On Tuesday night, over 100 attorneys and friends participated in the Sixth Annual EFF Cyberlaw Pub Trivia Night, testing their knowledge of the trivial details that arise where the law meets technology.  Teams included representatives from a host of major technology law firms and and Internet companies, representing the best and the brightest luminaries of cyberlaw.  The seven rounds of questions were written by EFF's attorneys, technologists and activists, pulling trivial details from the rich canon of privacy, free speech, and intellectual property law.

First Place Winners: The Clappers

Please join us in congratulating the winners:

1st Place: The Clappers (Fenwick & West)

2d Place: Wikigeeks (Durie Tangri; Ridder, Costa, and Johnstone LLP; Cathy Gellis, et al)

3d Place: One-Way Ticket to Hong Kong (Wilson Sonsini Goodrich & Rosati)

EFF’s Cyberlaw Pub Trivia Night is an important opportunity for us to thank our friends in the legal community who help protect online freedom in the courts. Among the many firms that dedicate their time, talent and resources to the cause, we would especially like to thank Ridder, Costa, and Johnstone LLP for sponsoring this year’s Trivia Night.

Extra special thanks to Chief Judge Alex Kozinski for his wonderful contribution of quotes from his own rich canon of written opinions for the Kozinski Round, which was easily the most popular round of the evening. 

Share this:   ||  Join EFF

We saw this back when Wikileaks released a bunch of documents and the Defense Department and other government agencies told employees that they weren't allowed to look at any of the documents, even though they were being splashed all over the press. Now, it appears, the same thing is happening concerning the NSA leaks. The Defense Department quickly sent out a memo to staff, saying: Classified information, whether or not already posted on public websites, disclosed to the media, or otherwise in the public domain remains classified and must be treated as such until it is declassified by an appropriate U.S. government authority. It is the responsibility of every DoD employee and contractor to protect classified information and to follow established procedures for accessing classified information only through authorized means. This included instructions, such as the following: DoD employees or contractors who inadvertently discover potentially classified information in the public domain shall report its existence immediately to their Security Manager. Security Managers and Information Assurance Managers are instructed to document the occurrence and report the event to the Director of Security Policy and Oversight, Office of the Under Secretary of Defense for Intelligence (OUSD(I)). The offending material will be deleted by holding down the SHIFT key while pressing the DELETE key for Windows-based systems and clearing of the internet browser cache. Given how much these documents are now showing up in the news, you have to imagine that Defense Department "Security Managers" are up to their eyeballs in "reports" from staffers who "inadvertently" run across such classified materials. On top of this, staff are told to not even acknowledge the existence of these documents: DoD employees or contractors who seek out classified information in the public domain, acknowledge its accuracy or existence, or proliferate the information in any way will be subject to sanctions. I've seen people defend these policies in the past, but they make no sense. All they do is encourage a head-in-the-sand mentality within the government, in which employees are told to pretend that public information isn't public. As we've said before, in the business world, non-disclosure agreements are generally considered null and void the moment the same information becomes public via other means. Because that's dealing with reality. Pretending that these documents aren't out in the world, and having to fill out a report every time a government employee happens to hit a news article with one of these documents shown, seems like a tremendous waste of time and energy, all in an attempt to deny reality.

Permalink | Comments | Email This Story

We saw this back when Wikileaks released a bunch of documents and the Defense Department and other government agencies told employees that they weren't allowed to look at any of the documents, even though they were being splashed all over the press. Now, it appears, the same thing is happening concerning the NSA leaks. The Defense Department quickly sent out a memo to staff, saying: Classified information, whether or not already posted on public websites, disclosed to the media, or otherwise in the public domain remains classified and must be treated as such until it is declassified by an appropriate U.S. government authority. It is the responsibility of every DoD employee and contractor to protect classified information and to follow established procedures for accessing classified information only through authorized means. This included instructions, such as the following: DoD employees or contractors who inadvertently discover potentially classified information in the public domain shall report its existence immediately to their Security Manager. Security Managers and Information Assurance Managers are instructed to document the occurrence and report the event to the Director of Security Policy and Oversight, Office of the Under Secretary of Defense for Intelligence (OUSD(I)). The offending material will be deleted by holding down the SHIFT key while pressing the DELETE key for Windows-based systems and clearing of the internet browser cache. Given how much these documents are now showing up in the news, you have to imagine that Defense Department "Security Managers" are up to their eyeballs in "reports" from staffers who "inadvertently" run across such classified materials. On top of this, staff are told to not even acknowledge the existence of these documents: DoD employees or contractors who seek out classified information in the public domain, acknowledge its accuracy or existence, or proliferate the information in any way will be subject to sanctions. I've seen people defend these policies in the past, but they make no sense. All they do is encourage a head-in-the-sand mentality within the government, in which employees are told to pretend that public information isn't public. As we've said before, in the business world, non-disclosure agreements are generally considered null and void the moment the same information becomes public via other means. Because that's dealing with reality. Pretending that these documents aren't out in the world, and having to fill out a report every time a government employee happens to hit a news article with one of these documents shown, seems like a tremendous waste of time and energy, all in an attempt to deny reality.

Permalink | Comments | Email This Story

UPDATE: Just hours after the Supreme Court ruled today, at least one company announced it would be offering genetic testing on the BRCA genes for $995—barely one quarter of the approximately $4000 Myriad charges for the same tests. 

For the second time in just over a year, the Supreme Court has unanimously weighed in on what is and isn't patentable. And in this case—Association for Molecular Pathology v. Myriad—the high court got it right again.

At issue in this case were the infamous "breast cancer genes," BRCA1 and BRCA2, mutations in which signify increased risk of both breast and ovarian cancers. Myriad isolated these genes and proceeded to use patents to limit who could administer the genetic tests that signal presence of the genes. This raised several concerns, such as the inherent problem with only having one entity administer the tests and the resulting costs—making it nearly impossible for many to afford—and limiting availability of second opinions.

And, more importantly for patent law: these genes exist in nature. Myriad didn't invent or create them, it merely found them, using methods that were well-known among geneticists at the time of discovery. As the Court said

In this case, ... Myriad did not create anything. To be sure, it found an important and useful gene, but separating that gene from its surrounding genetic material is not an act of invention.

