintiffs to show cause or GTFO. The amended complaint [PDF] contains much more detail, including the supposed expenses incurred as a result of the short-lived tweet. Apparently, everyone involved in the "investigation" spent "hours" determining that someone used an iPhone to send the tweet.

CRC’s internal staff spent hours communicating with its past and present thirdparty vendors to ascertain if any of their personnel accessed CRC’s Twitter account.

CRC’s internal staff also spent hours communicating to Twitter over the phone and through emails.

CRC’s officers and staff spent time responding to the press over the tweet.

Some of those hours were billable, so to speak.

At least 70 percent of Kohli’s time for the week following the assembly and convention and at least 25 percent of the following week was spent responding to the aftermath of the tweet, including making numerous phone calls and emails about CRC’s progress in identifying the anonymous tweeter, determining who had access to the @cologop Twitter account, and answering media requests. This resulted in a loss to CRC of at least 70 percent of his time for one week and 25 percent of him time for another week. Since his annual salary is $65,000, this loss totals at least $1,187.50.

Internet molehill having been sufficiently mountained, the amended complaint goes on to detail the threats received by CRC officials before trying to claim these threats were somehow induced by a tweet that, itself, was not threatening in any form.

Defendant’s conduct in sending the fraudulent tweet caused damage to CRC in the form of death threats to its officers and employees, closure of its offices, and harm to its reputation.

The threats received by the CRC, its officials, and personnel constituted a threat to public health or safety within the meaning of 18 U.S.C. 1030(c)(4)(a)(i)(IV).

And there's the CFAA tie-in.

Even with certain deficiencies addressed, the CRC still can't assemble a claim that the court can move forward with. The judge has dismissed the complaint in its entirety, pointing out that just because certain things happened after another thing happened doesn't mean the first thing that happened (the bogus tweet/"unauthorized access") is directly responsible for statements made by a bunch of other internet denizens. (h/t Raul)

CRC argues that its Amended Complaint cures the defects addressed in the Court's Order to Show Cause, specifically: (i) it identifies time spent by its staff investigating the unauthorized access as the "loss" that it suffered under 18 U.S.C. 1030(e)(11), (g); and (ii) that the "threat to public health or safety" required by 18 U.S.C. 1030(c)(4)(A)(i) and (g) is satisfied by allegations that it was reasonably foreseeable that the publication of the unauthorized message would induce third parties to respond with threats of harm to CRC officers. Although the Court accepts the first proposition, it finds the second to be deficient as a matter of law.

In the Order to Show Cause, the Court previously addressed why 18 U.S.C. 1030(g)'s "involves" language requires a plaintiff to allege that the unauthorized computer access itself poses a risk to public health or safety, and that the requirement is not satisfied by an allegation that the unauthorized access indirectly caused such a risk to emerge from another source. CRC's response cites to various cases that have used the term "caused" in discussing other provisions of the Act.

The Court finds these cases to be off-point and unpersuasive.

Fortunately, the court takes the CFAA's public health and safety clause and presents a narrow reading of it -- somewhat of a rarity in CFAA-related cases.

As discussed previously, the threat requirement might be met if the unauthorized access disables computers or deletes data essential to providing medical treatment, public utilities, or emergency response services, but not where the unauthorized access has a benign primary effect but induces others to harmful acts. For example, a user who hacks into the social media account of a classmate and encourages him or her to commit suicide might be liable for engaging in conduct posing a risk to health and safety, but a user who hacks into the same classmate's account and merely taunts the classmate for being unattractive cannot be said to have engaged in conduct threatening public health and safety even if the now-despondent classmate reacts to the taunting by committing suicide. Such example entails the user specifically employing the unauthorized access to bring about the risk to public health, and in such circumstances, the use of a predominantly criminal statute to afford civil relief might be proper. The latter example draws upon the complex, wide-ranging, and sometimes attenuated principles of tort causation, importing that sprawling and imprecise inquiry into a statute that was clearly intended to have a narrow, focused reach.

While the fallout of the bogus tweet may have been inconvenient and surrounded by threats from irate GOP members (oh, and 4chan...), the tweet itself was not threatening nor did it call for threats to be made. That one led to the other is undeniable, but it was in no way definitely foreseeable that the tweet would have this effect.

The CRC's complaint is, at best, an expensive windmill tilt, tossed into court solely for the purpose of exposing the "unauthorized" tweeter to angry CRC officials. It has nothing to do with CFAA violations -- which were apparently added to make a federal case out of the CRC's failure to address its own operational security issues until it was too late.

