Tech News

  • : Function ereg() is deprecated in /home/morelweb/public_html/includes/file.inc on line 645.
  • : Function ereg() is deprecated in /home/morelweb/public_html/includes/file.inc on line 645.
  • : Function ereg() is deprecated in /home/morelweb/public_html/includes/file.inc on line 645.
  • : Function ereg() is deprecated in /home/morelweb/public_html/includes/file.inc on line 645.
  • : Function ereg() is deprecated in /home/morelweb/public_html/includes/file.inc on line 645.
  • : Function ereg() is deprecated in /home/morelweb/public_html/includes/file.inc on line 645.
  • : Function ereg() is deprecated in /home/morelweb/public_html/includes/file.inc on line 645.
  • : Function ereg() is deprecated in /home/morelweb/public_html/includes/file.inc on line 645.
  • : Function ereg() is deprecated in /home/morelweb/public_html/includes/file.inc on line 645.
  • : Function ereg() is deprecated in /home/morelweb/public_html/includes/file.inc on line 645.

Why Is The UK's Intellectual Property Office Praising National Portrait Gallery's Copyfraud Claims Over Public Domain Images?

TechDirt - Fri, 2016-07-15 08:33
The other day I saw the following tweet and was very confused: That's a tweet from the UK's Intellectual Property Office (IPO) asking how does the UK's National Portrait Gallery in London "manage the copyright of national treasures like Shakespeare?" My initial response, of course, was "Wait, Shakespeare is in the bloody public domain, you don't have any copyright to manage!" It seems rather easy to manage "the copyright" of Shakespeare when there is none. But it turns out the link is... even worse. It's to a blog post on the IPO website eagerly praising the National Portrait Gallery for engaging in out-and-out copyright fraud. You'd think that the Intellectual Property Office would recognize this, but it does not.

The tweet was doubly misleading, also, because it's not the works of William Shakespeare, but rather a portrait of William Shakespeare. The IPO then explains that the National Portrait Gallery is doing a brisk business licensing these public domain images, noting that: According to the gallery’s most recent statistics – the top five individual portraits licensed from its website are, in descending order: William Shakespeare, Richard III, Queen Elizabeth 1, King John and King Henry V. Obviously, all of those portraits were created centuries ago -- and are in the public domain. So why is the National Portrait Gallery licensing them at all? Well, I'm pretty sure this goes back to an issue we've written about quite some time ago. While in the US the caselaw is clear that merely digitizing public domain images does not create a new copyright, the National Portrait Gallery in London has always taken the opposite view. Back in 2009, we wrote about this very same museum threatening Wikimedia Commons for posting scans of high resolution images of public domain works that were downloaded from the NPG's website.

But, here's the thing: just a few months ago, we wrote that the UK Intellectual Property Office (the same organization as above) had declared that scans of public domain works are also in the public domain in Europe (including the UK... for now at least). Here's what the UK's IPO said just months ago about copyright on scans of public domain images: However, according to the Court of Justice of the European Union which has effect in UK law, copyright can only subsist in subject matter that is original in the sense that it is the author’s own 'intellectual creation'. Given this criteria, it seems unlikely that what is merely a retouched, digitised image of an older work can be considered as 'original'. This is because there will generally be minimal scope for a creator to exercise free and creative choices if their aim is simply to make a faithful reproduction of an existing work. And, then, just months later, it's praising the National Portrait Gallery for falsely claiming copyright on such images and on then fraudulently profiting by licensing those images based on copyrights it doesn't hold? And the IPO's whole focus seems to be on just how much money can be made here. Read this and try not to feel sick: Online availability and easy access to images and other data are crucial aspects of modern museum and library curation. Huge databases of valuable information are available. Users need to know where to find these resources and how to use them without infringing copyright. Museums and libraries are developing strategies to improve access for researchers, to give access to businesses users who want to develop their own intellectual property (IP) by using cultural resources and develop their own brands and merchandising.

Mathew Bailey, Rights and Images Manager at the National Portrait Gallery, balances the high wire between providing public access to our shared national assets and the need to encourage, develop and supply the creative economy with legally certain, quantifiable, marketable IP. The commodity he deals in – our heroes – couldn’t be more volatile.
Then, to make matters even stupider, the UK's Intellectual Property Office notes that no one has any idea who created any of these top portraits: It’s no accident the names of the artists who painted the UK’s top five portraits are uncertain - King John looks like he’s just sat on a thistle, whereas Richard III only half fills his canvas. The lives of Richard III, King John and Henry V were all dramatised by Shakespeare during the reign of Elizabeth I. She was an image conscious monarch in the first age of mass communication and Shakespeare was her blockbuster dramatist. Shakespeare’s narratives add value and are the real reason why he, Richard, Elizabeth, John and Henry are still top of the portrait pops. It didn't occur to Dan Anthony, who wrote this article, to recognize the absurdity of the fact that the National Portrait Gallery is claiming a copyright in works where it doesn't even know the name of the artists who created those works? Holy crap. How does the UK IPO find these people?

Oh, and then the article ends with this: All images © National Portrait Gallery, London. Bloody hell. They are not. They're in the public domain. Here's Shakespeare's portrait: You can find it, accurately listed as being in the public domain over at Wikipedia. Dan Anthony at the UK IPO is incredibly misinformed, and he should ask his own colleagues, who just months ago made it clear that such images were in the public domain, before posting such ridiculousness on the IPO's website.

Permalink | Comments | Email This Story
Categories: Tech News

Police Step Up Arrests For 'Threatening' Social Media Posts In The Wake Of The Dallas Shooting

TechDirt - Fri, 2016-07-15 06:43

In a move that's sure to only increase the nation's respect for law enforcement, police departments have been arresting people for "threatening" social media posts. This activity follows the tragedy in Dallas, where five police officers were killed by a man armed with a rifle. Naomi LaChance of The Intercept has more details.

Four men in Detroit were arrested over the past week for posts on social media that the police chief called threatening. One tweet that led to an arrest said that Micah Johnson, the man who shot police officers in Dallas last week, was a hero. None of the men have been named, nor have they been charged.

Four more arrests have occurred elsewhere:

Last weekend in Connecticut, police arrested Kurt Vanzuuk after a tip for posts on Facebook that identified Johnson as a hero and called for police to be killed. He was charged with inciting injury to persons or property.

An Illinois woman, Jenesis Reynolds, was arrested for writing in a Facebook post that she would shoot an officer who would pull her over. “I have no problem shooting a cop for simple traffic stop cuz they’d have no problem doing it to me,” she wrote, according to the police investigation. She was charged with disorderly conduct.

In New Jersey, Rolando Medina was arrested and charged with cyber harassment. He allegedly posted on an unidentified form of social media that he would destroy local police headquarters. In Louisiana, Kemonte Gilmore was arrested for an online video where he allegedly threatened a police officer. He was charged with public intimidation.