Patenting genes had been happening for some time, despite long-standing Supreme Court precedent that, in order to be eligible for a patent, an invention must have a "new or distinctive form, quality or property" and may not be a product of nature. The district court in this case agreed and sided with plaintiffs—geneticists, pathologists, laboratory professionals, and individual breast cancer patients, represented by the ACLU and the Public Patent Foundation— finding that isolated breast cancer genes did not meet this standard and invalidating Myriad's two patents. The Federal Circuit reversed, holding that the isolated genes contained molecules that were "markedly different" than those that occur in nature.

In the interim, the Supreme Court issued another unanimous decision in Mayo v. Prometheus, striking down a patent covering a medical diagnostic test. The Court there found the patent invalid because it took laws of nature and merely included “well-understood, routine, conventional activity previously engaged in by researchers in [the] field.”

We were encouraged by Mayo's strong language that "the basic tools of scientific and technological work" are not patentable. Today, the Court went even further, reversing the Federal Circuit and stating that

As the Court has explained, without this exception, there would be considerable danger that the grant of patents would "tie up'" the use of such tools and thereby "inhibit future innovation premised upon them." This would be at odds with the very point of patents, which exist to promote creation.

We couldn't agree more. The Supreme Court went on to say that "patent protection strikes a delicate balance between creating 'incentives that lead to creation, invention, and discovery' and 'imped[ing] the flow of information that might permit, indeed spur, invention.'"

We're glad to see some sanity in the world of gene patents and diagnostic testing—specifically, more direction from the Supreme Court as to what is an unpatentable "law of nature". (The Court did uphold patents that cover cDNA—genetic material that is developed in a lab and does not naturally exist.) But the so-called "delicate balance" is completely out of whack when it comes to patents that cover software and many other inventions that we believe are similarly unpatentable "abstract ideas". The good news is that this question might end up in front of the Supreme Court soon, and if recent Supreme Court trends hold true, we could see some scaling back of a broken system full of overbroad, vague, and frankly stupid patents.

Files:  amp_v_myriad_scotus.pdfRelated Issues: InnovationPatentsRelated Cases: Abstract Patent Litigation
Share this:   ||  Join EFF

Here's a bit of good news: the Supreme Court has effectively said you can't patent genes, though in typical Supreme Court fashion, it hedged a bit. Basically, they found that merely separating out naturally occurring DNA is not patentable, but that synthetically made "complementary DNA" or (cDNA) can be patentable. This case has been going on for quite some time, involving a company called Myriad Genetics, which isolated two genes, BRCA1 and BRCA2, where mutations indicate a high likelihood of developing breast cancer. Myriad then set up a very lucrative, extremely high priced set of tests to find those mutations and argued that others testing for those genes violated its patents -- because stopping breast cancer should be prohibitively expensive, apparently.

The unanimous ruling found that merely separating out naturally occurring genes cannot be patentable, because that would be ridiculous: It is undisputed that Myriad did not create or alter any of the genetic information encoded in the BRCA1 and BRCA2 genes. The location and order of the nucleotides existed in nature before Myriad found them. Nor did Myriad create or alter the genetic structure of DNA. Instead, Myriad’s principal contribution was uncovering the precise location and genetic sequence of the BRCA1 and BRCA2 genes within chromosomes 17 and 13. The question is whether this renders the genes patentable. And that doesn't make much sense under patent law: Myriad’s patents would, if valid, give it the exclusive right to isolate an individual’s BRCA1 and BRCA2 genes (or any strand of 15 or more nucleotides within the genes)by breaking the covalent bonds that connect the DNA to the rest of the individual’s genome. Myriad's main argument was that it basically had to put a lot of work into finding and isolating the genes, but the court noted that "Groundbreaking, innovative, or even brilliant discovery does not by itself satisfy [the conditions for patent eligibility]."

The court also rejects the idea that just because the US Patent Office regularly granted gene patents for years, it should be allowed to continue to do so. The court does say that complementary DNA, made by Myriad, can be patentable: ... the lab technician unquestionably creates something new when cDNA is made. cDNA retains the naturally occurring exons of DNA, but it is distinct from the DNA from which it was derived. As a result, cDNA is not a “product of nature” and is patent eligible... The court also points out that you can still patent a form of a test for DNA, if that method is innovative, but you can't patent the underlying genetic structure if it's naturally occurring. However, Myriad's method was not new or innovative. As the court notes, it was "well understood by geneticists at the time."

On the whole this is a good ruling that will invalidate a large number of bogus gene patents. While patent extremists are complaining that this will destroy the biotech field, more reasonable minds are pointing out that it should have little effect. I'd argue that, if anything, it may drive greater efforts in biotech, since companies can now do more exploration on genes without fearing being sued by someone who discovered and isolated a particular gene first -- and this should also lead to significantly cheaper genetic testing, creating even more opportunities for biotech firms to innovate on top of widespread genetic testing.

Permalink | Comments | Email This Story

The world was provided confirmation last week of widespread, unconstitutional domestic surveillance of innocent Americans' call records and online activity. But, starting this week, congressional staffers will be briefed in private, newspapers will be forced to report second-hand on what occurred in those briefings, and the public will, once again, be left out of discussions vital to our representative democracy. These discussions should be occurring in public, in an open forum, and for all to hear. Secret briefings, identical to those going on now, were carried out in 2006, after the first disclosure of the NSA's domestic spying program occurred. Seven years later, the program has only grown bigger and more dangerous. This is why we encourage you to call your Senator now and demand that public hearings occur.

Politicians must take an aggressive approach during the upcoming briefings, hearings, and investigations. First, they must determine the true scope of the two different programs—the business records program (Section 215 of the PATRIOT Act) and the PRISM surveillance program based on Section 702 of the Foreign Intelligence Surveillance Act. Then, elected officials must push for disclosure of the full domestic surveillance apparatus operated by the NSA. Politicians need to be careful that officials do not play word games or offer "the least untruthful"—also known as misleading—answers.

Some hearings have touched on the issue, like the recent Senate Apropriations Committee (video) hearing. But the first hearing that must touch on some of these questions will take place this Thursday. The House Judiciary Committee will hold a hearing on the Oversight of the Federal Bureau of Investigation (FBI). The FBI, along with the NSA, is at the center of the spying storm, and FBI Director Robert Mueller has been involved with the NSA's program nearly from its inception.  

