Tech Polis

How Corporate Sovereignty Threatens Democracy

Techdirt - Thu, 04/17/2014 - 03:08

As people have begun to learn about corporate sovereignty through plans to include it in TAFTA/TTIP, the European Commission has been trying to scotch the idea that it might allow corporations to dictate policies to nations. Here, for example, is a comment in the Commission's main TTIP FAQ, which tries to answer the question "Why is the EU including Investor to State Dispute Settlement in the TTIP?": Including measures to protect investors does not prevent governments from passing laws, nor does it lead to laws being repealed. At most, it can lead to compensation being paid. Those are all true statements in theory, but that's probably not much comfort to Romania, which has been discovering the harsh reality in the long-running discussions over whether to allow a Canadian company to create a huge open-cast gold and silver mine in the country. Here's what happened last year: Gabriel Resources Ltd. (GBU), backed by billionaire hedge-fund manager John Paulson, threatened to seek as much as $4 billion of damages should Romanian lawmakers vote to oppose its gold mine project in the country.

"We have a very, very robust case, and we believe we have claims up to $4 billion that we can send to the Romanian state," Gabriel Resources Chief Executive Officer Jonathan Henry said today in a telephone interview. "We will go ahead and do that if the vote is against."
As the European Commission notes, the existence of a bilateral investment treaty with Canada that includes a dispute settlement mechanism did not, in itself, stop the Romanian politicians from blocking the gold mine project in the parliamentary vote, which took place in December 2013. So everything's fine, right? Democracy prevailed, and the people were heard. After all, "at most", as the FAQ helpfully reminds us, Romania will have to pay $4 billion damages at some point.

Except that, for a country with a GDP of less than $200 billion in 2013, this represents 2% of the country's entire economic production. That seems an incredibly high price to pay for the exercise of basic democracy. The danger is that faced with the threat of such enormous fines, other parliaments will lack the courage shown by Romanian's politicians, and choose to ignore the will of their people by meekly acquiescing to corporate demands.

Does GBU deserve some compensation if a project is cancelled by the local government because of widespread public concerns about its safety? Perhaps -- although business always involves some risk, and foreign investment is no different. If a company is really worried about that aspect, it can take out insurance -- from the World Bank, for example. Does GBU deserve to be awarded 2% of a country's GDP, paid for by the citizens of a land struggling to raise its living standards? That hardly seems fair. And yet it's precisely what ISDS could allow, because the arbitration panel that decides such corporate sovereignty cases is unconstrained in what it can award, and not at all concerned with what the knock-on effects might be.

But the politicians making up the European Commission should be, since they are supposed to represent the 500 million European citizens that pay their salaries. The fact that they are pushing as hard as they can for ISDS in TAFTA/TTIP shows which side they are really on, and that they are quite happy to put corporations before nations, and profits before people.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+



Permalink | Comments | Email This Story







Categories: Tech Polis

Tom Lehrer, Culture And Copyright After Death

Techdirt - Wed, 04/16/2014 - 23:04
If you don't know who Tom Lehrer is, well, you've missed out for a long, long time. Still, it's never too late to catch up, and there are plenty of great sources, including the The Tom Lehrer Wisdom Channel on YouTube (though, hardly a "rare cut" this remains my favorite). Of course there's much more to the lore of Lehrer than just his music, and Ben Smith at Buzzfeed has an has an excellent long discussion of Lehrer's life, including his very brief, but massive, music career, and his life for the past half a century in which he more or less tries to hide from or live down that whole episode of his life. It's a great read.

But what caught my attention was some discussion that Lehrer has had with certain fans concerning the copyright on his works, whether or not it's okay to put them online and what happens to them after his death. The simple answer seems to be that Lehrer couldn't care any less about all of it. While Lehrer has made startlingly little effort to ensure a future for his work, a handful of superfans have filled in the gap. One is Erik Meyn, a Norwegian who manages the Tom Lehrer Wisdom Channel on YouTube, a feed of performance videos and playlists that has received more than 10 million views since 2007. Meyn originally posted content to the channel without Lehrer’s permission and called him from overseas in December 2008 to apologize, a conversation he later posted on the “Tom Lehrer!” Facebook page. An excerpt:

TL: Well, you see, I’m fine with that channel.

EM: You’re very kind. But my question is: Who in your family will take care of your copyright and your songs in the distant future?

TL: I don’t have a family.

EM: OK, but what do you think will happen to the channel and your songs? And if you have someone who will act on your behalf, could you give them my name in case they’d want the channel taken down?

TL: Yes, but there’s no need to remove that channel.

EM: I was just wondering what will happen in the future, because you’re certainly going to continue to sell records.

TL: Well, I don’t need to make money after I’m dead. These things will be taken care of.

EM: I feel like I gave away some of your songs to public domain without even asking you, and that wasn’t very nice of me.

TL: But I’m fine with that, you know.

EM: Will you establish any kind of foundation or charity or something like that?

TL: No, I won’t. They’re mostly rip-offs.

There's also the discussion with a fan who has been in contact here and there with Lehrer for the past 20 years or so, who stopped by his house once, found Lehrer's master tapes, and Lehrer just gave them to him: In 2011, Morris was rummaging through the Sparks Street basement, and alongside the collection of books and records Lehrer referred to as his “Noel Coward shrine” were two boxes marked “masters.” They were, to Morris, “the holy grail.” These were the original recordings of the 1959 album More Songs by Tom Lehrer: the orchestral session and outtakes and Lehrer’s recordings. Morris offered to help Lehrer remix them from half-inch tapes into stereo recordings.

“Well, why don’t you just take them with you?” Lehrer said.

“I was like, ‘Are you kidding?! These are the master copies!’” Morris recalled. “I was just trying to reassure him, I’ll be very careful with them, I won’t let them fall in the wrong hands, I’m not going to distribute copies to anyone without your permission.”

“I don’t care!” Lehrer told him. “They’re not worth anything to me.”
None of this is to suggest that any other artists should necessarily follow down the same path. But I always find it interesting to see artists who decide that the traditional concepts of copyright don't make any sense to them, and just choose not to have anything to do with them. Given that Lehrer is so influential on so many people in so many different fields today, it seemed worth sharing this little tidbit.

Permalink | Comments | Email This Story







Categories: Tech Polis

DailyDirt: Modern Dating

Techdirt - Wed, 04/16/2014 - 20:00
Trying to find a date using statistics and computers isn't exactly a new idea. (Punch cards were used in some of the earliest versions of computer dating.) As technology has improved, you might expect that dating has gotten better as well, but some modifications of the Drake equation show just how unlikely the odds are. Here are a few more data points in the realm of romantic relationships. If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.