Permalink | Comments | Email This Story

Feed Techdirt: IP Lawyers Tell Copyright Office To Stop Screwing The Public By Opposing Cable Box Reform (google.com)

Last week we noted how the cable industry was distorting the definition of copyright to try and fend off the FCC's attempt to bring competition to the cable box market. Through misleading editorials and leveraged relationships with beholden lawmakers, the cable industry has been successfully convincing some regulators that we can't bring competition to the cable box or we'll face a piracy and copyright apocalypse.

Dig deeper and you'll find that copyright has nothing to do with the proposed changes being tabled. The FCC's proposal simply requires (pdf) that cable providers deliver their existing programming, sans CableCARD, to third party set tops with an eye toward boosting competition. The FCC has stated repeatedly that under their plan, cable providers can utilize the standards and copyright protection of their choice to make this happen, keeping existing DRM in place (for better or worse). Again, it's important to understand that for cable providers this fight is about control and $21 billion in annual rental fees.

Annoyingly it's not just clueless politicians, cable lobbyists and entertainment industry editorials pushing the narrative that the cable box fight is about copyright. The Copyright Office has joined the cable and entertainment industry in opposing the FCC's plan because... copyright. This support has had a major impact on the FCC's efforts, with some of the commissioners that originally voted yes on the proposal (Mignon Clyburn, Jessica Rosenworcel) now starting to waffle in large part thanks to Copyright Office warnings.

Not too surprisingly, the Copyright Office's opposition to a major consumer-friendly policy has raised eyebrows among numerous IP Lawyers, who fired off a letter to Acting Librarian of Congress David Mao this week warning the Office that it's wandering too far afield:

"We understand that the Copyright Office has expressed concern that the FCC’s proposal, if implemented, would lead to the infringement of copyright. We do not share that concern, particularly in light of the legal and technical measures contemplated in the NPRM for protecting copyrighted content from illegal copying."
The letter is quick to argue that the Office's attempt to massively extend copyright to protect cable control over every aspect of the cable box runs in stark contrast to the limitations set forth in the Supreme Court's Sony v. Universal decision. As such, the letter politely suggests it might be nice if the Office adhered to the law and stopped giving regulators and politicians bad advice on this subject:

We urge you to oversee the Copyright Office pursuant to Section 701(a) of the Copyright Act to ensure that the Office dispenses advice to policy makers that is reasonably consistent with settled principles of copyright law. When the Office acts to advise Congress on matters within its purview, it must do so in a way that seeks to further the Copyright Act’s primary goal of rewarding creators for the public’s ultimate benefit. Interpretations of copyright law that operate to expand copyright entitlements into copyright-adjacent fields of commerce run counter to Supreme Court precedent and the copyright system’s goal of increasing public access to knowledge and information.
Among the letter's five signatories is Annmarie Bridy, who, in a statement of her own, again makes it clear that bringing competition to the cable box is not going to usher forth the piracy and copyright apocalypse:

"We pointed out in our comments that the FCC’s proposal is fully attentive to the content protection issues that could arise from opening up cable programming streams to non-cable equipment manufacturers. The cable box, in other words, is not a copyright Pandora’s box; it can be opened carefully, in a way that both protects copyright holders and enables overdue innovation in the way that cable subscribers access content for which they’ve paid."
While it's helpful for experts to warn the Copyright Office it's actively harming the public interest here, the damage may have already been done. The FCC, already under fire for net neutrality rules and new broadband privacy protections, has descended into internal bickering over whether cable box competition will harm copyright, consumer privacy, puppies, and a wide variety of other vibrant red herrings put forth by cable lobbyists, entertainment industry allies, and the Copyright Office. Unless something changes in the next few months, it seems entirely likely that the FCC's plan will, quite intentionally, get buried in committee.

Again that may not be the end of the world. With the streaming market evolving the cable box is a doomed relic anyway; the FCC's plan would simply have accelerated its demise by five years or more. Losing this fight may also give the FCC more time to focus on more important issues for the health and future of the video marketplace, like broadband competition and the use of zero rating and usage caps to thwart alternative streaming providers. Still, the FCC's plan would have not only saved consumers millions, it would have given consumers access to better, cheaper, more open and innovative hardware than ever before.