With that, here are some questions politicians must ask at the hearing:

General

1) What are the names, capabilities, and purposes of surveillance programs that rely on Foreign Intelligence Surveillance Act authorities, other electronic surveillance statutes, or voluntary cooperation of service providers to acquire or collect widespread information—whether by computer or human—of American communications (defined to include both “metadata” and “content”)?

2) The business records program and the PRISM program have been confirmed by statements of the Director of National Intelligence. It has also been reported that the NSA intercepts information from upstream providers through operations codenamed “Fairview” and “Blarney.” How do "BLARNEY" and "FAIRVIEW" operate, what information is obtained through the programs, and what is their purpose?

3) It has been widely reported that the intelligence community relies on uncommon definitions of common terms. Can you define the terms "collect," "acquire," "intercept," and "content"? If a computer or other device obtains, scans or processes Americans' communications or communications records (on behalf of the government), has the government collected the data? Or must a human being actually perceive the data before you deem that the government collected it?

4) The Washington Post noted that under the NSA's domestic spying program, quarterly reports describing the number of accidental collections of U.S. person content is retained and disseminated to officials. When are you releasing these reports? 

5) How long does the intelligence community retain the information obtained under these authorities? Under what circumstances, if any, are acquired communications (or communications records) deleted?

Section 215

6) Section 215 of the PATRIOT Act authorizes the FBI to collect any "tangible things" relevant to an investigation. According to the Wall Street Journal, dragnet orders relying on Section 215 were also issued to AT&T, Sprint, Internet service providers (ISPs), and credit card providers. What companies, other than Verizon, have received a Section 215 order similar in scope to the one disclosed last week? Has any recipient ever challenged receiving such an order?

7) Can other authorities be used to supplement this search in lieu of Section 215? Has the government ever used National Security Letters or other investigative tools to obtain business records en masse?

8) The “tangible things” sought by the Verizon court order was "telephony metadata." Are there any limits to the type of “things” the FBI can obtain under Section 215? Could the FBI obtain millions of emails with a Section 215 order? Why not? What are the exact components of "telephony metadata" and how is that term defined? Could "metadata" include subject lines of emails, search terms, URLs, and/or location data?

9) The order sought Verizon's "telephony metadata" for its subscribers on an "ongoing daily basis." Has the FBI or another member of the intelligence community used Section 215 to acquire information other than "telephony metadata" in bulk? Has the FBI used Section 215 of the PATRIOT Act only for presently existing records, or has the FBI or any other agency used Section 215 to apply for an order authorizing prospective collection of any relevant tangible record?

10) How do you define "relevant" for Section 215 purposes? Is anything "irrelevant" under that definition? The FISC's order also relied on the definition of "content" contained within the Wiretap Act, 18 U.S.C 2510. Why does the order use the definition of “content” contained in another statute when FISA, itself, defines the term?

11) The Fourth Amendment was created, in part, to protect against "general warrants." Why is a court order compelling Verizon to provide millions of subscribers calling information to the government not a general warrant? Why do these orders not violate the Fourth Amendment? Who do these orders not violate the First Amendment's free speech protections or rights of association?

Section 702

12) Section 702 of the FISA Amendments Act provides broad authority for the government to target persons reasonably believed to be outside the United States. According to reports, Microsoft, Google, Yahoo, Facebook, and other companies have been required to comply with targeting orders under Section 702. What companies, other than those listed, have received directives or orders to comply with Section 702 surveillance or any similar broad collection authority under FISA? Have any recipients ever challenged receiving such an order? How many directives or orders have been issued under Section 702? How many individuals are typically affected by a single order? If you are unable to provide an estimate, why are you not able to?

13) The New York Times reported that some orders issued under Section 702 can be "broad sweep[s] for intelligence, like logs of certain search term.” How many Internet users' communications (including metadata and content) have been made accessible to the intelligence community to or through PRISM?  How many Internet users' communications (including metadata and content) have been algorithmically inspected in the course of completing queries generated with, from, or by PRISM? If you cannot give an estimate, why are you not able to?

14) According to reports, NSA analysts make targeting decisions based on a 51% confidence level that a target is "foreign." How do you ensure that your targets are not Americans? What are the metrics, procedures, and policies for arriving at such determination? How do you determine if there is a "valid foreign intelligence purpose" for the targeting? What are the minimization procedures for targeting under Section 702?

15) In a letter written to Senator Wyden on July 20, 2012, the Director of National Intelligence admitted that "on at least one occasion" the Foreign Intelligence Surveillance Court determined the minimization/collection performed under Section 702 violated "the spirit of the law" and the Fourth Amendment. In what ways did the surveillance violate the Fourth Amendment and the “spirit of the law”? What has been done to correct the unconstitutional surveillance identified by the FISC? Why has this opinion not been made public?

16) The FISA Amendments Act provides the government with extraordinarily broad authority to obtain intelligence information without identifying particular targets, facilities, or locations to be monitored, and the statute gags service providers from ever disclosing having received the order. Why do these orders not violate the Fourth Amendment? The First Amendment?

 

 

Related Issues: NSA SpyingTransparency
Share this:   ||  Join EFF

As the various details have come out about the NSA leaks, many people are focused on PRISM, but it's pretty clear that the really big revelation so far was in how the telcos -- Verizon and AT&T being the big ones -- have continued to cooperate closely with the government, more or less handing over all their data to the NSA. That had already been alleged years ago, by AT&T technician Mark Klein, but many in the public and the press had ignored that until the leaks last week revealed the FISA Court's order to Verizon, demanding all records. Declan McCullagh, over at News.com, is pointing out a key point: while the tech companies have loudly denied handing over tons of data to the feds, notice that AT&T and Verizon have remained silent.

The Internet companies have asked Attorney General Eric Holder to lift secrecy restrictions on 702 orders so they can clear their name, in part by disclosing how many records they have turned over in response to legal process. Google sent an open letter to Holder yesterday, and Facebook and Microsoft have also asked the Justice Department for permission to divulge summary statistics. Holder has not responded.

