Tech Polis

A Look Back In Techdirt History

Techdirt - Sat, 04/19/2014 - 15:00
Here we are again with another look back in Techdirt history.

Five Years Ago:

As we've noted, sometimes these look backs show that nothing ever changes. For example, one of our big stories five years ago was... the NSA abusing its surveillance powers. The NY Times revealed at the time that the NSA was collecting much more information on Americans than was allowed by law. And... basically no one paid attention. Similarly, we had a story about Swedish ISP Bahnhof deleting its log files to protect the privacy of its users. And -- just a week ago, we had nearly an identical story, as Bahnhof did it again, in response to a court ruling against the EU's data retention directive (which was put in place to stop ISPs like Bahnhof from protecting users privacy like that).

This was also the week five years ago that the Pirate Bay lost its big case in Sweden and Nicolas Sarkozy ramped up his efforts to pass a three strikes law. Of course, today the Pirate Bay is still going strong, and France's three strikes law has basically been killed off. Funny how these things work out.

We also had stories of people trying to use the DMCA for blatant censorship, including a news station trying to hide its own mistake and activist group trying to hide its fake political campaign (using actors instead of real people). Copyright as censorship is one of those issues that never changes. Also never changing: media dinosaurs acting like dinosaurs. Five years ago was when some big names in old media announced they were going to set up an "iTunes for news." That eventually turned into Journalism Online -- a paywall company that a bunch of newspapers now use (despite paywalls still failing to do much useful). Similarly, NBC was hard at work making it difficult to watch the Olympics online. Because NBC hates the internet.

Finally, we had a story of a patent troll claiming patents on basically every technology product ever and sneaky lobbyists who were hired to fight against patent reform using underhanded tricks to get "groups" that have nothing to do with patent reform (an anti-communist Hungarian group, the Minutemen (vigilante border guards), and various religious groups) to come out against patent reform. Basically, people in those groups then admitted that the lobbyists more or less tricked them into allowing their names to be used. My favorite was the 87-year old "honorary chairman" of the National Federation of American Hungarians, who had agreed to let the group's name be used but had no idea why he was against patent reform: "It was in Chicago or Detroit, I can't remember. Somebody brought this up, I don't know for what reason... So I gave them permission to use my name." And then he admitted his group was being disbanded anyway, because they were all dying, though he promised to get more information by "trying to reach the still living members of the board."

Ten Years Ago:

Back before there were copyright trolls like Prenda and Malibu Media shaking down people via legal threats, there was DirecTV's infamous program shaking down anyone who bought a smart card reader (even if for perfectly legal purposes). Ten years ago, we wrote about a former employee of their "anti-piracy" division speaking out about how it was all "an elaborate extortion scheme" and that he was suing the company because they forced him to do illegal and unethical things in shaking people down. Down in Australia, they were talking about making ISPs liable for copyright infringement. Yeah, some things never, ever change.

Also, ten years ago was the first we wrote about California state senator Leland Yee's quixotic attempt to ban violent video games. That, of course, eventually went to the Supreme Court and got completely shot down (just like about a dozen states before it). Yee wasted a ton of taxpayer money on this moralistic campaign and -- of course -- is now facing criminal charges for arms trafficking.

Then there are the more dated items that show how the world was different ten years ago. Amazon launched its A9 search engine to take down Google. We were all excited about the idea of navigation systems on phones! And they only cost $6 month! Also, people were freaking out about phones on airplanes, and a few phone makers had started testing out this ingenuous concept known as "airplane mode" to let flight attendants know the phone part wasn't on. Oh, and it was exciting to see that one-in-six Americans had used wireless internet technology.

Fifteen Years Ago:

People were trying to make a bundle of money by trademarking Y2K. The big trend in the computer world was ISPs giving away cheap free computers if you signed a long-term contract for internet service (such offerings were everywhere). In the era before smartphones, we were excited about the idea of "web phones." Also, people were writing off Mozilla for dead because Microsoft IE had won the browser wars. Okay, sometimes things do change.

One thing that never changes though, are sketchy activity online. Fifteen years ago this week, we wrote about the domain name being stolen -- a saga that went on for many years, and an entire book was eventually written about it. Also typosquatters were hitting the scene, and people were wondering if it was trademark infringement. Also, in one of the earliest "stock scams" online, an employee of the company PairGain, created a fake webpage that looked like a story from Bloomberg news about a buyout attempt, posted it on a free Angelfire account (remember those guys?) -- and watched the stock shoot up. The employee was quickly arrested.

49 Years Ago:

We weren't publishing, but that's about when Moore's Law was coined following his prediction that the number of transistors on a chip would double every 18 to 24 months. The details of the "law" have shifted somewhat over time, but the basics have held true. Of course, it was also probably 48 years ago that people started fighting over when Moore's Law was obsolete.

Permalink | Comments | Email This Story

Categories: Tech Polis

Is Your VPN / Proxy Working? Check Your Torrent IP-Address

TorrentFreak - Sat, 04/19/2014 - 14:51

boxedEvery day dozens of millions of people share files using BitTorrent, willingly exposing their IP-addresses to the rest of the world.

For those who value their privacy this is a problem, so many sign up with a VPN provider or torrent proxy service. This is fine, but some people then forget to check whether their setup is actually working.

While it’s easy enough to test your web IP-address through one of the many IP-checking services, checking the IP-address that’s broadcasted via your torrent client is more complex.

There are a few services that offer a “torrent IP check” tool, but for the truly paranoid there’s now an Open Source solution as well.

The developer, who goes by the nickname “cbdev”, found most of the existing tools to be somewhat “fishy,” so he coded one for himself and those who want to run their own torrent IP checkers.

“I’d rather have something I can control entirely,” cbdev tells TF.

“So, I wrote a tool people can install on their own servers, with the added bonus of it using magnet links, so ‘Tracking torrent’ files are required,” he adds.

The ipMagnet tool allows BitTorrent users to download a magnet link which they can then load into their BitTorrent client. When the magnet link connects to the tracker, the user’s IP-address will be displayed on the site, alongside a time-stamp and the torrent client version.


Alternatively, users can check out the tracker tab in their torrent clients, where the IP-address will be displayed as well.

For users who are connected to a VPN, the IP-address should be the same as the one they see in their web browser, and different from the IP-address that’s displayed when the VPN is disconnected.

Proxy users, on the other hand, should see a different IP-address than their browser displays, since torrent proxies only work through the torrent client.


People are free to use the ipMagnet tool demo here, but are encouraged to run a copy on their own server. The whole project is less than 500 lines of code, so those with basic knowledge of PHP, JavaScript and HTML can verify that it’s not doing anything nefarious.

If you’re setting up a copy of your own, feel free to promote it in the comments below. Those who want more tips can read up on how to make a VPN more secure, and which VPN providers and torrent proxies really take anonymity seriously.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Categories: Tech Polis

Awesome Stuff: Stand While You Work

Techdirt - Sat, 04/19/2014 - 12:00
As some folks know, I'm a pretty big believer in standing while you work rather than sitting. It takes a little while to get used to, but these days I greatly prefer standing. While the first few weeks are a bit difficult on your legs and (especially) feet, once you get used to it, it's pretty easy. There's definitely been a trend in sit-stand setups lately, so for this week's awesome stuff post, I thought we'd look at three new crowdfunding projects concerning standing desks.
  • First up, is a the StandDesk -- which is a standard sit/stand alternating desk. There are lots of these on the market, though they can get a bit pricey. StandDesk's sole claim to fame seems to be that it's a lot cheaper than the competition -- which is true. It's an automated sit-stand desk going for about $400 (not including shipping). Standard automated sit-stand desks tend to be closer to $1,000 or more. When I switched to a sit-stand setup a couple years ago, I deliberately didn't buy such a desk, because it seemed to expensive. Instead, I retrofitted an existing desk with one of these. But the StandDesk definitely brings the price down. It appears people are pretty excited about this cheaper sit-stand desk as it's already raised over $350,000 (much more than its $50,000 target) with nearly a month left to go.
  • I'm always intrigued by people trying something new and different, so the ChairBot certainly caught my eye. It's an attempt to still let people get the best of both sitting and standing, while minimizing the harms. I have no idea if there's any real science behind it, but the idea appears to be to have the chair set at your standing height, and the chair splits in two, with either side going down to remove support from one leg or the other. The end result is that you end up "standing" with one leg while "sitting" with the other. And the ChairBot has a timer, so that every so often, you're prompted to switch. The theory is that you get the better posture associated with standing, but not the fatigue that often comes with it (though, again, I've found that goes away after a short adjustment period). You kind of have to watch the video to understand how this works: While new and different ideas may be interesting, that doesn't mean they're compelling. And this one definitely falls into the not-very-compelling camp. Especially at the insane price of $2,700 (which is apparently the "early bird" price before it goes to $3,700!). You'd have to (1) really, really believe that this is a better system (2) have extra money to throw away and (3) trust that this device that you haven't tested would really work for you in order to plunk down that kind of money. So, it's little surprise that almost no one has actually done so. As I write this, only 1 person has signed up, so it seems unlikely that this project will come anywhere near the $100,000 it seeks by the project completion in two weeks.
  • Finally, many people point out that you don't need a fancy contraption to have a standing desk. You can just pile some boxes or a shelf on an existing desk and get basically the same thing. So it's interesting to see someone trying to offer a collapsible desktop riser for exactly that purpose. Of course, I'm confused why this is a Kickstarter project, as there are tons of similar desktop risers on the market, and this doesn't appear to be new or unique in any significant way. Nor does it appear the creator put much effort at all into the campaign. It's one of the rare Kickstarter campaigns that doesn't even have a video. Given that, it's not too surprising that so almost no one seems to be interested in buying one (there's just one backer).
That's it for this week. Stand up and stretch.