Shame then that the Copyright Office couldn't be bothered to give politicians and regulators some real device on this subject: namely that the cable industry's opposition to cable box competition is little more than a sound wall of disinformation, delivered by an an army of for-hire sycophants, fueled entirely by the ham-fisted desire to retain monopoly control in the face of inevitable evolution.

Permalink | Comments | Email This Story

Feed Techdirt: Putin's Internet Trolls Are Stoking The Vitriolic Fire By Posing As Trump Supporters (google.com)

Over the last year we've repeatedly noted how Putin's Internet propaganda efforts go well beyond flinging insults in news story comment sections. Thanks to whistleblowing by the likes of Lyudmila Savchuk, we learned how Putin employs multiple factories operated by a rotating crop of shell companies whose sole purpose is to fill the internet with Putin-friendly drivel twenty-four-hours a day. Early reports noted how these efforts focused on what you'd expect from Putin: discrediting reporters, distorting Russia's invasion of the Ukraine, or opposing Finland's entry into NATO.

But a little more than a year ago, New York Times Magazine's Adrian Chen decided to see just how deep that particular rabbit hole went.

What he uncovered was a global, not-at-all subtle disinformation network of well-constructed hoaxes, heavily-produced YouTube videos, fake Wikipedia entries, and tens of thousands of bogus social media accounts -- many of which were designed to pollute the global discourse pool here in the States. The report went so far as to highlight one disinformation effort where Putin-paid trolls posed as Americans online, directing users to a fully-realized museum in Chelsea, Manhattan professing to show the "other side" of the Ukranian conflict (you say invasion, I say tomahto).

That Putin's trolls have extended these tactics to the US election is more than likely. In fact, in an accompanying podcast discussing his story, Chen notes that he also discovered that a number of Putin's disinformation pugilists have been posing as Trump supporters for some time -- something New Yorker contributor Ben Taub was quick to highlight this week just as the DNC e-mail hack hysteria began to peak:

Here's the relevant piece of transcript, from 2015: https://t.co/yVbzyziDHF pic.twitter.com/wXh3Hunx1I

— Ben Taub (@bentaub91) July 25, 2016
Obviously this insight begins to carry new meaning as Russia's involvement in the DNC hack becomes clearer. Many of course have spent significant calories trying to suggest a direct Putin to Trump connection; that's certainly the narrative being pushed by a DNC with a vested interest in avoiding any real conversation about what the e-mails actually say. But it's equally possible that Putin's simply using Internet propaganda to pour gasoline on a rolling dumpster fire that's already veering out of control.

This level of propaganda is something the United States -- already effectively at war with itself -- is not only very good at itself, but incredibly susceptible to. As a nation we're already prone to over-reaction in tech policy (ban all encryption!), adore responses that make already bad situations worse (immediately launch a cyberattack on Russia!), have an echo-chamber media for whom fact checking is often optional, and an ongoing, passionate relationship with cybersecurity hypocrisy.

During election season we're additionally susceptible to this type of attack; sportsmen in our color-coded onesies and ear plugs -- ready to pounce at the faintest suggestion that our preferred punishment candidate has anything other than the noblest of intentions. We're wading into some very dangerous and ugly territory during what's already been one of the most divisive years on record. Enter the latest expanded claims that the DNC hacker was likely under Putin's employ:

"The researchers, at Arlington, Va.-based ThreatConnect, traced the self-described Romanian hacker Guccifer 2.0 back to an Internet server in Russia and to a digital address that has been linked in the past to Russian online scams. Far from being a singly, sophisticated hacker, Guccifer 2.0 is more likely a collection of people from the propaganda arm of the Russian government meant to deflect attention away from Moscow as the force behind the DNC hacks and leaks of emails, the researchers found."

“These are bureaucrats, not sophisticated hackers,” Rich Barger, ThreatConnect’s chief intelligence officer, told The Daily Beast. In blog posts and in interviews with journalists, Barger said, Guccifer 2.0 has made inconsistent remarks and given a version of how he penetrated the DNC networks that technically don’t make sense. For instance, the hacker claims to have used a software flaw that didn’t exist until December 2015 in order to break into the DNC networks last summer.
Given countries are busy hacking each other every god damned day, Russia's involvement here shouldn't be a shock. Neither should Russia's use of propaganda and hybrid warfare, a response it believes is justified retaliation to decades of this country's own information warfare efforts. Enter the U.S. media stage left, not only hysterically surprised that nation states hack each other, but immediately losing the forest for the trees; happily insisting the actual content of the e-mails are meaningless -- when they're not busy pushing op-eds advocating all out cyber war. If this is a test of things to come, it's one the press is already failing.

