Brindle

The Mirai botnet that swept through poorly-secured devices last year resulted in unprecedented denial-of-service attacks. At one point, the botnet turned its wrath on security researcher Brian Krebs' site, resulting in a sustained attack that saw Krebs' DDoS protection service (Akamai) say it was getting too old for this shit uninterested in providing further protection for this particular user.

The people behind the botnet have just pled guilty to federal charges.

Three men have pleaded guilty to federal cyber-crime charges for launching a cyberattack last year that knocked large parts of the internet offline.

Paras Jha, Josiah White, and Dalton Norman were indicted by an Alaska court in early December, according to documents unsealed Wednesday.

The Justice Dept. released a statement later in the day confirming the news.

Prosecutors accused the hackers of writing and using the Mirai botnet to hijack vulnerable internet-connected devices to launch powerful distributed denial-of-service (DDoS) attacks.

According to Jha's plea agreement, the botnet ensnared more than 300,000 vulnerable devices.

But the story behind the botnet suggests it was never meant to become a global threat or used to target researchers like Krebs. The malware was far from benign, but it wasn't written to bring the internet to its knees. It was meant to do something much simpler.. Garrett Graff has put together an amazing story of Mirai's origin over at Wired -- one that begins in a college dorm room and involves crafting tables, zombie pigs, and battles for server superiority.

As the 2016 US presidential election drew near, fears began to mount that the so-called Mirai botnet might be the work of a nation-state practicing for an attack that would cripple the country as voters went to the polls. The truth, as made clear in that Alaskan courtroom Friday—and unsealed by the Justice Department on Wednesday—was even stranger: The brains behind Mirai were a 21-year-old Rutgers college student from suburban New Jersey and his two college-age friends from outside Pittsburgh and New Orleans. All three—Paras Jha, Josiah White, and Dalton Norman, respectively—admitted their role in creating and launching Mirai into the world.

Originally, prosecutors say, the defendants hadn’t intended to bring down the internet—they had been trying to gain an advantage in the computer game Minecraft.

Minecraft may seem to be a cooperative game, but competition for server traffic is anything but. Popular servers charge players rent for online real estate, allowing them to set up semi-persistent worlds for other players to visit. A popular server is big business. The Wired article says some server owners rake in $100,000/month during summer months when traffic is at its peak.

That's what these students were attempting to do when they unleashed their malware: DDoS competitors' servers to funnel players to theirs.

[A]ccording to court documents, the primary driver behind the original creation of Mirai was creating "a weapon capable of initiating powerful denial-of-service attacks against business competitors and others against whom White and his co-conspirators held grudges.”

Once investigators knew what to look for, they found Minecraft links all over Mirai: In an less-noticed attack just after the OVH incident, the botnet had targeted ProxyPipe.com, a company in San Francisco that specializes in protecting Minecraft servers from DDoS attacks.

“Mirai was originally developed to help them corner the Minecraft market, but then they realized what a powerful tool they built,” [FBI agent Bill] Walton says. “Then it just became a challenge for them to make it as large as possible.”

The end result was a mammoth botnet of 200,000-300,000 enslaved devices capable of generating up to 1.1 terabits per second in junk traffic. Once the three realized what they'd unleashed, they dumped the code online in hopes of obscuring its source.

The whole story is a fascinating read, digging deep into the casual use of botnets and DDoS attacks by Minecraft server owners and the mostly-accidental thermonuclear-level havoc it wreaked on the internet. Unfortunately, you'll also learn little has been learned by manufacturers -- and users -- of internet-connected devices in the aftermath of these attacks.

Two weeks ago, at the beginning of December, a new IoT botnet appeared online using aspects of Mirai’s code.

Known as Satori, the botnet infected a quarter million devices in its first 12 hours.

Permalink | Comments | Email This Story

The fact that the FCC comments for Ajit Pai's net neutrality repeal were stuffed with fake comments is nothing new at all. We first reported on it back in May, and reports of comments from totally fake people or long dead people continue to pop up. Even worse are multiple stories of people having their own identities used to file comments, often opposed to their own views. The FCC has consistently responded that it doesn't care. New York's Attorney General has been investigating this as fraud, and asked the FCC to delay its net neutrality repeal until after the investigation was complete -- a request the FCC completely ignored. And, as we just noted a little while ago, Schneiderman recently announced that he's found over 2 million fake comments.

But it's easy to say "well, all these fake comments mean all the comments can be ignored." But it's important to look at the source of these fake comments and on which side they ended up. And just this week two new studies have come out, both taking a really deep dive into the fake comments. The Wall Street Journal did an investigation and reached out to 2,757 people who had supposedly commented. 72% of them said they had not posted the comments.

But even more thorough and more interesting is a new report that just came out this morning, from Startup Policy Lab's "Truth in Public Comments" project. Its methodology was even more thorough than the Wall Street Journal's. It took a random sample of 450,000 public commenters, and asked them "did you submit the comment quoted below to the FCC, yes or no?" The results are astounding:

88% of survey respondents whose emails were used to submit pro-repeal comments replied, “no,” that they did not submit the comment . Conversely, only 4% of pro-net neutrality respondents said that they did not submit the comment attributed to them.

Let's unpack that again to make it clear. Out of a fairly massive sample of FCC commenters nearly all of the ones supporting Pai's plan were fake. And nearly all of the ones supporting the existing rules were real. Here, see it in graphical form:

And this happened across multiple samples that the TiPC project ran. Each time, it showed that nearly all of the support for Pai's plan was fake. And nearly all the support for existing rules was real.

Also, quite telling: in sending out these emails asking people whether or not they filed, most of the responses they got came from people who supported net neutrality. The response rate among those who supported Pai? Tiny. Because most of them appear to be fake.

This is not to say that there weren't fake comments in support of the old rules. They did exist. But as the TiPC report notes, the "fakes" in support of the old rule were fairly obvious -- using obviously fake emails and names. The comments in support of Pai, while fake, used real emails and names that tried to appear real:

The FCC received spam comments that supported both the pro-net neutrality and pro-repeal. The difference, however, is that the majority of spam comments associated with email addresses supporting pro-net neutrality were ignored by the FCC because they were obviously fake. Conversely, we must conclude that the spam comments associated with email addresses that supported pro-repeal email addresses were a deliberate campaign to evade the eyes of regulators and influence the rulemaking process.

The discrepancy rests in the nature of the bounceback of emails. The survey resulted in a high bounce rate for emails associated with pro-net neutrality using unsophisticated approaches. Examples of an unsophisticated spam comment are those the FCC acknowledged are, “[o] bviously, fake comments [...] by the Flash, Batman, Wonder Woman, Aquaman, and Superman are not going to dramatically impact our deliberations on this issue. ”

By contrast, it appears that the spam comments for emails associated with pro-repeal comments reflect deliberate action to use stolen identities. In these instances, millions of Americans may have had their identity harvested for the political objectives of supporting the repeal of net neutrality laws, regardless of whether that individual agreed with the position or even had a position on the proposal. Accordingly, unlike the submission from Batman, which the FCC was correct to ignore, millions of Americans had their voice taken and repurposed without their consent.

No matter where you stand on the question of net neutrality, this should be a major concern. Public commenting is important, but when the system is totally hijacked in a way that appears designed to deliberately skew or merely taint the results, it does no one any good at all.

Permalink | Comments | Email This Story

With a federal law in place forbidding this sort of stuff, and an internet full of documentation detailing just how badly things go for companies that institute these policies, why on earth would ADT Security add this clause to its Terms of Use?

For those of you who can't see the tweet, soon-to-be-former ADT customer scriptjunkie has been informed via dialog box ADT's Terms of Use have changed. ADT's Terms of Use contain a Streisand Precursor: if you link to ADT's site, you promise not to do several things, including:

Will not disparage ADT, ADT's products or services, or any of ADT's affiliates or their products or services

This isn't even legal in this day and age, but hiding it in a bunch of words users will likely never read is a great way to fly under the federal law radar. This, of course, only lasts until someone points it out on the internet and, while linking to ADT's site, points out the clause is stupid, the company is stupid for deploying it, and the company's lawyers are just as stupid for suggesting it/signing off on it.

To be fair, ADT's stupid non-disparagement clause isn't part of the update scriptjunkie received. The moronic "promise" it extracts from site linkers dates back to at least 2014. It predates the federal law banning these clauses, which makes its pre-2016 existence somewhat explicable. But that doesn't explain why it hasn't been removed to make the Terms of Use federal law-compliant.

Considering the amount of effort it would take (next to none) to remove this from the site's Terms of Use, its continued existence is perplexing, especially in light of ADT's repeated promise to remove the clause. At the time of this writing, more than 16 hours have passed since ADT promised to remove it and the clause still exists on the Terms of Use page. Even more perplexing is ADT's explanation/apology, which is actually neither.

We also value your honest opinion and have built our company around implementing our customers' feedback. The non-disparagement clause you are referencing only applies to linking to our website and is not a condition of service or using ADT.com.

While it's nice to know ADT isn't preventing people from disparaging the company without linking to its site, trying to prevent them from doing so while linking isn't any better. Review sites tend to provide links to company websites, making third-party reviews a potential violation of this clause.

But even if we take ADT's explanation at face value, we're still left with its questionable decision to insert this language anywhere in any explicit or implicit agreement with site visitors and/or customers. No business should ever take this indefensible position, especially not after it's been made statutorily explicit these agreements are considered invalid -- and illegal -- by the federal government.

Permalink | Comments | Email This Story

Back in August, psychiatrist Mark Beale filed a defamation lawsuit. His target? A one-star review containing zero words written by someone using the name "Richard Hill." Beale claimed this single review, hosted by Google, had irrevocably damaged his livelihood.

In support of this, he offered several bizarre assertions. (These can be found in voluminous documentation accompanying Beale's amended complaint [PDF].)

- He had no patient named Richard Hill, so the review was bogus.

- Richard Hill was obviously a pseudonym, hence the need for unmasking. (This could also be used to disprove his first assertion, but never mind all that, I guess…)

- His mom thought someone she knew might be trying to ruin his reputation. (No, really. See p. 12.)

- His internet expert affirms one-star reviews are far worse than five-star reviews. (See pp. 51-56 of the Beale complaint.)

- A one-star review (with zero words attached) is defamatory on its face.

Why this litigation is still in process boggles the mind. But strap your brain in. It's about to get much, much bogglier.

When we first covered the lawsuit, Beale's lawyer made what seemed to be a completely ignorant statement in regards to Beale's attempt to force Google to strip the anonymity from masked one-star reviewer "Richard Hill."

Beale's attorney, Steven Abrams of Mount Pleasant, said he has handled several similar cases, and companies like Google, AT&T, Comcast and Verizon typically hand over identifying information of anonymous users.

“Why Google fought this case, I have no earthly idea,” Abrams said. “There’s not really a lot of case law (in South Carolina) ... on these types of cases because they don’t usually result in a fight.”

It turns out there's not a lot of case law in South Carolina. Well, at least not a lot of logical case law, apparently. For reasons explained thoroughly by the court -- but otherwise inexplicable given the standards applied everywhere else -- Google is being forced to strip Richard Hill's anonymity. (h/t FIRE's Sarah McLaughlin.)

It starts out promising, but quickly turns to something completely ridiculous. From the court order [PDF]:

Because South Carolina has not established a test to unmask the author of an anonymous defamatory internet posting, the Court must look to other federal and state courts for persuasive authority. State Courts have applied three different tests. Courts have required plaintiffs to demonstrate one of the following:

(1) a good faith basis warranting disclosure;

(2) evidence sufficient to survive a motion to dismiss before allowing disclosure; or

(3) evidence sufficient to survive a hypothetical motion for summary judgment.