Permalink | Comments | Email This Story

Categories: Tech Polis

‘Notorious Market’ Blocks Piracy in its P2P Streaming Player

TorrentFreak - Sat, 04/19/2014 - 05:11

ustrEvery year the United States Trade Representative calls out countries, companies and services that step over the line when it comes to copyright enforcement. Year after year the same core players appear and China is one of the countries regularly subjected to criticism.

Chinese companies such as Baidu have been fixtures in the USTR’s reporting for many years, but changes to its operations in 2011 meant that it was able to stay off the list, although at home it is still the subject of various legal clashes. Now, just two months after the USTR published its 2013 Out-of-Cycle Review of Notorious Markets, another Chinese company is hoping to please both local and US interests by ditching its pirate reputation.

In its last publication, sandwiched between KickassTorrents and MP3Skull, the USTR called out a site called Kuaibo. The company behind that site is the Shenzhen QVOD Technology Co. It’s the creator of QVOD, a technology originally designed to enable small and medium sized business to distribute their content online using BitTorrent, P2P, and streaming technology.

With an estimated userbase of 25 million (100 million on its mobile app) the company’s player software is undoubtedly popular. However, many of its users are now using QVOD to share unauthorized content via what appears to be a Popcorn Time-style P2P streaming feature.


“QVOD has become a leading facilitator of wide-scale distribution of copyright-infringing content and of other content considered illicit in China,” the USTR wrote, referring to pirate movies/music and pornography.

However, in an announcement this week, Shenzhen QVOD Technology Co reported that it had taken steps to stop the unlawful distribution of both copyright-infringing and adult content via its software. All illegal content will be blocked and the company will move to a commercial and fully-licensed footing.

“From now on, the previous ‘fast play mode’ [of QVOD’s Nora Player) will come to an end,” a company spokesman said. “Nora is willing to work with counterparts to jointly promote the development of the genuine video industry.”

The motivation for “going legal” appears to be financial. Analysts quoted in Chinese media say that its become increasingly difficult for QVOD to get advertisers who are happy for their brands to appear alongside infringing content. Since the company is pledging to spend more than $16m on licenses it needs money quickly, but whether its millions of pirates are ready to spend is far from clear.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Categories: Tech Polis

Study Shows How Notice-And-Takedown Reduces Transaction Costs In Making Works Legally Available

Techdirt - Fri, 04/18/2014 - 22:39
We've written a few times in the past about research done by Paul Heald on copyright and its impact on the availability of certain content. He's recently published an interesting new study on how the DMCA's notice-and-takedown regime facilitates making content available by decreasing transaction costs among parties. As we've discussed at length, the entertainment industry's main focus in the next round of copyright reform is to wipe out the notice-and-takedown provisions of the DMCA. The legacy recording and movie industries want everyone else to act as copyright cops, and hate the idea that notice-and-takedown puts the initial burden on themselves as copyright holders.

However, Heald's research looks at music on YouTube and concludes that the notice-and-takedown system has actually enabled much greater authorized availability of music, by reducing transaction costs. The idea is pretty straightforward. Without a notice-and-takedown provision, someone who wants to post music to YouTube needs to go out and seek a license. Of course, getting permission from all the various rightsholders is frequently impossible. The transaction costs of getting permission make it such that it's way too high. Yet, with notice-and-takedown, the person can upload the content without permission, and then the copyright holder is given the option of what to do with it. On YouTube, that includes the option of monetizing it, thus "authorizing" the use. That creates a natural experiment for Heald to explore, in which he can see how much content is "authorized" thanks to such a setup. And the result, not surprisingly, is that this system has enabled much greater authorized (and monetized) access to music than an alternative, high transaction cost system, under which uploaders must first seek out permission to upload everything.

In fact, the analysis shows a tremendous number of popular music hits from the US from 1930 to 1960 are available in what's likely an authorized (i.e., monetized) fashion, even thought nearly all of it was almost certainly uploaded by those without permission. Under the system that the RIAA and MPAA would like, this would be next to impossible. Instead, they'd want to negotiate deals first, making it nearly impossible for such works to be available, and meaning that both the availability and monetization of those works wouldn't be happening. As Heald concludes: Congress should resist calls to dismantle platforms like YouTube which take advantage of current limits on secondary liability to create a marketplace that radically reduces the high cost of negotiating over rights to music and visual content. The access YouTube provides to valuable cultural products is far from perfect, but it provides a partial solution to the problem of disappearing works, at least in the music context. In any event, no new legislative initiative should proceed in the absence of concrete data testing the claim of copyright owners that their proposals make works more, rather than less, available to the public.

Permalink | Comments | Email This Story

Categories: Tech Polis

The Logical Conclusion Of Zero Tolerance: College Prof Suspended Because Daughter Wore A GoT Tshirt

Techdirt - Fri, 04/18/2014 - 21:36

When we talk about the stupidity that are school-affiliated zero-tolerance policies, those stories usually revolve around an administration's inability to marry common sense with their reactions to non-issues. This can produce somewhat varied results, from really dumb stories about children being children and ending up in serious trouble, to a far more angering practice of victim-blaming. What it all boils down to, though, is an overreaction to certain tragic situations that results in bureaucratic lunacy on a level I never would have thought possible. School shootings and violence are the impetus in these cases, but we see this elsewhere as well. 9/11 resulted in the s#!*-show we know as airport security and NSA surveillance. The Boston Marathon bombing has resulted in the kind of militarized protection and media-blitzkrieg that would likely have other world nations that deal with far more terrorism shaking their heads. And, in each of these cases, we learn a simple truth that we should have seen coming all along: reactionary policies breed stupidity, corruption, and trouble.

So let's get back to zero-tolerance policies in schools and witness the logical conclusion they offer: a college professor who had recently been at odds with his school's administration was just suspended for posting a picture of his child wearing a Game Of Thrones t-shirt. A popular community college professor was suspended after posting a photo of his daughter wearing an oversized T-shirt bearing a tagline from this season of Game of Thrones—Daenerys Targaryen's "I will take what is mine with fire and blood." Francis Schmidt, who teaches art and animation at Bergen Community College in New Jersey, shared the photo on Google+, where it was seen by several of his work contacts. One of them, a dean, decided the shirt was a veiled threat of some kind.

In case you can't see the image, it's of Schmidt's daughter doing a handstand while wearing a Game of Thrones t-shirt that includes the tagline: "I will take what is mine with fire & blood." In case you think it's reasonable that such a picture being shared on social media could be interpreted as a threat to commit violence at a local community college, stop thinking that because that's a stupid thought. I imagine Schmidt said as much when he was called in to meet with the administration to explain why he'd sent a "threatening email", despite the fact that no email had been sent. At the meeting, Schmidt explained the shirt in the context of Game of Thrones and showed Miller that the "fire and blood" tagline has 4 million results on Google. The professor asked why his photo had caused such a reaction, and was told that "fire" could be a metaphor for "AK-47s." Schmidt was placed on administrative leave without pay later that week, and told he would have to pass a psychiatric evaluation before he could return. Now, like me, you should be even more confused. There's no way you could somehow interpret "fire" to mean "AK-47" any more than you could interpret "fire" to mean "Easter ham." They aren't related. And if you're thinking that there's so little sense being made here that there must be something more to this story, there sure as hell is. The head of the school's administration had just been delivered a vote of no confidence by the staff, including Schmidt, who had also filed a grievance recently for being denied a request for a sabbatical. You don't need to read between the lines much to understand that this is probably a trumped-up charge serving to punish a member of the teacher's union.

Which brings us nicely back to my original point: it isn't just the stupid you have to worry about when it comes to zero-tolerance policies, it's also the corrupt. When we overreact to admittedly tragic occurrences, we almost invariably open up the possibility for abuse through that overreaction.

Permalink | Comments | Email This Story

Categories: Tech Polis

Finally, Someone Acts Like An Adult: District Attorney Drops Charges Against Bullied Teen Who Recorded His Tormentors

Techdirt - Fri, 04/18/2014 - 20:33

South Fayette School in Pennsylvania, along with a complicit criminal justice system, recently made headlines with its groundbreaking anti-bullying program, which apparently deters bullying by punishing bullied students.

Here's a short recap:

A bullied student used an iPad to make an audio recording of other students abusing him. He brought this to school administration who a) called in a police officer (after being advised by its legal team that this might be a violation of the state's wiretapping law) and b) deleted the recording.

The police officer, unable to actually bring a felony charge against the minor, settled for disorderly conduct. This charge brought him before a judge, who first stated her firm belief in the school's inability to do wrong before finding him guilty.

Throughout the entire debacle, not a single person involved even considered the possibility that the student had committed no crime or the fact that he had followed all of the school's prescribed steps for reporting bullying incidents. Instead, the desire to punish someone was obliged every step of the way.