Permalink | Comments | Email This Story







Categories: Tech Polis

Canadian 'Digital Privacy' Bill Actually Puts Everyone's Privacy At Risk; Will Be A Boon To Trolls

Techdirt - Wed, 04/16/2014 - 18:42
Michael Geist is raising the alarm on a dangerous new bill in Canada, called the "Digital Privacy Act" (Bill S-4), which will actually serve to undermine many people's privacy. Much of the bill is focused on security breach disclosure rules, something that is important and useful. But, with that are some hidden, and extremely problematic, sections as well. In light of revelations that telecom companies and Internet companies already disclose subscriber information tens of thousands of times every year without a court order, the immunity provision is enormously problematic. Yet it pales in comparison to the Digital Privacy Act, which would expand the possibility of warrantless disclosure to anyone, not just law enforcement. Bill S-4 proposes that:

"an organization may disclose personal information without the knowledge or consent of the individual... if the disclosure is made to another organization and is reasonable for the purposes of investigating a breach of an agreement or a contravention of the laws of Canada or a province that has been, is being or is about to be committed and it is reasonable to expect that disclosure with the knowledge or consent of the individual would compromise the investigation;

Unpack the legalese and you find that organizations will be permitted to disclose personal information without consent (and without a court order) to any organization that is investigating a contractual breach or possible violation of any law. This applies both past breaches or violations as well as potential future violations. Moreover, the disclosure occurs in secret without the knowledge of the affected person (who therefore cannot challenge the disclosure since they are not aware it is happening).
Of particular concern is how this could be a huge boon for copyright trolls, who can get information from ISPs without a court order, by simply claiming that it's for the purpose of "investigating a breach of an agreement or a contravention of the laws of Canada." Similarly, this would put a serious chill on protections for anonymous speech, as claims of defamation or other issues might lead to quick revelations of anonymous commenters, without any role for a Canadian court to balance the interests of free speech and privacy.

It's difficult to see how a bill that is supposed to be about protecting people's privacy actually has this clause that will effectively decimate privacy for many individuals. Industry Canada insists that this provision is narrowly targeted, but Geist highlights how the government rejected much narrower constructions, and seems unable to comprehend how disastrous the current bill will be for Canadians' privacy.

Permalink | Comments | Email This Story







Categories: Tech Polis

Travesty: Supreme Court (And Senate) Deny SCOTUSblog A Press Pass

Techdirt - Wed, 04/16/2014 - 17:41
So we just had a story about a court recognizing that, yes, blogs are a part of the media, and noted how ridiculous it was that this is still an issue in 2014. However, it appears that the Supreme Court is still living in a different century (okay, maybe not a huge surprise, since they still haven't figured out email). If you follow issues around litigation, it's likely that sooner or later you'll read SCOTUSblog, which is (deservedly) the go to source for anything related to anything having to do with Supreme Court cases. On mornings when decisions come out, it's always the first source I check, and I'm hardly alone among legal watchers.

And yet... the Supreme Court has denied SCOTUSblog's request for a press pass based on a stupidly convoluted system for which the Senate is partly to blame as well. According to SCOTUSblog: SCOTUSblog is not now, and has never been, credentialed by the Supreme Court. The Court’s longstanding policy was to look to credentials issued by the Senate. We pursued a Senate credential for several years, modifying several policies of the blog to address concerns expressed by the Gallery. Last year, we finally succeeded – the Senate Press Gallery credentialed Lyle as a reporter for SCOTUSblog. We then presented that credential to the Supreme Court, thinking that the issue was resolved.

But the Court declined to recognize the credential, explaining that it would instead review its credentialing policy. The Court has not indicated when that review will conclude.
This is complicated further by the fact that the Senate Press Gallery has now rejected SCOTUSblog's request for a press pass, and also told the blog it will not renew Lyle's press pass -- thereby cutting off the blog to both the Senate and the Court. SCOTUSblog's Tom Goldstein does note that the Supreme Court itself has actually tried to accommodate the blog's requests for public seats, despite not agreeing to give it a press pass. The situation is clearly ridiculous: All that said, the Senate Press Gallery’s decision to deny us a credential is important to us. We wanted the credential in substantial part because we cover Supreme Court-related matters in the Senate. Most significantly, we do gavel-to-gavel, liveblog coverage of Supreme Court nominations. We also expect to cover hearings related to the Court’s budget. So those efforts are now more difficult.

So we plan to appeal the Senate Gallery’s credentialing decision. We do not have a written list of the reasons for the denial, which makes the process more difficult. Our impression is also that the appeal may go to the same group that denied the application in the first place. If the appeal is denied, then we expect to litigate the issue. We’re now coordinating all those efforts with other groups that kindly have offered to support us.

All in all, the refusal by the Court and the Senate to credential us have always seemed strange. No one seems to doubt that we are a journalistic entity and that we serve a public function. Winning the Peabody and other awards would seem to confirm that. And the Court for years has functionally recognized us, because obviously the overwhelming majority of Lyle’s work is for us. We do not want any kind of special treatment. Credentialing the blog doesn’t give us any special power or recognition; it just makes our jobs incrementally easier. All in all, it doesn’t seem to make sense to impose burdens on us that are greater than those that apply to others who fundamentally do the same thing.
I don't think "strange" is the right word. Shameful works better. Stupid would apply as well.

Permalink | Comments | Email This Story







Categories: Tech Polis

Armenian Bill Threatens Online Anonymity

EFF - Wed, 04/16/2014 - 17:05

In Armenia, online anonymity could be a luxury of the past if a bill that is currently before the Armenian parliament is passed.  The bill would make it illegal for media outlets to publish defamatory content by anonymous or fake sources.  Additionally, under this bill, sites that host libelous comments that are posted anonymously or under a pseudonym would be required to remove such content within 12 hours unless an author is identified.

Edmon Marukyan, one of the bill’s drafters, explained the goal of the bill saying, “You can remain incognito as much as you like. Write your posts, but if they end up in the media, then someone has to bear responsibility.” Thus this bill was drafted in an effort to hold a party accountable if and when the dissemination of defamatory material on public websites occurs.  However, the need for Armenian legislators to target media outlets and hold them responsible for this type of commentary greatly infringes upon the right to freedom of expression and association.  Marukyan believes that sites “bear responsibility” for users' comments, but said “the purpose of the bill was to clarify liability, not curb expression.”  Unfortunately, the bill would most certainly curb expression—stifling the commentary of those who would no longer feel secure posting on a medium that would require them to reveal their true self.

Holding a public electronic site liable for its users’ commentary is risky, as displayed in a legal analysis of the Armenian bill published in March 2014 by the Organization for Security and Co-operation in Europe (OSCE). The OSCE raises concerns with the bill, mainly criticizing it for its excessively broad scope, vague definitions, and general lack of clarity.  The OSCE proposes that Armenia, though not a member state of the European Union (and thus not legally bound to EU law), look to European law and other directives as a guide for determining whether the bill upholds the right to freedom of expression as outlined by the Universal Declaration of Human Rights.  Legislation that is noted in the OSCE’s legal analysis includes Directive 95/46/EC (Directive on Data Protection), “a reference text, at European level, on the protection of personal data."

Furthermore, the OSCE notes that since Armenia is a member state of the United Nations, it is obligated to uphold the civil and political rights of individuals outlined in the International Covenant on Civil and Political Rights (ICCPR)—an international treaty aimed at preserving the right to freedom of expression, amongst other liberties. Additionally, the legal analysis points to the International Principles on the Application of Human Rights to Communications Surveillance (the 13 Principles) as another guide for the Armenian parliament to use when determining whether or not the proposed bill is consistent with human rights law.  