Arresting people for speech is problematic, especially when the content of the communications doesn't rise to the level of a "true threat." The Supreme Court's Elonis decision says this distinction is important. It's not enough for a person or persons to subjectively view the communication as threatening. It needs to be viewed through the "reasonable person" lens.

In these cases, perception appears to be everything. In the wake of the Dallas shooting, it's entirely normal for police officers to view the world a little differently. But this altered view -- one that's likely to be less skewed as time goes on -- can't be allowed to override the First Amendment and deprive individuals of their freedom to speak, not to mention their actual freedom.

And just as certainly as law enforcement officers and officials are likely to view certain acts of blowhardiness as threatening in the immediate aftermath of a shooting targeting police officers, certain citizens are likely to vent their frustration and anger in particularly stupid ways, but without the intention or ability to carry out the perceived threat. Caution should be exercised on both sides of the interaction. However, those with the power to arrest, detain, and charge citizens for stupidity should be the more cautious of the two parties -- simply because they still hold the power, despite recent events.

Those in power should also take care to carry this out with some sort of consistency, if that's the route they're choosing to take. It can't just be deployed against a bunch of nobodies who mouthed off about their contempt for law enforcement. If this is how it's going to be handled, those who speak with the same rhetoric in defense of law enforcement need to be held accountable. Former congressional rep Joe Walsh tweeted out that this was now "war on Obama" after the Dallas shootings and yet no one showed up at his door to arrest him for threatening the President. It's bad enough that power is being misused to silence criticism of law enforcement violence. It's even worse when this power is deployed in a hypocritical fashion.



Permalink | Comments | Email This Story
Categories: Tech News

Treaty For The Blind Comes Into Force... But US Refuses To Ratify Because Publishers Association Hates Any User Rights

TechDirt - Fri, 2016-07-15 03:45
For many, many, many, many years, we've followed the rather crazy trials and tribulations of trying to get an international treaty signed to make it easier for the blind to access copyright-covered works (basically requiring countries to allow visually-impaired accessible versions to be reproduced and distributed). This is a treaty that people have tried to get in place for years and years and years, and it was blocked again and again -- often by legacy copyright industries who flat out refuse to support any kind of agreement that could be seen as strengthening user rights, which they see (ridiculously, and incorrectly) as chipping away at copyright. Amazingly, despite a last minute push by the MPAA and the Association of American Publishers, an agreement was reached and signed in 2013, called the Marrakesh Agreement. As we noted at the time, we fully expected the legacy copyright industries to refocus their efforts on blocking ratification in the US, and that's exactly what's happened.

Hell, it took almost three years for the White House to finally send over the treaty to the Senate for ratification. That happened back in February, and they sent it together with another copyright-related treaty, the very troubling Beijing Treaty that creates an entirely new form of copyright for performers. So far, the Senate has moved on neither issue. However, to have the Marrakesh Treaty go into effect, it needed 20 countries to ratify it. And while the US has sat still, a few weeks ago, Canada became the 20th country to complete the ratification process. That means the agreement officially goes into effect on September 30th of this year. As the EFF noted: That’s another significant step for a treaty that has already made some important breakthroughs as the first international treaty focused exclusively on the rights of users of copyrighted material. Typically, if user’s rights are considered at all, they’re relegated to a section on “limitations and exceptions” or even as non-binding introductory text. In the Marrakesh Agreement, they are front and center. That post also noted that it should be a no brainer for the US to ratify this: United States law is already compliant with Marrakesh, but the government has not yet ratified the agreement. To do so requires a two-thirds vote from the Senate, and then a formal ratification from the President. Even at a time when passing legislation has proven exceedingly difficult, the Marrakesh Agreement would be a relatively easy and uncontroversial way to demonstrate leadership internationally and help bring books to millions of blind, visually impaired, and print-disabled people around the world. But why hasn't it happened? According to KEI, a group that fought hard for many years to get the agreement in place, the legacy copyright industries are working hard to block it in Congress: The Obama Administration has asked the US Congress to ratify the treaty... but Congress has yet to act, in large part due to lobbying from the Association of American Publishers.... The AAP lobbied the Administration for changes in the U.S. ratification package, and now have asked the Congress for changes that they failed to obtain in the interagency review process. The U.S. ratification already represents compromises, including limitations of exports to countries that have ratified the treaty, a provision that currently excludes all of Africa and Europe. But the AAP continues to press for additional amendments to the ratification legislation. This isn't a huge surprise, the AAP more or less admitted that they would refuse to support anything that established greater user rights, since that would be seen as an attack on "their rights." And, of course, the MPAA has also been working hard to block it, whining that this treaty could (gasp!) "affect other future treaties."

All of that is just shameful. This is a no-brainer situation. Helping the visually impaired get access to these works is something everyone should agree is a good thing. And yet, because they're so scared of user rights expanding in any way at all, the legacy industries have to block it.

Permalink | Comments | Email This Story
Categories: Tech News

AstraZeneca Tries To Use 'Orphan Drug' Designation To Extend Patent Life Of Top-Selling Pill

TechDirt - Thu, 2016-07-14 21:38

At the heart of copyright and patents there is -- theoretically -- an implicit social contract. People are granted a time-limited, government-backed monopoly in return for allowing copyright material or patented techniques to enter the public domain once that period has expired. And yet copyright and patent holders often seem unwilling to respect the terms of that contract, as they seek to hang on to their monopolies beyond the agreed time in various ways.

In the case of copyright, this has been through repeated extensions of copyright's term, even though there is no economic justification for doing so. In the realm of pharma patents, a number of techniques have been employed. One is "pay for delay." Another is the granting of "data exclusivity." And a third is the use of "evergreening." Techdirt wrote about the last of these a while back, so it's no surprise that companies have continued to "innovate" in this field since then. For example, AstraZeneca is trying to use a variant of evergreening for its anti-cholesterol pill Crestor. As a New York Times article explains: Crestor is the company’s best-selling drug, accounting for $5 billion of its $23.6 billion in product sales last year. About $2.8 billion in sales were in the United States, where the retail price is about $260 a month, according to GoodRx.com. Here's how AstraZeneca hopes to hold on to that lucrative market, even though its patent on the drug is now coming to an end, and it should be entering the public domain: The company is making a bold attempt to fend off impending generic competition to its best-selling drug, the anti-cholesterol pill Crestor, by getting it approved to treat [a] rare disease. In an unusual legal argument, the company says Crestor is entitled to seven years of additional market exclusivity under the Orphan Drug Act, a three-decade-old law that encourages pharmaceutical companies to develop treatments for rare diseases. In May, AstraZeneca won approval of Crestor to treat children with the rare genetic disease of homozygous familial hypercholesterolemia (HoFH ). That gives it an additional seven-year patent on the drug, but only for that particular -- very small -- market. However, the designation means that detailed prescription information about using Crestor to treat children in this way must not be included on the label. AstraZeneca's clever lawyers are trying to turn that into an extended patent for all uses of the drug: AstraZeneca immediately petitioned the F.D.A., arguing that if the correct dose for children with HoFH could not be on the generic label, then it would be illegal and dangerous to approve any generic versions for any use at all. That is because doctors might still prescribe the generic for children with HoFH and choose the wrong dose, posing "substantial safety and efficacy risks." Needless to say, AstraZeneca was only asking for generic versions to be kept off the market for another seven years for safety reasons, not because doing so would bring it billions more in exclusive sales to the general population. Of course.