By contrast, AT&T never asked for permission to disclose NSA surveillance. Instead, Deputy Assistant Attorney General Carl Nichols said during a 2006 court hearing in San Francisco that a discussion of all the "facts" about NSA surveillance could only happen in a classified setting. The Bush administration asked that the case be tossed out on "state secrets" grounds.

Neither did Verizon, which has secretly turned over daily logs of all customers' phone calls to the NSA, according to a court order that the Guardian published last week. When USA Today disclosed in 2006 that NSA was vacuuming up phone logs, Verizon didn't deny it. Instead, a spokesman told the newspaper only that "we do not comment on national security matters."

Now, perhaps it's reasonable to question whether or not the statements from the internet companies are completely accurate, but they've been increasingly specific in their denials. On the flip side, the telcos haven't issued any denials at all, and, given the evidence that Klein presented seven years ago, you can see why they might not have grounds to issue a denial. The remaining silence, however, speaks volumes.

Permalink | Comments | Email This Story

We already wrote how the main backer of the Patriot Act, Rep. Jim Sensenbrenner, has said that it was never intended to allow dragnet surveillance of all phone records, as recently revealed. However, it appears he's not done yet in fighting back against this abusive interpretation of the law he sponsored and championed. He's now claiming that those who are defending the NSA and claiming that there's no big deal in having the NSA collect all that data are spewing "a bunch of bunk" directly claiming that the key provision of the Patriot Act, Section 215, was drafted to prevent such data mining. Representative Jim Sensenbrenner, who introduced the PATRIOT Act on the House floor in 2001, has declared that lawmakers' and the executive branch's excuses about recent revelations of NSA activity are "a bunch of bunk."

In an interview on Laura Ingraham's radio show Wednesday morning, the Republican congressman from Wisconsin reiterated his concerns that the administration and the secret Foreign Intelligence Surveillance Act court have gone far beyond what the PATRIOT Act intended. Specifically, he said that Section 215 of the act "was originally drafted to prevent data mining" on the scale that's occurred. He also claims that people calling Ed Snowden a traitor are off base because without Snowden, he wouldn't have known how the Patriot Act was being abused. That's quite an incredible statement when you think about it. While we can argue that Sensenbrenner, given his role in Congress, probably had an obligation to further investigate how the law was being used -- especially given the warnings raised by other members of Congress -- it still seems to weigh pretty heavily in favor of showing how valuable these disclosures have been as whistleblowing. The very author of the Patriot Act claims that the leaks enabled him to realize that the law is being used in direct contrast to his intentions. Perhaps it's now time to fix that.

Permalink | Comments | Email This Story

The United States Chamber of Commerce has come to its senses at last and withdrawn its lawsuit against political activists the Yes Men. In the lawsuit, the Chamber had claimed that a 2009 press conference—in which a Yes Man posing as a Chamber of Commerce spokesperson announced the Chamber was reversing its long held position and endorsing climate change legislation—infringed the Chamber's trademark rights. Before the press conference was even completed, a Chamber of Commerce representative rushed into the room and announced that the Chamber's position on climate change legislation had not in fact changed.  The result: widespread media coverage of the event and the Chamber's humorless response. The Yes Men tell the story best.

Did the Chamber of Commerce finally get a sense of humor? Or did it just realize the lawsuit was doomed?

At that point, things took a dangerous turn.  Rather than letting matters lie, the Chamber pulled out all the stops to try to punish the activists. First, it sent an improper copyright takedown notice to the Yes Men's upstream provider demanding that a parody website posted in support of the action be removed immediately and resulting in the temporary shutdown of not only the spoof site but hundreds of other sites hosted by the Yes Men's web host.  Next, the Chamber filed suit against the activists in federal court.

With help from EFF and Davis Wright Tremaine LLP, the Yes Men fought back, moving to dismiss the claims on First Amendment grounds.  As we explained, you can’t use trademark law to punish free speech just because the speaker happens to use your trademarks as a necessary part of its activism.

Did the Chamber of Commerce finally get a sense of humor? Or did they just realize their lawsuit was doomed? Either way, it’s a long-overdue victory for the Yes Men and their increasingly popular brand of political parody and satire.

The Yes Men are holding a new press conference responding to the Chamber’s decision to drop the case. Watch this space for more on their response.

UPDATE: There is apparently no such thing as a free lunch for the Yes Men — at least not one from the U.S. Chamber of Commerce. Still, they've posted highlights from their press conference on the steps of the Chamber, which we've embedded below.

Privacy info. This embed will serve content from youtube.com
var mytubes = new Array(1); mytubes[1] = '%3Ciframe src=%22http://www.youtube.com/embed/jew6KiCZ_wQ?rel=1%26amp;autoplay=1%26amp;wmode=opaque%26?autoplay=1%22 width=%22400%22 height=%22250%22 class=%22video-filter video-youtube vf-jew6kiczwq%22 frameborder=%220%22%3E%3C/iframe%3E'; Related Issues: Free SpeechNo Downtime for Free SpeechIntellectual PropertyRelated Cases: Chamber of Commerce v. Servin
Share this:   ||  Join EFF

Perhaps the NSA has finally met its match: copyright infringement. You may have seen the logo that the NSA is using for the PRISM program (shown here upside down for a reason that will become clear shortly): Well, it turns out that the prism image that they used is being used without permission. The photo was actually taken by Adam Hart-Davis, a well-known BBC presenter. You can see the original below:
Photo by Adam Hart-Davis/DHD Multimedia Gallery As Adam's son, Damon, notes in the link above, the image is free for use via his gallery under some simple terms, including acknowledging the author. Damon jokingly suggests asking the NSA for a small donation, though he worries about any undue attention from the folks at the NSA.

Of course, in a country where copyright laws trump all, perhaps Damon could sue for infringement and seek discovery to find out all the documentation on PRISM.

Permalink | Comments | Email This Story

While The Pirate Bay receives most of the headlines in the file-sharing world, another site has built up a massive following.

KickassTorrents, known more recently as simply KAT.ph, has become one of the most loved torrent sites on the Internet. In common with The Pirate Bay, when the site goes down TorrentFreak gets bombarded with emails from users wanting to know what’s going on. Today is such a day.