Here, Plaintiff seeks to apply the standard requiring the least stringent proof (the good faith standard) and Google has asked the Court to apply the standard requiring the most robust proof (the summary judgment standard).

After comparing the Dendrite standard (approximately what Google was seeking) and other opinions dealing with "good faith" basis for pursuing unmasking (which includes allegations of defamation), the court decides to split the difference -- only in this case it involves a 90/10 split in favor of Beale. It accomplishes this split by deciding Richard Hill's one-star review is commercial speech, which isn't given nearly as much protection as other forms of speech.

Although Brockmeyer is the only South Carolina case on point, it did not go so far as to adopt the standard in Cahill. Cahill, quoted approvingly in Brockmeyer, is instructive; however, it is important to note that the type of speech in Cahill was political speech. In Cahill, the plaintiff was a city councilman and the alleged defamatory comments were posted on a local political website. The type of speech involved in this case is an online business review, which is commercial speech. Courts have held commercial speech should require a less stringent approach than political speech. The Ninth Circuit addressed this issue in In re Anonymous Online Speakers and suggested the standard in Cahill, although potentially appropriate for political speech, does not apply to commercial speech.

But a review of a business isn't commercial speech. It's an expression of opinion, based on a person's subjective experience. A review can be an advertisement for a business (or its competitors), but only in the way any word-of-mouth opinion is. No one sincerely believes word-of-mouth advertising is "commercial speech," with the possible exception of this court. Websites' monetization of customers' reviews doesn't convert opinions into commercial speech. This determination is not just wrong, it's incredibly obtuse.

Based on this bizarre conclusion, the court agrees to compel service providers (Google is one. Charter and Cox are the others being hit with subpoenas.) to turn over identifying info on pseudonymous reviewer Richard Hill.

The court notes it's not at the point where it can discuss the case on its merits -- not without a defendant being served and given a chance to respond. But it's not like it doesn't have that option. That the court is willing to even entertain the notion that a one-star review with zero written statements is libelous is fucking ridiculous. The complaint should have been laughed out of court after a first reading. For the judge to go further and decide a one-star review posted by an anonymous person on a third party site is somehow commercial speech is mind blowing. If this is the state of free speech protection in South Carolina, no wonder Beale's counsel seemed genuinely confused a third party would stand up for a user's anonymity.

Woe be to those who dare one-star a business in South Carolina. Fortunately, the court considers this sort of review to be "political speech."

Permalink | Comments | Email This Story

If you had evidence an opposing witness in a criminal trial was untrustworthy, you'd want to use it, right? Too bad says the local law enforcement union. And too bad says a California court. The issue at hand is the Los Angeles Sheriff's Department's "Brady" list. "Brady" is shorthand for exculpatory evidence and untrustworthy law enforcement officers called to provide testimony certainly falls under that heading.

After Sheriff Lee Baca resigned in disgrace following his department's implication in widespread jailhouse corruption and its tendency to hire some of the worst people possible to staff its jail, new sheriff Jim McDonnell wanted to make this list of questionable officers public. He wanted to hand it to prosecutors so they'd know which deputies to avoid if they wanted honest, untainted testimony. He didn't go so far as to offer the same list to defense attorneys, but it was one step further than any sheriff before him had taken.

The sheriff's union sued, claiming handing the Brady list to prosecutors violated state confidentiality laws. In July, the LA County Appeals Court agreed with the union. The case has been taken up by the California Supreme Court, but it won't be discussed or decided until next year. Meanwhile, the ~300 deputies whose names are on the Brady list may have been witnesses in a combined 62,000 cases since 2000. And still, nobody is allowed to access their disciplinary files.

The Los Angeles Times has obtained copies of the 2014 version of the list. (It does not say how it obtained these, so its presumably a leak.) In it are details of hundreds of acts of misconduct, all relating to "moral" issues which could conceivably be used to cast doubt on these deputies' credibility. The documents contain many more details, but this quick rundown by the Times scratches the surface of the secret Brady list. [h/t CJ Ciaramella]

One deputy on the list endangered the lives of fellow officers and an undercover informant when he warned a suspected drug dealer’s girlfriend that the dealer was being watched by police.

Another pepper-sprayed an elderly man in the face and then wrote a false report to justify arresting him.

A third pulled over a stranger and received oral sex from her in his patrol car.

The list also includes several deputies still with the department who were convicted of crimes — one for filing a false arrest report and another who was charged with domestic battery but pleaded no contest to a lesser offense. In other cases, prosecutors sharply criticized the deputies’ actions but declined to pursue criminal charges against them.

Also included: multiple allegations (some sustained) of domestic violence, forging judges' signatures, falsified reports, and sexual misconduct.

Accusations of dishonesty lead the way, composing 69% of all misconduct allegations. Dishonesty is exactly what you don't want from your prosecution witnesses, and a track record of dishonest behavior should be enough to make any testimony given suspect. Unfortunately, the documents are still officially secret, shielded from public access by California law and an appeals court decision.

But the misdeeds detailed in the document make you wonder why the LASD hasn't kicked many of these deputies to the curb. It's not just a problem for testimony in criminal cases. It's also a terrible business practice when you're in the business of serving the public. When your job is literally law enforcement, the lax internal enforcement of actual laws encourages further misconduct and abuse, and destroys your relationship with the communities you serve.

Permalink | Comments | Email This Story

If you’ve used Twitter, you’ve probably seen a Tweetstorm or two in your day. A Tweetstorm is when someone sends out a bunch of tweets in a row about a certain topic. Upping the character limit to 280 made it easier to send out long-form thoughts, but it didn’t solve the problem of Tweetstorms. They can be very annoying to scroll through, especially when you don’t care about the topic.

Twitter is now making it easier to send out a Tweetstorm and also making it easier to ignore them. Users can easily string multiple tweets together by tapping the new (+) button in the compose window. Instead of sending out one tweet at a time and replying to yourself, you can write all the tweets at once and post the thread together.

The good news for people that hate seeing Tweetstorms is you won’t see the full thread on your timeline. There’s a new button that says “Show this thread” to allow you to expand the full list of tweets. This should make it much easier to ignore long threads and tidy up your timeline. The update should be coming to Android in the coming weeks.

More answers have been provided to Senate Intelligence Committee questions (most of those penned by the always-inquisitive Ron Wyden) by the Office of the Director of National Intelligence. Some, like how often the NSA "incidentally" collects domestic communications, remain unanswered. But the ODNI's answers [PDF] -- given to the Committee in July -- have finally been made public. There are a few things worth noting in this rare display of transparency. (By which I mean a lack of redactions, rather than expansive openness by the ODNI).

To begin with, the ODNI argues the new amicus position created by the USA Freedom Act is harmful to national security. Its theory? Any delays caused by the introduction of some semblance of an adversarial process only slows the NSA down.

The appointment of an amicus curiae is not without effect. Notably, it is likely to increase the time needed for the government to obtain the authorities it is seeking. For instance, in 2015 when the FISC appointed an amicus curiae in connection with its review of the Section 702 certifications, the Court ultimately extended the time for its consideration of the 2015 Section 702 certifications by 90 days, issuing an opinion and order approving those certifications more than two months alter the statute otherwise would have required. As the government noted at that time, such a delay could be harmful to national security under certain scenarios, for instance if the government were to submit an additional certification or make an important time sensitive change in the Section 702 targeting or minimization procedures.

This sounds a lot like law enforcement's continual annoyance at warrant requirements. Respecting things like the Fourth Amendment and the idea of checks and balances just takes too long -- even when it means spending a hour trying to talk someone into granting consent for a search, rather than phoning a judge to get a warrant sworn out. The ODNI's complaint is, basically, it doesn't want anyone arguing for the rights of Americans (who get swept up in collections and deliberately targeted by the FBI) or on behalf of the rest of the world the NSA views as little more than a prolific source of data.

Wyden also wanted to know who's allowed to unmask US persons in NSA collections. The ODNI answered "any authorized recipient" of NSA intelligence, which hardly answers the question. Drilling it down a little further, the ODNI noted it has 20 individuals in the NSA who can authorize unmasking. There are doubtless many more in the FBI, which can use 702-derived collections to search for evidence of nearly any criminal activity or just browse stuff if it can be argued the information is already "publicly available." The decision to unmask US persons in the FBI is left to "agents and analysts" conducting "fully predicated investigations."

As for its all-but-abandoned duties to inform defendants of the use of Section 702-derived evidence, the ODNI explained it will almost never have to do this because of parallel construction.

As we have publicly stated previously, the Department has concluded that in determining whether information is "derived from" FISA-authorized surveillance, including Section 702, the appropriate standards and analyses are similar to those applied in the context of surveillance conducted pursuant to the criminal Wiretap Act, Title of the Omnibus Crime Control and Safe Streets Act of 1968, 18 U.S.C. 2510-2522. As such, the "derived from" standard incorporates a "fruit of the poisonous tree" analysis analogous to that conducted under the Fourth Amendment exclusionary rule context. The general question under a "fruits" analysis is whether the evidence was acquired as an indirect result of the surveillance, taking into account doctrines such as independent source, inevitable discovery, and attenuation.

In other words, if there's any way the government could have conceivably obtained this evidence -- rather than the way it actually did it -- the DOJ can bypass its notification obligations.

As for the number of times Intelligence Community components access purely domestic communications -- either directly or "incidentally" -- the ODNI is nowhere closer to providing the numbers explicitly requested by Sen. Wyden on multiple occasions or fulfilling the reporting requirements of USA Freedom Act.

The ODNI claims one recipient of 702 data (the CIA) "does not currently have the technical capability" to track these numbers. According to the ODNI, this capability won't be up and running until the end of 2018. The ODNI goes on to point out the FBI performs no internal tracking of its 702 searches/queries and makes no statement suggesting the agency is even looking into providing these numbers. The NSA, however, performed 30,355 "queries" on US persons' data, using 2,280 "approved" search terms.

The ODNI also explains the difference between a "query" and a "search" in reference to accessing unminimized domestic data and communications. A "query" flags relevant data in existing collections. A "search" actually looks at the contents of communications. In both cases, the ODNI says no warrant is needed. If the domestic communications are swept up lawfully (as part of a FISA-ordained collection), there's no Fourth Amendment violation when content is accessed by a "search." The legal rationale is that the Fourth Amendment is adhered to during the collection process, so it cannot possibly be violated when the collections are accessed by the FBI, NSA, CIA or other IC component.

Wyden's long-running question about incident collection of US persons communications remains unanswered. Questions about the FBI's prolific use of NSA data have been answered with a shrug. The DOJ has been given a pass on its evidence source obligations and IC components have multiple ways of search foreign-facing collections for US persons communications and data, all while supposedly upholding Fourth Amendment ideals. These are the powers the ODNI wants to see renewed for several years with zero changes to the status quo and, given the looks of surviving legislation, its wishes might come true.

Permalink | Comments | Email This Story

You might recall that a few years ago, Amazon began banning competing streaming hardware like Apple TV and Google's Chromecast from the Amazon store because these products competed with Amazon's own streaming hardware. At the time, you might also recall that Amazon offered up the historically stupid claim that this was done simply to avoid "customer confusion":

"Over the last three years, Prime Video has become an important part of Prime," Amazon said in the e-mail. "It’s important that the streaming media players we sell interact well with Prime Video in order to avoid customer confusion."

That decision has only resulted in an ever-escalating game of tit for tat that has started to bubble over in recent months. Around three months ago, YouTube decided to block YouTube from working on Amazon's Echo Show hardware, pushing the bogus claim it was due to a "broken user experience." In response, Amazon expanded its blacklist of Google products by refusing to sell Google Nest hardware as well. This was already bad enough, but the escalating game of "who can be the most obnoxious to paying customers" was taken to yet another level this week.