The New York Times article goes into more detail about the fascinating legal background to AstraZeneca's argument here, and notes that other drug companies have tried the same approach in the past, without success. Even if this particular ploy does fail again, we can be sure that pharma companies will be back with other sneaky ways of extending their patent monopolies -- implicit social contract be damned.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+



Permalink | Comments | Email This Story
Categories: Tech News

Ton Of Tech Industry Leaders Say Trump Would Be A Complete Disaster For Innovation

TechDirt - Thu, 2016-07-14 16:04
In any Presidential campaign, there are always going to be partisan folks who side with one candidate or another. And they may campaign for the candidate they like. But, obviously, the Donald Trump phenomenon is a bit different this year. Even so, it's still pretty surprising to see a ton of big names in the tech space send an open letter to Trump insisting that he would be an absolute disaster for innovation and the tech industry. They're not arguing on the usual partisan issues here, but rather the fact that Trump's general zero-sum outlook on the world doesn't recognize how innovation works: Trump would be a disaster for innovation. His vision stands against the open exchange of ideas, free movement of people, and productive engagement with the outside world that is critical to our economy?—?and that provide the foundation for innovation and growth.

Let’s start with the human talent that drives innovation forward. We believe that America’s diversity is our strength. Great ideas come from all parts of society, and we should champion that broad-based creative potential. We also believe that progressive immigration policies help us attract and retain some of the brightest minds on earth?—?scientists, entrepreneurs, and creators. In fact, 40% of Fortune 500 companies were founded by immigrants or their children. Donald Trump, meanwhile, traffics in ethnic and racial stereotypes, repeatedly insults women, and is openly hostile to immigration. He has promised a wall, mass deportations, and profiling.

We also believe in the free and open exchange of ideas, including over the Internet, as a seed from which innovation springs. Donald Trump proposes “shutting down” parts of the Internet as a security strategy?—?demonstrating both poor judgment and ignorance about how technology works. His penchant to censor extends to revoking press credentials and threatening to punish media platforms that criticize him.
This is a unique presidential campaign. And, as we've noted, Hillary Clinton's tech platform is not great either. But, at the very least, her platform's problem is that it's just a bunch of vague pronouncements designed for people to read into them what they will.

The list of signatories on this letter is around 145 and there are some key names in the tech and policy world including Evan Williams (founder of Blogger, Twitter and Medium), Vint Cerf (basically invented the internet), Jimmy Wales (Wikipedia), Steve Wozniak (you know who he is) and more. There are also a ton of well known venture capitalists on the list and lots and lots of other entrepreneurial names that are well known inside Silicon Valley. This is a pretty huge list of people putting their name to a statement a lot stronger than one you'd normally see during a campaign season.

Silicon Valley sort of has the reputation for more or less trying to ignore government. And while that's less true today than in the past, the one thing that does make Silicon Valley rise up is politicians looking to be doing something really stupid that's likely to harm innovation. And it appears that they see Donald Trump as just that kind of threat.

Permalink | Comments | Email This Story
Categories: Tech News

With 4 Days Left, Sir Tim Berners-Lee, Larry Lessig, And Barbara Van Schewick Beg Europe To Close Net Neutrality Loopholes

TechDirt - Thu, 2016-07-14 14:24
Europe only has a few days left to ensure that its member countries are actually protected by real net neutrality rules. As we've been discussing, back in October the European Union passed net neutrality rules, but they were so packed with loopholes to not only be useful, but actively harmful in that they effectively legalize net neutrality violations by large telecom operators. The rules carve out tractor-trailer-sized loopholes for "specialized services" and "class-based discrimination," as well as giving the green light for zero rating, letting European ISPs trample net neutrality -- just so long as they're clever enough about it.

In short, the EU's net neutrality rules are in many ways worse than no rules at all. But there's still a change to make things right.

While the rules technically took effect April 30 (after much self-congratulatory back patting), the European Union's Body of European Regulators of Electronic Communications (BEREC) has been cooking up new guidelines to help European countries interpret and adopt the new rules, potentially providing them with significantly more teeth than they have now. With four days left for the public to comment (as of the writing of this post), Europe's net neutrality advocates have banded together to urge EU citizens to contact their representatives and demand they close these ISP-lobbyist crafted loopholes.

Hoping to galvanize public support, Sir Tim Berners-Lee, Barbara van Schewick, and Larry Lessig have penned a collective letter to European citizens urging them to pressure their constituents. The letter mirrors previous concerns that the rules won't be worth much unless they're changed to prohibit exceptions allowing "fast lanes," discrimination against specific classes of traffic (like BitTorrent), and the potential paid prioritization of select “specialized” services. These loopholes let ISPs give preferential treatment to select types of content or services, providing they offer a rotating crop of faux-technical justifications that sound convincing.

The letter also urges the EU to follow India, Chile, The Netherlands, and Japan in banning "zero rating," or the exemption of select content from usage caps:"Like fast lanes, zero-rating lets carriers pick winners and losers by making certain apps more attractive than others. And like fast lanes, zero-rating hurts users, innovation, competition, and creative expression. In advanced economies like those in the European Union, there is no argument for zero-rating as a potential onramp to the Internet for first-time users.

The draft guidelines acknowledge that zero-rating can be harmful, but they leave it to national regulators to evaluate zero-rating plans on a case-by-case basis. Letting national regulators address zero-rating case-by-case disadvantages Internet users, start-ups, and small businesses that do not have the time or resources to defend themselves against discriminatory zero-rating before 28 different regulators."
Here in the States the FCC decided to not ban zero rating and follow this "case by case" enforcement, which so far has simply resulted in no serious enforcement whatsoever, opening the door ever wider to the kind of pay-to-play lopsided business arrangements net neutrality rules are supposed to prevet. Of course European ISPs have been busy too, last week falling back on the old, bunk industry argument that if regulators actually do their job and protect consumers and small businesses from entrenched telecom monopolies, wireless carriers won't be able to invest in next-generation networks.

Those that care about net neutrality have just four days left to make their voices heard.

Permalink | Comments | Email This Story
Categories: Tech News

Techdirt Reading List: Steal This Idea: Intellectual Property And The Corporate Confiscation Of Creativity

TechDirt - Thu, 2016-07-14 12:47
We're back again with another in our weekly reading list posts of books we think our community will find interesting and thought provoking. Once again, buying the book via the Amazon links in this story also helps support Techdirt.

This week, we've got an oldie, but a goodie, it's economist Michael Perelman's 2002 book Steal This Idea: Intellectual Property and the Corporate Confiscation of Creativity. And, I should note that despite the price being listed in the widget as $32 (at the time I type this), if you click through, there are used copies of the book currently on offer for $0.01. I will state upfront that there's actually plenty in this book that I end up disagreeing with, in that Perelman seems to reflexively dislike corporations and assume that corporations and the public are almost always at odds, which sometimes appears to cloud his thinking -- but that's only on the margins.