A couple of hours the ago the site simply disappeared from the Internet with the site’s operators departing with a brief “We have an unexpected maintenance” message on Twitter.

All emails to KAT’s operators are currently bouncing due to what appears to be an issue with their KAT.ph domain. “Destination .PH Domain does not exist or has expired,” is the message we get in return.

As can be seen from the image below, a check for KAT.ph indicates that the site’s DNS is functioning ‘correctly’, except for in Italy and India where it’s null routed and blocked respectively.

However, on closer inspection we can see that instead of pointing to the usual IP addresses associated with the site, currently the KAT.ph domain points to an IP address range associated with DotPH, the official registrar for the Philippines where KickAss registered their domain.

We cannot say with absolute certainty what this means, but it seems likely that KAT may be experiencing issues with DotPH over their domain. It is feasible that the domain has been reclaimed by the registry although on what grounds and for how long is impossible to predict.

In the meantime TorrentFreak has been informed by ProxyBay.me, the operator of the ProxyKat.net site (which still provides access to KickassTorrents), that around 50% of his proxies have begun diverting to a new domain, Kickass.to. Whether this switch is a permanent or temporary measure will probably become apparent in the hours to come.

Finally, as previously reported, a site called TorrentMirrors claims to keep torrent sites alive, even while they’re down. At this moment it appears to be keeping its word.

Update: According to a post by KAT staff member Chew the .ph domain has been seized.

Source: KAT.ph Goes Down Following Domain Issues, Switches to Kickass.to

There's been a lot of focus elsewhere concerning the FISA rulings that were leaked, showing that the government is scooping up the details of pretty much every phone call. However, a case concerning some guys who were trying to rob an armored truck may lead to some interesting revelations related to what the government collects. Daryl Davis, Hasam Williams, Terrance Brown, Toriano Johnson, and Joseph K. Simmons were charged with trying to rob a bunch of armored Brink's trucks, in which one of the robberies went wrong and a Brink's employee was shot and killed. As part of the case against the group, the DOJ obtained call records. However, during discovery, the government refused to hand over call records for July of 2010, claiming that when they sought them from the telco, the DOJ was told that those records had been purged. Terrance Brown's lawyer is now claiming that since it appears the NSA has sucked up all of this data for quite some time, it would appear that the government should, in fact, already have the phone records from July 2010, which he argues would show that he was nowhere near the robbery when it happened. Defendant Brown urges that the records are important to his defense because cell-site records could be used to show that Brown was not in the vicinity of the attempted robbery that allegedly occurred in July 2010. And, relying on a June 5, 2013, Guardian newspaper article that published a FISA Court order relating to cellular telephone data collected by Verizon,1 Defendant Brown now suggests that the Government likely actually does possess the metadata relating to telephone calls made in July 2010 from the two numbers attributed to Defendant Brown. The court agrees that, under the law, the government may need to produce those records. Here, Defendant asserts that, under Brady v. Maryland, 373 U.S. 83 (1963), due process requires the production of the July 2010 telephone records because they are anticipated to be exculpatory in that they are expected to show that Defendant Brown was not physically located at the scene of the alleged attempted Brink’s truck robbery in July 2010.

In view of Defendant Brown’s Motion and the requirements of FISA, it is hereby ORDERED and ADJUDGED that the Government shall respond to Defendant Brown’s Motion and, if desired, shall file an affidavit of the Attorney General of the United States. That order was actually issued Monday, only giving the government until yesterday to comply. At the time of posting, the government's reply has not yet shown up in PACER, though it may pop up soon. I'm guessing that they'll try to either get some sort of extension or explain why those records are somehow inaccessible -- but it could get interesting.

Permalink | Comments | Email This Story

After three years and millions of warning letters, the French three-strikes anti-piracy law ‘Hadopi’ has resulted in the first Internet disconnection.

The customer in question will be without Internet access for two weeks and must also pay a 600 euro fine. Quoting officials, PC Inpact reports that the file-sharer was caught sharing one or two files and failed to respond to earlier warnings.

If no appeal is filed within 10 days the file-sharer’s Internet provider will move forward with the disconnection. For 15 days the customer will be denied access to the Internet, but the ISP must ensure that e-mail, instant messaging and other VOIP services continue to work.

The sentencing comes at a peculiar time. Last month a nine-member panel recommended that the Government scraps the Hadopi agency, the body that currently oversees the graduated response system.

In a detailed report the panel concluded that although there was a reduction in file-sharing on P2P networks such as BitTorrent, there had also been an increase in use of other services such as streaming sites and cyberlockers which are not covered by Hadopi. In addition the panel concluded that the three-strikes scheme had failed to benefit legal services.

The ineffectiveness of the three-strikes policy was confirmed two weeks ago by a music industry group. In a separate report the group concluded that the anti-piracy law had failed to halt the decline in music sales.

But while Hadopi might be dead soon, file-sharing penalties are not going away.

Based on a recommendation from the panel, the Government now plans to replace the current system of Internet disconnections with automated fines. Under Hadopi, fines extended to a theoretical maximum of around 1,500 euros, but these are now expected to be reduced to around 60 euros each, but with increases applied to repeat offenders.

The Government presented the new automated warning system as a better deal, since no one would be at risk of losing access to the Internet. However, at the time of the announcement this statement made little sense.

“They pretended it would be a better deal for internet users, but it wasn’t. No one had been convicted to a suspension of Internet access, and we all believed no one ever would. With the recent conviction they can now claim they are right, and defend their new legislation,” Guillaume Champeau of French news site Numerama told TorrentFreak in a comment.

“The timing is really the best one possible for the Government. But was the sentencing totally independent, or did it follow instructions that suited a political agenda?”

Despite having the first conviction in the bag, the Hadopi law will go down in history as a failed experiment. However, the announced changes are certainly no win for file-sharers as the automated system takes away judicial oversight, opening up the possibility of thousands of people being issued with fines every week.

Time will tell whether that’s going to happen.