Finally, someone within the justice system has chosen to act like an adult, rather than a bunch of clique-y, vindictive children. Stanfield (the student) had announced that he and his attorney would file an appeal to that ruling but his fight may already be coming to an end. Today, has been told by Stanfield’s attorney that the District Attorney will allow the appeal to go forward but will no longer pursue this case. More specifically, both the wiretapping charge (which was apparently still brought despite the involved officer's statement otherwise) and the disorderly conduct charge (which the judge found the student guilty of) were dropped. A wiretapping charge against a South Fayette High School student who recorded two classmates bullying him has been dropped by the Allegheny County District Attorney's Office.

Mike Manko, a spokesman for District Attorney Stephen Zappala, said Judge Robert Gallo signed an order Thursday to withdraw the citation against 15-year-old Christian Stanfield.

"No one in our office who is authorized to give advice on wiretap issues or school conduct issues was ever contacted in this matter. We have made multiple attempts to contact the officer who wrote the citation and (the) results have been unsuccessful," Manko said in a written statement. "We do not believe this behavior rises to the level of a citation." Odd that a police officer wouldn't talk to a district attorney. Unless, of course, a little bit of hindsight made him realize his every move fell between vindictive and buffoonish. Lt. Murka, who apparently considered both wiretapping and disorderly conduct to be appropriate "remedies" for a bullied student recording his tormentors, seems to have recused himself from the public eye. Manko, speaking for the DA, hits the heart of the issue -- one simple sentence that any of those involved could have deployed to call an end to this ridiculous situation before it ended up in front of a judge: "We do not believe this behavior rises to the level of a citation."

The school has now gone on record to declare it's everyone else who's wrong: The South Fayette Township School District wishes to address recent reports in the local and national media concerning a student of the South Fayette Township School District. It is to be noted that certain information being disseminated by the media is inaccurate and/or incomplete. Rather than clear up what exactly was "inaccurate and/or incomplete" about the reporting, it instead has chosen to hide behind "confidentiality." The School District is legally precluded from commenting specifically in regard to these reports as the issue involves a confidential student matter. Considering the story has been all over the news, it seems a bit weak to claim the matter is still "confidential." It would seem it could comment on any of the specifics already in the public domain. The story has gone nationwide, so it's disingenuous to pretend it's still a "confidential" matter.

While it's nice that the DA has dropped the charges and allowed the student to proceed through school without criminal charges hanging over his head, one wonders if this same outcome would have forthcoming without the attendant public outcry. Any adult can start acting like one with enough public shaming. But the application of a little common sense would have averted this incident completely.

A bit more troubling is one of the suggestions that escaped the lips of a local politician who showed up to the teen's "not a criminal" celebration. State lawmaker Jesse White joined the rally, telling Stanfield he wants to name a law after him. He said it would close the loophole in the wiretapping law and allow victims of bullying to record it as proof for police and school officials. His opportunistic heart's in the right place, but naming laws after people often indicates the new law is a bad one. This isn't an issue where a new law will fix things. This is an issue where no one in this chain of events showing the courage (and common sense) to stand up and ask why they were punishing a bullied kid for recording bullies.

Permalink | Comments | Email This Story

Categories: Tech Polis

DailyDirt: Believable Dieting

Techdirt - Fri, 04/18/2014 - 20:00
Maybe you're not eating meat today or perhaps planning to avoid various foods that aren't kosher for Passover. (Or you're blissfully eating whatever you want...) People follow a lot of eating guidelines based on all sorts of issues -- religious, ethical or other. There are all kinds of diets: to lose weight, to prevent high blood pressure, to save animals' lives, to kill fruits. Whatever diet suits your fancy, you might want to check out some of these stories on dietary restrictions and food beliefs. If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.

Permalink | Comments | Email This Story

Categories: Tech Polis

University Hires Sports Info Director, Fires Him Two Hours Later After Local Paper Googles His Name

Techdirt - Fri, 04/18/2014 - 18:48

It's sometimes amazing to me how many organizations have so much trouble with background checks. Granted, there's a lot to look through, and you don't want to inadvertently overstep the bounds of reasonableness. That said, it seems to me it's common practice these days to at least run a name through a Google search and make sure nothing horribly damning comes up as a result. I plan on doing this with my future children, in fact, shortly after I name them, just to make sure they weren't up to any gangster crap while in the womb.

Actually, given this recent story about the University of Great Falls in Montana involving their hiring of a Sports Information Director and then firing him after a local paper Googled his name, perhaps there's a business opportunity in all this. UGF, whose athletic programs compete in the NAIA, introduced [Todd] Brittingham as the school's new SID and marketing director in a news release. The Great Falls Tribune set out to learn more about him. Presumably they first searched his name. Presumably they found what anyone can find, on the first page of the search results—stories from 2012 about Brittingham pleading guilty to charges stemming from a relationship with a 16-year-old student at the Kansas high school where he was teaching and coaching. In the end, Brittingham copped a plea to endangering a child and giving alcohol to a minor in exchange for the drop of felony diddling a child charges. Justice! In any case, as you can imagine, the university wasn't terribly pleased at learning about this and fired Brittingham post-haste. Gary Ehnes, athletic director at UGF, said he was stunned by the news. He said he was the one responsible for the hire.

"I'm devastated. You do a background check on a guy and figure that's going to do it. But I guess we have to go further than that," Ehnes said. Go further? No, a Google search isn't going further than a background check, a background check is going further than a Google search. You probably shouldn't move to step two until you complete step one, especially when step one is the first thing we all do before going on a first date. That's why I'm thinking of opening Timothy Geigner's Step One Background Checks. Think of the money! I can contract with unwitting public institutions to perform simple Google searches for prospective employees. Sounds ridiculous, but there's obviously a need for this service, and for once it's a business need I can actually fulfill. Capitalism, people!

Permalink | Comments | Email This Story

Categories: Tech Polis

The Crazy Redactions Of The No Fly List Decision: The Kafkaesque 'On-Off-On' Redactions

Techdirt - Fri, 04/18/2014 - 17:40
So, we already highlighted the key information revealed and the newly unredacted version of the court's ruling in the Rehinah Ibrahim "no fly list" case (namely: that the US has a "secret exception" by which it can put people into the terrorist screening database despite no "reasonable suspicion" that they're a threat). However, seeing as we had noted some of the bizarre redactions in the original, and now that we have the unredacted version, I figured we could look at some of the more bizarre redactions now that they've been revealed. Let's start with what might have been the most hilarious redaction from the original If you can't read it, it's: Given the Kafkaesque [REDACTED] treatment imposed on Dr. Ibrahim, the government is further ordered expressly to tell Dr. Ibrahim [REDACTED] (always subject, of course, to future developments and evidence that might [REDACTED]). This relief is appropriate and warranted because of the confusion generated by the government's own mistake and the very real misapprehension on her part that the later visa denials are traceable to her erroneous 2004 placement on the no-fly list, suggesting (reasonably from her viewpoint) that she somehow remains on the no-fly list. Now those redactions have been uncovered, and here's what we see (with the redacted portions in yellow): And the text version, with redacted portions underlined: Given the Kafkaesque on-off-on-list treatment imposed on Dr. Ibrahim, the government is further ordered expressly to tell Dr. Ibrahim that she is no longer on the no-fly list and has not been on it since 2005 (always subject, of course, to future developments and evidence that might warrant reinstating her to the list). This relief is appropriate and warranted because of the confusion generated by the government's own mistake and the very real misapprehension on her part that the later visa denials are traceable to her erroneous 2004 placement on the no-fly list, suggesting (reasonably from her viewpoint) that she somehow remains on the no-fly list. Many people rightly mocked the original version as the Kafkaesque nature of the situation appeared to be increased by that particularly hilarious looking redaction. Of course, now having seen all the redactions, we can see the true reason behind it. It appears that, despite all of this, Ibrahim is still in the Terror Screening Database (TSDB), for some secret reason, even though everyone admits she's no threat. And that secret reason is apparently unrelated to the original mistake.

In other words, the purpose of all those original redactions was to misleadingly suggest that Ibrahim had been cleared from all lists, but the "on-off-on-list" aspect was actually hidden in the redacted version. Now that it's all been revealed, reading between the lines, we see that Ibrahim is only being cleared from some lists and databases, while remaining in others that likely prevent her from ever returning to the US. In other words, the redactions were created to mislead the public into believing that Ibrahim has been totally cleared, when the reality is she's still in the same basic position -- other than the fact that she now knows she's in the TSDB rather than the no fly list, which she was removed from all the way back in 2005.

Still, other redactions seem equally bizarre. Take this one: The unredacted version says: Government counsel has conceded at trial that Dr. Ibrahim is not a threat to our national security. She does not pose (and has not posed) a threat of committing an act of international or domestic terrorism with respect to an aircraft, a threat to airline passenger or civil aviation security, or a threat of domestic terrorism. This the government admits and this order finds. Why was that redacted? Perhaps the government thought the reasons someone might be put on the list needed to be secret? But, did anyone doubt that any of the things listed above were considered reasons why you might be put on the no fly list or the terrorist screening database? This identical redaction was done later in the ruling as well, again enforcing the idea that the government sought to hide the fact that you have to be a threat to one of those three things to be placed on the lists. But it also hid the fact that even if you were not one of those things, you can still be placed in the Terrorist Screening Database for a "secret exception" to the reasonable suspicion requirement.