For a while, Amazon managed to create a workaround that directed Echo Show users to the web version of YouTube, but Google/YouTube managed to find a way to block that too as of today. YouTube is also now informing owners of Amazon's Fire TV products that YouTube will no longer work on that hardware either, starting January 1. Needless to say, this is creating a broken experience on both hardware platforms, and customers are clearly annoyed:

In a statement, Google all but admits that the two companies are engaged in a giant game of jackass patty cake:

"​We’ve been trying to reach agreement with Amazon to give consumers access to each other's products and services. But Amazon doesn't carry Google products like Chromecast and Google Home, doesn't make Prime Video available for Google Cast users, and last month stopped selling some of Nest's latest products. Given this lack of reciprocity, we are no longer supporting YouTube on Echo Show and FireTV. We hope we can reach an agreement to resolve these issues soon."

There are numerous problems here. One being that none of this is really necessary, and that instead of settling their grievances like professionals, the two companies thought it would be a good idea instead to engage in an epic attempt at pettiness which harms openness, innovation, consumer trust, and the consumer experience. But this is also another example of how in the modern era, you don't really own the products you think you're buying, with companies more than happy to eliminate integral functionality at a moment's notice -- without much concern for the end user.

The dispute is so idiotic, it even prompted US Telecom, an AT&T-funded ISP lobbying organization, the opportunity to take a few pot shots at Google in a statement it circulated to the media yesterday:

"Broadband ISPs are committed to providing an open internet for their customers, including protections like no content blocking or throttling. Seems like some of the biggest internet companies can’t say the same. Ironic, isn’t it?"

When you're being trash-talked by what's currently the most-hated industry in America, you know you have a problem. Granted, US Telecom is engaged in some major conflations here. One, Google hasn't really clearly supported net neutrality since around 2010 or so, making this obnoxious, but not necessarily hypocrisy. Two, Amazon customers at least have the option to use other hardware, something you can't say about broadband subscribers, who usually only have access to one ISP at the FCC's 25 Mbps broadband definition threshold. This isn't a net neutrality violation, it's just stupid.

There really is no winner here. Google and Amazon could simply settle their differences like countless businesses do every hour of every day. Instead, they've decided that the best course of action was a downward spiral that punishes millions of consumers simply because the two companies' executives are unwilling behave like functional adults.

Permalink | Comments | Email This Story

As a sign of the times, this is a video captured by commuter and Twitter user A. Mutzabaugh CMT as he drove past one of the wildfires blazing in and around Los Angeles this morning on his way to work. It doesn't even look real, it looks like a scene out of a movie. Also, I really feel like you should be able to text this video to your boss and not have to come into the office today, which is why I just saved it to my phone to use in the future. Keep going for the video.

Not the typical morning commute... pic.twitter.com/kJIOQeqsIK

— A. Mutzabaugh CMT (@WLV_investor) December 6, 2017

Thanks to MSA, who agrees that definitely looks like a good day to telecommute.

The total energy use of this web of hardware is huge - an estimated 31 terawatt-hours per year. More than 150 individual countries in the world consume less energy annually. And that power-hungry network is currently increasing its energy use every day by about 450 gigawatt-hours, roughly the same amount of electricity the entire country of Haiti uses in a year. [...] In just a few months from now, at bitcoin's current growth rate, the electricity demanded by the cryptocurrency network will start to outstrip what's available, requiring new energy-generating plants. And with the climate conscious racing to replace fossil fuel-base plants with renewable energy sources, new stress on the grid means more facilities using dirty technologies. By July 2019, the bitcoin network will require more electricity than the entire United States currently uses. By February 2020, it will use as much electricity as the entire world does today. This is an unsustainable trajectory. It simply can't continue. Not only is bitcoin tulips, but it's also incredibly bad for our planet. These energy numbers are insanity.

Note: Loud scream at 0:40 when the egg explodes. This is a video of a man demonstrating why not to microwave a hard boiled egg then poke it with a fork. Based on how cautious he is and the fact there's a person filming, I'm guessing he clearly knew the eggsplosion was coming. Also, I like how they decided to do this in the break room at work, because why dirty your own kitchen when you clearly already have at least once before? Keep going for the whole video of how not to make deviled eggs, complete with forty seconds of suspense. Thanks to Rachael, who feels sorry for the people who had to find this out the hard way.

When a cop needs an excuse to search something (but can't manage to talk the citizen into consenting) there's almost always a four-legged cop waiting in the wings to give the cop permission to do what he wanted to do anyway. You will rarely hear testimony given in any court case where a K9 hasn't "alerted" to the smell of drugs. Once this "alert" is delivered, officers are free to override objections to warrantless searches under the theory that a dog's permission is all that's needed.

What's willfully ignored by law enforcement officers is the nature of the beasts they deploy: dogs like pleasing handlers and will react to unconscious cues and/or do the thing they're expected to do: "find drugs." If the dog knows it can perform an act for a reward, it will perform that act, whether or not drugs are present. Unfortunately, there's a deliberate dearth of data when it comes to drug-sniffing dog fallibility. Tracking this data would undercut the dogs' raison d'etre: to act as probable cause for warrantless searches. This lack of data makes challenging drug dog "alerts" in court almost impossible.

Fortunately, someone's actually looking into making drug dogs better -- or, at the very least, providing evidence that drug dogs are no more accurate at detecting drugs than $2 field tests. A program started by a former police K9 trainer is looking to remove the human factor from drug dog performance evaluations.

One organization trying to address handler bias is the Pacific Northwest Police Detection Dog Association. In the U.S., a drug-sniffing dog team — the dog and its handler — has to be periodically retested and certified, usually by one of the many regional K9 associations. Some groups have tougher testing methods than others; the PNWK9 has a method that aspires to scientific levels of impartiality.

"It's a double-blind," says Fred Helfers, the retired police K9 handler and trainer who designed the system. "No outside influence."

In Helfers' tests, nobody in the room knows where the drugs are hidden; not the handler, not even the test administrator. That's to eliminate the possibility of someone unconsciously telegraphing signals to the dog as it gets close to the target.

Why this hasn't been done before is a mystery. (I mean, it's a mystery if we pretend there aren't a million reasons law enforcement agencies prefer the status quo.) As NPR points out, a study published seven years ago showed drug dogs respond more to handler cues than to the presence of drugs. Researcher Lisa Lit's tests found dogs alerting to areas researchers indicated scents would be likely, rather than where scents were actually located. What was presented as a test of drug dogs was actually a test of the dogs' handlers. The dogs failed because their handlers failed.

Needless to say, the study was unpopular in the law enforcement community. Law enforcement K9 trainers denounced the study and refused to provide any more assistance to researchers. Lit calls this study -- one that pointed out the Clever Hans-esque performance of drug sniffing dogs -- a "career killer." This is what happens to research that doesn't conform with law enforcement's self-image.

Helfers' testing process -- in which die rolls determine drug locations and eliminate tester bias -- doesn't conform with officers' apparently misplaced belief in their own "training and expertise."

Occasionally, the dice determine that there will be no drugs hidden at all — sometimes for several tests in a row. He recalls that happening at another certification event.

"There were some new teams that failed that sequence," Helfers says. "Because they didn't trust their dog."

He says those handlers couldn't get past their expectation that drugs should be there. "I think they 'overworked' the car. Instead of going around once or twice and trusting their dog and watching their dog work, maybe they'd seen something that wasn't there," Helfers says.

This shows there's no question drug dogs respond to handlers. If dogs fail to respond, the animals are treated as untrustworthy by the same officers who refer to them as "probable cause on four legs." This is part of the problematic law enforcement mindset. A cop would never stop anyone who isn't a criminal… at least according to cops. This likely isn't a conscious thought, but rather the expected outcome of years of instruction that lead officers to view a wide swath of innocent behavior as inherently suspicious. (See also: too nervous, too calm, moving too much, moving too little, not looking directly at officers, looking directly at officers, traveling on any major highway, driving too fast/too slow/too perfect, ad nauseum.)

There is no room in this mindset for the possibility that the person being questioned isn't a criminal. If a cop can't find anything, it's time for a drug dog to do a few laps around the person's car, luggage, etc. If there's still no "hit," the problem must be the dog rather than the lack of contraband. Why? Because the only reason a cop would be interested in this particular person is because this person is doing something illegal. All other possibilities are discarded. This is clearly and disturbingly illustrated by this statement from another K9 officer:

"There's been cars that my dog's hit on... and just because there wasn't a product in it, doesn't mean the dog can't smell it," says Gunnar Fulmer, a K9 officer with the Walla Walla Police Department. "[The drug odor] gets permeated in clothing, it gets permeated in the headliners in cars."

[...]

"The dogs are mainly used to confirm what we already suspect," says Fulmer. "When the dogs come out, about 99 percent of the time we get an alert. And it's because we already know what's in the car; we just need that confirmation to help us out with that."

Confirmation bias, plain as day, and yet Officer Fulmar seems completely unaware of the underlying thrust of his statement. Worse, officers like Fulmer remains opposed to tracking of K9 false hits or to the introduction of any form of scientific rigor to the process.

Handlers also point out that scientific neutrality is not something you can reasonably expect during traffic stops, since police are trained to act on their suspicions.

In short, officers want to have free rein to allow their hunches to develop into warrantless searches with the assistance of animals prone to responding to handlers' cues, rather than the existence of contraband. Better an innocent man have his vehicle tossed than an officer admit his K9 partner might be more interested in giving him what he wants (a warrantless search) than in detecting the presence (or non-presence) of drugs.

This mindset permeates the entire process. When testing methods eliminate officers' involuntary cues or point out how frequently dogs respond to their handlers, it's the process that's wrong. Or the dogs. But never, under any circumstances, are the officers wrong. Law enforcement is willingly operating in its own massive blind spot, unable to fathom the slim possibility that the person they thought had drugs on them might not actually possess any drugs.

And this doesn't even address the bottom feeders of law enforcement: officers who knowingly use K9s to skirt warrant requirements, telling citizens the dog "alerted" even when it hasn't or has only done so in response to the officer's prompts. All of this is excused when officers actually find drugs and the times they don't are waved away with tired Drug War cliches about the sacrifice of a few people's rights for the greater good.

What this testing method shows is dogs (and their handlers) aren't to be trusted -- not without more data. If law enforcement can't admit to being wrong, they'll never look for ways to improve. Given what's been shown, drug dogs should not be treated as "probable cause on four legs." At best, they're walking confirmation bias -- self-serving tools of civil liberties circumvention.

Permalink | Comments | Email This Story

Despite having spent millions on repealing broadband privacy and soon net neutrality, Comcast's lobbyists and PR folks have spent the last few weeks claiming that nobody has anything to worry about because Comcast would never do anything to harm consumers or competitors. This glorified pinky swear is likely going to be cold comfort for the millions of consumers, small businesses, startups, and entrepreneurs trying to build something (or god forbid directly compete with Comcast NBC Universal) over the next decade.

But while Comcast is busy trying to convince everyone that gutting regulatory oversight over an uncompetitive broadband market will only result in wonderful things, they're simultaneously back peddling on past claims to not violate net neutrality.

Earlier this week, Ars Technica penned an article discussing how Comcast's past promises to not engage in "paid prioritization" have magically disappeared. Paid prioritization is the act of letting one company (say, Comcast-owned NBC) buy a faster, lower-latency pipe than its competitors. Obviously, such a scenario creates a market whereby deep-pocketed companies can pay for an unfair advantage over startups, non-profits, or smaller companies. That's not to be confused with enterprise prioritization or the prioritization of medical services, though that's a conflation Comcast lobbyists really enjoy making.