We're already up to our necks in our own marketing, political disinformation and propaganda, leaving us incapable of differentiating Russian disinformation from home grown vitriol. We're barely coordinated enough to agree on what cybersecurity should mean -- much less differentiate hostile Russian propaganda from the vanilla rancor and bile pervading the internet on any given afternoon. Ill-prepared, poorly informed and confused as hell, there's numerous possible responses from the United States here. Given our history with abysmal cybersecurity policy and even worse media dysfunction -- none of them are likely to be any good.

Welcome to the post-truth era's disinformation wars, ladies and gentlemen. Team "level headed" is going to need all the help it can get.

Permalink | Comments | Email This Story

Feed Techdirt: This Is What It Was Like To Take Part In The Failed Turkish Coup, In The Words Of The Plotters (google.com)

A year ago, we wrote about an interesting new organisation called Bellingcat. Although it's not clear what kind of project it should be called, it's easy to understand what it does: it takes publicly-available information from many sources, and tries to piece together the jigsaw puzzle of contemporary events. Its most recent analysis is an extremely topical piece of work:

A group of plotters of the failed Turkish coup attempt used a WhatsApp group to communicate with each other. Bellingcat has transcribed, translated, and analysed the conversation, thereby cross-referencing the messages with photos, videos, and news reports of the evening, night, and morning of July 15-16.
There are two sources for the WhatsApp conversation. One was widely circulated on Twitter soon after the coup, and consists of a video purporting to show messages on the phone of a plotter. The other source is a series of photos obtained by a journalist with Al Jazeera, although no further information on them is given. Naturally, claims that these are authentic need to be treated with caution, and this is where the Bellingcat method of drawing on diverse sources shows its strength. For example, a mention of the 66th Mechanised Infantry Brigade in the conversation is corroborated using other information from Twitter, Facebook and YouTube as follows:

By cross-referencing registration plates, military vehicles of the 2nd Armoured Brigade and the 66th Mechanised Infantry Brigade can indeed be spotted on photographs taken during the coup attempt in Istanbul. Number plates from vehicles from the First Army all start with "1" followed by five other numbers, thus "1XX XXX". While some military vehicles had their number plates covered during the coup attempt, others had not and often showed registration plates starting with "117" and "196", as Twitter users @Ald_Aba and @AbraxasSpa noted.

These numbers can be specifically attributed to the 2nd and 66th regiments, by looking at older photo and video material of both units, @Ald_Aba tweeted. As with regards to the numbers "196", photos uploaded to Facebook of the 2nd Armoured Brigade also show vehicles with the number "196". Similarly, the numbers "117" we also spotted on a vehicle of a YouTube video of the 66th Mechanised Infantry Brigade.
The extensive Bellingcat post consists of the conversation, in the original and in translation, as well as commentary of the kind quoted above. It provides extraordinary insights into the mechanics of a coup in the digital age.

At first, everything seems to be going according to plan, as key Turkish infrastructure is seized, including the state broadcaster. At around about midnight local time, one of the plotters in the WhatsApp group warns: "Privately owned TV stations must be silenced." But shortly afterwards, Turkey's President Erdoan made his by-now famous speech using FaceTime while mid-flight, broadcast by the privately-owned TV stations the plotters had failed to shut down. The Bellingcat post explains:

President Erdoan's speech is not mentioned in the group conversation, but the direct results of that speech are clearly noticeable: most units are asking for support as they are being surrounded by large crowd of civilians.
As a result, the plotters give increasingly desperate orders to use lethal force on the growing crowds, but to no avail. The last part of the WhatsApp transcription records the guttering of the short-lived attempted coup:

"Has the operation been cancelled Murat", Major Aygar asks.
"Yes, commander", he replies.
Major Aygar: "We're quitting??"
Colonel Doan: "Which operation, all of it?"
Major Çelebiolu: "Yes quit, commander."
Colonel Doan: "Meaning?"
Major Çelebiolu: "Yes, commander, operation aborted."
Colonel Doan: "Shall we escape?"
Major Çelebiolu: "Stay alive, commander. The choice is yours. We have not decided yet. But we have left our position. I'm closing the group. Delete the messages if you want."
It's fortunate for us -- and for future academics who will pore over them -- that the messages were not completely deleted. They survive to provide us with a unique record of a coup as it happened, told in the words of those who tried and failed to seize a major nation. On their own, the short bursts of conversation would be interesting, but hard to parse. With Bellingcat's characteristic annotations and amplifications, they become a gripping spectacle of history as it was being made, just two weeks ago.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Permalink | Comments | Email This Story