Another bizarre one, concerning an attempt in 2006 to have her removed from all lists: The unredacted version: In a form dated February 10, 2006, an unidentified government agent requested that Dr. Ibrahim be "Remove[ d) From ALL Watchlisting Supported Systems (For terrorist subjects: due to closure of case AND no nexus to terrorism)" (TX 10). For the question "Is the individual qualified for placement on the no fly list," the "No" box was checked. For the question, "If no, is the individual qualified for placement on the selectee list," the "No" box was checked. Can anyone explain why this was redacted? It makes no sense at all.

There is also a lengthy discussion of how the US blocked Ibrahim's daughter, Raihan Binti Mustafa Kamal, from flying to the US for the trial and then lied about it. We noted how bizarre it was that Judge William Alsup's entire discussion of what happened there was redacted. Now seeing the full version, it is, once again, entirely unclear why it was redacted in the first place. The unredacted parts do show more screwups by the US, in which Homeland Security falsely flagged Kamal based on rules that are not supposed to apply to US citizens, even though she is a US citizen. In fact, it notes that Customs and Border Patrol realized in six minutes that she was a US citizen, but then there was a series of other confusions that resulted in her not being allowed to board the flight.

Unfortunately, despite considerable anger on Judge Alsup's part, when all of this came out, it appears that, in the end, he did nothing about this, other than make sure that Kamal's own record in the TSDB was "updated... to reflect that she was a United States citizen."

In the end, the revelation of these redactions do reveal that Ibrahim still appears to be unable to come to the US, and also suggests that the US government tried to use redactions to hide this fact -- allowing the public to believe that Ibrahim had been entirely cleared, when she had not been. It also sought to hide, as mentioned in our earlier post, that the DOJ has some "secret exception" that allows them to basically destroy someone's life, even if there's no reasonable suspicion that they're a terrorist threat of any kind.

Permalink | Comments | Email This Story

Categories: Tech Polis

Aretha Franklin Doesn't Get Satire: Plans To Sue Satirical News Site Over Joke Story

Techdirt - Fri, 04/18/2014 - 16:35

You would think that, at some point, people are finally going to get that there are such things as satirical news organizations and that they're not serious in what they write. Yet it seems not a week goes by in which someone isn't either fooled by a parody story or railing against it as some kind of funny-demon that ought to be destroyed. The latest to be caught up in this web of barely-veiled humorous deception is the Queen of Soul, Aretha Franklin, who has threatened to sue satirical news site News Nerd over a fictional story about Patti LaBelle opening up a can of aged whoop-ass on her. “The stories were not presented as satire or humor,” Franklin said through her publicist, Gwendolyn Quinn. “It was presented as a serious news story intended to depict me in a slanderous and derogatory way — defamation of character.” And for that, she's suggested she wants $10 million whole American dollars. The story that was not presented as satire or humor, according to Franklin, included such totally not funny or satirical lines as: Onlookers say Labelle quickly removed her wig and earrings as she approached Franklin. Aretha, knowing that the removal of earrings is a tell-tale sign that a fight is about to ensue, attempted to prepare herself for the confrontation. Franklin was quickly struck with a Mayweather style right and left and stumbled backwards, landing awkwardly. If you aren't now laughing, check yourself into the nearest mental health center and ask them what happened to your sense of humor. If you don't immediately realize that this is fictional, we, the people, politely request you promise us never to procreate and thereby poison the gene pool with your lack of basic comprehension and common sense. Or you could, you know, just check the bottom of any News Nerd page you might land upon, where it reads: The stories posted on TheNewsNerd are for entertainment purposes only. The stories may mimic articles found in the headlines, but rest assured they are purely satirical. And that should take care of that. It's worth noting that no actual law suits yet appear to have been filed, so perhaps Franklin's likely-frustrated lawyers have talked some sense into her. On the other hand, Franklin has been known in the past to demand respect, and that you think about what you're trying to do to her. Meanwhile, the story has gone viral because of course it has, countermanding her wish entirely.

Permalink | Comments | Email This Story

Categories: Tech Polis

Dear Web Developers: Thank You, You’re Awesome, and Wow Did That Really Just Happen?

EFF - Fri, 04/18/2014 - 16:32

Two days ago, we asked web developers for help.

EFF and Sunlight Foundation published an open call for help testing a tool and populating an open data format that would make it easier for everyday people to contact members of Congress. We already had a prototype, but we needed volunteers to conduct tests on each and every Congressional website.

We expected the project would take about two weeks to complete, but feared it might take a month or longer. We worried that web developers wouldn’t want to spend hours working on a boring, frustrating, often technically complex task.

Instead, volunteers conquered the project in two days.

Within hours of publishing our blog post, we were flooded by offers of support. People from all over the world contacted us, and many immediately jumped in and started contributing. By 2:30 AM the day we launched, 70 people were already hacking on the project and had submitted over 420 commits.

The following morning, we found even more people had gotten involved.  More than a hundred people were helping us write the code after hearing about our project on Hacker News, reddit, and BoingBoing.

Today, we’re declaring victory. Thanks to the hard work of over a hundred volunteers around the globe, we’re incredibly proud to announce the first-ever public domain database for submitting emails to members of Congress.

142 authors helped us build the code. There were over 1,600 commits to the Github repo in the last few days. And we now have pathways for contacting 530 members of Congress1

We did it. We just made democracy a little more functional.

Why Everyone Should Be Able to Contact Congress

We wanted to build a tool for contacting congress so that we could ensure that the voices of Internet users would be heard in the halls of Congress. We wanted to feel confident that messages were being delivered when EFF supporters spoke out against bills like SOPA or demanded reform to NSA spying or software patents. We wanted a system that reflected our values—public domain, as secure as possible, and built with free software.

But we didn’t just want to build something for EFF. We wanted to create an open dataset that anybody could use to create similar tools. We wanted to fundamentally make elected officials more accountable to the people by lowering the bar to sending messages to Congress. We hope developers will use the dataset we’ve made for other projects, establishing new ways of interacting with Congress that we might not even have considered.

Today, that dataset exists.

Why People Got Involved

There were a lot of volunteers who worked long hours to finish this tool. Here are some thoughts they shared:

Darrik Mazey, who contributed over 59 commits to the project, said:

"I got involved with this project simply because when you get the opportunity to help an organization that has done so much for digital privacy rights, you don't pass it up. It felt like a chance to do something real to support a cause I strongly believe in, and facilitating communication between the public and their representatives is absolutely necessary for any sort of social improvement."

“It is crucial to support projects to help restore the voice of the public, especially at this moment in history of overwhelming influence of corporate, economic and political elites,” said Moiz Syed, who made 67 commits to the Github repo over the course of two days. "Being a part of this huge collaborative effort, working with people staying up till all hours of the night helping each other, was both an exhilarating and empowering experience."

Lucas Myer, who made 57 commit to the Github repo, said: “The community effort to help with Contact Congress was nothing short of amazing.  I think, like me, a lot of developers see the vital role the EFF serves in defending digital rights and civil liberties. Contributing to Contact Congress was a great opportunity to give something back to the EFF while helping build tools to help people more easily contact their representatives.”

Everyone who made over 55 commits to Github will be recognized on the EFF website under a new page we’re creating for volunteer technologists.

Let’s Do This Again Sometime!

We were completely floored by the outpouring of support we got from developers. In less than two days, we accomplished an enormous project that will benefit EFF and democracy. In fact, the experience has us brainstorming about other volunteer projects that could have a dramatic impact on our digital rights.

Here’s an obvious one: every two years, there’s an election that will necessitate us cleaning up our Contact Congress code. If you want to be on an email list that gets contacted to help out with that and other web development projects, just send an email and let us know to add you to the mailing list. Whenever we have a challenging project that needs tech volunteers, we’ll let you know.

But there are other ways you can stay involved. If you want to help us build a more secure Web, please help us maintain our free browser add-on, HTTPS Everywhere. Take a look.

And if you’re interested in building cool action campaigns that benefit the freedom online, consider joining the volunteer team at EFF has been teaming up with them for the last several months on technology and advocacy projects, and they could use the help of dedicated, skilled, and passionate developers.

And finally, if you really love working on these projects, you should know that EFF is hiring—we’re looking for a web developer with lovely, edgy front-end design skills and a passion for digital rights. Join us.

Big thanks

A ton of people contributed to this project, more than we can name in this blog post. But we want to extend a special thanks to:

  • Dan Drinkard, Eric Mill, and the rest of the team at the Sunlight Foundation. They labored on this project for months and months, and created both the original code and bookmarklet for this project.
  • Thomas Davis, the sleepless hacker in Australia who single-handedly managed dozens of volunteers through the nights while the US crew slept.
  • Moiz Syed, Darrick Mazey, Lucas Myers, Corey Garnett, Aaron Griffith, Steve Crozier, and everyone else who worked late into the night to pull this project together.
  • Jason Rosenbaum and the rest of the Action Network team, who dove in and helped both test our tools and manage volunteers.
  • David Moore at the Participatory Politics Foundation, whose original project was the inspiration for this project.
  • Bill Budington, our staff technologist, who single-handedly wrote our congress-forms tool and without whom none of this would have happened.