Back in 2014 when the debate was at its peak regarding the creation of the 2015 rules, Comcast repeatedly promised that paid prioritization would never be something it engaged in. Ars does a solid job highlighting how this promise has all-but disappeared from Comcast and Comcast-backed NCTA lobbying and policy materials over the last few years. This apparently angered Comcast PR rep Sena Fitzmaurice, who has previously and repeatedly yelled at me for calling Comcast's top lobbyist a lobbyist (you're supposed to call him Comcast's "Chief Diversity Officer" to help him tap dance around lobbying disclosure rules).

Fitzmaurice spent most of the day on Twitter trying to direct annoyed readers to an alternate, less skeptical CNET article, while insisting that Ars story author Jon Brodkin had somehow hallucinated Comcast's backtracking:

Brodkin, in turn, pointed out that Fitzmaurice repeatedly dodged hard questions about said backtracking, while hiding behind semantics:

He then penned a second article, with the help of the Internet Wayback Machine, highlighting very clearly how Comcast pulled all references to its promise to not engage in "paid prioritization." Much of this purging occurred, coincidentally, the very same day that Ajit Pai first announced his plan to roll back the net neutrality protections:

"Starting in 2014, (Comcast's website) contained this statement: "Comcast doesn't prioritize Internet traffic or create paid fast lanes."

That statement remained on the page until April 26 of this year, according to page captures from the Internet Archive's WayBack Machine. But on April 27, the paid prioritization pledge was nowhere to be found on that page and remains absent now.

What changed? It was on April 26 that FCC Chairman Ajit Pai announced the first version of his plan to eliminate net neutrality rules. Since then, Pai has finalized his repeal plan, and the FCC will vote to drop the rules on December 14.

To drive home the point, Brodkin posted a screen shot of the Comcast website pledge before the FCC announced its repeal of the rules on April 27:

And then after the FCC made it clear it was going to ignore the public and dismantle the rules:

You'll note, perhaps, that Comcast's promises get shorter and shorter the closer it gets to achieving its goal of fewer consumer protections. Oddly, Fitzmaurice has yet to complain about the updated version of the Ars story.

Comcast's track record on this sort of thing isn't particularly hot. You'll recall Comcast helped send the net neutrality debate into overdrive when it was caught throttling all upstream BitTorrent traffic without telling anybody, then lied that it was doing so until the Associated Press proved it. In the years since Comcast has gotten much more creative in abusing a lack of competition in the sector, whether that's by imposing unnecessary usage caps that only its own content is exempt from, blocking competing hardware and services for no good reason, or interconnection shenanigans.

The idea that Comcast will take full advantage of the one two-punch of limited competition and apathetic regulators is all but a certainty according to history. It's likely that for a year or two after repeal, Comcast and other ISPs will avoid getting too heavy handed in the hopes of convincing folks that net neutrality worries were over-stated. After that, you can be fairly certain that Comcast will slowly but surely engage in tricks old and new to leverage a lack of competition to its full, tactical advantage. You can also be fairly certain that while this is happening, you'll be told you're most definitely hallucinating the entire affair.

Permalink | Comments | Email This Story

To be very clear, there are numerous subjects Mark Cuban has a very solid understanding of, ranging from his support of patent reform and the benefits of improving antiquated film release windows to highlighting the SEC's disdain for the 14th and 4th Amendments during his fight over insider trading allegations. But when it comes to net neutrality, modern telecom competition, and the problems caused by letting unchecked duopolists like Comcast run amok, Cuban has pretty consistently made it abundantly clear he has absolutely no earthly idea what he's talking about.

The latest case in point, Cuban trotted out this little gem last week while public outrage at the FCC's grotesque handout to the telecom sector was peaking:

After taking a pretty severe beating on Twitter, Cuban subsequently doubled down, proclaiming that net neutrality should be killed because, you know, nipplegate happened thirteen years ago:

So look, if you've read our primer on net neutrality or paid attention to our coverage of this subject for the last decade, you should know by now that net neutrality violations are just a symptom of the disease that is a lack of competition in the broadband sector. Net neutrality rules were a temporary, imperfect solution to the fact that nobody in either party seriously wants to address this problem because it would stop campaign contributions from flowing. As a result, our state and federal legislative system is systemically infected by lawmakers willing to sell out the public and the internet for some pocket change.

The result of this isn't pretty. AT&T and Verizon enjoy monopoly control over cell tower backhaul and business data services (BDS). Cable companies like Comcast enjoy a growing monopoly over fixed-line broadband because telcos aka "the market" are refusing to invest in rural and second-tier urban markets. With no competition and apathetic regulators, we've witnessed privacy infractions, net neutrality violations, legendarily-awful customer service, deployment redlining, and endless price hikes (again, all just symptoms of a lack of competition and regulatory capture) time, and time, and time again.

This isn't magically fixed by gutting some modest consumer protections. And keeping net neutrality intact certainly doesn't "put Donald Trump in control of the Internet." There's simply no logical basis for that claim. In fact, passing net neutrality rules is a perfect example of one of the few times over the last twenty years that the FCC actually listened to consumers and was willing to stand up to the nation's powerful telecom duopoly. Punishing them for this based entirely on your gut feelings and misunderstanding of how the telecom sector works only helps ensure that won't be happening again anytime soon.

Cuban (who has sidelined as a commercial pitchman for AT&T), subsequently tried to clarify that the real threat to the internet isn't lumbering telecom monopolies, but Apple and Google app stores:

This idea that the real "neutrality problem" is Google and Apple ("search neutrality" or "app store neutrality") has long been an ISP-driven bogeyman we've deflated time and time again. Users have a choice not to use the Google or Android app stores or devices. They have a choice of search engines. But in telecom, there is no choice. If you're lucky, you have a choice of a lumbering cable company or a telco that refuses to upgrade its network. Usually they're engaged in non-price competition because, again, we've let them dictate state and federal protectionism for a generation.

Cuban is part of a subset of folks for whom net neutrality challenges their belief that all regulation is automatically always bad and the government is entirely incapable of ever doing good. The problem is that's not only overly simplistic (it prevents you from actually weighing the merits of each instance of regulation intelligently), it doesn't really work in the telecom sector. If you obliterated the FCC tomorrow, you'd still be stuck with a lumbering monopoly with a stranglehold over the last mile. A stranglehold that bipartisan corruption on the state and federal level would ensure would never be threatened by disruption or innovation.

Net neutrality protects consumers, small businesses, and startups until we can find a way to drive more competition to the market. Some (including Cuban) seem to labor under the belief that advancements in wireless will have us all swimming in dirt-cheap connectivity in no time, making net neutrality irrelevant. Except wireless connectivity is spotty, carriers are booting users off these networks due to low ROI, these connections are usually capped, throttled and expensive, and again, AT&T and Verizon have a monopoly on the backhaul market feeding it all (but don't worry, Trump's FCC is busy protecting that monopoly, too).

You can get rid of net neutrality rules if you first embrace policies that actually drive broadband competition. But we're not doing that. Under Trump's FCC, Ajit Pai is actually busy lowering the base definition of broadband to try and obfuscate this lack of competition. Folks like Pai aren't even capable of admitting there's a problem, making the idea that the former Verizon lawyer wants to fix the problem preposterous. Meanwhile Cuban has been an outspoken Trump critic; are we to presume that Trump magically, mystically got this right? 20 million consumers don't think so.

This isn't the first time we've been over all this. I made many of the same points back in 2014 when Cuban was busy telling anybody who'd listen that net neutrality rules would destroy the internet and prevent sick people from getting necessary medical care (both, again, being lazy canards circulated by ISP lobbyists). Check out the last paragraph of this 2014 post for some unintentional, unfortunate clairvoyance on my part.

It's disappointing that Cuban isn't interested in listening to the countless experts like the EFF telling him that net neutrality rules are incredibly important -- especially for the kind of small businesses Cuban used to represent. It's equally unfortunate that folks that look up to Cuban for guidance are being told to root against their own best self interests -- and to support a Trump agenda item that may just be the most unpopular decision in tech policy history.

Permalink | Comments | Email This Story

A federal judge has issued the final word in one long-running dragnet surveillance suit. The lawsuit, filed by Larry Klayman immediately after the first Snowden leak, alleged the Section 215 phone records program -- targeting Verizon Business customers according to the leaked document -- was unconstitutional. DC district court judge Richard Leon agreed, issuing an injunction in December 2013 demanding a cessation of the Section 215 dragnet.

This order was immediately stayed to allow the government to appeal (and to continue harvesting domestic phone records in bulk). The Appeals Court disagreed with Leon, sending the case back for another ruling. It didn't change anything at the lower level. Judge Leon still found the program unconstitutional and ordered the NSA to stop collecting the phone records of the two named plaintiffs.

Shortly after this ruling, the USA Freedom Act ended the NSA's bulk collection of phone records, largely rendering the lawsuit moot. After another round of appeals, the government asked Judge Leon to dismiss the case entirely. Judge Leon has done so, agreeing with the government that the implementation of the USA Freedom Act prevents it from collecting phone records in bulk and brings it in line with the injunction previously issued by Leon. The plaintiffs were hoping a round of discovery would produce records substantiating their claims of warrantless surveillance of the single named client. Judge Leon has denied additional requests by the plaintiffs and dismissed [PDF] the case with prejudice.

[E]ven if plaintiffs were able to establish -- through jurisdictional discovery -- that the NSA had, in fact, collected their telephony metadata, they still would not be able to overcome the jurisdictional defect in this case. Because bulk collection under Section 215 is now prohibited by statute, plaintiffs' claims for injunctive relief against bulk collection are moot, regardless of whether the Government actually collected and queried plaintiffs' telephony metadata pursuant to the Section 215 program in the past.

The decision closes with Judge Leon expressing his hope the Supreme Court might step in and address the Third Party Doctrine directly and more closely examine the "expectation of privacy" concept in the context of today's communication methods. (This is why the upcoming Carpenter case -- dealing with warrantless collection of historical cell site information -- bears watching.)

While the zeal and vigilance with which plaintiffs have sought to protect our Constitutional rights is indeed laudable, this Court, in the final analysis, has no choice but to dismiss these cases for plaintiffs' failure to demonstrate the necessary jurisdiction to proceed. I do so today, however, well aware that I will not be the last District Judge who will be required to determine the appropriate balance between our national security and privacy interests during this never-ending war on terror. Hopefully by the time these issues are next joined, our Supreme Court will have had the opportunity to provide us with further guidance on the parameters of our privacy interests in this era of ever-increasing electronic communication. If not, concerned citizens such as these will continue to shoulder the heavy yoke that vigilance to our Constitutional liberties surely requires.

Permalink | Comments | Email This Story

It's no secret most law enforcement agencies own or have access to Stingray devices. But some deployment totals can still raise eyebrows. The Baltimore PD, for example, deployed Stingrays 4,300 times over an 8-year period -- more than once per day. And it hid these behind pen register orders, so that judges, defendants, and defense lawyers had no idea exactly how the PD located suspects.

Thanks to Buzzfeed's FOIA request, we now know another government agency has been firing up its Stingrays at least once a day. And it's one of the nation's largest.

A document obtained by BuzzFeed News shows the US Department of Homeland Security used secretive cell phone–tracking devices nationwide more than 1,800 times from 2013 to 2017.

The information, obtained through a Freedom of Information Act request, shows that Homeland Security Investigations, a major investigative arm of DHS, used what's known as cell-site simulator over-the-air technology 1,885 times from Jan. 1, 2013, to Oct. 11, 2017 throughout the US.

There's not a lot to be gleaned from the document [PDF], other than the total number of deployments and cities where they may have been deployed. Given the DHS's purview, one would assume these are deployed only in serious criminal investigations. That assumption would be wrong, as DHS component ICE has already shown.

Sen. Ron Wyden recently asked US Immigration and Customs Enforcement for information on the agency’s use of the devices after it was determined ICE used a cell-site simulator to arrest an undocumented immigrant. Among the questIons Wyden sought answers to was what steps the agency had taken to limit interference to the phones of people not being investigated.