Source: France Disconnects First File-Sharer From the Internet

We already mentioned how terrorist supporter Rep. Pete King has said that journalists reporting on government leaks exposing blatant abuse of power should be prosecuted, and rather than admit that he misspoke, he appears to be doubling down... by flat out lying. He went on Fox News to specifically call out Glenn Greenwald and claim that legal action should be taken against him, mainly based on the entirely false claim that Greenwald is threatening to reveal the names of CIA agents and assets. The problem is this is not true. Greenwald has made no such threats or even suggested anything like that. But King bases his entire attack on Greenwald on these false claims. According to the summary at TPM: "I'm talking about Greenwald. Greenwald, not only did he disclose this information, he has said he has names of CIA agents and assets around the world and threatening to disclose that," King said. "The last time that was done in this country, we saw the CIA station chief murdered in Greece. No right is absolute and even the press has certain restrictions. I think it should be very targeted, very selective and certainly a very rare exception. But in this case, when you have someone who's disclosed secrets like this and threatens to release more, then to me, yes, there has to be, legal action should be taken against him. This is a very unusual case with life and death implications for Americans." Later on in the interview, King is asked about whether Greenwald's existing leaks should lead to prosecution, and King says yes, that this is clearly being done to "hurt Americans." When it's pointed out to him that Greenwald will (quite rightly) say that what he's doing is to help Americans by exposing abuse of power, King again says that because Greenwald has threatened to reveal CIA agents (again, a totally false statement), it shows his intent is harm. Fox News: Well, Glenn Greenwald will say he's trying to help America.

King: Well, first of all, he's not. To me, what shows his intent, is his saying he's threatening to release the names of CIA agents. There's no way that helps the United States. And that, to me, shows his motivation. Hmm. And what "motivation" does it show when an elected official blatantly lies about a reporter revealing abuses of power from the federal government, and claims that reporter should be arrested and prosecuted for doing his job, based on those lies. Also, Fox News, perhaps next time you speak to Rep. Pete King, you can point out that he's been lying to you.

Permalink | Comments | Email This Story

When we wrote about President Obama's plan to deal with patent trolls, we noted a few areas where it was a bit weak and could be improved. In particular, the lack of an independent invention defense and using independent invention as evidence of obviousness would be quite useful in stopping abuses of the patent system. However, I'm a bit confused by Christopher Mims' complaints about Obama's patent plan being useless against patent trolls. I think Mims is a bit confused. He claims that there are two real problems with the patent system, and this plan addresses neither: (1) the patent office is understaffed and there's a backlog of patents and (2) the fact that we grant software patents at all.

I'd argue that Mims is seeing symptoms of the broken patent system, and suggesting that they are the problems, and I think he underestimates how some of the proposals may fix the "problems" he sees. First, on the question of an understaffed patent office, that's clearly a symptom, not the cause. The real problem is that the patent office has been issuing a ton of ridiculous patents: patents that are broad and covering obvious things. Furthermore, the courts have been awarding huge sums in litigation on those patents. The end result: more people applying for more patents, hoping to get their own lottery ticket. If you take away the broad patents and you make it easier to invalidate bad patents that already exist, combined with potential fees for suing over bad patents, you diminish (greatly) the value of the lottery ticket. End result? Fewer patent applications, less backlog, and no need to focus on hiring. The whole "patent office is understaffed!" claim is a red herring. It's the result of a patent system that has been encouraging a growth in patents, rather than a growth in innovation.

As for the software patent issue, I know that lots of people are sympathetic to this claim, but as we've argued for years, it's not that easy. If you outlaw "software patents," patent lawyers will rewrite those patents to look like they're not "software patents." And that's because there is no real definition of "software patents." Mims dismisses the stuff about rejecting functional claiming by saying that it's just some vague notion of stopping "broad" claims. But that's not true. He should read Mark Lemley's paper on functional claims. If the USPTO was properly recognizing and rejecting functional claims, it would have the impact of basically getting rid of many of the worst kinds of software patents, because they're really about functional claims. That's the real problem with most software patents. Get rid of functional claims and much of the "software patents" problem is dealt with.

Furthermore, it also has the benefit of stopping similar problems in hardware patents. Because while there's been a lot of focus on software patents, there's been a growing problem on the hardware side as well, and it's only going to get worse as we enter a new era of hardware startups and disruption. And, of course, getting rid of functional claims also, means fewer bogus patent applications as the lottery ticket aspect dies down as well... and, once again, that solves the "problem" of not enough patent examiners.

So, no, the proposals from the White House aren't perfect and don't solve everything. But, I wouldn't dismiss the suggestions out of hand either. If the USPTO actually did its job and rejected functional claims, the potential impact could be huge.

Permalink | Comments | Email This Story

In the wake of the leaks about NSA's spying activities around the world, one of the interesting subsidiary questions is: who else had access to this stuff? We know that the UK did, and now there are indications the Dutch did as well, according to this report on DutchNews.nl: Justice minister Ivo Opstelten on Tuesday refused to comment on claims the Dutch security service AIVD works together with the US secret services in collecting information from email and social media traffic.

…

Dutch security service AIVD has also received information on email and social media traffic via US spy system PRISM, the Telegraaf reports on Tuesday. Some pretty dramatic claims are being made: If the AIVD lists an American address as suspicious, it is supplied all the information within five minutes, a source told the paper. The source worked for the department which monitored potential Dutch Muslim extremists, the paper said.

Dutch companies also cooperated with the US authorities' request for information, the source said, claiming that 'there are agents ready to deal with requests for information inside companies and institutions.'

'There are a couple of those secret programmes like Prism active in the Netherlands,' the source is quoted as saying. There are a few points to note here. First, this is a report about a story in the Dutch newspaper Telegraaf, which draws on unnamed sources. So the chain of information is quite long, and it's likely that details have been lost or mischaracterized along the way. It's also worth noting that PRISM is not the only system mentioned here for gleaning information about people. That's probably muddying the waters yet more, as sources reveal tantalizing information about other spying initiatives that then get subsumed under the general heading of PRISM, simply because it's in the headlines at the moment.

That's not to minimize the shocking nature of these revelations -- the idea that spies around the world may be accessing within minutes any private information they want, is troubling -- merely to note that the picture we have of what is going on remains frustratingly vague. And that, of course, is an argument for more transparency from the authorities, both in the US and elsewhere, about what is really happening to our personal information when we go online, and who has access to it.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Permalink | Comments | Email This Story

At the start of 2012, New Zealand police embarked on what was almost certainly the most heavy-handed police action ever carried out against someone accused of copyright infringement.