For the most part, this book is an excellent exploration into how the concept of intellectual property has been abused over and over and over again to harm the public, rather than help them. The book is chock full of examples and history and details of how companies have turned intellectual property into a tool to hurt creators, inventors and the public. Some of the arguments you've probably heard before, but this book goes into great detail on some examples that you may have missed. If you're skeptical of the use of intellectual property, this book is for you. If you think intellectual property can do no wrong, this book is definitely for you. And, yes, it's a bit outdated today, but many of the examples still apply, and the general ideas and principles it discusses absolutely still apply.

Permalink | Comments | Email This Story
Categories: Tech News

For The First Time, A Federal Judge Has Suppressed Evidence Obtained With A Stingray Device

TechDirt - Thu, 2016-07-14 11:48

Evidence acquired using Stingray devices has rarely been suppressed. This is due to the fact that it's almost impossible to challenge. The reason it's almost impossible to challenge is because the FBI -- and the law enforcement agencies it "partners" with (via severely restrictive nondisclosure agreements) -- will throw out evidence and let suspects walk rather than expose the use of IMSI catchers.

Earlier this year, a Baltimore city circuit judge threw out evidence obtained with the Baltimore PD's cell tower spoofing equipment. And this was no run-of-the-mill drug bust. An actual murder suspect had evidence suppressed because of the BPD's warrantless deployment of a Stingray device. Without the use of the Stingray, the BPD would not have been able to locate the suspect's phone. And without this location, there would have been no probable cause to search the apartment he was in. You can't build a search warrant on illegally-obtained probable cause, reasoned the judge. Goodbye evidence.

"I can't play the 'what if' game with the Constitution," [the judge] said, lamenting that it protects people from illegal searches even when the defendant is "likely guilty."

Now, it's finally happened at a higher level. For the first time ever, a federal judge has suppressed evidence obtained by the warrantless use of a Stingray device.

U.S. District Judge William Pauley in Manhattan on Tuesday ruled that defendant Raymond Lambis' rights were violated when the U.S. Drug Enforcement Administration used such a device without a warrant to find his Washington Heights apartment.

The DEA had used a stingray to identify Lambis' apartment as the most likely location of a cell phone identified during a drug-trafficking probe. Pauley said doing so constituted an unreasonable search.

"Absent a search warrant, the government may not turn a citizen's cell phone into a tracking device," Pauley wrote.

The opinion [PDF] notes the DEA first tried to locate Lambis using cell site location info but found it wasn't precise enough. So, it deployed a Stingray to track him down, ultimately ending with a DEA tech roaming an apartment's hallways with a cell site simulator until Lambis was located.

A few hours later, DEA agents showed up at the apartment, where Lambis' father allowed them to enter and Lambis himself consented to a search of his room and belongings.

It's pretty tough to work your way backwards from a consensual search to a suppression order, but Lambis' lawyer was apparently up to the challenge. But -- as in the Baltimore PD case -- the DEA would never have known which apartment Lambis was located in without the use of a cell site simulator, and that's where it all falls apart for the DEA.

The government tried to argue that two fairly recent cases involving thermal imaging (Kyllo) and drug dogs (Thomas) weren't applicable, as its "limited search" only disclosed information it could obtain without a warrant: cell site location. This is at odds with its reasons for deploying the cell site simulator -- which was that the CSLI it obtained wasn't precise enough to locate the suspect.

The court finds the government's attempt to route around these two precedential decisions unavailing, noting that the use of a cell site simulator is actually more intrusive than the search methods used in the cases the DEA's lawyers wanted to have ignored.

The Government attempts to diminish the power of Second Circuit precedent by noting that Thomas represents a minority position among circuit courts. But this Court need not be mired in the Serbonian Bog of circuit splits. An electronic search for a cell phone inside an apartment is far more intrusive than a canine sniff because, unlike narcotics, cell phones are neither contraband nor illegal. In fact, they are ubiquitous. Because the vast majority of the population uses cell phones lawfully on a daily basis, “one cannot say (and the police cannot be assured) that use of the relatively crude equipment at issue here will always be lawful.”

The court also points out that the DEA -- for whatever reason -- obtained a warrant for the cell site location info. It wonders why it didn't bother to obtain a warrant for the cell site simulator deployment, seeing as it obtained a warrant for information it could have obtained without one. It also notes that a warrant for CSLI is not the same as a warrant for obtaining precise location info via the use of sophisticated electronic equipment.

The fact that the DEA had obtained a warrant for CSLI from the target cell phone does not change the equation. “If the scope of the search exceeds that permitted by the terms of a validly issued warrant . . . , the subsequent seizure is unconstitutional without more.” Horton v. California, 496 U.S. 128, 140 (1990)... Here, the use of the cell-site simulator to obtain more precise information about the target phone’s location was not contemplated by the original warrant application. If the Government had wished to use a cell-site simulator, it could have obtained a warrant. And the fact that the Government previously demonstrated probable cause and obtained a warrant for CSLI from Lambis’s cell phone suggests strongly that the Government could have obtained a warrant to use a cell-site simulator, if it had wished to do so.

The government also tried to use the Supreme Court's horrendous Strieff decision to save the evidence, but the court notes that the "temporal proximity" between the illegal Stingray search and the consensual search of the apartment was too close to allow the illegality of the original search to dissipate.

The government also tried to use the Third Party Doctrine to salvage its warrantless search, but the court refuses to be sold on this bad idea.

This Court need not address whether the third party doctrine is “ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks,” United States v. Jones, 132 S. Ct. 945, 957 (2012) (Sotomayer, J., concurring), because even under the historic framework of the doctrine, it is not available to the Government here. The doctrine applies when a party “voluntarily turns over [information] to third parties.” Smith v. Maryland, 442 U.S. 735, 744 (1979) [...] However, the location information detected by a cell-site simulator is different in kind from pen register information: it is neither initiated by the user nor sent to a third party.

[...]

Unlike CSLI, the “pings” picked up by the cell-site simulator are not transmitted in the normal course of the phone’s operation. Rather, “cell site simulators actively locate phones by forcing them to repeatedly transmit their unique identifying electronic serial numbers, and then calculating the signal strength until the target phone is pinpointed.”

These points are good. The following, though, is even better. The court finds the government can't attempt to use the Third Party Doctrine when it has chosen to act as the "third party" in this equation.

For both the pen register and CSLI, the Government ultimately obtains the information from the service provider who is keeping a record of the information. With the cell-site simulator, the Government cuts out the middleman and obtains the information directly. Without a third party, the third party doctrine is inapplicable.