Feed Techdirt: EU Data Protection Official Says Revised Privacy Laws Should Ban Backdooring Encryption (google.com)

The EU's "Cookie Law" is a complete joke and waste of time. An attempt to regulate privacy in the EU, all it's really served to do is annoy millions of internet users with little pop up notices about cookie practices that everyone just clicks through to get to the content they want to read. The EU at least recognizes some of the problems with the law and is working on a rewrite... and apparently there's an interesting element that may be included in it: banning encryption backdoors. That's via a new report from European Data Protection Supervisor (EDPS) Giovanni Buttarelli, who was put in charge of reviewing the EU's ePrivacy Directive to make it comply with the new General Data Protection Regulation (GDPR) that is set to go into effect in May of 2018. The key bit:

The new rules should also clearly allow users to use end-to-end encryption (without 'backdoors') to protect their electronic communications.

Decryption, reverse engineering or monitoring of communications protected by encryption should be prohibited.

In addition, the use of end-to-end encryption should also be encouraged and when necessary, mandated, in accordance with the principle of data protection by design.
To be clear, this actually seems like it may go too far. There are plenty of situations where it seems completely reasonable for law enforcement to use other means to figure out ways to decrypt encrypted communications. Arguing that it should be completely outlawed seems a bit extreme. But blocking backdoors does seem like a good idea. The report also says that the use of end-to-end encryption should be encouraged to the point of being mandated in some cases:

In addition, the use of end-to-end encryption should also be encouraged and when necessary, mandated, in accordance with the principle of data protection by design. In this context the EDPS also recommends that the Commission consider measures to encourage development of technical standards on encryption, also in support of the revised security requirements in the GDPR.

The EDPS further recommends that the new legal instrument for ePrivacy specifically prohibit encryption providers, communications service providers and all other organisations (at all levels of the supply chain) from allowing or facilitating 'back-doors'.
Conceptually, this sounds good, but the implementation matters. Mandating encryption seems to be going a bit far. While I tend to think it makes sense for much more widespread use of encryption, it's not clear why the government needs to get involved here at all. And that includes in the development of such standards. In fact, as we've seen in the past, when the government gets involved in creating encryption standards, that seems to be where the intelligence community can slip in their backdoors.

Still, this is certainly an interesting development. Of course, it would also conflict with the UK's Snooper's Charter ("Investigatory Powers Act") which mandates backdoors for encryption. Though, to be fair, by the time the new rules go into practice, perhaps the UK will no longer be a part of the EU.

Permalink | Comments | Email This Story

Feed Techdirt: MIT Media Lab Launched Disobedience Award, Funded By Reid Hoffman (google.com)

Last week, Joi Ito, director of the MIT Media Lab (and a very sharp thinker on a variety of topics related to innovation) announced a really cool new award that the lab was putting together: a Rewarding Disobedience award, for $250,000, funded by LinkedIn founder Reid Hoffman:

This prize is a one-time experiment that, if successful, we will consider repeating in the future. It will go to a person or group engaged in what we believe is excellent disobedience for the benefit of society. The disobedience that we would like to call out is the kind that seeks to change society in a positive way, and is consistent with a set of key principles. The principles include non-violence, creativity, courage, and taking responsibility for one’s actions. The disobedience can be in—but is not limited to—the fields of scientific research, civil rights, freedom of speech, human rights, and the freedom to innovate.
That's a pretty cool idea for a prize. And I particularly like Michael Petricone's suggestion that the award should be named after Aaron Swartz, who of course was engaged in a great number of civil disobedience projects. And, unfortunately, one of them involved MIT turning on him, leading him to getting arrested and charged with a variety of ridiculous charges. Since then, there has been a struggle among many at MIT to figure out how that happened and what the university should do to prevent similar things in the future. Naming this kind of award after him would be a great start.

We recently wrote about the book The Idealist , about Swartz and the world of free culture (and had the author, Justin Peters, appear on our podcast for an excellent two-part discussion about the book). One things that becomes clear from the book was the absolute disbelief by Swartz and his family of the fact that MIT refused to support Swartz after his arrest. The university basically turned its back on him completely. It's something that the university still ought to do something about, and naming this award after Swartz would be a step in the right direction.