At 06:45 on January 19 it soon became clear something unusual lay ahead.

Officers of the Special Tactics Group, New Zealand’s elite counter-terrorist force, had been sent to detain Megaupload founder Kim Dotcom following allegations in the United States that his company had breached the distribution rights of Hollywood studios.

No one in the household, including several maids and Dotcom’s pregnant wife and children, had any record of violence. Yet police arrived in force, swooped into the sprawling estate in vehicles, on foot, and in helicopters which landed on the forecourt of Dotcom’s house.

Security staff were detained, handcuffed and told to lie on the floor. Other staff, including Dotcom’s personal bodyguard, were placed next to a van containing barking dogs.

In August 2012, dramatic footage of the raid taken from police helicopters was published by New Zealand’s 3Newz. The video evidence showed that accounts from the day were true and overwhelming force had indeed been used.

Just a few moments ago Kim Dotcom released a new video of the raid, this time taken by his own network of internal security cameras. The detailed and clear images further highlight the resources allocated to detain the Megaupload founder and his family.

The raid

The video begins with Chris Dodd making his now-infamous threat to pull funding to President Obama if something isn’t done about online piracy. It then switches to the very next day and an aerial view of the Dotcom mansion as a police helicopter swoops in.

New footage begins when police clad in black are filmed running to the main gate of the property where they confront a security guard. He has his hands thrust behind his back and is walked quickly off camera.

After police vehicles and more officers enter the premises, one is seen moving across the front of the house with a dog on a leash. A car then pulls up in the driveway and an officer emerges, raising a rifle up to his shoulder.

In another section a second staff member is handcuffed while three armed officers walk off camera.

As police vehicles and even more officers pour onto the scene, armed anti-terror police – one with a dog on a leash – are seen trying to access Dotcom’s garages. As can be seen from the image below, at least one is pointing a handgun while the other brandishes a silenced rifle fitted with a scope.

Once access had been gained, police already prepared with tow trucks begin removing Dotcom’s prized car collection, including the pink cadillac in the image below.

But despite all the resources and intelligence used, authorities still managed to mess up the raid. Last year the search warrants used were ruled overbroad and illegal by a High Court judge.

The newly released video ends with what appears to be Dotcom’s preferred conclusion to the police raids. Funny though it is, the similarities between the raid and the final events leading up to the scene in the movie portrayed are quite similar. In fact the entire raid is quite ‘Hollywood’, but perhaps that was the intention all along.

Source: Kim Dotcom Releases New Raid Footage Captured By In-House CCTV

One point that people have pointed out concerning the US's "six strikes" agreement between ISPs and Hollywood, is the fact that it only covers a group of the largest ISPs, but there are a fair number of other, smaller, independent ISPs. Apparently, however, Hollywood has decided that it will go after users on those ISPs as well, and will go after them more aggressively -- by demanding cash from them. Basically, Warner Bros. has teamed up with a company called Digital Rights Corp., which is sort of a "slightly more legit" form of copyright trolling -- demanding licenses from people they accuse of infringement. “Yes. Warner Bros. is working with Digital Rights Corp on a test ISP/subscriber notification program to many ISPs that are not participating in the Copyright Alert System,” a Warner spokesman told TorrentFreak.

[....] “The notices give consumers an opportunity to settle the identified infringement for a very nominal sum of $20 per title infringed–not as a measure of damage, but as a concrete reminder that our content has value and as a discouragement of future unauthorized activity.” This is nefarious on multiple levels, because it actually treats the consumers of alternative ISPs worse than customers of ISPs who agreed to sell out those customers to Hollywood.

As TorrentFreak notes, it's not clear that Warner Bros. can or would actually do anything if you don't pay such a demand. But, if you do pay, it appears they go back to you seeking more: After the initial payment, Rights Corp matched the notified (and settled) infringement with two others already on file. Since the guy had filled in his phone number, the company then called him up and asked for another $40.00 to clear his file. This certainly sounds like copyright trolling, along the lines of Prenda, but at a slightly cheaper level.

Permalink | Comments | Email This Story

We give our lawmakers a lot of grief in this glorious country, which is so glorious specifically because we can do that, but there's got to be hardship that goes along with public service of that sort. I mean, it can't all be lobbying money here, grandstanding there. I imagine being a Senator or Representative can be quite hard, and that isn't even an Anthony Weiner joke. As a result of all that, it's probably understandable when the wife of a state senator heads to her husband's official Facebook page to defend her man against what she admits are likely spammy Facebook fake-skank accounts asking to engage in said skankdom. In a post Monday on a Facebook account belonging to Alabama state Sen. Shadrack McGill, R-Woodville, a poster identifying herself as McGill's wife said women have used the social media network to approach her husband "multiple times" since he was first elected in 2010.

"I have been silent for long enough!!" a person who identified herself as Heather McGill wrote. "NO MORE! Multiple times since being in office he has gotten emails from women (who may not even be real) inviting him to explore, also sending pictures of themselves." Inviting him to explore? Are we 100% sure that these aren't a series of scantily-clad female versions of Lewis & Clark looking for the next great undiscovered territory? Perhaps more importantly, exactly what is the point of screeding against what, if our collective experience is any indication, is almost certainly a series of spam accounts looking to generate clicks at BS adult websites? Assuming they're the spam accounts I think they are, they aren't going to read the post. Nor are they going to read any post. They're not actual people. All this does is make you look silly on a senator's official Facebook page. And how is she accessing his page anyway? Isn't that a no-no?

She continues: "We have children that look at our face books from time to time! Shame on you! I love my husband and my children too much to sit here and allow this to go on and will not give the enemy anymore foothold into my family! This is the 'behind the scenes' garbage that political life brings. I will not turn a blind eye to it any longer!" That may be true, but they're turning a blind eye on you. Also, allowing your children access to your "face books" (er...) is your responsibility. That behind the scenes garbage you mentioned? Well, first, it comes with the territory, so buck up, hoss. Secondly, we all get those spam messages too. And we ignore them. You know...like nearly everyone on the planet does. We certainly don't go post-crazy about them, which in this case will only serve to shine a spotlight on her husband. You want to take bets on whether people are now sifting through Senator McGill's personal life more ardently than they had been before all this?