The OSCE writes that if the bill is passed, it’s “likely to discourage Internet operators from carrying out business in the Republic of Armenia, since the risk of being charged with liability for defamation is apparently doomed to increase.”  It would be devastating if certain online platforms that were once available for anonymous users to post and exercise their basic human right to freedom of expression were suddenly inaccessible.

Stay tuned for updates on the bill and click here to read the Legal Analysis of Draft Amendments to the Civil Code of the Republic of Armenia in its entirety.

Related Issues: Free SpeechAnonymity
Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora  ||  Join EFF
Categories: Tech Polis

NYPD Update: Stop-And-Frisk Now Under Federal Oversight; Muslim-Spying 'Demographics Unit' Disbanded

Techdirt - Wed, 04/16/2014 - 16:38

Time for an update on the NYPD scene. As you'll recall, both Mayor Bloomberg and Police Chief Ray Kelly exited their respective offices in their respective huffs, claiming the city would fall apart if the sanctity of the NYPD's Constitution-skirting programs (stop-and-frisk, the Muslim-watching Demographics Unit) weren't preserved.

The legal battle over the constitutionality of the stop-and-frisk took several turns, including the removal of the presiding judge for "appearances of partiality." Incoming mayor Bill de Blasio promised to drop the city's appeal of Judge Scheindlin's ruling, and oddly enough, actually did.

An attempt to keep the appeal going was filed by the union representing the NYPD, but this was shot down by the appeals court. It did, however, allow it to be part of the final negotiations. The end result was the installation of five years of oversight over the NYPD's controversial program in order to move it towards something more resembling compliance with the Constitution.

The apocalypse Bloomberg and Kelly claimed was unavoidable if stop-and-frisk was curbed has failed to materialize. Even before the ruling was handed down, the program had been scaled back, with 86% fewer stops being recorded in the first quarter of 2014 than in the same quarter of 2012. Despite this lack of pushing random people up against the wall, crime is down 13% compared to 2013. Was stop-and-frisk ever truly essential? Or was it simply something that became an all too easily abused "tool" of the NYPD? At this point, the numbers seem to indicate that stop-and-frisk had very little real effect on criminal activity.

More good news on the NYPD v. Constitution front: the infamous Muslim-spying wing of the NYPD -- the stupidly-named "Demographics Unit" -- has been disbanded. This program, started by a former CIA officer who leveraged the city's post-9/11 anxieties to craft major changes to guidelines governing the surveillance of New Yorkers, spent a considerable amount of time infiltrating and surveilling entire mosques under the pretense that each and every member was somehow related to ongoing counterterrorism investigations.

The investigations performed by this unit did considerable damage to the civil liberties of mosque attendees over the last decade, but failed to turn up any credible suspects, much less terrorism-related arrests. The unit's pervasive surveillance so thoroughly violated First and Fourth Amendment protections that the CIA and FBI were unable to avail themselves of the "intelligence" collected by the NYPD without violating federal guidelines. When even the CIA can't look at your investigative results for fear of violating its own minimal civil liberties protections, you know you've got a problem.

Bill Bratton, returning to the NYPD commissioner's office, seems to have realized that programs like the Demographics Unit ultimately do more harm than good. When heading the Los Angeles Police Department, he was approached with a similar idea for tracking that city's Muslim community. He had this to say then: “A lot of these people came from countries where the police were the terrorists,” he said at the time. “We don’t do that here. We do not want to spread fear. We want to deal with criminals.” The NYPD, before his return, had no such concerns. If anything, the NYPD actively created distrust -- both in the New York Muslim community and around the world, sending its officers uninvited to peer over the shoulders of local police and investigative units at scenes of terrorism activity in countries like Kenya and Bali.

The new NYPD is still staffed with the old NYPD, which means change will be slow and likely fought every step of the way. Muslims are understandably concerned that the public disbandment of the Demographics Unit will just result in the level of surveillance being unchanged, if only a bit more unfocused. Bratton seems to be nudging the department towards a more FBI-esque set of rules, which isn't ideal, but is certainly much better than the abusive behavior permitted under the NYPD's internal guidelines.

It does appear the NYPD will be moving towards something resembling an actual police force, rather than a law unto itself. Without Kelly and Bloomberg around to defend its every overstep, the NYPD can no longer expect to skirt the Constitution with impunity. But there's a long way to go to fix things, so any optimism must be tempered by the fact that good habits are tough to instill and bad habits are extremely hard to break. Five years of oversight is a start, but the city -- meaning the mayor and the police commissioner -- must be willing to hold its officers accountable.



Permalink | Comments | Email This Story







Categories: Tech Polis

Court Declares That, Yes, Bloggers Are Media

Techdirt - Wed, 04/16/2014 - 15:38
A few years ago, we wrote about the bizarre and quixotic effort by Florida businessman Christopher Comins to find any possible way to sue University of Florida student and blogger Matthew Frederick VanVoorhis for his blog post concerning a widely publicized event in which Comins shot two dogs in a field (video link). The story made lots of news at the time, but Comins didn't go after any of the major media -- instead targeting VanVoorhis for a defamation suit. The original blog post is "novelistic" but it's difficult to see how it's defamatory. Either way, Comins' case was shot down on fairly specific procedural grounds: namely that Florida defamation law requires specific notice be given to media properties at least 5 days before a lawsuit is launched. Specifically, the law says: Before any civil action is brought for publication or broadcast, in a newspaper, periodical, or other medium, of a libel or slander, the plaintiff shall, at least 5 days before instituting such action, serve notice in writing on the defendant, specifying the article or broadcast and the statements therein which he or she alleges to be false and defamatory. Comins' lawsuit was dumped because he failed to give such notice. Comins argues that he did give such a notice (though the letter he sent did not meet the requirements of such notice under the law) and (more importantly for this discussion) that VanVoorhis' blog did not count as a media publication, and thus the law did not apply. The original court ruling rejected that pretty quickly, and now on appeal, a state appeals court has not just rejected Comins' anti-blog claim more thoroughly, but also highlighted the importance of blogs to our media landscape.

The full ruling does a nice job giving the history and purpose of the law above, as well as the importance of encouraging the media to report on difficult stories. And from there, it explains why VanVoorhis' blog is clearly a part of the media and why blogs in general are so important: ...it is hard to dispute that the advent of the internet as a medium and the emergence of the blog as a means of free dissemination of news and public comment have been transformative. By some accounts, there are in the range of 300 million blogs worldwide. The variety and quality of these are such that the word “blog” itself is an evolving term and concept. The impact of blogs has been so great that even terms traditionally well defined and understood in journalism are changing as journalists increasingly employ the tools and techniques of bloggers – and vice versa. In employing the word “blog,” we consider a site operated by a single individual or a small group that has primarily an informational purpose, most commonly in an area of special interest, knowledge or expertise of the blogger, and which usually provides for public impact or feedback. In that sense, it appears clear that many blogs and bloggers will fall within the broad reach of “media,” and, if accused of defamatory statements, will qualify as a “media defendant” for purposes of Florida’s defamation law as discussed above.