ICE may be making the most use of DHS Stingray devices. In its answers to Wyden's questions, the agency made it clear it uses Stingrays for all sorts of banal things, like tracking down pretty much anyone its looking for or simply sniffing out phone details for future subpoenas.

Of course, while it's doing this hundreds of times a year, the phone service of everyone DHS agencies aren't looking for is interrupted. But that's OK with ICE, because the only phone service anyone really needs is emergency service, according to director Thomas Homan.

“In all circumstances, devices are always able to dial 911 without any disruption of service,” Homan said.

So, not really a problem, according to ICE -- even if ICE is doing nothing more than readying a subpoena.

This is why the Supreme Court's take on Carpenter will be important. A ruling following the current view on third party data might encourage the federal government to ditch its voluntary Stingray warrant requirement. It will also encourage other law enforcement agencies to continue hiding evidence of Stingray use behind pen register requests, leading defendants and presiding judges to believe the phone they tracked in real time was actually just historical cell site location data.

Permalink | Comments | Email This Story

Another court has decided warrants must accompany Stingray use. (via the New York Times) The ruling handed down earlier this month clarifies the distinction between the records obtained and the records requested. In this case, police used a pen register request to deploy their Stingray device. As the court points out, Stingray devices grab a lot more than just phone numbers.

A pen register or trap and trace warrant is authorized under New York's CPL Art. 705.00. According to that Article, a pen register is a device that attaches to a landline phone to identify and record "the numbers dialed or otherwise transmitted" in outgoing and incoming calls." CPL 705.00 (1). In addition, CPL 705.00 (2) defines a trap and trace as a similar device to that of the pen register that identifies the "originating number" for a call. It should be noted, however, that Article 705 does not authorize the gathering of location information using a cell phone's Global Positioning system (GPS), nor does it authorize the gathering of additional information, that might include the content of a phone's calls or text messages by the use of a pen register and/or trap and trace order.

[...]

Thus, it is improper under New York Law to authorize the obtaining of any information from a suspect's phone other that the phone numbers dialed or otherwise transmitted in outgoing and incoming calls and/or an originating phone number.

As the court notes, the addition of GPS location info changes the matrix for law enforcement paperwork. It's not enough to settle for the lower requirements of a pen register order. Tracking and tracing people involves a higher statutory burden. And that's exactly what this is: to deploy a Stingray, a team of officers must fire one up and roam all over the place until they home in on their target. This is completely distinct from showing up at a telco office asking for dialed digits.

Additionally, the court points out that while the information obtained (the phone's location) might ultimately be a third party record accessible with a subpoena, the government can't be the third party collecting the records.

[U]nlike pen register device information or that provided by the CSLI, a cell site simulator device does not involve a third party. "The question of who is recording an individual's information initially is key." See US v Lambis, supra, citing In re US for Historical Cell Site Data, 724 F.3d 600 [5th Circ. 2013] [distinguishing between "whether it is the Government collecting the information or requiring a third party to collect or store it, or whether it is a third party, of its own accord and for its own purposes, recording the information"]. The Lambis court continued: "For both pen register information and CSLI, the Government ultimately obtains the information from the service provider who is keeping a record of the information. With the cell-site simulator, the Government cuts out the middleman and obtains the information directly." US v Lambis, Id.

By its very nature, then, the use of a cell site simulator intrudes upon an individual's reasonable expectation of privacy, acting as an instrument of eavesdropping and requires a separate warrant supported by probable cause rather than a mere pen register/trap and trace order such as the one obtained in this case by the NYPD.

Presumably, the NYPD was less than forthcoming about its Stingray use. In the opening of the opinion, the court points out the location the suspect was tracked to was completely unrelated to any information the NYPD already had in hand when it took its Stingray out for a spin.

Based upon the information gathered from this order for the defendant's cell phone, Detective Brown located and arrested the defendant three days later on April 15, 2016, inside of 1540 Sterling Place, Apartment 3E in Brooklyn, an address not previously identified as of any interest to this investigation.

The decision also notes Stingray use was "conceded" by the prosecution, suggesting it fought this disclosure for as long as it could.

This is good news for residents of New York and another small step towards a unified judicial view on Stingray deployments. Better yet, it has probably resulted in audible wailing and gnashing of teeth in the upper levels of the NYPD bureaucracy.

Permalink | Comments | Email This Story

Numerous reports have indicated that the FCC intends to try and hide its attack on net neutrality behind the looming Thanksgiving holiday. The agency is expected to either unveil its formal plan on Wednesday while Americans are distracted by holiday preparations, or potentially on Friday, while Americans are busy shopping for black Friday bargains. Regardless of when it's unveiled, the announcement will involve unveiling a formal date to vote to finally kill the rules, currently expected to be December 15:

"It's a devilishly brilliant plan by the FCC and its chairman, Ajit Pai, who has made no secret of his wish to undo the benchmark rules put in place during Barack Obama's presidency. There will inevitably be plenty of people already enjoying their holiday break, and any major coverage on Wednesday will then be lost to a day of turkey, gravy, football, and indigestion, followed by three more days in which people won't be looking at the news."

Except this obfuscation plan isn't "devilishly brilliant," it's a massive underestimation of the brutal backlash awaiting the broadband industry and its myopic water carriers. Survey after survey (including those conducted by the cable industry itself) have found net neutrality has broad, bipartisan support. The plan is even unpopular among the traditional Trump trolls over at 4chan /pol/ that spent the last week drinking onion juice. It's a mammoth turd of a proposal, and outside of the color guard at the lead of the telecom industry's sockpuppet parade -- the majority of informed Americans know it.

Net neutrality has been a fifteen year fight to protect the very health of the internet itself from predatory duopolists like Comcast. Killing it isn't something you can hide behind the green bean amandine, and it's not a small scandal you can bury via the late Friday news dump. This effort is, by absolutely any measure, little more than a grotesque hand out to one of the least competitive -- and most disliked -- industries in America. Trying to obfuscate this reality via the holidays doesn't change that. Neither does giving the plan an Orwellian name like "Restoring Internet Freedom."

It's abundantly clear that if the FCC and supporters were truly proud of what they were doing, they wouldn't feel the need to try and hide it. If this was an FCC that actually wanted to have a candid, useful public conversation about rolling back net neutrality, it wouldn't be actively encouraging fraud and abuse of the agency's comment system. To date, the entire proceeding has been little more than a glorified, giant middle finger to the public at large, filled with scandal and misinformation. And the public at large -- across partisan aisles -- is very much aware of that fact.

Consumers, small businesses, and those interested in keeping the internet open, healthy and competitive will remember this severe of a shafting. It's going to inform policy conversations and voting decisions (especially among Millennials) for years to come. This isn't something that can be hidden between the cranberry sauce and Grandpa Jones' corn bake surprise, and the fact that Ajit Pai's staff thinks that's even possible highlights how absurdly out of touch the current FCC actually is.

Many people obviously believed that the net neutrality conversation was over when the FCC crafted the 2015 rules, and that they could subsequently tune out because the fight had been won.

But net neutrality isn't a conversation that begins or ends when rules are created or destroyed. Since net neutrality is just a symptom of the disease that is a lack of broadband competition, this is a battle that will persist for as long as said lack of broadband competition exists, and for as long as companies like Comcast attempt to abuse it. With Pai at the helm, that's certainly not changing anytime soon. In fact, with the gutting of privacy protections, net neutrality rules, and a blind federal and state eye turned toward cable's growing monopoly over broadband, it's going to get notably worse.

Supporters of net neutrality also need to understand that the broadband industry's assault on net neutrality is a two-phase plan. Phase one is having an unelected bureaucrat like Ajit Pai play bad cop with his vote to dismantle the rules. Phase two will be to gather support for a net neutrality law that professes to be a "long-standing solution to this tiresome debate." In reality, this law will be written by ISP lobbyists themselves as an attempt to codify federal apathy on this subject into law. These weaker protections will be designed to be so loophole-filled as to effectively be useless, preventing the FCC from revisiting the subject down the road. A solution that isn't -- for a problem they themselves created.

It's understandable that the public and press is tired of this debate after fifteen years. But instead of hand wringing and apathy, we should be placing the blame for this endless hamster wheel at the feet of those responsible for it: Comcast, AT&T, Verizon and Charter, and the army of lawmakers, economists, fauxcademics, and other hired policy tendrils willing to sell out the health of the internet -- and genuinely competitive markets -- for a little extra holiday cash. Folks that honestly believe they can lie repeatedly with zero repercussion, and hide a giant middle finger behind the gluten-free stuffing and Aunt Martha's cardboard-esque pumpkin pie.

Make no mistake: net neutrality is likely a permanent battle against telecom duopolists with a vested interest in abusing a lack of broadband competition. It's a battle for a healthy, open internet, truly competitive markets, and the right to innovate without Comcast, Verizon or AT&T interference. The decision to ignore the will of the public and kill existing, popular net neutrality rules is going to pour napalm on that fire, not extinguish it.

Permalink | Comments | Email This Story

It's been barely a month since news came to us of the Worth County (GA) Sheriff's Department's search of an entire school's worth of high school students. Over 800 students were searched without a warrant, subjected to invasive pat downs that included breasts and genitals by Sheriff Jeff Hobby and his deputies.

Sheriff Hobby thought there might be drugs in the school, but despite the search of hundreds of students and the use of drug dogs, no drugs were found. A class action lawsuit [PDF] alleging multiple rights violations brought by some of the students was filed in June. In October, Sheriff Hobby and two of his deputies were indicted for sexual battery and false imprisonment.

In a surprisingly quick turnaround, there's already talk of a settlement, as Susan Hogan reports for the Washington Post.

On Tuesday, a legal advocacy group, the Southern Center for Human Rights, said a proposed $3 million settlement had been reached in the lawsuit, pending a judge’s approval.

That number has nothing to do with the severity of the violations, but rather is the limit of the sheriff department's insurance policy. But it will be spread to cover a majority of the student body harmed by the actions of these law enforcement officers.

Each class member will receive a monetary award of between $1,000 and $6,000, with those students subjected to more invasive searches receiving higher amounts. Once any outstanding claims are resolved and attorney fees of 15% of the fund are paid, half of any remaining funds will be paid into a fund for the benefit of Worth County High School students.

This quick settlement can likely be chalked up to a handful of variables. One, Hobby and his deputies have been indicted, which gives more credence to the students' claims their rights were violated. Two, the entire 4-hour lockdown was captured on the school's surveillance cameras, all but eliminating narrative options for the law enforcement defendants. Three, Sheriff Hobby's own statements in defense of his and his deputies' actions make it very clear the sheriff supports the mass violation of rights through policies and actions.

The only reason Hobby didn't pursue another warrantless search of the entire school's student body wasn't because of concerns about students and their rights, but because people were angry.

When asked about that previous search that came up dry, Hobby said he didn't think that search was thorough, so he decided to do his own.

He said he believes there are drugs at the high school and the middle school, but also said that he will not do another search, due to response from community.

So, straight up, the sheriff believes he did nothing wrong. His deputies did nothing wrong. If anything's wrong here, it's the response from the community -- people who apparently don't understand civil rights are nothing more than obstacles that must be skirted or surmounted if we're ever going to win this war on drugs.

Permalink | Comments | Email This Story

There's little more chilling to First Amendment freedoms than the possibility of spending decades in jail for documenting a protest that turned into a riot. But that's exactly what independent journalist Alexi Wood is facing. Traveling from Texas to Washington DC to document anti-Trump protests on Inauguration Day, Wood was "kettled" and arrested along with the protestors he was covering. He wasn't the only journalist to be detained for hours and hit with charges, but most of the others have seen their charges dismissed.

Wood is facing charges that could see him jailed for several years, thanks to DC prosecutors who have decided to punish the journalist for being in the vicinity of destructive criminal activity.