The Second Circuit has yet to make a decision on the reasonable expectation of privacy in CSLI. If this is appealed, it may finally have to handle that question. Then again, CSLI is only partially implicated here and it may be able to let the Fourth Amendment's reach be determined on a case-by-case basis until something more directly addressing the issue comes along. If nothing else, the ruling here should encourage more federal agencies operating in this district to get a warrant "just in case." Then again, the secrecy surrounding Stingray devices discourages the creation of paper trails, so it may be that the government will continue to roll the Fourth Amendment dice until a higher court tells them otherwise.



Permalink | Comments | Email This Story
Categories: Tech News

Huge Win: Court Says Microsoft Does Not Need To Respond To US Warrant For Overseas Data

TechDirt - Thu, 2016-07-14 10:44
We've been following an important case for the past few years about whether or not the US can issue a warrant to an American company for data stored overseas. In this case, Microsoft refused to comply with the warrant for some information hosted in Ireland -- and two years ago a district court ruled against Microsoft and in favor of the US government. Thankfully, the 2nd Circuit appeals court today reversed that ruling and properly noted that US government warrants do not apply to overseas data. This is a hugely important case concerning the privacy and security of our data.

The key issue here is that the US government was basically on a fishing expedition for information hosted on Microsoft Outlook.com email servers. And there are a few really key issues, concerning jurisdiction, privacy and the all important difference between a subpoena and a warrant (something that many people seem to think are the same thing). Microsoft's own response to the lawsuit did a really good job explaining the issues and how the government wanted to pretend a warrant was a subpoena, and what that meant for the 4th Amendment: The Government cannot seek and a court cannot issue a warrant allowing federal agents to break down the doors of Microsoft's Dublin facility. Likewise, the Government cannot conscript Microsoft to do what it has no authority itself to do -- i.e., execute a warranted search abroad. To end-run these points. the Government argues, and the Magistrate Judge held, that the warrant required by ECPA is not a "warrant" at all. They assert that Congress did not mean "warrant" when using that term, but instead meant some previously unheard of "hybrid" between a warrant and subpoena duces tecum. The Government takes the extraordinary position that by merely serving such a warrant on any U.S.-based email provider, it has the right to obtain the private emails of any subscriber, no matter where in the world the data may be located. and without the knowledge or consent of the subscriber or the relevant foreign government where the data is stored.

This interpretation not only blatantly rewrites the statute, it reads out of the Fourth Amendment the bedrock requirement that the Government must specify the place to be searched with particularity, effectively amending the Constitution for searches of communications held digitally. It would also authorize the Government (including state and local governments) to violate the territorial integrity of sovereign nations and circumvent the commitments made by the United States in mutual legal assistance treaties expressly designed to facilitate cross-border criminal investigations. If this is what Congress intended, it would have made its intent clear in the statute. But the language and the logic of the statute, as well as its legislative history, show that Congress used the word "warrant" in ECPA to mean "warrant," and not some super-powerful "hybrid subpoena." And Congress used the term "warrant" expecting that the Government would be bound by all the inherent limitations of warrants, including the limitation that warrants may not be issued to obtain evidence located in the territory of another sovereign nation.

The Government's interpretation ignores the profound and well established differences between a warrant and a subpoena. A warrant gives the Government the power to seize evidence without notice or affording an opportunity to challenge the seizure in advance. But it requires a specific description (supported by probable cause) of the thing to be seized and the place to be searched and that place must be in the United States. A subpoena duces tecum, on the other hand, does not authorize a search and seizure of the private communications of a third party. Rather. it gives the Government the power to require a person to collect items within her possession, custody, or control, regardless of location, and bring them to court at an appointed time. It also affords the recipient an opportunity to move in advance to quash. Here, the Government wants to exploit the power of a warrant and the sweeping geographic scope of a subpoena, without having to comply with fundamental protections provided by either. There is not a shred of support in the statute or its legislative history for the proposition that Congress intended to allow the Government to mix and match like this. In fact, Congress recognized the basic distinction between a warrant and a subpoena in ECPA when it authorized the Government to obtain certain types of data with a subpoena or a "court order," but required a warrant to obtain a person's most sensitive and constitutionally protected information -- the contents of emails less than 6 months old.
It was unfortunate that two judges at the district court level basically ignored this argument, so it's good to see the appeals court shoot it down completely. For the reasons that follow, we think that Microsoft has the better of the argument. When, in 1986, Congress passed the Stored Communications Act as part of the broader Electronic Communications Privacy Act, its aim was to protect user privacy in the context of new technology that required a user’s interaction with a service provider. Neither explicitly nor implicitly does the statute envision the application of its warrant provisions overseas. Three decades ago, international boundaries were not so routinely crossed as they are today, when service providers rely on worldwide networks of hardware to satisfy users’ 21st–century demands for access and speed and their related, evolving expectations of privacy.

Rather, in keeping with the pressing needs of the day, Congress focused on providing basic safeguards for the privacy of domestic users. Accordingly, we think it employed the term “warrant” in the Act to require pre?disclosure scrutiny of the requested search and seizure by a neutral third party, and thereby to afford heightened privacy protection in the United States. It did not abandon the instrument’s territorial limitations and other constitutional requirements. The application of the Act that the government proposes ? interpreting “warrant” to require a service provider to retrieve material from beyond the borders of the United States ?would require us to disregard the presumption against extraterritoriality that the Supreme Court re?stated and emphasized in Morrison v. National Australian Bank Ltd., 561 U.S. 247 (2010) and, just recently, in RJR Nabisco, Inc. v. European Cmty., 579 U.S. __, 2016 WL 3369423 (June 20, 2016). We are not at liberty to do so.
In the full discussion, the court points out where the lower court went wrong, thinking that thanks to the PATRIOT Act, a warrant could apply to the location of the service provider rather than the location of the server. But the court says that's clearly wrong, and the Congressional record makes it pretty clear that it was looking to apply the law just to the United States. As for the idea that the warrant was really a subpoena in disguise, the court says that's not how it works: Warrants and subpoenas are, and have long been, distinct legal instruments. Section 2703 of the SCA recognizes this distinction and, unsurprisingly, uses the “warrant” requirement to signal (and to provide) a greater level of protection to priority stored communications, and “subpoenas” to signal (and provide) a lesser level. 18 U.S.C. § 2703(a), (b)(1)(A). Section 2703 does not use the terms interchangeably. Id. Nor does it use the word “hybrid” to describe an SCA warrant. Indeed, § 2703 places priority stored communications entirely outside the reach of an SCA subpoena, absent compliance with the notice provisions. Id. The term “subpoena,” therefore, stands separately in the statute, as in ordinary usage, from the term “warrant.” We see no reasonable basis in the statute from which to infer that Congress used “warrant” to mean “subpoena.”

[....] We see no reason to believe that Congress intended to jettison the centuries of law requiring the issuance and performance of warrants in specified, domestic locations, or to replace the traditional warrant with a novel instrument of international application.
There is, of course, the further issue of Microsoft being a US company, but the court says that doesn't magically make its overseas data subject to these kinds of warrants, because the intent of the law is to protect the privacy of users' communications, not to make it easier for the government to snoop. The reader will recall the SCA’s provisions regarding the production of electronic communication content: In sum, for priority stored communications, “a governmental entity may require the disclosure . . . of the contents of a wire or electronic communication . . . only pursuant to a warrant issued using the rules described in the Federal Rules of Criminal Procedure,” except (in certain cases) if notice is given to the user....