There are many outstanding blogs on particular topics, managed by persons of exceptional expertise, to whom we look for the most immediate information on recent developments and on whom we rely for informed explanations of the meaning of these developments. Other blogs run the gamut of quality of expertise, explanation and even- handed treatment of their subjects. We are not prepared to say that all blogs and all bloggers would qualify for the protection of section 770.01, Florida Statutes, but we conclude that VanVoorhis’s blog, at issue here, is within the ambit of the statute’s protection as an alternative medium of news and public comment.
While it seems crazy that this kind of issue is still being debated in 2014, it's good to see a court make such a clear statement on the fact that blogs will often qualify as media properties.

Permalink | Comments | Email This Story







Categories: Tech Polis

Did You Retweet The USAir Pornographic Tweet? You May Have Violated New Jersey's Revenge Porn Law

Techdirt - Wed, 04/16/2014 - 14:36
We've pointed out for a while how the various attempts at creating revenge porn bills will have serious unintended consequences and raise serious First Amendment issues. This is not to minimize the problems of revenge porn (or to absolve the sick and depraved individuals who put together, submit to or regularly visit such sites). However, it's to point out that pretty much any way you try to legislate such actions as criminal likely will create other problems. For example, I'm sure many of you heard the story recently about US Airways... um... unfortunate pornographic tweet. It was the story of the internet a few days ago, in which a United Air social media employee did a very unfortunate cut and paste error, tweeting out a very graphic image that involved a naked woman and a plane where it... doesn't quite belong (for slightly lighter fare, I highly recommend reading some of the of the funny replies to that tweet). For what it's worth, US Air has said that it was an honest mistake and it's not even firing the person responsible.

What does any of this have to do with revenge porn? Well, not a whole lot, other than to note, as lawyer Scott Greenfield did, if you retweeted the picture, there's a good chance you violated criminal revenge porn laws. And that's true -- though it's really specific to one law, right now, which is New Jersey's. California has a revenge porn law too, but it's much more limited and likely wouldn't apply here. New Jersey's law on the other hand includes this: An actor commits a crime of the third degree if, knowing that he is not licensed or privileged to do so, he discloses any photograph, film, videotape, recording or any other reproduction of the image of another person whose intimate parts are exposed or who is engaged in an act of sexual penetration or sexual contact, unless that person has consented to such disclosure. For purposes of this subsection, "disclose" means sell, manufacture, give, provide, lend, trade, mail, deliver, transfer, publish, distribute, circulate, disseminate, present, exhibit, advertise or offer. Even if the original photograph was done "consensually" note that you need consent for that specific disclosure. In other words, if you retweeted that image, you probably violated New Jersey criminal laws.

And, yes, it seems likely that the expected introduction of a federal anti-revenge porn bill will include a similar provision. It's already been stated that law professor Mary Anne Franks is helping draft the legislation, and her draft legislation relies heavily on New Jersey's. Here's one version of her draft legislation: An actor commits a crime if he knowingly discloses a photograph, film, videotape, recording, or other reproduction of the image of another person whose intimate parts are exposed or who is engaged in an act of sexual contact, when the actor knows or should have known that the person depicted did not consent to such disclosure and under circumstances in which the person has a reasonable expectation of privacy. A person who has consented to the capture or possession of an image within the context of a private or confidential relationship retains a reasonable expectation of privacy with regard to disclosure beyond that relationship. Franks' bill does include some exceptions, and she might argue that this might qualify under the exception for "disclosures that serve a bona fide and lawful public purpose," though that leaves the person retweeting the image in the unenviable position of defending that retweeting a major US airline accidentally tweeting a photo of a woman with a model plane stuck up her vagina is somehow "a bona fide and lawful public purpose." Of course, that's part of why we have the First Amendment, because we don't want people to have to defend why the particular speech they're making has a "bona fide and lawful public purpose." Instead, we recognize that making people have to defend the intent of their speech likely has chilling effects.

Permalink | Comments | Email This Story







Categories: Tech Polis

Spotify Starts Shutting Down Its Massive P2P Network

TorrentFreak - Wed, 04/16/2014 - 14:33

spotify-blackWhen Spotify launched its first beta in the fall of 2008, we branded it “an alternative to music piracy.

With the option to stream millions of tracks supported by an occasional ad, or free of ads for a small subscription fee, Spotify appeared to be a serious competitor to music piracy.

In the years that followed Spotify conquered the hearts and minds of many music fans. Currently available in 61 countries, the service has amassed dozens of millions of users. A true success story, one that was in part made possible due to Spotify’s heavy reliance on P2P technology.

In fact, Spotify has long been one of the largest P2P networks on the Internet. When Spotify subscribers play a track in the desktop client, this could come from three sources: a cached file on the computer, one of Spotify’s servers, or from other subscribers through P2P.

In 2011 we reported that of all tracks that were not accessed over the Internet, roughly 80% went through the P2P network. This allowed Spotify to reduced server resources and associated costs, which is a pretty big deal for a startup.

However, the end of the road is coming soon for this massive private sharing network. TorrentFreak has learned that Spotify plans to discontinue its P2P technology altogether, to rely solely on central servers instead.

“We’re gradually phasing out the use of our desktop P2P technology which has helped our users enjoy their music both speedily and seamlessly,” Spotify’s Alison Bonny informs TF.

Where Spotify previously needed P2P to guarantee that all tracks could be played with the lowest lag possible, this is no longer needed. During the months to come Spotify will effectively shut down its P2P servers.

“We’re now at a stage where we can power music delivery through our growing number of servers and ensure our users continue to receive a best-in-class service,” Bonny says.

P2P has been central to Spotify’s success for a variety of reasons. For one, it allowed the service to scale up quickly without having to invest heavily in servers and bandwidth. This must have saved the company millions of dollars per year.

Also, one of the lead engineers since the start is none other than Ludvig Strigeus, the original creator of the BitTorrent client uTorrent. Strigeus sold uTorrent to BitTorrent Inc. in 2006, and some believe that part of this money went into the development of Spotify.

Spotify’s departure from P2P technology marks the end of an era, but to most people the change will simply go unnoticed, just like the fact that they have been sharing tracks with thousands of people from all over the world for years, with permission from the major record labels.

Spotify’s (former) distribution setup

spotify-distribution-2011

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Categories: Tech Polis

In the One-sided Foreign Intelligence Surveillance Court, It's Hard to Get The Whole Story

EFF - Wed, 04/16/2014 - 14:06

While most courts in the United States are adversarial—each party presents its side and a jury, or occasionally a judge, makes a decision—in the Foreign Intelligence Surveillance Court (FISC), only the government presents its case to a judge. While typically two opposing sides work under public review to make sure all the facts are brought to light, in the FISC the system relies on a heightened duty of candor for the government. As is illustrated all too well by recent developments in our First Unitarian v. NSA case, this one-sided court system is fundamentally unfair.