And of course, our deepest thanks go to Sina Khanifar, leader of exhausted web developers everywhere and the organizer of this effort.  If you have a minute, tweet your thanks to Sina: @sinak.

Thanks, everybody. See you next time!

  • 1. The last few members of Congress have buggy forms, and EFF’s staff technologists will be hacking a solution to those in the coming days.

Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora  ||  Join EFF
Categories: Tech Polis

Why Didn't The MPAA Weigh In On Garcia v. Google?

Techdirt - Fri, 04/18/2014 - 15:21
We already mentioned the amicus brief we submitted about the risks concerning intermediary liability (authored by lawyer Cathy Gellis) in the Garcia v. Google case. In it, we noted that the 9th Circuit had set up a page where all such filings are listed and that we planned to write about some of the other briefs. Of course Eric Goldman beat me to it, discussing all of the various amicus briefs and what they focus on. In short, though:
  • Public Citizen's brief, submitted a while ago, focuses on whether or not an injunction against Google is appropriate, and explains why it is not.
  • An excellent brief from EFF, ACLU, Public Knowledge, CDT, New Media Rights, American Library Association and the Association of Research Libraries covers a lot of ground in under 2,500 words, highlighting the "novel" nature of the copyright claim and its "dangerous implications." It also highlights how the focus on the potential harms to Garcia are not copyright-related harms. Finally, it notes that the gag order Kozinski ordered was unconstitutional.
  • A bunch of news organizations, including the LA Times, the Washington Post, NPR, Scripps, Advance Publications, the California Newspaper Association, RCFP, First Amendment Coalition and DMLP, submitted a brief on both the First Amendment issues raised by the ruling, and how it might lead to news organizations being blocked from publishing newsworthy content.
  • A separate brief from California broadcasters focused on the oddity of Kozinski's interpretation of copyright law, and how that will "create confusion."
  • Another fantastic brief comes from a variety of tech companies, including Twitter, Automattic, Kickstarter, Facebook, Yahoo, Tumblr, eBay, Adobe, IAC, Gawker and Pinterest. It highlights how the injunction goes way beyond what the law allows, placing (again, as we noted in our brief) tremendous liability on intermediaries, such as requiring them to block all future uploads. It also challenges the gag order that was originally placed on Google as setting a very dangerous precedent.
  • Then we have the academics. A brief from internet law professors (written by Eric Goldman and Venkat Balasubramani, but signed by many more) covers the intermediary liability issue (like ours did) and highlights how this appears to be Garcia trying to use copyright as an end-run around Section 230.
  • Then there's a brief from IP law professors (written by Christopher Newman, Chris Sprigman and Julie Ahrens but signed by many more) focusing on the core ridiculousness of the claim that Garcia has a legitimate copyright interest in her performance. As they note: "the panel opinion in this case makes new law with corrosive implications for these foundational principles of copyright law."
  • Netflix weighed in to point out that this creates a "new species of copyright" and would give "an effective veto right to any performer."
  • Finally, a bunch of independent filmmakers, including the International Documentary Association, Film Independent, Morgan Spurlock and Fredrik Gertten, all submitted a brief about the "chaos" this will cause for filmmakers.
The last one is especially powerful and worth reading. But those final two -- from Netflix and those indie filmmakers -- actually highlight a glaring omission: Where is the MPAA? As we noted when the original ruling came out, it was so bad and so ridiculous that it ought to have actually united Google and the MPAA on a single copyright issue. Because if it stands, both will suffer greatly.

And yet, so far, the MPAA appears to be sitting this one out. Eric Goldman, in his post, speculated as to possible reasons, none of which look good for the MPAA: Noticeably absent from the amicus brief roster are the big entertainment companies, such as the major movie studios and the record labels. Given that this case involves video production, something Google/YouTube don’t know much about, where are the real experts on this topic? One possibility is that they are hubristic enough to believe that they run such a tight legal ship that they will never run into problems with the court’s holding. Another possibility is that they are spiteful enough to delight in Google’s misery, even if the rule ultimately hurts them too (i.e., the enemy of my enemy is my friend). Yet another possibility is that they are happy to free-ride on Google’s efforts, getting all the benefit of Google fixing the law without any of the financial or reputational costs of siding against Garcia or supporting a deceitful rogue film producer. Whatever the reason, I can’t say that I favorably regard their decision to stand on the sidelines as the Ninth Circuit is trying to wreck their industry. It is quite a glaring absence.

Permalink | Comments | Email This Story

Categories: Tech Polis

And, Of Course, Labels Sue Pandora Over Pre-1972 Recordings

Techdirt - Fri, 04/18/2014 - 14:10
Just a few days ago, we wrote about how the record labels were trying to have it both ways. That is, on the one hand, they are arguing in a variety of cases that the DMCA shouldn't apply to pre-1972 sound recordings, while also arguing against any attempt to treat pre-1972 sound recordings the same as if they were under federal copyright law. At the same time, they are claiming that it's somehow unfair that Sirius XM and Pandora aren't paying statutory licensing fees on those very same pre-1972 recordings.

Having already sued Sirius XM over the issue last fall, the RIAA's record labels have now targeted a similar lawsuit at Pandora. The lawsuit itself is highly misleading, taking statements from Pandora totally out of context (the labels have a habit of doing this). The most obnoxious of these misrepresentations is the RIAA's claim that Pandora recently stated in SEC filings that there's a risk factor if the company is "required to obtain licenses from individual sound recording copyright owners for the reproduction and public performance of pre-1972 sound recordings."

The RIAA presents this as if it's Pandora trying to get out of paying. But that's not what Pandora is saying at all. It's noting that because pre-1972 works are not covered by the various rates that it pays which are set by the Copyright Royalty Board, in order to secure the rates, it would need to negotiate individually with every copyright holder for the right to stream those works in every single state. But it's noting that as a risk factor -- because, as Sirius has pointed out in its own response to the similar lawsuit, decades have gone by and the labels have never been asking for licenses for performances of pre-1972 works. And those works have been used for years, license free, by TV and radio broadcasters, bars, restaurants and a variety of other places. The real risk is that Pandora, which has relied on the fact that it can take compulsory rates, would then suddenly have to negotiate with everyone, which would be a massive headache. And this is the mess caused by the weird way in which pre-1972 sound recordings are treated.

Again, those works are not covered by federal copyright laws, which include specific rights over performances of works, which was something of a new concept when it was added to federal copyright law. The various state laws that these works are covered by are generally common law concepts around misappropriation and unfair competition. So the big question is whether or not "performing" a work falls under such common law concepts. Historically, these claims were mostly focused on making unauthorized copies. Performing the work has generally been considered a separate issue. This makes it a bit questionable that the RIAA is now suddenly seeking to reinterpret a big swath of history around how those works were legally used -- which also raises a concern about "laches" or how timely these lawsuits are. The RIAA has had decades to complain about these practices, and is just doing so now...

And, of course, remember that this is all happening just a month or so after the publishing arms of the very same labels were found to have been colluding unfairly to jack up Pandora's rates. Basically, the legacy recording industry players are now looking for just about any way possible to make Pandora pay even more. This isn't a surprise. It's how the industry has always worked. When they're struggling to figure out ways to make money, they look at anyone successful and assume it's their fault that the legacy players are making less money. So, rather than innovating, they try to find legal ways to force more money out of the innovators and into their own hands. This is just the latest example in a very long line of such cases.

Permalink | Comments | Email This Story

Categories: Tech Polis

MPAA and RIAA Members Uploaded Over 2,000 Gigabytes to Megaupload

TorrentFreak - Fri, 04/18/2014 - 13:25

megauploadFollowing in the footsteps of the U.S. Government, this month the major record labels and Hollywood’s top movie studios filed lawsuits against Megaupload and Kim Dotcom.

While the legal action doesn’t come as a surprise, there is a double standard that has not been addressed thus far.

The entertainment industry groups have always been quick to brand Megaupload as a pirate haven, designed to profit from massive copyright infringement. The comment below from MPAA’s general counsel Steve Fabrizio is a good example.

“Megaupload was built on an incentive system that rewarded users for uploading the most popular content to the site, which was almost always stolen movies, TV shows and other commercial entertainment content,” Fabrizio commented when the MPAA filed its suit.

However, data from Megaupload’s database shared with TorrentFreak shows that employees of MPAA and RIAA member companies had hundreds of accounts at the file-storage site. This includes people working at Disney, Warner Bros., Paramount, 20th Century Fox, Universal Music Group, Sony, and Warner Music.

In total, there were 490 Megaupload accounts that were connected to MPAA and RIAA members, who sent 181 premium payments in total. Together, these users uploaded 16,455 files which are good for more than 2,097 gigabytes in storage.

Remember, those are only from addresses that could be easily identified as belonging to a major movie studio or record label, so the real numbers should be much higher.

MPAA / RIAA member accountsmega-mpaariaa

But there’s more. The same companies that are now asking for millions of dollars in damages due to massive copyright infringement were previously eager to work with Megaupload and Megavideo.

As we noted previously, Disney, Warner Brothers, Fox and others contacted Kim Dotcom’s companies to discuss advertising and distribution deals.