Alexei Wood faces up to 60 years in prison for moving alongside and videotaping rioters as they protested President Donald Trump's inauguration in Washington, D.C., on Jan. 20. According to Wood, he was livestreaming the protest - videotaping events and putting them on the internet as they happened.

He said the livestream is still online, and shows he did nothing wrong.

"It documents everything I said or didn't say, do or didn't do - clear evidence,” Wood said. “Even the judge said there was 'zero evidence' I did property destruction."

Wood is one of seven journalists who, with a group of more than 200 protesters, were penned in and arrested that day. Charges against five of the journalists have been dropped.

Indeed, his livestream of the events leading to his arrest can be seen below, and nothing in it shows him participating in destructive acts.

But that matters little to DC prosecutors, who have decided to threaten the act of journalism by creatively stacking charges.

[O]n April 27, the Superior Court of the District of Columbia returned a superseding indictment which added additional charges for some 212 defendants, three of whom had not previously been charged.

With new felony charges including urging to riot, conspiracy to riot and destruction of property, many of the defendants are facing up to 80 years in prison. Many other defendants, among them journalists, are facing more than 70 years.

When a "conspiracy to riot" describes the act of documenting a riot, things have gone horribly south in the legal system. It's not like the government is facing a lack of chargeable suspects. There are more than 200 to choose from, with a majority of those being participants in the demonstration. A smaller number participated in the destruction of property. Then there's Alexi Wood, who was in the right place at the right time journalistically-speaking, but the wrong place/wrong time for everything else.

The only explanation for this charge stacking is prosecutors' desire for easy wins. Piling up felony charges pushes people towards accepting plea deals, even if they haven't done anything wrong. A couple of misdemeanors and being free to go usually sounds better than a criminal trial and the possibility of a jury handing down a guilty verdict with 15-20 years of jail time attached

If this goes forward, the evidence should clear him of charges. But even if it does go quickly and smoothly, Wood's life has been permanently changed, and not for the better. He hasn't been able to concentrate on journalistic efforts since he was arrested, thanks to the severity of the charges. If the government finds a way to hang one on Wood, independent journalists and those working for smaller agencies will start steering clear of protest coverage just to be on the safe side. And that may be the government's unstated goal -- fewer eyes witnessing anti-government sentiment and/or the tactics used by law enforcement against people utilizing their First Amendment rights.

Permalink | Comments | Email This Story

Earlier this year, we mentioned the Texas lawyer Jason Lee Van Dyke in relation to a story in which Twitter, ridiculously, banned Ken "Popehat" White after he wrote about threats from Van Dyke. We had written about Van Dyke years earlier when he sued the Tor Project because a revenge porn site was using Tor. We also noted that that case involved a guy who had been declared the leader of a hate group, Kyle Bristow -- and appeared to involve Van Dyke deliberately and knowingly "serving" the wrong party. The revenge porn site that Van Dyke claimed he was targeting had sarcastically provided Bristow's address as its address to mock Van Dyke, and Van Dyke then claimed he had properly "served" the revenge porn site by serving it on Bristow.

That post, from back in 2014, also included an awful lot of Van Dyke cursing out people and threatening to sue lots and lots of people. Oh, and also declaring "it's my job to violate the civil rights of people like you" to one critic. The more recent story, involving threatening Ken White and Asher Langton, showed that not much has changed with regards to anger management and Van Dyke. I won't rehash the entire story, but Ken White summarized it earlier this year. Just suffice it to say, Asher Langton turned up quite a bit of evidence suggesting that Van Dyke was advertising his legal services to white nationalists on Stormfront.

Since then, Van Dyke has, repeatedly, threatened to sue and (separately!) to physically harm both White and Langton. He's also declared himself to be part of the "Proud Boys" -- a nutty group of self-declared chauvinists, who get upset if you suggest they're racists or neo-Nazis, even if many of the distinctions appear to be quite fuzzy. Either way, they appear to get quite upset if anyone calls them those things, even though the press regularly associates them with racists, neo-nazis or the "alt-right."

Van Dyke has also threatened to sue a number of news organizations for these claims, and actually did sue a small local news site in Ohio called the Mockingbird. The Mockingbird published this article about Proud Boy antics in Ohio -- which led Van Dyke to send Mockingbird a letter requesting the site delete the article, no longer write about the Proud Boys and pay $10,000. Mockingbird's Gerry Bello responded appropriately, telling Van Dyke to fuck off, but also stating Bello's opinion (backed up with evidence) that Van Dyke is a Nazi.

It is over this letter that Van Dyke then sued (not the original article that inspired the bumptious threat letter). The lawsuit was filed in county court in Denton, Texas, which seems unwise. Texas actually has a fairly robust anti-SLAPP law that the courts have construed broadly to cover all sorts of SLAPP suits, making Texas one of the strongest defenders of free speech in the country.

Anyway, you can read Van Dyke's complaint here. Mockingbird removed the case from the local county court to the federal district court late last week (we'll see if Van Dyke tries to block that). Van Dyke is representing himself. The crux of the lawsuit:

On information and belief, Defendants are associated with a domestic terrorist collective known as “Antifa” that prides itself on harassing, defaming, and committing acts of violence against persons and groups that espouse conservative groups. In this instance, Defendants wrongfully accused members of the Houston, Texas and Columbus, Ohio chapters of “The Proud Boys” of the following: (a) being “neo-Nazis”; (b) engaging in a hate crime by placing hand-drawn swastikas into mailboxes; (c) engaging in “ethnic cleansing” during hurricane relief efforts in the Houston area; and (d) roaming the nation in an effort to commit acts of mass murder against minorities. It should be noted in this case that Plaintiff was present with the Houston Proud Boys during Hurricane Harvey relief efforts and assisted them in rescuing residents in need of evacuation and in the distribution of relief supplies such as food, bottled water, cleaning supplies, and other items to residents of areas affected by the hurricane.

Plaintiff sent a demand letter for Defendants to issue a retraction of these statements (which clearly meet the criteria for defamation per se) and Defendants responded by publishing the letter attached hereto as Exhibit “B” on their website

Because of all of this, Van Dyke insists Bello/Mockingbird have committed libel per se, specifically in reference to the statements about Van Dyke being a Nazi, as well as statements Bello made claiming Van Dyke had a previous arrest and conviction. Bello claims this was "on weapons charges and domestic violence." Van Dyke counters that it was a misdemeanor weapons charge -- not domestic violence -- and has since been expunged. He also claims that Bello wondering if Van Dyke is forum shopping his lawsuit is defamatory, as might also be Bello's statement that under his conviction Van Dyke should not be allowed to possess firearms. Amusingly, in Van Dyke's lawsuit, he also disputes that he was the lawyer pitching for business on Stormfront, but insists that he's not suing over that because it's not libel "per se."

It does appear that Bello certainly goes a bit closer to the line than I imagine most lawyers would advise in making statements about Van Dyke, but the "Nazi" line is clearly protected opinion or rhetorical hyperbole. The throwaway line about forum shopping is clearly not defamatory either. The statement about whether he can possess firearms was presented as a question rather than a statement, so again is a stretch. As for getting the specific details of the conviction wrong, Bello doesn't cite where he got that information, but it is true -- as Van Dyke readily admits -- that he was convicted on a misdemeanor firearm charge. So Van Dyke would have to show that Bello not only got things wrong beyond that in a defamatory way, but that Bello knew the information he posted was false. That's... a tough bar to reach.

Bello/Mockingbird's "Original Answer" is fairly short on details, other than denying all the claims and (for now) throwing out all possible affirmative defenses (I assume a more specific answer will be forthcoming later). Bello's lawyer has also said that they'll file an anti-SLAPP motion, though that does not appear to have happened yet.

Meanwhile, Bello has launched a crowdfunding campaign as well.

Oh, and we're not even remotely done yet. A few weeks back, Van Dyke also got into a Twitter spat with, of all people, Talib Kweli. While the conversation is now gone (in part because Twitter recently suspended Van Dyke's account), here's how Kweli describes it:

“His first tweet to me was that he was a defense attorney and worked with mentally challenged people,” explained Kweli. “He wrote, ‘You are stupider than the mentally challenged people I work with,’ and so that caught my eye immediately, because why would a defense attorney be upset at a black stranger and starting using his own clients to engage in harassment?”

Kweli responded to the tweet, explaining that he doesn’t start arguments, but is willing to engage when challenged. “And so, I engaged him,” he said. “And the way I engage people who harass me like that is I always ask them to explain their position, because if you ask a racist or a bigot to explain their position, it falls apart.”

As this went on, Kweli eventually posted Van Dyke's publicly available business contact info -- and, not unlike Ken White, Twitter stupidly temporarily suspended Kweli's account, because (again) Twitter is bad at understanding the difference between abuse and calling out abuse. Over the last few months and weeks, Van Dyke has been ranting about Kweli, Langton and White. He even wrote up and posted completely made up stories about Langton and White, calling them satire. It seems like he thinks he's proving a point, though what point is unclear.

As for why Van Dyke was finally suspended from Twitter, it was apparently for tweeting a pretty gruesomely horrible racist tweet -- involving both the n-word and a noose. In the HuffPo article, they spoke to the president of the Texas state bar, who does not seem happy about Van Dyke's actions:

“The statements attributed to this individual are reprehensible and contrary to the values we hold as Texas lawyers,” State Bar of Texas president Tom Vick said in an email to HuffPost. “I condemn them in the strongest terms.”

Meanwhile, Van Dyke has been posting (on various other social networks) increasingly angry messages about Kweli -- many of which have pretty clear racist overtones, and some of which include threats of violence. He complains about Kweli being "uppity" while promising to beat him and skin him alive. He compares Talib to Amadou Diallo, the man assassinated by the NYPD in 1999. He also says that Talib will have to change his name to "Toby", a pretty damn likely reference to the famous scene in Roots in which Kunta Kinte is whipped by his owner, until he says his name is Toby -- at which point the owner says "Aye, that's a good n****r." So, yeah. If Van Dyke is trying to portray himself as not being racist, he's not doing a very good job of it so far.

And, because Van Dyke never seems to find the bottom of the hole he keeps digging, Asher Langton posted the following screenshot of Van Dyke not only promising to sue White, Langton, Kweli and the Huffington Post today, but also saying that he doesn't care if he gets disbarred or sanctioned, and if they do he'll defend himself with a gun.

If you can't see that, it says:

No longer welcome where I've trained for years. This is the final straw. Langton, White, Kweli, HuffPo - they are all getting sued first thing Monday morning. This ends now. They can disbar me if they want, I don't give a damn. If they sanction me, my property is defended with a 50 BMG.

I'm guessing that the Texas bar might not like that one so much either -- nor any court where these lawsuits may be filed. Of course, we saw similar threats in what we posted about Van Dyke years ago as well, which did not lead to lawsuits. This time, he has sued Bello and Mockingbird, though, so perhaps he will attempt to follow through on these other threats also. Apparently he has sent Mockingbird/Bello's lawyer the following email, asking to amend the original complaint to raise the damages from $60,000 to $10 million and to add White, Langton, Kwelli, Huffington Post and Andy Campbell (the author of the HuffPo piece).

It is, at the very least, unclear how he thinks any of this helps him rather than digging him deeper and deeper into a hole. As far as I can tell, Van Dyke seems upset that he's facing the consequences of his own actions -- which include threats of violence and lawsuits in addition to a variety of other highly questionable statements. And rather than recognize that perhaps he shouldn't do those things, he's responding to people who document his own statements by doing even more of the same, which only continues the cycle. We'll see if he's actually foolish enough to follow through on this lawsuit. It is unlikely to end well. Not only are there unlikely to be any legitimate claims, it makes no sense to add them to this other lawsuit, which is about an entirely different set of statements. Randomly joining together other people who have called you out separately hardly seems like good lawyering. It does, however, remind us of Rakofsky v. the Internet, in which a young (and not very good) lawyer sued basically everyone who criticized him. It didn't end well. And, of course, that one didn't include threats of violence mixed in.