In March, after we learned that the government intended to destroy records of Section 215 bulk collection relevant to our NSA cases, we filed for a temporary restraining order in the federal court in San Francisco. We also filed a motion to correct the record with the FISC, since it was a FISC order requiring the destruction of bulk metadata after five years that was at issue.

Following the emergency hearing on our motion, the San Francisco federal court ordered the government to preserve the evidence. On the same day that the federal court issued its order, the FISC issued its own strongly worded order in which it granted our motion and mandated the government to make a filing with the FISC explaining exactly why it had failed to notify the Court about relevant information regarding preservation orders in two related cases, Jewel and Shubert. This omission influenced the FISC's decision on the government's request for relief, and the FISC was not happy about it.

On April 2, the DOJ made its filing. The government's statements in this document deserve close attention because they illustrate in high-definition the failures of the FISC's one-sided system.

The response essentially says that in hindsight, it is clear to the government why the FISC would have wanted to know about the Jewel and Shubert orders. But the government's filings show that it unilaterally decided it was right about its interpretation of the legal theories in these cases. In so doing, it failed to live up to the heightened duty of candor present in ex parte proceedings by failing to inform the FISC that this was disputed. In essence, the government narrowly interpreted the causes of action in the Jewel complaint, excluding the Section 215 surveillance purportedly authorized by the FISC, and thereby narrowing the evidence it would preserve. By making a decision about what facts were relevant, the DOJ attorneys elevated themselves into the role of a judge.

The government apologized to the FISC for its omission, but it also continues to inaccurately portray the controversy over the legal theories our cases. In fact, the DOJ uses this filing to again present their interpretation of the disagreement over the scope of the cases, failing to mention the various arguments we have made on that issue before Judge White in San Francisco. The DOJ calls our view "recently-expressed," attempting to create the impression that the DOJ had no idea that there was any controversy until 2014.  They neglect to mention that we wrote in a 2010 brief that the "government defendants' assertion that 'plaintiffs do not challenge surveillance authorized by the FISA Court' ... misconceives both plaintiffs' complaint and the role of the district court ...."

If this had been a normal court proceeding, each side would present their position in the most favorable light, and the judge would decide who is right. In the FISC, however, this balanced system breaks down. This one-sided system allows for no accountability except in the rare circumstance where the affected parties can raise the issue with the court. Indeed, in most cases, the arguments and the decision are kept secret, and no one can second-guess the government. 

This is why we continue to urge Congress to change the laws governing how FISC operates. At a minimum, significant court decisions must be made public, and a privacy advocate should be a part of the process. These improvements won't bring the same kind of balance that can come with an adversarial system, but could at least deliver a semblance of fairness to the process.

 

Related Issues: NSA SpyingRelated Cases: Jewel v. NSAFirst Unitarian Church of Los Angeles v. NSA
Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora  ||  Join EFF
Categories: Tech Polis

Court Says That Tweeting Someone Is 'F**king Crazy' Is Not Libelous

Techdirt - Wed, 04/16/2014 - 13:30
There have been a number of libel cases popping up over the past few years where random insults on Twitter are turned into full blown court cases. Tragically, these cases have picked up the "twibel" name -- a neologism that seems silly and pointless. Still, it's good to see that courts appear to (mostly) be recognizing that random insults shouldn't be considered libelous. Venkat Balasubramani has the details of a recent ruling (where both parties represented themselves!), in which a court recognized that saying on Twitter that someone is "fucking crazy" isn't libelous, especially as part of a "heated" online discussion. I won't get into the details of the case, other than that it involves a horse named Munition, but here's the Court's discussion: The tweet cannot be read in isolation, but in the context of the entire discussion. In this case, the tweet was made as part of a heated Internet debate about plaintiff’s responsibility for the disappearance of her horse. Furthermore, it cannot be read literally without regard to the way in which a reasonable person would interpret it.

The phrase “Mara Feld . . . is fucking crazy,” when viewed in that context, cannot reasonably be understood to state actual facts about plaintiff’s mental state. It was obviously intended as criticism—that is, as opinion—not as a statement of fact. The complaint therefore cannot base a claim of defamation on that statement
Of course, as Eric Goldman amusingly notes at the end of Venkat's post, "bringing a defamation lawsuit over tweets is almost always fucking crazy," reminding us that it will almost certainly reinforce the association between the phrase and the person who brought the lawsuit, Mara Feld.

Permalink | Comments | Email This Story







Categories: Tech Polis

Microsoft And Sony Double Down On Patent Trolling; Dump More Cash Into Intellectual Ventures

Techdirt - Wed, 04/16/2014 - 12:25
Last fall, we noted that the world's largest patent troll, Intellectual Ventures, was running out of cash, which is somewhat incredible, given that it had previously claimed to have raised $6 billion in investments (though many of its earliest deals with tech companies were categorized as "investments" when they were really promises not to sue, combined with access to the patent bank) and a further $3 billion in licenses. It should take a long time to spend $9 billion when your company produces nothing that has ever been brought to market, but that's IV for you. As we noted in that story last fall, many of the tech companies that initially "invested" in Intellectual Ventures had no interest at all in re-upping, as they felt that the whole thing had been a bait-and-switch. They were initially told it was a "patent defense fund," not a giant patent troll itself.

However, while many of the companies have indeed avoided giving IV any more money, it appears that Microsoft and Sony were quite happy to dump a lot more cash into IV, which has now ramped up its patent buying efforts again (as well as its lobbying and political contributions in an effort to kill off patent reform). Microsoft, of course, has always been close to IV, seeing as it was started by the company's former CTO, Nathan Myhrvold, who is also a close friend of Bill Gates (who has directly helped IV get some patents). Similarly, Microsoft has become one of the most aggressive patent abusers over the last decade, increasingly relying on its stock of patents to make money from other people's innovations, rather than innovating on its own.

It is similarly no wonder that the company somewhat famous for having nearly all of its major success based on copying the work of others, is now trying to stop anyone else from doing the same without paying a massive tax. There was a time when Bill Gates said: "If people had understood how patents would be granted when most of today's ideas were invented and had taken out patents, the industry would be at a complete standstill today... A future start-up with no patents of its own will be forced to pay whatever price the giants choose to impose." And, now, via Intellectual Ventures and its own patent holdings, Microsoft seems to be trying to make sure Gates' prediction is a reality. It all fits in to the same paradigm we've observed for years. When you're young, you innovate. When you're old, you litigate. Microsoft appears to have given up on innovation, but is ramping up on litigation, and re-investing in patent trolling via Intellectual Ventures is merely the latest step.