In our view, the most natural reading of this language in the context of the Act suggests a legislative focus on the privacy of stored communications. Warrants under § 2703 must issue under the Federal Rules of Criminal Procedure, whose Rule 41 is undergirded by the Constitution’s protections of citizens’ privacy against unlawful searches and seizures. And more generally, § 2703’s warrant language appears in a statute entitled the Electronic Communications Privacy Act, suggesting privacy as a key concern.

The overall effect is the embodiment of an expectation of privacy in those communications, notwithstanding the role of service providers in their transmission and storage, and the imposition of procedural restrictions on the government’s (and other third party) access to priority stored communications. The circumstances in which the communications have been stored serve as a proxy for the intensity of the user’s privacy interests, dictating the stringency of the procedural protection they receive—in particular whether the Act’s warrant provisions, subpoena provisions, or its § 2703(d) court order provisions govern a disclosure desired by the government. Accordingly, we think it fair to conclude based on the plain meaning of the text that the privacy of the stored communications is the “object[] of the statute’s solicitude,” and the focus of its provisions.
The court goes on at length arguing that the Stored Communications Act's default is that communication privacy must be protected, and the exceptions are narrow.

All three judges on the panel agreed, but one -- Judge Gerard Lynch -- wrote a concurrence that tries to undercut the strong 4th Amendment/privacy arguments in the overall opinion, basically noting that he believes the decision doesn't come down to 4th Amendment issues or privacy protection, but merely how Congress drew up the law in the Stored Communications Act -- and basically argues that if Congress doesn't like this result, it can just rewrite the law.

It's also important to note that Rule 41 is the underpinning of much of this case, and that's the rule that the courts recently agreed to change to allow the DOJ more power to simply hack overseas servers. That shouldn't directly impact this particular case or similar situations, but does show how the DOJ is looking for ways to create endruns around limitations on domestic laws to try to get international data.

Still, for now, this ruling is a surprisingly good one, reinforcing privacy protections in overseas data. Kudos to Microsoft for going to court over this when it would have been quite easy for it to just give in and hand over the data. I assume that the US government will seek to get this ruling overturned, either via an en banc hearing on the 2nd Circuit or going to the Supreme Court, so the case isn't over yet. But, as for right now, it's in a good position.

Permalink | Comments | Email This Story
Categories: Tech News

Daily Deal: Windscribe VPN Lifetime Subscription

TechDirt - Thu, 2016-07-14 10:39
Windscribe is much more than a VPN. It’s a desktop application and browser extension that work in conjunction to protect your online privacy, unblock websites, and remove ads and trackers from your everyday browsing. With Windscribe, you’ll never mess with confusing settings and options menus again; just turn it on on your desktop once, and it’s good to go in the background forever. It is available for $39 from the Techdirt Deals Store.

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

Permalink | Comments | Email This Story
Categories: Tech News

Yes, ISIS Is Using Encryption -- But Not Very Well

TechDirt - Thu, 2016-07-14 09:37
I've been seeing a few anti-encryption supporters pointing to a new ProPublica report on terrorists using encrypted communications as sort of proof of their position that we need to backdoor encryption and weaken security for everyone. The article is very detailed and thorough and does show that some ISIS folks make use of encrypted chat apps like Telegram and WhatsApp. But that's hardly a surprise. It was well known that those apps were being used, just like it's been well known that groups like Al Qaida were well aware of the usefulness of encryption going back many years, even predating 9/11. It's not like they've suddenly learned something new. So, the fact that they're now using tools like WhatsApp and Telegram is hardly a surprise. It also kinda highlights the idiocy of trying to backdoor American encryption. Telegram is not a US company and WhatsApp's encryption is based on the open source Signal protocol, meaning that any American backdoor encryption law isn't going to be very effective.

But, really, what strikes me, from reading the whole article beyond the headline notion of "ISIS uses encryption," is that it lists example after example of the fact that folks in ISIS use encryption badly and often seem prone to revealing their information. This is not unique to ISIS. Lots of people are not very good about protecting themselves. Hell, I'm probably not very good about my own use of encryption. But, of course, I'm also not trying to blow things up or kill people. Either way, story after story after story in the article highlights the rather bumbling aspects of teaching ISIS supporters how and why to use encrypted communications and to avoid surveillance. My favorite example: On Jan. 4, 2015, an exasperated coordinator repeatedly explained to a befuddled caller with a Lebanese accent that he could only bring a basic cell phone to Syria, according to a transcript.

“The important thing is that when you arrive in Turkey you have a small cell phone to contact me,” the coordinator said. “Don’t bring smart phones or tablets. OK, brother?”

For the fourth time, the recruit asked: “So we can’t have cell phones?”

“Brother, I said smart phones: iPhone, Galaxy, laptop, tablet, etcetera.”

Sounding a bit like a frustrated gate agent at a crowded airport, the coordinator added: “Each of you can only bring one suitcase. If you come alone, just bring one suitcase. That is, a carry-on and one suitcase.”

“I didn’t understand the last thing, could you explain?”

“Brother, call me when you get to Turkey.”
Then there was the case where someone planned a plot using an encrypted WhatsApp conversation, but police were already bugging the guy so they heard what he was saying anyway: In April, Italian police overheard a senior figure in Syria urging a Moroccan suspect living near Milan to carry out an attack in Italy, according to a transcript. Although the voice message had been sent through an encrypted channel, the Moroccan played it back in his car, where a hidden microphone recorded it.

In the message, the unidentified “sheik” declared: “Detonate your belt in the crowds declaring Allah Akbar! Strike! (Explode!) Like a volcano, shake the infidels, confront the throng of the enemy, roaring like lightning, declare Allah Akbar and blow yourself up, O lion!”

The suspects exchanged recorded messages over WhatsApp, an encrypted telephone application that is widely used in Europe, the Arab world and Latin America
All of these examples keep making the same point that many people have been making for a long time. Yes, encryption hides some aspect of communications. That's part of the point. But the idea that it creates a "going dark" situation is massively exaggerated. There are many other ways to get the necessary information, through traditional surveillance and detective work. And the report suggests that's working. And the fact that many ISIS recruits are particularly unsophisticated in understanding how and when to use encryption only makes that kind of thing easier for people tracking them. In discussing the Paris attacks, for example, the article notes that while some of the attackers were told to use encryption, they didn't. Abaaoud’s operatives did not always follow security procedures, however. In June of last year, Turkish immigration authorities detained Tyler Vilus, a French plotter en route to Paris with someone else’s Swedish passport. Allowed to keep his cellular phone in a low-security detention center, Vilus brazenly sent an unencrypted text message to Abaaoud in Syria, according to a senior French counterterror official.