I suspect he's not interested in taking our advice -- he has regularly mocked Techdirt any time we've written about him -- but there's a time when the correct response is to stop digging. Suing people for calling you out won't end well. Threatening violence, repeatedly, over criticism is not a good look, especially for a lawyer.

Permalink | Comments | Email This Story

A Texas sheriff did some pandering to his base this week, ultimately making a fool of himself. On Monday, Sheriff Troy Nehls posted the following to Facebook:

If you can't see it, it's a photo of a truck with a decal attached to the rear window. The decal reads:

Fuck Trump and fuck you for voting for him

Here's what Sheriff Nehls wrote:

I have received numerous calls regarding the offensive display on this truck as it is often seen along FM 369. If you know who owns this truck or it is yours, we would like to discuss it with you. Our Prosecutor informs us she would accept Disorderly Conduct charges regarding it, but I feel we could come to an agreement regarding a modification of it.

This is stupid on every single level. First off, as former police officer and current attorney Greg Prickett points out in his post at Simple Justice, there's no way those charges would stick.

Sheriff, that's political speech, and it's protected speech. You don't get to silence it because you don't like it, or even because it offends you, the District Attorney, or anyone else. The Disorderly Conduct statute in Texas is very clear on this.

You can charge someone with Disorderly Conduct if "the language by its very utterance tends to incite an immediate breach of the peace," or if the "display tends to incite an immediate breach of the peace…" That hasn't happened here. If Fonseca and her family have been driving around for almost a year and there have been no fights, no disturbances, no riots or so forth, you are not going to be able to prove that there was a danger of an "immediate breach of the peace."

Instead, Nehls may have rained down fire on his own idiotic head by pursuing it.

What you may have, instead, is another crime, a much more serious crime, being threatened by Sheriff Nehls. If Nehls goes through with his threat, it could very well meet the elements of the offense of Official Oppression, which states:

(a) A public servant acting under color of his office or employment commits an offense if he:

(1) intentionally subjects another to mistreatment or to arrest, detention, search, seizure, dispossession, assessment, or lien that he knows is unlawful;

(2) intentionally denies or impedes another in the exercise or enjoyment of any right, privilege, power, or immunity, knowing his conduct is unlawful…

Now, let's get to the rest of the moronic post.

It is highly doubtful the Sheriff has "received numerous calls" about a window decal. Even given the sorry state of Americans' understanding of the First Amendment, most people would realize a sweary decal is not a law enforcement issue. More likely, the Sheriff or one of his deputies spotted it and took a photo or, at best, a concerned citizen sent it to the apparently pro-Trump Sheriff in hopes that he would abuse the law to shut down protected speech. (If so, well played, citizen. Everyone loves an American who believes in less rights for people they don't agree with.)

Next, the "discussion" proposed by the Sheriff is a bait-and-switch. Unlike most bait-and-switch purveyors, Sheriff Nehls is too excited about prosecution to allow the bait to do its work. By pitching it as a voluntary interaction, Nehls covers his ass on official oppression. But he immediately uncovers it by referring to a prosecutor just dying to punish protected expression with a bogus disorderly conduct charge.

That brings us to perhaps the stupidest part of Nehls' post. Nehls states a prosecutor is willing to move forward with charges. That appears to be a lie.

KHOU 11 News also reached out to the Fort Bend County District Attorney.

He says the Sheriff never consulted him before posting the suggestion the driver may be charged with disorderly conduct.

He made it clear his office would not accept charges against that driver simply because of the profanity and message on the truck.

It's unclear who Nehls is referring to. This prosecutor is a he (Nehl's post refers to a "she"), and he apparently would be in charge of prosecuting cases brought to him by the Sheriff. I suppose he could be referring to one of the other prosecutors in the DA's office, but all cases would presumably be signed off by the DA himself before moving forward. If one of them offered to help the Sheriff fight his battle against the First Amendment, they would be aiding and abetting official oppression.

Having outed himself as a law enforcement official willing to oppress speech under the color of law, Nehls gracelessly deleted his Facebook post. He then went on to issue a statement to the effect of "I just wanted to talk to this person about their bumper sticker… but with the dangling threat of prosecution as a backdrop."

Nehls addressed the post in a press conference Wednesday afternoon.

"People have called and are offended by the language," said Nehls. "I simply want to talk to the owner and say 'Look the last thing we need to do is have anyone have any confrontation over the language on your truck.'"

But this can't possibly be true. If all Nehls wanted to do is talk, he had plenty of time to do so. And he could have done it without dragging the vehicle owners into his social media debacle. But it appears he'd rather grandstand on Facebook than do actual police work and, you know, track down the owners of the vehicle. Even with the head start of license plate database access and its favored route of travel, the local news team managed to be the first people to actually talk to the truck owners.

KHOU 11 News tracked down the owners of the truck, Karen and Mike Fonseca. They are stunned and angry that Nehls would start this debate on Facebook instead of calling them personally.

They say they're entitled to their free speech.

"There's no law against freedom of speech, nothing in the law book here in Texas, I've been stopped numerous times, but they can't write me a ticket," said Karen Fonseca.

The truck owners are more right in two sentences than Nehls was in a Facebook post and ensuing press conference. They are definitely right to be angry about Nehls' casual abuse of office that turned them into targets for hate from like-minded fans of free speech curtailment.

Above all else, Sheriff Nehls is a disingenous asshole.

The sheriff said he wants to avoid a situation where somebody could take offense to the sign on the truck, possibly leading to a confrontation.

"I don't want to see anything happen to anyone," Nehls said. "With people's ... mindset today, that's the last thing we need, a breach of the peace."

Then why the fuck would you post a photo of the truck and decal to Facebook? You're just begging for a "breach of the peace." You've turned the owners into a target for pro-Trump partisans and people who like to yell at other people for public swearing. You pulled some petty bullshit under the color of law and have the audacity to claim your foremost concern is the truck owners' safety. If this is what the public gets to see of your mindset and retaliatory nature, one can only imagine what goes on behind the scenes.

Nehls says he wants to "come to an agreement regarding a modification" to the anti-Trump decal. I can suggest one, but I doubt the Sheriff will like it.

And, of course, as I put the finishing touches on this post comes the news that Fonseca has been arrested -- though for an outstanding warrant.

Permalink | Comments | Email This Story

Earlier this year, journalist Ashley Feinberg outed then-FBI Director James Comey's secret Twitter account, using nothing more than the "harmless" metadata people like James Comey have said no one needs to worry about. The secret account was sniffed out through something the Intelligence Community likes to call "contact chaining." The path ran through Comey's children's Instagram accounts and one conspicuous follower of Comey's previously-secret account: Lawfare writer, surveillance apologist, and personal friend of Comey's, Benjamin Wittes.

For some reason, months after the fact, Wittes has decided the route to unmasking Comey's Twitter account was more like stalking than journalism. Wittes objected to the "use" of Comey's children -- the seemingly-unrelated contacts who Feinberg chained together to reach her conclusion. This was weird because, as Marcy Wheeler points out, Comey seemed to be impressed by the journalist's work. Even weirder is the fact Wittes (and former IC attorney/Lawfare editor Susan Hennessey) didn't see the obvious parallels between Feinberg's detective work and the FBI's own use of metadata, contact chaining, and working its way towards targets through vast amounts of unrelated data.

Not only did he say he wasn't mad and compliment her work, but he posted the link to FBI jobs.

I'd say Jim Comey sees a similarity in what Feinberg did.

I'm all in favor of protecting the accounts of children from such contact chaining — and am really not a big fan of contact chaining, generally. But those who, like Comey and Wittes and Hennessey and Tait, have championed a system that endorses at least two hop chaining irrespective of who gets hopped, not to mention those who've tolerated the collection on family members in even more targeted surveillance, I'm not all that interested in complaints about the privacy of a 22-year old son.

Or rather, I point to it as yet another example of surveillance boosters not understanding what the policies they embrace actually look like in practice.

Which is precisely why this “doxing” was so newsworthy.

Wheeler goes into more detail on the FBI's use of contact chaining and metadata and discusses Comey's own approval of these practices during his tenure. This may explain why Comey was more impressed than angry when he was outed. As for the complaints about "outing" Comey's adult children, Wheeler points out Comey himself has thrust them into the public eye on more than one occasion, starting back when they were still young teenagers.

But beyond this there's the hypocritical nature of Wittes' attack on the journalist. Surveillance state supporters love surveillance -- except when the apparatus is controlled by people they don't like or aimed at people they do. These are ridiculous arguments to be making, especially when you actively support state-sponsored "stalking."

Permalink | Comments | Email This Story

We already knew Jeff Sessions was a throwback. The new head of the DOJ rolled back civil rights investigations by the agency while calling for harsher penalties and longer jail terms for drug-related crimes, while re-opening the door for asset forfeiture abuse with his rollback of Obama-era policy changes.

But it's more than just the new old-school DOJ. The FBI is just as regressive. Under its new DOJ leadership, the FBI (inadvertently) published some speculative Blue Lives Matter fanfic [PDF] -- an "Intelligence Assessment" entitled "Black Identity Extremists Likely Motivated to Target Police Officers."

There's no hedging in the title, despite what the word "likely" usually insinuates. According to the FBI, this means there's an 80-95% chance it believes its own spin.

Here's the opening sentence:

The FBI assesses it is very likely Black Identity Extremist (BIE) perceptions of police brutality against African Americans spurred an increase in premeditated, retaliatory lethal violence against law enforcement and will very likely serve as justification for such violence.

And here's what the term "very likely" means when the FBI uses it:

Beyond that, the FBI says this:

The FBI has high confidence in these assessments…

And here's how the FBI defines "high confidence."

High confidence generally indicates the FBI’s judgments are based on high quality information from multiple sources. High confidence in a judgment does not imply the assessment is a fact or a certainty; such judgments might be wrong. While additional reporting and information sources may change analytical judgments, such changes are most likely to be refinements and not substantial in nature.

What's in this open-and-shut report? What key elements lead the FBI to believe "BIEs" will be killing cops in the future? Well, it appears to be nothing more than a recounting of recent cop killings, coupled with anecdotal evidence, like the expression of anti-white sentiment in social media posts. Beyond that, there's little connecting those who have killed cops with the ethereal FBI BIE ideal. There's certainly no organization behind the killings -- only a few common factors. And those factors -- if the FBI is allowed to continue to treat "BIE" as a threat to police officers -- will do little to discourage violence against police officers.

What it will do is allow law enforcement to engage in racial profiling and to overreact to social media rants by angry black men. And it will allow the FBI to turn into the same FBI that targeted Martin Luther King Jr. and other civil rights activists during the 1960s. In fact, it almost acknowledges as much in the report.

BIEs have historically justified and perpetrated violence against law enforcement, which they perceived as representative of the institutionalized oppression of African Americans, but had not targeted law enforcement with premeditated violence for the nearly two decades leading up to the lethal incidents observed beginning in 2014. BIE violence peaked in the 1960s and 1970s in response to changing socioeconomic attitudes and treatment of blacks during the Civil Rights Movement.

The composers of this report may have a lot of confidence in their assumptions, but no one else seems to.

Daryl Johnson, a former Department of Homeland Security intelligence agent, when asked by Foreign Policy in October why the F.B.I. would create the term “B.I.E.,” said, “I have no idea” and “I’m at a loss.” Michael German, a former F.B.I. agent and fellow with the Brennan Center for Justice’s liberty and national security program, said the “Black Identity Extremists” label simply represents an F.B.I. effort to define a movement where none exists. “Basically, it’s black people who scare them,” he said.