Permalink | Comments | Email This Story







Categories: Tech Polis

Recording Industry Wants To Have It Both Ways When It Comes To Pre-1972 Recordings

Techdirt - Wed, 04/16/2014 - 11:10
Yet another story of hypocrisy by the recording industry? Why yes, indeed. For years now, we've been covering the issue of pre-1972 sound recordings. When Congress wrote the 1909 Copyright Act, it did not cover sound recordings, because Congress didn't think that sound recordings qualified for copyright. In a statement released by Congress with the Act, it said it deliberately chose not to cover sound recordings, believing that they weren't covered by the Constitutional limitation on "writings" for copyright protection: Indeed, the report released with the Copyright Act expressly stated that Congress did not intend to protect sound recordings: "It is not the intention of the committee to extend the right of copyright to the mechanical reproductions themselves, but only to give the composer or copyright proprietor the control, in accordance with the provisions of the bill, of the manufacture and use of such devices." According to one commentator, Congress had two principal concerns about sound recordings, leading it to decline to protect them. First, Congress wondered about the constitutional validity of such protection. The Constitution allows Congress to protect "writings," and Congress was uncertain as to whether a sound recording could constitute a writing. Second, Congress worried that allowing producers to exclusively control both the musical notation and the sound recording could lead to the creation of a music monopoly. That latter concern certainly was prescient. When Congress did a massive overhaul of copyright law in 1976, the recording industry was a much more powerful lobby, and so sound recordings were included. However, in the years between 1909 and 1976, many states had created their own (often bizarre) "state" copyrights to protect recordings. Rather than deal with this in an intelligent way, Congress basically said the new federal copyright rules would only apply to songs recorded in 1972 or after, and pre-1972 recordings would remain in a bizarre limbo. This has created a whole host of legal issues, and the Copyright Office has been trying to figure out what to do about this for years.

However, it appears that the recording industry would like it both ways. When it's to their advantage, they claim that pre-1972 recordings should be treated just like modern song recordings. And when it's not to their advantage, they insist that pre-1972 recordings should be treated wholly differently. In various hearings about the issue, the RIAA has been one of the most vocal in arguing against treating pre-1972 recordings as if they're covered by federal copyright law. And, at the same time, they've argued in court repeatedly that the DMCA safe harbors don't apply to pre-1972 recordings, making various music storage lockers liable for any such recordings they host. Some courts have rejected this theory, while others have accepted it. Either way, the recording industry has been pretty adamant that pre-1972 recordings should be treated differently, so they can sue whomever they want.

And yet... when various streaming music companies recognize this fact, and note that pre-1972 recordings aren't covered under statutory licensing regimes... the recording industry freaks out. Michael Huppe, the President of SoundExchange -- an organization created by the RIAA -- is writing in Billboard magazine about how unfair it is that streaming services like Sirius XM and Pandora don't pay statutory rates for pre-1972 recordings. Huppe complains that "this is not fair" and notes: It's a matter of simple fairness to offer equal treatment for all sound recordings. Okay. If that's true, then why aren't SoundExchange and the RIAA out there in support of federalizing the copyright in pre-1972 recordings? Why aren't SoundExchange and the RIAA agreeing to the fact that the DMCA's safe harbors apply equally to pre-1972 recordings? I'm all for "equal treatment for all sound recordings" as well, but someone ought to point out to SoundExchange and the RIAA: you first.

Permalink | Comments | Email This Story







Categories: Tech Polis

Lavabit Loses Its Appeal For Mucking Up Basic Procedural Issues Early On

Techdirt - Wed, 04/16/2014 - 09:53
This won't come as a huge surprise, but Ladar Levison and Lavabit have now lost their appeal on whether or not they were in contempt for failing to compromise the security of every one of Lavabit's customers in complying with the DOJ's demands to get access to who Ed Snowden had been emailing. The ruling does a decent job explaining the history of the case, which also details some of the (many, many) procedural mistakes that Lavabit made along the way, which made it a lot less likely it would succeed here. Let this be a massive reminder that, if you're dealing with this kind of stuff, getting a good lawyer on your side immediately is important. Unfortunately, the procedural oddities effectively preclude the court even bothering with the much bigger and important question of whether or not a basic pen register demand requires a company to give up its private keys. As the court details, the problem seems to be how Lavabit went about the legal process here: In the district court, Lavabit failed to challenge the statutory authority for the Pen/Trap Order, or the order itself, in any way. Yet on appeal, Lavabit suggests that the district court’s demand for the encryption keys required more assistance from it than the Pen/Trap Statute requires. Lavabit never mentioned or alluded to the Pen/Trap Statute below, much less the district court’s authority to act under that statute. In fact, with the possible exception of an undue burden argument directed at the seizure warrant, Lavabit never challenged the district court’s authority to act under either the Pen/Trap Statute or the SCA. The court basically says that because Lavabit mucked up the process, the appeal is going to fail. It further rejects the claim that Lavabit did, in fact, challenge the Pen/Trap order when Levison objected to turning over his keys. The court notes that such a claim is a stretch. In making his statement against turning over the encryption keys to the Government, Levison offered only a one-sentence remark: “I have only ever objected to turning over the SSL keys because that would compromise all of the secure communications in and out of my network, including my own administrative traffic.” (J.A. 42.) This statement -- which we recite here verbatim -- constituted the sum total of the only objection that Lavabit ever raised to the turnover of the keys under the Pen/Trap Order. We cannot refashion this vague statement of personal preference into anything remotely close to the argument that Lavabit now raises on appeal: a statutory-text-based challenge to the district court’s fundamental authority under the Pen/Trap Statute. Levison’s statement to the district court simply reflected his personal angst over complying with the Pen/Trap Order, not his present appellate argument that questions whether the district court possessed the authority to act at all. Levison represented himself pro se at the beginning of the case (adding to the mess of procedural problems), and while his legal team tries to use that as a reason why the court should forgive some of the procedural mistakes, the court rejects that as well (even noting that, as a limited liability company, Lavabit shouldn't have been allowed to proceed pro se in the first place).

The hail mary attempt in the case was to argue that because the underlying issues are of "immense public concern" (and they are) that the court should ignore the procedural mistakes. The court flatly rejects that notion: Finally, Lavabit proposes that we hear its challenge to the Pen/Trap Order because Lavabit views the case as a matter of “immense public concern.” (Reply Br. 6.) Yet there exists a perhaps greater “public interest in bringing litigation to an end after fair opportunity has been afforded to present all issues of law and fact.” United States v. Atkinson, 297 U.S. 157, 159 (1936). And exhuming forfeited arguments when they involve matters of “public concern” would present practical difficulties. For one thing, identifying cases of a “public concern” and “non-public concern” –- divorced from any other consideration –- is a tricky task governed by no objective standards..... For another thing, if an issue is of public concern, that concern is likely more reason to avoid deciding it from a less-than-fully litigated record....

Accordingly, we decline to hear Lavabit’s new arguments merely because Lavabit believes them to be important.
This is unfortunate on many levels, because it's not just Lavabit that believes these issues to be of immense public concern. Either way, this mess of a case should be a reminder that, especially when dealing with the government, it's important to get good lawyers on your side from the very beginning.

Permalink | Comments | Email This Story







Categories: Tech Polis

Find The Big Fib In The NSA's Lack Of Concern For Foreigners

Techdirt - Wed, 04/16/2014 - 08:23
Usually, the NSA's whoppers are so ham-fisted everyone knows them for falsehoods. And if there's any question, you can usually rely on the fact that when the agency's lips move, it's stretching the truth so far that it's as good as a lie.

But from the start of Snowden's revelations, one of the NSA's tall tales has differed vastly from the others. It's so subtle and ubiquitous, such a consummate Big Lie, that even the surveillance-state's fiercest critics haven't spotted it.