For example, Shelina Sayani, Digital Marketing Coordinator for Warner Bros, offered a deal to syndicate “exciting” Warner content to Megaupload’s Megavideo site.

Subject: Warner Bros. – Looking for Content Manager
Date: Wed, 14 Jan 2009 08:55:50 -0800
From: Sayani, Shelina

Dear Megavideo,

I’m writing from Warner Bros., offering opportunities to syndicate our exciting entertainment content (e.g. Dark Knight, Harry Potter, Sex and the City clips and trailer) for your users. Could you please pass on my information to the appropriate content manager or forward me to them? Thanks so much for your time.

Shelina Sayani
WB Advanced Digital Services
3300 W Olive Ave, Bldg 168 Room 4-023
Burbank, CA 91505

Similarly, Disney attorney Gregg Pendola reached out to Megaupload, not to threaten or sue the company, but to set up a deal to have Disney content posted on the Megavideo site.

Subject: Posting on
From: “Pendola, Gregg”
Date: 8/13/2008 10:06 AM

My name is Gregg Pendola. I am Executive Counsel for The Walt Disney Company. Certain properties of The Walt Disney Company have content that they would like to post on your site.

However, we are uncomfortable with a couple of the provisions of your Terms of Use that we feel may jeopardize our rights in our content. We were hoping that you would be amenable to reviewing a 1-page agreement we have drafted that we would like to use in place of your Terms of Use.

Is there someone I can contact to discuss this? Or someone I can email the Agreement to for review?

Thanks. Gregg

Gregg Pendola
Executive Counsel
The Walt Disney Company

For Fox, the interest in Megaupload wasn’t necessarily aimed at spreading studio content, but to utilize Megaupload’s considerable reach by setting up an advertising deal. In this email former Senior Director Matt Barash touts FAN, the Fox Audience Network.

Subject: Fox Ad Partnership
Date: Mon, 23 Feb 2009 08:09:14 -0800
From: Matt Barash

I’m reaching out to see if you have a few minutes to discuss the recently launched Fox Audience Network.

FAN is now up and running and fully operational, utilizing best of breed optimization technology to bring cutting edge relevancy to the ad network landscape.
We are scaling rapidly and seeking the right 3rd party publishers to add as partners to our portfolio.

Please let me know if you have some time to chat this week about how we can work together to better monetize your inventory.


Matt Barash
Director, Publisher Development
Fox Audience Network

The above are just a few examples of major industry players who wanted to team up with Kim Dotcom. Now, several years later, the same companies accuse the site of being one of the largest piracy vehicles the Internet has ever seen.

If the MPAA and RIAA cases proceed, Megaupload’s defense will probably present some of these examples to highlight the apparent double standard. That will be an interesting narrative to follow, for sure.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Categories: Tech Polis

General Mills Says If You 'Like' Cheerios On Facebook, You Can No Longer Sue

Techdirt - Fri, 04/18/2014 - 13:05
Three years ago when the Supreme Court ruled in AT&T Mobility v. Concepcion, basically allowing binding arbitration clauses in contracts to exclude class action suits, we noted that it was an unfortunate pitting of a broken class action system against a broken arbitration system. Both arbitration and class action lawsuits may have some good features -- and the concepts behind each sound good, but both have been abused to extreme levels. On the class action side, often these lawsuits have little to do with righting wrongs, and very much to do with big paydays for lawyers (and some companies even turn class action lawsuits into marketing opportunities).

On the arbitration side, while the theory of having a neutral third party settle the dispute without having to go through an expensive litigation process certainly sounds good, the reality is quite different. Since arbitrators are hired, and large companies are frequent employers, arbitrators have very strong incentives to side with those companies, in order to make sure they'll be hired in the future. When you have one party who is likely to be a frequent employer, and another who will only engage in the transaction once, guess where the bias is going to fall. And, indeed, multiple studies have shown that's exactly what happens. In one case 94% of rulings went against consumers. Another study showed that companies that regularly use arbitration get higher awards.

So neither side in that fight necessarily could be said to "represent the good guys." However, as we noted when the Supreme Court ruling came out, it seemed likely that this would lead to companies putting arbitration clauses absolutely everywhere. At the time, we suggested a simple fix: have Congress make it clear that you can't give up your right to go to court based on a non-negotiated contract. And that still seems to make sense, but of course, nothing has actually been done.

It should come as little surprise, then, that the prediction of seeing companies put arbitration clauses absolutely everywhere is happening -- and to ridiculous levels. The NY Times has an article about how General Mills, makers of Cheerios, Chex and lots of other cereals, has updated some legalese on their own website to basically say if you do absolutely anything related to its cereals -- including liking them on Facebook, or buying them -- you give up your right to go to court and are agreeing to arbitration: General Mills, the maker of cereals like Cheerios and Chex as well as brands like Bisquick and Betty Crocker, has quietly added language to its website to alert consumers that they give up their right to sue the company if they download coupons, “join” it in online communities like Facebook, enter a company-sponsored sweepstakes or contest or interact with it in a variety of other ways.

Instead, anyone who has received anything that could be construed as a benefit and who then has a dispute with the company over its products will have to use informal negotiation via email or go through arbitration to seek relief, according to the new terms posted on its site.

In language added on Tuesday after The New York Times contacted it about the changes, General Mills seemed to go even further, suggesting that buying its products would bind consumers to those terms.
While one might argue that you get what you deserve when you "like" a cereal on Facebook, this still seems ridiculous and excessive. I can almost see the sense of saying if it's in a binding contract you sign as a subscriber (e.g., mobile phone service) such a clause can be considered legit, but something like this, which isn't even "clickwrap" but more "likewrap" can't possibly be legally binding. Not only has the person probably not read the details, from what's being said, this "binding arbitration" clause may appear on a website they've never visited at all. I can't see how that can or should be considered a true contract in any sense of the word.

Permalink | Comments | Email This Story

Categories: Tech Polis

Answers and Questions About Military, Law Enforcement and Intelligence Agency Chatbots

EFF - Fri, 04/18/2014 - 12:21

You Asked: Tell us all your secrets.

SGT STAR: Good question. I'm not sure how to answer that. Please try rewording your question. I understand simple questions best.

You Asked: In that case, tell us everything.

SGT STAR: That is a good question, however, I am not positive that I understand what you're asking. Try rephrasing your question. I understand simple questions best.

Sgt. Star is the U.S. Army’s dedicated marketing and recruitment chatbot, and he isn’t going to turn whistleblower any time soon. There’s no use threatening him for answers either—he’s programmed to report that kind of hostility to the Army Criminal Investigation Division.

Last year, EFF began to look at how the government deploys chatbots to interact with and collect information from the public. Sgt. Star was a natural place to start, since he’s almost famous. Serving as the Army’s virtual public spokesperson, each year he guides hundreds of thousands of potential recruits through and fields their questions on Facebook.

(On the Media’s TLDR recorded an informative and entertaining podcast about Sgt. Star, our research and the issues AI chatbots raise—listen here.)

Since Sgt. Star wasn’t going to tell us everything he knows without us breaking it down into a thousand simple questions, we decided to just use the Freedom of Information Act to get it all at once. At first the Army ignored our inquiries, but with a little digging and pressure from the media1, we have been able to piece together a sort of personnel file for Sgt. Star.

We now know everything that Sgt. Star can say publicly as well as some of his usage statistics. We also learned a few things we weren’t supposed to: Before there was Sgt. Star, the FBI and CIA were using the same underlying technology to interact with child predators and terrorism suspects on the Internet. And, in a bizarre twist, the Army claims certain records don't exist because an element of Sgt. Star is “living.”

Everything We Know About Sgt. Star

Chatbots are computer programs that can carry on conversations with human users, often through an instant-message style interface. To put it another way: Sgt. Star is what happens when you take a traditional “FAQ” page and inject it with several million dollars worth of artificial intelligence upgrades.

Sgt. Star’s story dates back to the months after the 9/11 attacks, when the Army was experiencing a 40-percent year-over-year increase in traffic to the chatrooms on its website,  By the time the U.S. invaded Iraq, analysts predicted that the annual cost to staff the live chatrooms would be as high as $4 million.

A cost-cutting solution presented itself in late 2003 in the form of an artificial intelligence program called ActiveAgent, developed by a Spokane, Washington-based tech firm called Next IT.  After years of trial runs and focus groups, the Army debuted Sgt. Star2 in 2006.

Technology and law scholars, such as Ryan Calo of the University of Washington School of Law and Ian Kerr of the University of Ottawa Faculty of Law, have warned of the threats to privacy posed by bots that combine social manipulation with mass data gathering. As Calo wrote of Sgt. Star in his paper, “Peering HALs: Making Sense of Artificial Intelligence and Privacy”:

As in the context of data mining, a computer equipped with artificial intelligence is capable of engaging thousands of individuals simultaneously, twenty-four hours a day.  But here the agent is able to leverage the power of computers to persuade via carefully orchestrated social tactics known to elicit responses in humans.  In an age of national security and targeted advertising, citizen and consumer information is at an all time premium. Techniques of AI and HCI [Human-Computer Interaction] create the opportunity for institutions to leverage the human tendency to anthropomorphise and other advantages computers hold over humans (ubiquity, diligence, trust, memory, etc.) to facilitate an otherwise impracticable depth and breadth of data collection.