“I have been detained but it doesn’t seem too bad,” the message said, according to the senior official. “I will probably be released and will be able to continue the mission.”

Instead, U.S. spy agencies helped retrieve that text and French prosecutors charged Vilus with terrorist conspiracy.
Anyway, it's no surprise that terrorists are going to use encryption. Of course they have been for over a decade and will continue to do so. The issue is that it's not as horrible as law enforcement is making it out to be. Just as plotters have always been able to plan in ways that law enforcement has been unable to track (such as discussing in person, in other languages, or through simple ciphers or codes). That's always happened and somehow we managed to get by. Yes, sometimes law enforcement doesn't get to know absolutely everything about everyone. And that's a good thing. And sometimes, yes, that means that terrorists will be able to plan bad things without law enforcement knowing it. But that's part of the trade-off for living in a free society.

Permalink | Comments | Email This Story
Categories: Tech News

Pam Geller Sues The US Gov't Because Facebook Blocked Her Page; Says CDA 230 Violates First Amendment

TechDirt - Thu, 2016-07-14 08:30
Well known anti-Muslim troll Pamela Geller has teamed up with a group called the American Freedom Law Center to file one of the dumbest lawsuits we've ever seen. There's so much wrong here it's difficult to know where to start. Here's the lawsuit itself, which is filed against US Attorney General Loretta Lynch, even though Geller's own story about the lawsuit falsely claims she's suing Facebook. She's not. She's suing the US government because Facebook relies on Section 230 of the CDA in taking down some of her pages, and she claims, ridiculously, that Section 230 of the Communications Decency Act violates the First Amendment. The lawsuit is wrong on so many levels it's not even funny. Let's start with this, though -- Geller has long positioned herself as an extreme supporter of the First Amendment. And yet, she's now suing the government over CDA 230, a law which has probably done more than any other to guarantee that the First Amendment works on the internet.

The lawsuit talks up the vast open and public forums of the internet, which is accurate, but then argues that because there's so much content online, Section 230 no longer applies. Unlike the conditions that prevailed when Congress first authorized regulation of the broadcast spectrum, the Internet can hardly be considered a “scarce” expressive commodity. It provides relatively unlimited, low-cost capacity for communication of all kinds. And then it gets to the crux of her argument: that popular internet forums are so important, no one should ever be barred from using them: Denying a person or organization access to these important social media forums based on the content and viewpoint of the person’s or organization’s speech on matters of public concern is an effective way of silencing or censoring speech and depriving the person or organization of political influence and business opportunities.

Due to the importance of social media to political, social, and commercial exchanges, the censorship at issue in this Complaint is an unmatched form of censorship.

Consequently, there is no basis for qualifying the level of First Amendment scrutiny that should be applied in this case.
Except, this is really, really confused. Section 230 does not enable censorship. A private company is free to deny service or moderate its own services as much as it wants. That's their right as a private company. This is not a Section 230 issue at all. Geller and her lawyers are hellishly confused. Yes, Section 230's (c)(2) includes a so-called good-samaritan clause that basically says that a site does not take on new liability for taking down content, but that's separate from the issue of deciding to moderate content at all. Facebook can take down your page whenever it wants and it's not a First Amendment issue because Facebook isn't the government. And Section 230 has nothing to do with this at all, other than actually encouraging Facebook to leave up more speech since it's not considered liable for its users' speech.

But Geller's lawyers don't seem to understand the law they're whining about. Section 230 permits content- and viewpoint-based censorship of speech. By its own terms, § 230 permits Facebook, Twitter, and YouTube “to restrict access to or availability of material that [they] consider[] to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable.” Except that's not what Section 230 does at all. Companies are already permitted to do that because they're private companies. All Section 230 says is that in removing content, that doesn't mean those companies suddenly have liability for other content that they left up. Geller and her lawyers simply don't understand what Section 230 does and says. And yet they're suing over it. Section 230 confers broad powers of censorship, in the form of a “heckler’s veto,” upon Facebook, Twitter, and YouTube censors, who can censor constitutionally protected speech and engage in discriminatory business practices with impunity by virtue of this power conferred by the federal government. Except it does no such thing. Actually, Section 230 frequently protects against the heckler's veto because it makes it clear that platforms don't have to do anything and they're still protected from liability. This is actually a stronger protection against a heckler's veto than basically every other country in the world, most of which have a DMCA-like "notice and takedown" system, which does lead to protected speech being deleted. Section 230 protects against that, and a very confused Geller and her lawyers get this backwards. Section 230 is not tied to a specific category of speech that is generally proscribable (i.e., obscenity), nor does it provide any type of objective standard whatsoever. The statute does permit the restriction of obscenity, but it also permits censorship of speech that is “otherwise objectionable, whether or not such material is constitutionally protected.” 47 U.S.C. § 230(c)(2)(A). Further, the subjective “good faith” of the censor does not remedy the vagueness issue, it worsens it. This is just further confusion. The lawsuit is arguing over an issue as if this is about the government censoring speech, rather than private companies moderating speech -- something they've always been able to do, and which itself is protected by the First Amendment.

This lawsuit is the legal equivalent of that idiot who claims that any company moderating content is violating the First Amendment. And to that, I've got an obligatory xkcd for you: From there, she goes on to complain about Facebook, Twitter and YouTube all taking down some of her content for terms of service violations, and insisting that Section 230 is to blame (it's not) and that her free speech rights have been denied (they have not). Section 230 of the CDA, facially and as applied, is a content- and viewpoint based restriction on speech in violation of the First Amendment.

Section 230 of the CDA, facially and as applied, is vague and overbroad and lacks any objective criteria for suppressing speech in violation of the First Amendment.

Section 230 of the CDA, facially and as applied, permits Facebook, Twitter, and YouTube to engage in government-sanctioned discrimination and censorship of free speech in violation of the First Amendment.
None of that is a remotely accurate description of Section 230. Not even close. Geller's blog post, which falsely claims she's suing Facebook, rather than the US government, then just is a long extended whine about the fact that Facebook takes down her content when she violates its terms. Now, we've been vocal critics of Facebook's willingness to silence content and it's almost arbitrary decision-making in determining what content is appropriate for Facebook and what is not, but we'd never suggest that Facebook doesn't have a legal right to make those decisions. To make a bizarre First Amendment argument here, trying to link Facebook to the government via the free speech protections of Section 230, is nonsensical. It's almost as if her lawyers didn't even realize the argument they're really trying to make (which would also be a non-starter), that Facebook, Twitter and YouTube are de facto public spaces, and thus went with the even more bat-shit crazy misinterpretation of Section 230.

As for her lawyers at the American Freedom Law Center (AFLC) they're just as confused in a blog post about the lawsuit: Section 230 provides immunity from lawsuits to Facebook, Twitter, and YouTube, thereby permitting these social media giants to engage in government-sanctioned censorship and discriminatory business practices free from legal challenge. It's not government sanctioned censorship. And the immunity it provides is just that these platforms don't lose their own protections against liability on the content they leave up just because they choose to take down some other content. Section 230 infers no special benefits to platforms to take down content. It just says that taking down content won't lose them other protections -- protections, I should remind you -- that help promote and protect free expression online.