Permalink | Comments | Email This Story

Feed Techdirt: [Updated] Wikileaks Leak Of Turkish Emails Reveals Private Details; Raises Ethical Questions; Or Not... (google.com)

Important Update: Michael Best has now come out and said that it was actually he who uploaded the files in question, which he got from the somewhat infamous (i.e., hacked the Hacking Team) hacker Phineas Fisher. Through a somewhat convoluted set of circumstances, it appeared the files were associated with the Wikileaks leak when they were not -- and then basically everyone just started calling each other names:

The files were obtained by Phineas Fisher, who was the source. As far as I can tell, Fisher did not intend to dump all of the files publicly, and Fisher has not indicated that he meant to give any of the files to WikiLeaks to publish. However, they received a partial set of the documents and decided to publish them.

Following the WikiLeaks release of the partial set, Fisher decided to release his set. Since the files came from a known source (Fisher has been responsible for many high profile hacks, including the hack on the Hacking Team), I used the torrent file that the files were released through to create a bittorrent instance on the Internet Archive’s server. The server proceeded to download the torrent and create the item that was linked to by WikiLeaks.

After the personal information was discovered, the AKP files were removed from the Internet Archive’s server.

Although I wasn’t aware that it was included in the release at the time, I accept my responsibility in distributing the personal information. The explanation as to how it happened is not an excuse for the fact that it did happen.
Of course, in the meantime, there's been a lot of nastiness, with Wikileaks and its supporters unfairly claiming that Zeynep Tufekci was an agent for the Erdogan government -- which is insane if you know her at all. As Best notes in his piece, it's entirely reasonable that Tufekci assumed the files were uploaded by Wikileaks, and while Wikileaks may be on the defensive about other claims about its leaks, it didn't need to attack her credibility in the process. Still, hopefully this has all been sorted out now. Original article is below...

Last week, we (like many others) reported on the news that Turkey was blocking access to Wikileaks, after the site released approximately 300,000 emails, supposedly from the Turkish government. We've long been defenders of Wikileaks as a media organization, and its right to publish various leaks that it gets. However, Zeynep Tufekci, who has long been a vocal critic of the Turkish government (and deeply engaged in issues involving the internet as a platform for speech) is noting that the leak wasn't quite what Wikileaks claimed it was -- and, in fact appears to have revealed a ton of private info on Turkish citizens.

Yes -- this "leak" actually contains spreadsheets of private, sensitive information of what appears to be every female voter in 79 out of 81 provinces in Turkey, including their home addresses and other private information, sometimes including their cellphone numbers. If these women are members of Erdogan's ruling Justice and Development Party (known as the AKP), the dumped files also contain their Turkish citizenship ID, which increases the risk to them as the ID is used in practicing a range of basic rights and accessing services. I've gone through the files myself. The Istanbul file alone contains more than a million women's private information, and there are 79 files, with most including information of many hundreds of thousands of women.
What's not in the leak, apparently, is anything really about Erdogan's government:

According to the collective searching capacity of long-term activists and journalists in Turkey, none of the "Erdogan emails" appear to be emails actually from Erdogan or his inner circle. Nobody seems to be able to find a smoking gun exposing people in positions of power and responsibility. This doesn't rule out something eventually emerging, but there have been several days of extensive searching.
At the very least, this does raise some ethical questions. In the past, Wikileaks has (contrary to what some believe!) actually been pretty good about redacting and hiding truly sensitive information that isn't particularly newsworthy. It's possible that this is just a slip up. Or it's possible that Wikileaks got lazy. Or it's possible that the organization doesn't care that much to go through what it gets in some cases. [Update: Or, see the update above, where we discover it was a third party that uploaded this data, that then got associated with the Wikileaks data].

I still think that the organization has every right to release what it gets, but it should also be open to criticism and people raising ethics questions about what it has chosen to release. The fact that it appears to have failed to consider some of the questions in this case, and then possibly overplayed the story of what was in this release is certainly concerning, and harms Wikileaks' credibility. [Update: so, this was a mistake, though it's unfortunate that Wikileaks then lashed out out Tufekci and others making additionally baseless claims. Yes, it was wrongly accused, but that's no reason to wrongly accuse others as well.]

Permalink | Comments | Email This Story

Slashdot Top Deals

Where there's a will, there's a relative.