“Could you name an African-American organization that has committed violence against police officers?” Representative Karen Bass asked Attorney General Jeff Sessions at Tuesday’s hearing. “Can you name one today that has targeted police officers in a violent manner?” It’s no surprise that he could not. Mr. Sessions, who confessed that he had not read the report, said he would need to “confirm” and would reply in writing at a later time. The F.B.I. itself admits in the report, that, even by its own definition, “B.I.E. violence has been rare over the past 20 years.”

If the report is acted on, it will be the 1960s all over again.

Although it’s unclear what actions the F.B.I. will take as a result of the report, the conclusions pave the way for it to gather data on, monitor and deploy informants to keep tabs on individuals and groups it believes to be B.I.E.s. This could chill and criminalize a wide array of nonviolent activism in ways that have terrifying echoes its infamous Cointelpro program, which investigated and intimidated black civil rights groups and leaders, including Marcus Garvey and the Rev. Dr. Martin Luther King Jr. Under this program, F.B.I. agents concocted a false internal narrative connecting Dr. King to foreign enemies, allowing agents to justify threatening to publicize his private life and encouraging him to commit suicide. This is a reminder that while the “Black Identity Extremist” designation is new, the strategy of using a vague definition to justify broad law enforcement action is not.

This is what the report looks like from the outside. It's unclear if those inside the agency feel the same way. The leaked report confirms many people's suspicions about law enforcement agencies: they view minorities as threats and will concoct narratives to support these views. There's no evidence any sort of BIE organization exists, much less the existence of a concerted effort to inflict violence on police officers. But this report is a gift to every police officer and FBI agent who really wants to believe African Americans are out to get them. Given the administration's unqualified support for law enforcement, coupled with the Commander in Chief's off-the-cuff encouragement of violence, this report is basically an invitation to start policing like it's 1960, rather than 2017.

Permalink | Comments | Email This Story

In the wake of the Trump administration's decision to gut modest FCC consumer privacy protections and net neutrality rules, telecom lobbyists are working overtime trying to stop states from filling the void. In the wake of the FCC's wholesale dismantling of consumer protections, states like California have tried to pass their own laws protecting your broadband privacy rights online, only to find the efforts scuttled by AT&T, Verizon and Comcast lobbyists, who've been more than happy to spread all manner of disinformation as to what the rules did or didn't do.

Worried that states might actually stand up for consumers in the wake of the looming attack on net neutrality, both Verizon and Comcast have been lobbying the FCC to ban states from protecting your privacy and net neutrality. The two companies were also joined this week by the wireless industry's biggest lobbying and policy organization, the CTIA. In an ex parte filing (pdf) with the FCC, wireless carriers whine about how unfair it is that states attempted to protect user privacy after the federal government made it clear it had no such interest:

"Earlier this year, legislators in various states attempted to countermand Congressional action on broadband privacy regulations. When states and localities are provided a wide berth to test the boundaries of what is or is not consistent with Congressional objectives, the Commission and the courts are forced to evaluate regulations case-by-case, with broadband providers subject to a patchwork of mandates at issue during the review."

Like Comcast and Verizon, the wireless industry would have you forget that states wouldn't be running to create discordant privacy protections if these same lobbyists hadn't just successfully killed modest federal rules. This is a problem caused entirely by lobbyists for some of the least competitive companies in America. Said lobbyists would also have you ignore the fact that when California presented a fairly modest EFF approved replacement that could be used as a template for other states -- they made up a whole bunch of bullshit to scuttle the effort.

Most importantly these folks would have you ignore that they're perfectly fine with states writing shitty, protectionist regulations designed solely to protect uncompetitive duopolists, but state legislation that actually attempts to protect consumers is just a bridge too far. When critics suggest that maybe giant ISPs shouldn't get to write awful state laws, said ISPs will often lament an "attack on states rights." But here you'll notice the hypocrisy in having no problem dictating what local states can and can't do.

Further in, the wireless industry makes it clear it's worried that states will also try to protect net neutrality after lobbyists and the FCC vote to gut net neutrality rules on December 15:

"The Commission therefore should preempt any state or local broadband-specific regulation, irrespective of whether the state or locality claims that its regulation promotes or supplements federal goals. Thus, for example, state “network neutrality” regulations addressing the treatment of traffic on the network would be preempted, as would state broadband-specific privacy requirements."

The end goal is virtually no oversight for an industry that has proven repeatedly that it's incapable of regulating itself within the boundaries of good taste. From AT&T charging broadband users hundreds of dollars annually just to opt out of snoopvertising, to Verizon covertly modifying user packets to track users around the internet, these companies have repeatedly shown that there's no end to the privacy-eroding concepts they'd love to implement. Without any meaningful guard rails on the state or federal level, and only modest market pressure to behave due to limited competition, you can expect this kind of behavior to get immeasurably worse.

Permalink | Comments | Email This Story

Because a new and improved SpotMini human-hunting quadruped robot wasn't enough for us to not be thankful for this holiday season, here's a just-released video from Boston Dynamics of the latest version of their ATLAS humanoid robot doing a little light parkour, then finishing with a backflip. Admittedly, impressive. Just the technology though, the only backflip I'd like to see that robot do is into the deep end of an empty swimming pool. "Or a volcano." Yes! "Or into a vat of acid." Yeah! "Or right onto your naked lap." Yes! Wait what? Keep going for the video. Thanks to Lana, MikeL, Cj, hairless and Closet Nerd, who all agree we can't have more than a year or two before the apocalypse.

By now it's become something of a pattern over the past few months, after many of the recent accusations come out about sexual harassment, abuse (or worse), lawyers representing the powerful men accused of such horrible acts threaten or promise to sue, often on incredibly flimsy reasons. In most cases, no such lawsuits will ever be filed. This is, in part, because the accusers know they have no case and in part because they know that if the case gets that far, going through discovery is likely to backfire big time. But, of course, for decades people have (often falsely) believed that in place of a real basis for making a legal threat, pure bluster will suffice.

The bluster in these letters is often impressive, but we have a new entrant that I think may quickly shoot to the top of the list. Roy Moore, of course, was the former Chief Justice of the Alabama Supreme Court, which would lead you to believe he knows a lot of good lawyers. And, yet, somehow, he ended up with Trenton Garmon. Garmon made some news earlier this week when he went on CNN with Don Lemon and called him "Don Lemon Squeezy Keep It Easy" But then he followed it up by sending one of the most profoundly ridiculous threat letters we've ever seen to the Alabama Media Group, the publisher of al.com, which has been reporting on Moore. You can click the link, or see it embedded below. It's fairly astounding. Beyond the poor grammar and the typos, it makes no sense.

It starts out by basically arguing that AL.com's reporting was "careless" (a bit ironic, given the mistakes in the letter) but (as is typical of threat letters of this nature) without giving many specifics. It does claim that the reporting on Moore signing a high school yearbook was untrue, but does so in a weird way:

Your client as an outlet is carelessly and perhaps maliciously reporting that my client, Judge Roy S. Moore, noted and signed a Yearbook of an accuser as a "DA" and in a manner which experts, to include our own, have confirmed is not consistent with his handwriting (To wit: structure, strokes, slant, base alignment, etc.) and does not comport to his typical vernacular.

And then it makes bizarre and nonsensical arguments about spoliation, which isn't exactly relevant here:

Please also note that per Alabama law there is a Third Party Tort for Spoliation. Thus, even if your client is not a held to have defamed or otherwise worked civil damages upon our clients, your client may remain responsible in a Court of law for damages caused by failure to preserve evidence. This is often times referred to as "Adversse Interference."

"Worked civil damages upon our clients?" Huh?

And then the letter gets into defamation, first defining defamation (poorly) and then accuses the site of having "inteionally refused to advance the truth regarding our clients." As to what, specifically, was defamatory... well, Garmon mentions that a report claimed five women have accused Moore, while Garmon says it was just two. No really. And who starts a paragraph (let alone a sentence) with the word "meaning"?

Meaning your client has used terms in reports maliciously or carelessly which has falsely portrayed our clients. Specifically your client's reports have indicated there are five [5] women accusing Chief Justice Roy Moore of sexual misconduct when in fact only two [2] women have made accusations of sexual misconduct. And both of these women have made false statements which your client has yet to publish. The other ladies which were rounded up in the witch hunt merely allege they perceived him to have made advances, but do not accuse him of any sexual misconduct.

When your claim of defamation is based on the fact that some of the women only accused your client of being a creep, rather than a full-on abuser, you're not in a very strong legal position. Also, is Garmon really suggesting that Al.com can be accused of defamation for not printing false statements? Huh?

Legal Twitter has been having a blast in response to this, though my favorite has been the pseudonymous legal blogger Tweeter @nycsouthpaw, who marked up the letter:

Popehat won't even touch it:

Some on Twitter pointed out that Garmon had his law license suspended in the past.

Incredibly, Judge Roy Moore voted to uphold Garmon's disbarment, and then just a few years later decided to bring him on as his lawyer?

Since the letter came out, Garmon has also appeared on MSNBC where he started making completely nonsensical comments about one of the hosts he was talking to, Ali Velshi, implying that because Velshi was born in Kenya (though raised in Canada) he understood why dating teenagers may be considered appropriate in some cultures. Beyond making no sense at all in trying to somehow pull Velshi into this, the comment, at the very least, appears to imply that Judge Moore did the very things the other letter sort of claims may be false, and... that it might be okay because some other cultures think something else entirely is okay. Or something. None of it makes sense at all.

“Culturally speaking there’s differences. I looked up Ali’s background, and wow, that’s awesome that you have got such a diverse background, it’s really cool to read through that," attorney Trenton Garmon said when asked why Moore would need permission from girls' mothers to date them.

“What does Ali Velshi’s background have to do with dating children, 14-year-old girls?” co-host Stephanie Ruhle interjected.

Velshi was born in Kenya, raised in Canada and graduated from Queen’s University in Ontario.

“In other countries, there’s arrangement through parents for what we would refer to as consensual marriage,” Garmon said.

“Ali’s from Canada,” Ruhle said.

“Ali’s also spent time in other countries,” Garmon said. “So it’s not a bad thing.”

“I don’t know where you’re going with this, Trenton,” Velshi said.

I'm guessing that Alabama Media Group is not exactly worried. Indeed, it has responded succinctly:

Michelle Holmes, Vice President of Content for Alabama Media Group, responded Wednesday to the letter. "Roy Moore seeks election to the United States Senate. As such a public figure, he merits and can expect intense scrutiny by the electorate and the media on its behalf, including by Alabama Media Group, the state's largest media outlet."

"We stand behind our past reporting on Roy Moore, and vow to continue to doggedly pursue the truth on behalf of the people of Alabama. These threats will not silence us, and they will not slow us."

Of course, as some have pointed out, it's possible that Moore could file a lawsuit, just so he can claim that the articles about his actions are false... but then drop the case soon after the election next month (win or lose). That seems like a risky move and could backfire in all sorts of ways, but I don't think anyone's going to be arguing that Moore or Garmon are paragons of good decision making right now. Either way, this quickly runs up the rankings of the dumbest blustery legal threat letters we've seen -- and we've seen a lot.

Permalink | Comments | Email This Story

Security researchers from Rhino Security Labs have shown that it is trivial to disable the Amazon Cloud Cam that is a crucial component of the Amazon Key product -- a connected home door-lock that allows delivery personnel to open your locked front door and leave your purchases inside -- and have demonstrated attacks that would allow thieves to exploit this weakness to rob your home. (more…)

Gary Cohn is Donald Trump's top economic advisor; while on stage this week at the Wall Street Journal's CEO Council meeting, he called for a show of hands from CEOs who were planning to invest more if their tax bills were slashed in the new GOP tax plan. (more…)