Can you? Let's play Find the Fib with this testimony to Congress last June from Deputy Attorney General James Cole (though, to be fair, he doesn't state the Big Lie outright but only implies it in the phrases I've emphasized): "[T]here's a great deal of minimization procedures that are involved here, particularly concerning any of the acquisition of information that deals or comes from US persons. As I said, only targeting people outside the United States who are not US persons." Want another hint? Check out the letter Director of National Intelligence James Clapper wrote Sen. Ron Wyden, though he too merely implies the Big Lie: "There have been queries … using US person identifiers, of communications lawfully acquired to obtain foreign intelligence targeting non-US persons reasonably believed to be located outside the United States … These queries were performed pursuant to minimization procedures approved by the FISA court and consistent with the statute and the Fourth Amendment." Yep, those are my emphases again -- and I included "Fourth Amendment" because that's the biggest clue of all. Here's the text of that strangled, mangled, moribund member of the Bill of Rights: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." Anyone see notation there about "US persons" and "non-US persons?" Yet for basically its entire existence, the NSA has pretended that the Fourth prohibits the government from searching American citizens without a warrant (not that that's stopped the spooks) while authorizing it to search the rest of the world willy-nilly.

But the Fourth's language is so clear that even Clapper should comprehend it: without a warrant, the government may not "violate" anyone's "person, house, papers, and effects." Whether he's Australian or American, from Utah or Uzbekistan, living in or visiting Mexico or Massachusetts is irrelevant.

"Wait a minute!" the NSA's bureaucrats sneer. "'People' is just a synonym for 'citizens.'"

Wrong. The Founding Fathers wrote "citizen" when that's what they meant (remember, most of these Dead White Men were fluent in Greek and Latin, which is to say they understood and used language precisely). And though they employ "citizen" eleven times in the body of the Constitution, they mention only "people" and "persons" in the Bill of Rights. For example, when delineating the requirements for election to the House of Representatives, the Senate, and the presidency, the Constitution specifies the minimum number of years each official must have been a citizen.

But when the Constitution concludes, and its amendments begin, "citizen" goes on hiatus. As you may recall from high-school history, the Anti-Federalists insisted on adding ten amendments to the Constitution, the partial list of liberties known as the Bill of Rights. Anti-Federalists distrusted and loathed government, even the Constitution's severely limited one: they eerily, accurately predicted today's creeping totalitarian state and tried to protect themselves with a written guarantee that the government would never restrict their speech, disarm them, spy on them, etc.

The Anti-Federalists also realized that politicians and bureaucrats powerful enough to silence, disarm, and spy on foreigners will certainly pull the same stunts at home. That's why the Bill of Rights consistently says "people," as in the Ninth Amendment: "The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people." The nationality of the government's victim doesn't matter: politicians and bureaucrats may not silence, disarm, or spy on, etc., anyone. Then, bingo, when the Bill of Rights ends and nationality becomes pertinent again in the Eleventh Amendment, "citizen" pops up like clockwork.

Of course, at this point, discussions of the Constitution are somewhat academic: our rulers have amply demonstrated their disdain for it and us. But, unlike Sen. Dianne Feinstein or German Chancellor Angela Merkel, we should be as livid when the Feds spy on others as when they spy on us. The Constitution clearly, adamantly prohibits both.

Becky Akers is the author of two novels, Halestorm and Abducting Arnold. Both are set during the American Revolution, when Peeping Toms were horsewhipped rather than handsomely paid to spy on citizens.

Permalink | Comments | Email This Story







Categories: Tech Polis

High Court: Kim Dotcom Can Have His Cars, Millions in Cash Returned

TorrentFreak - Wed, 04/16/2014 - 07:35

When Kim Dotcom’s New Zealand mansion was raided in 2012, some of the most memorable images were of his luxury car collection being loaded onto trailers and taken away. The authorities hoped the pictures would help to symbolize Dotcom’s fall from ‘power’ but two years later he might be burning rubber in them once again.

Just two days before the raid on Dotcom’s home, foreign restraining orders were granted to enable the seizure of the entrepreneur’s assets. As they are set to run out on Friday, the Crown applied to the High Court yesterday to have them extended.

Unfortunately for United States and local authorities, the application was turned down, which means that Dotcom’s assets including his car collection, substantial quantities of cash, artwork and other equipment, could soon be returned.

Shortly after the news broke, Dotcom took to his beloved Twitter to celebrate.

CarsTwitter

Dotcom added that when his cars are returned he will be treating member of his newly formed Internet Party to a day out racing.

“I will rent the Taupo race track for a track day with #InternetParty members when my cars are returned!” he tweeted.

While Dotcom is understandably excited, the Crown has two weeks to file an appeal. That is almost certain to happen.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Categories: Tech Polis

Android Pirate Agrees To Work Undercover For the Feds

TorrentFreak - Wed, 04/16/2014 - 07:07

snappzIn 2012, three Android-focused websites were seized by the Department of Justice. With help from French and Dutch police, the FBI took over applanet.net, appbucket.net and snappzmarket.com, a trio of so-called ‘rogue’ app stores.

Carrying out several arrests the authorities heralded the operation as the first of its kind, alongside claims that together the sites had facilitated the piracy of more than two million apps.

Last month the Department of Justice announced that two of the three admins of Appbucket had entered guilty pleas to charges of criminal copyright infringement and would be sentenced in June.

Yesterday the DoJ reported fresh news on the third defendant. Appbucket’s Thomas Pace, 38, of Oregon City, Oregon, pleaded guilty to one count of conspiracy to commit criminal copyright infringement and will be sentenced in July.

As reported in late March, the former operator of Applanet says he intends to fight the U.S. Government. However, the same definitely cannot be said about Kody Jon Peterson of Clermont, Florida.

The 22-year-old, who was involved in the operations of SnappzMarket, pleaded guilty this week to one count of conspiracy to commit criminal copyright infringement. He admitted being involved in the illegal copying and distribution of more than a million pirated Android apps with a retail value of $1.7 million. His sentencing date has not been set, but even when that’s over his debt to the government may still not be paid.

As part of his guilty plea, Peterson entered into a plea agreement in which he gave up his right to be tried by a jury and any right to an appeal. He also accepted that he could be jailed for up to five years, be subjected to supervised release of up to three years, be hit with a $250,000 fine, and have to pay restitution to the victims of his crimes.

spyPeterson also agreed to cooperate with the authorities in the investigation, including producing all relevant records and attending interviews when required. However, in addition to more standard types of cooperation, the 22-year-old also agreed to go much further. A copy of his plea agreement obtained by TF reveals that Peterson has agreed to work undercover for the Government.

“Upon request by the Government, the Defendant agrees to act in an undercover investigative capacity to the best of his ability,” the agreement reads.

“The Defendant agrees that Defendant will make himself available to the law enforcement agents designated by the Government, will fully comply with all reasonable instructions given by such agents, and will allow such agents to monitor and record conversations and other interactions with persons suspected of criminal activity.”