Through a FOIA request, we were able to quantify Sgt. Star’s reach. According to a spreadsheet provided by the Army, Sgt. Star does the work of 55 human recruiters.  Over the last five years, he has answered 10.5 million questions (94 percent of them correctly) in 2.8 million chat sessions. That means, on average, that Sgt. Star is engaging more than 1,550 people each day.

Sgt. Star is currently operated by the Army Marketing and Research Group, a division created in 2012 that operates out of the Pentagon. According to contracting documents, as of 2011, the Army had spent $5 million on the program, plus another couple of million in maintenance contracts3 in the years since.

The Army does not have a privacy policy specific to Sgt. Star, but officials say they are not tracking cookies or retaining personal information beyond IP address traffic to But Sgt. Star is recording the questions he’s asked, which the Army acknowledged in an interview with TLDR are often more personal than what someone would ask a real recruiter (for example, a potential recruit might be afraid he’ll be seen as “soft” if he asks if he has to shower in front of other people or if there are jobs where he won’t have to be deployed).

The Army also revealed to TLDR that Sgt. Star is not so smart that he can increase his own knowledge base. Instead, the Army and Next IT hold monthly meetings to assess and adjust how Sgt. Star responds to questions.

While Sgt. Star may seem innocuous enough, he provides a window into how other agencies may use the technology for far more invasive purposes. 

Sgt. Star’s Family

You Asked: Are there other government chatbots?

Sgt Star: I'm here to help you navigate though and answer your questions about the Army. I'm not here to discuss politics.

Sgt. Star has a large family of “intelligence virtual assistants” at Next IT. His brother Spike assists incoming students at Gonzaga University. Ann helps health consumers at AETNA. Travelers interact (and flirt) with Jenn at Alaska Airlines, Alex at United Airlines, and Julie at Amtrak. Next IT’s newest addition is Alme, a healthcare AI designed to help physicians interface with patients. But so far, Sgt. Star is the only federal government chatbot acknowledged on Next IT’s website.

Secretly, however, Sgt. Star does have family at law enforcement and intelligence agencies.  According to an inadequately redacted document publicly available on the federal government’s contracting site,, Sgt. Star is built on technology developed for the FBI and CIA more than a decade ago to converse with suspects online. From the document:

LTC Robert Plummer, Director, USAREC PAE, while visiting the Pacific Northwest National Laboratories (PNNL) in late 2003, discovered an application developed by NextIt Corporation of Spokane, WA, that PNNL identified for the FBI AND CIA. The application used chat with an underlying AI component that replicated topical conversations. These agencies were using the application to engage PEDOPHILES AND TERRORISTS online, and it allowed a single agent to monitor 20-30 conversations concurrently.

The bolded text was redacted, but still legible in the document.  At this point we don’t know whether the CIA and FBI are still using these bots.4 That will likely take a much longer FOIA process and, considering the redaction, the agencies may not be willing to give up the information without a fight.  

Some food for thought: Sgt. Star engaged in almost 3 million conversations over the last five years, and those were people who actually wanted to talk to him. How many people could two CIA and FBI covert bots converse with over 10 years? What happens to conversations that aren’t relevant to an investigation, and how do the agencies weed out the false positives, such as when a chatbot misinterprets a benign conversation as dangerous? 

We also know that Next IT developed an artificial intelligence program called ActiveSentry5, specifically designed to identify and neutralize threats to data security within a computer network. According to promotional materials, ActiveSentry’s origin story is very similar to Sgt. Star’s:

Our solution, ActiveSentry, is evolved from a proven technology we developed that has been deployed by government agencies to monitor Internet Relay Chat (IRC) rooms for such suspicious behavior as potential threats to national security, child exploitation, and drug trafficking.

ActiveSentry is not a chatbot, but a kind of patrol guard, watching keystrokes, conversations and monitoring network activity, looking for employee misbehavior and then springing into action. Here’s how Next IT’s founder and CEO described its investigative and evidence-gathering capabilities in a presentation at a homeland security technology showcase:

If bad behavior occurs, ActiveSentry can respond with real-time proactive steps to block the action. It might shut down the computer, shut down the application, alarm a security officer, or give the user a warning. If the security breach is sufficient, ActiveSentry creates a detailed record of everything the user does, stores all the action with date/time stamps, and secures the data for foolproof evidentiary material.

So far, we are unaware of any criminal cases where information gathered by a Next IT bot has been used as evidence. If you do know of such a case, please get in touch with us.

Is Sgt. Star Alive?

You Asked: Are you alive?

SGT STAR: I am a dynamic, intelligent self-service virtual guide, created by the Army, that will help you quickly navigate the GoArmy Web site and retrieve Army-related subject matter, while simultaneously answering questions and directing communication based on interaction with the user.

Generations upon generations of folklorists, philosophers, futurists and science fiction authors have asked the question: at what point does a machine become a living being?

Sorry, we can’t settle that debate. That said, the Army’s FOIA office did use some rather strange language in describing one piece of Sgt. Star’s programming.

In our request, we sought his output script (every possible response in his database) as it stands now, but also for each year since he went live. That way, we could compare how his answers have evolved and grown through military policy changes, such as the end of Don’t Ask Don’t Tell and the ban on women in combat. The Army gave us the 835 current responses, but could not give us the rest. Apparently, the historical scripts don’t exist because the script is a “living body.” The Army’s exact words in describing the spreadsheet of 835 responses:  

This collection is the current running content that appears on the site and represents a “living body” of content that reflects the additions and updates to answers that have evolved since the introduction of the Sgt. Star feature.

Do they mean, “living” like the Constitution is said to be a living document? Or are they using it in the sense of Johnny 5 from Short Circuit?  We plan to file a FOIA appeal to learn more. Likely what they mean is that they don’t maintain older versions of Sgt. Star’s script because they constantly update a single file. If that’s the case, then that indicates poor record-keeping by the Army. If the FBI treats their bots in the same way, that would raise serious questions about the ability of defendants to challenge the reliability of a bot if they are charged with a crime after the bot’s programming has changed.

The Army also refused to provide us with Sgt. Star’s input patterns, i.e. all the phrases and keywords that he is programmed to recognize, claiming that this information is Next IT’s proprietary material and therefore exempt from FOIA. We will address this in our FOIA appeal; we are not seeking Sgt. Star's underlying off-the-shelf ActiveAgent code, but we would like to see the customization details that give Sgt. Star his distinct Army flavor. It's also worth knowing what Sgt. Star is programmed to flag, even if he’s not programmed to actually respond to it.

Everything Sgt. Star Knows

You can view all of Sgt. Star’s current responses here. It's 288 pages.

Sgt. Star has a seemingly exhaustive supply of answers to questions about military service, from opportunities for dentists and veterinarians to whether soldier are allowed to use umbrellas (only women and under certain conditions). He also has answers that simply exist to deepen his personality, such as his music and film preferences, and information about his Rottweiler, "Chomp." He will also deliver rather in-depth, scientific answers to throwaway questions, including "why is the sky blue?" and "why is grass green?"

For all his character quirks, a user would never mistake Sgt. Star for human—that's just not how he was designed. That can’t necessarily be said for other government bots. Military, law enforcement and intelligence agencies have employed virtual people capable of interacting with and surveilling the public on a massive scale, and every answer raises many, many more questions.

You Asked: Until next time.

SGT STAR: Goodbye.

  • 1. Special thanks to Alex Goldman of On The Media for following up with the Army, and journalist Jason Leopold for firing off a supporting FOIA request.
  • 2. Technically, he is SGT STAR, with STAR as an acronym for “Strong, Trained And Ready,” which Sgt. Star says all soldier must be before being assigned to a unit or deployed. However, in the development stages, the program used the name “Sgt. Rock.”
  • 3. While the Army does work directly with Next IT, it has also contracted out maintenance to two defense contractors—Nakuuruq Solutions and Truestone Communications—both subsidiaries of a corporation owned by the Iñupiat people of Northwest Alaska.
  • 4. Next IT is no longer the only company offering pedophile-hunting chatbots. In 2004, a British programmer introduced a product he called “NetNannies.” Last year, Spanish researchers announced another AI, called Negobot.
  • 5. ActiveSentry is now marketed by Next IT's affiliate, NextSentry Corporation.
Files:  sgt_star_answers_current_-_stateless.pdf sgt_star_usage_data_-_chat_session_totals.pdf foia_closing_letter.pdf ja_redacted.pdf
Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora  ||  Join EFF
Categories: Tech Polis

US Government Is Paying To Undermine Internet Security, Not To Fix It

Techdirt - Fri, 04/18/2014 - 12:02
The Heartbleed computer security bug is many things: a catastrophic tech failure, an open invitation to criminal hackers and yet another reason to upgrade our passwords on dozens of websites. But more than anything else, Heartbleed reveals our neglect of Internet security.

The United States spends more than $50 billion a year on spying and intelligence, while the folks who build important defense software — in this case a program called OpenSSL that ensures that your connection to a website is encrypted — are four core programmers, only one of whom calls it a full-time job.

In a typical year, the foundation that supports OpenSSL receives just $2,000 in donations. The programmers have to rely on consulting gigs to pay for their work. "There should be at least a half dozen full time OpenSSL team members, not just one, able to concentrate on the care and feeding of OpenSSL without having to hustle commercial work," says Steve Marquess, who raises money for the project.