While there have been some questionable CDA 230 rulings lately, this one is an easy one. It should be laughed out of court pretty quickly on the basis of "did you even read the law you're suing over?"

Permalink | Comments | Email This Story
Categories: Tech News

Comcast Expands Usage Caps, Still Pretending This Is A Neccessary Trial Where Consumer Opinion Matters

TechDirt - Thu, 2016-07-14 06:28
As we've noted for some time, Comcast continues to expand the company's usage cap "trial" into more and more markets. As a clever, lumbering monopoly, Comcast executives believe if they move slowly enough -- consumers won't realize they're the frog in the boiling pot metaphor. But as we've noted time and time again, Comcast usage caps are utterly indefensible price hikes on uncompetitive markets, with the potential for anti-competitive abuse (since Comcast's exempting its own services from the cap).

This is all dressed up as a "trial" where consumer feedback matters to prop up the flimsy narrative that Comcast is just conducting "creative price experimentation."

Last week, Comcast quietly notified customers that the company's caps are expanding once again, this time into Chicago and other parts of Illinois, as well as portions of Indiana and Michigan. Comcast recently raised its cap from 300 GB to one terabyte in response to signals from the FCC that the agency might finally wake up to the problems usage caps create. And while that's certainly an improvement, it doesn't change the fact that usage caps on fixed-line networks are little more than an assault on captive, uncompetitive markets.

To sell customers on the exciting idea of paying more money for the exact same (or less) service, a notice sent to Comcast users last week informs them they're lucky to now be included in the "terabyte internet experience," as if this is some kind of glorious reward being doled out to only the company's most valued customers. The company also tries to shine up its decision to start charging users $50 more per month if they want to avoid the cap as an act of altruistic convenience, and tries to make the caps seem generous by measuring them in terms of gaming hours and photos:"We know customers want a carefree online experience that doesn't require them to think about their data usage plan, and we offer a plan that does just that...What can you do with a terabyte? Stream about 700 hours of HD video, play more than 12,000 hours of online games, or download 600,000 high-res photos in a month."How generous. You can also check your email account 8 billion times under our totally unnecessary restrictions. As we've long noted, caps are solely about protecting legacy TV revenues from Internet video, while creating new ways (zero rating) to distort the level playing field. And as AT&T and Verizon give up on unwanted DSL customers and cable's broadband monopoly grows in many areas, this incredible "experience" will be headed in your direction sooner than you probably realize.

Permalink | Comments | Email This Story
Categories: Tech News

Man Who Doxxed Dozens Of People, Engaged In Nineteen 'Swattings', Nets Only One Year In Prison

TechDirt - Thu, 2016-07-14 03:27

The treatment of all things "cyber" by the government is incredibly inconsistent. Give someone a password so they can deface a website for 40 minutes and it's two years in jail. Doxx, SWAT, and cyberstalk multiple people and the best the court can do is two years minus time served. The end result is one year in prison for Mir Islam, who doxxed multiple celebrities and politicians, as well as called in fake threats that resulted in the swatting of at least nineteen people, including security researcher Brian Krebs, who uncovered Islam's doxxing tactics.

Krebs' investigation of Islam and his abuse of free credit report services to obtain personal information on a variety of public figures led to the following:

Peeved that I’d outed his methods for doxing public officials, Islam helped orchestrate my swatting the very next day. Within the span of 45 minutes, KrebsOnSecurity.com came under a sustained denial-of-service attack which briefly knocked my site offline.

At the same time, my hosting provider received a phony letter from the FBI stating my site was hosting illegal content and needed to be taken offline. And, then there was the swatting which occurred minutes after that phony communique was sent.

[...]

Nearly a dozen heavily-armed officers responded to the call, forcing me out of my home at gunpoint and putting me in handcuffs before the officer in charge realized it was all a hoax.

The response to the hoax call on Krebs' residence was, by comparison, minimal. Islam also called in a fake active shooter report at the University of Arizona campus. This was apparently in retaliation to a cheerleader's failure to realize Islam's cyberstalking was just another way of saying "I love you."

A woman representing an anonymous “Victim #3” of Islam’s was appearing in lieu of a cheerleader at the University of Arizona that Islam admitted to cyberstalking for several months. When the victim stopped responding to Islam’s overtures, he phoned in an active shooter threat to the local police there that a crazed gunman was on the loose at the University of Arizona campus.

According to Robert Sommerfeld, police commander for the University of Arizona, that 2013 swatting incident involved 54 responding officers, all of whom were prevented from responding to a real emergency as they moved from building to building and room to room at the university, searching for a fictitious assailant. Sommerfeld estimates that Islam’s stunt cost local responders almost $40,000, and virtually brought the business district surrounding the university to a standstill for the better part of the day.

Worse, some of Islam's swatting efforts and cyberstalking occurred while he was "cooperating" with federal prosecutors following his arrest for attempting to sell stolen credit cards to undercover agents.

Federal prosecutors wanted to see Islam jailed for nearly four years -- towards the upper reaches of the mandatory sentencing guidelines. Instead, the judge handed down a sentence of two years. Islam has been in federal custody since July 2015 and that time is being credited towards his sentence, meaning it will only be another year at the most before Islam is free again.

The credit for time served makes sense and the departure from the upper limits of the guidelines is something I would be extremely hesitant to suggest is a bad thing. Prosecutors wanted a much longer sentence, and the allegations here would seem to justify a lengthier imprisonment for Islam.

The problem with the government's fear of anything cyber-related is that the default mode for prosecutors is almost always the upper reaches of the sentencing guidelines, even when the severity of the criminal activity doesn't appear to warrant this sort of punitive sentencing. The government sought a longer sentence for Matthew Keys' minimal participation in a 40-minute headline alteration at a news website. Someone who endangered lives of dozens of people by sending heavily-armed law enforcement officers after them -- in addition to doxxing a large number of public figures and participating in multiple cyberstalkings -- was apparently only deemed dangerous enough to warrant a 46-month sentence, as compared to the 60 months sought in the Keys case.

Then there's this:

Judge Moss, in explaining his brief deliberation on arriving at Islam’s two-year (attenuated) sentence, said he hoped to send a message to others who would endeavor to engage in swatting attacks.

Swatting has the potential to kill people, something clearly not reflected by the "severity" of this sentence.

As Brian Krebs points out, it does send a message, although certainly not the one the judge intended. It says you can endanger the lives of others without seriously affecting your own freedom. It also sends the message that the government -- as a whole -- will remain incoherent and inconsistent in its handling of cybercrime.



Permalink | Comments | Email This Story
Categories: Tech News

Wed, 1969-12-31 17:00

Wed, 1969-12-31 17:00

Wed, 1969-12-31 17:00

Wed, 1969-12-31 17:00

Wed, 1969-12-31 17:00

Wed, 1969-12-31 17:00
Syndicate content