The plea agreement also notes that in order to facilitate this work, Government attorneys and agents are allowed to contact Peterson on no notice and communicate with him without his own attorney being present. The extent of Peterson’s cooperation will eventually be detailed to the sentencing court and if it is deemed to be “substantial” then the Government will file a motion to have his sentence reduced.

But despite the agreements, Peterson has another huge problem to face. According to court documents he is an immigrant to the United States and as such a guilty plea could see him removed from the country. Whether he will be allowed to stay will be the subject of a separate proceeding but given his agreement to work undercover it seems unlikely the Government would immediately choose to eject such a valuable asset.

In the meantime, former associates and contacts of Peterson could potentially be talking online to him right now, with a FBI agent listening in over his shoulder and recording everything being said.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Categories: Tech Polis

Los Angeles Law Enforcement Looking To Crowdsource Surveillance

Techdirt - Wed, 04/16/2014 - 06:16

The LAPD wants you, Joe Citizen, to help it out with its surveillance. It has enlisted the help of a crowdsourcing tool called LEEDIR to collect photos and recordings from everyday people who may have additional footage of natural disasters or civil unrest that could help out both emergency responders and cops looking to put a few more demonstrators in jail. In today's announcement, earthquakes, terrorist attacks, and the Boston Marathon bombings were mentioned as scenarios in which LEEDIR could help law enforcement respond to disasters or large-scale public security threats. One might also imagine large citizen protests like Occupy Wall Street being the focus of such crowdsourced surveillance. It's unarguable that the addition of crowdsourced photos and video helped authorities track down the Boston Bombing suspects, which shows that there is some value to this service. But, as is pointed out by Xeni Jardin, it could also be used to build a database of people enjoying First Amendment-protected activities. Currently, the site is soliciting input for any info related to last week's party-turned-riot in Isla Vista, CA, where over 100 arrests were made and 44 people injured, including five police officers. The notice clearly states the police are "seeking to identify several subjects wanted for violent felonies that occurred during the evening."

This is a potentially useful tool that isn't completely evil, but there are some definite concerns. For one, there's no real way to submit anything anonymously. You aren't required to input your name, but the app itself demands access to GPS data and any other communications-related metadata is likely hoovered up by LEEDIR when images and video are uploaded.


There are also other questions left unanswered about the handling of the data submitted. According to today's announcement, agencies might typically retain uploaded content for a month or two, then delete it. But there's no requirement to delete it… And the way the system is accessed and used seems to lend itself to abuse. It's up to law enforcement to provide analysts or investigators to sort through all of the content uploaded to LEEDIR and find potential evidence…

Once the content is uploaded, it belongs to law enforcement, [Co-Global CEO Nick] Namikas said. It's up to each agency to decide how long they want to store the content in the cloud – a service being provided by Amazon. An unfiltered influx of photos and videos curated by law enforcement officers. What could possibly go wrong? The tool may be aimed at natural disasters (which provides free access to police and emergency responders in the affected area), but paid subscriptions are available which would keep LEEDIR live at all times for any law enforcement agency willing to foot the bill.

As if the potential negatives of this sort of crowdsourcing weren't apparent enough, there's also the very large problem of who's behind this new system. Under the leadership of disgraced former LA County Sheriff Lee Baca, the department is said to have conceptualized the web service and smartphone app, which was built by Citizen Global with Amazon

Baca's administration was plagued by corruption and scandal, and he resigned amid ongoing investigation into possible criminal activity. Certainly no such imperfect leader would misuse LEEDIR. But LA Sheriff's Dept. commander Scott Edson sees no downside: “I like to call this a flag-waving opportunity,” Edson said. “This is a great opportunity for the public who really wants to catch those guys as badly as any law enforcement agency wants to catch them. Now they’re going to have an opportunity.” Sure. Just like "see something, say something" filled DHS Fusion Centers with thousands of reports of people using cameras. With unfiltered access to whatever citizens submit, law enforcement can browse for unrelated criminal activity or simply use it to fill in the holes in their surveillance network.

It's not that it couldn't help, as it did in the Boston Bombing. It's that the downside isn't even being considered by the proponents of the system, which include a former law enforcement official accused of corruption. There's seemingly no oversight to the program and absolutely no concerns being raised about privacy or the potentially endless retention of non-relevant footage and photos.



Permalink | Comments | Email This Story







Categories: Tech Polis

First Phase Of Security Audit Finds Vulnerabilities But No Backdoors In TrueCrypt Encryption Software

Techdirt - Wed, 04/16/2014 - 03:11

In the wake of the serious Heartbleed flaw in OpenSSL, more people are becoming aware of how widely used and important open source encryption tools are, and how their security is too often taken for granted. Some people were already worrying about this back in September last year, when we learned that the NSA had intentionally undermined encryption by weakening standards and introducing backdoors. As Techdirt reported, that led to a call for a security audit of TrueCrypt, a very popular open source disk encryption tool. Fortunately, the Open Crypto Audit Project raised a goodly sum of money through FundFill and IndieGogo, which allowed the first phase of the audit to be funded. Here's what's now been done (pdf): The Open Crypto Audit Project engaged iSEC Partners to review select parts of the TrueCrypt 7.1a disk encryption software. This included reviewing the bootloader and Windows kernel driver for any system backdoors as well as any other security related issues. The good news: iSEC found no evidence of backdoors or otherwise intentionally malicious code in the assessed areas. However, it did still find vulnerabilities in the code it examined: the iSEC team identified eleven (11) issues in the assessed areas. Most issues were of severity Medium (four (4) found) or Low (four (4) found), with an additional three (3) issues having severity Informational (pertaining to Defense in Depth).

Overall, the source code for both the bootloader and the Windows kernel driver did not meet expected standards for secure code. This includes issues such as lack of comments, use of insecure or deprecated functions, inconsistent variable types, and so forth.
Because of that, among the recommendations that iSEC made was the following: Improve code quality. Due to lax quality standards, TrueCrypt source is difficult to review and maintain. This will make future bugs harder to find and correct. It also makes the learning curve steeper for those who wish to join the TrueCrypt project. That's an important point, and probably something that other open source projects might take to heart, too. Some have called into question whether Linus's Law -- that "all bugs are shallow, given enough eyeballs" -- is really true for free software (although Eric Raymond, author of "The Cathedral and the Bazaar", has offered a robust defense of that claim.) One reason why those eyeballs may not be finding the bugs is that the code, though open, is unnecessarily hard to read.

The fact that vulnerabilities were found -- even if "all appear to be unintentional, introduced as the result of bugs rather than malice" as iSEC puts it -- is another reason why the second phase of the audit, which will look at the details of how the cryptographic functions have been implemented, is necessary. The discovery of "issues" in TrueCrypt's code also underlines why similar audits need to be conducted for all important open source security programs: if there are vulnerabilities in TrueCrypt, there are likely to be more elsewhere, perhaps much more serious. Finding them is largely a question of money, which is why companies currently free-riding on free software -- perfectly legally -- should start seriously thinking about making some voluntary contributions to help audit and improve them to prevent another Heartbleed.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+



Permalink | Comments | Email This Story







Categories: Tech Polis