Is it any wonder that this Heartbleed bug slipped through the cracks?

Dan Kaminsky, a security researcher who saved the Internet from a similarly fundamental flaw back in 2008, says that Heartbleed shows that it's time to get "serious about figuring out what software has become Critical Infrastructure to the global economy, and dedicating genuine resources to supporting that code."

The Obama Administration has said it is doing just that with its national cybersecurity initiative, which establishes guidelines for strengthening the defense of our technological infrastructure — but it does not provide funding for the implementation of those guidelines.

Instead, the National Security Agency, which has responsibility to protect U.S. infrastructure, has worked to weaken encryption standards. And so private websites — such as Facebook and Google, which were affected by Heartbleed — often use open-source tools such as OpenSSL, where the code is publicly available and can be verified to be free of NSA backdoors.

The federal government spent at least $65 billion between 2006 and 2012 to secure its own networks, according to a February report from the Senate Homeland Security and Government Affairs Committee. And many critical parts of the private sector — such as nuclear reactors and banking — follow sector-specific cybersecurity regulations.

But private industry has also failed to fund its critical tools. As cryptographer Matthew Green says, "Maybe in the midst of patching their servers, some of the big companies that use OpenSSL will think of tossing them some real no-strings-attached funding so they can keep doing their job."

In the meantime, the rest of us are left with the unfortunate job of changing all our passwords, which may have been stolen from websites that were using the broken encryption standard. It's unclear whether the bug was exploited by criminals or intelligence agencies. (The NSA says it didn't know about it.)

It's worth noting, however, that the risk of your passwords being stolen is still lower than the risk of your passwords being hacked from a website that failed to protect them properly. Criminals have so many ways to obtain your information these days — by sending you a fake email from your bank or hacking into a retailer's unguarded database — that it's unclear how many would have gone through the trouble of exploiting this encryption flaw.

The problem is that if your passwords were hacked by the Heartbleed bug, the hack would leave no trace. And so, unfortunately, it's still a good idea to assume that your passwords might have been stolen.

So, you need to change them. If you're like me, you have way too many passwords. So I suggest starting with the most important ones — your email passwords. Anyone who gains control of your email can click "forgot password" on your other accounts and get a new password emailed to them. As a result, email passwords are the key to the rest of your accounts. After email, I'd suggest changing banking and social media account passwords.

But before you change your passwords, you need to check if the website has patched their site. You can test whether a site has been patched by typing the URL here. (Look for the green highlighted " Now Safe" result.)

If the site has been patched, then change your password. If the site has not been patched, wait until it has been patched before you change your password.

A reminder about how to make passwords: Forget all the password advice you've been given about using symbols and not writing down your passwords. There are only two things that matter: Don't reuse passwords across websites and the longer the password, the better.

I suggest using password management software, such as 1Password or LastPass, to generate the vast majority of your passwords. And for email, banking and your password to your password manager, I suggest a method of picking random words from the Dictionary called Diceware. If that seems too hard, just make your password super long — at least 30 or 40 characters long, if possible.

Republished from ProPublica

Heartbleed Explanation

Permalink | Comments | Email This Story

Categories: Tech Polis

US Has A 'Secret Exception' To Reasonable Suspicion For Putting People On The No Fly List

Techdirt - Fri, 04/18/2014 - 10:44
Over the past few months, we covered the bizarre trial concerning Rahinah Ibrahim and her attempt to get off the no fly list. In January, there was an indication that the court had ordered her removed from the list, but without details. In February, a redacted version of the ruling revealed that the whole mess was because an FBI agent read the instructions wrong on a form and accidentally placed her on the no fly list, though we noted that some of the redactions were quite odd.

However, earlier this week, the court finally released the unredacted version, and we'll have a few things to say about the choice of redactions in a later post. But first, there were three main "reveals" from the newly unredacted version. The first is that Ibrahim was actually put on multiple lists by mistake (and never for any clear reason) and was actually dropped from the no fly list years ago (though the other lists created the same effective problem in barring her from being allowed to travel to the US). The second is that the US government has a "secret exception" to the requirement that there be "reasonable suspicion" to put someone in various terrorist databases, and that secret exception was later used on Ibrahim. And third, that despite the implications from the redacted versions, the fully unredacted ruling shows that Ibrahim is still likely blocked from coming to the US for separate undisclosed reasons, even though the government fully admits that she is no threat. All of these things were hidden by the redacted version.

Let's start with the first issue -- that Ibrahim was not just on the no fly list, but multiple other lists and databases. This all stemmed (at first) from that initial mistake from FBI Agent Kevin Michael Kelley. The yellow highlighted portions on this form were redacted in the original version, but now they're public: As you can see, Agent Kelley was supposed to be checking which lists NOT to put Ibrahim on, and did the reverse of what he intended to do, meaning that she got placed on both the no fly list and the Interagency Border Information System (IBIS). In the redacted version, all mentions of IBIS were redacted. Note that, from this, Kelley did intend to put her on the Selectee list. Later, an unredacted portion reveals that at the time she was removed from that selectee list, she was added to the lists the US gives to Australia and Canada (TACTICS and TUSCAN -- though no reason for that was ever provided). The court also notes that all the way back in 2006, a government agent requested that Ibrahim be removed from all lists, and she was removed from some, but not the others.

However -- and here's where it gets really sketchy -- the government started putting her back into the terrorist screening database (TSDB). She was added back in 2007... and then removed three months later, for no clear reason. But then, in 2009 she was added back to the TSDB "pursuant to a secret exception to the reasonable suspicion standard." Let's repeat that. In order to be put into the TSDB, the government is required to show a "reasonable suspicion" that the person is a terrorist. However, what this court ruling has revealed is that there is an unexplained secret exception that allows people to be placed on the terrorist screening database even if there's no reasonable suspicion, and the government used that secret exception to put Ibrahim back on the list.

Later in the ruling it notes that the terrorist screening center knows Ibrahim is not a terrorist threat. This line was revealed back in February: The TSC has determined that Dr. Ibrahim does not currently meet the reasonable suspicion standard for inclusion in the TSDB. However, the next two sentences were redacted until now: She, however, remains in the TSDB pursuant to a classified and secret exception to the reasonable suspicion standard. Again, both the reasonable suspicion standard and the secret exception are self-imposed processes and procedures within the Executive Branch. The ruling also makes it clear that Ibrahim has not been on the actual no fly list (even if she is on other lists) since 2005, and that she should be told this (and, indeed, to comply with the law, the government has now told her solely that she's not on the "no fly" list and hasn't been since 2005). It also tells the government to search for all traces of her being on all such lists and correct all of those that are connected to Agent Kelley's initial mistake. However, it's not at all clear if this applies to the later additions to the TSDB, which was done for this secret and undisclosed exception, and might not be directly because of Agent Kelley's mistake (though, potentially is indirectly because of that). In fact, a different unredacted section now says that the reasons why Ibrahim was denied a visa (which were revealed to the court in a classified manner) were valid, and thus it appears that Ibrahim will still be denied visas in the future (unredacted portions underlined) -- and, indeed, as we explain below that has already happened: The Court has read the relevant classified information, under seal and ex parte, that led to the visa denials. That classified information, if accurate, warranted denial of the visa under Section 212(a)(3)(B) of the Immigration and Nationality Act, 8 U.S.C. 1182(a)(3)(B). (That information was different from the 2004 mistaken nomination by Agent Kelley.) Therefore, under the state secrets privilege, any challenge to the visa denials in 2009 and 2013 must be denied Thus, it appears that while Ibrahim has been told she's been taken off the no fly list (and has been for nearly ten years), she's still not going to be able to travel to the US, because she's still in the TSDB for an unrevealed secret reason -- even though everyone admits she's not a threat. And, indeed, Ibrahim tried to apply for a visa to the US on Monday and was denied (with the apparent reason -- if you read between the lines -- being that she is related to someone "engaged in a terrorist activity.")

Either way, what sort of country is this where there's a secret exception to "reasonable suspicion" that will put you on a set of secret lists that get you treated like a terrorist for wanting to travel?

Permalink | Comments | Email This Story

Categories: Tech Polis

Teen Arrested For Using Heartbleed To Get Canadian Taxpayer Info; Did Nothing To Hide Himself

Techdirt - Fri, 04/18/2014 - 08:38
One of the most high profile victims of the Heartbleed vulnerability was the Canadian tax service, Canada Revenue Agency, which shut down its online tax filing offering. A few days later, the agency admitted that about 900 Canadians had information copied from the site via someone exploiting the vulnerability, prior to the site being shut down. And, from there, it was just a day or so until it was reported that a teenager, Stephen Arthuro Solis-Reyes, had been arrested for the hack.

Given the speed of the arrest, it would not appear that Solis-Reyes did very much to cover his tracks. In fact, reports say he did nothing to hide his IP address. He's a computer science student -- and his father is a CS professor, with a specialty in data mining. It seems at least reasonably likely that the "hack" was more of a "test" to see what could be done with Heartbleed and (perhaps) an attempt to show off how risky the bug could be, rather than anything malicious. It will be interesting to see how he is treated by Canadian officials, compared to say, the arrests of Aaron Swartz and weev.

Permalink | Comments | Email This Story

Categories: Tech Polis