Permalink | Comments | Email This Story

A lot remains uncertain about the number of users affected by the NSA PRISM surveillance program that is taking place, the extent to which companies are involved, and how the NSA handles this sensitive data. Does the NSA regularly collect and examine a huge swath of the cloud communications of American and foreign Internet users? Does the agency present evidence and seek careful judicial review to obtain limited amounts of user data related to individual investigations? Or is the answer somewhere in the middle, with queries being constructed such that algorithms scan most or all of the accounts, identifying a smaller set of "interesting" accounts whose contents are sent to the NSA?

This post attempts to set out some fundamental questions that we need answered in order to gain enough clarity on the surveillance taking place to have an informed democratic policy debate.1 We also give our approximations of the realistic "Best case" and "Worst case" scenarios given what we already know about the program, to highlight the range of possible realities.

For each company involved, how many user accounts have had some private data transmitted to the NSA? [+]

While companies have denied giving the NSA "direct access" to their servers, those denials have been carefully worded and the companies have admitted that they do comply with what they consider to be lawful orders — especially 702 FISA orders2 — and push back if these orders are too broad. The New York Times reported that some of these orders can be "a broad sweep for intelligence, like logs of certain search terms." Unfortunately, without more specificity from companies detailing the approximate number of user accounts whose data is touched by such orders, we are left in the dark about exactly how broad the orders are.

Could the NSA, for example, ask for all Gmail emails that contain the word “golden gate bridge” that were sent or received in the last 24 hours? For all private Facebook messages of any user that signed up through an IP address associated with a particular country over a one month period? Are there orders for information which has to be provided on an ongoing basis? Is information filtered by the companies so that no information on Americans is handed over? In order to have a better grasp of the scope, we have been encouraging companies to provide more granular information in their transparency reports or elsewhere.

We're pleased to see requests from Google and Facebook to the government for more leeway to publish this information in transparency reports. These requests should be taken seriously, and we also encourage the NSA to itself be more forthright with what information is collected.

Best case: The NSA sends a small number FISA 702 orders that are narrowly targeted for specific investigations and touch upon only a small number of user accounts; ideally at most hundreds or perhaps thousands of accounts have information passed on to the NSA every year.

Worst case: Companies receive incredibly broad FISA 702 orders that result in turning over huge swaths of user data to the NSA on a regular or ongoing basis, such as the emails of all users in a particular country, or any that contain a phrase like “golden gate bridge”.

What information about users' activities is being collected without the cooperation of companies? [+]

There is a lot we do not know about what the NSA can collect without the cooperation of companies. While entities like the NSA are in a position to gather some forms of metadata without involving a company, the encryption deployed by companies such as Google and Facebook in recent years makes it hard for the NSA to obtain content without involving companies. Still, one interpretation of PRISM is that the NSA is using aggressive tactics like stealing private encryption keys from company servers in order to conduct spying without company knowledge. Alex Stamos has provided a taxonomy of possibilities that technically knowledgeable users may find useful in understanding the array of possibilities.

Best case: The NSA is not monitoring any metadata or content data of users except via lawful and targeted requests made to the companies.

Worst case: The NSA is broadly monitoring user metadata and content data without any company involvement.

What internal checks does the NSA have on how data is requested and (mis)used? [+]

Right now we know extremely little about how the NSA uses the data. We know that it is used for "national security" purposes such as espionage, national security investigations, and tracking nuclear proliferation. It is safe to assume that US spy agencies monitor and intervene in business activities (one example) as well as the affairs of other states, probably including the politics of democracies (one possible example). But we don't know how frequently such targets might be chosen, or what standards the US intelligence community might apply to those activities.

Aside from purposes, there are other important questions about checks and balances. What evidentiary standard is required for information to be obtained from companies? Once this collection occurs but before a person looks at the data, what minimization procedures take place to ensure that only appropriately targeted data is examined by analysts? Is data deleted, and if so what triggers deletion? What percentage of data is deleted? Is data about Americans always deleted once it is discovered? For people employed at the NSA in a position to look at very private information such as the content of a personal email, what checks are there to prevent that person from misusing this information?

Best case: Data is only sought once there is substantial evidence of terrorism of other activities that might affect national security. Only data relevant to an active investigation is stored, and only as long as it is needed. Data that is not relevant is immediately deleted. All employee access of private data is logged and regularly reviewed for inappropriate or questionable uses.

Worst case: Analysts can go on fishing expeditions without any evidence of wrongdoing. Data is stored indefinitely. Irrelevant data is not discarded, including domestic data on American users. There are few checks on how employees with access can use the tools at their disposal, and little accountability as a result.

America has long struggled to reconcile democratic principles with intelligence imperatives. Striking the right balance is difficult; while there may be legitimate arguments for confidentiality with respect to specific sources and operations, secret legal interpretations and practices are plainly antithetical to American values: the public, acting through Congress, gets to decide what's allowed. That critical governance process is only possible with transparency. Implausible and unsubstantiated claims that oversight endangers national security only further erode the American public's trust in the intelligence community. We hope that the NSA will choose a better path: appropriately declassify information, work with companies to disclose the scope of their surveillance programs, and earn the trust of the American public. We urge you to join us in asking the hard questions.

(function($) { $('#collapsible1').hide(); $('#collapsible2').hide(); $('#collapsible3').hide(); $('#clickable1').css('cursor', 'pointer').css('text-decoration', 'underline'); $('#clickable2').css('cursor', 'pointer').css('text-decoration', 'underline'); $('#clickable3').css('cursor', 'pointer').css('text-decoration', 'underline'); $('#clickable1').click(function(){ $('#collapsible1').toggle(); }); $('#clickable2').click(function(){ $('#collapsible2').toggle(); }); $('#clickable3').click(function(){ $('#collapsible3').toggle(); }); })(jQuery);

• 1. Note that the following questions are about the sources for the collection of information, and the scope of that collection, but aren't centered around “PRISM” itself to avoid the word games that government and intelligence agency officials have played to avoid giving substantive answers about the surveillance taking place.
• 2. FISA 702 orders refer to 50 USC § 1881a.

Related Issues: PrivacyNSA SpyingPATRIOT Act
Share this:   ||  Join EFF